From c9400ba8582bee5cde220a02a51aa64b5a97226a Mon Sep 17 00:00:00 2001 From: Alex Alzate Date: Thu, 2 Feb 2023 11:18:06 -0500 Subject: [PATCH 01/40] initial Changes to support 1.5 --- .../org/cyclonedx/BomGeneratorFactory.java | 10 +- .../java/org/cyclonedx/CycloneDxSchema.java | 376 ++- .../generators/json/BomJsonGenerator15.java | 95 + .../xml/AbstractBomXmlGenerator.java | 15 +- .../generators/xml/BomXmlGenerator15.java | 73 + .../cyclonedx/util/DependencySerializer.java | 3 +- src/main/resources/bom-1.5.proto | 715 +++++ src/main/resources/bom-1.5.schema.json | 1963 ++++++++++++ src/main/resources/bom-1.5.xsd | 2805 +++++++++++++++++ .../org/cyclonedx/BomJsonGeneratorTest.java | 14 + .../org/cyclonedx/BomXmlGeneratorTest.java | 13 + .../org/cyclonedx/Issue214RegressionTest.java | 26 +- .../org/cyclonedx/parse/BaseParseTest.java | 15 +- .../org/cyclonedx/parsers/JsonParserTest.java | 21 + .../org/cyclonedx/parsers/XmlParserTest.java | 21 + .../schema/BaseSchemaVerificationTest.java | 12 +- .../schema/JsonSchemaVerificationTest.java | 12 +- .../schema/XmlSchemaVerificationTest.java | 18 +- .../resources/1.5/invalid-bomformat-1.5.json | 8 + .../1.5/invalid-component-ref-1.5.json | 20 + .../1.5/invalid-component-ref-1.5.xml | 15 + .../1.5/invalid-component-swid-1.5.json | 18 + .../1.5/invalid-component-swid-1.5.xml | 11 + .../1.5/invalid-component-type-1.5.json | 13 + .../1.5/invalid-component-type-1.5.xml | 9 + .../resources/1.5/invalid-dependency-1.5.json | 37 + .../resources/1.5/invalid-dependency-1.5.xml | 23 + .../1.5/invalid-empty-component-1.5.json | 11 + .../1.5/invalid-empty-component-1.5.xml | 7 + .../resources/1.5/invalid-hash-alg-1.5.json | 32 + .../resources/1.5/invalid-hash-alg-1.5.xml | 16 + .../resources/1.5/invalid-hash-md5-1.5.json | 32 + .../resources/1.5/invalid-hash-md5-1.5.xml | 16 + .../resources/1.5/invalid-hash-sha1-1.5.json | 32 + .../resources/1.5/invalid-hash-sha1-1.5.xml | 16 + .../1.5/invalid-hash-sha256-1.5.json | 32 + .../resources/1.5/invalid-hash-sha256-1.5.xml | 16 + .../1.5/invalid-hash-sha512-1.5.json | 32 + .../resources/1.5/invalid-hash-sha512-1.5.xml | 16 + .../resources/1.5/invalid-issue-type-1.5.json | 48 + .../resources/1.5/invalid-issue-type-1.5.xml | 37 + .../1.5/invalid-license-choice-1.5.json | 23 + .../1.5/invalid-license-choice-1.5.xml | 26 + .../1.5/invalid-license-encoding-1.5.json | 28 + .../1.5/invalid-license-encoding-1.5.xml | 27 + .../resources/1.5/invalid-license-id-1.5.json | 22 + .../resources/1.5/invalid-license-id-1.5.xml | 27 + .../1.5/invalid-license-id-count-1.5.xml | 27 + .../1.5/invalid-license-name-count-1.5.xml | 27 + .../1.5/invalid-metadata-license-1.5.json | 16 + .../1.5/invalid-metadata-license-1.5.xml | 11 + .../1.5/invalid-metadata-timestamp-1.5.json | 10 + .../1.5/invalid-metadata-timestamp-1.5.xml | 7 + .../invalid-missing-component-type-1.5.json | 12 + .../invalid-missing-component-type-1.5.xml | 9 + .../resources/1.5/invalid-namespace-1.5.xml | 118 + .../resources/1.5/invalid-patch-type-1.5.json | 48 + .../resources/1.5/invalid-patch-type-1.5.xml | 37 + src/test/resources/1.5/invalid-scope-1.5.json | 14 + src/test/resources/1.5/invalid-scope-1.5.xml | 10 + .../1.5/invalid-serialnumber-1.5.json | 8 + .../1.5/invalid-serialnumber-1.5.xml | 118 + .../1.5/invalid-service-data-1.5.json | 20 + .../1.5/invalid-service-data-1.5.xml | 11 + .../resources/1.5/valid-assembly-1.5.json | 30 + .../1.5/valid-assembly-1.5.textproto | 19 + src/test/resources/1.5/valid-assembly-1.5.xml | 25 + src/test/resources/1.5/valid-bom-1.5.json | 177 ++ .../resources/1.5/valid-bom-1.5.textproto | 150 + src/test/resources/1.5/valid-bom-1.5.xml | 181 ++ .../1.5/valid-component-hashes-1.5.json | 63 + .../1.5/valid-component-hashes-1.5.textproto | 56 + .../1.5/valid-component-hashes-1.5.xml | 23 + .../1.5/valid-component-ref-1.5.json | 20 + .../1.5/valid-component-ref-1.5.textproto | 15 + .../resources/1.5/valid-component-ref-1.5.xml | 19 + .../1.5/valid-component-swid-1.5.json | 19 + .../1.5/valid-component-swid-1.5.textproto | 14 + .../1.5/valid-component-swid-1.5.xml | 11 + .../1.5/valid-component-swid-full-1.5.json | 24 + .../valid-component-swid-full-1.5.textproto | 19 + .../1.5/valid-component-swid-full-1.5.xml | 13 + .../1.5/valid-component-types-1.5.json | 48 + .../1.5/valid-component-types-1.5.textproto | 43 + .../1.5/valid-component-types-1.5.xml | 37 + .../resources/1.5/valid-compositions-1.5.json | 64 + .../1.5/valid-compositions-1.5.textproto | 49 + .../resources/1.5/valid-compositions-1.5.xml | 51 + .../resources/1.5/valid-dependency-1.5.json | 38 + .../1.5/valid-dependency-1.5.textproto | 30 + .../resources/1.5/valid-dependency-1.5.xml | 23 + .../1.5/valid-empty-components-1.5.json | 8 + .../1.5/valid-empty-components-1.5.textproto | 3 + .../1.5/valid-empty-components-1.5.xml | 5 + .../resources/1.5/valid-evidence-1.5.json | 53 + .../1.5/valid-evidence-1.5.textproto | 42 + src/test/resources/1.5/valid-evidence-1.5.xml | 35 + .../1.5/valid-external-elements-1.5.xml | 158 + .../1.5/valid-external-reference-1.5.json | 38 + .../valid-external-reference-1.5.textproto | 29 + .../1.5/valid-external-reference-1.5.xml | 27 + .../1.5/valid-license-expression-1.5.json | 20 + .../valid-license-expression-1.5.textproto | 13 + .../1.5/valid-license-expression-1.5.xml | 23 + .../resources/1.5/valid-license-id-1.5.json | 22 + .../1.5/valid-license-id-1.5.textproto | 15 + .../resources/1.5/valid-license-id-1.5.xml | 25 + .../resources/1.5/valid-license-name-1.5.json | 22 + .../1.5/valid-license-name-1.5.textproto | 15 + .../resources/1.5/valid-license-name-1.5.xml | 25 + .../1.5/valid-metadata-author-1.5.json | 16 + .../1.5/valid-metadata-author-1.5.textproto | 10 + .../1.5/valid-metadata-author-1.5.xml | 13 + .../1.5/valid-metadata-license-1.5.json | 16 + .../1.5/valid-metadata-license-1.5.textproto | 10 + .../1.5/valid-metadata-license-1.5.xml | 11 + .../1.5/valid-metadata-manufacture-1.5.json | 21 + .../valid-metadata-manufacture-1.5.textproto | 13 + .../1.5/valid-metadata-manufacture-1.5.xml | 14 + .../1.5/valid-metadata-supplier-1.5.json | 21 + .../1.5/valid-metadata-supplier-1.5.textproto | 13 + .../1.5/valid-metadata-supplier-1.5.xml | 14 + .../1.5/valid-metadata-timestamp-1.5.json | 10 + .../valid-metadata-timestamp-1.5.textproto | 9 + .../1.5/valid-metadata-timestamp-1.5.xml | 7 + .../1.5/valid-metadata-tool-1.5.json | 26 + .../1.5/valid-metadata-tool-1.5.textproto | 18 + .../resources/1.5/valid-metadata-tool-1.5.xml | 17 + .../1.5/valid-minimal-viable-1.5.json | 12 + .../1.5/valid-minimal-viable-1.5.textproto | 7 + .../1.5/valid-minimal-viable-1.5.xml | 8 + src/test/resources/1.5/valid-patch-1.5.json | 88 + .../resources/1.5/valid-patch-1.5.textproto | 71 + src/test/resources/1.5/valid-patch-1.5.xml | 70 + .../resources/1.5/valid-properties-1.5.json | 55 + .../1.5/valid-properties-1.5.textproto | 40 + .../resources/1.5/valid-properties-1.5.xml | 34 + .../1.5/valid-random-attributes-1.5.xml | 118 + .../1.5/valid-release-notes-1.5.json | 194 ++ .../1.5/valid-release-notes-1.5.textproto | 117 + .../resources/1.5/valid-release-notes-1.5.xml | 149 + src/test/resources/1.5/valid-service-1.5.json | 101 + .../resources/1.5/valid-service-1.5.textproto | 76 + src/test/resources/1.5/valid-service-1.5.xml | 66 + .../1.5/valid-service-empty-objects-1.5.json | 22 + .../valid-service-empty-objects-1.5.textproto | 9 + .../1.5/valid-service-empty-objects-1.5.xml | 16 + .../resources/1.5/valid-signatures-1.5.json | 78 + .../1.5/valid-vulnerability-1.5.json | 140 + .../1.5/valid-vulnerability-1.5.textproto | 119 + .../resources/1.5/valid-vulnerability-1.5.xml | 127 + .../resources/1.5/valid-xml-signature-1.5.xml | 177 ++ src/test/resources/bom-1.5.json | 416 +++ src/test/resources/bom-1.5.xml | 288 ++ 154 files changed, 11842 insertions(+), 214 deletions(-) create mode 100644 src/main/java/org/cyclonedx/generators/json/BomJsonGenerator15.java create mode 100644 src/main/java/org/cyclonedx/generators/xml/BomXmlGenerator15.java create mode 100644 src/main/resources/bom-1.5.proto create mode 100644 src/main/resources/bom-1.5.schema.json create mode 100644 src/main/resources/bom-1.5.xsd create mode 100644 src/test/resources/1.5/invalid-bomformat-1.5.json create mode 100644 src/test/resources/1.5/invalid-component-ref-1.5.json create mode 100644 src/test/resources/1.5/invalid-component-ref-1.5.xml create mode 100644 src/test/resources/1.5/invalid-component-swid-1.5.json create mode 100644 src/test/resources/1.5/invalid-component-swid-1.5.xml create mode 100644 src/test/resources/1.5/invalid-component-type-1.5.json create mode 100644 src/test/resources/1.5/invalid-component-type-1.5.xml create mode 100644 src/test/resources/1.5/invalid-dependency-1.5.json create mode 100644 src/test/resources/1.5/invalid-dependency-1.5.xml create mode 100644 src/test/resources/1.5/invalid-empty-component-1.5.json create mode 100644 src/test/resources/1.5/invalid-empty-component-1.5.xml create mode 100644 src/test/resources/1.5/invalid-hash-alg-1.5.json create mode 100644 src/test/resources/1.5/invalid-hash-alg-1.5.xml create mode 100644 src/test/resources/1.5/invalid-hash-md5-1.5.json create mode 100644 src/test/resources/1.5/invalid-hash-md5-1.5.xml create mode 100644 src/test/resources/1.5/invalid-hash-sha1-1.5.json create mode 100644 src/test/resources/1.5/invalid-hash-sha1-1.5.xml create mode 100644 src/test/resources/1.5/invalid-hash-sha256-1.5.json create mode 100644 src/test/resources/1.5/invalid-hash-sha256-1.5.xml create mode 100644 src/test/resources/1.5/invalid-hash-sha512-1.5.json create mode 100644 src/test/resources/1.5/invalid-hash-sha512-1.5.xml create mode 100644 src/test/resources/1.5/invalid-issue-type-1.5.json create mode 100644 src/test/resources/1.5/invalid-issue-type-1.5.xml create mode 100644 src/test/resources/1.5/invalid-license-choice-1.5.json create mode 100644 src/test/resources/1.5/invalid-license-choice-1.5.xml create mode 100644 src/test/resources/1.5/invalid-license-encoding-1.5.json create mode 100644 src/test/resources/1.5/invalid-license-encoding-1.5.xml create mode 100644 src/test/resources/1.5/invalid-license-id-1.5.json create mode 100644 src/test/resources/1.5/invalid-license-id-1.5.xml create mode 100644 src/test/resources/1.5/invalid-license-id-count-1.5.xml create mode 100644 src/test/resources/1.5/invalid-license-name-count-1.5.xml create mode 100644 src/test/resources/1.5/invalid-metadata-license-1.5.json create mode 100644 src/test/resources/1.5/invalid-metadata-license-1.5.xml create mode 100644 src/test/resources/1.5/invalid-metadata-timestamp-1.5.json create mode 100644 src/test/resources/1.5/invalid-metadata-timestamp-1.5.xml create mode 100644 src/test/resources/1.5/invalid-missing-component-type-1.5.json create mode 100644 src/test/resources/1.5/invalid-missing-component-type-1.5.xml create mode 100644 src/test/resources/1.5/invalid-namespace-1.5.xml create mode 100644 src/test/resources/1.5/invalid-patch-type-1.5.json create mode 100644 src/test/resources/1.5/invalid-patch-type-1.5.xml create mode 100644 src/test/resources/1.5/invalid-scope-1.5.json create mode 100644 src/test/resources/1.5/invalid-scope-1.5.xml create mode 100644 src/test/resources/1.5/invalid-serialnumber-1.5.json create mode 100644 src/test/resources/1.5/invalid-serialnumber-1.5.xml create mode 100644 src/test/resources/1.5/invalid-service-data-1.5.json create mode 100644 src/test/resources/1.5/invalid-service-data-1.5.xml create mode 100644 src/test/resources/1.5/valid-assembly-1.5.json create mode 100644 src/test/resources/1.5/valid-assembly-1.5.textproto create mode 100644 src/test/resources/1.5/valid-assembly-1.5.xml create mode 100644 src/test/resources/1.5/valid-bom-1.5.json create mode 100644 src/test/resources/1.5/valid-bom-1.5.textproto create mode 100644 src/test/resources/1.5/valid-bom-1.5.xml create mode 100644 src/test/resources/1.5/valid-component-hashes-1.5.json create mode 100644 src/test/resources/1.5/valid-component-hashes-1.5.textproto create mode 100644 src/test/resources/1.5/valid-component-hashes-1.5.xml create mode 100644 src/test/resources/1.5/valid-component-ref-1.5.json create mode 100644 src/test/resources/1.5/valid-component-ref-1.5.textproto create mode 100644 src/test/resources/1.5/valid-component-ref-1.5.xml create mode 100644 src/test/resources/1.5/valid-component-swid-1.5.json create mode 100644 src/test/resources/1.5/valid-component-swid-1.5.textproto create mode 100644 src/test/resources/1.5/valid-component-swid-1.5.xml create mode 100644 src/test/resources/1.5/valid-component-swid-full-1.5.json create mode 100644 src/test/resources/1.5/valid-component-swid-full-1.5.textproto create mode 100644 src/test/resources/1.5/valid-component-swid-full-1.5.xml create mode 100644 src/test/resources/1.5/valid-component-types-1.5.json create mode 100644 src/test/resources/1.5/valid-component-types-1.5.textproto create mode 100644 src/test/resources/1.5/valid-component-types-1.5.xml create mode 100644 src/test/resources/1.5/valid-compositions-1.5.json create mode 100644 src/test/resources/1.5/valid-compositions-1.5.textproto create mode 100644 src/test/resources/1.5/valid-compositions-1.5.xml create mode 100644 src/test/resources/1.5/valid-dependency-1.5.json create mode 100644 src/test/resources/1.5/valid-dependency-1.5.textproto create mode 100644 src/test/resources/1.5/valid-dependency-1.5.xml create mode 100644 src/test/resources/1.5/valid-empty-components-1.5.json create mode 100644 src/test/resources/1.5/valid-empty-components-1.5.textproto create mode 100644 src/test/resources/1.5/valid-empty-components-1.5.xml create mode 100644 src/test/resources/1.5/valid-evidence-1.5.json create mode 100644 src/test/resources/1.5/valid-evidence-1.5.textproto create mode 100644 src/test/resources/1.5/valid-evidence-1.5.xml create mode 100644 src/test/resources/1.5/valid-external-elements-1.5.xml create mode 100644 src/test/resources/1.5/valid-external-reference-1.5.json create mode 100644 src/test/resources/1.5/valid-external-reference-1.5.textproto create mode 100644 src/test/resources/1.5/valid-external-reference-1.5.xml create mode 100644 src/test/resources/1.5/valid-license-expression-1.5.json create mode 100644 src/test/resources/1.5/valid-license-expression-1.5.textproto create mode 100644 src/test/resources/1.5/valid-license-expression-1.5.xml create mode 100644 src/test/resources/1.5/valid-license-id-1.5.json create mode 100644 src/test/resources/1.5/valid-license-id-1.5.textproto create mode 100644 src/test/resources/1.5/valid-license-id-1.5.xml create mode 100644 src/test/resources/1.5/valid-license-name-1.5.json create mode 100644 src/test/resources/1.5/valid-license-name-1.5.textproto create mode 100644 src/test/resources/1.5/valid-license-name-1.5.xml create mode 100644 src/test/resources/1.5/valid-metadata-author-1.5.json create mode 100644 src/test/resources/1.5/valid-metadata-author-1.5.textproto create mode 100644 src/test/resources/1.5/valid-metadata-author-1.5.xml create mode 100644 src/test/resources/1.5/valid-metadata-license-1.5.json create mode 100644 src/test/resources/1.5/valid-metadata-license-1.5.textproto create mode 100644 src/test/resources/1.5/valid-metadata-license-1.5.xml create mode 100644 src/test/resources/1.5/valid-metadata-manufacture-1.5.json create mode 100644 src/test/resources/1.5/valid-metadata-manufacture-1.5.textproto create mode 100644 src/test/resources/1.5/valid-metadata-manufacture-1.5.xml create mode 100644 src/test/resources/1.5/valid-metadata-supplier-1.5.json create mode 100644 src/test/resources/1.5/valid-metadata-supplier-1.5.textproto create mode 100644 src/test/resources/1.5/valid-metadata-supplier-1.5.xml create mode 100644 src/test/resources/1.5/valid-metadata-timestamp-1.5.json create mode 100644 src/test/resources/1.5/valid-metadata-timestamp-1.5.textproto create mode 100644 src/test/resources/1.5/valid-metadata-timestamp-1.5.xml create mode 100644 src/test/resources/1.5/valid-metadata-tool-1.5.json create mode 100644 src/test/resources/1.5/valid-metadata-tool-1.5.textproto create mode 100644 src/test/resources/1.5/valid-metadata-tool-1.5.xml create mode 100644 src/test/resources/1.5/valid-minimal-viable-1.5.json create mode 100644 src/test/resources/1.5/valid-minimal-viable-1.5.textproto create mode 100644 src/test/resources/1.5/valid-minimal-viable-1.5.xml create mode 100644 src/test/resources/1.5/valid-patch-1.5.json create mode 100644 src/test/resources/1.5/valid-patch-1.5.textproto create mode 100644 src/test/resources/1.5/valid-patch-1.5.xml create mode 100644 src/test/resources/1.5/valid-properties-1.5.json create mode 100644 src/test/resources/1.5/valid-properties-1.5.textproto create mode 100644 src/test/resources/1.5/valid-properties-1.5.xml create mode 100644 src/test/resources/1.5/valid-random-attributes-1.5.xml create mode 100644 src/test/resources/1.5/valid-release-notes-1.5.json create mode 100644 src/test/resources/1.5/valid-release-notes-1.5.textproto create mode 100644 src/test/resources/1.5/valid-release-notes-1.5.xml create mode 100644 src/test/resources/1.5/valid-service-1.5.json create mode 100644 src/test/resources/1.5/valid-service-1.5.textproto create mode 100644 src/test/resources/1.5/valid-service-1.5.xml create mode 100644 src/test/resources/1.5/valid-service-empty-objects-1.5.json create mode 100644 src/test/resources/1.5/valid-service-empty-objects-1.5.textproto create mode 100644 src/test/resources/1.5/valid-service-empty-objects-1.5.xml create mode 100644 src/test/resources/1.5/valid-signatures-1.5.json create mode 100644 src/test/resources/1.5/valid-vulnerability-1.5.json create mode 100644 src/test/resources/1.5/valid-vulnerability-1.5.textproto create mode 100644 src/test/resources/1.5/valid-vulnerability-1.5.xml create mode 100644 src/test/resources/1.5/valid-xml-signature-1.5.xml create mode 100644 src/test/resources/bom-1.5.json create mode 100644 src/test/resources/bom-1.5.xml diff --git a/src/main/java/org/cyclonedx/BomGeneratorFactory.java b/src/main/java/org/cyclonedx/BomGeneratorFactory.java index 84b71bf1c..1af0959b8 100644 --- a/src/main/java/org/cyclonedx/BomGeneratorFactory.java +++ b/src/main/java/org/cyclonedx/BomGeneratorFactory.java @@ -21,12 +21,14 @@ import org.cyclonedx.generators.json.BomJsonGenerator12; import org.cyclonedx.generators.json.BomJsonGenerator13; import org.cyclonedx.generators.json.BomJsonGenerator14; +import org.cyclonedx.generators.json.BomJsonGenerator15; import org.cyclonedx.generators.xml.BomXmlGenerator; import org.cyclonedx.generators.xml.BomXmlGenerator10; import org.cyclonedx.generators.xml.BomXmlGenerator11; import org.cyclonedx.generators.xml.BomXmlGenerator12; import org.cyclonedx.generators.xml.BomXmlGenerator13; import org.cyclonedx.generators.xml.BomXmlGenerator14; +import org.cyclonedx.generators.xml.BomXmlGenerator15; import org.cyclonedx.model.Bom; import org.cyclonedx.generators.json.BomJsonGenerator; @@ -50,8 +52,10 @@ public static BomXmlGenerator createXml(CycloneDxSchema.Version version, Bom bom return new BomXmlGenerator12(bom); case VERSION_13: return new BomXmlGenerator13(bom); - default: + case VERSION_14: return new BomXmlGenerator14(bom); + default: + return new BomXmlGenerator15(bom); } } @@ -61,8 +65,10 @@ public static BomJsonGenerator createJson(final CycloneDxSchema.Version version, return new BomJsonGenerator12(bom); case VERSION_13: return new BomJsonGenerator13(bom); - default: + case VERSION_14: return new BomJsonGenerator14(bom); + default: + return new BomJsonGenerator15(bom); } } } diff --git a/src/main/java/org/cyclonedx/CycloneDxSchema.java b/src/main/java/org/cyclonedx/CycloneDxSchema.java index cf0aa69cf..afe33c131 100644 --- a/src/main/java/org/cyclonedx/CycloneDxSchema.java +++ b/src/main/java/org/cyclonedx/CycloneDxSchema.java @@ -27,6 +27,7 @@ import org.cyclonedx.generators.json.BomJsonGenerator; import org.cyclonedx.generators.xml.BomXmlGenerator; import org.xml.sax.SAXException; + import javax.xml.XMLConstants; import javax.xml.transform.Source; import javax.xml.transform.stream.StreamSource; @@ -34,182 +35,245 @@ import javax.xml.validation.SchemaFactory; import java.io.IOException; import java.io.InputStream; +import java.util.Arrays; import java.util.HashMap; +import java.util.List; import java.util.Map; /** - * CycloneDxSchema is a base class that provides schema information to - * {@link BomXmlGenerator}, {@link BomJsonGenerator}, and {@link org.cyclonedx.parsers.Parser}. - * The class can be extended for other implementations as well. + * CycloneDxSchema is a base class that provides schema information to {@link BomXmlGenerator}, + * {@link BomJsonGenerator}, and {@link org.cyclonedx.parsers.Parser}. The class can be extended for other + * implementations as well. + * * @since 1.1.0 */ -public abstract class CycloneDxSchema { - - public static final String NS_BOM_10 = "http://cyclonedx.org/schema/bom/1.0"; - public static final String NS_BOM_11 = "http://cyclonedx.org/schema/bom/1.1"; - public static final String NS_BOM_12 = "http://cyclonedx.org/schema/bom/1.2"; - public static final String NS_BOM_13 = "http://cyclonedx.org/schema/bom/1.3"; - public static final String NS_BOM_14 = "http://cyclonedx.org/schema/bom/1.4"; - public static final String NS_DEPENDENCY_GRAPH_10 = "http://cyclonedx.org/schema/ext/dependency-graph/1.0"; - public static final String NS_BOM_LATEST = NS_BOM_14; - public static final Version VERSION_LATEST = Version.VERSION_14; - - public enum Version { - VERSION_10(CycloneDxSchema.NS_BOM_10, "1.0", 1.0), - VERSION_11(CycloneDxSchema.NS_BOM_11, "1.1", 1.1), - VERSION_12(CycloneDxSchema.NS_BOM_12, "1.2", 1.2), - VERSION_13(CycloneDxSchema.NS_BOM_13, "1.3", 1.3), - VERSION_14(CycloneDxSchema.NS_BOM_14, "1.4", 1.4); - private final String namespace; - private final String versionString; - private final double version; - public String getNamespace() { - return this.namespace; - } - public String getVersionString() { - return versionString; - } - public double getVersion() { - return version; - } - Version(String namespace, String versionString, double version) { - this.namespace = namespace; - this.versionString = versionString; - this.version = version; - } - } +public abstract class CycloneDxSchema +{ + public static final String NS_BOM_10 = "http://cyclonedx.org/schema/bom/1.0"; - /** - * Returns the CycloneDX JsonSchema for the specified schema version. - * @param schemaVersion The version to return the schema for - * @param mapper is to provide a Jackson ObjectMapper - * @return a Schema - * @throws IOException when errors are encountered - * @since 6.0.0 - */ - public JsonSchema getJsonSchema(CycloneDxSchema.Version schemaVersion, final ObjectMapper mapper) - throws IOException - { - final InputStream spdxInstream = getJsonSchemaAsStream(schemaVersion); - final SchemaValidatorsConfig config = new SchemaValidatorsConfig(); - final Map offlineMappings = new HashMap<>(); - offlineMappings.put("http://cyclonedx.org/schema/spdx.schema.json", getClass().getClassLoader().getResource("spdx.schema.json").toExternalForm()); - offlineMappings.put("http://cyclonedx.org/schema/bom-1.2.schema.json", getClass().getClassLoader().getResource("bom-1.2-strict.schema.json").toExternalForm()); - offlineMappings.put("http://cyclonedx.org/schema/bom-1.3.schema.json", getClass().getClassLoader().getResource("bom-1.3-strict.schema.json").toExternalForm()); - offlineMappings.put("http://cyclonedx.org/schema/bom-1.4.schema.json", getClass().getClassLoader().getResource("bom-1.4.schema.json").toExternalForm()); - config.setUriMappings(offlineMappings); - JsonNode schemaNode = mapper.readTree(spdxInstream); - JsonSchemaFactory factory = JsonSchemaFactory.getInstance(SpecVersionDetector.detect(schemaNode)); - return factory.getSchema(schemaNode, config); - } + public static final String NS_BOM_11 = "http://cyclonedx.org/schema/bom/1.1"; - private InputStream getJsonSchemaAsStream(final CycloneDxSchema.Version schemaVersion) { - if (CycloneDxSchema.Version.VERSION_12 == schemaVersion) { - return this.getClass().getClassLoader().getResourceAsStream("bom-1.2-strict.schema.json"); - } else if (CycloneDxSchema.Version.VERSION_13 == schemaVersion) { - return this.getClass().getClassLoader().getResourceAsStream("bom-1.3-strict.schema.json"); - } else { - return this.getClass().getClassLoader().getResourceAsStream("bom-1.4.schema.json"); - } - } + public static final String NS_BOM_12 = "http://cyclonedx.org/schema/bom/1.2"; + + public static final String NS_BOM_13 = "http://cyclonedx.org/schema/bom/1.3"; + + public static final String NS_BOM_14 = "http://cyclonedx.org/schema/bom/1.4"; + + public static final String NS_BOM_15 = "http://cyclonedx.org/schema/bom/1.5"; + + public static final String NS_DEPENDENCY_GRAPH_10 = "http://cyclonedx.org/schema/ext/dependency-graph/1.0"; + + public static final String NS_BOM_LATEST = NS_BOM_15; + + public static final Version VERSION_LATEST = Version.VERSION_15; + + public static final List ALL_VERSIONS = Arrays.asList(Version.values()); + + public enum Version + { + VERSION_10(CycloneDxSchema.NS_BOM_10, "1.0", 1.0), + VERSION_11(CycloneDxSchema.NS_BOM_11, "1.1", 1.1), + VERSION_12(CycloneDxSchema.NS_BOM_12, "1.2", 1.2), + VERSION_13(CycloneDxSchema.NS_BOM_13, "1.3", 1.3), + VERSION_14(CycloneDxSchema.NS_BOM_14, "1.4", 1.4), + VERSION_15(CycloneDxSchema.NS_BOM_15, "1.5", 1.5); + + private final String namespace; + + private final String versionString; + + private final double version; - /** - * Returns the CycloneDX XML Schema for the specified schema version. - * @param schemaVersion The version to return the schema for - * @return a Schema - * @throws SAXException a SAXException - * @since 2.0.0 - */ - public Schema getXmlSchema(CycloneDxSchema.Version schemaVersion) throws SAXException { - if (CycloneDxSchema.Version.VERSION_10 == schemaVersion) { - return getXmlSchema10(); - } else if (CycloneDxSchema.Version.VERSION_11 == schemaVersion) { - return getXmlSchema11(); - } else if (CycloneDxSchema.Version.VERSION_12 == schemaVersion) { - return getXmlSchema12(); - } else if (CycloneDxSchema.Version.VERSION_13 == schemaVersion) { - return getXmlSchema13(); - } else { - return getXmlSchema14(); - } + public String getNamespace() { + return this.namespace; } - /** - * Returns the CycloneDX XML Schema from the specifications XSD. - * @return a Schema - * @throws SAXException a SAXException - * @since 1.1.0 - */ - private Schema getXmlSchema10() throws SAXException { - // Use local copies of schemas rather than resolving from the net. It's faster, and less prone to errors. - return getXmlSchema( - this.getClass().getClassLoader().getResourceAsStream("spdx.xsd"), - this.getClass().getClassLoader().getResourceAsStream("bom-1.0.xsd") - ); + public String getVersionString() { + return versionString; } - /** - * Returns the CycloneDX XML Schema from the specifications XSD. - * @return a Schema - * @throws SAXException a SAXException - * @since 2.0.0 - */ - private Schema getXmlSchema11() throws SAXException { - // Use local copies of schemas rather than resolving from the net. It's faster, and less prone to errors. - return getXmlSchema( - this.getClass().getClassLoader().getResourceAsStream("spdx.xsd"), - this.getClass().getClassLoader().getResourceAsStream("bom-1.1.xsd") - ); + public double getVersion() { + return version; } - /** - * Returns the CycloneDX XML Schema from the specifications XSD. - * @return a Schema - * @throws SAXException a SAXException - * @since 2.8.0 - */ - private Schema getXmlSchema12() throws SAXException { - // Use local copies of schemas rather than resolving from the net. It's faster, and less prone to errors. - return getXmlSchema( - this.getClass().getClassLoader().getResourceAsStream("spdx.xsd"), - this.getClass().getClassLoader().getResourceAsStream("bom-1.2.xsd") - ); + Version(String namespace, String versionString, double version) { + this.namespace = namespace; + this.versionString = versionString; + this.version = version; } + } - /** - * Returns the CycloneDX XML Schema from the specifications XSD. - * @return a Schema - * @throws SAXException a SAXException - * @since 5.0.0 - */ - private Schema getXmlSchema13() throws SAXException { - // Use local copies of schemas rather than resolving from the net. It's faster, and less prone to errors. - return getXmlSchema( - this.getClass().getClassLoader().getResourceAsStream("spdx.xsd"), - this.getClass().getClassLoader().getResourceAsStream("bom-1.3.xsd") - ); + /** + * Returns the CycloneDX JsonSchema for the specified schema version. + * + * @param schemaVersion The version to return the schema for + * @param mapper is to provide a Jackson ObjectMapper + * @return a Schema + * @throws IOException when errors are encountered + * @since 6.0.0 + */ + public JsonSchema getJsonSchema(CycloneDxSchema.Version schemaVersion, final ObjectMapper mapper) + throws IOException + { + final InputStream spdxInstream = getJsonSchemaAsStream(schemaVersion); + final SchemaValidatorsConfig config = new SchemaValidatorsConfig(); + final Map offlineMappings = new HashMap<>(); + offlineMappings.put("http://cyclonedx.org/schema/spdx.schema.json", + getClass().getClassLoader().getResource("spdx.schema.json").toExternalForm()); + offlineMappings.put("http://cyclonedx.org/schema/bom-1.2.schema.json", + getClass().getClassLoader().getResource("bom-1.2-strict.schema.json").toExternalForm()); + offlineMappings.put("http://cyclonedx.org/schema/bom-1.3.schema.json", + getClass().getClassLoader().getResource("bom-1.3-strict.schema.json").toExternalForm()); + offlineMappings.put("http://cyclonedx.org/schema/bom-1.4.schema.json", + getClass().getClassLoader().getResource("bom-1.4.schema.json").toExternalForm()); + offlineMappings.put("http://cyclonedx.org/schema/bom-1.5.schema.json", + getClass().getClassLoader().getResource("bom-1.5.schema.json").toExternalForm()); + config.setUriMappings(offlineMappings); + JsonNode schemaNode = mapper.readTree(spdxInstream); + JsonSchemaFactory factory = JsonSchemaFactory.getInstance(SpecVersionDetector.detect(schemaNode)); + return factory.getSchema(schemaNode, config); + } + + private InputStream getJsonSchemaAsStream(final CycloneDxSchema.Version schemaVersion) { + if (CycloneDxSchema.Version.VERSION_12 == schemaVersion) { + return this.getClass().getClassLoader().getResourceAsStream("bom-1.2-strict.schema.json"); + } + else if (CycloneDxSchema.Version.VERSION_13 == schemaVersion) { + return this.getClass().getClassLoader().getResourceAsStream("bom-1.3-strict.schema.json"); + } + else if (CycloneDxSchema.Version.VERSION_14 == schemaVersion) { + return this.getClass().getClassLoader().getResourceAsStream("bom-1.4.schema.json"); + } + else { + return this.getClass().getClassLoader().getResourceAsStream("bom-1.5.schema.json"); } + } - /** - * Returns the CycloneDX XML Schema from the specifications XSD. - * @return a Schema - * @throws SAXException a SAXException - * @since 5.1.0 - */ - private Schema getXmlSchema14() throws SAXException { - // Use local copies of schemas rather than resolving from the net. It's faster, and less prone to errors. - return getXmlSchema( - this.getClass().getClassLoader().getResourceAsStream("spdx.xsd"), - this.getClass().getClassLoader().getResourceAsStream("bom-1.4.xsd") - ); + /** + * Returns the CycloneDX XML Schema for the specified schema version. + * + * @param schemaVersion The version to return the schema for + * @return a Schema + * @throws SAXException a SAXException + * @since 2.0.0 + */ + public Schema getXmlSchema(CycloneDxSchema.Version schemaVersion) throws SAXException { + if (CycloneDxSchema.Version.VERSION_10 == schemaVersion) { + return getXmlSchema10(); + } + else if (CycloneDxSchema.Version.VERSION_11 == schemaVersion) { + return getXmlSchema11(); + } + else if (CycloneDxSchema.Version.VERSION_12 == schemaVersion) { + return getXmlSchema12(); + } + else if (CycloneDxSchema.Version.VERSION_13 == schemaVersion) { + return getXmlSchema13(); + } + else if (CycloneDxSchema.Version.VERSION_14 == schemaVersion) { + return getXmlSchema14(); } + else { + return getXmlSchema15(); + } + } + + /** + * Returns the CycloneDX XML Schema from the specifications XSD. + * + * @return a Schema + * @throws SAXException a SAXException + * @since 1.1.0 + */ + private Schema getXmlSchema10() throws SAXException { + // Use local copies of schemas rather than resolving from the net. It's faster, and less prone to errors. + return getXmlSchema( + this.getClass().getClassLoader().getResourceAsStream("spdx.xsd"), + this.getClass().getClassLoader().getResourceAsStream("bom-1.0.xsd") + ); + } + + /** + * Returns the CycloneDX XML Schema from the specifications XSD. + * + * @return a Schema + * @throws SAXException a SAXException + * @since 2.0.0 + */ + private Schema getXmlSchema11() throws SAXException { + // Use local copies of schemas rather than resolving from the net. It's faster, and less prone to errors. + return getXmlSchema( + this.getClass().getClassLoader().getResourceAsStream("spdx.xsd"), + this.getClass().getClassLoader().getResourceAsStream("bom-1.1.xsd") + ); + } + + /** + * Returns the CycloneDX XML Schema from the specifications XSD. + * + * @return a Schema + * @throws SAXException a SAXException + * @since 2.8.0 + */ + private Schema getXmlSchema12() throws SAXException { + // Use local copies of schemas rather than resolving from the net. It's faster, and less prone to errors. + return getXmlSchema( + this.getClass().getClassLoader().getResourceAsStream("spdx.xsd"), + this.getClass().getClassLoader().getResourceAsStream("bom-1.2.xsd") + ); + } + + /** + * Returns the CycloneDX XML Schema from the specifications XSD. + * + * @return a Schema + * @throws SAXException a SAXException + * @since 5.0.0 + */ + private Schema getXmlSchema13() throws SAXException { + // Use local copies of schemas rather than resolving from the net. It's faster, and less prone to errors. + return getXmlSchema( + this.getClass().getClassLoader().getResourceAsStream("spdx.xsd"), + this.getClass().getClassLoader().getResourceAsStream("bom-1.3.xsd") + ); + } + + /** + * Returns the CycloneDX XML Schema from the specifications XSD. + * + * @return a Schema + * @throws SAXException a SAXException + * @since 5.1.0 + */ + private Schema getXmlSchema14() throws SAXException { + // Use local copies of schemas rather than resolving from the net. It's faster, and less prone to errors. + return getXmlSchema( + this.getClass().getClassLoader().getResourceAsStream("spdx.xsd"), + this.getClass().getClassLoader().getResourceAsStream("bom-1.4.xsd") + ); + } + + /** + * Returns the CycloneDX XML Schema from the specifications XSD. + * + * @return a Schema + * @throws SAXException a SAXException + * @since TBD + */ + private Schema getXmlSchema15() throws SAXException { + // Use local copies of schemas rather than resolving from the net. It's faster, and less prone to errors. + return getXmlSchema( + this.getClass().getClassLoader().getResourceAsStream("spdx.xsd"), + this.getClass().getClassLoader().getResourceAsStream("bom-1.5.xsd") + ); + } - public Schema getXmlSchema(InputStream... inputStreams) throws SAXException { - final SchemaFactory schemaFactory = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI); - final Source[] schemaFiles = new Source[inputStreams.length]; - for (int i=0; i subsystem -> parts assembly in physical supply chains. + repeated Component components = 21; + // Specifies optional, custom, properties + repeated Property properties = 22; + // Specifies optional license and copyright evidence + repeated Evidence evidence = 23; + // Specifies optional release notes. + optional ReleaseNotes releaseNotes = 24; +} + +// Specifies the data classification. +message DataClassification { + // Specifies the flow direction of the data. + DataFlow flow = 1; + // SimpleContent value of element + string value = 2; +} + +// Specifies the flow direction of the data. Valid values are: inbound, outbound, bi-directional, and unknown. Direction is relative to the service. Inbound flow states that data enters the service. Outbound flow states that data leaves the service. Bi-directional states that data flows both ways, and unknown states that the direction is not known. +enum DataFlow { + DATA_FLOW_NULL = 0; + DATA_FLOW_INBOUND = 1; + DATA_FLOW_OUTBOUND = 2; + DATA_FLOW_BI_DIRECTIONAL = 3; + DATA_FLOW_UNKNOWN = 4; +} + +message Dependency { + // References a component or service by the its bom-ref attribute + string ref = 1; + repeated Dependency dependencies = 2; +} + +message Diff { + // Specifies the optional text of the diff + optional AttachedText text = 1; + // Specifies the URL to the diff + optional string url = 2; +} + +message ExternalReference { + // Specifies the type of external reference. There are built-in types to describe common references. If a type does not exist for the reference being referred to, use the "other" type. + ExternalReferenceType type = 1; + // The URL to the external reference + string url = 2; + // An optional comment describing the external reference + optional string comment = 3; + // Optional integrity hashes for the external resource content + repeated Hash hashes = 4; +} + +enum ExternalReferenceType { + // Use this if no other types accurately describe the purpose of the external reference + EXTERNAL_REFERENCE_TYPE_OTHER = 0; + // Version Control System + EXTERNAL_REFERENCE_TYPE_VCS = 1; + // Issue or defect tracking system, or an Application Lifecycle Management (ALM) system + EXTERNAL_REFERENCE_TYPE_ISSUE_TRACKER = 2; + // Website + EXTERNAL_REFERENCE_TYPE_WEBSITE = 3; + // Security advisories + EXTERNAL_REFERENCE_TYPE_ADVISORIES = 4; + // Bill-of-material document (CycloneDX, SPDX, SWID, etc) + EXTERNAL_REFERENCE_TYPE_BOM = 5; + // Mailing list or discussion group + EXTERNAL_REFERENCE_TYPE_MAILING_LIST = 6; + // Social media account + EXTERNAL_REFERENCE_TYPE_SOCIAL = 7; + // Real-time chat platform + EXTERNAL_REFERENCE_TYPE_CHAT = 8; + // Documentation, guides, or how-to instructions + EXTERNAL_REFERENCE_TYPE_DOCUMENTATION = 9; + // Community or commercial support + EXTERNAL_REFERENCE_TYPE_SUPPORT = 10; + // Direct or repository download location + EXTERNAL_REFERENCE_TYPE_DISTRIBUTION = 11; + // The URL to the license file. If a license URL has been defined in the license node, it should also be defined as an external reference for completeness + EXTERNAL_REFERENCE_TYPE_LICENSE = 12; + // Build-system specific meta file (i.e. pom.xml, package.json, .nuspec, etc) + EXTERNAL_REFERENCE_TYPE_BUILD_META = 13; + // URL to an automated build system + EXTERNAL_REFERENCE_TYPE_BUILD_SYSTEM = 14; +} + +enum HashAlg { + HASH_ALG_NULL = 0; + HASH_ALG_MD_5 = 1; + HASH_ALG_SHA_1 = 2; + HASH_ALG_SHA_256 = 3; + HASH_ALG_SHA_384 = 4; + HASH_ALG_SHA_512 = 5; + HASH_ALG_SHA_3_256 = 6; + HASH_ALG_SHA_3_384 = 7; + HASH_ALG_SHA_3_512 = 8; + HASH_ALG_BLAKE_2_B_256 = 9; + HASH_ALG_BLAKE_2_B_384 = 10; + HASH_ALG_BLAKE_2_B_512 = 11; + HASH_ALG_BLAKE_3 = 12; +} + +// Specifies the file hash of the component +message Hash { + // Specifies the algorithm used to create the hash + HashAlg alg = 1; + // SimpleContent value of element + string value = 2; +} + +message IdentifiableAction { + // The timestamp in which the action occurred + optional google.protobuf.Timestamp timestamp = 1; + // The name of the individual who performed the action + optional string name = 2; + // The email address of the individual who performed the action + optional string email = 3; +} + +enum IssueClassification { + ISSUE_CLASSIFICATION_NULL = 0; + // A fault, flaw, or bug in software + ISSUE_CLASSIFICATION_DEFECT = 1; + // A new feature or behavior in software + ISSUE_CLASSIFICATION_ENHANCEMENT = 2; + // A special type of defect which impacts security + ISSUE_CLASSIFICATION_SECURITY = 3; +} + +message Issue { + // Specifies the type of issue + IssueClassification type = 1; + // The identifier of the issue assigned by the source of the issue + optional string id = 2; + // The name of the issue + optional string name = 3; + // A description of the issue + optional string description = 4; + optional Source source = 5; + repeated string references = 6; +} + +// The source of the issue where it is documented. +message Source { + // The name of the source. For example "National Vulnerability Database", "NVD", and "Apache" + optional string name = 1; + // The url of the issue documentation as provided by the source + optional string url = 2; +} + +message LicenseChoice { + oneof choice { + License license = 1; + string expression = 2; + } +} + +message License { + oneof license { + // A valid SPDX license ID + string id = 1; + // If SPDX does not define the license used, this field may be used to provide the license name + string name = 2; + } + // Specifies the optional full text of the attachment + optional AttachedText text = 3; + // The URL to the attachment file. If the attachment is a license or BOM, an externalReference should also be specified for completeness. + optional string url = 4; + // An optional identifier which can be used to reference the license elsewhere in the BOM. Uniqueness is enforced within all elements and children of the root-level bom element. + optional string bom_ref = 5; + // Licensing details describing the licensor/licensee, license type, renewal and expiration dates, and other important metadata + optional Licensing licensing = 6; +} + +message Licensing { + // License identifiers that may be used to manage licenses and their lifecycle + repeated string altIds = 1; + // The individual or organization that grants a license to another individual or organization + optional OrganizationalEntityOrContact licensor = 2; + // The individual or organization for which a license was granted to + optional OrganizationalEntityOrContact licensee = 3; + // The individual or organization that purchased the license + optional OrganizationalEntityOrContact purchaser = 4; + // The purchase order identifier the purchaser sent to a supplier or vendor to authorize a purchase + optional string purchaseOrder = 5; + // The type of license(s) that was granted to the licensee + repeated LicensingTypeEnum licenseTypes = 6; + // The timestamp indicating when the license was last renewed. For new purchases, this is often the purchase or acquisition date. For non-perpetual licenses or subscriptions, this is the timestamp of when the license was last renewed. + optional google.protobuf.Timestamp lastRenewal = 7; + // The timestamp indicating when the current license expires (if applicable). + optional google.protobuf.Timestamp expiration = 8; +} + +message OrganizationalEntityOrContact { + oneof choice { + OrganizationalEntity organization = 1; + OrganizationalContact individual = 2; + } +} + +enum LicensingTypeEnum { + LICENSING_TYPE_NULL = 0; + // A license that grants use of software solely for the purpose of education or research. + LICENSING_TYPE_ACADEMIC = 1; +} + +message Metadata { + // The date and time (timestamp) when the document was created. + optional google.protobuf.Timestamp timestamp = 1; + // The tool(s) used in the creation of the BOM. + repeated Tool tools = 2; + // The person(s) who created the BOM. Authors are common in BOMs created through manual processes. BOMs created through automated means may not have authors. + repeated OrganizationalContact authors = 3; + // The component that the BOM describes. + optional Component component = 4; + // The organization that manufactured the component that the BOM describes. + optional OrganizationalEntity manufacture = 5; + // The organization that supplied the component that the BOM describes. The supplier may often be the manufacture, but may also be a distributor or repackager. + optional OrganizationalEntity supplier = 6; + // The license information for the BOM document + optional LicenseChoice licenses = 7; + // Specifies optional, custom, properties + repeated Property properties = 8; +} + +message OrganizationalContact { + // The name of the contact + optional string name = 1; + // The email address of the contact. + optional string email = 2; + // The phone number of the contact. + optional string phone = 3; +} + +message OrganizationalEntity { + // The name of the organization + optional string name = 1; + // The URL of the organization. Multiple URLs are allowed. + repeated string url = 2; + // A contact person at the organization. Multiple contacts are allowed. + repeated OrganizationalContact contact = 3; +} + +enum PatchClassification { + PATCH_CLASSIFICATION_NULL = 0; + // A patch which is not developed by the creators or maintainers of the software being patched. Refer to https://en.wikipedia.org/wiki/Unofficial_patch + PATCH_CLASSIFICATION_UNOFFICIAL = 1; + // A patch which dynamically modifies runtime behavior. Refer to https://en.wikipedia.org/wiki/Monkey_patch + PATCH_CLASSIFICATION_MONKEY = 2; + // A patch which takes code from a newer version of software and applies it to older versions of the same software. Refer to https://en.wikipedia.org/wiki/Backporting + PATCH_CLASSIFICATION_BACKPORT = 3; + // A patch created by selectively applying commits from other versions or branches of the same software. + PATCH_CLASSIFICATION_CHERRY_PICK = 4; +} + +message Patch { + // Specifies the purpose for the patch including the resolution of defects, security issues, or new behavior or functionality + PatchClassification type = 1; + // The patch file (or diff) that show changes. Refer to https://en.wikipedia.org/wiki/Diff + optional Diff diff = 2; + repeated Issue resolves = 3; +} + +// Component pedigree is a way to document complex supply chain scenarios where components are created, distributed, modified, redistributed, combined with other components, etc. Pedigree supports viewing this complex chain from the beginning, the end, or anywhere in the middle. It also provides a way to document variants where the exact relation may not be known. +message Pedigree { + // Describes zero or more components in which a component is derived from. This is commonly used to describe forks from existing projects where the forked version contains a ancestor node containing the original component it was forked from. For example, Component A is the original component. Component B is the component being used and documented in the BOM. However, Component B contains a pedigree node with a single ancestor documenting Component A - the original component from which Component B is derived from. + repeated Component ancestors = 1; + // Descendants are the exact opposite of ancestors. This provides a way to document all forks (and their forks) of an original or root component. + repeated Component descendants = 2; + // Variants describe relations where the relationship between the components are not known. For example, if Component A contains nearly identical code to Component B. They are both related, but it is unclear if one is derived from the other, or if they share a common ancestor. + repeated Component variants = 3; + // A list of zero or more commits which provide a trail describing how the component deviates from an ancestor, descendant, or variant. + repeated Commit commits = 4; + // A list of zero or more patches describing how the component deviates from an ancestor, descendant, or variant. Patches may be complimentary to commits or may be used in place of commits. + repeated Patch patches = 5; + // Notes, observations, and other non-structured commentary describing the components pedigree. + optional string notes = 6; +} + +enum Scope { + // Default + SCOPE_UNSPECIFIED = 0; + // The component is required for runtime + SCOPE_REQUIRED = 1; + // The component is optional at runtime. Optional components are components that are not capable of being called due to them not be installed or otherwise accessible by any means. Components that are installed but due to configuration or other restrictions are prohibited from being called must be scoped as 'required'. + SCOPE_OPTIONAL = 2; + // Components that are excluded provide the ability to document component usage for test and other non-runtime purposes. Excluded components are not reachable within a call graph at runtime. + SCOPE_EXCLUDED = 3; +} + +message Service { + // An optional identifier which can be used to reference the service elsewhere in the BOM. Uniqueness is enforced within all elements and children of the root-level bom element. + optional string bom_ref = 1; + // The organization that provides the service. + optional OrganizationalEntity provider = 2; + // The grouping name, namespace, or identifier. This will often be a shortened, single name of the company or project that produced the service or domain name. Whitespace and special characters should be avoided. + optional string group = 3; + // The name of the service. This will often be a shortened, single name of the service. + string name = 4; + // The service version. + optional string version = 5; + // Specifies a description for the service. + optional string description = 6; + repeated string endpoints = 7; + // A boolean value indicating if the service requires authentication. A value of true indicates the service requires authentication prior to use. A value of false indicates the service does not require authentication. + optional bool authenticated = 8; + // A boolean value indicating if use of the service crosses a trust zone or boundary. A value of true indicates that by using the service, a trust boundary is crossed. A value of false indicates that by using the service, a trust boundary is not crossed. + optional bool x_trust_boundary = 9; + repeated DataClassification data = 10; + repeated LicenseChoice licenses = 11; + // Provides the ability to document external references related to the service. + repeated ExternalReference external_references = 12; + // Specifies optional sub-service. This is not a dependency tree. It provides a way to specify a hierarchical representation of service assemblies, similar to system -> subsystem -> parts assembly in physical supply chains. + repeated Service services = 13; + // Specifies optional, custom, properties + repeated Property properties = 14; + // Specifies optional release notes. + optional ReleaseNotes releaseNotes = 15; +} + +message Swid { + // Maps to the tagId of a SoftwareIdentity. + string tag_id = 1; + // Maps to the name of a SoftwareIdentity. + string name = 2; + // Maps to the version of a SoftwareIdentity. + optional string version = 3; + // Maps to the tagVersion of a SoftwareIdentity. + optional int32 tag_version = 4; + // Maps to the patch of a SoftwareIdentity. + optional bool patch = 5; + // Specifies the full content of the SWID tag. + optional AttachedText text = 6; + // The URL to the SWID file. + optional string url = 7; +} + +// Specifies a tool (manual or automated). +message Tool { + // The vendor of the tool used to create the BOM. + optional string vendor = 1; + // The name of the tool used to create the BOM. + optional string name = 2; + // The version of the tool used to create the BOM. + optional string version = 3; + repeated Hash hashes = 4; + // Provides the ability to document external references related to the tool. + repeated ExternalReference external_references = 5; +} + +// Specifies a property +message Property { + string name = 1; + optional string value = 2; +} + +enum Aggregate { + // Default, no statement about the aggregate completeness is being made + AGGREGATE_NOT_SPECIFIED = 0; + // The aggregate composition is complete + AGGREGATE_COMPLETE = 1; + // The aggregate composition is incomplete + AGGREGATE_INCOMPLETE = 2; + // The aggregate composition is incomplete for first party components, complete for third party components + AGGREGATE_INCOMPLETE_FIRST_PARTY_ONLY = 3; + // The aggregate composition is incomplete for third party components, complete for first party components + AGGREGATE_INCOMPLETE_THIRD_PARTY_ONLY = 4; + // The aggregate composition completeness is unknown + AGGREGATE_UNKNOWN = 5; +} + +message Composition { + // Indicates the aggregate completeness + Aggregate aggregate = 1; + // The assemblies the aggregate completeness applies to + repeated string assemblies = 2; + // The dependencies the aggregate completeness applies to + repeated string dependencies = 3; +} + +message EvidenceCopyright { + // Copyright text + string text = 1; +} + +message Evidence { + repeated LicenseChoice licenses = 1; + repeated EvidenceCopyright copyright = 2; +} + +message Note { + // The ISO-639 (or higher) language code and optional ISO-3166 (or higher) country code. Examples include: "en", "en-US", "fr" and "fr-CA". + optional string locale = 1; + // Specifies the full content of the release note. + optional AttachedText text = 2; +} + +message ReleaseNotes { + // The software versioning type. It is RECOMMENDED that the release type use one of 'major', 'minor', 'patch', 'pre-release', or 'internal'. Representing all possible software release types is not practical, so standardizing on the recommended values, whenever possible, is strongly encouraged. + string type = 1; + // The title of the release. + optional string title = 2; + // The URL to an image that may be prominently displayed with the release note. + optional string featuredImage = 3; + // The URL to an image that may be used in messaging on social media platforms. + optional string socialImage = 4; + // A short description of the release. + optional string description = 5; + // The date and time (timestamp) when the release note was created. + optional google.protobuf.Timestamp timestamp = 6; + // Optional alternate names the release may be referred to. This may include unofficial terms used by development and marketing teams (e.g. code names). + repeated string aliases = 7; + // Optional tags that may aid in search or retrieval of the release note. + repeated string tags = 8; + // A collection of issues that have been resolved. + repeated Issue resolves = 9; + // Zero or more release notes containing the locale and content. Multiple note messages may be specified to support release notes in a wide variety of languages. + repeated Note notes = 10; + // Specifies optional, custom, properties + repeated Property properties = 11; +} + +message Vulnerability { + // An optional identifier which can be used to reference the vulnerability elsewhere in the BOM. Uniqueness is enforced within all elements and children of the root-level bom element. + optional string bom_ref = 1; + // The identifier that uniquely identifies the vulnerability. + optional string id = 2; + // The source that published the vulnerability. + optional Source source = 3; + // Zero or more pointers to vulnerabilities that are the equivalent of the vulnerability specified. Often times, the same vulnerability may exist in multiple sources of vulnerability intelligence, but have different identifiers. References provide a way to correlate vulnerabilities across multiple sources of vulnerability intelligence. + repeated VulnerabilityReference references = 4; + // List of vulnerability ratings + repeated VulnerabilityRating ratings = 5; + // List of Common Weaknesses Enumerations (CWEs) codes that describes this vulnerability. For example 399 (of https://cwe.mitre.org/data/definitions/399.html) + repeated int32 cwes = 6; + // A description of the vulnerability as provided by the source. + optional string description = 7; + // If available, an in-depth description of the vulnerability as provided by the source organization. Details often include examples, proof-of-concepts, and other information useful in understanding root cause. + optional string detail = 8; + // Recommendations of how the vulnerability can be remediated or mitigated. + optional string recommendation = 9; + // Published advisories of the vulnerability if provided. + repeated Advisory advisories = 10; + // The date and time (timestamp) when the vulnerability record was created in the vulnerability database. + optional google.protobuf.Timestamp created = 11; + // The date and time (timestamp) when the vulnerability record was first published. + optional google.protobuf.Timestamp published = 12; + // The date and time (timestamp) when the vulnerability record was last updated. + optional google.protobuf.Timestamp updated = 13; + // Individuals or organizations credited with the discovery of the vulnerability. + optional VulnerabilityCredits credits = 14; + // The tool(s) used to identify, confirm, or score the vulnerability. + repeated Tool tools = 15; + // An assessment of the impact and exploitability of the vulnerability. + optional VulnerabilityAnalysis analysis = 16; + // affects + repeated VulnerabilityAffects affects = 17; + // Specifies optional, custom, properties + repeated Property properties = 18; + // The date and time (timestamp) when the vulnerability record was rejected (if applicable). + optional google.protobuf.Timestamp rejected = 19; +} + +message VulnerabilityReference { + // An identifier that uniquely identifies the vulnerability. + optional string id = 1; + // The source that published the vulnerability. + optional Source source = 2; +} + +message VulnerabilityRating { + // The source that calculated the severity or risk rating of the vulnerability. + optional Source source = 1; + // The numerical score of the rating. + optional double score = 2; + // Textual representation of the severity that corresponds to the numerical score of the rating. + optional Severity severity = 3; + // Specifies the severity or risk scoring methodology or standard used. + optional ScoreMethod method = 4; + // Textual representation of the metric values used to score the vulnerability. + optional string vector = 5; + // An optional reason for rating the vulnerability as it was. + optional string justification = 6; +} + +enum Severity { + SEVERITY_UNKNOWN = 0; + SEVERITY_CRITICAL = 1; + SEVERITY_HIGH = 2; + SEVERITY_MEDIUM = 3; + SEVERITY_LOW = 4; + SEVERITY_INFO = 5; + SEVERITY_NONE = 6; +} + +enum ScoreMethod { + // An undefined score method + SCORE_METHOD_NULL = 0; + // Common Vulnerability Scoring System v2 - https://www.first.org/cvss/v2/ + SCORE_METHOD_CVSSV2 = 1; + // Common Vulnerability Scoring System v3 - https://www.first.org/cvss/v3-0/ + SCORE_METHOD_CVSSV3 = 2; + // Common Vulnerability Scoring System v3.1 - https://www.first.org/cvss/v3-1/ + SCORE_METHOD_CVSSV31 = 3; + // OWASP Risk Rating Methodology - https://owasp.org/www-community/OWASP_Risk_Rating_Methodology + SCORE_METHOD_OWASP = 4; + // Other scoring method + SCORE_METHOD_OTHER = 5; +} + +message Advisory { + // An optional name of the advisory. + optional string title = 1; + // Location where the advisory can be obtained. + string url = 2; +} + +message VulnerabilityCredits { + // The organizations credited with vulnerability discovery. + repeated OrganizationalEntity organizations = 1; + // The individuals, not associated with organizations, that are credited with vulnerability discovery. + repeated OrganizationalContact individuals = 2; +} + +message VulnerabilityAnalysis { + // Declares the current state of an occurrence of a vulnerability, after automated or manual analysis. + optional ImpactAnalysisState state = 1; + // The rationale of why the impact analysis state was asserted. + optional ImpactAnalysisJustification justification = 2; + // A response to the vulnerability by the manufacturer, supplier, or project responsible for the affected component or service. More than one response is allowed. Responses are strongly encouraged for vulnerabilities where the analysis state is exploitable. + repeated VulnerabilityResponse response = 3; + // Detailed description of the impact including methods used during assessment. If a vulnerability is not exploitable, this field should include specific details on why the component or service is not impacted by this vulnerability. + optional string detail = 4; +} + +enum ImpactAnalysisState { + // An undefined impact analysis state + IMPACT_ANALYSIS_STATE_NULL = 0; + // The vulnerability has been remediated. + IMPACT_ANALYSIS_STATE_RESOLVED = 1; + // The vulnerability has been remediated and evidence of the changes are provided in the affected components pedigree containing verifiable commit history and/or diff(s). + IMPACT_ANALYSIS_STATE_RESOLVED_WITH_PEDIGREE = 2; + // The vulnerability may be directly or indirectly exploitable. + IMPACT_ANALYSIS_STATE_EXPLOITABLE = 3; + // The vulnerability is being investigated. + IMPACT_ANALYSIS_STATE_IN_TRIAGE = 4; + // The vulnerability is not specific to the component or service and was falsely identified or associated. + IMPACT_ANALYSIS_STATE_FALSE_POSITIVE = 5; + // The component or service is not affected by the vulnerability. Justification should be specified for all not_affected cases. + IMPACT_ANALYSIS_STATE_NOT_AFFECTED = 6; +} + +enum ImpactAnalysisJustification { + // An undefined impact analysis justification + IMPACT_ANALYSIS_JUSTIFICATION_NULL = 0; + // The code has been removed or tree-shaked. + IMPACT_ANALYSIS_JUSTIFICATION_CODE_NOT_PRESENT = 1; + // The vulnerable code is not invoked at runtime. + IMPACT_ANALYSIS_JUSTIFICATION_CODE_NOT_REACHABLE = 2; + // Exploitability requires a configurable option to be set/unset. + IMPACT_ANALYSIS_JUSTIFICATION_REQUIRES_CONFIGURATION = 3; + // Exploitability requires a dependency that is not present. + IMPACT_ANALYSIS_JUSTIFICATION_REQUIRES_DEPENDENCY = 4; + // Exploitability requires a certain environment which is not present. + IMPACT_ANALYSIS_JUSTIFICATION_REQUIRES_ENVIRONMENT = 5; + // Exploitability requires a compiler flag to be set/unset. + IMPACT_ANALYSIS_JUSTIFICATION_PROTECTED_BY_COMPILER = 6; + // Exploits are prevented at runtime. + IMPACT_ANALYSIS_JUSTIFICATION_PROTECTED_AT_RUNTIME = 7; + // Attacks are blocked at physical, logical, or network perimeter. + IMPACT_ANALYSIS_JUSTIFICATION_PROTECTED_AT_PERIMETER = 8; + // Preventative measures have been implemented that reduce the likelihood and/or impact of the vulnerability. + IMPACT_ANALYSIS_JUSTIFICATION_PROTECTED_BY_MITIGATING_CONTROL = 9; +} + +enum VulnerabilityResponse { + VULNERABILITY_RESPONSE_NULL = 0; + VULNERABILITY_RESPONSE_CAN_NOT_FIX = 1; + VULNERABILITY_RESPONSE_WILL_NOT_FIX = 2; + VULNERABILITY_RESPONSE_UPDATE = 3; + VULNERABILITY_RESPONSE_ROLLBACK = 4; + VULNERABILITY_RESPONSE_WORKAROUND_AVAILABLE = 5; +} + +message VulnerabilityAffects { + // References a component or service by the objects bom-ref + string ref = 1; + // Zero or more individual versions or range of versions. + repeated VulnerabilityAffectedVersions versions = 2; +} + +message VulnerabilityAffectedVersions { + oneof choice { + // A single version of a component or service. + string version = 1; + // A version range specified in Package URL Version Range syntax (vers) which is defined at https://github.com/package-url/purl-spec/VERSION-RANGE-SPEC.rst + string range = 2; + } + // The vulnerability status for the version or range of versions. + optional VulnerabilityAffectedStatus status = 3; +} + +enum VulnerabilityAffectedStatus { + // The vulnerability status of a given version or range of versions of a product. The statuses 'affected' and 'unaffected' indicate that the version is affected or unaffected by the vulnerability. The status 'unknown' indicates that it is unknown or unspecified whether the given version is affected. There can be many reasons for an 'unknown' status, including that an investigation has not been undertaken or that a vendor has not disclosed the status. + VULNERABILITY_AFFECTED_STATUS_UNKNOWN = 0; + VULNERABILITY_AFFECTED_STATUS_AFFECTED = 1; + VULNERABILITY_AFFECTED_STATUS_NOT_AFFECTED = 2; +} \ No newline at end of file diff --git a/src/main/resources/bom-1.5.schema.json b/src/main/resources/bom-1.5.schema.json new file mode 100644 index 000000000..43a09c02d --- /dev/null +++ b/src/main/resources/bom-1.5.schema.json @@ -0,0 +1,1963 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "http://cyclonedx.org/schema/bom-1.5.schema.json", + "type": "object", + "title": "CycloneDX Software Bill of Materials Standard", + "$comment" : "CycloneDX JSON schema is published under the terms of the Apache License 2.0.", + "required": [ + "bomFormat", + "specVersion", + "version" + ], + "additionalProperties": false, + "properties": { + "$schema": { + "type": "string", + "enum": [ + "http://cyclonedx.org/schema/bom-1.5.schema.json" + ] + }, + "bomFormat": { + "type": "string", + "title": "BOM Format", + "description": "Specifies the format of the BOM. This helps to identify the file as CycloneDX since BOMs do not have a filename convention nor does JSON schema support namespaces. This value MUST be \"CycloneDX\".", + "enum": [ + "CycloneDX" + ] + }, + "specVersion": { + "type": "string", + "title": "CycloneDX Specification Version", + "description": "The version of the CycloneDX specification a BOM conforms to (starting at version 1.2).", + "examples": ["1.5"] + }, + "serialNumber": { + "type": "string", + "title": "BOM Serial Number", + "description": "Every BOM generated SHOULD have a unique serial number, even if the contents of the BOM have not changed over time. If specified, the serial number MUST conform to RFC-4122. Use of serial numbers are RECOMMENDED.", + "examples": ["urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79"], + "pattern": "^urn:uuid:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$" + }, + "version": { + "type": "integer", + "title": "BOM Version", + "description": "Whenever an existing BOM is modified, either manually or through automated processes, the version of the BOM SHOULD be incremented by 1. When a system is presented with multiple BOMs with identical serial numbers, the system SHOULD use the most recent version of the BOM. The default version is '1'.", + "default": 1, + "examples": [1] + }, + "metadata": { + "$ref": "#/definitions/metadata", + "title": "BOM Metadata", + "description": "Provides additional information about a BOM." + }, + "components": { + "type": "array", + "additionalItems": false, + "items": {"$ref": "#/definitions/component"}, + "uniqueItems": true, + "title": "Components", + "description": "A list of software and hardware components." + }, + "services": { + "type": "array", + "additionalItems": false, + "items": {"$ref": "#/definitions/service"}, + "uniqueItems": true, + "title": "Services", + "description": "A list of services. This may include microservices, function-as-a-service, and other types of network or intra-process services." + }, + "externalReferences": { + "type": "array", + "additionalItems": false, + "items": {"$ref": "#/definitions/externalReference"}, + "title": "External References", + "description": "External references provide a way to document systems, sites, and information that may be relevant, but are not included with the BOM. They may also establish specific relationships within or external to the BOM." + }, + "dependencies": { + "type": "array", + "additionalItems": false, + "items": {"$ref": "#/definitions/dependency"}, + "uniqueItems": true, + "title": "Dependencies", + "description": "Provides the ability to document dependency relationships." + }, + "compositions": { + "type": "array", + "additionalItems": false, + "items": {"$ref": "#/definitions/compositions"}, + "uniqueItems": true, + "title": "Compositions", + "description": "Compositions describe constituent parts (including components, services, and dependency relationships) and their completeness." + }, + "vulnerabilities": { + "type": "array", + "additionalItems": false, + "items": {"$ref": "#/definitions/vulnerability"}, + "uniqueItems": true, + "title": "Vulnerabilities", + "description": "Vulnerabilities identified in components or services." + }, + "annotations": { + "type": "array", + "additionalItems": false, + "items": {"$ref": "#/definitions/annotations"}, + "uniqueItems": true, + "title": "Annotations", + "description": "Comments made by people, organizations, or tools about any object with a bom-ref, such as components, services, vulnerabilities, or the BOM itself. Unlike inventory information, annotations may contain opinion or commentary from various stakeholders. Annotations may be inline (with inventory) or externalized via BOM-Link, and may optionally be signed." + }, + "signature": { + "$ref": "#/definitions/signature", + "title": "Signature", + "description": "Enveloped signature in [JSON Signature Format (JSF)](https://cyberphone.github.io/doc/security/jsf.html)." + } + }, + "definitions": { + "refType": { + "$comment": "Identifier-DataType for interlinked elements.", + "type": "string" + }, + "metadata": { + "type": "object", + "title": "BOM Metadata Object", + "additionalProperties": false, + "properties": { + "timestamp": { + "type": "string", + "format": "date-time", + "title": "Timestamp", + "description": "The date and time (timestamp) when the BOM was created." + }, + "tools": { + "type": "array", + "title": "Creation Tools", + "description": "The tool(s) used in the creation of the BOM.", + "additionalItems": false, + "items": {"$ref": "#/definitions/tool"} + }, + "authors" :{ + "type": "array", + "title": "Authors", + "description": "The person(s) who created the BOM. Authors are common in BOMs created through manual processes. BOMs created through automated means may not have authors.", + "additionalItems": false, + "items": {"$ref": "#/definitions/organizationalContact"} + }, + "component": { + "title": "Component", + "description": "The component that the BOM describes.", + "$ref": "#/definitions/component" + }, + "manufacture": { + "title": "Manufacture", + "description": "The organization that manufactured the component that the BOM describes.", + "$ref": "#/definitions/organizationalEntity" + }, + "supplier": { + "title": "Supplier", + "description": " The organization that supplied the component that the BOM describes. The supplier may often be the manufacturer, but may also be a distributor or repackager.", + "$ref": "#/definitions/organizationalEntity" + }, + "licenses": { + "type": "array", + "title": "BOM License(s)", + "additionalItems": false, + "items": {"$ref": "#/definitions/licenseChoice"} + }, + "properties": { + "type": "array", + "title": "Properties", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL.", + "additionalItems": false, + "items": {"$ref": "#/definitions/property"} + } + } + }, + "tool": { + "type": "object", + "title": "Tool", + "description": "Information about the automated or manual tool used", + "additionalProperties": false, + "properties": { + "vendor": { + "type": "string", + "title": "Tool Vendor", + "description": "The name of the vendor who created the tool" + }, + "name": { + "type": "string", + "title": "Tool Name", + "description": "The name of the tool" + }, + "version": { + "type": "string", + "title": "Tool Version", + "description": "The version of the tool" + }, + "hashes": { + "type": "array", + "additionalItems": false, + "items": {"$ref": "#/definitions/hash"}, + "title": "Hashes", + "description": "The hashes of the tool (if applicable)." + }, + "externalReferences": { + "type": "array", + "additionalItems": false, + "items": {"$ref": "#/definitions/externalReference"}, + "title": "External References", + "description": "External references provide a way to document systems, sites, and information that may be relevant, but are not included with the BOM. They may also establish specific relationships within or external to the BOM." + } + } + }, + "organizationalEntity": { + "type": "object", + "title": "Organizational Entity Object", + "description": "", + "additionalProperties": false, + "properties": { + "name": { + "type": "string", + "title": "Name", + "description": "The name of the organization", + "examples": [ + "Example Inc." + ] + }, + "url": { + "type": "array", + "items": { + "type": "string", + "format": "iri-reference" + }, + "title": "URL", + "description": "The URL of the organization. Multiple URLs are allowed.", + "examples": ["https://example.com"] + }, + "contact": { + "type": "array", + "title": "Contact", + "description": "A contact at the organization. Multiple contacts are allowed.", + "additionalItems": false, + "items": {"$ref": "#/definitions/organizationalContact"} + } + } + }, + "organizationalContact": { + "type": "object", + "title": "Organizational Contact Object", + "description": "", + "additionalProperties": false, + "properties": { + "name": { + "type": "string", + "title": "Name", + "description": "The name of a contact", + "examples": ["Contact name"] + }, + "email": { + "type": "string", + "format": "idn-email", + "title": "Email Address", + "description": "The email address of the contact.", + "examples": ["firstname.lastname@example.com"] + }, + "phone": { + "type": "string", + "title": "Phone", + "description": "The phone number of the contact.", + "examples": ["800-555-1212"] + } + } + }, + "component": { + "type": "object", + "title": "Component Object", + "required": [ + "type", + "name" + ], + "additionalProperties": false, + "properties": { + "type": { + "type": "string", + "enum": [ + "application", + "framework", + "library", + "container", + "operating-system", + "device", + "firmware", + "file" + ], + "title": "Component Type", + "description": "Specifies the type of component. For software components, classify as application if no more specific appropriate classification is available or cannot be determined for the component. Types include:\n\n* __application__ = A software application. Refer to [https://en.wikipedia.org/wiki/Application_software](https://en.wikipedia.org/wiki/Application_software) for information about applications.\n* __framework__ = A software framework. Refer to [https://en.wikipedia.org/wiki/Software_framework](https://en.wikipedia.org/wiki/Software_framework) for information on how frameworks vary slightly from libraries.\n* __library__ = A software library. Refer to [https://en.wikipedia.org/wiki/Library_(computing)](https://en.wikipedia.org/wiki/Library_(computing))\n for information about libraries. All third-party and open source reusable components will likely be a library. If the library also has key features of a framework, then it should be classified as a framework. If not, or is unknown, then specifying library is RECOMMENDED.\n* __container__ = A packaging and/or runtime format, not specific to any particular technology, which isolates software inside the container from software outside of a container through virtualization technology. Refer to [https://en.wikipedia.org/wiki/OS-level_virtualization](https://en.wikipedia.org/wiki/OS-level_virtualization)\n* __operating-system__ = A software operating system without regard to deployment model (i.e. installed on physical hardware, virtual machine, image, etc) Refer to [https://en.wikipedia.org/wiki/Operating_system](https://en.wikipedia.org/wiki/Operating_system)\n* __device__ = A hardware device such as a processor, or chip-set. A hardware device containing firmware SHOULD include a component for the physical hardware itself, and another component of type 'firmware' or 'operating-system' (whichever is relevant), describing information about the software running on the device.\n* __firmware__ = A special type of software that provides low-level control over a devices hardware. Refer to [https://en.wikipedia.org/wiki/Firmware](https://en.wikipedia.org/wiki/Firmware)\n* __file__ = A computer file. Refer to [https://en.wikipedia.org/wiki/Computer_file](https://en.wikipedia.org/wiki/Computer_file) for information about files.", + "examples": ["library"] + }, + "mime-type": { + "type": "string", + "title": "Mime-Type", + "description": "The optional mime-type of the component. When used on file components, the mime-type can provide additional context about the kind of file being represented such as an image, font, or executable. Some library or framework components may also have an associated mime-type.", + "examples": ["image/jpeg"], + "pattern": "^[-+a-z0-9.]+/[-+a-z0-9.]+$" + }, + "bom-ref": { + "$ref": "#/definitions/refType", + "title": "BOM Reference", + "description": "An optional identifier which can be used to reference the component elsewhere in the BOM. Every bom-ref MUST be unique within the BOM." + }, + "supplier": { + "title": "Component Supplier", + "description": " The organization that supplied the component. The supplier may often be the manufacturer, but may also be a distributor or repackager.", + "$ref": "#/definitions/organizationalEntity" + }, + "author": { + "type": "string", + "title": "Component Author", + "description": "The person(s) or organization(s) that authored the component", + "examples": ["Acme Inc"] + }, + "publisher": { + "type": "string", + "title": "Component Publisher", + "description": "The person(s) or organization(s) that published the component", + "examples": ["Acme Inc"] + }, + "group": { + "type": "string", + "title": "Component Group", + "description": "The grouping name or identifier. This will often be a shortened, single name of the company or project that produced the component, or the source package or domain name. Whitespace and special characters should be avoided. Examples include: apache, org.apache.commons, and apache.org.", + "examples": ["com.acme"] + }, + "name": { + "type": "string", + "title": "Component Name", + "description": "The name of the component. This will often be a shortened, single name of the component. Examples: commons-lang3 and jquery", + "examples": ["tomcat-catalina"] + }, + "version": { + "type": "string", + "title": "Component Version", + "description": "The component version. The version should ideally comply with semantic versioning but is not enforced.", + "examples": ["9.0.14"] + }, + "description": { + "type": "string", + "title": "Component Description", + "description": "Specifies a description for the component" + }, + "scope": { + "type": "string", + "enum": [ + "required", + "optional", + "excluded" + ], + "title": "Component Scope", + "description": "Specifies the scope of the component. If scope is not specified, 'required' scope SHOULD be assumed by the consumer of the BOM.", + "default": "required" + }, + "hashes": { + "type": "array", + "title": "Component Hashes", + "additionalItems": false, + "items": {"$ref": "#/definitions/hash"} + }, + "licenses": { + "type": "array", + "additionalItems": false, + "items": {"$ref": "#/definitions/licenseChoice"}, + "title": "Component License(s)" + }, + "copyright": { + "type": "string", + "title": "Component Copyright", + "description": "A copyright notice informing users of the underlying claims to copyright ownership in a published work.", + "examples": ["Acme Inc"] + }, + "cpe": { + "type": "string", + "title": "Component Common Platform Enumeration (CPE)", + "description": "Specifies a well-formed CPE name that conforms to the CPE 2.2 or 2.3 specification. See [https://nvd.nist.gov/products/cpe](https://nvd.nist.gov/products/cpe)", + "examples": ["cpe:2.3:a:acme:component_framework:-:*:*:*:*:*:*:*"] + }, + "purl": { + "type": "string", + "title": "Component Package URL (purl)", + "description": "Specifies the package-url (purl). The purl, if specified, MUST be valid and conform to the specification defined at: [https://github.com/package-url/purl-spec](https://github.com/package-url/purl-spec)", + "examples": ["pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar"] + }, + "swid": { + "$ref": "#/definitions/swid", + "title": "SWID Tag", + "description": "Specifies metadata and content for [ISO-IEC 19770-2 Software Identification (SWID) Tags](https://www.iso.org/standard/65666.html)." + }, + "modified": { + "type": "boolean", + "title": "Component Modified From Original", + "description": "[Deprecated] - DO NOT USE. This will be removed in a future version. Use the pedigree element instead to supply information on exactly how the component was modified. A boolean value indicating if the component has been modified from the original. A value of true indicates the component is a derivative of the original. A value of false indicates the component has not been modified from the original." + }, + "pedigree": { + "type": "object", + "title": "Component Pedigree", + "description": "Component pedigree is a way to document complex supply chain scenarios where components are created, distributed, modified, redistributed, combined with other components, etc. Pedigree supports viewing this complex chain from the beginning, the end, or anywhere in the middle. It also provides a way to document variants where the exact relation may not be known.", + "additionalProperties": false, + "properties": { + "ancestors": { + "type": "array", + "title": "Ancestors", + "description": "Describes zero or more components in which a component is derived from. This is commonly used to describe forks from existing projects where the forked version contains a ancestor node containing the original component it was forked from. For example, Component A is the original component. Component B is the component being used and documented in the BOM. However, Component B contains a pedigree node with a single ancestor documenting Component A - the original component from which Component B is derived from.", + "additionalItems": false, + "items": {"$ref": "#/definitions/component"} + }, + "descendants": { + "type": "array", + "title": "Descendants", + "description": "Descendants are the exact opposite of ancestors. This provides a way to document all forks (and their forks) of an original or root component.", + "additionalItems": false, + "items": {"$ref": "#/definitions/component"} + }, + "variants": { + "type": "array", + "title": "Variants", + "description": "Variants describe relations where the relationship between the components are not known. For example, if Component A contains nearly identical code to Component B. They are both related, but it is unclear if one is derived from the other, or if they share a common ancestor.", + "additionalItems": false, + "items": {"$ref": "#/definitions/component"} + }, + "commits": { + "type": "array", + "title": "Commits", + "description": "A list of zero or more commits which provide a trail describing how the component deviates from an ancestor, descendant, or variant.", + "additionalItems": false, + "items": {"$ref": "#/definitions/commit"} + }, + "patches": { + "type": "array", + "title": "Patches", + "description": ">A list of zero or more patches describing how the component deviates from an ancestor, descendant, or variant. Patches may be complimentary to commits or may be used in place of commits.", + "additionalItems": false, + "items": {"$ref": "#/definitions/patch"} + }, + "notes": { + "type": "string", + "title": "Notes", + "description": "Notes, observations, and other non-structured commentary describing the components pedigree." + } + } + }, + "externalReferences": { + "type": "array", + "additionalItems": false, + "items": {"$ref": "#/definitions/externalReference"}, + "title": "External References", + "description": "External references provide a way to document systems, sites, and information that may be relevant, but are not included with the BOM. They may also establish specific relationships within or external to the BOM." + }, + "components": { + "type": "array", + "additionalItems": false, + "items": {"$ref": "#/definitions/component"}, + "uniqueItems": true, + "title": "Components", + "description": "A list of software and hardware components included in the parent component. This is not a dependency tree. It provides a way to specify a hierarchical representation of component assemblies, similar to system → subsystem → parts assembly in physical supply chains." + }, + "evidence": { + "$ref": "#/definitions/componentEvidence", + "title": "Evidence", + "description": "Provides the ability to document evidence collected through various forms of extraction or analysis." + }, + "releaseNotes": { + "$ref": "#/definitions/releaseNotes", + "title": "Release notes", + "description": "Specifies optional release notes." + }, + "properties": { + "type": "array", + "title": "Properties", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL.", + "additionalItems": false, + "items": {"$ref": "#/definitions/property"} + }, + "signature": { + "$ref": "#/definitions/signature", + "title": "Signature", + "description": "Enveloped signature in [JSON Signature Format (JSF)](https://cyberphone.github.io/doc/security/jsf.html)." + } + } + }, + "swid": { + "type": "object", + "title": "SWID Tag", + "description": "Specifies metadata and content for ISO-IEC 19770-2 Software Identification (SWID) Tags.", + "required": [ + "tagId", + "name" + ], + "additionalProperties": false, + "properties": { + "tagId": { + "type": "string", + "title": "Tag ID", + "description": "Maps to the tagId of a SoftwareIdentity." + }, + "name": { + "type": "string", + "title": "Name", + "description": "Maps to the name of a SoftwareIdentity." + }, + "version": { + "type": "string", + "title": "Version", + "default": "0.0", + "description": "Maps to the version of a SoftwareIdentity." + }, + "tagVersion": { + "type": "integer", + "title": "Tag Version", + "default": 0, + "description": "Maps to the tagVersion of a SoftwareIdentity." + }, + "patch": { + "type": "boolean", + "title": "Patch", + "default": false, + "description": "Maps to the patch of a SoftwareIdentity." + }, + "text": { + "title": "Attachment text", + "description": "Specifies the metadata and content of the SWID tag.", + "$ref": "#/definitions/attachment" + }, + "url": { + "type": "string", + "title": "URL", + "description": "The URL to the SWID file.", + "format": "iri-reference" + } + } + }, + "attachment": { + "type": "object", + "title": "Attachment", + "description": "Specifies the metadata and content for an attachment.", + "required": [ + "content" + ], + "additionalProperties": false, + "properties": { + "contentType": { + "type": "string", + "title": "Content-Type", + "description": "Specifies the content type of the text. Defaults to text/plain if not specified.", + "default": "text/plain" + }, + "encoding": { + "type": "string", + "title": "Encoding", + "description": "Specifies the optional encoding the text is represented in.", + "enum": [ + "base64" + ] + }, + "content": { + "type": "string", + "title": "Attachment Text", + "description": "The attachment data. Proactive controls such as input validation and sanitization should be employed to prevent misuse of attachment text." + } + } + }, + "hash": { + "type": "object", + "title": "Hash Objects", + "required": [ + "alg", + "content" + ], + "additionalProperties": false, + "properties": { + "alg": { + "$ref": "#/definitions/hash-alg" + }, + "content": { + "$ref": "#/definitions/hash-content" + } + } + }, + "hash-alg": { + "type": "string", + "enum": [ + "MD5", + "SHA-1", + "SHA-256", + "SHA-384", + "SHA-512", + "SHA3-256", + "SHA3-384", + "SHA3-512", + "BLAKE2b-256", + "BLAKE2b-384", + "BLAKE2b-512", + "BLAKE3" + ], + "title": "Hash Algorithm" + }, + "hash-content": { + "type": "string", + "title": "Hash Content (value)", + "examples": ["3942447fac867ae5cdb3229b658f4d48"], + "pattern": "^([a-fA-F0-9]{32}|[a-fA-F0-9]{40}|[a-fA-F0-9]{64}|[a-fA-F0-9]{96}|[a-fA-F0-9]{128})$" + }, + "license": { + "type": "object", + "title": "License Object", + "oneOf": [ + { + "required": ["id"] + }, + { + "required": ["name"] + } + ], + "additionalProperties": false, + "properties": { + "bom-ref": { + "$ref": "#/definitions/refType", + "title": "BOM Reference", + "description": "An optional identifier which can be used to reference the license elsewhere in the BOM. Every bom-ref MUST be unique within the BOM." + }, + "id": { + "$ref": "spdx.schema.json", + "title": "License ID (SPDX)", + "description": "A valid SPDX license ID", + "examples": ["Apache-2.0"] + }, + "name": { + "type": "string", + "title": "License Name", + "description": "If SPDX does not define the license used, this field may be used to provide the license name", + "examples": ["Acme Software License"] + }, + "text": { + "title": "License text", + "description": "An optional way to include the textual content of a license.", + "$ref": "#/definitions/attachment" + }, + "url": { + "type": "string", + "title": "License URL", + "description": "The URL to the license file. If specified, a 'license' externalReference should also be specified for completeness", + "examples": ["https://www.apache.org/licenses/LICENSE-2.0.txt"], + "format": "iri-reference" + }, + "properties": { + "type": "array", + "title": "Properties", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL.", + "additionalItems": false, + "items": {"$ref": "#/definitions/property"} + }, + "licensing": { + "type": "object", + "title": "Licensing information", + "description": "Licensing details describing the licensor/licensee, license type, renewal and expiration dates, and other important metadata", + "additionalProperties": false, + "properties": { + "altIds": { + "type": "array", + "title": "Alternate License Identifiers", + "description": "License identifiers that may be used to manage licenses and their lifecycle", + "additionalItems": false, + "items": { + "type": "string" + } + }, + "licensor": { + "title": "Licensor", + "description": "The individual or organization that grants a license to another individual or organization", + "additionalProperties": false, + "properties": { + "organization": { + "title": "Licensor (Organization)", + "description": "The organization that granted the license", + "$ref": "#/definitions/organizationalEntity" + }, + "individual": { + "title": "Licensor (Individual)", + "description": "The individual, not associated with an organization, that granted the license", + "$ref": "#/definitions/organizationalContact" + } + }, + "oneOf":[ + { + "required": ["organization"] + }, + { + "required": ["individual"] + } + ] + }, + "licensee": { + "title": "Licensee", + "description": "The individual or organization for which a license was granted to", + "additionalProperties": false, + "properties": { + "organization": { + "title": "Licensee (Organization)", + "description": "The organization that was granted the license", + "$ref": "#/definitions/organizationalEntity" + }, + "individual": { + "title": "Licensee (Individual)", + "description": "The individual, not associated with an organization, that was granted the license", + "$ref": "#/definitions/organizationalContact" + } + }, + "oneOf":[ + { + "required": ["organization"] + }, + { + "required": ["individual"] + } + ] + }, + "purchaser": { + "title": "Purchaser", + "description": "The individual or organization that purchased the license", + "additionalProperties": false, + "properties": { + "organization": { + "title": "Purchaser (Organization)", + "description": "The organization that purchased the license", + "$ref": "#/definitions/organizationalEntity" + }, + "individual": { + "title": "Purchaser (Individual)", + "description": "The individual, not associated with an organization, that purchased the license", + "$ref": "#/definitions/organizationalContact" + } + }, + "oneOf":[ + { + "required": ["organization"] + }, + { + "required": ["individual"] + } + ] + }, + "purchaseOrder": { + "type": "string", + "title": "Purchase Order", + "description": "The purchase order identifier the purchaser sent to a supplier or vendor to authorize a purchase" + }, + "licenseTypes": { + "type": "array", + "title": "License Type", + "description": "The type of license(s) that was granted to the licensee\n\n* __academic__ = A license that grants use of software solely for the purpose of education or research.\n* __appliance__ = A license covering use of software embedded in a specific piece of hardware.\n* __client-access__ = A Client Access License (CAL) allows client computers to access services provided by server software.\n* __concurrent-user__ = A Concurrent User license (aka floating license) limits the number of licenses for a software application and licenses are shared among a larger number of users.\n* __core-points__ = A license where the core of a computer's processor is assigned a specific number of points.\n* __custom-metric__ = A license for which consumption is measured by non-standard metrics.\n* __device__ = A license which covers a defined number of installations on computers and other types of devices.\n* __evaluation__ = A license which grants permission to install and use software for trial purposes.\n* __named-user__ = A license that grants access to the software to one or more pre-defined users.\n* __node-locked__ = A license that grants access to the software on one or more pre-defined computers or devices.\n* __oem__ = An Original Equipment Manufacturer license that is delivered with hardware, cannot be transferred to other hardware, and is valid for the life of the hardware.\n* __perpetual__ = A license where the software is sold on a one-time basis and the licensee can use a copy of the software indefinitely.\n* __processor-points__ = A license where each installation consumes points per processor.\n* __subscription__ = A license where the licensee pays a fee to use the software or service.\n* __user__ = A license that grants access to the software or service by a specified number of users.\n* __other__ = Another license type.\n", + "additionalItems": false, + "items": { + "type": "string", + "enum": [ + "academic", + "appliance", + "client-access", + "concurrent-user", + "core-points", + "custom-metric", + "device", + "evaluation", + "named-user", + "node-locked", + "oem", + "perpetual", + "processor-points", + "subscription", + "user", + "other" + ] + } + }, + "lastRenewal": { + "type": "string", + "format": "date-time", + "title": "Last Renewal", + "description": "The timestamp indicating when the license was last renewed. For new purchases, this is often the purchase or acquisition date. For non-perpetual licenses or subscriptions, this is the timestamp of when the license was last renewed." + }, + "expiration": { + "type": "string", + "format": "date-time", + "title": "Expiration", + "description": "The timestamp indicating when the current license expires (if applicable)." + } + } + } + } + }, + "licenseChoice": { + "type": "object", + "title": "License(s)", + "additionalProperties": false, + "properties": { + "license": { + "$ref": "#/definitions/license" + }, + "expression": { + "type": "string", + "title": "SPDX License Expression", + "examples": [ + "Apache-2.0 AND (MIT OR GPL-2.0-only)", + "GPL-3.0-only WITH Classpath-exception-2.0" + ] + } + }, + "oneOf":[ + { + "required": ["license"] + }, + { + "required": ["expression"] + } + ] + }, + "commit": { + "type": "object", + "title": "Commit", + "description": "Specifies an individual commit", + "additionalProperties": false, + "properties": { + "uid": { + "type": "string", + "title": "UID", + "description": "A unique identifier of the commit. This may be version control specific. For example, Subversion uses revision numbers whereas git uses commit hashes." + }, + "url": { + "type": "string", + "title": "URL", + "description": "The URL to the commit. This URL will typically point to a commit in a version control system.", + "format": "iri-reference" + }, + "author": { + "title": "Author", + "description": "The author who created the changes in the commit", + "$ref": "#/definitions/identifiableAction" + }, + "committer": { + "title": "Committer", + "description": "The person who committed or pushed the commit", + "$ref": "#/definitions/identifiableAction" + }, + "message": { + "type": "string", + "title": "Message", + "description": "The text description of the contents of the commit" + } + } + }, + "patch": { + "type": "object", + "title": "Patch", + "description": "Specifies an individual patch", + "required": [ + "type" + ], + "additionalProperties": false, + "properties": { + "type": { + "type": "string", + "enum": [ + "unofficial", + "monkey", + "backport", + "cherry-pick" + ], + "title": "Type", + "description": "Specifies the purpose for the patch including the resolution of defects, security issues, or new behavior or functionality.\n\n* __unofficial__ = A patch which is not developed by the creators or maintainers of the software being patched. Refer to [https://en.wikipedia.org/wiki/Unofficial_patch](https://en.wikipedia.org/wiki/Unofficial_patch)\n* __monkey__ = A patch which dynamically modifies runtime behavior. Refer to [https://en.wikipedia.org/wiki/Monkey_patch](https://en.wikipedia.org/wiki/Monkey_patch)\n* __backport__ = A patch which takes code from a newer version of software and applies it to older versions of the same software. Refer to [https://en.wikipedia.org/wiki/Backporting](https://en.wikipedia.org/wiki/Backporting)\n* __cherry-pick__ = A patch created by selectively applying commits from other versions or branches of the same software." + }, + "diff": { + "title": "Diff", + "description": "The patch file (or diff) that show changes. Refer to [https://en.wikipedia.org/wiki/Diff](https://en.wikipedia.org/wiki/Diff)", + "$ref": "#/definitions/diff" + }, + "resolves": { + "type": "array", + "additionalItems": false, + "items": {"$ref": "#/definitions/issue"}, + "title": "Resolves", + "description": "A collection of issues the patch resolves" + } + } + }, + "diff": { + "type": "object", + "title": "Diff", + "description": "The patch file (or diff) that show changes. Refer to https://en.wikipedia.org/wiki/Diff", + "additionalProperties": false, + "properties": { + "text": { + "title": "Diff text", + "description": "Specifies the optional text of the diff", + "$ref": "#/definitions/attachment" + }, + "url": { + "type": "string", + "title": "URL", + "description": "Specifies the URL to the diff", + "format": "iri-reference" + } + } + }, + "issue": { + "type": "object", + "title": "Diff", + "description": "An individual issue that has been resolved.", + "required": [ + "type" + ], + "additionalProperties": false, + "properties": { + "type": { + "type": "string", + "enum": [ + "defect", + "enhancement", + "security" + ], + "title": "Type", + "description": "Specifies the type of issue" + }, + "id": { + "type": "string", + "title": "ID", + "description": "The identifier of the issue assigned by the source of the issue" + }, + "name": { + "type": "string", + "title": "Name", + "description": "The name of the issue" + }, + "description": { + "type": "string", + "title": "Description", + "description": "A description of the issue" + }, + "source": { + "type": "object", + "title": "Source", + "description": "The source of the issue where it is documented", + "additionalProperties": false, + "properties": { + "name": { + "type": "string", + "title": "Name", + "description": "The name of the source. For example 'National Vulnerability Database', 'NVD', and 'Apache'" + }, + "url": { + "type": "string", + "title": "URL", + "description": "The url of the issue documentation as provided by the source", + "format": "iri-reference" + } + } + }, + "references": { + "type": "array", + "items": { + "type": "string", + "format": "iri-reference" + }, + "title": "References", + "description": "A collection of URL's for reference. Multiple URLs are allowed.", + "examples": ["https://example.com"] + } + } + }, + "identifiableAction": { + "type": "object", + "title": "Identifiable Action", + "description": "Specifies an individual commit", + "additionalProperties": false, + "properties": { + "timestamp": { + "type": "string", + "format": "date-time", + "title": "Timestamp", + "description": "The timestamp in which the action occurred" + }, + "name": { + "type": "string", + "title": "Name", + "description": "The name of the individual who performed the action" + }, + "email": { + "type": "string", + "format": "idn-email", + "title": "E-mail", + "description": "The email address of the individual who performed the action" + } + } + }, + "externalReference": { + "type": "object", + "title": "External Reference", + "description": "External references provide a way to document systems, sites, and information that may be relevant, but are not included with the BOM. They may also establish specific relationships within or external to the BOM.", + "required": [ + "url", + "type" + ], + "additionalProperties": false, + "properties": { + "url": { + "type": "string", + "title": "URL", + "description": "The URI (URL or URN) to the external reference. External references are URIs and therefore can accept any URL scheme including https ([RFC-7230](https://www.ietf.org/rfc/rfc7230.txt)), mailto ([RFC-2368](https://www.ietf.org/rfc/rfc2368.txt)), tel ([RFC-3966](https://www.ietf.org/rfc/rfc3966.txt)), and dns ([RFC-4501](https://www.ietf.org/rfc/rfc4501.txt)). External references may also include formally registered URNs such as [CycloneDX BOM-Link](https://cyclonedx.org/capabilities/bomlink/) to reference CycloneDX BOMs or any object within a BOM. BOM-Link transforms applicable external references into relationships that can be expressed in a BOM or across BOMs.", + "format": "iri-reference" + }, + "comment": { + "type": "string", + "title": "Comment", + "description": "An optional comment describing the external reference" + }, + "type": { + "type": "string", + "title": "Type", + "description": "Specifies the type of external reference.\n\n* __vcs__ = Version Control System\n* __issue-tracker__ = Issue or defect tracking system, or an Application Lifecycle Management (ALM) system\n* __website__ = Website\n* __advisories__ = Security advisories\n* __bom__ = Bill of Materials (SBOM, OBOM, HBOM, SaaSBOM, etc)\n* __mailing-list__ = Mailing list or discussion group\n* __social__ = Social media account\n* __chat__ = Real-time chat platform\n* __documentation__ = Documentation, guides, or how-to instructions\n* __support__ = Community or commercial support\n* __distribution__ = Direct or repository download location\n* __license__ = The URL to the license file. If a license URL has been defined in the license node, it should also be defined as an external reference for completeness\n* __build-meta__ = Build-system specific meta file (i.e. pom.xml, package.json, .nuspec, etc)\n* __build-system__ = URL to an automated build system\n* __release-notes__ = URL to release notes\n* __other__ = Use this if no other types accurately describe the purpose of the external reference", + "enum": [ + "vcs", + "issue-tracker", + "website", + "advisories", + "bom", + "mailing-list", + "social", + "chat", + "documentation", + "support", + "distribution", + "license", + "build-meta", + "build-system", + "release-notes", + "security-contact", + "other" + ] + }, + "hashes": { + "type": "array", + "additionalItems": false, + "items": {"$ref": "#/definitions/hash"}, + "title": "Hashes", + "description": "The hashes of the external reference (if applicable)." + } + } + }, + "dependency": { + "type": "object", + "title": "Dependency", + "description": "Defines the direct dependencies of a component. Components that do not have their own dependencies MUST be declared as empty elements within the graph. Components that are not represented in the dependency graph MAY have unknown dependencies. It is RECOMMENDED that implementations assume this to be opaque and not an indicator of a component being dependency-free.", + "required": [ + "ref" + ], + "additionalProperties": false, + "properties": { + "ref": { + "$ref": "#/definitions/refType", + "title": "Reference", + "description": "References a component by the components bom-ref attribute" + }, + "dependsOn": { + "type": "array", + "uniqueItems": true, + "additionalItems": false, + "items": { + "$ref": "#/definitions/refType" + }, + "title": "Depends On", + "description": "The bom-ref identifiers of the components that are dependencies of this dependency object." + } + } + }, + "service": { + "type": "object", + "title": "Service Object", + "required": [ + "name" + ], + "additionalProperties": false, + "properties": { + "bom-ref": { + "$ref": "#/definitions/refType", + "title": "BOM Reference", + "description": "An optional identifier which can be used to reference the service elsewhere in the BOM. Every bom-ref MUST be unique within the BOM." + }, + "provider": { + "title": "Provider", + "description": "The organization that provides the service.", + "$ref": "#/definitions/organizationalEntity" + }, + "group": { + "type": "string", + "title": "Service Group", + "description": "The grouping name, namespace, or identifier. This will often be a shortened, single name of the company or project that produced the service or domain name. Whitespace and special characters should be avoided.", + "examples": ["com.acme"] + }, + "name": { + "type": "string", + "title": "Service Name", + "description": "The name of the service. This will often be a shortened, single name of the service.", + "examples": ["ticker-service"] + }, + "version": { + "type": "string", + "title": "Service Version", + "description": "The service version.", + "examples": ["1.0.0"] + }, + "description": { + "type": "string", + "title": "Service Description", + "description": "Specifies a description for the service" + }, + "endpoints": { + "type": "array", + "items": { + "type": "string", + "format": "iri-reference" + }, + "title": "Endpoints", + "description": "The endpoint URIs of the service. Multiple endpoints are allowed.", + "examples": ["https://example.com/api/v1/ticker"] + }, + "authenticated": { + "type": "boolean", + "title": "Authentication Required", + "description": "A boolean value indicating if the service requires authentication. A value of true indicates the service requires authentication prior to use. A value of false indicates the service does not require authentication." + }, + "x-trust-boundary": { + "type": "boolean", + "title": "Crosses Trust Boundary", + "description": "A boolean value indicating if use of the service crosses a trust zone or boundary. A value of true indicates that by using the service, a trust boundary is crossed. A value of false indicates that by using the service, a trust boundary is not crossed." + }, + "data": { + "type": "array", + "additionalItems": false, + "items": {"$ref": "#/definitions/dataClassification"}, + "title": "Data Classification", + "description": "Specifies the data classification." + }, + "licenses": { + "type": "array", + "additionalItems": false, + "items": {"$ref": "#/definitions/licenseChoice"}, + "title": "Component License(s)" + }, + "externalReferences": { + "type": "array", + "additionalItems": false, + "items": {"$ref": "#/definitions/externalReference"}, + "title": "External References", + "description": "External references provide a way to document systems, sites, and information that may be relevant, but are not included with the BOM. They may also establish specific relationships within or external to the BOM." + }, + "services": { + "type": "array", + "additionalItems": false, + "items": {"$ref": "#/definitions/service"}, + "uniqueItems": true, + "title": "Services", + "description": "A list of services included or deployed behind the parent service. This is not a dependency tree. It provides a way to specify a hierarchical representation of service assemblies." + }, + "releaseNotes": { + "$ref": "#/definitions/releaseNotes", + "title": "Release notes", + "description": "Specifies optional release notes." + }, + "properties": { + "type": "array", + "title": "Properties", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL.", + "additionalItems": false, + "items": {"$ref": "#/definitions/property"} + }, + "signature": { + "$ref": "#/definitions/signature", + "title": "Signature", + "description": "Enveloped signature in [JSON Signature Format (JSF)](https://cyberphone.github.io/doc/security/jsf.html)." + } + } + }, + "dataClassification": { + "type": "object", + "title": "Hash Objects", + "required": [ + "flow", + "classification" + ], + "additionalProperties": false, + "properties": { + "flow": { + "$ref": "#/definitions/dataFlow", + "title": "Directional Flow", + "description": "Specifies the flow direction of the data. Direction is relative to the service. Inbound flow states that data enters the service. Outbound flow states that data leaves the service. Bi-directional states that data flows both ways, and unknown states that the direction is not known." + }, + "classification": { + "type": "string", + "title": "Classification", + "description": "Data classification tags data according to its type, sensitivity, and value if altered, stolen, or destroyed." + } + } + }, + "dataFlow": { + "type": "string", + "enum": [ + "inbound", + "outbound", + "bi-directional", + "unknown" + ], + "title": "Data flow direction", + "description": "Specifies the flow direction of the data. Direction is relative to the service. Inbound flow states that data enters the service. Outbound flow states that data leaves the service. Bi-directional states that data flows both ways, and unknown states that the direction is not known." + }, + + "copyright": { + "type": "object", + "title": "Copyright", + "required": [ + "text" + ], + "additionalProperties": false, + "properties": { + "text": { + "type": "string", + "title": "Copyright Text" + } + } + }, + + "componentEvidence": { + "type": "object", + "title": "Evidence", + "description": "Provides the ability to document evidence collected through various forms of extraction or analysis.", + "additionalProperties": false, + "properties": { + "licenses": { + "type": "array", + "additionalItems": false, + "items": {"$ref": "#/definitions/licenseChoice"}, + "title": "Component License(s)" + }, + "copyright": { + "type": "array", + "additionalItems": false, + "items": {"$ref": "#/definitions/copyright"}, + "title": "Copyright" + } + } + }, + "compositions": { + "type": "object", + "title": "Compositions", + "required": [ + "aggregate" + ], + "additionalProperties": false, + "properties": { + "aggregate": { + "$ref": "#/definitions/aggregateType", + "title": "Aggregate", + "description": "Specifies an aggregate type that describe how complete a relationship is." + }, + "assemblies": { + "type": "array", + "uniqueItems": true, + "items": { + "type": "string" + }, + "title": "BOM references", + "description": "The bom-ref identifiers of the components or services being described. Assemblies refer to nested relationships whereby a constituent part may include other constituent parts. References do not cascade to child parts. References are explicit for the specified constituent part only." + }, + "dependencies": { + "type": "array", + "uniqueItems": true, + "items": { + "type": "string" + }, + "title": "BOM references", + "description": "The bom-ref identifiers of the components or services being described. Dependencies refer to a relationship whereby an independent constituent part requires another independent constituent part. References do not cascade to transitive dependencies. References are explicit for the specified dependency only." + }, + "signature": { + "$ref": "#/definitions/signature", + "title": "Signature", + "description": "Enveloped signature in [JSON Signature Format (JSF)](https://cyberphone.github.io/doc/security/jsf.html)." + } + } + }, + "aggregateType": { + "type": "string", + "default": "not_specified", + "enum": [ + "complete", + "incomplete", + "incomplete_first_party_only", + "incomplete_third_party_only", + "unknown", + "not_specified" + ] + }, + "property": { + "type": "object", + "title": "Lightweight name-value pair", + "properties": { + "name": { + "type": "string", + "title": "Name", + "description": "The name of the property. Duplicate names are allowed, each potentially having a different value." + }, + "value": { + "type": "string", + "title": "Value", + "description": "The value of the property." + } + } + }, + "localeType": { + "type": "string", + "pattern": "^([a-z]{2})(-[A-Z]{2})?$", + "title": "Locale", + "description": "Defines a syntax for representing two character language code (ISO-639) followed by an optional two character country code. The language code MUST be lower case. If the country code is specified, the country code MUST be upper case. The language code and country code MUST be separated by a minus sign. Examples: en, en-US, fr, fr-CA" + }, + "releaseType": { + "type": "string", + "examples": [ + "major", + "minor", + "patch", + "pre-release", + "internal" + ], + "description": "The software versioning type. It is RECOMMENDED that the release type use one of 'major', 'minor', 'patch', 'pre-release', or 'internal'. Representing all possible software release types is not practical, so standardizing on the recommended values, whenever possible, is strongly encouraged.\n\n* __major__ = A major release may contain significant changes or may introduce breaking changes.\n* __minor__ = A minor release, also known as an update, may contain a smaller number of changes than major releases.\n* __patch__ = Patch releases are typically unplanned and may resolve defects or important security issues.\n* __pre-release__ = A pre-release may include alpha, beta, or release candidates and typically have limited support. They provide the ability to preview a release prior to its general availability.\n* __internal__ = Internal releases are not for public consumption and are intended to be used exclusively by the project or manufacturer that produced it." + }, + "note": { + "type": "object", + "title": "Note", + "description": "A note containing the locale and content.", + "required": [ + "text" + ], + "additionalProperties": false, + "properties": { + "locale": { + "$ref": "#/definitions/localeType", + "title": "Locale", + "description": "The ISO-639 (or higher) language code and optional ISO-3166 (or higher) country code. Examples include: \"en\", \"en-US\", \"fr\" and \"fr-CA\"" + }, + "text": { + "title": "Release note content", + "description": "Specifies the full content of the release note.", + "$ref": "#/definitions/attachment" + } + } + }, + "releaseNotes": { + "type": "object", + "title": "Release notes", + "required": [ + "type" + ], + "additionalProperties": false, + "properties": { + "type": { + "$ref": "#/definitions/releaseType", + "title": "Type", + "description": "The software versioning type the release note describes." + }, + "title": { + "type": "string", + "title": "Title", + "description": "The title of the release." + }, + "featuredImage": { + "type": "string", + "format": "iri-reference", + "title": "Featured image", + "description": "The URL to an image that may be prominently displayed with the release note." + }, + "socialImage": { + "type": "string", + "format": "iri-reference", + "title": "Social image", + "description": "The URL to an image that may be used in messaging on social media platforms." + }, + "description": { + "type": "string", + "title": "Description", + "description": "A short description of the release." + }, + "timestamp": { + "type": "string", + "format": "date-time", + "title": "Timestamp", + "description": "The date and time (timestamp) when the release note was created." + }, + "aliases": { + "type": "array", + "items": { + "type": "string" + }, + "title": "Aliases", + "description": "One or more alternate names the release may be referred to. This may include unofficial terms used by development and marketing teams (e.g. code names)." + }, + "tags": { + "type": "array", + "items": { + "type": "string" + }, + "title": "Tags", + "description": "One or more tags that may aid in search or retrieval of the release note." + }, + "resolves": { + "type": "array", + "additionalItems": false, + "items": {"$ref": "#/definitions/issue"}, + "title": "Resolves", + "description": "A collection of issues that have been resolved." + }, + "notes": { + "type": "array", + "additionalItems": false, + "items": {"$ref": "#/definitions/note"}, + "title": "Notes", + "description": "Zero or more release notes containing the locale and content. Multiple note objects may be specified to support release notes in a wide variety of languages." + }, + "properties": { + "type": "array", + "title": "Properties", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL.", + "additionalItems": false, + "items": {"$ref": "#/definitions/property"} + } + } + }, + "advisory": { + "type": "object", + "title": "Advisory", + "description": "Title and location where advisory information can be obtained. An advisory is a notification of a threat to a component, service, or system.", + "required": ["url"], + "additionalProperties": false, + "properties": { + "title": { + "type": "string", + "title": "Title", + "description": "An optional name of the advisory." + }, + "url": { + "type": "string", + "title": "URL", + "format": "iri-reference", + "description": "Location where the advisory can be obtained." + } + } + }, + "cwe": { + "type": "integer", + "minimum": 1, + "title": "CWE", + "description": "Integer representation of a Common Weaknesses Enumerations (CWE). For example 399 (of https://cwe.mitre.org/data/definitions/399.html)" + }, + "severity": { + "type": "string", + "title": "Severity", + "description": "Textual representation of the severity of the vulnerability adopted by the analysis method. If the analysis method uses values other than what is provided, the user is expected to translate appropriately.", + "enum": [ + "critical", + "high", + "medium", + "low", + "info", + "none", + "unknown" + ] + }, + "scoreMethod": { + "type": "string", + "title": "Method", + "description": "Specifies the severity or risk scoring methodology or standard used.\n\n* CVSSv2 - [Common Vulnerability Scoring System v2](https://www.first.org/cvss/v2/)\n* CVSSv3 - [Common Vulnerability Scoring System v3](https://www.first.org/cvss/v3-0/)\n* CVSSv31 - [Common Vulnerability Scoring System v3.1](https://www.first.org/cvss/v3-1/)\n* OWASP - [OWASP Risk Rating Methodology](https://owasp.org/www-community/OWASP_Risk_Rating_Methodology)", + "enum": [ + "CVSSv2", + "CVSSv3", + "CVSSv31", + "OWASP", + "other" + ] + }, + "impactAnalysisState": { + "type": "string", + "title": "Impact Analysis State", + "description": "Declares the current state of an occurrence of a vulnerability, after automated or manual analysis. \n\n* __resolved__ = the vulnerability has been remediated. \n* __resolved\\_with\\_pedigree__ = the vulnerability has been remediated and evidence of the changes are provided in the affected components pedigree containing verifiable commit history and/or diff(s). \n* __exploitable__ = the vulnerability may be directly or indirectly exploitable. \n* __in\\_triage__ = the vulnerability is being investigated. \n* __false\\_positive__ = the vulnerability is not specific to the component or service and was falsely identified or associated. \n* __not\\_affected__ = the component or service is not affected by the vulnerability. Justification should be specified for all not_affected cases.", + "enum": [ + "resolved", + "resolved_with_pedigree", + "exploitable", + "in_triage", + "false_positive", + "not_affected" + ] + }, + "impactAnalysisJustification": { + "type": "string", + "title": "Impact Analysis Justification", + "description": "The rationale of why the impact analysis state was asserted. \n\n* __code\\_not\\_present__ = the code has been removed or tree-shaked. \n* __code\\_not\\_reachable__ = the vulnerable code is not invoked at runtime. \n* __requires\\_configuration__ = exploitability requires a configurable option to be set/unset. \n* __requires\\_dependency__ = exploitability requires a dependency that is not present. \n* __requires\\_environment__ = exploitability requires a certain environment which is not present. \n* __protected\\_by\\_compiler__ = exploitability requires a compiler flag to be set/unset. \n* __protected\\_at\\_runtime__ = exploits are prevented at runtime. \n* __protected\\_at\\_perimeter__ = attacks are blocked at physical, logical, or network perimeter. \n* __protected\\_by\\_mitigating\\_control__ = preventative measures have been implemented that reduce the likelihood and/or impact of the vulnerability.", + "enum": [ + "code_not_present", + "code_not_reachable", + "requires_configuration", + "requires_dependency", + "requires_environment", + "protected_by_compiler", + "protected_at_runtime", + "protected_at_perimeter", + "protected_by_mitigating_control" + ] + }, + "rating": { + "type": "object", + "title": "Rating", + "description": "Defines the severity or risk ratings of a vulnerability.", + "additionalProperties": false, + "properties": { + "source": { + "$ref": "#/definitions/vulnerabilitySource", + "description": "The source that calculated the severity or risk rating of the vulnerability." + }, + "score": { + "type": "number", + "title": "Score", + "description": "The numerical score of the rating." + }, + "severity": { + "$ref": "#/definitions/severity", + "description": "Textual representation of the severity that corresponds to the numerical score of the rating." + }, + "method": { + "$ref": "#/definitions/scoreMethod" + }, + "vector": { + "type": "string", + "title": "Vector", + "description": "Textual representation of the metric values used to score the vulnerability" + }, + "justification": { + "type": "string", + "title": "Justification", + "description": "An optional reason for rating the vulnerability as it was" + } + } + }, + "vulnerabilitySource": { + "type": "object", + "title": "Source", + "description": "The source of vulnerability information. This is often the organization that published the vulnerability.", + "additionalProperties": false, + "properties": { + "url": { + "type": "string", + "title": "URL", + "description": "The url of the vulnerability documentation as provided by the source.", + "examples": [ + "https://nvd.nist.gov/vuln/detail/CVE-2021-39182" + ] + }, + "name": { + "type": "string", + "title": "Name", + "description": "The name of the source.", + "examples": [ + "NVD", + "National Vulnerability Database", + "OSS Index", + "VulnDB", + "GitHub Advisories" + ] + } + } + }, + "vulnerability": { + "type": "object", + "title": "Vulnerability", + "description": "Defines a weakness in an component or service that could be exploited or triggered by a threat source.", + "additionalProperties": false, + "properties": { + "bom-ref": { + "$ref": "#/definitions/refType", + "title": "BOM Reference", + "description": "An optional identifier which can be used to reference the vulnerability elsewhere in the BOM. Every bom-ref MUST be unique within the BOM." + }, + "id": { + "type": "string", + "title": "ID", + "description": "The identifier that uniquely identifies the vulnerability.", + "examples": [ + "CVE-2021-39182", + "GHSA-35m5-8cvj-8783", + "SNYK-PYTHON-ENROCRYPT-1912876" + ] + }, + "source": { + "$ref": "#/definitions/vulnerabilitySource", + "description": "The source that published the vulnerability." + }, + "references": { + "type": "array", + "title": "References", + "description": "Zero or more pointers to vulnerabilities that are the equivalent of the vulnerability specified. Often times, the same vulnerability may exist in multiple sources of vulnerability intelligence, but have different identifiers. References provide a way to correlate vulnerabilities across multiple sources of vulnerability intelligence.", + "additionalItems": false, + "items": { + "required": [ + "id", + "source" + ], + "additionalProperties": false, + "properties": { + "id": { + "type": "string", + "title": "ID", + "description": "An identifier that uniquely identifies the vulnerability.", + "examples": [ + "CVE-2021-39182", + "GHSA-35m5-8cvj-8783", + "SNYK-PYTHON-ENROCRYPT-1912876" + ] + }, + "source": { + "$ref": "#/definitions/vulnerabilitySource", + "description": "The source that published the vulnerability." + } + } + } + }, + "ratings": { + "type": "array", + "title": "Ratings", + "description": "List of vulnerability ratings", + "additionalItems": false, + "items": { + "$ref": "#/definitions/rating" + } + }, + "cwes": { + "type": "array", + "title": "CWEs", + "description": "List of Common Weaknesses Enumerations (CWEs) codes that describes this vulnerability. For example 399 (of https://cwe.mitre.org/data/definitions/399.html)", + "examples": [399], + "additionalItems": false, + "items": { + "$ref": "#/definitions/cwe" + } + }, + "description": { + "type": "string", + "title": "Description", + "description": "A description of the vulnerability as provided by the source." + }, + "detail": { + "type": "string", + "title": "Details", + "description": "If available, an in-depth description of the vulnerability as provided by the source organization. Details often include examples, proof-of-concepts, and other information useful in understanding root cause." + }, + "recommendation": { + "type": "string", + "title": "Details", + "description": "Recommendations of how the vulnerability can be remediated or mitigated." + }, + "advisories": { + "type": "array", + "title": "Advisories", + "description": "Published advisories of the vulnerability if provided.", + "additionalItems": false, + "items": { + "$ref": "#/definitions/advisory" + } + }, + "created": { + "type": "string", + "format": "date-time", + "title": "Created", + "description": "The date and time (timestamp) when the vulnerability record was created in the vulnerability database." + }, + "published": { + "type": "string", + "format": "date-time", + "title": "Published", + "description": "The date and time (timestamp) when the vulnerability record was first published." + }, + "updated": { + "type": "string", + "format": "date-time", + "title": "Updated", + "description": "The date and time (timestamp) when the vulnerability record was last updated." + }, + "rejected": { + "type": "string", + "format": "date-time", + "title": "Rejected", + "description": "The date and time (timestamp) when the vulnerability record was rejected (if applicable)." + }, + "credits": { + "type": "object", + "title": "Credits", + "description": "Individuals or organizations credited with the discovery of the vulnerability.", + "additionalProperties": false, + "properties": { + "organizations": { + "type": "array", + "title": "Organizations", + "description": "The organizations credited with vulnerability discovery.", + "additionalItems": false, + "items": { + "$ref": "#/definitions/organizationalEntity" + } + }, + "individuals": { + "type": "array", + "title": "Individuals", + "description": "The individuals, not associated with organizations, that are credited with vulnerability discovery.", + "additionalItems": false, + "items": { + "$ref": "#/definitions/organizationalContact" + } + } + } + }, + "tools": { + "type": "array", + "title": "Creation Tools", + "description": "The tool(s) used to identify, confirm, or score the vulnerability.", + "additionalItems": false, + "items": {"$ref": "#/definitions/tool"} + }, + "analysis": { + "type": "object", + "title": "Impact Analysis", + "description": "An assessment of the impact and exploitability of the vulnerability.", + "additionalProperties": false, + "properties": { + "state": { + "$ref": "#/definitions/impactAnalysisState" + }, + "justification": { + "$ref": "#/definitions/impactAnalysisJustification" + }, + "response": { + "type": "array", + "title": "Response", + "description": "A response to the vulnerability by the manufacturer, supplier, or project responsible for the affected component or service. More than one response is allowed. Responses are strongly encouraged for vulnerabilities where the analysis state is exploitable.", + "additionalItems": false, + "items": { + "type": "string", + "enum": [ + "can_not_fix", + "will_not_fix", + "update", + "rollback", + "workaround_available" + ] + } + }, + "detail": { + "type": "string", + "title": "Detail", + "description": "Detailed description of the impact including methods used during assessment. If a vulnerability is not exploitable, this field should include specific details on why the component or service is not impacted by this vulnerability." + }, + "firstIssued": { + "type": "string", + "format": "date-time", + "title": "First Issued", + "description": "The date and time (timestamp) when the analysis was first issued." + }, + "lastUpdated": { + "type": "string", + "format": "date-time", + "title": "Last Updated", + "description": "The date and time (timestamp) when the analysis was last updated." + } + } + }, + "affects": { + "type": "array", + "uniqueItems": true, + "additionalItems": false, + "items": { + "required": [ + "ref" + ], + "additionalProperties": false, + "properties": { + "ref": { + "$ref": "#/definitions/refType", + "title": "Reference", + "description": "References a component or service by the objects bom-ref" + }, + "versions": { + "type": "array", + "title": "Versions", + "description": "Zero or more individual versions or range of versions.", + "additionalItems": false, + "items": { + "oneOf": [ + { + "required": ["version"] + }, + { + "required": ["range"] + } + ], + "additionalProperties": false, + "properties": { + "version": { + "description": "A single version of a component or service.", + "$ref": "#/definitions/version" + }, + "range": { + "description": "A version range specified in Package URL Version Range syntax (vers) which is defined at https://github.com/package-url/purl-spec/VERSION-RANGE-SPEC.rst", + "$ref": "#/definitions/version" + }, + "status": { + "description": "The vulnerability status for the version or range of versions.", + "$ref": "#/definitions/affectedStatus", + "default": "affected" + } + } + } + } + } + }, + "title": "Affects", + "description": "The components or services that are affected by the vulnerability." + }, + "properties": { + "type": "array", + "title": "Properties", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL.", + "additionalItems": false, + "items": { + "$ref": "#/definitions/property" + } + } + } + }, + "affectedStatus": { + "description": "The vulnerability status of a given version or range of versions of a product. The statuses 'affected' and 'unaffected' indicate that the version is affected or unaffected by the vulnerability. The status 'unknown' indicates that it is unknown or unspecified whether the given version is affected. There can be many reasons for an 'unknown' status, including that an investigation has not been undertaken or that a vendor has not disclosed the status.", + "type": "string", + "enum": [ + "affected", + "unaffected", + "unknown" + ] + }, + "version": { + "description": "A single version of a component or service.", + "type": "string", + "minLength": 1, + "maxLength": 1024 + }, + "range": { + "description": "A version range specified in Package URL Version Range syntax (vers) which is defined at https://github.com/package-url/purl-spec/VERSION-RANGE-SPEC.rst", + "type": "string", + "minLength": 1, + "maxLength": 1024 + }, + "annotations": { + "type": "object", + "title": "Annotations", + "description": "A comment, note, explanation, or similar textual content which provides additional context to the object(s) being annotated.", + "required": [ + "subjects", + "annotator", + "timestamp", + "text" + ], + "additionalProperties": false, + "properties": { + "bom-ref": { + "$ref": "#/definitions/refType", + "title": "BOM Reference", + "description": "An optional identifier which can be used to reference the annotation elsewhere in the BOM. Every bom-ref MUST be unique within the BOM." + }, + "subjects": { + "type": "array", + "uniqueItems": true, + "additionalItems": false, + "items": { + "$ref": "#/definitions/refType" + }, + "title": "BOM References", + "description": "The object in the BOM identified by its bom-ref. This is often a component or service, but may be any object type supporting bom-refs." + }, + "annotator": { + "type": "object", + "title": "Annotator", + "description": "The organization, person, component, or service which created the textual content of the annotation.", + "oneOf": [ + { + "required": [ + "organization" + ] + }, + { + "required": [ + "individual" + ] + }, + { + "required": [ + "component" + ] + }, + { + "required": [ + "service" + ] + } + ], + "additionalProperties": false, + "properties": { + "organization": { + "description": "The organization that created the annotation", + "$ref": "#/definitions/organizationalEntity" + }, + "individual": { + "description": "The person that created the annotation", + "$ref": "#/definitions/organizationalContact" + }, + "component": { + "description": "The tool or component that created the annotation", + "$ref": "#/definitions/component" + }, + "service": { + "description": "The service that created the annotation", + "$ref": "#/definitions/service" + } + } + }, + "timestamp": { + "type": "string", + "format": "date-time", + "title": "Timestamp", + "description": "The date and time (timestamp) when the annotation was created." + }, + "text": { + "type": "string", + "title": "Text", + "description": "The textual content of the annotation." + }, + "signature": { + "$ref": "#/definitions/signature", + "title": "Signature", + "description": "Enveloped signature in [JSON Signature Format (JSF)](https://cyberphone.github.io/doc/security/jsf.html)." + } + } + }, + "signature": { + "$ref": "jsf-0.82.schema.json#/definitions/signature", + "title": "Signature", + "description": "Enveloped signature in [JSON Signature Format (JSF)](https://cyberphone.github.io/doc/security/jsf.html)." + } + } +} \ No newline at end of file diff --git a/src/main/resources/bom-1.5.xsd b/src/main/resources/bom-1.5.xsd new file mode 100644 index 000000000..c1e221eb9 --- /dev/null +++ b/src/main/resources/bom-1.5.xsd @@ -0,0 +1,2805 @@ + + + + + + + + + CycloneDX Software Bill of Materials Standard + https://cyclonedx.org/ + Apache License, Version 2.0 + + + + + + Identifier-DataType for interlinked elements. + + + + + + + + + The date and time (timestamp) when the BOM was created. + + + + + The tool(s) used in the creation of the BOM. + + + + + + + + + + The person(s) who created the BOM. Authors are common in BOMs created through + manual processes. BOMs created through automated means may not have authors. + + + + + + + + + + The component that the BOM describes. + + + + + The organization that manufactured the component that the BOM describes. + + + + + The organization that supplied the component that the BOM describes. The + supplier may often be the manufacturer, but may also be a distributor or repackager. + + + + + + Provides the ability to document properties in a key/value store. + This provides flexibility to include data not officially supported in the standard + without having to use additional namespaces or create extensions. Property names + of interest to the general public are encouraged to be registered in the + CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. + Formal registration is OPTIONAL. + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + The name of the organization + + + + + The URL of the organization. Multiple URLs are allowed. + + + + + A contact person at the organization. Multiple contacts are allowed. + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + Information about the automated or manual tool used + + + + + The name of the vendor who created the tool + + + + + The name of the tool + + + + + The version of the tool + + + + + + + + + + + + Provides the ability to document external references related to the tool. + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + The name of the contact + + + + + The email address of the contact. + + + + + The phone number of the contact. + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + The organization that supplied the component. The supplier may often + be the manufacturer, but may also be a distributor or repackager. + + + + + The person(s) or organization(s) that authored the component + + + + + The person(s) or organization(s) that published the component + + + + + The grouping name or identifier. This will often be a shortened, single + name of the company or project that produced the component, or the source package or + domain name. Whitespace and special characters should be avoided. Examples include: + apache, org.apache.commons, and apache.org. + + + + + The name of the component. This will often be a shortened, single name + of the component. Examples: commons-lang3 and jquery + + + + + The component version. The version should ideally comply with semantic versioning + but is not enforced. + + + + + Specifies a description for the component + + + + + Specifies the scope of the component. If scope is not specified, 'required' + scope SHOULD be assumed by the consumer of the BOM. + + + + + + + + + + + + + A copyright notice informing users of the underlying claims to + copyright ownership in a published work. + + + + + + Specifies a well-formed CPE name that conforms to the CPE 2.2 or 2.3 specification. See https://nvd.nist.gov/products/cpe + + + + + + + Specifies the package-url (purl). The purl, if specified, MUST be valid and conform + to the specification defined at: https://github.com/package-url/purl-spec + + + + + + + Specifies metadata and content for ISO-IEC 19770-2 Software Identification (SWID) Tags. + + + + + + + DEPRECATED - DO NOT USE. This will be removed in a future version. Use the pedigree + element instead to supply information on exactly how the component was modified. + A boolean value indicating if the component has been modified from the original. + A value of true indicates the component is a derivative of the original. + A value of false indicates the component has not been modified from the original. + + + + + + + Component pedigree is a way to document complex supply chain scenarios where components are + created, distributed, modified, redistributed, combined with other components, etc. + + + + + + Provides the ability to document external references related to the + component or to the project the component describes. + + + + + Provides the ability to document properties in a key/value store. + This provides flexibility to include data not officially supported in the standard + without having to use additional namespaces or create extensions. Property names + of interest to the general public are encouraged to be registered in the + CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. + Formal registration is OPTIONAL. + + + + + + A list of software and hardware components included in the parent component. This is not a + dependency tree. It provides a way to specify a hierarchical representation of component + assemblies, similar to system -> subsystem -> parts assembly in physical supply chains. + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + + Provides the ability to document evidence collected through various forms of extraction or analysis. + + + + + Specifies optional release notes. + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + Specifies the type of component. For software components, classify as application if no more + specific appropriate classification is available or cannot be determined for the component. + + + + + + + The OPTIONAL mime-type of the component. When used on file components, the mime-type + can provide additional context about the kind of file being represented such as an image, + font, or executable. Some library or framework components may also have an associated mime-type. + + + + + + + An optional identifier which can be used to reference the component elsewhere in the BOM. + Uniqueness is enforced within all elements and children of the root-level bom element. + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + + A valid SPDX license ID + + + + + If SPDX does not define the license used, this field may be used to provide the license name + + + + + + Specifies the optional full text of the attachment + + + + + The URL to the attachment file. If the attachment is a license or BOM, + an externalReference should also be specified for completeness. + + + + + Licensing details describing the licensor/licensee, license type, renewal and + expiration dates, and other important metadata + + + + + + License identifiers that may be used to manage licenses and + their lifecycle + + + + + + + + + + The individual or organization that grants a license to another + individual or organization + + + + + + + The organization that granted the license + + + + + The individual, not associated with an organization, + that granted the license + + + + + + + + + The individual or organization for which a license was granted to + + + + + + + The organization that was granted the license + + + + + The individual, not associated with an organization, + that was granted the license + + + + + + + + + The individual or organization that purchased the license + + + + + + + The organization that purchased the license + + + + + The individual, not associated with an organization, + that purchased the license + + + + + + + + + The purchase order identifier the purchaser sent to a supplier or + vendor to authorize a purchase + + + + + The type of license(s) that was granted to the licensee + + + + + + + + + + The timestamp indicating when the license was last + renewed. For new purchases, this is often the purchase or acquisition date. + For non-perpetual licenses or subscriptions, this is the timestamp of when the + license was last renewed. + + + + + The timestamp indicating when the current license + expires (if applicable). + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + + Provides the ability to document properties in a name/value store. + This provides flexibility to include data not officially supported in the standard + without having to use additional namespaces or create extensions. Property names + of interest to the general public are encouraged to be registered in the + CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. + Formal registration is OPTIONAL. + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + An optional identifier which can be used to reference the license elsewhere in the BOM. + Uniqueness is enforced within all elements and children of the root-level bom element. + + + + + + + + + + The attachment data. Proactive controls such as input validation and sanitization should be employed to prevent misuse of attachment text. + + + + Specifies the content type of the text. Defaults to text/plain + if not specified. + + + + + + Specifies the optional encoding the text is represented in + + + + + + + + + + Specifies the file hash of the component + + + + + + Specifies the algorithm used to create the hash + + + + + + + + + + + The component is required for runtime + + + + + The component is optional at runtime. Optional components are components that + are not capable of being called due to them not be installed or otherwise accessible by any means. + Components that are installed but due to configuration or other restrictions are prohibited from + being called must be scoped as 'required'. + + + + + Components that are excluded provide the ability to document component usage + for test and other non-runtime purposes. Excluded components are not reachable within a call + graph at runtime. + + + + + + + + + + A software application. Refer to https://en.wikipedia.org/wiki/Application_software + for information about applications. + + + + + A software framework. Refer to https://en.wikipedia.org/wiki/Software_framework + for information on how frameworks vary slightly from libraries. + + + + + A software library. Refer to https://en.wikipedia.org/wiki/Library_(computing) + for information about libraries. All third-party and open source reusable components will likely + be a library. If the library also has key features of a framework, then it should be classified + as a framework. If not, or is unknown, then specifying library is recommended. + + + + + A packaging and/or runtime format, not specific to any particular technology, + which isolates software inside the container from software outside of a container through + virtualization technology. Refer to https://en.wikipedia.org/wiki/OS-level_virtualization + + + + + A software operating system without regard to deployment model + (i.e. installed on physical hardware, virtual machine, image, etc) Refer to + https://en.wikipedia.org/wiki/Operating_system + + + + + A hardware device such as a processor, or chip-set. A hardware device + containing firmware SHOULD include a component for the physical hardware itself, and another + component of type 'firmware' or 'operating-system' (whichever is relevant), describing + information about the software running on the device. + + + + + A special type of software that provides low-level control over a devices + hardware. Refer to https://en.wikipedia.org/wiki/Firmware + + + + + A computer file. Refer to https://en.wikipedia.org/wiki/Computer_file + for information about files. + + + + + + + + + + + + + + + + + + + + + + + + + A license that grants use of software solely for the purpose + of education or research. + + + + + A license covering use of software embedded in a specific + piece of hardware. + + + + + A Client Access License (CAL) allows client computers to access + services provided by server software. + + + + + A Concurrent User license (aka floating license) limits the + number of licenses for a software application and licenses are shared among + a larger number of users. + + + + + A license where the core of a computer's processor is assigned + a specific number of points. + + + + + A license for which consumption is measured by non-standard + metrics. + + + + + A license which covers a defined number of installations on + computers and other types of devices. + + + + + A license which grants permission to install and use software + for trial purposes. + + + + + A license that grants access to the software to one or more + pre-defined users. + + + + + A license that grants access to the software on one or more + pre-defined computers or devices. + + + + + An Original Equipment Manufacturer license that is delivered + with hardware, cannot be transferred to other hardware, and is valid for the + life of the hardware. + + + + + A license where the software is sold on a one-time basis and + the licensee can use a copy of the software indefinitely. + + + + + A license where each installation consumes points per + processor. + + + + + A license where the licensee pays a fee to use the software + or service. + + + + + A license that grants access to the software or service by a + specified number of users. + + + + + Another license type. + + + + + + + + + + + + + + + + + + + + + + + + + + + Define the format for acceptable CPE URIs. Supports CPE 2.2 and CPE 2.3 formats. + Refer to https://nvd.nist.gov/products/cpe for official specification. + + + + + + + + + + + + Specifies the full content of the SWID tag. + + + + + The URL to the SWID file. + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + Maps to the tagId of a SoftwareIdentity. + + + + + Maps to the name of a SoftwareIdentity. + + + + + Maps to the version of a SoftwareIdentity. + + + + + Maps to the tagVersion of a SoftwareIdentity. + + + + + Maps to the patch of a SoftwareIdentity. + + + + + + + + Defines a string representation of a UUID conforming to RFC 4122. + + + + + + + + + + + + Version Control System + + + + + Issue or defect tracking system, or an Application Lifecycle Management (ALM) system + + + + + Website + + + + + Security advisories + + + + + Bill-of-materials (SBOM, OBOM, HBOM, SaaSBOM, etc) + + + + + Mailing list or discussion group + + + + + Social media account + + + + + Real-time chat platform + + + + + Documentation, guides, or how-to instructions + + + + + Community or commercial support + + + + + Direct or repository download location + + + + + The URL to the license file. If a license URL has been defined in the license + node, it should also be defined as an external reference for completeness + + + + + Build-system specific meta file (i.e. pom.xml, package.json, .nuspec, etc) + + + + + URL to an automated build system + + + + + URL to release notes + + + + + Specifies a way to contact the maintainer, supplier, or provider in the event of a security incident. Common URIs include links to a disclosure procedure, a mailto (RFC-2368) that specifies an email address, a tel (RFC-3966) that specifies a phone number, or dns (RFC-4501]) that specifies the records containing DNS Security TXT. + + + + + Use this if no other types accurately describe the purpose of the external reference + + + + + + + + + External references provide a way to document systems, sites, and information that may be + relevant, but are not included with the BOM. They may also establish specific relationships + within or external to the BOM. + + + + + + Zero or more external references can be defined + + + + + + + + + The URI (URL or URN) to the external reference. External references + are URIs and therefore can accept any URL scheme including https, mailto, tel, and dns. + External references may also include formally registered URNs such as CycloneDX BOM-Link to + reference CycloneDX BOMs or any object within a BOM. BOM-Link transforms applicable external + references into relationships that can be expressed in a BOM or across BOMs. Refer to: + https://cyclonedx.org/capabilities/bomlink/ + + + + + + An optional comment describing the external reference + + + + + + + + + + + + + Specifies the type of external reference. There are built-in types to describe common + references. If a type does not exist for the reference being referred to, use the "other" type. + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + Zero or more commits can be specified. + + + + + Specifies an individual commit. + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + + + + A unique identifier of the commit. This may be version control + specific. For example, Subversion uses revision numbers whereas git uses commit hashes. + + + + + + The URL to the commit. This URL will typically point to a commit + in a version control system. + + + + + + The author who created the changes in the commit + + + + + The person who committed or pushed the commit + + + + + The text description of the contents of the commit + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + + Zero or more patches can be specified. + + + + + Specifies an individual patch. + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + + + + The patch file (or diff) that show changes. + Refer to https://en.wikipedia.org/wiki/Diff + + + + + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + Specifies the purpose for the patch including the resolution of defects, + security issues, or new behavior or functionality + + + + + + + + + A patch which is not developed by the creators or maintainers of the software + being patched. Refer to https://en.wikipedia.org/wiki/Unofficial_patch + + + + + A patch which dynamically modifies runtime behavior. + Refer to https://en.wikipedia.org/wiki/Monkey_patch + + + + + A patch which takes code from a newer version of software and applies + it to older versions of the same software. Refer to https://en.wikipedia.org/wiki/Backporting + + + + + A patch created by selectively applying commits from other versions or + branches of the same software. + + + + + + + + + + A fault, flaw, or bug in software + + + + + A new feature or behavior in software + + + + + A special type of defect which impacts security + + + + + + + + + + Specifies the optional text of the diff + + + + + Specifies the URL to the diff + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + + + An individual issue that has been resolved. + + + + + + The identifier of the issue assigned by the source of the issue + + + + + The name of the issue + + + + + A description of the issue + + + + + + + The source of the issue where it is documented. + + + + + + + The name of the source. For example "National Vulnerability Database", + "NVD", and "Apache" + + + + + + + The url of the issue documentation as provided by the source + + + + + + + + + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + Specifies the type of issue + + + + + + + + + The timestamp in which the action occurred + + + + + The name of the individual who performed the action + + + + + The email address of the individual who performed the action + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + + + Component pedigree is a way to document complex supply chain scenarios where components are created, + distributed, modified, redistributed, combined with other components, etc. Pedigree supports viewing + this complex chain from the beginning, the end, or anywhere in the middle. It also provides a way to + document variants where the exact relation may not be known. + + + + + + Describes zero or more components in which a component is derived + from. This is commonly used to describe forks from existing projects where the forked version + contains a ancestor node containing the original component it was forked from. For example, + Component A is the original component. Component B is the component being used and documented + in the BOM. However, Component B contains a pedigree node with a single ancestor documenting + Component A - the original component from which Component B is derived from. + + + + + + Descendants are the exact opposite of ancestors. This provides a + way to document all forks (and their forks) of an original or root component. + + + + + + Variants describe relations where the relationship between the + components are not known. For example, if Component A contains nearly identical code to + Component B. They are both related, but it is unclear if one is derived from the other, + or if they share a common ancestor. + + + + + + A list of zero or more commits which provide a trail describing + how the component deviates from an ancestor, descendant, or variant. + + + + + A list of zero or more patches describing how the component + deviates from an ancestor, descendant, or variant. Patches may be complimentary to commits + or may be used in place of commits. + + + + + Notes, observations, and other non-structured commentary + describing the components pedigree. + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + + + + + + References a component or service by the its bom-ref attribute + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + Components that do not have their own dependencies MUST be declared as empty + elements within the graph. Components that are not represented in the dependency graph MAY + have unknown dependencies. It is RECOMMENDED that implementations assume this to be opaque + and not an indicator of a component being dependency-free. + + + + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + The organization that provides the service. + + + + + The grouping name, namespace, or identifier. This will often be a shortened, + single name of the company or project that produced the service or domain name. + Whitespace and special characters should be avoided. + + + + + The name of the service. This will often be a shortened, single name + of the service. + + + + + The service version. + + + + + Specifies a description for the service. + + + + + + + + A service endpoint URI. + + + + + + + + A boolean value indicating if the service requires authentication. + A value of true indicates the service requires authentication prior to use. + A value of false indicates the service does not require authentication. + + + + + A boolean value indicating if use of the service crosses a trust zone or boundary. + A value of true indicates that by using the service, a trust boundary is crossed. + A value of false indicates that by using the service, a trust boundary is not crossed. + + + + + + + + Specifies the data classification. + + + + + + + + + Provides the ability to document external references related to the service. + + + + + Provides the ability to document properties in a key/value store. + This provides flexibility to include data not officially supported in the standard + without having to use additional namespaces or create extensions. Property names + of interest to the general public are encouraged to be registered in the + CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. + Formal registration is OPTIONAL. + + + + + + A list of services included or deployed behind the parent service. This is not a dependency + tree. It provides a way to specify a hierarchical representation of service assemblies. + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + + Specifies optional release notes. + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + An optional identifier which can be used to reference the service elsewhere in the BOM. + Uniqueness is enforced within all elements and children of the root-level bom element. + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + Specifies the data classification. + + + + + + Specifies the flow direction of the data. + + + + + + + + + Specifies the flow direction of the data. Valid values are: + inbound, outbound, bi-directional, and unknown. Direction is relative to the service. + Inbound flow states that data enters the service. Outbound flow states that data + leaves the service. Bi-directional states that data flows both ways, and unknown + states that the direction is not known. + + + + + + + + + + + + + + + A valid SPDX license expression. + Refer to https://spdx.org/specifications for syntax requirements + + + + + + + + + + + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + Specifies an aggregate type that describe how complete a relationship is. + + + + + + The bom-ref identifiers of the components or services being described. Assemblies refer to + nested relationships whereby a constituent part may include other constituent parts. References + do not cascade to child parts. References are explicit for the specified constituent part only. + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + + + The bom-ref identifiers of the components or services being described. Dependencies refer to a + relationship whereby an independent constituent part requires another independent constituent + part. References do not cascade to transitive dependencies. References are explicit for the + specified dependency only. + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + + + + + + + The relationship is complete. No further relationships including constituent components, services, or dependencies exist. + + + + + The relationship is incomplete. Additional relationships exist and may include constituent components, services, or dependencies. + + + + + The relationship is incomplete. Only relationships for first-party components, services, or their dependencies are represented. + + + + + The relationship is incomplete. Only relationships for third-party components, services, or their dependencies are represented. + + + + + The relationship may be complete or incomplete. This usually signifies a 'best-effort' to obtain constituent components, services, or dependencies but the completeness is inconclusive. + + + + + The relationship completeness is not specified. + + + + + + + + + Defines a syntax for representing two character language code (ISO-639) followed by an optional two + character country code. The language code MUST be lower case. If the country code is specified, the + country code MUST be upper case. The language code and country code MUST be separated by a minus sign. + Examples: en, en-US, fr, fr-CA + + + + + + + + + + + + The software versioning type. It is RECOMMENDED that the release type use one + of 'major', 'minor', 'patch', 'pre-release', or 'internal'. Representing all possible software + release types is not practical, so standardizing on the recommended values, whenever possible, + is strongly encouraged. + * major = A major release may contain significant changes or may introduce breaking changes. + * minor = A minor release, also known as an update, may contain a smaller number of changes than major releases. + * patch = Patch releases are typically unplanned and may resolve defects or important security issues. + * pre-release = A pre-release may include alpha, beta, or release candidates and typically have + limited support. They provide the ability to preview a release prior to its general availability. + * internal = Internal releases are not for public consumption and are intended to be used exclusively + by the project or manufacturer that produced it. + + + + + + The title of the release. + + + + + The URL to an image that may be prominently displayed with the release note. + + + + + The URL to an image that may be used in messaging on social media platforms. + + + + + A short description of the release. + + + + + The date and time (timestamp) when the release note was created. + + + + + + + + One or more alternate names the release may be referred to. This may + include unofficial terms used by development and marketing teams (e.g. code names). + + + + + + + + + + + One or more tags that may aid in search or retrieval of the release note. + + + + + + + + A collection of issues that have been resolved. + + + + + + + + + + + + + Zero or more release notes containing the locale and content. Multiple + note elements may be specified to support release notes in a wide variety of languages. + + + + + + The ISO-639 (or higher) language code and optional ISO-3166 + (or higher) country code. Examples include: "en", "en-US", "fr" and "fr-CA". + + + + + Specifies the full content of the release note. + + + + + + + + + + + Provides the ability to document properties in a key/value store. + This provides flexibility to include data not officially supported in the standard + without having to use additional namespaces or create extensions. Property names + of interest to the general public are encouraged to be registered in the + CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. + Formal registration is OPTIONAL. + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + References a component or service by the its bom-ref attribute + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + Specifies an individual property with a name and value. + + + + + + The name of the property. Duplicate names are allowed, each potentially having a different value. + + + + + + + + + + + Defines a weakness in an component or service that could be exploited or triggered by a threat source. + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + The identifier that uniquely identifies the vulnerability. For example: + CVE-2021-39182, GHSA-35m5-8cvj-8783, and SNYK-PYTHON-ENROCRYPT-1912876. + + + + + The source that published the vulnerability. + + + + + Zero or more pointers to vulnerabilities that are the equivalent of the + vulnerability specified. Often times, the same vulnerability may exist in multiple sources of + vulnerability intelligence, but have different identifiers. References provide a way to + correlate vulnerabilities across multiple sources of vulnerability intelligence. + + + + + + A pointer to a vulnerability that is the equivalent of the + vulnerability specified. + + + + + + The identifier that uniquely identifies the vulnerability. For example: + CVE-2021-39182, GHSA-35m5-8cvj-8783, and SNYK-PYTHON-ENROCRYPT-1912876. + + + + + The source that published the vulnerability. + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + + List of vulnerability ratings. + + + + + + + + + + + + List of Common Weaknesses Enumerations (CWEs) codes that describes this vulnerability. + For example 399 (of https://cwe.mitre.org/data/definitions/399.html) + + + + + + + + + + A description of the vulnerability as provided by the source. + + + + + If available, an in-depth description of the vulnerability as provided by the + source organization. Details often include examples, proof-of-concepts, and other information + useful in understanding root cause. + + + + + Recommendations of how the vulnerability can be remediated or mitigated. + + + + + + + Published advisories of the vulnerability if provided. + + + + + + + + + + The date and time (timestamp) when the vulnerability record was created in the vulnerability database. + + + + + The date and time (timestamp) when the vulnerability record was first published. + + + + + The date and time (timestamp) when the vulnerability record was last updated. + + + + + The date and time (timestamp) when the vulnerability record was rejected (if applicable). + + + + + Individuals or organizations credited with the discovery of the vulnerability. + + + + + + The organizations credited with vulnerability discovery. + + + + + + + + + + The individuals, not associated with organizations, that are credited with vulnerability discovery. + + + + + + + + + + + + + The tool(s) used to identify, confirm, or score the vulnerability. + + + + + + + + + + + + An assessment of the impact and exploitability of the vulnerability. + + + + + + + Declares the current state of an occurrence of a vulnerability, after automated or manual analysis. + + + + + + + The rationale of why the impact analysis state was asserted. + + + + + + A response to the vulnerability by the manufacturer, supplier, or + project responsible for the affected component or service. More than one response + is allowed. Responses are strongly encouraged for vulnerabilities where the analysis + state is exploitable. + + + + + + + + + + + Detailed description of the impact including methods used during assessment. + If a vulnerability is not exploitable, this field should include specific details + on why the component or service is not impacted by this vulnerability. + + + + + + + The date and time (timestamp) when the analysis was first issued. + + + + + + + The date and time (timestamp) when the analysis was last updated. + + + + + + + + + The components or services that are affected by the vulnerability. + + + + + + + + + References a component or service by the objects bom-ref. + + + + + Zero or more individual versions or range of versions. + + + + + + + + + + A single version of a component or service. + + + + + A version range specified in Package URL Version Range syntax (vers) which is defined at https://github.com/package-url/purl-spec/VERSION-RANGE-SPEC.rst + + + + + + + The vulnerability status for the version or range of versions. + + + + + + + + + + + + + + + + + + Provides the ability to document properties in a key/value store. + This provides flexibility to include data not officially supported in the standard + without having to use additional namespaces or create extensions. Property names + of interest to the general public are encouraged to be registered in the + CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. + Formal registration is OPTIONAL. + + + + + + + An optional identifier which can be used to reference the vulnerability elsewhere in the BOM. + Uniqueness is enforced within all elements and children of the root-level bom element. + + + + + + + + + + The name of the source. + For example: NVD, National Vulnerability Database, OSS Index, VulnDB, and GitHub Advisories + + + + + + The url of the vulnerability documentation as provided by the source. + For example: https://nvd.nist.gov/vuln/detail/CVE-2021-39182 + + + + + + + + + + The source that calculated the severity or risk rating of the vulnerability. + + + + + The numerical score of the rating. + + + + + Textual representation of the severity that corresponds to the numerical score of the rating. + + + + + The risk scoring methodology/standard used. + + + + + Textual representation of the metric values used to score the vulnerability. + + + + + An optional reason for rating the vulnerability as it was. + + + + + + + + + + An optional name of the advisory. + + + + + Location where the advisory can be obtained. + + + + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + The organization that created the annotation + + + + + The person that created the annotation + + + + + The tool or component that created the annotation + + + + + The service that created the annotation + + + + + + + + + + + The objects in the BOM identified by their bom-ref's. This is often components or services, but may be any object type supporting bom-refs. + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + + The organization, individual, component, or service which created the textual content + of the annotation. + + + + + The date and time (timestamp) when the annotation was created. + + + + + The person(s) or organization(s) that published the component + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + An optional identifier which can be used to reference the annotation elsewhere in the BOM. + Uniqueness is enforced within all elements and children of the root-level bom element. + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + Textual representation of the severity of the vulnerability adopted by the analysis method. If the + analysis method uses values other than what is provided, the user is expected to translate appropriately. + + + + + + + + + + + + + + + + + Declares the current state of an occurrence of a vulnerability, after automated or manual analysis. + + + + + + + The vulnerability has been remediated. + + + + + + + The vulnerability has been remediated and evidence of the changes are provided in the affected + components pedigree containing verifiable commit history and/or diff(s). + + + + + + + The vulnerability may be directly or indirectly exploitable. + + + + + + + The vulnerability is being investigated. + + + + + + + The vulnerability is not specific to the component or service and was falsely identified or associated. + + + + + + + The component or service is not affected by the vulnerability. Justification should be specified + for all not_affected cases. + + + + + + + + + + The rationale of why the impact analysis state was asserted. + + + + + + + The code has been removed or tree-shaked. + + + + + + + The vulnerable code is not invoked at runtime. + + + + + + + Exploitability requires a configurable option to be set/unset. + + + + + + + Exploitability requires a dependency that is not present. + + + + + + + Exploitability requires a certain environment which is not present. + + + + + + + Exploitability requires a compiler flag to be set/unset. + + + + + + + Exploits are prevented at runtime. + + + + + + + Attacks are blocked at physical, logical, or network perimeter. + + + + + + + Preventative measures have been implemented that reduce the likelihood and/or impact of the vulnerability. + + + + + + + + + + Specifies the severity or risk scoring methodology or standard used. + + + + + + + The rating is based on CVSS v2 standard + https://www.first.org/cvss/v2/ + + + + + + + The rating is based on CVSS v3.0 standard + https://www.first.org/cvss/v3-0/ + + + + + + + The rating is based on CVSS v3.1 standard + https://www.first.org/cvss/v3-1/ + + + + + + + The rating is based on OWASP Risk Rating + https://owasp.org/www-community/OWASP_Risk_Rating_Methodology + + + + + + + Use this if the risk scoring methodology is not based on any of the options above + + + + + + + + + + The rationale of why the impact analysis state was asserted. + + + + + + + + + + + + + + + The vulnerability status of a given version or range of versions of a product. The statuses + 'affected' and 'unaffected' indicate that the version is affected or unaffected by the vulnerability. + The status 'unknown' indicates that it is unknown or unspecified whether the given version is affected. + There can be many reasons for an 'unknown' status, including that an investigation has not been + undertaken or that a vendor has not disclosed the status. + + + + + + + + + + + + + + + + Provides additional information about a BOM. + + + + + A list of software and hardware components. + + + + + A list of services. This may include microservices, function-as-a-service, and other types of network or intra-process services. + + + + + Provides the ability to document external references related to the BOM or + to the project the BOM describes. + + + + + Provides the ability to document dependency relationships. + + + + + Compositions describe constituent parts (including components, services, and dependency relationships) and their completeness. + + + + + Provides the ability to document properties in a key/value store. + This provides flexibility to include data not officially supported in the standard + without having to use additional namespaces or create extensions. Property names + of interest to the general public are encouraged to be registered in the + CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. + Formal registration is OPTIONAL. + + + + + Vulnerabilities identified in components or services. + + + + + Comments made by people, organizations, or tools about any object with + a bom-ref, such as components, services, vulnerabilities, or the BOM itself. Unlike + inventory information, annotations may contain opinion or commentary from various + stakeholders. Annotations may be inline (with inventory) or externalized via BOM-Link, + and may optionally be signed. + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + Whenever an existing BOM is modified, either manually or through automated + processes, the version of the BOM SHOULD be incremented by 1. When a system is presented with + multiple BOMs with identical serial numbers, the system SHOULD use the most recent version of the BOM. + The default version is '1'. + + + + + Every BOM generated SHOULD have a unique serial number, even if the contents of + the BOM have not changed over time. If specified, the serial number MUST conform to RFC-4122. + Use of serial numbers are RECOMMENDED. + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + \ No newline at end of file diff --git a/src/test/java/org/cyclonedx/BomJsonGeneratorTest.java b/src/test/java/org/cyclonedx/BomJsonGeneratorTest.java index c5f9038ed..a5ca4b198 100644 --- a/src/test/java/org/cyclonedx/BomJsonGeneratorTest.java +++ b/src/test/java/org/cyclonedx/BomJsonGeneratorTest.java @@ -25,6 +25,7 @@ import org.cyclonedx.generators.json.BomJsonGenerator12; import org.cyclonedx.generators.json.BomJsonGenerator13; import org.cyclonedx.generators.json.BomJsonGenerator14; +import org.cyclonedx.generators.json.BomJsonGenerator15; import org.cyclonedx.model.Bom; import org.cyclonedx.parsers.JsonParser; import org.cyclonedx.parsers.XmlParser; @@ -177,6 +178,19 @@ public void schema14JBomLinkGenerationTest() throws Exception { assertEquals("urn:cdx:f08a6ccd-4dce-4759-bd84-c626675d60a7/1", bom2.getComponents().get(0).getExternalReferences().get(0).getUrl()); } + @Test + public void schema15JsonObjectGenerationTest() throws Exception { + Bom bom = createCommonBom("/bom-1.5.xml"); + BomJsonGenerator generator = BomGeneratorFactory.createJson(Version.VERSION_15, bom); + + assertTrue(generator instanceof BomJsonGenerator15); + assertEquals(CycloneDxSchema.Version.VERSION_15, generator.getSchemaVersion()); + + File file = writeToFile(generator.toJsonString()); + JsonParser parser = new JsonParser(); + assertTrue(parser.isValid(file, CycloneDxSchema.Version.VERSION_15)); + } + private File writeToFile(String jsonString) throws Exception { try (FileWriter writer = new FileWriter(tempFile.getAbsolutePath())) { writer.write(jsonString); diff --git a/src/test/java/org/cyclonedx/BomXmlGeneratorTest.java b/src/test/java/org/cyclonedx/BomXmlGeneratorTest.java index 541106533..07b048621 100644 --- a/src/test/java/org/cyclonedx/BomXmlGeneratorTest.java +++ b/src/test/java/org/cyclonedx/BomXmlGeneratorTest.java @@ -321,6 +321,19 @@ public void schema14JBomLinkGenerationTest() throws Exception { assertEquals("urn:cdx:f08a6ccd-4dce-4759-bd84-c626675d60a7/1", bom2.getComponents().get(0).getExternalReferences().get(0).getUrl()); } + @Test + public void schema15GenerationTest() throws Exception { + BomXmlGenerator generator = BomGeneratorFactory.createXml(CycloneDxSchema.Version.VERSION_15, createCommonBom("/bom-1.5.xml")); + Document doc = generator.generate(); + testDocument(doc); + + assertTrue(generator instanceof BomXmlGenerator15); + assertEquals(CycloneDxSchema.Version.VERSION_15, generator.getSchemaVersion()); + File file = writeToFile(generator.toXmlString()); + XmlParser parser = new XmlParser(); + assertTrue(parser.isValid(file, CycloneDxSchema.Version.VERSION_15)); + } + private File writeToFile(String xmlString) throws Exception { try (FileWriter writer = new FileWriter(tempFile.getAbsolutePath())) { writer.write(xmlString); diff --git a/src/test/java/org/cyclonedx/Issue214RegressionTest.java b/src/test/java/org/cyclonedx/Issue214RegressionTest.java index fcd63d639..cc9ed3672 100644 --- a/src/test/java/org/cyclonedx/Issue214RegressionTest.java +++ b/src/test/java/org/cyclonedx/Issue214RegressionTest.java @@ -26,6 +26,7 @@ import org.cyclonedx.generators.xml.BomXmlGenerator; import org.cyclonedx.generators.xml.BomXmlGenerator13; import org.cyclonedx.generators.xml.BomXmlGenerator14; +import org.cyclonedx.generators.xml.BomXmlGenerator15; import org.cyclonedx.model.Bom; import org.cyclonedx.model.Component; import org.cyclonedx.model.ExternalReference; @@ -47,8 +48,6 @@ public void schema13JsonObjectGenerationTest() performJsonTest(CycloneDxSchema.Version.VERSION_13, BomJsonGenerator13.class); } - - @Test public void schema14JsonObjectGenerationTest() throws IOException, ReflectiveOperationException @@ -56,8 +55,6 @@ public void schema14JsonObjectGenerationTest() performJsonTest(CycloneDxSchema.Version.VERSION_14, BomJsonGenerator14.class); } - - @Test public void schema13XmlObjectGenerationTest() throws ParserConfigurationException, IOException, ReflectiveOperationException @@ -65,8 +62,6 @@ public void schema13XmlObjectGenerationTest() performXmlTest(CycloneDxSchema.Version.VERSION_13, BomXmlGenerator13.class); } - - @Test public void schema14XmlObjectGenerationTest() throws ParserConfigurationException, IOException, ReflectiveOperationException @@ -74,7 +69,12 @@ public void schema14XmlObjectGenerationTest() performXmlTest(CycloneDxSchema.Version.VERSION_14, BomXmlGenerator14.class); } - + @Test + public void schema15XmlObjectGenerationTest() + throws ParserConfigurationException, IOException, ReflectiveOperationException + { + performXmlTest(CycloneDxSchema.Version.VERSION_15, BomXmlGenerator15.class); + } private void performXmlTest(final CycloneDxSchema.Version pSpecVersion, final Class pExpectedGeneratorClass) @@ -93,8 +93,6 @@ private void performXmlTest(final CycloneDxS validate(actual, XmlParser.class, pSpecVersion); } - - private void performJsonTest(final CycloneDxSchema.Version pSpecVersion, final Class pExpectedGeneratorClass) throws IOException, ReflectiveOperationException @@ -111,8 +109,6 @@ private void performJsonTest(final CycloneD validate(actual, JsonParser.class, pSpecVersion); } - - private String xmlDocumentToString(final Document doc) { Assertions.assertNotNull(doc); @@ -137,8 +133,6 @@ private String xmlDocumentToString(final Document doc) return null; } - - private String readFixture(final String pPath, final CycloneDxSchema.Version pSpecVersion) { try (InputStream is = getClass().getResourceAsStream(pPath)) { @@ -157,8 +151,6 @@ private String readFixture(final String pPath, final CycloneDxSchema.Version pSp return null; } - - private Bom createIssue214Bom() { ExternalReference extRef = new ExternalReference(); @@ -184,8 +176,6 @@ private Bom createIssue214Bom() return bom; } - - private

void validate(final String pDocument, final Class

pParserType, final CycloneDxSchema.Version pSpecVersion) throws IOException, ReflectiveOperationException @@ -204,8 +194,6 @@ private

void validate(final String pDocument, final Class

} } - - private File writeToFile(final String pDocument, final String pSuffix) throws IOException { diff --git a/src/test/java/org/cyclonedx/parse/BaseParseTest.java b/src/test/java/org/cyclonedx/parse/BaseParseTest.java index da1dee461..2f14afff7 100644 --- a/src/test/java/org/cyclonedx/parse/BaseParseTest.java +++ b/src/test/java/org/cyclonedx/parse/BaseParseTest.java @@ -38,18 +38,9 @@ public abstract class BaseParseTest { - static final List VERSIONS = new ArrayList<>(); - static { - VERSIONS.add(CycloneDxSchema.Version.VERSION_10); - VERSIONS.add(CycloneDxSchema.Version.VERSION_11); - VERSIONS.add(CycloneDxSchema.Version.VERSION_12); - VERSIONS.add(CycloneDxSchema.Version.VERSION_13); - VERSIONS.add(CycloneDxSchema.Version.VERSION_14); - } - List getAllResources() { final List files = new ArrayList<>(); - for (CycloneDxSchema.Version version: VERSIONS) { + for (CycloneDxSchema.Version version: CycloneDxSchema.ALL_VERSIONS) { files.addAll(getResources(version.getVersionString() + "/")); } return files; @@ -68,7 +59,7 @@ Bom parseBom(File file) throws ParseException { } void generateBomXml(final String testName, final Bom bom) throws ParserConfigurationException { - for (CycloneDxSchema.Version version : VERSIONS) { + for (CycloneDxSchema.Version version : CycloneDxSchema.ALL_VERSIONS) { System.out.println("Generating CycloneDX " + version.getVersionString() + " XML for " + testName); BomXmlGenerator generator = BomGeneratorFactory.createXml(version, bom); Document doc = generator.generate(); @@ -77,7 +68,7 @@ void generateBomXml(final String testName, final Bom bom) throws ParserConfigura } void generateBomJson(final String testName, final Bom bom) { - for (CycloneDxSchema.Version version : VERSIONS) { + for (CycloneDxSchema.Version version : CycloneDxSchema.ALL_VERSIONS) { System.out.println("Generating CycloneDX " + version.getVersionString() + " JSON for " + testName); BomJsonGenerator generator = BomGeneratorFactory.createJson(version, bom); Assertions.assertNotNull(generator.toJsonString()); diff --git a/src/test/java/org/cyclonedx/parsers/JsonParserTest.java b/src/test/java/org/cyclonedx/parsers/JsonParserTest.java index c907f2f1a..89d59108b 100644 --- a/src/test/java/org/cyclonedx/parsers/JsonParserTest.java +++ b/src/test/java/org/cyclonedx/parsers/JsonParserTest.java @@ -344,6 +344,27 @@ public void testParsedObjects14Bom() throws Exception { assertEquals("pkg:npm/acme/component@1.0.0", d1.getRef()); } + @Test + public void testParsedObjects15Bom() throws Exception { + final byte[] bomBytes = IOUtils.toByteArray(this.getClass().getResourceAsStream("/bom-1.5.json")); + final JsonParser parser = new JsonParser(); + final Bom bom = parser.parse(bomBytes); + + assertEquals("1.5", bom.getSpecVersion()); + assertEquals(1, bom.getVersion()); + + assertMetadata(bom.getMetadata()); + assertComponent(bom); + assertServices(bom); + assertVulnerabilities(bom); + + // Dependencies + assertEquals(2, bom.getDependencies().size()); + Dependency d1 = bom.getDependencies().get(0); + assertNotNull(d1); + assertEquals("pkg:npm/acme/component@1.0.0", d1.getRef()); + } + private void assertVulnerabilities(final Bom bom) { final List vulnerabilities = bom.getVulnerabilities(); assertEquals(1, vulnerabilities.size()); diff --git a/src/test/java/org/cyclonedx/parsers/XmlParserTest.java b/src/test/java/org/cyclonedx/parsers/XmlParserTest.java index cb035776a..5713c1a12 100644 --- a/src/test/java/org/cyclonedx/parsers/XmlParserTest.java +++ b/src/test/java/org/cyclonedx/parsers/XmlParserTest.java @@ -469,6 +469,27 @@ public void testParsedObjects14Bom() throws Exception { assertEquals("pkg:maven/com.acme/jackson-databind@2.9.4", d1.getRef()); } + @Test + public void testParsedObjects15Bom() throws Exception { + final byte[] bomBytes = IOUtils.toByteArray(this.getClass().getResourceAsStream("/bom-1.5.xml")); + final XmlParser parser = new XmlParser(); + final Bom bom = parser.parse(bomBytes); + + assertEquals("1.5", bom.getSpecVersion()); + assertEquals(1, bom.getVersion()); + + assertMetadata(bom.getMetadata()); + assertComponent(bom); + assertServices(bom); + assertVulnerabilities(bom); + + // Dependencies + assertEquals(1, bom.getDependencies().size()); + Dependency d1 = bom.getDependencies().get(0); + assertNotNull(d1); + assertEquals("pkg:maven/com.acme/jackson-databind@2.9.4", d1.getRef()); + } + @Test public void testParsedObjects14Bom_WithVulnsExtension() throws Exception { final byte[] bomBytes = IOUtils.toByteArray(this.getClass().getResourceAsStream("/valid-ext-vulnerability-1.4.xml")); diff --git a/src/test/java/org/cyclonedx/schema/BaseSchemaVerificationTest.java b/src/test/java/org/cyclonedx/schema/BaseSchemaVerificationTest.java index bb7e3f344..a44c41e7c 100644 --- a/src/test/java/org/cyclonedx/schema/BaseSchemaVerificationTest.java +++ b/src/test/java/org/cyclonedx/schema/BaseSchemaVerificationTest.java @@ -19,6 +19,8 @@ package org.cyclonedx.schema; import org.apache.commons.io.IOUtils; +import org.cyclonedx.CycloneDxSchema; +import org.cyclonedx.CycloneDxSchema.Version; import java.io.InputStream; import java.nio.charset.StandardCharsets; @@ -26,14 +28,12 @@ import java.util.List; public abstract class BaseSchemaVerificationTest { - List getAllResources() throws Exception { final List files = new ArrayList<>(); - files.addAll(getResources("1.0/")); - files.addAll(getResources("1.1/")); - files.addAll(getResources("1.2/")); - files.addAll(getResources("1.3/")); - files.addAll(getResources("1.4/")); + + for (Version version : CycloneDxSchema.ALL_VERSIONS) { + files.addAll(getResources(version.getVersionString())); + } return files; } diff --git a/src/test/java/org/cyclonedx/schema/JsonSchemaVerificationTest.java b/src/test/java/org/cyclonedx/schema/JsonSchemaVerificationTest.java index 0a348d7cc..f3d1e7d1c 100644 --- a/src/test/java/org/cyclonedx/schema/JsonSchemaVerificationTest.java +++ b/src/test/java/org/cyclonedx/schema/JsonSchemaVerificationTest.java @@ -41,11 +41,17 @@ public Collection dynamicTestsWithCollection() throws Exception { final CycloneDxSchema.Version schemaVersion; if (file.endsWith("-1.2.json")) { schemaVersion = CycloneDxSchema.Version.VERSION_12; - } else if (file.endsWith("-1.3.json")) { + } + else if (file.endsWith("-1.3.json")) { schemaVersion = CycloneDxSchema.Version.VERSION_13; - } else if (file.endsWith("-1.4.json")) { + } + else if (file.endsWith("-1.4.json")) { schemaVersion = CycloneDxSchema.Version.VERSION_14; - } else { + } + else if (file.endsWith("-1.5.json")) { + schemaVersion = CycloneDxSchema.Version.VERSION_15; + } + else { schemaVersion = null; } if (file.startsWith("valid") && schemaVersion != null) { diff --git a/src/test/java/org/cyclonedx/schema/XmlSchemaVerificationTest.java b/src/test/java/org/cyclonedx/schema/XmlSchemaVerificationTest.java index 3719fb24e..d4a0f2c64 100644 --- a/src/test/java/org/cyclonedx/schema/XmlSchemaVerificationTest.java +++ b/src/test/java/org/cyclonedx/schema/XmlSchemaVerificationTest.java @@ -42,15 +42,23 @@ public Collection dynamicTestsWithCollection() throws Exception { final CycloneDxSchema.Version schemaVersion; if (file.endsWith("-1.0.xml")) { schemaVersion = CycloneDxSchema.Version.VERSION_10; - } else if (file.endsWith("-1.1.xml")) { + } + else if (file.endsWith("-1.1.xml")) { schemaVersion = CycloneDxSchema.Version.VERSION_11; - } else if (file.endsWith("-1.2.xml")) { + } + else if (file.endsWith("-1.2.xml")) { schemaVersion = CycloneDxSchema.Version.VERSION_12; - } else if (file.endsWith("-1.3.xml")) { + } + else if (file.endsWith("-1.3.xml")) { schemaVersion = CycloneDxSchema.Version.VERSION_13; - } else if (file.endsWith("-1.4.xml")) { + } + else if (file.endsWith("-1.4.xml")) { schemaVersion = CycloneDxSchema.Version.VERSION_14; - } else { + } + else if (file.endsWith("-1.5.xml")) { + schemaVersion = CycloneDxSchema.Version.VERSION_15; + } + else { schemaVersion = null; } if (file.startsWith("valid") && schemaVersion != null) { diff --git a/src/test/resources/1.5/invalid-bomformat-1.5.json b/src/test/resources/1.5/invalid-bomformat-1.5.json new file mode 100644 index 000000000..2d0176d94 --- /dev/null +++ b/src/test/resources/1.5/invalid-bomformat-1.5.json @@ -0,0 +1,8 @@ +{ + "bomFormat": "AnotherFormat", + "specVersion": "1.5", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + ] +} diff --git a/src/test/resources/1.5/invalid-component-ref-1.5.json b/src/test/resources/1.5/invalid-component-ref-1.5.json new file mode 100644 index 000000000..c00f57d1b --- /dev/null +++ b/src/test/resources/1.5/invalid-component-ref-1.5.json @@ -0,0 +1,20 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "type": "library", + "bom-ref": "123", + "name": "acme-library", + "version": "1.0.0" + }, + { + "type": "library", + "bom-ref": "123", + "name": "acme-library", + "version": "1.0.0" + } + ] +} diff --git a/src/test/resources/1.5/invalid-component-ref-1.5.xml b/src/test/resources/1.5/invalid-component-ref-1.5.xml new file mode 100644 index 000000000..cb83d8fce --- /dev/null +++ b/src/test/resources/1.5/invalid-component-ref-1.5.xml @@ -0,0 +1,15 @@ + + + + + acme-library + 1.0.0 + + + acme-library + 1.0.0 + + + + + diff --git a/src/test/resources/1.5/invalid-component-swid-1.5.json b/src/test/resources/1.5/invalid-component-swid-1.5.json new file mode 100644 index 000000000..27b7b054e --- /dev/null +++ b/src/test/resources/1.5/invalid-component-swid-1.5.json @@ -0,0 +1,18 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "type": "application", + "author": "Acme Super Heros", + "name": "Acme Application", + "version": "9.1.1", + "swid": { + "name": "Acme Application", + "version": "9.1.1" + } + } + ] +} diff --git a/src/test/resources/1.5/invalid-component-swid-1.5.xml b/src/test/resources/1.5/invalid-component-swid-1.5.xml new file mode 100644 index 000000000..08f5d06af --- /dev/null +++ b/src/test/resources/1.5/invalid-component-swid-1.5.xml @@ -0,0 +1,11 @@ + + + + + Acme Super Heros + Acme Application + 9.1.1 + + + + diff --git a/src/test/resources/1.5/invalid-component-type-1.5.json b/src/test/resources/1.5/invalid-component-type-1.5.json new file mode 100644 index 000000000..e1af4ad73 --- /dev/null +++ b/src/test/resources/1.5/invalid-component-type-1.5.json @@ -0,0 +1,13 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "type": "foo", + "name": "acme-library", + "version": "1.0.0" + } + ] +} diff --git a/src/test/resources/1.5/invalid-component-type-1.5.xml b/src/test/resources/1.5/invalid-component-type-1.5.xml new file mode 100644 index 000000000..f3fd735c5 --- /dev/null +++ b/src/test/resources/1.5/invalid-component-type-1.5.xml @@ -0,0 +1,9 @@ + + + + + acme-library + 1.0.0 + + + diff --git a/src/test/resources/1.5/invalid-dependency-1.5.json b/src/test/resources/1.5/invalid-dependency-1.5.json new file mode 100644 index 000000000..8b46f0d0a --- /dev/null +++ b/src/test/resources/1.5/invalid-dependency-1.5.json @@ -0,0 +1,37 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "bom-ref": "library-a", + "type": "library", + "name": "library-a", + "version": "1.0.0" + }, + { + "bom-ref": "library-b", + "type": "library", + "name": "library-b", + "version": "1.0.0" + }, + { + "bom-ref": "library-c", + "type": "library", + "name": "library-c", + "version": "1.0.0" + } + ], + "dependencies": [ + { + "dependsOn": [] + }, + { + "ref": "library-b", + "dependsOn": [ + "library-c" + ] + } + ] +} diff --git a/src/test/resources/1.5/invalid-dependency-1.5.xml b/src/test/resources/1.5/invalid-dependency-1.5.xml new file mode 100644 index 000000000..363956aac --- /dev/null +++ b/src/test/resources/1.5/invalid-dependency-1.5.xml @@ -0,0 +1,23 @@ + + + + + acme-library-a + 1.0.0 + + + acme-library-b + 1.0.0 + + + acme-library-b + 1.0.0 + + + + + + + + + diff --git a/src/test/resources/1.5/invalid-empty-component-1.5.json b/src/test/resources/1.5/invalid-empty-component-1.5.json new file mode 100644 index 000000000..d33e2c3a3 --- /dev/null +++ b/src/test/resources/1.5/invalid-empty-component-1.5.json @@ -0,0 +1,11 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "type": "library" + } + ] +} diff --git a/src/test/resources/1.5/invalid-empty-component-1.5.xml b/src/test/resources/1.5/invalid-empty-component-1.5.xml new file mode 100644 index 000000000..9c5a17a96 --- /dev/null +++ b/src/test/resources/1.5/invalid-empty-component-1.5.xml @@ -0,0 +1,7 @@ + + + + + + + diff --git a/src/test/resources/1.5/invalid-hash-alg-1.5.json b/src/test/resources/1.5/invalid-hash-alg-1.5.json new file mode 100644 index 000000000..762b9ac40 --- /dev/null +++ b/src/test/resources/1.5/invalid-hash-alg-1.5.json @@ -0,0 +1,32 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "type": "library", + "name": "acme-library", + "version": "1.0.0", + "scope": "required", + "hashes": [ + { + "alg": "FOO", + "content": "3942447fac867ae5cdb3229b658f4d48" + }, + { + "alg": "SHA-1", + "content": "e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a" + }, + { + "alg": "SHA-256", + "content": "f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b" + }, + { + "alg": "SHA-512", + "content": "e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282" + } + ] + } + ] +} diff --git a/src/test/resources/1.5/invalid-hash-alg-1.5.xml b/src/test/resources/1.5/invalid-hash-alg-1.5.xml new file mode 100644 index 000000000..a04a222d9 --- /dev/null +++ b/src/test/resources/1.5/invalid-hash-alg-1.5.xml @@ -0,0 +1,16 @@ + + + + + acme-library + 1.0.0 + required + + 3942447fac867ae5cdb3229b658f4d48 + e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a + f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b + e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 + + + + diff --git a/src/test/resources/1.5/invalid-hash-md5-1.5.json b/src/test/resources/1.5/invalid-hash-md5-1.5.json new file mode 100644 index 000000000..853dfa673 --- /dev/null +++ b/src/test/resources/1.5/invalid-hash-md5-1.5.json @@ -0,0 +1,32 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "type": "library", + "name": "acme-library", + "version": "1.0.0", + "scope": "required", + "hashes": [ + { + "alg": "MD5", + "content": "foo" + }, + { + "alg": "SHA-1", + "content": "e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a" + }, + { + "alg": "SHA-256", + "content": "f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b" + }, + { + "alg": "SHA-512", + "content": "e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282" + } + ] + } + ] +} diff --git a/src/test/resources/1.5/invalid-hash-md5-1.5.xml b/src/test/resources/1.5/invalid-hash-md5-1.5.xml new file mode 100644 index 000000000..c13924404 --- /dev/null +++ b/src/test/resources/1.5/invalid-hash-md5-1.5.xml @@ -0,0 +1,16 @@ + + + + + acme-library + 1.0.0 + required + + foo + e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a + f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b + e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 + + + + diff --git a/src/test/resources/1.5/invalid-hash-sha1-1.5.json b/src/test/resources/1.5/invalid-hash-sha1-1.5.json new file mode 100644 index 000000000..d651feb7d --- /dev/null +++ b/src/test/resources/1.5/invalid-hash-sha1-1.5.json @@ -0,0 +1,32 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "type": "library", + "name": "acme-library", + "version": "1.0.0", + "scope": "required", + "hashes": [ + { + "alg": "MD5", + "content": "3942447fac867ae5cdb3229b658f4d48" + }, + { + "alg": "SHA-1", + "content": "foo" + }, + { + "alg": "SHA-256", + "content": "f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b" + }, + { + "alg": "SHA-512", + "content": "e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282" + } + ] + } + ] +} diff --git a/src/test/resources/1.5/invalid-hash-sha1-1.5.xml b/src/test/resources/1.5/invalid-hash-sha1-1.5.xml new file mode 100644 index 000000000..6b406bc1b --- /dev/null +++ b/src/test/resources/1.5/invalid-hash-sha1-1.5.xml @@ -0,0 +1,16 @@ + + + + + acme-library + 1.0.0 + required + + 3942447fac867ae5cdb3229b658f4d48 + foo + f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b + e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 + + + + diff --git a/src/test/resources/1.5/invalid-hash-sha256-1.5.json b/src/test/resources/1.5/invalid-hash-sha256-1.5.json new file mode 100644 index 000000000..b9e80d5e2 --- /dev/null +++ b/src/test/resources/1.5/invalid-hash-sha256-1.5.json @@ -0,0 +1,32 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "type": "library", + "name": "acme-library", + "version": "1.0.0", + "scope": "required", + "hashes": [ + { + "alg": "MD5", + "content": "3942447fac867ae5cdb3229b658f4d48" + }, + { + "alg": "SHA-1", + "content": "e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a" + }, + { + "alg": "SHA-256", + "content": "foo" + }, + { + "alg": "SHA-512", + "content": "e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282" + } + ] + } + ] +} diff --git a/src/test/resources/1.5/invalid-hash-sha256-1.5.xml b/src/test/resources/1.5/invalid-hash-sha256-1.5.xml new file mode 100644 index 000000000..615b903ec --- /dev/null +++ b/src/test/resources/1.5/invalid-hash-sha256-1.5.xml @@ -0,0 +1,16 @@ + + + + + acme-library + 1.0.0 + required + + 3942447fac867ae5cdb3229b658f4d48 + e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a + foo + e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 + + + + diff --git a/src/test/resources/1.5/invalid-hash-sha512-1.5.json b/src/test/resources/1.5/invalid-hash-sha512-1.5.json new file mode 100644 index 000000000..a167ad8e2 --- /dev/null +++ b/src/test/resources/1.5/invalid-hash-sha512-1.5.json @@ -0,0 +1,32 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "type": "library", + "name": "acme-library", + "version": "1.0.0", + "scope": "required", + "hashes": [ + { + "alg": "MD5", + "content": "3942447fac867ae5cdb3229b658f4d48" + }, + { + "alg": "SHA-1", + "content": "e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a" + }, + { + "alg": "SHA-256", + "content": "f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b" + }, + { + "alg": "SHA-512", + "content": "foo" + } + ] + } + ] +} diff --git a/src/test/resources/1.5/invalid-hash-sha512-1.5.xml b/src/test/resources/1.5/invalid-hash-sha512-1.5.xml new file mode 100644 index 000000000..fe41ba0c2 --- /dev/null +++ b/src/test/resources/1.5/invalid-hash-sha512-1.5.xml @@ -0,0 +1,16 @@ + + + + + acme-library + 1.0.0 + required + + 3942447fac867ae5cdb3229b658f4d48 + e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a + f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b + foo + + + + diff --git a/src/test/resources/1.5/invalid-issue-type-1.5.json b/src/test/resources/1.5/invalid-issue-type-1.5.json new file mode 100644 index 000000000..59d63577a --- /dev/null +++ b/src/test/resources/1.5/invalid-issue-type-1.5.json @@ -0,0 +1,48 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "type": "library", + "group": "com.acme", + "name": "sample-library", + "version": "1.0.0", + "pedigree": { + "ancestors": [ + { + "type": "library", + "group": "org.example", + "name": "sample-library", + "version": "1.0.0" + } + ], + "patches": [ + { + "type": "unofficial", + "diff": { + "text": { + "contentType": "text/plain", + "encoding": "base64", + "content": "blah" + }, + "url": "uri/to/changes.diff" + }, + "resolves": [ + { + "type": "foo", + "id": "JIRA-17240", + "description": "Great new feature that does something", + "source": { + "name": "Acme Org", + "url": "https://issues.acme.org/17240" + } + } + ] + } + ] + } + } + ] +} diff --git a/src/test/resources/1.5/invalid-issue-type-1.5.xml b/src/test/resources/1.5/invalid-issue-type-1.5.xml new file mode 100644 index 000000000..144023f53 --- /dev/null +++ b/src/test/resources/1.5/invalid-issue-type-1.5.xml @@ -0,0 +1,37 @@ + + + + + com.acme + sample-library + 1.0.0 + + + + org.example + sample-library + 1.0.0 + + + + + + blah + uri/to/changes.diff + + + + JIRA-17240 + Great new feature that does something + + Acme Org + https://issues.acme.org/17240 + + + + + + + + + diff --git a/src/test/resources/1.5/invalid-license-choice-1.5.json b/src/test/resources/1.5/invalid-license-choice-1.5.json new file mode 100644 index 000000000..36b0b5fed --- /dev/null +++ b/src/test/resources/1.5/invalid-license-choice-1.5.json @@ -0,0 +1,23 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "type": "library", + "publisher": "Acme Inc", + "group": "com.acme", + "name": "tomcat-catalina", + "version": "9.0.14", + "licenses": [ + { + "expression": "EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0", + "license": { + "name": "Apache License 2.0" + } + } + ] + } + ] +} diff --git a/src/test/resources/1.5/invalid-license-choice-1.5.xml b/src/test/resources/1.5/invalid-license-choice-1.5.xml new file mode 100644 index 000000000..03a3ba626 --- /dev/null +++ b/src/test/resources/1.5/invalid-license-choice-1.5.xml @@ -0,0 +1,26 @@ + + + + + Acme Inc + com.acme + tomcat-catalina + 9.0.14 + Modified version of Apache Catalina + required + + 3942447fac867ae5cdb3229b658f4d48 + e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a + f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b + e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 + + + + Apache-2.0 + + EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 + + pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar + + + diff --git a/src/test/resources/1.5/invalid-license-encoding-1.5.json b/src/test/resources/1.5/invalid-license-encoding-1.5.json new file mode 100644 index 000000000..4342c9e3f --- /dev/null +++ b/src/test/resources/1.5/invalid-license-encoding-1.5.json @@ -0,0 +1,28 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "type": "library", + "publisher": "Acme Inc", + "group": "com.acme", + "name": "tomcat-catalina", + "version": "9.0.14", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "text": { + "contentType": "text/plain", + "encoding": "base85", + "content": "CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFwYWNoZSBMaWNlbnNlCiAgICAgICAgICAgICAgICAgICAgICAgICAgIFZlcnNpb24gMi4wLCBKYW51YXJ5IDIwMDQKICAgICAgICAgICAgICAgICAgICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzLwoKICAgVEVSTVMgQU5EIENPTkRJVElPTlMgRk9SIFVTRSwgUkVQUk9EVUNUSU9OLCBBTkQgRElTVFJJQlVUSU9OCgogICAxLiBEZWZpbml0aW9ucy4KCiAgICAgICJMaWNlbnNlIiBzaGFsbCBtZWFuIHRoZSB0ZXJtcyBhbmQgY29uZGl0aW9ucyBmb3IgdXNlLCByZXByb2R1Y3Rpb24sCiAgICAgIGFuZCBkaXN0cmlidXRpb24gYXMgZGVmaW5lZCBieSBTZWN0aW9ucyAxIHRocm91Z2ggOSBvZiB0aGlzIGRvY3VtZW50LgoKICAgICAgIkxpY2Vuc29yIiBzaGFsbCBtZWFuIHRoZSBjb3B5cmlnaHQgb3duZXIgb3IgZW50aXR5IGF1dGhvcml6ZWQgYnkKICAgICAgdGhlIGNvcHlyaWdodCBvd25lciB0aGF0IGlzIGdyYW50aW5nIHRoZSBMaWNlbnNlLgoKICAgICAgIkxlZ2FsIEVudGl0eSIgc2hhbGwgbWVhbiB0aGUgdW5pb24gb2YgdGhlIGFjdGluZyBlbnRpdHkgYW5kIGFsbAogICAgICBvdGhlciBlbnRpdGllcyB0aGF0IGNvbnRyb2wsIGFyZSBjb250cm9sbGVkIGJ5LCBvciBhcmUgdW5kZXIgY29tbW9uCiAgICAgIGNvbnRyb2wgd2l0aCB0aGF0IGVudGl0eS4gRm9yIHRoZSBwdXJwb3NlcyBvZiB0aGlzIGRlZmluaXRpb24sCiAgICAgICJjb250cm9sIiBtZWFucyAoaSkgdGhlIHBvd2VyLCBkaXJlY3Qgb3IgaW5kaXJlY3QsIHRvIGNhdXNlIHRoZQogICAgICBkaXJlY3Rpb24gb3IgbWFuYWdlbWVudCBvZiBzdWNoIGVudGl0eSwgd2hldGhlciBieSBjb250cmFjdCBvcgogICAgICBvdGhlcndpc2UsIG9yIChpaSkgb3duZXJzaGlwIG9mIGZpZnR5IHBlcmNlbnQgKDUwJSkgb3IgbW9yZSBvZiB0aGUKICAgICAgb3V0c3RhbmRpbmcgc2hhcmVzLCBvciAoaWlpKSBiZW5lZmljaWFsIG93bmVyc2hpcCBvZiBzdWNoIGVudGl0eS4KCiAgICAgICJZb3UiIChvciAiWW91ciIpIHNoYWxsIG1lYW4gYW4gaW5kaXZpZHVhbCBvciBMZWdhbCBFbnRpdHkKICAgICAgZXhlcmNpc2luZyBwZXJtaXNzaW9ucyBncmFudGVkIGJ5IHRoaXMgTGljZW5zZS4KCiAgICAgICJTb3VyY2UiIGZvcm0gc2hhbGwgbWVhbiB0aGUgcHJlZmVycmVkIGZvcm0gZm9yIG1ha2luZyBtb2RpZmljYXRpb25zLAogICAgICBpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIHNvZnR3YXJlIHNvdXJjZSBjb2RlLCBkb2N1bWVudGF0aW9uCiAgICAgIHNvdXJjZSwgYW5kIGNvbmZpZ3VyYXRpb24gZmlsZXMuCgogICAgICAiT2JqZWN0IiBmb3JtIHNoYWxsIG1lYW4gYW55IGZvcm0gcmVzdWx0aW5nIGZyb20gbWVjaGFuaWNhbAogICAgICB0cmFuc2Zvcm1hdGlvbiBvciB0cmFuc2xhdGlvbiBvZiBhIFNvdXJjZSBmb3JtLCBpbmNsdWRpbmcgYnV0CiAgICAgIG5vdCBsaW1pdGVkIHRvIGNvbXBpbGVkIG9iamVjdCBjb2RlLCBnZW5lcmF0ZWQgZG9jdW1lbnRhdGlvbiwKICAgICAgYW5kIGNvbnZlcnNpb25zIHRvIG90aGVyIG1lZGlhIHR5cGVzLgoKICAgICAgIldvcmsiIHNoYWxsIG1lYW4gdGhlIHdvcmsgb2YgYXV0aG9yc2hpcCwgd2hldGhlciBpbiBTb3VyY2Ugb3IKICAgICAgT2JqZWN0IGZvcm0sIG1hZGUgYXZhaWxhYmxlIHVuZGVyIHRoZSBMaWNlbnNlLCBhcyBpbmRpY2F0ZWQgYnkgYQogICAgICBjb3B5cmlnaHQgbm90aWNlIHRoYXQgaXMgaW5jbHVkZWQgaW4gb3IgYXR0YWNoZWQgdG8gdGhlIHdvcmsKICAgICAgKGFuIGV4YW1wbGUgaXMgcHJvdmlkZWQgaW4gdGhlIEFwcGVuZGl4IGJlbG93KS4KCiAgICAgICJEZXJpdmF0aXZlIFdvcmtzIiBzaGFsbCBtZWFuIGFueSB3b3JrLCB3aGV0aGVyIGluIFNvdXJjZSBvciBPYmplY3QKICAgICAgZm9ybSwgdGhhdCBpcyBiYXNlZCBvbiAob3IgZGVyaXZlZCBmcm9tKSB0aGUgV29yayBhbmQgZm9yIHdoaWNoIHRoZQogICAgICBlZGl0b3JpYWwgcmV2aXNpb25zLCBhbm5vdGF0aW9ucywgZWxhYm9yYXRpb25zLCBvciBvdGhlciBtb2RpZmljYXRpb25zCiAgICAgIHJlcHJlc2VudCwgYXMgYSB3aG9sZSwgYW4gb3JpZ2luYWwgd29yayBvZiBhdXRob3JzaGlwLiBGb3IgdGhlIHB1cnBvc2VzCiAgICAgIG9mIHRoaXMgTGljZW5zZSwgRGVyaXZhdGl2ZSBXb3JrcyBzaGFsbCBub3QgaW5jbHVkZSB3b3JrcyB0aGF0IHJlbWFpbgogICAgICBzZXBhcmFibGUgZnJvbSwgb3IgbWVyZWx5IGxpbmsgKG9yIGJpbmQgYnkgbmFtZSkgdG8gdGhlIGludGVyZmFjZXMgb2YsCiAgICAgIHRoZSBXb3JrIGFuZCBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YuCgogICAgICAiQ29udHJpYnV0aW9uIiBzaGFsbCBtZWFuIGFueSB3b3JrIG9mIGF1dGhvcnNoaXAsIGluY2x1ZGluZwogICAgICB0aGUgb3JpZ2luYWwgdmVyc2lvbiBvZiB0aGUgV29yayBhbmQgYW55IG1vZGlmaWNhdGlvbnMgb3IgYWRkaXRpb25zCiAgICAgIHRvIHRoYXQgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIHRoYXQgaXMgaW50ZW50aW9uYWxseQogICAgICBzdWJtaXR0ZWQgdG8gTGljZW5zb3IgZm9yIGluY2x1c2lvbiBpbiB0aGUgV29yayBieSB0aGUgY29weXJpZ2h0IG93bmVyCiAgICAgIG9yIGJ5IGFuIGluZGl2aWR1YWwgb3IgTGVnYWwgRW50aXR5IGF1dGhvcml6ZWQgdG8gc3VibWl0IG9uIGJlaGFsZiBvZgogICAgICB0aGUgY29weXJpZ2h0IG93bmVyLiBGb3IgdGhlIHB1cnBvc2VzIG9mIHRoaXMgZGVmaW5pdGlvbiwgInN1Ym1pdHRlZCIKICAgICAgbWVhbnMgYW55IGZvcm0gb2YgZWxlY3Ryb25pYywgdmVyYmFsLCBvciB3cml0dGVuIGNvbW11bmljYXRpb24gc2VudAogICAgICB0byB0aGUgTGljZW5zb3Igb3IgaXRzIHJlcHJlc2VudGF0aXZlcywgaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0bwogICAgICBjb21tdW5pY2F0aW9uIG9uIGVsZWN0cm9uaWMgbWFpbGluZyBsaXN0cywgc291cmNlIGNvZGUgY29udHJvbCBzeXN0ZW1zLAogICAgICBhbmQgaXNzdWUgdHJhY2tpbmcgc3lzdGVtcyB0aGF0IGFyZSBtYW5hZ2VkIGJ5LCBvciBvbiBiZWhhbGYgb2YsIHRoZQogICAgICBMaWNlbnNvciBmb3IgdGhlIHB1cnBvc2Ugb2YgZGlzY3Vzc2luZyBhbmQgaW1wcm92aW5nIHRoZSBXb3JrLCBidXQKICAgICAgZXhjbHVkaW5nIGNvbW11bmljYXRpb24gdGhhdCBpcyBjb25zcGljdW91c2x5IG1hcmtlZCBvciBvdGhlcndpc2UKICAgICAgZGVzaWduYXRlZCBpbiB3cml0aW5nIGJ5IHRoZSBjb3B5cmlnaHQgb3duZXIgYXMgIk5vdCBhIENvbnRyaWJ1dGlvbi4iCgogICAgICAiQ29udHJpYnV0b3IiIHNoYWxsIG1lYW4gTGljZW5zb3IgYW5kIGFueSBpbmRpdmlkdWFsIG9yIExlZ2FsIEVudGl0eQogICAgICBvbiBiZWhhbGYgb2Ygd2hvbSBhIENvbnRyaWJ1dGlvbiBoYXMgYmVlbiByZWNlaXZlZCBieSBMaWNlbnNvciBhbmQKICAgICAgc3Vic2VxdWVudGx5IGluY29ycG9yYXRlZCB3aXRoaW4gdGhlIFdvcmsuCgogICAyLiBHcmFudCBvZiBDb3B5cmlnaHQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICBjb3B5cmlnaHQgbGljZW5zZSB0byByZXByb2R1Y2UsIHByZXBhcmUgRGVyaXZhdGl2ZSBXb3JrcyBvZiwKICAgICAgcHVibGljbHkgZGlzcGxheSwgcHVibGljbHkgcGVyZm9ybSwgc3VibGljZW5zZSwgYW5kIGRpc3RyaWJ1dGUgdGhlCiAgICAgIFdvcmsgYW5kIHN1Y2ggRGVyaXZhdGl2ZSBXb3JrcyBpbiBTb3VyY2Ugb3IgT2JqZWN0IGZvcm0uCgogICAzLiBHcmFudCBvZiBQYXRlbnQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICAoZXhjZXB0IGFzIHN0YXRlZCBpbiB0aGlzIHNlY3Rpb24pIHBhdGVudCBsaWNlbnNlIHRvIG1ha2UsIGhhdmUgbWFkZSwKICAgICAgdXNlLCBvZmZlciB0byBzZWxsLCBzZWxsLCBpbXBvcnQsIGFuZCBvdGhlcndpc2UgdHJhbnNmZXIgdGhlIFdvcmssCiAgICAgIHdoZXJlIHN1Y2ggbGljZW5zZSBhcHBsaWVzIG9ubHkgdG8gdGhvc2UgcGF0ZW50IGNsYWltcyBsaWNlbnNhYmxlCiAgICAgIGJ5IHN1Y2ggQ29udHJpYnV0b3IgdGhhdCBhcmUgbmVjZXNzYXJpbHkgaW5mcmluZ2VkIGJ5IHRoZWlyCiAgICAgIENvbnRyaWJ1dGlvbihzKSBhbG9uZSBvciBieSBjb21iaW5hdGlvbiBvZiB0aGVpciBDb250cmlidXRpb24ocykKICAgICAgd2l0aCB0aGUgV29yayB0byB3aGljaCBzdWNoIENvbnRyaWJ1dGlvbihzKSB3YXMgc3VibWl0dGVkLiBJZiBZb3UKICAgICAgaW5zdGl0dXRlIHBhdGVudCBsaXRpZ2F0aW9uIGFnYWluc3QgYW55IGVudGl0eSAoaW5jbHVkaW5nIGEKICAgICAgY3Jvc3MtY2xhaW0gb3IgY291bnRlcmNsYWltIGluIGEgbGF3c3VpdCkgYWxsZWdpbmcgdGhhdCB0aGUgV29yawogICAgICBvciBhIENvbnRyaWJ1dGlvbiBpbmNvcnBvcmF0ZWQgd2l0aGluIHRoZSBXb3JrIGNvbnN0aXR1dGVzIGRpcmVjdAogICAgICBvciBjb250cmlidXRvcnkgcGF0ZW50IGluZnJpbmdlbWVudCwgdGhlbiBhbnkgcGF0ZW50IGxpY2Vuc2VzCiAgICAgIGdyYW50ZWQgdG8gWW91IHVuZGVyIHRoaXMgTGljZW5zZSBmb3IgdGhhdCBXb3JrIHNoYWxsIHRlcm1pbmF0ZQogICAgICBhcyBvZiB0aGUgZGF0ZSBzdWNoIGxpdGlnYXRpb24gaXMgZmlsZWQuCgogICA0LiBSZWRpc3RyaWJ1dGlvbi4gWW91IG1heSByZXByb2R1Y2UgYW5kIGRpc3RyaWJ1dGUgY29waWVzIG9mIHRoZQogICAgICBXb3JrIG9yIERlcml2YXRpdmUgV29ya3MgdGhlcmVvZiBpbiBhbnkgbWVkaXVtLCB3aXRoIG9yIHdpdGhvdXQKICAgICAgbW9kaWZpY2F0aW9ucywgYW5kIGluIFNvdXJjZSBvciBPYmplY3QgZm9ybSwgcHJvdmlkZWQgdGhhdCBZb3UKICAgICAgbWVldCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnM6CgogICAgICAoYSkgWW91IG11c3QgZ2l2ZSBhbnkgb3RoZXIgcmVjaXBpZW50cyBvZiB0aGUgV29yayBvcgogICAgICAgICAgRGVyaXZhdGl2ZSBXb3JrcyBhIGNvcHkgb2YgdGhpcyBMaWNlbnNlOyBhbmQKCiAgICAgIChiKSBZb3UgbXVzdCBjYXVzZSBhbnkgbW9kaWZpZWQgZmlsZXMgdG8gY2FycnkgcHJvbWluZW50IG5vdGljZXMKICAgICAgICAgIHN0YXRpbmcgdGhhdCBZb3UgY2hhbmdlZCB0aGUgZmlsZXM7IGFuZAoKICAgICAgKGMpIFlvdSBtdXN0IHJldGFpbiwgaW4gdGhlIFNvdXJjZSBmb3JtIG9mIGFueSBEZXJpdmF0aXZlIFdvcmtzCiAgICAgICAgICB0aGF0IFlvdSBkaXN0cmlidXRlLCBhbGwgY29weXJpZ2h0LCBwYXRlbnQsIHRyYWRlbWFyaywgYW5kCiAgICAgICAgICBhdHRyaWJ1dGlvbiBub3RpY2VzIGZyb20gdGhlIFNvdXJjZSBmb3JtIG9mIHRoZSBXb3JrLAogICAgICAgICAgZXhjbHVkaW5nIHRob3NlIG5vdGljZXMgdGhhdCBkbyBub3QgcGVydGFpbiB0byBhbnkgcGFydCBvZgogICAgICAgICAgdGhlIERlcml2YXRpdmUgV29ya3M7IGFuZAoKICAgICAgKGQpIElmIHRoZSBXb3JrIGluY2x1ZGVzIGEgIk5PVElDRSIgdGV4dCBmaWxlIGFzIHBhcnQgb2YgaXRzCiAgICAgICAgICBkaXN0cmlidXRpb24sIHRoZW4gYW55IERlcml2YXRpdmUgV29ya3MgdGhhdCBZb3UgZGlzdHJpYnV0ZSBtdXN0CiAgICAgICAgICBpbmNsdWRlIGEgcmVhZGFibGUgY29weSBvZiB0aGUgYXR0cmlidXRpb24gbm90aWNlcyBjb250YWluZWQKICAgICAgICAgIHdpdGhpbiBzdWNoIE5PVElDRSBmaWxlLCBleGNsdWRpbmcgdGhvc2Ugbm90aWNlcyB0aGF0IGRvIG5vdAogICAgICAgICAgcGVydGFpbiB0byBhbnkgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaW4gYXQgbGVhc3Qgb25lCiAgICAgICAgICBvZiB0aGUgZm9sbG93aW5nIHBsYWNlczogd2l0aGluIGEgTk9USUNFIHRleHQgZmlsZSBkaXN0cmlidXRlZAogICAgICAgICAgYXMgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgd2l0aGluIHRoZSBTb3VyY2UgZm9ybSBvcgogICAgICAgICAgZG9jdW1lbnRhdGlvbiwgaWYgcHJvdmlkZWQgYWxvbmcgd2l0aCB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgb3IsCiAgICAgICAgICB3aXRoaW4gYSBkaXNwbGF5IGdlbmVyYXRlZCBieSB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaWYgYW5kCiAgICAgICAgICB3aGVyZXZlciBzdWNoIHRoaXJkLXBhcnR5IG5vdGljZXMgbm9ybWFsbHkgYXBwZWFyLiBUaGUgY29udGVudHMKICAgICAgICAgIG9mIHRoZSBOT1RJQ0UgZmlsZSBhcmUgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seSBhbmQKICAgICAgICAgIGRvIG5vdCBtb2RpZnkgdGhlIExpY2Vuc2UuIFlvdSBtYXkgYWRkIFlvdXIgb3duIGF0dHJpYnV0aW9uCiAgICAgICAgICBub3RpY2VzIHdpdGhpbiBEZXJpdmF0aXZlIFdvcmtzIHRoYXQgWW91IGRpc3RyaWJ1dGUsIGFsb25nc2lkZQogICAgICAgICAgb3IgYXMgYW4gYWRkZW5kdW0gdG8gdGhlIE5PVElDRSB0ZXh0IGZyb20gdGhlIFdvcmssIHByb3ZpZGVkCiAgICAgICAgICB0aGF0IHN1Y2ggYWRkaXRpb25hbCBhdHRyaWJ1dGlvbiBub3RpY2VzIGNhbm5vdCBiZSBjb25zdHJ1ZWQKICAgICAgICAgIGFzIG1vZGlmeWluZyB0aGUgTGljZW5zZS4KCiAgICAgIFlvdSBtYXkgYWRkIFlvdXIgb3duIGNvcHlyaWdodCBzdGF0ZW1lbnQgdG8gWW91ciBtb2RpZmljYXRpb25zIGFuZAogICAgICBtYXkgcHJvdmlkZSBhZGRpdGlvbmFsIG9yIGRpZmZlcmVudCBsaWNlbnNlIHRlcm1zIGFuZCBjb25kaXRpb25zCiAgICAgIGZvciB1c2UsIHJlcHJvZHVjdGlvbiwgb3IgZGlzdHJpYnV0aW9uIG9mIFlvdXIgbW9kaWZpY2F0aW9ucywgb3IKICAgICAgZm9yIGFueSBzdWNoIERlcml2YXRpdmUgV29ya3MgYXMgYSB3aG9sZSwgcHJvdmlkZWQgWW91ciB1c2UsCiAgICAgIHJlcHJvZHVjdGlvbiwgYW5kIGRpc3RyaWJ1dGlvbiBvZiB0aGUgV29yayBvdGhlcndpc2UgY29tcGxpZXMgd2l0aAogICAgICB0aGUgY29uZGl0aW9ucyBzdGF0ZWQgaW4gdGhpcyBMaWNlbnNlLgoKICAgNS4gU3VibWlzc2lvbiBvZiBDb250cmlidXRpb25zLiBVbmxlc3MgWW91IGV4cGxpY2l0bHkgc3RhdGUgb3RoZXJ3aXNlLAogICAgICBhbnkgQ29udHJpYnV0aW9uIGludGVudGlvbmFsbHkgc3VibWl0dGVkIGZvciBpbmNsdXNpb24gaW4gdGhlIFdvcmsKICAgICAgYnkgWW91IHRvIHRoZSBMaWNlbnNvciBzaGFsbCBiZSB1bmRlciB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCB3aXRob3V0IGFueSBhZGRpdGlvbmFsIHRlcm1zIG9yIGNvbmRpdGlvbnMuCiAgICAgIE5vdHdpdGhzdGFuZGluZyB0aGUgYWJvdmUsIG5vdGhpbmcgaGVyZWluIHNoYWxsIHN1cGVyc2VkZSBvciBtb2RpZnkKICAgICAgdGhlIHRlcm1zIG9mIGFueSBzZXBhcmF0ZSBsaWNlbnNlIGFncmVlbWVudCB5b3UgbWF5IGhhdmUgZXhlY3V0ZWQKICAgICAgd2l0aCBMaWNlbnNvciByZWdhcmRpbmcgc3VjaCBDb250cmlidXRpb25zLgoKICAgNi4gVHJhZGVtYXJrcy4gVGhpcyBMaWNlbnNlIGRvZXMgbm90IGdyYW50IHBlcm1pc3Npb24gdG8gdXNlIHRoZSB0cmFkZQogICAgICBuYW1lcywgdHJhZGVtYXJrcywgc2VydmljZSBtYXJrcywgb3IgcHJvZHVjdCBuYW1lcyBvZiB0aGUgTGljZW5zb3IsCiAgICAgIGV4Y2VwdCBhcyByZXF1aXJlZCBmb3IgcmVhc29uYWJsZSBhbmQgY3VzdG9tYXJ5IHVzZSBpbiBkZXNjcmliaW5nIHRoZQogICAgICBvcmlnaW4gb2YgdGhlIFdvcmsgYW5kIHJlcHJvZHVjaW5nIHRoZSBjb250ZW50IG9mIHRoZSBOT1RJQ0UgZmlsZS4KCiAgIDcuIERpc2NsYWltZXIgb2YgV2FycmFudHkuIFVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvcgogICAgICBhZ3JlZWQgdG8gaW4gd3JpdGluZywgTGljZW5zb3IgcHJvdmlkZXMgdGhlIFdvcmsgKGFuZCBlYWNoCiAgICAgIENvbnRyaWJ1dG9yIHByb3ZpZGVzIGl0cyBDb250cmlidXRpb25zKSBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICAgICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IKICAgICAgaW1wbGllZCwgaW5jbHVkaW5nLCB3aXRob3V0IGxpbWl0YXRpb24sIGFueSB3YXJyYW50aWVzIG9yIGNvbmRpdGlvbnMKICAgICAgb2YgVElUTEUsIE5PTi1JTkZSSU5HRU1FTlQsIE1FUkNIQU5UQUJJTElUWSwgb3IgRklUTkVTUyBGT1IgQQogICAgICBQQVJUSUNVTEFSIFBVUlBPU0UuIFlvdSBhcmUgc29sZWx5IHJlc3BvbnNpYmxlIGZvciBkZXRlcm1pbmluZyB0aGUKICAgICAgYXBwcm9wcmlhdGVuZXNzIG9mIHVzaW5nIG9yIHJlZGlzdHJpYnV0aW5nIHRoZSBXb3JrIGFuZCBhc3N1bWUgYW55CiAgICAgIHJpc2tzIGFzc29jaWF0ZWQgd2l0aCBZb3VyIGV4ZXJjaXNlIG9mIHBlcm1pc3Npb25zIHVuZGVyIHRoaXMgTGljZW5zZS4KCiAgIDguIExpbWl0YXRpb24gb2YgTGlhYmlsaXR5LiBJbiBubyBldmVudCBhbmQgdW5kZXIgbm8gbGVnYWwgdGhlb3J5LAogICAgICB3aGV0aGVyIGluIHRvcnQgKGluY2x1ZGluZyBuZWdsaWdlbmNlKSwgY29udHJhY3QsIG9yIG90aGVyd2lzZSwKICAgICAgdW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IChzdWNoIGFzIGRlbGliZXJhdGUgYW5kIGdyb3NzbHkKICAgICAgbmVnbGlnZW50IGFjdHMpIG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzaGFsbCBhbnkgQ29udHJpYnV0b3IgYmUKICAgICAgbGlhYmxlIHRvIFlvdSBmb3IgZGFtYWdlcywgaW5jbHVkaW5nIGFueSBkaXJlY3QsIGluZGlyZWN0LCBzcGVjaWFsLAogICAgICBpbmNpZGVudGFsLCBvciBjb25zZXF1ZW50aWFsIGRhbWFnZXMgb2YgYW55IGNoYXJhY3RlciBhcmlzaW5nIGFzIGEKICAgICAgcmVzdWx0IG9mIHRoaXMgTGljZW5zZSBvciBvdXQgb2YgdGhlIHVzZSBvciBpbmFiaWxpdHkgdG8gdXNlIHRoZQogICAgICBXb3JrIChpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIGRhbWFnZXMgZm9yIGxvc3Mgb2YgZ29vZHdpbGwsCiAgICAgIHdvcmsgc3RvcHBhZ2UsIGNvbXB1dGVyIGZhaWx1cmUgb3IgbWFsZnVuY3Rpb24sIG9yIGFueSBhbmQgYWxsCiAgICAgIG90aGVyIGNvbW1lcmNpYWwgZGFtYWdlcyBvciBsb3NzZXMpLCBldmVuIGlmIHN1Y2ggQ29udHJpYnV0b3IKICAgICAgaGFzIGJlZW4gYWR2aXNlZCBvZiB0aGUgcG9zc2liaWxpdHkgb2Ygc3VjaCBkYW1hZ2VzLgoKICAgOS4gQWNjZXB0aW5nIFdhcnJhbnR5IG9yIEFkZGl0aW9uYWwgTGlhYmlsaXR5LiBXaGlsZSByZWRpc3RyaWJ1dGluZwogICAgICB0aGUgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIFlvdSBtYXkgY2hvb3NlIHRvIG9mZmVyLAogICAgICBhbmQgY2hhcmdlIGEgZmVlIGZvciwgYWNjZXB0YW5jZSBvZiBzdXBwb3J0LCB3YXJyYW50eSwgaW5kZW1uaXR5LAogICAgICBvciBvdGhlciBsaWFiaWxpdHkgb2JsaWdhdGlvbnMgYW5kL29yIHJpZ2h0cyBjb25zaXN0ZW50IHdpdGggdGhpcwogICAgICBMaWNlbnNlLiBIb3dldmVyLCBpbiBhY2NlcHRpbmcgc3VjaCBvYmxpZ2F0aW9ucywgWW91IG1heSBhY3Qgb25seQogICAgICBvbiBZb3VyIG93biBiZWhhbGYgYW5kIG9uIFlvdXIgc29sZSByZXNwb25zaWJpbGl0eSwgbm90IG9uIGJlaGFsZgogICAgICBvZiBhbnkgb3RoZXIgQ29udHJpYnV0b3IsIGFuZCBvbmx5IGlmIFlvdSBhZ3JlZSB0byBpbmRlbW5pZnksCiAgICAgIGRlZmVuZCwgYW5kIGhvbGQgZWFjaCBDb250cmlidXRvciBoYXJtbGVzcyBmb3IgYW55IGxpYWJpbGl0eQogICAgICBpbmN1cnJlZCBieSwgb3IgY2xhaW1zIGFzc2VydGVkIGFnYWluc3QsIHN1Y2ggQ29udHJpYnV0b3IgYnkgcmVhc29uCiAgICAgIG9mIHlvdXIgYWNjZXB0aW5nIGFueSBzdWNoIHdhcnJhbnR5IG9yIGFkZGl0aW9uYWwgbGlhYmlsaXR5LgoKICAgRU5EIE9GIFRFUk1TIEFORCBDT05ESVRJT05TCgogICBBUFBFTkRJWDogSG93IHRvIGFwcGx5IHRoZSBBcGFjaGUgTGljZW5zZSB0byB5b3VyIHdvcmsuCgogICAgICBUbyBhcHBseSB0aGUgQXBhY2hlIExpY2Vuc2UgdG8geW91ciB3b3JrLCBhdHRhY2ggdGhlIGZvbGxvd2luZwogICAgICBib2lsZXJwbGF0ZSBub3RpY2UsIHdpdGggdGhlIGZpZWxkcyBlbmNsb3NlZCBieSBicmFja2V0cyAiW10iCiAgICAgIHJlcGxhY2VkIHdpdGggeW91ciBvd24gaWRlbnRpZnlpbmcgaW5mb3JtYXRpb24uIChEb24ndCBpbmNsdWRlCiAgICAgIHRoZSBicmFja2V0cyEpICBUaGUgdGV4dCBzaG91bGQgYmUgZW5jbG9zZWQgaW4gdGhlIGFwcHJvcHJpYXRlCiAgICAgIGNvbW1lbnQgc3ludGF4IGZvciB0aGUgZmlsZSBmb3JtYXQuIFdlIGFsc28gcmVjb21tZW5kIHRoYXQgYQogICAgICBmaWxlIG9yIGNsYXNzIG5hbWUgYW5kIGRlc2NyaXB0aW9uIG9mIHB1cnBvc2UgYmUgaW5jbHVkZWQgb24gdGhlCiAgICAgIHNhbWUgInByaW50ZWQgcGFnZSIgYXMgdGhlIGNvcHlyaWdodCBub3RpY2UgZm9yIGVhc2llcgogICAgICBpZGVudGlmaWNhdGlvbiB3aXRoaW4gdGhpcmQtcGFydHkgYXJjaGl2ZXMuCgogICBDb3B5cmlnaHQgW3l5eXldIFtuYW1lIG9mIGNvcHlyaWdodCBvd25lcl0KCiAgIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSAiTGljZW5zZSIpOwogICB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiAgIFlvdSBtYXkgb2J0YWluIGEgY29weSBvZiB0aGUgTGljZW5zZSBhdAoKICAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMAoKICAgVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZQogICBkaXN0cmlidXRlZCB1bmRlciB0aGUgTGljZW5zZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KICAgU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zIGFuZAogICBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS4=" + }, + "url": "https://www.apache.org/licenses/LICENSE-2.0.txt" + } + } + ] + } + ] +} diff --git a/src/test/resources/1.5/invalid-license-encoding-1.5.xml b/src/test/resources/1.5/invalid-license-encoding-1.5.xml new file mode 100644 index 000000000..6f14fdc10 --- /dev/null +++ b/src/test/resources/1.5/invalid-license-encoding-1.5.xml @@ -0,0 +1,27 @@ + + + + + Acme Inc + com.acme + tomcat-catalina + 9.0.14 + Modified version of Apache Catalina + required + + 3942447fac867ae5cdb3229b658f4d48 + e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a + f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b + e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 + + + + Apache-2.0 + CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFwYWNoZSBMaWNlbnNlCiAgICAgICAgICAgICAgICAgICAgICAgICAgIFZlcnNpb24gMi4wLCBKYW51YXJ5IDIwMDQKICAgICAgICAgICAgICAgICAgICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzLwoKICAgVEVSTVMgQU5EIENPTkRJVElPTlMgRk9SIFVTRSwgUkVQUk9EVUNUSU9OLCBBTkQgRElTVFJJQlVUSU9OCgogICAxLiBEZWZpbml0aW9ucy4KCiAgICAgICJMaWNlbnNlIiBzaGFsbCBtZWFuIHRoZSB0ZXJtcyBhbmQgY29uZGl0aW9ucyBmb3IgdXNlLCByZXByb2R1Y3Rpb24sCiAgICAgIGFuZCBkaXN0cmlidXRpb24gYXMgZGVmaW5lZCBieSBTZWN0aW9ucyAxIHRocm91Z2ggOSBvZiB0aGlzIGRvY3VtZW50LgoKICAgICAgIkxpY2Vuc29yIiBzaGFsbCBtZWFuIHRoZSBjb3B5cmlnaHQgb3duZXIgb3IgZW50aXR5IGF1dGhvcml6ZWQgYnkKICAgICAgdGhlIGNvcHlyaWdodCBvd25lciB0aGF0IGlzIGdyYW50aW5nIHRoZSBMaWNlbnNlLgoKICAgICAgIkxlZ2FsIEVudGl0eSIgc2hhbGwgbWVhbiB0aGUgdW5pb24gb2YgdGhlIGFjdGluZyBlbnRpdHkgYW5kIGFsbAogICAgICBvdGhlciBlbnRpdGllcyB0aGF0IGNvbnRyb2wsIGFyZSBjb250cm9sbGVkIGJ5LCBvciBhcmUgdW5kZXIgY29tbW9uCiAgICAgIGNvbnRyb2wgd2l0aCB0aGF0IGVudGl0eS4gRm9yIHRoZSBwdXJwb3NlcyBvZiB0aGlzIGRlZmluaXRpb24sCiAgICAgICJjb250cm9sIiBtZWFucyAoaSkgdGhlIHBvd2VyLCBkaXJlY3Qgb3IgaW5kaXJlY3QsIHRvIGNhdXNlIHRoZQogICAgICBkaXJlY3Rpb24gb3IgbWFuYWdlbWVudCBvZiBzdWNoIGVudGl0eSwgd2hldGhlciBieSBjb250cmFjdCBvcgogICAgICBvdGhlcndpc2UsIG9yIChpaSkgb3duZXJzaGlwIG9mIGZpZnR5IHBlcmNlbnQgKDUwJSkgb3IgbW9yZSBvZiB0aGUKICAgICAgb3V0c3RhbmRpbmcgc2hhcmVzLCBvciAoaWlpKSBiZW5lZmljaWFsIG93bmVyc2hpcCBvZiBzdWNoIGVudGl0eS4KCiAgICAgICJZb3UiIChvciAiWW91ciIpIHNoYWxsIG1lYW4gYW4gaW5kaXZpZHVhbCBvciBMZWdhbCBFbnRpdHkKICAgICAgZXhlcmNpc2luZyBwZXJtaXNzaW9ucyBncmFudGVkIGJ5IHRoaXMgTGljZW5zZS4KCiAgICAgICJTb3VyY2UiIGZvcm0gc2hhbGwgbWVhbiB0aGUgcHJlZmVycmVkIGZvcm0gZm9yIG1ha2luZyBtb2RpZmljYXRpb25zLAogICAgICBpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIHNvZnR3YXJlIHNvdXJjZSBjb2RlLCBkb2N1bWVudGF0aW9uCiAgICAgIHNvdXJjZSwgYW5kIGNvbmZpZ3VyYXRpb24gZmlsZXMuCgogICAgICAiT2JqZWN0IiBmb3JtIHNoYWxsIG1lYW4gYW55IGZvcm0gcmVzdWx0aW5nIGZyb20gbWVjaGFuaWNhbAogICAgICB0cmFuc2Zvcm1hdGlvbiBvciB0cmFuc2xhdGlvbiBvZiBhIFNvdXJjZSBmb3JtLCBpbmNsdWRpbmcgYnV0CiAgICAgIG5vdCBsaW1pdGVkIHRvIGNvbXBpbGVkIG9iamVjdCBjb2RlLCBnZW5lcmF0ZWQgZG9jdW1lbnRhdGlvbiwKICAgICAgYW5kIGNvbnZlcnNpb25zIHRvIG90aGVyIG1lZGlhIHR5cGVzLgoKICAgICAgIldvcmsiIHNoYWxsIG1lYW4gdGhlIHdvcmsgb2YgYXV0aG9yc2hpcCwgd2hldGhlciBpbiBTb3VyY2Ugb3IKICAgICAgT2JqZWN0IGZvcm0sIG1hZGUgYXZhaWxhYmxlIHVuZGVyIHRoZSBMaWNlbnNlLCBhcyBpbmRpY2F0ZWQgYnkgYQogICAgICBjb3B5cmlnaHQgbm90aWNlIHRoYXQgaXMgaW5jbHVkZWQgaW4gb3IgYXR0YWNoZWQgdG8gdGhlIHdvcmsKICAgICAgKGFuIGV4YW1wbGUgaXMgcHJvdmlkZWQgaW4gdGhlIEFwcGVuZGl4IGJlbG93KS4KCiAgICAgICJEZXJpdmF0aXZlIFdvcmtzIiBzaGFsbCBtZWFuIGFueSB3b3JrLCB3aGV0aGVyIGluIFNvdXJjZSBvciBPYmplY3QKICAgICAgZm9ybSwgdGhhdCBpcyBiYXNlZCBvbiAob3IgZGVyaXZlZCBmcm9tKSB0aGUgV29yayBhbmQgZm9yIHdoaWNoIHRoZQogICAgICBlZGl0b3JpYWwgcmV2aXNpb25zLCBhbm5vdGF0aW9ucywgZWxhYm9yYXRpb25zLCBvciBvdGhlciBtb2RpZmljYXRpb25zCiAgICAgIHJlcHJlc2VudCwgYXMgYSB3aG9sZSwgYW4gb3JpZ2luYWwgd29yayBvZiBhdXRob3JzaGlwLiBGb3IgdGhlIHB1cnBvc2VzCiAgICAgIG9mIHRoaXMgTGljZW5zZSwgRGVyaXZhdGl2ZSBXb3JrcyBzaGFsbCBub3QgaW5jbHVkZSB3b3JrcyB0aGF0IHJlbWFpbgogICAgICBzZXBhcmFibGUgZnJvbSwgb3IgbWVyZWx5IGxpbmsgKG9yIGJpbmQgYnkgbmFtZSkgdG8gdGhlIGludGVyZmFjZXMgb2YsCiAgICAgIHRoZSBXb3JrIGFuZCBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YuCgogICAgICAiQ29udHJpYnV0aW9uIiBzaGFsbCBtZWFuIGFueSB3b3JrIG9mIGF1dGhvcnNoaXAsIGluY2x1ZGluZwogICAgICB0aGUgb3JpZ2luYWwgdmVyc2lvbiBvZiB0aGUgV29yayBhbmQgYW55IG1vZGlmaWNhdGlvbnMgb3IgYWRkaXRpb25zCiAgICAgIHRvIHRoYXQgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIHRoYXQgaXMgaW50ZW50aW9uYWxseQogICAgICBzdWJtaXR0ZWQgdG8gTGljZW5zb3IgZm9yIGluY2x1c2lvbiBpbiB0aGUgV29yayBieSB0aGUgY29weXJpZ2h0IG93bmVyCiAgICAgIG9yIGJ5IGFuIGluZGl2aWR1YWwgb3IgTGVnYWwgRW50aXR5IGF1dGhvcml6ZWQgdG8gc3VibWl0IG9uIGJlaGFsZiBvZgogICAgICB0aGUgY29weXJpZ2h0IG93bmVyLiBGb3IgdGhlIHB1cnBvc2VzIG9mIHRoaXMgZGVmaW5pdGlvbiwgInN1Ym1pdHRlZCIKICAgICAgbWVhbnMgYW55IGZvcm0gb2YgZWxlY3Ryb25pYywgdmVyYmFsLCBvciB3cml0dGVuIGNvbW11bmljYXRpb24gc2VudAogICAgICB0byB0aGUgTGljZW5zb3Igb3IgaXRzIHJlcHJlc2VudGF0aXZlcywgaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0bwogICAgICBjb21tdW5pY2F0aW9uIG9uIGVsZWN0cm9uaWMgbWFpbGluZyBsaXN0cywgc291cmNlIGNvZGUgY29udHJvbCBzeXN0ZW1zLAogICAgICBhbmQgaXNzdWUgdHJhY2tpbmcgc3lzdGVtcyB0aGF0IGFyZSBtYW5hZ2VkIGJ5LCBvciBvbiBiZWhhbGYgb2YsIHRoZQogICAgICBMaWNlbnNvciBmb3IgdGhlIHB1cnBvc2Ugb2YgZGlzY3Vzc2luZyBhbmQgaW1wcm92aW5nIHRoZSBXb3JrLCBidXQKICAgICAgZXhjbHVkaW5nIGNvbW11bmljYXRpb24gdGhhdCBpcyBjb25zcGljdW91c2x5IG1hcmtlZCBvciBvdGhlcndpc2UKICAgICAgZGVzaWduYXRlZCBpbiB3cml0aW5nIGJ5IHRoZSBjb3B5cmlnaHQgb3duZXIgYXMgIk5vdCBhIENvbnRyaWJ1dGlvbi4iCgogICAgICAiQ29udHJpYnV0b3IiIHNoYWxsIG1lYW4gTGljZW5zb3IgYW5kIGFueSBpbmRpdmlkdWFsIG9yIExlZ2FsIEVudGl0eQogICAgICBvbiBiZWhhbGYgb2Ygd2hvbSBhIENvbnRyaWJ1dGlvbiBoYXMgYmVlbiByZWNlaXZlZCBieSBMaWNlbnNvciBhbmQKICAgICAgc3Vic2VxdWVudGx5IGluY29ycG9yYXRlZCB3aXRoaW4gdGhlIFdvcmsuCgogICAyLiBHcmFudCBvZiBDb3B5cmlnaHQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICBjb3B5cmlnaHQgbGljZW5zZSB0byByZXByb2R1Y2UsIHByZXBhcmUgRGVyaXZhdGl2ZSBXb3JrcyBvZiwKICAgICAgcHVibGljbHkgZGlzcGxheSwgcHVibGljbHkgcGVyZm9ybSwgc3VibGljZW5zZSwgYW5kIGRpc3RyaWJ1dGUgdGhlCiAgICAgIFdvcmsgYW5kIHN1Y2ggRGVyaXZhdGl2ZSBXb3JrcyBpbiBTb3VyY2Ugb3IgT2JqZWN0IGZvcm0uCgogICAzLiBHcmFudCBvZiBQYXRlbnQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICAoZXhjZXB0IGFzIHN0YXRlZCBpbiB0aGlzIHNlY3Rpb24pIHBhdGVudCBsaWNlbnNlIHRvIG1ha2UsIGhhdmUgbWFkZSwKICAgICAgdXNlLCBvZmZlciB0byBzZWxsLCBzZWxsLCBpbXBvcnQsIGFuZCBvdGhlcndpc2UgdHJhbnNmZXIgdGhlIFdvcmssCiAgICAgIHdoZXJlIHN1Y2ggbGljZW5zZSBhcHBsaWVzIG9ubHkgdG8gdGhvc2UgcGF0ZW50IGNsYWltcyBsaWNlbnNhYmxlCiAgICAgIGJ5IHN1Y2ggQ29udHJpYnV0b3IgdGhhdCBhcmUgbmVjZXNzYXJpbHkgaW5mcmluZ2VkIGJ5IHRoZWlyCiAgICAgIENvbnRyaWJ1dGlvbihzKSBhbG9uZSBvciBieSBjb21iaW5hdGlvbiBvZiB0aGVpciBDb250cmlidXRpb24ocykKICAgICAgd2l0aCB0aGUgV29yayB0byB3aGljaCBzdWNoIENvbnRyaWJ1dGlvbihzKSB3YXMgc3VibWl0dGVkLiBJZiBZb3UKICAgICAgaW5zdGl0dXRlIHBhdGVudCBsaXRpZ2F0aW9uIGFnYWluc3QgYW55IGVudGl0eSAoaW5jbHVkaW5nIGEKICAgICAgY3Jvc3MtY2xhaW0gb3IgY291bnRlcmNsYWltIGluIGEgbGF3c3VpdCkgYWxsZWdpbmcgdGhhdCB0aGUgV29yawogICAgICBvciBhIENvbnRyaWJ1dGlvbiBpbmNvcnBvcmF0ZWQgd2l0aGluIHRoZSBXb3JrIGNvbnN0aXR1dGVzIGRpcmVjdAogICAgICBvciBjb250cmlidXRvcnkgcGF0ZW50IGluZnJpbmdlbWVudCwgdGhlbiBhbnkgcGF0ZW50IGxpY2Vuc2VzCiAgICAgIGdyYW50ZWQgdG8gWW91IHVuZGVyIHRoaXMgTGljZW5zZSBmb3IgdGhhdCBXb3JrIHNoYWxsIHRlcm1pbmF0ZQogICAgICBhcyBvZiB0aGUgZGF0ZSBzdWNoIGxpdGlnYXRpb24gaXMgZmlsZWQuCgogICA0LiBSZWRpc3RyaWJ1dGlvbi4gWW91IG1heSByZXByb2R1Y2UgYW5kIGRpc3RyaWJ1dGUgY29waWVzIG9mIHRoZQogICAgICBXb3JrIG9yIERlcml2YXRpdmUgV29ya3MgdGhlcmVvZiBpbiBhbnkgbWVkaXVtLCB3aXRoIG9yIHdpdGhvdXQKICAgICAgbW9kaWZpY2F0aW9ucywgYW5kIGluIFNvdXJjZSBvciBPYmplY3QgZm9ybSwgcHJvdmlkZWQgdGhhdCBZb3UKICAgICAgbWVldCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnM6CgogICAgICAoYSkgWW91IG11c3QgZ2l2ZSBhbnkgb3RoZXIgcmVjaXBpZW50cyBvZiB0aGUgV29yayBvcgogICAgICAgICAgRGVyaXZhdGl2ZSBXb3JrcyBhIGNvcHkgb2YgdGhpcyBMaWNlbnNlOyBhbmQKCiAgICAgIChiKSBZb3UgbXVzdCBjYXVzZSBhbnkgbW9kaWZpZWQgZmlsZXMgdG8gY2FycnkgcHJvbWluZW50IG5vdGljZXMKICAgICAgICAgIHN0YXRpbmcgdGhhdCBZb3UgY2hhbmdlZCB0aGUgZmlsZXM7IGFuZAoKICAgICAgKGMpIFlvdSBtdXN0IHJldGFpbiwgaW4gdGhlIFNvdXJjZSBmb3JtIG9mIGFueSBEZXJpdmF0aXZlIFdvcmtzCiAgICAgICAgICB0aGF0IFlvdSBkaXN0cmlidXRlLCBhbGwgY29weXJpZ2h0LCBwYXRlbnQsIHRyYWRlbWFyaywgYW5kCiAgICAgICAgICBhdHRyaWJ1dGlvbiBub3RpY2VzIGZyb20gdGhlIFNvdXJjZSBmb3JtIG9mIHRoZSBXb3JrLAogICAgICAgICAgZXhjbHVkaW5nIHRob3NlIG5vdGljZXMgdGhhdCBkbyBub3QgcGVydGFpbiB0byBhbnkgcGFydCBvZgogICAgICAgICAgdGhlIERlcml2YXRpdmUgV29ya3M7IGFuZAoKICAgICAgKGQpIElmIHRoZSBXb3JrIGluY2x1ZGVzIGEgIk5PVElDRSIgdGV4dCBmaWxlIGFzIHBhcnQgb2YgaXRzCiAgICAgICAgICBkaXN0cmlidXRpb24sIHRoZW4gYW55IERlcml2YXRpdmUgV29ya3MgdGhhdCBZb3UgZGlzdHJpYnV0ZSBtdXN0CiAgICAgICAgICBpbmNsdWRlIGEgcmVhZGFibGUgY29weSBvZiB0aGUgYXR0cmlidXRpb24gbm90aWNlcyBjb250YWluZWQKICAgICAgICAgIHdpdGhpbiBzdWNoIE5PVElDRSBmaWxlLCBleGNsdWRpbmcgdGhvc2Ugbm90aWNlcyB0aGF0IGRvIG5vdAogICAgICAgICAgcGVydGFpbiB0byBhbnkgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaW4gYXQgbGVhc3Qgb25lCiAgICAgICAgICBvZiB0aGUgZm9sbG93aW5nIHBsYWNlczogd2l0aGluIGEgTk9USUNFIHRleHQgZmlsZSBkaXN0cmlidXRlZAogICAgICAgICAgYXMgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgd2l0aGluIHRoZSBTb3VyY2UgZm9ybSBvcgogICAgICAgICAgZG9jdW1lbnRhdGlvbiwgaWYgcHJvdmlkZWQgYWxvbmcgd2l0aCB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgb3IsCiAgICAgICAgICB3aXRoaW4gYSBkaXNwbGF5IGdlbmVyYXRlZCBieSB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaWYgYW5kCiAgICAgICAgICB3aGVyZXZlciBzdWNoIHRoaXJkLXBhcnR5IG5vdGljZXMgbm9ybWFsbHkgYXBwZWFyLiBUaGUgY29udGVudHMKICAgICAgICAgIG9mIHRoZSBOT1RJQ0UgZmlsZSBhcmUgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seSBhbmQKICAgICAgICAgIGRvIG5vdCBtb2RpZnkgdGhlIExpY2Vuc2UuIFlvdSBtYXkgYWRkIFlvdXIgb3duIGF0dHJpYnV0aW9uCiAgICAgICAgICBub3RpY2VzIHdpdGhpbiBEZXJpdmF0aXZlIFdvcmtzIHRoYXQgWW91IGRpc3RyaWJ1dGUsIGFsb25nc2lkZQogICAgICAgICAgb3IgYXMgYW4gYWRkZW5kdW0gdG8gdGhlIE5PVElDRSB0ZXh0IGZyb20gdGhlIFdvcmssIHByb3ZpZGVkCiAgICAgICAgICB0aGF0IHN1Y2ggYWRkaXRpb25hbCBhdHRyaWJ1dGlvbiBub3RpY2VzIGNhbm5vdCBiZSBjb25zdHJ1ZWQKICAgICAgICAgIGFzIG1vZGlmeWluZyB0aGUgTGljZW5zZS4KCiAgICAgIFlvdSBtYXkgYWRkIFlvdXIgb3duIGNvcHlyaWdodCBzdGF0ZW1lbnQgdG8gWW91ciBtb2RpZmljYXRpb25zIGFuZAogICAgICBtYXkgcHJvdmlkZSBhZGRpdGlvbmFsIG9yIGRpZmZlcmVudCBsaWNlbnNlIHRlcm1zIGFuZCBjb25kaXRpb25zCiAgICAgIGZvciB1c2UsIHJlcHJvZHVjdGlvbiwgb3IgZGlzdHJpYnV0aW9uIG9mIFlvdXIgbW9kaWZpY2F0aW9ucywgb3IKICAgICAgZm9yIGFueSBzdWNoIERlcml2YXRpdmUgV29ya3MgYXMgYSB3aG9sZSwgcHJvdmlkZWQgWW91ciB1c2UsCiAgICAgIHJlcHJvZHVjdGlvbiwgYW5kIGRpc3RyaWJ1dGlvbiBvZiB0aGUgV29yayBvdGhlcndpc2UgY29tcGxpZXMgd2l0aAogICAgICB0aGUgY29uZGl0aW9ucyBzdGF0ZWQgaW4gdGhpcyBMaWNlbnNlLgoKICAgNS4gU3VibWlzc2lvbiBvZiBDb250cmlidXRpb25zLiBVbmxlc3MgWW91IGV4cGxpY2l0bHkgc3RhdGUgb3RoZXJ3aXNlLAogICAgICBhbnkgQ29udHJpYnV0aW9uIGludGVudGlvbmFsbHkgc3VibWl0dGVkIGZvciBpbmNsdXNpb24gaW4gdGhlIFdvcmsKICAgICAgYnkgWW91IHRvIHRoZSBMaWNlbnNvciBzaGFsbCBiZSB1bmRlciB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCB3aXRob3V0IGFueSBhZGRpdGlvbmFsIHRlcm1zIG9yIGNvbmRpdGlvbnMuCiAgICAgIE5vdHdpdGhzdGFuZGluZyB0aGUgYWJvdmUsIG5vdGhpbmcgaGVyZWluIHNoYWxsIHN1cGVyc2VkZSBvciBtb2RpZnkKICAgICAgdGhlIHRlcm1zIG9mIGFueSBzZXBhcmF0ZSBsaWNlbnNlIGFncmVlbWVudCB5b3UgbWF5IGhhdmUgZXhlY3V0ZWQKICAgICAgd2l0aCBMaWNlbnNvciByZWdhcmRpbmcgc3VjaCBDb250cmlidXRpb25zLgoKICAgNi4gVHJhZGVtYXJrcy4gVGhpcyBMaWNlbnNlIGRvZXMgbm90IGdyYW50IHBlcm1pc3Npb24gdG8gdXNlIHRoZSB0cmFkZQogICAgICBuYW1lcywgdHJhZGVtYXJrcywgc2VydmljZSBtYXJrcywgb3IgcHJvZHVjdCBuYW1lcyBvZiB0aGUgTGljZW5zb3IsCiAgICAgIGV4Y2VwdCBhcyByZXF1aXJlZCBmb3IgcmVhc29uYWJsZSBhbmQgY3VzdG9tYXJ5IHVzZSBpbiBkZXNjcmliaW5nIHRoZQogICAgICBvcmlnaW4gb2YgdGhlIFdvcmsgYW5kIHJlcHJvZHVjaW5nIHRoZSBjb250ZW50IG9mIHRoZSBOT1RJQ0UgZmlsZS4KCiAgIDcuIERpc2NsYWltZXIgb2YgV2FycmFudHkuIFVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvcgogICAgICBhZ3JlZWQgdG8gaW4gd3JpdGluZywgTGljZW5zb3IgcHJvdmlkZXMgdGhlIFdvcmsgKGFuZCBlYWNoCiAgICAgIENvbnRyaWJ1dG9yIHByb3ZpZGVzIGl0cyBDb250cmlidXRpb25zKSBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICAgICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IKICAgICAgaW1wbGllZCwgaW5jbHVkaW5nLCB3aXRob3V0IGxpbWl0YXRpb24sIGFueSB3YXJyYW50aWVzIG9yIGNvbmRpdGlvbnMKICAgICAgb2YgVElUTEUsIE5PTi1JTkZSSU5HRU1FTlQsIE1FUkNIQU5UQUJJTElUWSwgb3IgRklUTkVTUyBGT1IgQQogICAgICBQQVJUSUNVTEFSIFBVUlBPU0UuIFlvdSBhcmUgc29sZWx5IHJlc3BvbnNpYmxlIGZvciBkZXRlcm1pbmluZyB0aGUKICAgICAgYXBwcm9wcmlhdGVuZXNzIG9mIHVzaW5nIG9yIHJlZGlzdHJpYnV0aW5nIHRoZSBXb3JrIGFuZCBhc3N1bWUgYW55CiAgICAgIHJpc2tzIGFzc29jaWF0ZWQgd2l0aCBZb3VyIGV4ZXJjaXNlIG9mIHBlcm1pc3Npb25zIHVuZGVyIHRoaXMgTGljZW5zZS4KCiAgIDguIExpbWl0YXRpb24gb2YgTGlhYmlsaXR5LiBJbiBubyBldmVudCBhbmQgdW5kZXIgbm8gbGVnYWwgdGhlb3J5LAogICAgICB3aGV0aGVyIGluIHRvcnQgKGluY2x1ZGluZyBuZWdsaWdlbmNlKSwgY29udHJhY3QsIG9yIG90aGVyd2lzZSwKICAgICAgdW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IChzdWNoIGFzIGRlbGliZXJhdGUgYW5kIGdyb3NzbHkKICAgICAgbmVnbGlnZW50IGFjdHMpIG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzaGFsbCBhbnkgQ29udHJpYnV0b3IgYmUKICAgICAgbGlhYmxlIHRvIFlvdSBmb3IgZGFtYWdlcywgaW5jbHVkaW5nIGFueSBkaXJlY3QsIGluZGlyZWN0LCBzcGVjaWFsLAogICAgICBpbmNpZGVudGFsLCBvciBjb25zZXF1ZW50aWFsIGRhbWFnZXMgb2YgYW55IGNoYXJhY3RlciBhcmlzaW5nIGFzIGEKICAgICAgcmVzdWx0IG9mIHRoaXMgTGljZW5zZSBvciBvdXQgb2YgdGhlIHVzZSBvciBpbmFiaWxpdHkgdG8gdXNlIHRoZQogICAgICBXb3JrIChpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIGRhbWFnZXMgZm9yIGxvc3Mgb2YgZ29vZHdpbGwsCiAgICAgIHdvcmsgc3RvcHBhZ2UsIGNvbXB1dGVyIGZhaWx1cmUgb3IgbWFsZnVuY3Rpb24sIG9yIGFueSBhbmQgYWxsCiAgICAgIG90aGVyIGNvbW1lcmNpYWwgZGFtYWdlcyBvciBsb3NzZXMpLCBldmVuIGlmIHN1Y2ggQ29udHJpYnV0b3IKICAgICAgaGFzIGJlZW4gYWR2aXNlZCBvZiB0aGUgcG9zc2liaWxpdHkgb2Ygc3VjaCBkYW1hZ2VzLgoKICAgOS4gQWNjZXB0aW5nIFdhcnJhbnR5IG9yIEFkZGl0aW9uYWwgTGlhYmlsaXR5LiBXaGlsZSByZWRpc3RyaWJ1dGluZwogICAgICB0aGUgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIFlvdSBtYXkgY2hvb3NlIHRvIG9mZmVyLAogICAgICBhbmQgY2hhcmdlIGEgZmVlIGZvciwgYWNjZXB0YW5jZSBvZiBzdXBwb3J0LCB3YXJyYW50eSwgaW5kZW1uaXR5LAogICAgICBvciBvdGhlciBsaWFiaWxpdHkgb2JsaWdhdGlvbnMgYW5kL29yIHJpZ2h0cyBjb25zaXN0ZW50IHdpdGggdGhpcwogICAgICBMaWNlbnNlLiBIb3dldmVyLCBpbiBhY2NlcHRpbmcgc3VjaCBvYmxpZ2F0aW9ucywgWW91IG1heSBhY3Qgb25seQogICAgICBvbiBZb3VyIG93biBiZWhhbGYgYW5kIG9uIFlvdXIgc29sZSByZXNwb25zaWJpbGl0eSwgbm90IG9uIGJlaGFsZgogICAgICBvZiBhbnkgb3RoZXIgQ29udHJpYnV0b3IsIGFuZCBvbmx5IGlmIFlvdSBhZ3JlZSB0byBpbmRlbW5pZnksCiAgICAgIGRlZmVuZCwgYW5kIGhvbGQgZWFjaCBDb250cmlidXRvciBoYXJtbGVzcyBmb3IgYW55IGxpYWJpbGl0eQogICAgICBpbmN1cnJlZCBieSwgb3IgY2xhaW1zIGFzc2VydGVkIGFnYWluc3QsIHN1Y2ggQ29udHJpYnV0b3IgYnkgcmVhc29uCiAgICAgIG9mIHlvdXIgYWNjZXB0aW5nIGFueSBzdWNoIHdhcnJhbnR5IG9yIGFkZGl0aW9uYWwgbGlhYmlsaXR5LgoKICAgRU5EIE9GIFRFUk1TIEFORCBDT05ESVRJT05TCgogICBBUFBFTkRJWDogSG93IHRvIGFwcGx5IHRoZSBBcGFjaGUgTGljZW5zZSB0byB5b3VyIHdvcmsuCgogICAgICBUbyBhcHBseSB0aGUgQXBhY2hlIExpY2Vuc2UgdG8geW91ciB3b3JrLCBhdHRhY2ggdGhlIGZvbGxvd2luZwogICAgICBib2lsZXJwbGF0ZSBub3RpY2UsIHdpdGggdGhlIGZpZWxkcyBlbmNsb3NlZCBieSBicmFja2V0cyAiW10iCiAgICAgIHJlcGxhY2VkIHdpdGggeW91ciBvd24gaWRlbnRpZnlpbmcgaW5mb3JtYXRpb24uIChEb24ndCBpbmNsdWRlCiAgICAgIHRoZSBicmFja2V0cyEpICBUaGUgdGV4dCBzaG91bGQgYmUgZW5jbG9zZWQgaW4gdGhlIGFwcHJvcHJpYXRlCiAgICAgIGNvbW1lbnQgc3ludGF4IGZvciB0aGUgZmlsZSBmb3JtYXQuIFdlIGFsc28gcmVjb21tZW5kIHRoYXQgYQogICAgICBmaWxlIG9yIGNsYXNzIG5hbWUgYW5kIGRlc2NyaXB0aW9uIG9mIHB1cnBvc2UgYmUgaW5jbHVkZWQgb24gdGhlCiAgICAgIHNhbWUgInByaW50ZWQgcGFnZSIgYXMgdGhlIGNvcHlyaWdodCBub3RpY2UgZm9yIGVhc2llcgogICAgICBpZGVudGlmaWNhdGlvbiB3aXRoaW4gdGhpcmQtcGFydHkgYXJjaGl2ZXMuCgogICBDb3B5cmlnaHQgW3l5eXldIFtuYW1lIG9mIGNvcHlyaWdodCBvd25lcl0KCiAgIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSAiTGljZW5zZSIpOwogICB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiAgIFlvdSBtYXkgb2J0YWluIGEgY29weSBvZiB0aGUgTGljZW5zZSBhdAoKICAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMAoKICAgVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZQogICBkaXN0cmlidXRlZCB1bmRlciB0aGUgTGljZW5zZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KICAgU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zIGFuZAogICBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS4= + https://www.apache.org/licenses/LICENSE-2.0.txt + + + pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar + + + diff --git a/src/test/resources/1.5/invalid-license-id-1.5.json b/src/test/resources/1.5/invalid-license-id-1.5.json new file mode 100644 index 000000000..b91c6e9ae --- /dev/null +++ b/src/test/resources/1.5/invalid-license-id-1.5.json @@ -0,0 +1,22 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "type": "library", + "publisher": "Acme Inc", + "group": "com.acme", + "name": "tomcat-catalina", + "version": "9.0.14", + "licenses": [ + { + "license": { + "id": "Apache-2" + } + } + ] + } + ] +} diff --git a/src/test/resources/1.5/invalid-license-id-1.5.xml b/src/test/resources/1.5/invalid-license-id-1.5.xml new file mode 100644 index 000000000..f2cb17044 --- /dev/null +++ b/src/test/resources/1.5/invalid-license-id-1.5.xml @@ -0,0 +1,27 @@ + + + + + Acme Inc + com.acme + tomcat-catalina + 9.0.14 + Modified version of Apache Catalina + required + + 3942447fac867ae5cdb3229b658f4d48 + e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a + f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b + e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 + + + + Apache-2 + CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFwYWNoZSBMaWNlbnNlCiAgICAgICAgICAgICAgICAgICAgICAgICAgIFZlcnNpb24gMi4wLCBKYW51YXJ5IDIwMDQKICAgICAgICAgICAgICAgICAgICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzLwoKICAgVEVSTVMgQU5EIENPTkRJVElPTlMgRk9SIFVTRSwgUkVQUk9EVUNUSU9OLCBBTkQgRElTVFJJQlVUSU9OCgogICAxLiBEZWZpbml0aW9ucy4KCiAgICAgICJMaWNlbnNlIiBzaGFsbCBtZWFuIHRoZSB0ZXJtcyBhbmQgY29uZGl0aW9ucyBmb3IgdXNlLCByZXByb2R1Y3Rpb24sCiAgICAgIGFuZCBkaXN0cmlidXRpb24gYXMgZGVmaW5lZCBieSBTZWN0aW9ucyAxIHRocm91Z2ggOSBvZiB0aGlzIGRvY3VtZW50LgoKICAgICAgIkxpY2Vuc29yIiBzaGFsbCBtZWFuIHRoZSBjb3B5cmlnaHQgb3duZXIgb3IgZW50aXR5IGF1dGhvcml6ZWQgYnkKICAgICAgdGhlIGNvcHlyaWdodCBvd25lciB0aGF0IGlzIGdyYW50aW5nIHRoZSBMaWNlbnNlLgoKICAgICAgIkxlZ2FsIEVudGl0eSIgc2hhbGwgbWVhbiB0aGUgdW5pb24gb2YgdGhlIGFjdGluZyBlbnRpdHkgYW5kIGFsbAogICAgICBvdGhlciBlbnRpdGllcyB0aGF0IGNvbnRyb2wsIGFyZSBjb250cm9sbGVkIGJ5LCBvciBhcmUgdW5kZXIgY29tbW9uCiAgICAgIGNvbnRyb2wgd2l0aCB0aGF0IGVudGl0eS4gRm9yIHRoZSBwdXJwb3NlcyBvZiB0aGlzIGRlZmluaXRpb24sCiAgICAgICJjb250cm9sIiBtZWFucyAoaSkgdGhlIHBvd2VyLCBkaXJlY3Qgb3IgaW5kaXJlY3QsIHRvIGNhdXNlIHRoZQogICAgICBkaXJlY3Rpb24gb3IgbWFuYWdlbWVudCBvZiBzdWNoIGVudGl0eSwgd2hldGhlciBieSBjb250cmFjdCBvcgogICAgICBvdGhlcndpc2UsIG9yIChpaSkgb3duZXJzaGlwIG9mIGZpZnR5IHBlcmNlbnQgKDUwJSkgb3IgbW9yZSBvZiB0aGUKICAgICAgb3V0c3RhbmRpbmcgc2hhcmVzLCBvciAoaWlpKSBiZW5lZmljaWFsIG93bmVyc2hpcCBvZiBzdWNoIGVudGl0eS4KCiAgICAgICJZb3UiIChvciAiWW91ciIpIHNoYWxsIG1lYW4gYW4gaW5kaXZpZHVhbCBvciBMZWdhbCBFbnRpdHkKICAgICAgZXhlcmNpc2luZyBwZXJtaXNzaW9ucyBncmFudGVkIGJ5IHRoaXMgTGljZW5zZS4KCiAgICAgICJTb3VyY2UiIGZvcm0gc2hhbGwgbWVhbiB0aGUgcHJlZmVycmVkIGZvcm0gZm9yIG1ha2luZyBtb2RpZmljYXRpb25zLAogICAgICBpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIHNvZnR3YXJlIHNvdXJjZSBjb2RlLCBkb2N1bWVudGF0aW9uCiAgICAgIHNvdXJjZSwgYW5kIGNvbmZpZ3VyYXRpb24gZmlsZXMuCgogICAgICAiT2JqZWN0IiBmb3JtIHNoYWxsIG1lYW4gYW55IGZvcm0gcmVzdWx0aW5nIGZyb20gbWVjaGFuaWNhbAogICAgICB0cmFuc2Zvcm1hdGlvbiBvciB0cmFuc2xhdGlvbiBvZiBhIFNvdXJjZSBmb3JtLCBpbmNsdWRpbmcgYnV0CiAgICAgIG5vdCBsaW1pdGVkIHRvIGNvbXBpbGVkIG9iamVjdCBjb2RlLCBnZW5lcmF0ZWQgZG9jdW1lbnRhdGlvbiwKICAgICAgYW5kIGNvbnZlcnNpb25zIHRvIG90aGVyIG1lZGlhIHR5cGVzLgoKICAgICAgIldvcmsiIHNoYWxsIG1lYW4gdGhlIHdvcmsgb2YgYXV0aG9yc2hpcCwgd2hldGhlciBpbiBTb3VyY2Ugb3IKICAgICAgT2JqZWN0IGZvcm0sIG1hZGUgYXZhaWxhYmxlIHVuZGVyIHRoZSBMaWNlbnNlLCBhcyBpbmRpY2F0ZWQgYnkgYQogICAgICBjb3B5cmlnaHQgbm90aWNlIHRoYXQgaXMgaW5jbHVkZWQgaW4gb3IgYXR0YWNoZWQgdG8gdGhlIHdvcmsKICAgICAgKGFuIGV4YW1wbGUgaXMgcHJvdmlkZWQgaW4gdGhlIEFwcGVuZGl4IGJlbG93KS4KCiAgICAgICJEZXJpdmF0aXZlIFdvcmtzIiBzaGFsbCBtZWFuIGFueSB3b3JrLCB3aGV0aGVyIGluIFNvdXJjZSBvciBPYmplY3QKICAgICAgZm9ybSwgdGhhdCBpcyBiYXNlZCBvbiAob3IgZGVyaXZlZCBmcm9tKSB0aGUgV29yayBhbmQgZm9yIHdoaWNoIHRoZQogICAgICBlZGl0b3JpYWwgcmV2aXNpb25zLCBhbm5vdGF0aW9ucywgZWxhYm9yYXRpb25zLCBvciBvdGhlciBtb2RpZmljYXRpb25zCiAgICAgIHJlcHJlc2VudCwgYXMgYSB3aG9sZSwgYW4gb3JpZ2luYWwgd29yayBvZiBhdXRob3JzaGlwLiBGb3IgdGhlIHB1cnBvc2VzCiAgICAgIG9mIHRoaXMgTGljZW5zZSwgRGVyaXZhdGl2ZSBXb3JrcyBzaGFsbCBub3QgaW5jbHVkZSB3b3JrcyB0aGF0IHJlbWFpbgogICAgICBzZXBhcmFibGUgZnJvbSwgb3IgbWVyZWx5IGxpbmsgKG9yIGJpbmQgYnkgbmFtZSkgdG8gdGhlIGludGVyZmFjZXMgb2YsCiAgICAgIHRoZSBXb3JrIGFuZCBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YuCgogICAgICAiQ29udHJpYnV0aW9uIiBzaGFsbCBtZWFuIGFueSB3b3JrIG9mIGF1dGhvcnNoaXAsIGluY2x1ZGluZwogICAgICB0aGUgb3JpZ2luYWwgdmVyc2lvbiBvZiB0aGUgV29yayBhbmQgYW55IG1vZGlmaWNhdGlvbnMgb3IgYWRkaXRpb25zCiAgICAgIHRvIHRoYXQgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIHRoYXQgaXMgaW50ZW50aW9uYWxseQogICAgICBzdWJtaXR0ZWQgdG8gTGljZW5zb3IgZm9yIGluY2x1c2lvbiBpbiB0aGUgV29yayBieSB0aGUgY29weXJpZ2h0IG93bmVyCiAgICAgIG9yIGJ5IGFuIGluZGl2aWR1YWwgb3IgTGVnYWwgRW50aXR5IGF1dGhvcml6ZWQgdG8gc3VibWl0IG9uIGJlaGFsZiBvZgogICAgICB0aGUgY29weXJpZ2h0IG93bmVyLiBGb3IgdGhlIHB1cnBvc2VzIG9mIHRoaXMgZGVmaW5pdGlvbiwgInN1Ym1pdHRlZCIKICAgICAgbWVhbnMgYW55IGZvcm0gb2YgZWxlY3Ryb25pYywgdmVyYmFsLCBvciB3cml0dGVuIGNvbW11bmljYXRpb24gc2VudAogICAgICB0byB0aGUgTGljZW5zb3Igb3IgaXRzIHJlcHJlc2VudGF0aXZlcywgaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0bwogICAgICBjb21tdW5pY2F0aW9uIG9uIGVsZWN0cm9uaWMgbWFpbGluZyBsaXN0cywgc291cmNlIGNvZGUgY29udHJvbCBzeXN0ZW1zLAogICAgICBhbmQgaXNzdWUgdHJhY2tpbmcgc3lzdGVtcyB0aGF0IGFyZSBtYW5hZ2VkIGJ5LCBvciBvbiBiZWhhbGYgb2YsIHRoZQogICAgICBMaWNlbnNvciBmb3IgdGhlIHB1cnBvc2Ugb2YgZGlzY3Vzc2luZyBhbmQgaW1wcm92aW5nIHRoZSBXb3JrLCBidXQKICAgICAgZXhjbHVkaW5nIGNvbW11bmljYXRpb24gdGhhdCBpcyBjb25zcGljdW91c2x5IG1hcmtlZCBvciBvdGhlcndpc2UKICAgICAgZGVzaWduYXRlZCBpbiB3cml0aW5nIGJ5IHRoZSBjb3B5cmlnaHQgb3duZXIgYXMgIk5vdCBhIENvbnRyaWJ1dGlvbi4iCgogICAgICAiQ29udHJpYnV0b3IiIHNoYWxsIG1lYW4gTGljZW5zb3IgYW5kIGFueSBpbmRpdmlkdWFsIG9yIExlZ2FsIEVudGl0eQogICAgICBvbiBiZWhhbGYgb2Ygd2hvbSBhIENvbnRyaWJ1dGlvbiBoYXMgYmVlbiByZWNlaXZlZCBieSBMaWNlbnNvciBhbmQKICAgICAgc3Vic2VxdWVudGx5IGluY29ycG9yYXRlZCB3aXRoaW4gdGhlIFdvcmsuCgogICAyLiBHcmFudCBvZiBDb3B5cmlnaHQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICBjb3B5cmlnaHQgbGljZW5zZSB0byByZXByb2R1Y2UsIHByZXBhcmUgRGVyaXZhdGl2ZSBXb3JrcyBvZiwKICAgICAgcHVibGljbHkgZGlzcGxheSwgcHVibGljbHkgcGVyZm9ybSwgc3VibGljZW5zZSwgYW5kIGRpc3RyaWJ1dGUgdGhlCiAgICAgIFdvcmsgYW5kIHN1Y2ggRGVyaXZhdGl2ZSBXb3JrcyBpbiBTb3VyY2Ugb3IgT2JqZWN0IGZvcm0uCgogICAzLiBHcmFudCBvZiBQYXRlbnQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICAoZXhjZXB0IGFzIHN0YXRlZCBpbiB0aGlzIHNlY3Rpb24pIHBhdGVudCBsaWNlbnNlIHRvIG1ha2UsIGhhdmUgbWFkZSwKICAgICAgdXNlLCBvZmZlciB0byBzZWxsLCBzZWxsLCBpbXBvcnQsIGFuZCBvdGhlcndpc2UgdHJhbnNmZXIgdGhlIFdvcmssCiAgICAgIHdoZXJlIHN1Y2ggbGljZW5zZSBhcHBsaWVzIG9ubHkgdG8gdGhvc2UgcGF0ZW50IGNsYWltcyBsaWNlbnNhYmxlCiAgICAgIGJ5IHN1Y2ggQ29udHJpYnV0b3IgdGhhdCBhcmUgbmVjZXNzYXJpbHkgaW5mcmluZ2VkIGJ5IHRoZWlyCiAgICAgIENvbnRyaWJ1dGlvbihzKSBhbG9uZSBvciBieSBjb21iaW5hdGlvbiBvZiB0aGVpciBDb250cmlidXRpb24ocykKICAgICAgd2l0aCB0aGUgV29yayB0byB3aGljaCBzdWNoIENvbnRyaWJ1dGlvbihzKSB3YXMgc3VibWl0dGVkLiBJZiBZb3UKICAgICAgaW5zdGl0dXRlIHBhdGVudCBsaXRpZ2F0aW9uIGFnYWluc3QgYW55IGVudGl0eSAoaW5jbHVkaW5nIGEKICAgICAgY3Jvc3MtY2xhaW0gb3IgY291bnRlcmNsYWltIGluIGEgbGF3c3VpdCkgYWxsZWdpbmcgdGhhdCB0aGUgV29yawogICAgICBvciBhIENvbnRyaWJ1dGlvbiBpbmNvcnBvcmF0ZWQgd2l0aGluIHRoZSBXb3JrIGNvbnN0aXR1dGVzIGRpcmVjdAogICAgICBvciBjb250cmlidXRvcnkgcGF0ZW50IGluZnJpbmdlbWVudCwgdGhlbiBhbnkgcGF0ZW50IGxpY2Vuc2VzCiAgICAgIGdyYW50ZWQgdG8gWW91IHVuZGVyIHRoaXMgTGljZW5zZSBmb3IgdGhhdCBXb3JrIHNoYWxsIHRlcm1pbmF0ZQogICAgICBhcyBvZiB0aGUgZGF0ZSBzdWNoIGxpdGlnYXRpb24gaXMgZmlsZWQuCgogICA0LiBSZWRpc3RyaWJ1dGlvbi4gWW91IG1heSByZXByb2R1Y2UgYW5kIGRpc3RyaWJ1dGUgY29waWVzIG9mIHRoZQogICAgICBXb3JrIG9yIERlcml2YXRpdmUgV29ya3MgdGhlcmVvZiBpbiBhbnkgbWVkaXVtLCB3aXRoIG9yIHdpdGhvdXQKICAgICAgbW9kaWZpY2F0aW9ucywgYW5kIGluIFNvdXJjZSBvciBPYmplY3QgZm9ybSwgcHJvdmlkZWQgdGhhdCBZb3UKICAgICAgbWVldCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnM6CgogICAgICAoYSkgWW91IG11c3QgZ2l2ZSBhbnkgb3RoZXIgcmVjaXBpZW50cyBvZiB0aGUgV29yayBvcgogICAgICAgICAgRGVyaXZhdGl2ZSBXb3JrcyBhIGNvcHkgb2YgdGhpcyBMaWNlbnNlOyBhbmQKCiAgICAgIChiKSBZb3UgbXVzdCBjYXVzZSBhbnkgbW9kaWZpZWQgZmlsZXMgdG8gY2FycnkgcHJvbWluZW50IG5vdGljZXMKICAgICAgICAgIHN0YXRpbmcgdGhhdCBZb3UgY2hhbmdlZCB0aGUgZmlsZXM7IGFuZAoKICAgICAgKGMpIFlvdSBtdXN0IHJldGFpbiwgaW4gdGhlIFNvdXJjZSBmb3JtIG9mIGFueSBEZXJpdmF0aXZlIFdvcmtzCiAgICAgICAgICB0aGF0IFlvdSBkaXN0cmlidXRlLCBhbGwgY29weXJpZ2h0LCBwYXRlbnQsIHRyYWRlbWFyaywgYW5kCiAgICAgICAgICBhdHRyaWJ1dGlvbiBub3RpY2VzIGZyb20gdGhlIFNvdXJjZSBmb3JtIG9mIHRoZSBXb3JrLAogICAgICAgICAgZXhjbHVkaW5nIHRob3NlIG5vdGljZXMgdGhhdCBkbyBub3QgcGVydGFpbiB0byBhbnkgcGFydCBvZgogICAgICAgICAgdGhlIERlcml2YXRpdmUgV29ya3M7IGFuZAoKICAgICAgKGQpIElmIHRoZSBXb3JrIGluY2x1ZGVzIGEgIk5PVElDRSIgdGV4dCBmaWxlIGFzIHBhcnQgb2YgaXRzCiAgICAgICAgICBkaXN0cmlidXRpb24sIHRoZW4gYW55IERlcml2YXRpdmUgV29ya3MgdGhhdCBZb3UgZGlzdHJpYnV0ZSBtdXN0CiAgICAgICAgICBpbmNsdWRlIGEgcmVhZGFibGUgY29weSBvZiB0aGUgYXR0cmlidXRpb24gbm90aWNlcyBjb250YWluZWQKICAgICAgICAgIHdpdGhpbiBzdWNoIE5PVElDRSBmaWxlLCBleGNsdWRpbmcgdGhvc2Ugbm90aWNlcyB0aGF0IGRvIG5vdAogICAgICAgICAgcGVydGFpbiB0byBhbnkgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaW4gYXQgbGVhc3Qgb25lCiAgICAgICAgICBvZiB0aGUgZm9sbG93aW5nIHBsYWNlczogd2l0aGluIGEgTk9USUNFIHRleHQgZmlsZSBkaXN0cmlidXRlZAogICAgICAgICAgYXMgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgd2l0aGluIHRoZSBTb3VyY2UgZm9ybSBvcgogICAgICAgICAgZG9jdW1lbnRhdGlvbiwgaWYgcHJvdmlkZWQgYWxvbmcgd2l0aCB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgb3IsCiAgICAgICAgICB3aXRoaW4gYSBkaXNwbGF5IGdlbmVyYXRlZCBieSB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaWYgYW5kCiAgICAgICAgICB3aGVyZXZlciBzdWNoIHRoaXJkLXBhcnR5IG5vdGljZXMgbm9ybWFsbHkgYXBwZWFyLiBUaGUgY29udGVudHMKICAgICAgICAgIG9mIHRoZSBOT1RJQ0UgZmlsZSBhcmUgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seSBhbmQKICAgICAgICAgIGRvIG5vdCBtb2RpZnkgdGhlIExpY2Vuc2UuIFlvdSBtYXkgYWRkIFlvdXIgb3duIGF0dHJpYnV0aW9uCiAgICAgICAgICBub3RpY2VzIHdpdGhpbiBEZXJpdmF0aXZlIFdvcmtzIHRoYXQgWW91IGRpc3RyaWJ1dGUsIGFsb25nc2lkZQogICAgICAgICAgb3IgYXMgYW4gYWRkZW5kdW0gdG8gdGhlIE5PVElDRSB0ZXh0IGZyb20gdGhlIFdvcmssIHByb3ZpZGVkCiAgICAgICAgICB0aGF0IHN1Y2ggYWRkaXRpb25hbCBhdHRyaWJ1dGlvbiBub3RpY2VzIGNhbm5vdCBiZSBjb25zdHJ1ZWQKICAgICAgICAgIGFzIG1vZGlmeWluZyB0aGUgTGljZW5zZS4KCiAgICAgIFlvdSBtYXkgYWRkIFlvdXIgb3duIGNvcHlyaWdodCBzdGF0ZW1lbnQgdG8gWW91ciBtb2RpZmljYXRpb25zIGFuZAogICAgICBtYXkgcHJvdmlkZSBhZGRpdGlvbmFsIG9yIGRpZmZlcmVudCBsaWNlbnNlIHRlcm1zIGFuZCBjb25kaXRpb25zCiAgICAgIGZvciB1c2UsIHJlcHJvZHVjdGlvbiwgb3IgZGlzdHJpYnV0aW9uIG9mIFlvdXIgbW9kaWZpY2F0aW9ucywgb3IKICAgICAgZm9yIGFueSBzdWNoIERlcml2YXRpdmUgV29ya3MgYXMgYSB3aG9sZSwgcHJvdmlkZWQgWW91ciB1c2UsCiAgICAgIHJlcHJvZHVjdGlvbiwgYW5kIGRpc3RyaWJ1dGlvbiBvZiB0aGUgV29yayBvdGhlcndpc2UgY29tcGxpZXMgd2l0aAogICAgICB0aGUgY29uZGl0aW9ucyBzdGF0ZWQgaW4gdGhpcyBMaWNlbnNlLgoKICAgNS4gU3VibWlzc2lvbiBvZiBDb250cmlidXRpb25zLiBVbmxlc3MgWW91IGV4cGxpY2l0bHkgc3RhdGUgb3RoZXJ3aXNlLAogICAgICBhbnkgQ29udHJpYnV0aW9uIGludGVudGlvbmFsbHkgc3VibWl0dGVkIGZvciBpbmNsdXNpb24gaW4gdGhlIFdvcmsKICAgICAgYnkgWW91IHRvIHRoZSBMaWNlbnNvciBzaGFsbCBiZSB1bmRlciB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCB3aXRob3V0IGFueSBhZGRpdGlvbmFsIHRlcm1zIG9yIGNvbmRpdGlvbnMuCiAgICAgIE5vdHdpdGhzdGFuZGluZyB0aGUgYWJvdmUsIG5vdGhpbmcgaGVyZWluIHNoYWxsIHN1cGVyc2VkZSBvciBtb2RpZnkKICAgICAgdGhlIHRlcm1zIG9mIGFueSBzZXBhcmF0ZSBsaWNlbnNlIGFncmVlbWVudCB5b3UgbWF5IGhhdmUgZXhlY3V0ZWQKICAgICAgd2l0aCBMaWNlbnNvciByZWdhcmRpbmcgc3VjaCBDb250cmlidXRpb25zLgoKICAgNi4gVHJhZGVtYXJrcy4gVGhpcyBMaWNlbnNlIGRvZXMgbm90IGdyYW50IHBlcm1pc3Npb24gdG8gdXNlIHRoZSB0cmFkZQogICAgICBuYW1lcywgdHJhZGVtYXJrcywgc2VydmljZSBtYXJrcywgb3IgcHJvZHVjdCBuYW1lcyBvZiB0aGUgTGljZW5zb3IsCiAgICAgIGV4Y2VwdCBhcyByZXF1aXJlZCBmb3IgcmVhc29uYWJsZSBhbmQgY3VzdG9tYXJ5IHVzZSBpbiBkZXNjcmliaW5nIHRoZQogICAgICBvcmlnaW4gb2YgdGhlIFdvcmsgYW5kIHJlcHJvZHVjaW5nIHRoZSBjb250ZW50IG9mIHRoZSBOT1RJQ0UgZmlsZS4KCiAgIDcuIERpc2NsYWltZXIgb2YgV2FycmFudHkuIFVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvcgogICAgICBhZ3JlZWQgdG8gaW4gd3JpdGluZywgTGljZW5zb3IgcHJvdmlkZXMgdGhlIFdvcmsgKGFuZCBlYWNoCiAgICAgIENvbnRyaWJ1dG9yIHByb3ZpZGVzIGl0cyBDb250cmlidXRpb25zKSBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICAgICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IKICAgICAgaW1wbGllZCwgaW5jbHVkaW5nLCB3aXRob3V0IGxpbWl0YXRpb24sIGFueSB3YXJyYW50aWVzIG9yIGNvbmRpdGlvbnMKICAgICAgb2YgVElUTEUsIE5PTi1JTkZSSU5HRU1FTlQsIE1FUkNIQU5UQUJJTElUWSwgb3IgRklUTkVTUyBGT1IgQQogICAgICBQQVJUSUNVTEFSIFBVUlBPU0UuIFlvdSBhcmUgc29sZWx5IHJlc3BvbnNpYmxlIGZvciBkZXRlcm1pbmluZyB0aGUKICAgICAgYXBwcm9wcmlhdGVuZXNzIG9mIHVzaW5nIG9yIHJlZGlzdHJpYnV0aW5nIHRoZSBXb3JrIGFuZCBhc3N1bWUgYW55CiAgICAgIHJpc2tzIGFzc29jaWF0ZWQgd2l0aCBZb3VyIGV4ZXJjaXNlIG9mIHBlcm1pc3Npb25zIHVuZGVyIHRoaXMgTGljZW5zZS4KCiAgIDguIExpbWl0YXRpb24gb2YgTGlhYmlsaXR5LiBJbiBubyBldmVudCBhbmQgdW5kZXIgbm8gbGVnYWwgdGhlb3J5LAogICAgICB3aGV0aGVyIGluIHRvcnQgKGluY2x1ZGluZyBuZWdsaWdlbmNlKSwgY29udHJhY3QsIG9yIG90aGVyd2lzZSwKICAgICAgdW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IChzdWNoIGFzIGRlbGliZXJhdGUgYW5kIGdyb3NzbHkKICAgICAgbmVnbGlnZW50IGFjdHMpIG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzaGFsbCBhbnkgQ29udHJpYnV0b3IgYmUKICAgICAgbGlhYmxlIHRvIFlvdSBmb3IgZGFtYWdlcywgaW5jbHVkaW5nIGFueSBkaXJlY3QsIGluZGlyZWN0LCBzcGVjaWFsLAogICAgICBpbmNpZGVudGFsLCBvciBjb25zZXF1ZW50aWFsIGRhbWFnZXMgb2YgYW55IGNoYXJhY3RlciBhcmlzaW5nIGFzIGEKICAgICAgcmVzdWx0IG9mIHRoaXMgTGljZW5zZSBvciBvdXQgb2YgdGhlIHVzZSBvciBpbmFiaWxpdHkgdG8gdXNlIHRoZQogICAgICBXb3JrIChpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIGRhbWFnZXMgZm9yIGxvc3Mgb2YgZ29vZHdpbGwsCiAgICAgIHdvcmsgc3RvcHBhZ2UsIGNvbXB1dGVyIGZhaWx1cmUgb3IgbWFsZnVuY3Rpb24sIG9yIGFueSBhbmQgYWxsCiAgICAgIG90aGVyIGNvbW1lcmNpYWwgZGFtYWdlcyBvciBsb3NzZXMpLCBldmVuIGlmIHN1Y2ggQ29udHJpYnV0b3IKICAgICAgaGFzIGJlZW4gYWR2aXNlZCBvZiB0aGUgcG9zc2liaWxpdHkgb2Ygc3VjaCBkYW1hZ2VzLgoKICAgOS4gQWNjZXB0aW5nIFdhcnJhbnR5IG9yIEFkZGl0aW9uYWwgTGlhYmlsaXR5LiBXaGlsZSByZWRpc3RyaWJ1dGluZwogICAgICB0aGUgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIFlvdSBtYXkgY2hvb3NlIHRvIG9mZmVyLAogICAgICBhbmQgY2hhcmdlIGEgZmVlIGZvciwgYWNjZXB0YW5jZSBvZiBzdXBwb3J0LCB3YXJyYW50eSwgaW5kZW1uaXR5LAogICAgICBvciBvdGhlciBsaWFiaWxpdHkgb2JsaWdhdGlvbnMgYW5kL29yIHJpZ2h0cyBjb25zaXN0ZW50IHdpdGggdGhpcwogICAgICBMaWNlbnNlLiBIb3dldmVyLCBpbiBhY2NlcHRpbmcgc3VjaCBvYmxpZ2F0aW9ucywgWW91IG1heSBhY3Qgb25seQogICAgICBvbiBZb3VyIG93biBiZWhhbGYgYW5kIG9uIFlvdXIgc29sZSByZXNwb25zaWJpbGl0eSwgbm90IG9uIGJlaGFsZgogICAgICBvZiBhbnkgb3RoZXIgQ29udHJpYnV0b3IsIGFuZCBvbmx5IGlmIFlvdSBhZ3JlZSB0byBpbmRlbW5pZnksCiAgICAgIGRlZmVuZCwgYW5kIGhvbGQgZWFjaCBDb250cmlidXRvciBoYXJtbGVzcyBmb3IgYW55IGxpYWJpbGl0eQogICAgICBpbmN1cnJlZCBieSwgb3IgY2xhaW1zIGFzc2VydGVkIGFnYWluc3QsIHN1Y2ggQ29udHJpYnV0b3IgYnkgcmVhc29uCiAgICAgIG9mIHlvdXIgYWNjZXB0aW5nIGFueSBzdWNoIHdhcnJhbnR5IG9yIGFkZGl0aW9uYWwgbGlhYmlsaXR5LgoKICAgRU5EIE9GIFRFUk1TIEFORCBDT05ESVRJT05TCgogICBBUFBFTkRJWDogSG93IHRvIGFwcGx5IHRoZSBBcGFjaGUgTGljZW5zZSB0byB5b3VyIHdvcmsuCgogICAgICBUbyBhcHBseSB0aGUgQXBhY2hlIExpY2Vuc2UgdG8geW91ciB3b3JrLCBhdHRhY2ggdGhlIGZvbGxvd2luZwogICAgICBib2lsZXJwbGF0ZSBub3RpY2UsIHdpdGggdGhlIGZpZWxkcyBlbmNsb3NlZCBieSBicmFja2V0cyAiW10iCiAgICAgIHJlcGxhY2VkIHdpdGggeW91ciBvd24gaWRlbnRpZnlpbmcgaW5mb3JtYXRpb24uIChEb24ndCBpbmNsdWRlCiAgICAgIHRoZSBicmFja2V0cyEpICBUaGUgdGV4dCBzaG91bGQgYmUgZW5jbG9zZWQgaW4gdGhlIGFwcHJvcHJpYXRlCiAgICAgIGNvbW1lbnQgc3ludGF4IGZvciB0aGUgZmlsZSBmb3JtYXQuIFdlIGFsc28gcmVjb21tZW5kIHRoYXQgYQogICAgICBmaWxlIG9yIGNsYXNzIG5hbWUgYW5kIGRlc2NyaXB0aW9uIG9mIHB1cnBvc2UgYmUgaW5jbHVkZWQgb24gdGhlCiAgICAgIHNhbWUgInByaW50ZWQgcGFnZSIgYXMgdGhlIGNvcHlyaWdodCBub3RpY2UgZm9yIGVhc2llcgogICAgICBpZGVudGlmaWNhdGlvbiB3aXRoaW4gdGhpcmQtcGFydHkgYXJjaGl2ZXMuCgogICBDb3B5cmlnaHQgW3l5eXldIFtuYW1lIG9mIGNvcHlyaWdodCBvd25lcl0KCiAgIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSAiTGljZW5zZSIpOwogICB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiAgIFlvdSBtYXkgb2J0YWluIGEgY29weSBvZiB0aGUgTGljZW5zZSBhdAoKICAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMAoKICAgVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZQogICBkaXN0cmlidXRlZCB1bmRlciB0aGUgTGljZW5zZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KICAgU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zIGFuZAogICBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS4= + https://www.apache.org/licenses/LICENSE-2.0.txt + + + pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar + + + diff --git a/src/test/resources/1.5/invalid-license-id-count-1.5.xml b/src/test/resources/1.5/invalid-license-id-count-1.5.xml new file mode 100644 index 000000000..ecb0f870c --- /dev/null +++ b/src/test/resources/1.5/invalid-license-id-count-1.5.xml @@ -0,0 +1,27 @@ + + + + + Acme Inc + com.acme + tomcat-catalina + 9.0.14 + Modified version of Apache Catalina + required + + 3942447fac867ae5cdb3229b658f4d48 + e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a + f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b + e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 + + + + Apache-2 + + Apache-2 + + + pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar + + + diff --git a/src/test/resources/1.5/invalid-license-name-count-1.5.xml b/src/test/resources/1.5/invalid-license-name-count-1.5.xml new file mode 100644 index 000000000..3a4bcc196 --- /dev/null +++ b/src/test/resources/1.5/invalid-license-name-count-1.5.xml @@ -0,0 +1,27 @@ + + + + + Acme Inc + com.acme + tomcat-catalina + 9.0.14 + Modified version of Apache Catalina + required + + 3942447fac867ae5cdb3229b658f4d48 + e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a + f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b + e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 + + + + Apache License 2.0 + + Apache License 2.0 + + + pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar + + + diff --git a/src/test/resources/1.5/invalid-metadata-license-1.5.json b/src/test/resources/1.5/invalid-metadata-license-1.5.json new file mode 100644 index 000000000..69baa9d9b --- /dev/null +++ b/src/test/resources/1.5/invalid-metadata-license-1.5.json @@ -0,0 +1,16 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "metadata": { + "licenses": [ + { + "license": { + "id": "Apache-2" + } + } + ] + }, + "components": [] +} diff --git a/src/test/resources/1.5/invalid-metadata-license-1.5.xml b/src/test/resources/1.5/invalid-metadata-license-1.5.xml new file mode 100644 index 000000000..d447813d1 --- /dev/null +++ b/src/test/resources/1.5/invalid-metadata-license-1.5.xml @@ -0,0 +1,11 @@ + + + + + + Apache-2 + + + + + \ No newline at end of file diff --git a/src/test/resources/1.5/invalid-metadata-timestamp-1.5.json b/src/test/resources/1.5/invalid-metadata-timestamp-1.5.json new file mode 100644 index 000000000..4b79cd318 --- /dev/null +++ b/src/test/resources/1.5/invalid-metadata-timestamp-1.5.json @@ -0,0 +1,10 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "metadata": { + "timestamp": "2020-04-13" + }, + "components": [] +} diff --git a/src/test/resources/1.5/invalid-metadata-timestamp-1.5.xml b/src/test/resources/1.5/invalid-metadata-timestamp-1.5.xml new file mode 100644 index 000000000..52306dae0 --- /dev/null +++ b/src/test/resources/1.5/invalid-metadata-timestamp-1.5.xml @@ -0,0 +1,7 @@ + + + + 2020-04-07 + + + diff --git a/src/test/resources/1.5/invalid-missing-component-type-1.5.json b/src/test/resources/1.5/invalid-missing-component-type-1.5.json new file mode 100644 index 000000000..722c0c35c --- /dev/null +++ b/src/test/resources/1.5/invalid-missing-component-type-1.5.json @@ -0,0 +1,12 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "name": "acme-library", + "version": "1.0.0" + } + ] +} diff --git a/src/test/resources/1.5/invalid-missing-component-type-1.5.xml b/src/test/resources/1.5/invalid-missing-component-type-1.5.xml new file mode 100644 index 000000000..29265a34a --- /dev/null +++ b/src/test/resources/1.5/invalid-missing-component-type-1.5.xml @@ -0,0 +1,9 @@ + + + + + acme-library + 1.0.0 + + + diff --git a/src/test/resources/1.5/invalid-namespace-1.5.xml b/src/test/resources/1.5/invalid-namespace-1.5.xml new file mode 100644 index 000000000..9e42be401 --- /dev/null +++ b/src/test/resources/1.5/invalid-namespace-1.5.xml @@ -0,0 +1,118 @@ + + + + + Acme Inc + com.acme + tomcat-catalina + 9.0.14 + Modified version of Apache Catalina + required + + 3942447fac867ae5cdb3229b658f4d48 + e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a + f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b + e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 + + + + Apache-2.0 + CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFwYWNoZSBMaWNlbnNlCiAgICAgICAgICAgICAgICAgICAgICAgICAgIFZlcnNpb24gMi4wLCBKYW51YXJ5IDIwMDQKICAgICAgICAgICAgICAgICAgICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzLwoKICAgVEVSTVMgQU5EIENPTkRJVElPTlMgRk9SIFVTRSwgUkVQUk9EVUNUSU9OLCBBTkQgRElTVFJJQlVUSU9OCgogICAxLiBEZWZpbml0aW9ucy4KCiAgICAgICJMaWNlbnNlIiBzaGFsbCBtZWFuIHRoZSB0ZXJtcyBhbmQgY29uZGl0aW9ucyBmb3IgdXNlLCByZXByb2R1Y3Rpb24sCiAgICAgIGFuZCBkaXN0cmlidXRpb24gYXMgZGVmaW5lZCBieSBTZWN0aW9ucyAxIHRocm91Z2ggOSBvZiB0aGlzIGRvY3VtZW50LgoKICAgICAgIkxpY2Vuc29yIiBzaGFsbCBtZWFuIHRoZSBjb3B5cmlnaHQgb3duZXIgb3IgZW50aXR5IGF1dGhvcml6ZWQgYnkKICAgICAgdGhlIGNvcHlyaWdodCBvd25lciB0aGF0IGlzIGdyYW50aW5nIHRoZSBMaWNlbnNlLgoKICAgICAgIkxlZ2FsIEVudGl0eSIgc2hhbGwgbWVhbiB0aGUgdW5pb24gb2YgdGhlIGFjdGluZyBlbnRpdHkgYW5kIGFsbAogICAgICBvdGhlciBlbnRpdGllcyB0aGF0IGNvbnRyb2wsIGFyZSBjb250cm9sbGVkIGJ5LCBvciBhcmUgdW5kZXIgY29tbW9uCiAgICAgIGNvbnRyb2wgd2l0aCB0aGF0IGVudGl0eS4gRm9yIHRoZSBwdXJwb3NlcyBvZiB0aGlzIGRlZmluaXRpb24sCiAgICAgICJjb250cm9sIiBtZWFucyAoaSkgdGhlIHBvd2VyLCBkaXJlY3Qgb3IgaW5kaXJlY3QsIHRvIGNhdXNlIHRoZQogICAgICBkaXJlY3Rpb24gb3IgbWFuYWdlbWVudCBvZiBzdWNoIGVudGl0eSwgd2hldGhlciBieSBjb250cmFjdCBvcgogICAgICBvdGhlcndpc2UsIG9yIChpaSkgb3duZXJzaGlwIG9mIGZpZnR5IHBlcmNlbnQgKDUwJSkgb3IgbW9yZSBvZiB0aGUKICAgICAgb3V0c3RhbmRpbmcgc2hhcmVzLCBvciAoaWlpKSBiZW5lZmljaWFsIG93bmVyc2hpcCBvZiBzdWNoIGVudGl0eS4KCiAgICAgICJZb3UiIChvciAiWW91ciIpIHNoYWxsIG1lYW4gYW4gaW5kaXZpZHVhbCBvciBMZWdhbCBFbnRpdHkKICAgICAgZXhlcmNpc2luZyBwZXJtaXNzaW9ucyBncmFudGVkIGJ5IHRoaXMgTGljZW5zZS4KCiAgICAgICJTb3VyY2UiIGZvcm0gc2hhbGwgbWVhbiB0aGUgcHJlZmVycmVkIGZvcm0gZm9yIG1ha2luZyBtb2RpZmljYXRpb25zLAogICAgICBpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIHNvZnR3YXJlIHNvdXJjZSBjb2RlLCBkb2N1bWVudGF0aW9uCiAgICAgIHNvdXJjZSwgYW5kIGNvbmZpZ3VyYXRpb24gZmlsZXMuCgogICAgICAiT2JqZWN0IiBmb3JtIHNoYWxsIG1lYW4gYW55IGZvcm0gcmVzdWx0aW5nIGZyb20gbWVjaGFuaWNhbAogICAgICB0cmFuc2Zvcm1hdGlvbiBvciB0cmFuc2xhdGlvbiBvZiBhIFNvdXJjZSBmb3JtLCBpbmNsdWRpbmcgYnV0CiAgICAgIG5vdCBsaW1pdGVkIHRvIGNvbXBpbGVkIG9iamVjdCBjb2RlLCBnZW5lcmF0ZWQgZG9jdW1lbnRhdGlvbiwKICAgICAgYW5kIGNvbnZlcnNpb25zIHRvIG90aGVyIG1lZGlhIHR5cGVzLgoKICAgICAgIldvcmsiIHNoYWxsIG1lYW4gdGhlIHdvcmsgb2YgYXV0aG9yc2hpcCwgd2hldGhlciBpbiBTb3VyY2Ugb3IKICAgICAgT2JqZWN0IGZvcm0sIG1hZGUgYXZhaWxhYmxlIHVuZGVyIHRoZSBMaWNlbnNlLCBhcyBpbmRpY2F0ZWQgYnkgYQogICAgICBjb3B5cmlnaHQgbm90aWNlIHRoYXQgaXMgaW5jbHVkZWQgaW4gb3IgYXR0YWNoZWQgdG8gdGhlIHdvcmsKICAgICAgKGFuIGV4YW1wbGUgaXMgcHJvdmlkZWQgaW4gdGhlIEFwcGVuZGl4IGJlbG93KS4KCiAgICAgICJEZXJpdmF0aXZlIFdvcmtzIiBzaGFsbCBtZWFuIGFueSB3b3JrLCB3aGV0aGVyIGluIFNvdXJjZSBvciBPYmplY3QKICAgICAgZm9ybSwgdGhhdCBpcyBiYXNlZCBvbiAob3IgZGVyaXZlZCBmcm9tKSB0aGUgV29yayBhbmQgZm9yIHdoaWNoIHRoZQogICAgICBlZGl0b3JpYWwgcmV2aXNpb25zLCBhbm5vdGF0aW9ucywgZWxhYm9yYXRpb25zLCBvciBvdGhlciBtb2RpZmljYXRpb25zCiAgICAgIHJlcHJlc2VudCwgYXMgYSB3aG9sZSwgYW4gb3JpZ2luYWwgd29yayBvZiBhdXRob3JzaGlwLiBGb3IgdGhlIHB1cnBvc2VzCiAgICAgIG9mIHRoaXMgTGljZW5zZSwgRGVyaXZhdGl2ZSBXb3JrcyBzaGFsbCBub3QgaW5jbHVkZSB3b3JrcyB0aGF0IHJlbWFpbgogICAgICBzZXBhcmFibGUgZnJvbSwgb3IgbWVyZWx5IGxpbmsgKG9yIGJpbmQgYnkgbmFtZSkgdG8gdGhlIGludGVyZmFjZXMgb2YsCiAgICAgIHRoZSBXb3JrIGFuZCBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YuCgogICAgICAiQ29udHJpYnV0aW9uIiBzaGFsbCBtZWFuIGFueSB3b3JrIG9mIGF1dGhvcnNoaXAsIGluY2x1ZGluZwogICAgICB0aGUgb3JpZ2luYWwgdmVyc2lvbiBvZiB0aGUgV29yayBhbmQgYW55IG1vZGlmaWNhdGlvbnMgb3IgYWRkaXRpb25zCiAgICAgIHRvIHRoYXQgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIHRoYXQgaXMgaW50ZW50aW9uYWxseQogICAgICBzdWJtaXR0ZWQgdG8gTGljZW5zb3IgZm9yIGluY2x1c2lvbiBpbiB0aGUgV29yayBieSB0aGUgY29weXJpZ2h0IG93bmVyCiAgICAgIG9yIGJ5IGFuIGluZGl2aWR1YWwgb3IgTGVnYWwgRW50aXR5IGF1dGhvcml6ZWQgdG8gc3VibWl0IG9uIGJlaGFsZiBvZgogICAgICB0aGUgY29weXJpZ2h0IG93bmVyLiBGb3IgdGhlIHB1cnBvc2VzIG9mIHRoaXMgZGVmaW5pdGlvbiwgInN1Ym1pdHRlZCIKICAgICAgbWVhbnMgYW55IGZvcm0gb2YgZWxlY3Ryb25pYywgdmVyYmFsLCBvciB3cml0dGVuIGNvbW11bmljYXRpb24gc2VudAogICAgICB0byB0aGUgTGljZW5zb3Igb3IgaXRzIHJlcHJlc2VudGF0aXZlcywgaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0bwogICAgICBjb21tdW5pY2F0aW9uIG9uIGVsZWN0cm9uaWMgbWFpbGluZyBsaXN0cywgc291cmNlIGNvZGUgY29udHJvbCBzeXN0ZW1zLAogICAgICBhbmQgaXNzdWUgdHJhY2tpbmcgc3lzdGVtcyB0aGF0IGFyZSBtYW5hZ2VkIGJ5LCBvciBvbiBiZWhhbGYgb2YsIHRoZQogICAgICBMaWNlbnNvciBmb3IgdGhlIHB1cnBvc2Ugb2YgZGlzY3Vzc2luZyBhbmQgaW1wcm92aW5nIHRoZSBXb3JrLCBidXQKICAgICAgZXhjbHVkaW5nIGNvbW11bmljYXRpb24gdGhhdCBpcyBjb25zcGljdW91c2x5IG1hcmtlZCBvciBvdGhlcndpc2UKICAgICAgZGVzaWduYXRlZCBpbiB3cml0aW5nIGJ5IHRoZSBjb3B5cmlnaHQgb3duZXIgYXMgIk5vdCBhIENvbnRyaWJ1dGlvbi4iCgogICAgICAiQ29udHJpYnV0b3IiIHNoYWxsIG1lYW4gTGljZW5zb3IgYW5kIGFueSBpbmRpdmlkdWFsIG9yIExlZ2FsIEVudGl0eQogICAgICBvbiBiZWhhbGYgb2Ygd2hvbSBhIENvbnRyaWJ1dGlvbiBoYXMgYmVlbiByZWNlaXZlZCBieSBMaWNlbnNvciBhbmQKICAgICAgc3Vic2VxdWVudGx5IGluY29ycG9yYXRlZCB3aXRoaW4gdGhlIFdvcmsuCgogICAyLiBHcmFudCBvZiBDb3B5cmlnaHQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICBjb3B5cmlnaHQgbGljZW5zZSB0byByZXByb2R1Y2UsIHByZXBhcmUgRGVyaXZhdGl2ZSBXb3JrcyBvZiwKICAgICAgcHVibGljbHkgZGlzcGxheSwgcHVibGljbHkgcGVyZm9ybSwgc3VibGljZW5zZSwgYW5kIGRpc3RyaWJ1dGUgdGhlCiAgICAgIFdvcmsgYW5kIHN1Y2ggRGVyaXZhdGl2ZSBXb3JrcyBpbiBTb3VyY2Ugb3IgT2JqZWN0IGZvcm0uCgogICAzLiBHcmFudCBvZiBQYXRlbnQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICAoZXhjZXB0IGFzIHN0YXRlZCBpbiB0aGlzIHNlY3Rpb24pIHBhdGVudCBsaWNlbnNlIHRvIG1ha2UsIGhhdmUgbWFkZSwKICAgICAgdXNlLCBvZmZlciB0byBzZWxsLCBzZWxsLCBpbXBvcnQsIGFuZCBvdGhlcndpc2UgdHJhbnNmZXIgdGhlIFdvcmssCiAgICAgIHdoZXJlIHN1Y2ggbGljZW5zZSBhcHBsaWVzIG9ubHkgdG8gdGhvc2UgcGF0ZW50IGNsYWltcyBsaWNlbnNhYmxlCiAgICAgIGJ5IHN1Y2ggQ29udHJpYnV0b3IgdGhhdCBhcmUgbmVjZXNzYXJpbHkgaW5mcmluZ2VkIGJ5IHRoZWlyCiAgICAgIENvbnRyaWJ1dGlvbihzKSBhbG9uZSBvciBieSBjb21iaW5hdGlvbiBvZiB0aGVpciBDb250cmlidXRpb24ocykKICAgICAgd2l0aCB0aGUgV29yayB0byB3aGljaCBzdWNoIENvbnRyaWJ1dGlvbihzKSB3YXMgc3VibWl0dGVkLiBJZiBZb3UKICAgICAgaW5zdGl0dXRlIHBhdGVudCBsaXRpZ2F0aW9uIGFnYWluc3QgYW55IGVudGl0eSAoaW5jbHVkaW5nIGEKICAgICAgY3Jvc3MtY2xhaW0gb3IgY291bnRlcmNsYWltIGluIGEgbGF3c3VpdCkgYWxsZWdpbmcgdGhhdCB0aGUgV29yawogICAgICBvciBhIENvbnRyaWJ1dGlvbiBpbmNvcnBvcmF0ZWQgd2l0aGluIHRoZSBXb3JrIGNvbnN0aXR1dGVzIGRpcmVjdAogICAgICBvciBjb250cmlidXRvcnkgcGF0ZW50IGluZnJpbmdlbWVudCwgdGhlbiBhbnkgcGF0ZW50IGxpY2Vuc2VzCiAgICAgIGdyYW50ZWQgdG8gWW91IHVuZGVyIHRoaXMgTGljZW5zZSBmb3IgdGhhdCBXb3JrIHNoYWxsIHRlcm1pbmF0ZQogICAgICBhcyBvZiB0aGUgZGF0ZSBzdWNoIGxpdGlnYXRpb24gaXMgZmlsZWQuCgogICA0LiBSZWRpc3RyaWJ1dGlvbi4gWW91IG1heSByZXByb2R1Y2UgYW5kIGRpc3RyaWJ1dGUgY29waWVzIG9mIHRoZQogICAgICBXb3JrIG9yIERlcml2YXRpdmUgV29ya3MgdGhlcmVvZiBpbiBhbnkgbWVkaXVtLCB3aXRoIG9yIHdpdGhvdXQKICAgICAgbW9kaWZpY2F0aW9ucywgYW5kIGluIFNvdXJjZSBvciBPYmplY3QgZm9ybSwgcHJvdmlkZWQgdGhhdCBZb3UKICAgICAgbWVldCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnM6CgogICAgICAoYSkgWW91IG11c3QgZ2l2ZSBhbnkgb3RoZXIgcmVjaXBpZW50cyBvZiB0aGUgV29yayBvcgogICAgICAgICAgRGVyaXZhdGl2ZSBXb3JrcyBhIGNvcHkgb2YgdGhpcyBMaWNlbnNlOyBhbmQKCiAgICAgIChiKSBZb3UgbXVzdCBjYXVzZSBhbnkgbW9kaWZpZWQgZmlsZXMgdG8gY2FycnkgcHJvbWluZW50IG5vdGljZXMKICAgICAgICAgIHN0YXRpbmcgdGhhdCBZb3UgY2hhbmdlZCB0aGUgZmlsZXM7IGFuZAoKICAgICAgKGMpIFlvdSBtdXN0IHJldGFpbiwgaW4gdGhlIFNvdXJjZSBmb3JtIG9mIGFueSBEZXJpdmF0aXZlIFdvcmtzCiAgICAgICAgICB0aGF0IFlvdSBkaXN0cmlidXRlLCBhbGwgY29weXJpZ2h0LCBwYXRlbnQsIHRyYWRlbWFyaywgYW5kCiAgICAgICAgICBhdHRyaWJ1dGlvbiBub3RpY2VzIGZyb20gdGhlIFNvdXJjZSBmb3JtIG9mIHRoZSBXb3JrLAogICAgICAgICAgZXhjbHVkaW5nIHRob3NlIG5vdGljZXMgdGhhdCBkbyBub3QgcGVydGFpbiB0byBhbnkgcGFydCBvZgogICAgICAgICAgdGhlIERlcml2YXRpdmUgV29ya3M7IGFuZAoKICAgICAgKGQpIElmIHRoZSBXb3JrIGluY2x1ZGVzIGEgIk5PVElDRSIgdGV4dCBmaWxlIGFzIHBhcnQgb2YgaXRzCiAgICAgICAgICBkaXN0cmlidXRpb24sIHRoZW4gYW55IERlcml2YXRpdmUgV29ya3MgdGhhdCBZb3UgZGlzdHJpYnV0ZSBtdXN0CiAgICAgICAgICBpbmNsdWRlIGEgcmVhZGFibGUgY29weSBvZiB0aGUgYXR0cmlidXRpb24gbm90aWNlcyBjb250YWluZWQKICAgICAgICAgIHdpdGhpbiBzdWNoIE5PVElDRSBmaWxlLCBleGNsdWRpbmcgdGhvc2Ugbm90aWNlcyB0aGF0IGRvIG5vdAogICAgICAgICAgcGVydGFpbiB0byBhbnkgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaW4gYXQgbGVhc3Qgb25lCiAgICAgICAgICBvZiB0aGUgZm9sbG93aW5nIHBsYWNlczogd2l0aGluIGEgTk9USUNFIHRleHQgZmlsZSBkaXN0cmlidXRlZAogICAgICAgICAgYXMgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgd2l0aGluIHRoZSBTb3VyY2UgZm9ybSBvcgogICAgICAgICAgZG9jdW1lbnRhdGlvbiwgaWYgcHJvdmlkZWQgYWxvbmcgd2l0aCB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgb3IsCiAgICAgICAgICB3aXRoaW4gYSBkaXNwbGF5IGdlbmVyYXRlZCBieSB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaWYgYW5kCiAgICAgICAgICB3aGVyZXZlciBzdWNoIHRoaXJkLXBhcnR5IG5vdGljZXMgbm9ybWFsbHkgYXBwZWFyLiBUaGUgY29udGVudHMKICAgICAgICAgIG9mIHRoZSBOT1RJQ0UgZmlsZSBhcmUgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seSBhbmQKICAgICAgICAgIGRvIG5vdCBtb2RpZnkgdGhlIExpY2Vuc2UuIFlvdSBtYXkgYWRkIFlvdXIgb3duIGF0dHJpYnV0aW9uCiAgICAgICAgICBub3RpY2VzIHdpdGhpbiBEZXJpdmF0aXZlIFdvcmtzIHRoYXQgWW91IGRpc3RyaWJ1dGUsIGFsb25nc2lkZQogICAgICAgICAgb3IgYXMgYW4gYWRkZW5kdW0gdG8gdGhlIE5PVElDRSB0ZXh0IGZyb20gdGhlIFdvcmssIHByb3ZpZGVkCiAgICAgICAgICB0aGF0IHN1Y2ggYWRkaXRpb25hbCBhdHRyaWJ1dGlvbiBub3RpY2VzIGNhbm5vdCBiZSBjb25zdHJ1ZWQKICAgICAgICAgIGFzIG1vZGlmeWluZyB0aGUgTGljZW5zZS4KCiAgICAgIFlvdSBtYXkgYWRkIFlvdXIgb3duIGNvcHlyaWdodCBzdGF0ZW1lbnQgdG8gWW91ciBtb2RpZmljYXRpb25zIGFuZAogICAgICBtYXkgcHJvdmlkZSBhZGRpdGlvbmFsIG9yIGRpZmZlcmVudCBsaWNlbnNlIHRlcm1zIGFuZCBjb25kaXRpb25zCiAgICAgIGZvciB1c2UsIHJlcHJvZHVjdGlvbiwgb3IgZGlzdHJpYnV0aW9uIG9mIFlvdXIgbW9kaWZpY2F0aW9ucywgb3IKICAgICAgZm9yIGFueSBzdWNoIERlcml2YXRpdmUgV29ya3MgYXMgYSB3aG9sZSwgcHJvdmlkZWQgWW91ciB1c2UsCiAgICAgIHJlcHJvZHVjdGlvbiwgYW5kIGRpc3RyaWJ1dGlvbiBvZiB0aGUgV29yayBvdGhlcndpc2UgY29tcGxpZXMgd2l0aAogICAgICB0aGUgY29uZGl0aW9ucyBzdGF0ZWQgaW4gdGhpcyBMaWNlbnNlLgoKICAgNS4gU3VibWlzc2lvbiBvZiBDb250cmlidXRpb25zLiBVbmxlc3MgWW91IGV4cGxpY2l0bHkgc3RhdGUgb3RoZXJ3aXNlLAogICAgICBhbnkgQ29udHJpYnV0aW9uIGludGVudGlvbmFsbHkgc3VibWl0dGVkIGZvciBpbmNsdXNpb24gaW4gdGhlIFdvcmsKICAgICAgYnkgWW91IHRvIHRoZSBMaWNlbnNvciBzaGFsbCBiZSB1bmRlciB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCB3aXRob3V0IGFueSBhZGRpdGlvbmFsIHRlcm1zIG9yIGNvbmRpdGlvbnMuCiAgICAgIE5vdHdpdGhzdGFuZGluZyB0aGUgYWJvdmUsIG5vdGhpbmcgaGVyZWluIHNoYWxsIHN1cGVyc2VkZSBvciBtb2RpZnkKICAgICAgdGhlIHRlcm1zIG9mIGFueSBzZXBhcmF0ZSBsaWNlbnNlIGFncmVlbWVudCB5b3UgbWF5IGhhdmUgZXhlY3V0ZWQKICAgICAgd2l0aCBMaWNlbnNvciByZWdhcmRpbmcgc3VjaCBDb250cmlidXRpb25zLgoKICAgNi4gVHJhZGVtYXJrcy4gVGhpcyBMaWNlbnNlIGRvZXMgbm90IGdyYW50IHBlcm1pc3Npb24gdG8gdXNlIHRoZSB0cmFkZQogICAgICBuYW1lcywgdHJhZGVtYXJrcywgc2VydmljZSBtYXJrcywgb3IgcHJvZHVjdCBuYW1lcyBvZiB0aGUgTGljZW5zb3IsCiAgICAgIGV4Y2VwdCBhcyByZXF1aXJlZCBmb3IgcmVhc29uYWJsZSBhbmQgY3VzdG9tYXJ5IHVzZSBpbiBkZXNjcmliaW5nIHRoZQogICAgICBvcmlnaW4gb2YgdGhlIFdvcmsgYW5kIHJlcHJvZHVjaW5nIHRoZSBjb250ZW50IG9mIHRoZSBOT1RJQ0UgZmlsZS4KCiAgIDcuIERpc2NsYWltZXIgb2YgV2FycmFudHkuIFVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvcgogICAgICBhZ3JlZWQgdG8gaW4gd3JpdGluZywgTGljZW5zb3IgcHJvdmlkZXMgdGhlIFdvcmsgKGFuZCBlYWNoCiAgICAgIENvbnRyaWJ1dG9yIHByb3ZpZGVzIGl0cyBDb250cmlidXRpb25zKSBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICAgICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IKICAgICAgaW1wbGllZCwgaW5jbHVkaW5nLCB3aXRob3V0IGxpbWl0YXRpb24sIGFueSB3YXJyYW50aWVzIG9yIGNvbmRpdGlvbnMKICAgICAgb2YgVElUTEUsIE5PTi1JTkZSSU5HRU1FTlQsIE1FUkNIQU5UQUJJTElUWSwgb3IgRklUTkVTUyBGT1IgQQogICAgICBQQVJUSUNVTEFSIFBVUlBPU0UuIFlvdSBhcmUgc29sZWx5IHJlc3BvbnNpYmxlIGZvciBkZXRlcm1pbmluZyB0aGUKICAgICAgYXBwcm9wcmlhdGVuZXNzIG9mIHVzaW5nIG9yIHJlZGlzdHJpYnV0aW5nIHRoZSBXb3JrIGFuZCBhc3N1bWUgYW55CiAgICAgIHJpc2tzIGFzc29jaWF0ZWQgd2l0aCBZb3VyIGV4ZXJjaXNlIG9mIHBlcm1pc3Npb25zIHVuZGVyIHRoaXMgTGljZW5zZS4KCiAgIDguIExpbWl0YXRpb24gb2YgTGlhYmlsaXR5LiBJbiBubyBldmVudCBhbmQgdW5kZXIgbm8gbGVnYWwgdGhlb3J5LAogICAgICB3aGV0aGVyIGluIHRvcnQgKGluY2x1ZGluZyBuZWdsaWdlbmNlKSwgY29udHJhY3QsIG9yIG90aGVyd2lzZSwKICAgICAgdW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IChzdWNoIGFzIGRlbGliZXJhdGUgYW5kIGdyb3NzbHkKICAgICAgbmVnbGlnZW50IGFjdHMpIG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzaGFsbCBhbnkgQ29udHJpYnV0b3IgYmUKICAgICAgbGlhYmxlIHRvIFlvdSBmb3IgZGFtYWdlcywgaW5jbHVkaW5nIGFueSBkaXJlY3QsIGluZGlyZWN0LCBzcGVjaWFsLAogICAgICBpbmNpZGVudGFsLCBvciBjb25zZXF1ZW50aWFsIGRhbWFnZXMgb2YgYW55IGNoYXJhY3RlciBhcmlzaW5nIGFzIGEKICAgICAgcmVzdWx0IG9mIHRoaXMgTGljZW5zZSBvciBvdXQgb2YgdGhlIHVzZSBvciBpbmFiaWxpdHkgdG8gdXNlIHRoZQogICAgICBXb3JrIChpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIGRhbWFnZXMgZm9yIGxvc3Mgb2YgZ29vZHdpbGwsCiAgICAgIHdvcmsgc3RvcHBhZ2UsIGNvbXB1dGVyIGZhaWx1cmUgb3IgbWFsZnVuY3Rpb24sIG9yIGFueSBhbmQgYWxsCiAgICAgIG90aGVyIGNvbW1lcmNpYWwgZGFtYWdlcyBvciBsb3NzZXMpLCBldmVuIGlmIHN1Y2ggQ29udHJpYnV0b3IKICAgICAgaGFzIGJlZW4gYWR2aXNlZCBvZiB0aGUgcG9zc2liaWxpdHkgb2Ygc3VjaCBkYW1hZ2VzLgoKICAgOS4gQWNjZXB0aW5nIFdhcnJhbnR5IG9yIEFkZGl0aW9uYWwgTGlhYmlsaXR5LiBXaGlsZSByZWRpc3RyaWJ1dGluZwogICAgICB0aGUgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIFlvdSBtYXkgY2hvb3NlIHRvIG9mZmVyLAogICAgICBhbmQgY2hhcmdlIGEgZmVlIGZvciwgYWNjZXB0YW5jZSBvZiBzdXBwb3J0LCB3YXJyYW50eSwgaW5kZW1uaXR5LAogICAgICBvciBvdGhlciBsaWFiaWxpdHkgb2JsaWdhdGlvbnMgYW5kL29yIHJpZ2h0cyBjb25zaXN0ZW50IHdpdGggdGhpcwogICAgICBMaWNlbnNlLiBIb3dldmVyLCBpbiBhY2NlcHRpbmcgc3VjaCBvYmxpZ2F0aW9ucywgWW91IG1heSBhY3Qgb25seQogICAgICBvbiBZb3VyIG93biBiZWhhbGYgYW5kIG9uIFlvdXIgc29sZSByZXNwb25zaWJpbGl0eSwgbm90IG9uIGJlaGFsZgogICAgICBvZiBhbnkgb3RoZXIgQ29udHJpYnV0b3IsIGFuZCBvbmx5IGlmIFlvdSBhZ3JlZSB0byBpbmRlbW5pZnksCiAgICAgIGRlZmVuZCwgYW5kIGhvbGQgZWFjaCBDb250cmlidXRvciBoYXJtbGVzcyBmb3IgYW55IGxpYWJpbGl0eQogICAgICBpbmN1cnJlZCBieSwgb3IgY2xhaW1zIGFzc2VydGVkIGFnYWluc3QsIHN1Y2ggQ29udHJpYnV0b3IgYnkgcmVhc29uCiAgICAgIG9mIHlvdXIgYWNjZXB0aW5nIGFueSBzdWNoIHdhcnJhbnR5IG9yIGFkZGl0aW9uYWwgbGlhYmlsaXR5LgoKICAgRU5EIE9GIFRFUk1TIEFORCBDT05ESVRJT05TCgogICBBUFBFTkRJWDogSG93IHRvIGFwcGx5IHRoZSBBcGFjaGUgTGljZW5zZSB0byB5b3VyIHdvcmsuCgogICAgICBUbyBhcHBseSB0aGUgQXBhY2hlIExpY2Vuc2UgdG8geW91ciB3b3JrLCBhdHRhY2ggdGhlIGZvbGxvd2luZwogICAgICBib2lsZXJwbGF0ZSBub3RpY2UsIHdpdGggdGhlIGZpZWxkcyBlbmNsb3NlZCBieSBicmFja2V0cyAiW10iCiAgICAgIHJlcGxhY2VkIHdpdGggeW91ciBvd24gaWRlbnRpZnlpbmcgaW5mb3JtYXRpb24uIChEb24ndCBpbmNsdWRlCiAgICAgIHRoZSBicmFja2V0cyEpICBUaGUgdGV4dCBzaG91bGQgYmUgZW5jbG9zZWQgaW4gdGhlIGFwcHJvcHJpYXRlCiAgICAgIGNvbW1lbnQgc3ludGF4IGZvciB0aGUgZmlsZSBmb3JtYXQuIFdlIGFsc28gcmVjb21tZW5kIHRoYXQgYQogICAgICBmaWxlIG9yIGNsYXNzIG5hbWUgYW5kIGRlc2NyaXB0aW9uIG9mIHB1cnBvc2UgYmUgaW5jbHVkZWQgb24gdGhlCiAgICAgIHNhbWUgInByaW50ZWQgcGFnZSIgYXMgdGhlIGNvcHlyaWdodCBub3RpY2UgZm9yIGVhc2llcgogICAgICBpZGVudGlmaWNhdGlvbiB3aXRoaW4gdGhpcmQtcGFydHkgYXJjaGl2ZXMuCgogICBDb3B5cmlnaHQgW3l5eXldIFtuYW1lIG9mIGNvcHlyaWdodCBvd25lcl0KCiAgIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSAiTGljZW5zZSIpOwogICB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiAgIFlvdSBtYXkgb2J0YWluIGEgY29weSBvZiB0aGUgTGljZW5zZSBhdAoKICAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMAoKICAgVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZQogICBkaXN0cmlidXRlZCB1bmRlciB0aGUgTGljZW5zZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KICAgU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zIGFuZAogICBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS4= + https://www.apache.org/licenses/LICENSE-2.0.txt + + + pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar + + + + Apache + org.apache.tomcat + tomcat-catalina + 9.0.14 + Apache Catalina + + + Apache-2.0 + + + pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.14?packaging=jar + + + + + 7638417db6d59f3c431d3e1f261cc637155684cd + https://location/to/7638417db6d59f3c431d3e1f261cc637155684cd + + 2018-11-07T22:01:45Z + John Doe + john.doe@example.com + + + 2018-11-07T22:01:45Z + Jane Doe + jane.doe@example.com + + Initial commit + + + Commentary here + + + + org.example + mylibrary + 1.0.0 + required + + 2342c2eaf1feb9a80195dbaddf2ebaa3 + 68b78babe00a053f9e35ec6a2d9080f5b90122b0 + 708f1f53b41f11f02d12a11b1a38d2905d47b099afc71a0f1124ef8582ec7313 + 387b7ae16b9cae45f830671541539bf544202faae5aac544a93b7b0a04f5f846fa2f4e81ef3f1677e13aed7496408a441f5657ab6d54423e56bf6f38da124aef + + + EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 + + Copyright Example Inc. All rights reserved. + cpe:/a:example:myapplication:1.0.0 + pkg:maven/com.example/myapplication@1.0.0?packaging=war + false + + + http://example.org/docs + All component versions are documented here + + + http://example.org/security + + + + + com.example + myframework + 1.0.0 + Example Inc, enterprise framework + required + + cfcb0b64aacd2f81c1cd546543de965a + 7fbeef2346c45d565c3341f037bce4e088af8a52 + 0384db3cec55d86a6898c489fdb75a8e75fe66b26639634983d2f3c3558493d1 + 854909cdb9e3ca183056837144aab6d8069b377bd66445087cc7157bf0c3f620418705dd0b83bdc2f73a508c2bdb316ca1809d75ee6972d02023a3e7dd655c79 + + + + Some random license + + + pkg:maven/com.example/myframework@1.0.0?packaging=war + false + + + http://example.com/myframework + + + http://example.com/security + + + + + diff --git a/src/test/resources/1.5/invalid-patch-type-1.5.json b/src/test/resources/1.5/invalid-patch-type-1.5.json new file mode 100644 index 000000000..017a33b88 --- /dev/null +++ b/src/test/resources/1.5/invalid-patch-type-1.5.json @@ -0,0 +1,48 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "type": "library", + "group": "com.acme", + "name": "sample-library", + "version": "1.0.0", + "pedigree": { + "ancestors": [ + { + "type": "library", + "group": "org.example", + "name": "sample-library", + "version": "1.0.0" + } + ], + "patches": [ + { + "type": "foo", + "diff": { + "text": { + "contentType": "text/plain", + "encoding": "base64", + "content": "blah" + }, + "url": "uri/to/changes.diff" + }, + "resolves": [ + { + "type": "enhancement", + "id": "JIRA-17240", + "description": "Great new feature that does something", + "source": { + "name": "Acme Org", + "url": "https://issues.acme.org/17240" + } + } + ] + } + ] + } + } + ] +} diff --git a/src/test/resources/1.5/invalid-patch-type-1.5.xml b/src/test/resources/1.5/invalid-patch-type-1.5.xml new file mode 100644 index 000000000..07d955915 --- /dev/null +++ b/src/test/resources/1.5/invalid-patch-type-1.5.xml @@ -0,0 +1,37 @@ + + + + + com.acme + sample-library + 1.0.0 + + + + org.example + sample-library + 1.0.0 + + + + + + blah + uri/to/changes.diff + + + + JIRA-17240 + Great new feature that does something + + Acme Org + https://issues.acme.org/17240 + + + + + + + + + diff --git a/src/test/resources/1.5/invalid-scope-1.5.json b/src/test/resources/1.5/invalid-scope-1.5.json new file mode 100644 index 000000000..aae2004cd --- /dev/null +++ b/src/test/resources/1.5/invalid-scope-1.5.json @@ -0,0 +1,14 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "type": "library", + "name": "acme-library", + "version": "1.0.0", + "scope": "foo" + } + ] +} diff --git a/src/test/resources/1.5/invalid-scope-1.5.xml b/src/test/resources/1.5/invalid-scope-1.5.xml new file mode 100644 index 000000000..f3a1e6a07 --- /dev/null +++ b/src/test/resources/1.5/invalid-scope-1.5.xml @@ -0,0 +1,10 @@ + + + + + acme-library + 1.0.0 + foo + + + diff --git a/src/test/resources/1.5/invalid-serialnumber-1.5.json b/src/test/resources/1.5/invalid-serialnumber-1.5.json new file mode 100644 index 000000000..f2e1971b7 --- /dev/null +++ b/src/test/resources/1.5/invalid-serialnumber-1.5.json @@ -0,0 +1,8 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f", + "version": 1, + "components": [ + ] +} diff --git a/src/test/resources/1.5/invalid-serialnumber-1.5.xml b/src/test/resources/1.5/invalid-serialnumber-1.5.xml new file mode 100644 index 000000000..46de68b34 --- /dev/null +++ b/src/test/resources/1.5/invalid-serialnumber-1.5.xml @@ -0,0 +1,118 @@ + + + + + Acme Inc + com.acme + tomcat-catalina + 9.0.14 + Modified version of Apache Catalina + required + + 3942447fac867ae5cdb3229b658f4d48 + e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a + f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b + e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 + + + + Apache-2.0 + CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFwYWNoZSBMaWNlbnNlCiAgICAgICAgICAgICAgICAgICAgICAgICAgIFZlcnNpb24gMi4wLCBKYW51YXJ5IDIwMDQKICAgICAgICAgICAgICAgICAgICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzLwoKICAgVEVSTVMgQU5EIENPTkRJVElPTlMgRk9SIFVTRSwgUkVQUk9EVUNUSU9OLCBBTkQgRElTVFJJQlVUSU9OCgogICAxLiBEZWZpbml0aW9ucy4KCiAgICAgICJMaWNlbnNlIiBzaGFsbCBtZWFuIHRoZSB0ZXJtcyBhbmQgY29uZGl0aW9ucyBmb3IgdXNlLCByZXByb2R1Y3Rpb24sCiAgICAgIGFuZCBkaXN0cmlidXRpb24gYXMgZGVmaW5lZCBieSBTZWN0aW9ucyAxIHRocm91Z2ggOSBvZiB0aGlzIGRvY3VtZW50LgoKICAgICAgIkxpY2Vuc29yIiBzaGFsbCBtZWFuIHRoZSBjb3B5cmlnaHQgb3duZXIgb3IgZW50aXR5IGF1dGhvcml6ZWQgYnkKICAgICAgdGhlIGNvcHlyaWdodCBvd25lciB0aGF0IGlzIGdyYW50aW5nIHRoZSBMaWNlbnNlLgoKICAgICAgIkxlZ2FsIEVudGl0eSIgc2hhbGwgbWVhbiB0aGUgdW5pb24gb2YgdGhlIGFjdGluZyBlbnRpdHkgYW5kIGFsbAogICAgICBvdGhlciBlbnRpdGllcyB0aGF0IGNvbnRyb2wsIGFyZSBjb250cm9sbGVkIGJ5LCBvciBhcmUgdW5kZXIgY29tbW9uCiAgICAgIGNvbnRyb2wgd2l0aCB0aGF0IGVudGl0eS4gRm9yIHRoZSBwdXJwb3NlcyBvZiB0aGlzIGRlZmluaXRpb24sCiAgICAgICJjb250cm9sIiBtZWFucyAoaSkgdGhlIHBvd2VyLCBkaXJlY3Qgb3IgaW5kaXJlY3QsIHRvIGNhdXNlIHRoZQogICAgICBkaXJlY3Rpb24gb3IgbWFuYWdlbWVudCBvZiBzdWNoIGVudGl0eSwgd2hldGhlciBieSBjb250cmFjdCBvcgogICAgICBvdGhlcndpc2UsIG9yIChpaSkgb3duZXJzaGlwIG9mIGZpZnR5IHBlcmNlbnQgKDUwJSkgb3IgbW9yZSBvZiB0aGUKICAgICAgb3V0c3RhbmRpbmcgc2hhcmVzLCBvciAoaWlpKSBiZW5lZmljaWFsIG93bmVyc2hpcCBvZiBzdWNoIGVudGl0eS4KCiAgICAgICJZb3UiIChvciAiWW91ciIpIHNoYWxsIG1lYW4gYW4gaW5kaXZpZHVhbCBvciBMZWdhbCBFbnRpdHkKICAgICAgZXhlcmNpc2luZyBwZXJtaXNzaW9ucyBncmFudGVkIGJ5IHRoaXMgTGljZW5zZS4KCiAgICAgICJTb3VyY2UiIGZvcm0gc2hhbGwgbWVhbiB0aGUgcHJlZmVycmVkIGZvcm0gZm9yIG1ha2luZyBtb2RpZmljYXRpb25zLAogICAgICBpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIHNvZnR3YXJlIHNvdXJjZSBjb2RlLCBkb2N1bWVudGF0aW9uCiAgICAgIHNvdXJjZSwgYW5kIGNvbmZpZ3VyYXRpb24gZmlsZXMuCgogICAgICAiT2JqZWN0IiBmb3JtIHNoYWxsIG1lYW4gYW55IGZvcm0gcmVzdWx0aW5nIGZyb20gbWVjaGFuaWNhbAogICAgICB0cmFuc2Zvcm1hdGlvbiBvciB0cmFuc2xhdGlvbiBvZiBhIFNvdXJjZSBmb3JtLCBpbmNsdWRpbmcgYnV0CiAgICAgIG5vdCBsaW1pdGVkIHRvIGNvbXBpbGVkIG9iamVjdCBjb2RlLCBnZW5lcmF0ZWQgZG9jdW1lbnRhdGlvbiwKICAgICAgYW5kIGNvbnZlcnNpb25zIHRvIG90aGVyIG1lZGlhIHR5cGVzLgoKICAgICAgIldvcmsiIHNoYWxsIG1lYW4gdGhlIHdvcmsgb2YgYXV0aG9yc2hpcCwgd2hldGhlciBpbiBTb3VyY2Ugb3IKICAgICAgT2JqZWN0IGZvcm0sIG1hZGUgYXZhaWxhYmxlIHVuZGVyIHRoZSBMaWNlbnNlLCBhcyBpbmRpY2F0ZWQgYnkgYQogICAgICBjb3B5cmlnaHQgbm90aWNlIHRoYXQgaXMgaW5jbHVkZWQgaW4gb3IgYXR0YWNoZWQgdG8gdGhlIHdvcmsKICAgICAgKGFuIGV4YW1wbGUgaXMgcHJvdmlkZWQgaW4gdGhlIEFwcGVuZGl4IGJlbG93KS4KCiAgICAgICJEZXJpdmF0aXZlIFdvcmtzIiBzaGFsbCBtZWFuIGFueSB3b3JrLCB3aGV0aGVyIGluIFNvdXJjZSBvciBPYmplY3QKICAgICAgZm9ybSwgdGhhdCBpcyBiYXNlZCBvbiAob3IgZGVyaXZlZCBmcm9tKSB0aGUgV29yayBhbmQgZm9yIHdoaWNoIHRoZQogICAgICBlZGl0b3JpYWwgcmV2aXNpb25zLCBhbm5vdGF0aW9ucywgZWxhYm9yYXRpb25zLCBvciBvdGhlciBtb2RpZmljYXRpb25zCiAgICAgIHJlcHJlc2VudCwgYXMgYSB3aG9sZSwgYW4gb3JpZ2luYWwgd29yayBvZiBhdXRob3JzaGlwLiBGb3IgdGhlIHB1cnBvc2VzCiAgICAgIG9mIHRoaXMgTGljZW5zZSwgRGVyaXZhdGl2ZSBXb3JrcyBzaGFsbCBub3QgaW5jbHVkZSB3b3JrcyB0aGF0IHJlbWFpbgogICAgICBzZXBhcmFibGUgZnJvbSwgb3IgbWVyZWx5IGxpbmsgKG9yIGJpbmQgYnkgbmFtZSkgdG8gdGhlIGludGVyZmFjZXMgb2YsCiAgICAgIHRoZSBXb3JrIGFuZCBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YuCgogICAgICAiQ29udHJpYnV0aW9uIiBzaGFsbCBtZWFuIGFueSB3b3JrIG9mIGF1dGhvcnNoaXAsIGluY2x1ZGluZwogICAgICB0aGUgb3JpZ2luYWwgdmVyc2lvbiBvZiB0aGUgV29yayBhbmQgYW55IG1vZGlmaWNhdGlvbnMgb3IgYWRkaXRpb25zCiAgICAgIHRvIHRoYXQgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIHRoYXQgaXMgaW50ZW50aW9uYWxseQogICAgICBzdWJtaXR0ZWQgdG8gTGljZW5zb3IgZm9yIGluY2x1c2lvbiBpbiB0aGUgV29yayBieSB0aGUgY29weXJpZ2h0IG93bmVyCiAgICAgIG9yIGJ5IGFuIGluZGl2aWR1YWwgb3IgTGVnYWwgRW50aXR5IGF1dGhvcml6ZWQgdG8gc3VibWl0IG9uIGJlaGFsZiBvZgogICAgICB0aGUgY29weXJpZ2h0IG93bmVyLiBGb3IgdGhlIHB1cnBvc2VzIG9mIHRoaXMgZGVmaW5pdGlvbiwgInN1Ym1pdHRlZCIKICAgICAgbWVhbnMgYW55IGZvcm0gb2YgZWxlY3Ryb25pYywgdmVyYmFsLCBvciB3cml0dGVuIGNvbW11bmljYXRpb24gc2VudAogICAgICB0byB0aGUgTGljZW5zb3Igb3IgaXRzIHJlcHJlc2VudGF0aXZlcywgaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0bwogICAgICBjb21tdW5pY2F0aW9uIG9uIGVsZWN0cm9uaWMgbWFpbGluZyBsaXN0cywgc291cmNlIGNvZGUgY29udHJvbCBzeXN0ZW1zLAogICAgICBhbmQgaXNzdWUgdHJhY2tpbmcgc3lzdGVtcyB0aGF0IGFyZSBtYW5hZ2VkIGJ5LCBvciBvbiBiZWhhbGYgb2YsIHRoZQogICAgICBMaWNlbnNvciBmb3IgdGhlIHB1cnBvc2Ugb2YgZGlzY3Vzc2luZyBhbmQgaW1wcm92aW5nIHRoZSBXb3JrLCBidXQKICAgICAgZXhjbHVkaW5nIGNvbW11bmljYXRpb24gdGhhdCBpcyBjb25zcGljdW91c2x5IG1hcmtlZCBvciBvdGhlcndpc2UKICAgICAgZGVzaWduYXRlZCBpbiB3cml0aW5nIGJ5IHRoZSBjb3B5cmlnaHQgb3duZXIgYXMgIk5vdCBhIENvbnRyaWJ1dGlvbi4iCgogICAgICAiQ29udHJpYnV0b3IiIHNoYWxsIG1lYW4gTGljZW5zb3IgYW5kIGFueSBpbmRpdmlkdWFsIG9yIExlZ2FsIEVudGl0eQogICAgICBvbiBiZWhhbGYgb2Ygd2hvbSBhIENvbnRyaWJ1dGlvbiBoYXMgYmVlbiByZWNlaXZlZCBieSBMaWNlbnNvciBhbmQKICAgICAgc3Vic2VxdWVudGx5IGluY29ycG9yYXRlZCB3aXRoaW4gdGhlIFdvcmsuCgogICAyLiBHcmFudCBvZiBDb3B5cmlnaHQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICBjb3B5cmlnaHQgbGljZW5zZSB0byByZXByb2R1Y2UsIHByZXBhcmUgRGVyaXZhdGl2ZSBXb3JrcyBvZiwKICAgICAgcHVibGljbHkgZGlzcGxheSwgcHVibGljbHkgcGVyZm9ybSwgc3VibGljZW5zZSwgYW5kIGRpc3RyaWJ1dGUgdGhlCiAgICAgIFdvcmsgYW5kIHN1Y2ggRGVyaXZhdGl2ZSBXb3JrcyBpbiBTb3VyY2Ugb3IgT2JqZWN0IGZvcm0uCgogICAzLiBHcmFudCBvZiBQYXRlbnQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICAoZXhjZXB0IGFzIHN0YXRlZCBpbiB0aGlzIHNlY3Rpb24pIHBhdGVudCBsaWNlbnNlIHRvIG1ha2UsIGhhdmUgbWFkZSwKICAgICAgdXNlLCBvZmZlciB0byBzZWxsLCBzZWxsLCBpbXBvcnQsIGFuZCBvdGhlcndpc2UgdHJhbnNmZXIgdGhlIFdvcmssCiAgICAgIHdoZXJlIHN1Y2ggbGljZW5zZSBhcHBsaWVzIG9ubHkgdG8gdGhvc2UgcGF0ZW50IGNsYWltcyBsaWNlbnNhYmxlCiAgICAgIGJ5IHN1Y2ggQ29udHJpYnV0b3IgdGhhdCBhcmUgbmVjZXNzYXJpbHkgaW5mcmluZ2VkIGJ5IHRoZWlyCiAgICAgIENvbnRyaWJ1dGlvbihzKSBhbG9uZSBvciBieSBjb21iaW5hdGlvbiBvZiB0aGVpciBDb250cmlidXRpb24ocykKICAgICAgd2l0aCB0aGUgV29yayB0byB3aGljaCBzdWNoIENvbnRyaWJ1dGlvbihzKSB3YXMgc3VibWl0dGVkLiBJZiBZb3UKICAgICAgaW5zdGl0dXRlIHBhdGVudCBsaXRpZ2F0aW9uIGFnYWluc3QgYW55IGVudGl0eSAoaW5jbHVkaW5nIGEKICAgICAgY3Jvc3MtY2xhaW0gb3IgY291bnRlcmNsYWltIGluIGEgbGF3c3VpdCkgYWxsZWdpbmcgdGhhdCB0aGUgV29yawogICAgICBvciBhIENvbnRyaWJ1dGlvbiBpbmNvcnBvcmF0ZWQgd2l0aGluIHRoZSBXb3JrIGNvbnN0aXR1dGVzIGRpcmVjdAogICAgICBvciBjb250cmlidXRvcnkgcGF0ZW50IGluZnJpbmdlbWVudCwgdGhlbiBhbnkgcGF0ZW50IGxpY2Vuc2VzCiAgICAgIGdyYW50ZWQgdG8gWW91IHVuZGVyIHRoaXMgTGljZW5zZSBmb3IgdGhhdCBXb3JrIHNoYWxsIHRlcm1pbmF0ZQogICAgICBhcyBvZiB0aGUgZGF0ZSBzdWNoIGxpdGlnYXRpb24gaXMgZmlsZWQuCgogICA0LiBSZWRpc3RyaWJ1dGlvbi4gWW91IG1heSByZXByb2R1Y2UgYW5kIGRpc3RyaWJ1dGUgY29waWVzIG9mIHRoZQogICAgICBXb3JrIG9yIERlcml2YXRpdmUgV29ya3MgdGhlcmVvZiBpbiBhbnkgbWVkaXVtLCB3aXRoIG9yIHdpdGhvdXQKICAgICAgbW9kaWZpY2F0aW9ucywgYW5kIGluIFNvdXJjZSBvciBPYmplY3QgZm9ybSwgcHJvdmlkZWQgdGhhdCBZb3UKICAgICAgbWVldCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnM6CgogICAgICAoYSkgWW91IG11c3QgZ2l2ZSBhbnkgb3RoZXIgcmVjaXBpZW50cyBvZiB0aGUgV29yayBvcgogICAgICAgICAgRGVyaXZhdGl2ZSBXb3JrcyBhIGNvcHkgb2YgdGhpcyBMaWNlbnNlOyBhbmQKCiAgICAgIChiKSBZb3UgbXVzdCBjYXVzZSBhbnkgbW9kaWZpZWQgZmlsZXMgdG8gY2FycnkgcHJvbWluZW50IG5vdGljZXMKICAgICAgICAgIHN0YXRpbmcgdGhhdCBZb3UgY2hhbmdlZCB0aGUgZmlsZXM7IGFuZAoKICAgICAgKGMpIFlvdSBtdXN0IHJldGFpbiwgaW4gdGhlIFNvdXJjZSBmb3JtIG9mIGFueSBEZXJpdmF0aXZlIFdvcmtzCiAgICAgICAgICB0aGF0IFlvdSBkaXN0cmlidXRlLCBhbGwgY29weXJpZ2h0LCBwYXRlbnQsIHRyYWRlbWFyaywgYW5kCiAgICAgICAgICBhdHRyaWJ1dGlvbiBub3RpY2VzIGZyb20gdGhlIFNvdXJjZSBmb3JtIG9mIHRoZSBXb3JrLAogICAgICAgICAgZXhjbHVkaW5nIHRob3NlIG5vdGljZXMgdGhhdCBkbyBub3QgcGVydGFpbiB0byBhbnkgcGFydCBvZgogICAgICAgICAgdGhlIERlcml2YXRpdmUgV29ya3M7IGFuZAoKICAgICAgKGQpIElmIHRoZSBXb3JrIGluY2x1ZGVzIGEgIk5PVElDRSIgdGV4dCBmaWxlIGFzIHBhcnQgb2YgaXRzCiAgICAgICAgICBkaXN0cmlidXRpb24sIHRoZW4gYW55IERlcml2YXRpdmUgV29ya3MgdGhhdCBZb3UgZGlzdHJpYnV0ZSBtdXN0CiAgICAgICAgICBpbmNsdWRlIGEgcmVhZGFibGUgY29weSBvZiB0aGUgYXR0cmlidXRpb24gbm90aWNlcyBjb250YWluZWQKICAgICAgICAgIHdpdGhpbiBzdWNoIE5PVElDRSBmaWxlLCBleGNsdWRpbmcgdGhvc2Ugbm90aWNlcyB0aGF0IGRvIG5vdAogICAgICAgICAgcGVydGFpbiB0byBhbnkgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaW4gYXQgbGVhc3Qgb25lCiAgICAgICAgICBvZiB0aGUgZm9sbG93aW5nIHBsYWNlczogd2l0aGluIGEgTk9USUNFIHRleHQgZmlsZSBkaXN0cmlidXRlZAogICAgICAgICAgYXMgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgd2l0aGluIHRoZSBTb3VyY2UgZm9ybSBvcgogICAgICAgICAgZG9jdW1lbnRhdGlvbiwgaWYgcHJvdmlkZWQgYWxvbmcgd2l0aCB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgb3IsCiAgICAgICAgICB3aXRoaW4gYSBkaXNwbGF5IGdlbmVyYXRlZCBieSB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaWYgYW5kCiAgICAgICAgICB3aGVyZXZlciBzdWNoIHRoaXJkLXBhcnR5IG5vdGljZXMgbm9ybWFsbHkgYXBwZWFyLiBUaGUgY29udGVudHMKICAgICAgICAgIG9mIHRoZSBOT1RJQ0UgZmlsZSBhcmUgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seSBhbmQKICAgICAgICAgIGRvIG5vdCBtb2RpZnkgdGhlIExpY2Vuc2UuIFlvdSBtYXkgYWRkIFlvdXIgb3duIGF0dHJpYnV0aW9uCiAgICAgICAgICBub3RpY2VzIHdpdGhpbiBEZXJpdmF0aXZlIFdvcmtzIHRoYXQgWW91IGRpc3RyaWJ1dGUsIGFsb25nc2lkZQogICAgICAgICAgb3IgYXMgYW4gYWRkZW5kdW0gdG8gdGhlIE5PVElDRSB0ZXh0IGZyb20gdGhlIFdvcmssIHByb3ZpZGVkCiAgICAgICAgICB0aGF0IHN1Y2ggYWRkaXRpb25hbCBhdHRyaWJ1dGlvbiBub3RpY2VzIGNhbm5vdCBiZSBjb25zdHJ1ZWQKICAgICAgICAgIGFzIG1vZGlmeWluZyB0aGUgTGljZW5zZS4KCiAgICAgIFlvdSBtYXkgYWRkIFlvdXIgb3duIGNvcHlyaWdodCBzdGF0ZW1lbnQgdG8gWW91ciBtb2RpZmljYXRpb25zIGFuZAogICAgICBtYXkgcHJvdmlkZSBhZGRpdGlvbmFsIG9yIGRpZmZlcmVudCBsaWNlbnNlIHRlcm1zIGFuZCBjb25kaXRpb25zCiAgICAgIGZvciB1c2UsIHJlcHJvZHVjdGlvbiwgb3IgZGlzdHJpYnV0aW9uIG9mIFlvdXIgbW9kaWZpY2F0aW9ucywgb3IKICAgICAgZm9yIGFueSBzdWNoIERlcml2YXRpdmUgV29ya3MgYXMgYSB3aG9sZSwgcHJvdmlkZWQgWW91ciB1c2UsCiAgICAgIHJlcHJvZHVjdGlvbiwgYW5kIGRpc3RyaWJ1dGlvbiBvZiB0aGUgV29yayBvdGhlcndpc2UgY29tcGxpZXMgd2l0aAogICAgICB0aGUgY29uZGl0aW9ucyBzdGF0ZWQgaW4gdGhpcyBMaWNlbnNlLgoKICAgNS4gU3VibWlzc2lvbiBvZiBDb250cmlidXRpb25zLiBVbmxlc3MgWW91IGV4cGxpY2l0bHkgc3RhdGUgb3RoZXJ3aXNlLAogICAgICBhbnkgQ29udHJpYnV0aW9uIGludGVudGlvbmFsbHkgc3VibWl0dGVkIGZvciBpbmNsdXNpb24gaW4gdGhlIFdvcmsKICAgICAgYnkgWW91IHRvIHRoZSBMaWNlbnNvciBzaGFsbCBiZSB1bmRlciB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCB3aXRob3V0IGFueSBhZGRpdGlvbmFsIHRlcm1zIG9yIGNvbmRpdGlvbnMuCiAgICAgIE5vdHdpdGhzdGFuZGluZyB0aGUgYWJvdmUsIG5vdGhpbmcgaGVyZWluIHNoYWxsIHN1cGVyc2VkZSBvciBtb2RpZnkKICAgICAgdGhlIHRlcm1zIG9mIGFueSBzZXBhcmF0ZSBsaWNlbnNlIGFncmVlbWVudCB5b3UgbWF5IGhhdmUgZXhlY3V0ZWQKICAgICAgd2l0aCBMaWNlbnNvciByZWdhcmRpbmcgc3VjaCBDb250cmlidXRpb25zLgoKICAgNi4gVHJhZGVtYXJrcy4gVGhpcyBMaWNlbnNlIGRvZXMgbm90IGdyYW50IHBlcm1pc3Npb24gdG8gdXNlIHRoZSB0cmFkZQogICAgICBuYW1lcywgdHJhZGVtYXJrcywgc2VydmljZSBtYXJrcywgb3IgcHJvZHVjdCBuYW1lcyBvZiB0aGUgTGljZW5zb3IsCiAgICAgIGV4Y2VwdCBhcyByZXF1aXJlZCBmb3IgcmVhc29uYWJsZSBhbmQgY3VzdG9tYXJ5IHVzZSBpbiBkZXNjcmliaW5nIHRoZQogICAgICBvcmlnaW4gb2YgdGhlIFdvcmsgYW5kIHJlcHJvZHVjaW5nIHRoZSBjb250ZW50IG9mIHRoZSBOT1RJQ0UgZmlsZS4KCiAgIDcuIERpc2NsYWltZXIgb2YgV2FycmFudHkuIFVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvcgogICAgICBhZ3JlZWQgdG8gaW4gd3JpdGluZywgTGljZW5zb3IgcHJvdmlkZXMgdGhlIFdvcmsgKGFuZCBlYWNoCiAgICAgIENvbnRyaWJ1dG9yIHByb3ZpZGVzIGl0cyBDb250cmlidXRpb25zKSBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICAgICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IKICAgICAgaW1wbGllZCwgaW5jbHVkaW5nLCB3aXRob3V0IGxpbWl0YXRpb24sIGFueSB3YXJyYW50aWVzIG9yIGNvbmRpdGlvbnMKICAgICAgb2YgVElUTEUsIE5PTi1JTkZSSU5HRU1FTlQsIE1FUkNIQU5UQUJJTElUWSwgb3IgRklUTkVTUyBGT1IgQQogICAgICBQQVJUSUNVTEFSIFBVUlBPU0UuIFlvdSBhcmUgc29sZWx5IHJlc3BvbnNpYmxlIGZvciBkZXRlcm1pbmluZyB0aGUKICAgICAgYXBwcm9wcmlhdGVuZXNzIG9mIHVzaW5nIG9yIHJlZGlzdHJpYnV0aW5nIHRoZSBXb3JrIGFuZCBhc3N1bWUgYW55CiAgICAgIHJpc2tzIGFzc29jaWF0ZWQgd2l0aCBZb3VyIGV4ZXJjaXNlIG9mIHBlcm1pc3Npb25zIHVuZGVyIHRoaXMgTGljZW5zZS4KCiAgIDguIExpbWl0YXRpb24gb2YgTGlhYmlsaXR5LiBJbiBubyBldmVudCBhbmQgdW5kZXIgbm8gbGVnYWwgdGhlb3J5LAogICAgICB3aGV0aGVyIGluIHRvcnQgKGluY2x1ZGluZyBuZWdsaWdlbmNlKSwgY29udHJhY3QsIG9yIG90aGVyd2lzZSwKICAgICAgdW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IChzdWNoIGFzIGRlbGliZXJhdGUgYW5kIGdyb3NzbHkKICAgICAgbmVnbGlnZW50IGFjdHMpIG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzaGFsbCBhbnkgQ29udHJpYnV0b3IgYmUKICAgICAgbGlhYmxlIHRvIFlvdSBmb3IgZGFtYWdlcywgaW5jbHVkaW5nIGFueSBkaXJlY3QsIGluZGlyZWN0LCBzcGVjaWFsLAogICAgICBpbmNpZGVudGFsLCBvciBjb25zZXF1ZW50aWFsIGRhbWFnZXMgb2YgYW55IGNoYXJhY3RlciBhcmlzaW5nIGFzIGEKICAgICAgcmVzdWx0IG9mIHRoaXMgTGljZW5zZSBvciBvdXQgb2YgdGhlIHVzZSBvciBpbmFiaWxpdHkgdG8gdXNlIHRoZQogICAgICBXb3JrIChpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIGRhbWFnZXMgZm9yIGxvc3Mgb2YgZ29vZHdpbGwsCiAgICAgIHdvcmsgc3RvcHBhZ2UsIGNvbXB1dGVyIGZhaWx1cmUgb3IgbWFsZnVuY3Rpb24sIG9yIGFueSBhbmQgYWxsCiAgICAgIG90aGVyIGNvbW1lcmNpYWwgZGFtYWdlcyBvciBsb3NzZXMpLCBldmVuIGlmIHN1Y2ggQ29udHJpYnV0b3IKICAgICAgaGFzIGJlZW4gYWR2aXNlZCBvZiB0aGUgcG9zc2liaWxpdHkgb2Ygc3VjaCBkYW1hZ2VzLgoKICAgOS4gQWNjZXB0aW5nIFdhcnJhbnR5IG9yIEFkZGl0aW9uYWwgTGlhYmlsaXR5LiBXaGlsZSByZWRpc3RyaWJ1dGluZwogICAgICB0aGUgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIFlvdSBtYXkgY2hvb3NlIHRvIG9mZmVyLAogICAgICBhbmQgY2hhcmdlIGEgZmVlIGZvciwgYWNjZXB0YW5jZSBvZiBzdXBwb3J0LCB3YXJyYW50eSwgaW5kZW1uaXR5LAogICAgICBvciBvdGhlciBsaWFiaWxpdHkgb2JsaWdhdGlvbnMgYW5kL29yIHJpZ2h0cyBjb25zaXN0ZW50IHdpdGggdGhpcwogICAgICBMaWNlbnNlLiBIb3dldmVyLCBpbiBhY2NlcHRpbmcgc3VjaCBvYmxpZ2F0aW9ucywgWW91IG1heSBhY3Qgb25seQogICAgICBvbiBZb3VyIG93biBiZWhhbGYgYW5kIG9uIFlvdXIgc29sZSByZXNwb25zaWJpbGl0eSwgbm90IG9uIGJlaGFsZgogICAgICBvZiBhbnkgb3RoZXIgQ29udHJpYnV0b3IsIGFuZCBvbmx5IGlmIFlvdSBhZ3JlZSB0byBpbmRlbW5pZnksCiAgICAgIGRlZmVuZCwgYW5kIGhvbGQgZWFjaCBDb250cmlidXRvciBoYXJtbGVzcyBmb3IgYW55IGxpYWJpbGl0eQogICAgICBpbmN1cnJlZCBieSwgb3IgY2xhaW1zIGFzc2VydGVkIGFnYWluc3QsIHN1Y2ggQ29udHJpYnV0b3IgYnkgcmVhc29uCiAgICAgIG9mIHlvdXIgYWNjZXB0aW5nIGFueSBzdWNoIHdhcnJhbnR5IG9yIGFkZGl0aW9uYWwgbGlhYmlsaXR5LgoKICAgRU5EIE9GIFRFUk1TIEFORCBDT05ESVRJT05TCgogICBBUFBFTkRJWDogSG93IHRvIGFwcGx5IHRoZSBBcGFjaGUgTGljZW5zZSB0byB5b3VyIHdvcmsuCgogICAgICBUbyBhcHBseSB0aGUgQXBhY2hlIExpY2Vuc2UgdG8geW91ciB3b3JrLCBhdHRhY2ggdGhlIGZvbGxvd2luZwogICAgICBib2lsZXJwbGF0ZSBub3RpY2UsIHdpdGggdGhlIGZpZWxkcyBlbmNsb3NlZCBieSBicmFja2V0cyAiW10iCiAgICAgIHJlcGxhY2VkIHdpdGggeW91ciBvd24gaWRlbnRpZnlpbmcgaW5mb3JtYXRpb24uIChEb24ndCBpbmNsdWRlCiAgICAgIHRoZSBicmFja2V0cyEpICBUaGUgdGV4dCBzaG91bGQgYmUgZW5jbG9zZWQgaW4gdGhlIGFwcHJvcHJpYXRlCiAgICAgIGNvbW1lbnQgc3ludGF4IGZvciB0aGUgZmlsZSBmb3JtYXQuIFdlIGFsc28gcmVjb21tZW5kIHRoYXQgYQogICAgICBmaWxlIG9yIGNsYXNzIG5hbWUgYW5kIGRlc2NyaXB0aW9uIG9mIHB1cnBvc2UgYmUgaW5jbHVkZWQgb24gdGhlCiAgICAgIHNhbWUgInByaW50ZWQgcGFnZSIgYXMgdGhlIGNvcHlyaWdodCBub3RpY2UgZm9yIGVhc2llcgogICAgICBpZGVudGlmaWNhdGlvbiB3aXRoaW4gdGhpcmQtcGFydHkgYXJjaGl2ZXMuCgogICBDb3B5cmlnaHQgW3l5eXldIFtuYW1lIG9mIGNvcHlyaWdodCBvd25lcl0KCiAgIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSAiTGljZW5zZSIpOwogICB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiAgIFlvdSBtYXkgb2J0YWluIGEgY29weSBvZiB0aGUgTGljZW5zZSBhdAoKICAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMAoKICAgVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZQogICBkaXN0cmlidXRlZCB1bmRlciB0aGUgTGljZW5zZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KICAgU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zIGFuZAogICBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS4= + https://www.apache.org/licenses/LICENSE-2.0.txt + + + pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar + + + + Apache + org.apache.tomcat + tomcat-catalina + 9.0.14 + Apache Catalina + + + Apache-2.0 + + + pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.14?packaging=jar + + + + + 7638417db6d59f3c431d3e1f261cc637155684cd + https://location/to/7638417db6d59f3c431d3e1f261cc637155684cd + + 2018-11-07T22:01:45Z + John Doe + john.doe@example.com + + + 2018-11-07T22:01:45Z + Jane Doe + jane.doe@example.com + + Initial commit + + + Commentary here + + + + org.example + mylibrary + 1.0.0 + required + + 2342c2eaf1feb9a80195dbaddf2ebaa3 + 68b78babe00a053f9e35ec6a2d9080f5b90122b0 + 708f1f53b41f11f02d12a11b1a38d2905d47b099afc71a0f1124ef8582ec7313 + 387b7ae16b9cae45f830671541539bf544202faae5aac544a93b7b0a04f5f846fa2f4e81ef3f1677e13aed7496408a441f5657ab6d54423e56bf6f38da124aef + + + EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 + + Copyright Example Inc. All rights reserved. + cpe:/a:example:myapplication:1.0.0 + pkg:maven/com.example/myapplication@1.0.0?packaging=war + false + + + http://example.org/docs + All component versions are documented here + + + http://example.org/security + + + + + com.example + myframework + 1.0.0 + Example Inc, enterprise framework + required + + cfcb0b64aacd2f81c1cd546543de965a + 7fbeef2346c45d565c3341f037bce4e088af8a52 + 0384db3cec55d86a6898c489fdb75a8e75fe66b26639634983d2f3c3558493d1 + 854909cdb9e3ca183056837144aab6d8069b377bd66445087cc7157bf0c3f620418705dd0b83bdc2f73a508c2bdb316ca1809d75ee6972d02023a3e7dd655c79 + + + + Some random license + + + pkg:maven/com.example/myframework@1.0.0?packaging=war + false + + + http://example.com/myframework + + + http://example.com/security + + + + + diff --git a/src/test/resources/1.5/invalid-service-data-1.5.json b/src/test/resources/1.5/invalid-service-data-1.5.json new file mode 100644 index 000000000..08bd2c1b7 --- /dev/null +++ b/src/test/resources/1.5/invalid-service-data-1.5.json @@ -0,0 +1,20 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "services": [ + { + "bom-ref": "b2a46a4b-8367-4bae-9820-95557cfe03a8", + "name": "Stock ticker service", + "authenticated": true, + "x-trust-boundary": true, + "data": [ + { + "classification": "foo", + "flow": "bar" + } + ] + } + ] +} diff --git a/src/test/resources/1.5/invalid-service-data-1.5.xml b/src/test/resources/1.5/invalid-service-data-1.5.xml new file mode 100644 index 000000000..92cef8488 --- /dev/null +++ b/src/test/resources/1.5/invalid-service-data-1.5.xml @@ -0,0 +1,11 @@ + + + + + Stock ticker service + + bar + + + + diff --git a/src/test/resources/1.5/valid-assembly-1.5.json b/src/test/resources/1.5/valid-assembly-1.5.json new file mode 100644 index 000000000..aa26afe1e --- /dev/null +++ b/src/test/resources/1.5/valid-assembly-1.5.json @@ -0,0 +1,30 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "type": "library", + "name": "acme-library-a", + "version": "1.0.0", + "components": [ + { + "type": "library", + "name": "acme-library-b", + "version": "2.0.0" + } + ] + } + ], + "services": [ + { + "name": "acme-service-a", + "services": [ + { + "name": "acme-service-b" + } + ] + } + ] +} diff --git a/src/test/resources/1.5/valid-assembly-1.5.textproto b/src/test/resources/1.5/valid-assembly-1.5.textproto new file mode 100644 index 000000000..934857777 --- /dev/null +++ b/src/test/resources/1.5/valid-assembly-1.5.textproto @@ -0,0 +1,19 @@ +spec_version: "1.5" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +components { + type: CLASSIFICATION_LIBRARY + name: "acme-library-a" + version: "1.0.0" + components { + type: CLASSIFICATION_LIBRARY + name: "acme-library-b" + version: "2.0.0" + } +} +services { + name: "acme-service-a" + services { + name: "acme-service-b" + } +} diff --git a/src/test/resources/1.5/valid-assembly-1.5.xml b/src/test/resources/1.5/valid-assembly-1.5.xml new file mode 100644 index 000000000..a8e34d89e --- /dev/null +++ b/src/test/resources/1.5/valid-assembly-1.5.xml @@ -0,0 +1,25 @@ + + + + + acme-library-a + 1.0.0 + + + acme-library-b + 2.0.0 + + + + + + + acme-service-a + + + acme-service-b + + + + + diff --git a/src/test/resources/1.5/valid-bom-1.5.json b/src/test/resources/1.5/valid-bom-1.5.json new file mode 100644 index 000000000..c0f3b17ef --- /dev/null +++ b/src/test/resources/1.5/valid-bom-1.5.json @@ -0,0 +1,177 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "metadata": { + "timestamp": "2020-04-13T20:20:39+00:00", + "tools": [ + { + "vendor": "Awesome Vendor", + "name": "Awesome Tool", + "version": "9.1.2", + "hashes": [ + { + "alg": "SHA-1", + "content": "25ed8e31b995bb927966616df2a42b979a2717f0" + }, + { + "alg": "SHA-256", + "content": "a74f733635a19aefb1f73e5947cef59cd7440c6952ef0f03d09d974274cbd6df" + } + ] + } + ], + "authors": [ + { + "name": "Samantha Wright", + "email": "samantha.wright@example.com", + "phone": "800-555-1212" + } + ], + "component": { + "type": "application", + "author": "Acme Super Heros", + "name": "Acme Application", + "version": "9.1.1", + "swid": { + "tagId": "swidgen-242eb18a-503e-ca37-393b-cf156ef09691_9.1.1", + "name": "Acme Application", + "version": "9.1.1", + "text": { + "contentType": "text/xml", + "encoding": "base64", + "content": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiID8+CjxTb2Z0d2FyZUlkZW50aXR5IHhtbDpsYW5nPSJFTiIgbmFtZT0iQWNtZSBBcHBsaWNhdGlvbiIgdmVyc2lvbj0iOS4xLjEiIAogdmVyc2lvblNjaGVtZT0ibXVsdGlwYXJ0bnVtZXJpYyIgCiB0YWdJZD0ic3dpZGdlbi1iNTk1MWFjOS00MmMwLWYzODItM2YxZS1iYzdhMmE0NDk3Y2JfOS4xLjEiIAogeG1sbnM9Imh0dHA6Ly9zdGFuZGFyZHMuaXNvLm9yZy9pc28vMTk3NzAvLTIvMjAxNS9zY2hlbWEueHNkIj4gCiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiAKIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL3N0YW5kYXJkcy5pc28ub3JnL2lzby8xOTc3MC8tMi8yMDE1LWN1cnJlbnQvc2NoZW1hLnhzZCBzY2hlbWEueHNkIiA+CiAgPE1ldGEgZ2VuZXJhdG9yPSJTV0lEIFRhZyBPbmxpbmUgR2VuZXJhdG9yIHYwLjEiIC8+IAogIDxFbnRpdHkgbmFtZT0iQWNtZSwgSW5jLiIgcmVnaWQ9ImV4YW1wbGUuY29tIiByb2xlPSJ0YWdDcmVhdG9yIiAvPiAKPC9Tb2Z0d2FyZUlkZW50aXR5Pg==" + } + } + }, + "manufacture": { + "name": "Acme, Inc.", + "url": [ + "https://example.com" + ], + "contact": [ + { + "name": "Acme Professional Services", + "email": "professional.services@example.com" + } + ] + }, + "supplier": { + "name": "Acme, Inc.", + "url": [ + "https://example.com" + ], + "contact": [ + { + "name": "Acme Distribution", + "email": "distribution@example.com" + } + ] + } + }, + "components": [ + { + "bom-ref": "pkg:npm/acme/component@1.0.0", + "type": "library", + "publisher": "Acme Inc", + "group": "com.acme", + "name": "tomcat-catalina", + "version": "9.0.14", + "hashes": [ + { + "alg": "MD5", + "content": "3942447fac867ae5cdb3229b658f4d48" + }, + { + "alg": "SHA-1", + "content": "e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a" + }, + { + "alg": "SHA-256", + "content": "f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b" + }, + { + "alg": "SHA-512", + "content": "e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "text": { + "contentType": "text/plain", + "encoding": "base64", + "content": "License text here" + }, + "url": "https://www.apache.org/licenses/LICENSE-2.0.txt" + } + } + ], + "purl": "pkg:npm/acme/component@1.0.0", + "pedigree": { + "ancestors": [ + { + "type": "library", + "publisher": "Acme Inc", + "group": "com.acme", + "name": "tomcat-catalina", + "version": "9.0.14" + }, + { + "type": "library", + "publisher": "Acme Inc", + "group": "com.acme", + "name": "tomcat-catalina", + "version": "9.0.14" + } + ], + "commits": [ + { + "uid": "123", + "url": "", + "author": { + "timestamp": "2018-11-13T20:20:39+00:00", + "name": "", + "email": "" + } + } + ] + } + }, + { + "type": "library", + "supplier": { + "name": "Example, Inc.", + "url": [ + "https://example.com", + "https://example.net" + ], + "contact": [ + { + "name": "Example Support AMER Distribution", + "email": "support@example.com", + "phone": "800-555-1212" + }, + { + "name": "Example Support APAC", + "email": "support@apac.example.com" + } + ] + }, + "author": "Example Super Heros", + "group": "org.example", + "name": "mylibrary", + "version": "1.0.0" + } + ], + "dependencies": [ + { + "ref": "pkg:npm/acme/component@1.0.0", + "dependsOn": [ + "pkg:npm/acme/component@1.0.0" + ] + } + ] +} diff --git a/src/test/resources/1.5/valid-bom-1.5.textproto b/src/test/resources/1.5/valid-bom-1.5.textproto new file mode 100644 index 000000000..fede993c6 --- /dev/null +++ b/src/test/resources/1.5/valid-bom-1.5.textproto @@ -0,0 +1,150 @@ +spec_version: "1.5" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +metadata { + timestamp { + seconds: 3173618478 + nanos: 3 + } + tools { + vendor: "Awesome Vendor" + name: "Awesome Tool" + version: "9.1.2" + hashes { + alg: HASH_ALG_SHA_1 + value: "25ed8e31b995bb927966616df2a42b979a2717f0" + } + hashes { + alg: HASH_ALG_SHA_256 + value: "a74f733635a19aefb1f73e5947cef59cd7440c6952ef0f03d09d974274cbd6df" + } + } + authors { + name: "Samantha Wright" + email: "samantha.wright@example.com" + phone: "800-555-1212" + } + component { + type: CLASSIFICATION_APPLICATION + author: "Acme Super Heros" + name: "Acme Application" + version: "9.1.1" + swid { + tag_id: "swidgen-242eb18a-503e-ca37-393b-cf156ef09691_9.1.1" + name: "Acme Application" + version: "9.1.1" + text { + content_type: "text/xml" + encoding: "base64" + value: "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiID8+CjxTb2Z0d2FyZUlkZW50aXR5IHhtbDpsYW5nPSJFTiIgbmFtZT0iQWNtZSBBcHBsaWNhdGlvbiIgdmVyc2lvbj0iOS4xLjEiIAogdmVyc2lvblNjaGVtZT0ibXVsdGlwYXJ0bnVtZXJpYyIgCiB0YWdJZD0ic3dpZGdlbi1iNTk1MWFjOS00MmMwLWYzODItM2YxZS1iYzdhMmE0NDk3Y2JfOS4xLjEiIAogeG1sbnM9Imh0dHA6Ly9zdGFuZGFyZHMuaXNvLm9yZy9pc28vMTk3NzAvLTIvMjAxNS9zY2hlbWEueHNkIj4gCiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiAKIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL3N0YW5kYXJkcy5pc28ub3JnL2lzby8xOTc3MC8tMi8yMDE1LWN1cnJlbnQvc2NoZW1hLnhzZCBzY2hlbWEueHNkIiA+CiAgPE1ldGEgZ2VuZXJhdG9yPSJTV0lEIFRhZyBPbmxpbmUgR2VuZXJhdG9yIHYwLjEiIC8+IAogIDxFbnRpdHkgbmFtZT0iQWNtZSwgSW5jLiIgcmVnaWQ9ImV4YW1wbGUuY29tIiByb2xlPSJ0YWdDcmVhdG9yIiAvPiAKPC9Tb2Z0d2FyZUlkZW50aXR5Pg==" + } + } + } + manufacture { + name: "Acme, Inc." + url: "https://example.com" + contact { + name: "Acme Professional Services" + email: "professional.services@example.com" + } + } + supplier { + name: "Acme, Inc." + url: "https://example.com" + contact { + name: "Acme Distribution" + email: "distribution@example.com" + } + } +} +components { + type: CLASSIFICATION_LIBRARY + bom_ref: "pkg:npm/acme/component@1.0.0" + publisher: "Acme Inc" + group: "com.acme" + name: "tomcat-catalina" + version: "9.0.14" + hashes { + alg: HASH_ALG_MD_5 + value: "3942447fac867ae5cdb3229b658f4d48" + } + hashes { + alg: HASH_ALG_SHA_1 + value: "e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a" + } + hashes { + alg: HASH_ALG_SHA_256 + value: "f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b" + } + hashes { + alg: HASH_ALG_SHA_512 + value: "e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282" + } + licenses { + license { + id: "Apache-2.0" + text { + content_type: "text/plain" + encoding: "base64" + value: "License text here" + } + url: "https://www.apache.org/licenses/LICENSE-2.0.txt" + } + } + purl: "pkg:npm/acme/component@1.0.0" + pedigree { + ancestors { + type: CLASSIFICATION_LIBRARY + publisher: "Acme Inc" + group: "com.acme" + name: "tomcat-catalina" + version: "9.0.14" + } + ancestors { + type: CLASSIFICATION_LIBRARY + publisher: "Acme Inc" + group: "com.acme" + name: "tomcat-catalina" + version: "9.0.14" + } + commits { + uid: "123" + url: "" + author { + timestamp { + seconds: 3084280878 + nanos: 3 + } + name: "" + email: "" + } + } + } +} +components { + type: CLASSIFICATION_LIBRARY + supplier { + name: "Example, Inc." + url: "https://example.com" + url: "https://example.net" + contact { + name: "Example Support AMER Distribution" + email: "support@example.com" + phone: "800-555-1212" + } + contact { + name: "Example Support APAC" + email: "support@apac.example.com" + } + } + author: "Example Super Heros" + group: "org.example" + name: "mylibrary" + version: "1.0.0" +} +dependencies { + ref: "pkg:npm/acme/component@1.0.0" + dependencies { + ref: "pkg:npm/acme/component@1.0.0" + } +} diff --git a/src/test/resources/1.5/valid-bom-1.5.xml b/src/test/resources/1.5/valid-bom-1.5.xml new file mode 100644 index 000000000..913285eac --- /dev/null +++ b/src/test/resources/1.5/valid-bom-1.5.xml @@ -0,0 +1,181 @@ + + + + 2020-04-07T07:01:00Z + + + Awesome Vendor + Awesome Tool + 9.1.2 + + 25ed8e31b995bb927966616df2a42b979a2717f0 + a74f733635a19aefb1f73e5947cef59cd7440c6952ef0f03d09d974274cbd6df + + + + + + Samantha Wright + samantha.wright@example.com + 800-555-1212 + + + + Acme Super Heros + Acme Application + 9.1.1 + + PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiID8+CjxTb2Z0d2FyZUlkZW50aXR5IHhtbDpsYW5nPSJFTiIgbmFtZT0iQWNtZSBBcHBsaWNhdGlvbiIgdmVyc2lvbj0iOS4xLjEiIAogdmVyc2lvblNjaGVtZT0ibXVsdGlwYXJ0bnVtZXJpYyIgCiB0YWdJZD0ic3dpZGdlbi1iNTk1MWFjOS00MmMwLWYzODItM2YxZS1iYzdhMmE0NDk3Y2JfOS4xLjEiIAogeG1sbnM9Imh0dHA6Ly9zdGFuZGFyZHMuaXNvLm9yZy9pc28vMTk3NzAvLTIvMjAxNS9zY2hlbWEueHNkIj4gCiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiAKIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL3N0YW5kYXJkcy5pc28ub3JnL2lzby8xOTc3MC8tMi8yMDE1LWN1cnJlbnQvc2NoZW1hLnhzZCBzY2hlbWEueHNkIiA+CiAgPE1ldGEgZ2VuZXJhdG9yPSJTV0lEIFRhZyBPbmxpbmUgR2VuZXJhdG9yIHYwLjEiIC8+IAogIDxFbnRpdHkgbmFtZT0iQWNtZSwgSW5jLiIgcmVnaWQ9ImV4YW1wbGUuY29tIiByb2xlPSJ0YWdDcmVhdG9yIiAvPiAKPC9Tb2Z0d2FyZUlkZW50aXR5Pg== + + + + Acme, Inc. + https://example.com + + Acme Professional Services + professional.services@example.com + + + + Acme, Inc. + https://example.com + + Acme Distribution + distribution@example.com + + + + + + Acme Super Heros + Acme Inc + com.acme + tomcat-catalina + 9.0.14 + Modified version of Apache Catalina + required + + 3942447fac867ae5cdb3229b658f4d48 + e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a + f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b + e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 + + + + Apache-2.0 + CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFwYWNoZSBMaWNlbnNlCiAgICAgICAgICAgICAgICAgICAgICAgICAgIFZlcnNpb24gMi4wLCBKYW51YXJ5IDIwMDQKICAgICAgICAgICAgICAgICAgICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzLwoKICAgVEVSTVMgQU5EIENPTkRJVElPTlMgRk9SIFVTRSwgUkVQUk9EVUNUSU9OLCBBTkQgRElTVFJJQlVUSU9OCgogICAxLiBEZWZpbml0aW9ucy4KCiAgICAgICJMaWNlbnNlIiBzaGFsbCBtZWFuIHRoZSB0ZXJtcyBhbmQgY29uZGl0aW9ucyBmb3IgdXNlLCByZXByb2R1Y3Rpb24sCiAgICAgIGFuZCBkaXN0cmlidXRpb24gYXMgZGVmaW5lZCBieSBTZWN0aW9ucyAxIHRocm91Z2ggOSBvZiB0aGlzIGRvY3VtZW50LgoKICAgICAgIkxpY2Vuc29yIiBzaGFsbCBtZWFuIHRoZSBjb3B5cmlnaHQgb3duZXIgb3IgZW50aXR5IGF1dGhvcml6ZWQgYnkKICAgICAgdGhlIGNvcHlyaWdodCBvd25lciB0aGF0IGlzIGdyYW50aW5nIHRoZSBMaWNlbnNlLgoKICAgICAgIkxlZ2FsIEVudGl0eSIgc2hhbGwgbWVhbiB0aGUgdW5pb24gb2YgdGhlIGFjdGluZyBlbnRpdHkgYW5kIGFsbAogICAgICBvdGhlciBlbnRpdGllcyB0aGF0IGNvbnRyb2wsIGFyZSBjb250cm9sbGVkIGJ5LCBvciBhcmUgdW5kZXIgY29tbW9uCiAgICAgIGNvbnRyb2wgd2l0aCB0aGF0IGVudGl0eS4gRm9yIHRoZSBwdXJwb3NlcyBvZiB0aGlzIGRlZmluaXRpb24sCiAgICAgICJjb250cm9sIiBtZWFucyAoaSkgdGhlIHBvd2VyLCBkaXJlY3Qgb3IgaW5kaXJlY3QsIHRvIGNhdXNlIHRoZQogICAgICBkaXJlY3Rpb24gb3IgbWFuYWdlbWVudCBvZiBzdWNoIGVudGl0eSwgd2hldGhlciBieSBjb250cmFjdCBvcgogICAgICBvdGhlcndpc2UsIG9yIChpaSkgb3duZXJzaGlwIG9mIGZpZnR5IHBlcmNlbnQgKDUwJSkgb3IgbW9yZSBvZiB0aGUKICAgICAgb3V0c3RhbmRpbmcgc2hhcmVzLCBvciAoaWlpKSBiZW5lZmljaWFsIG93bmVyc2hpcCBvZiBzdWNoIGVudGl0eS4KCiAgICAgICJZb3UiIChvciAiWW91ciIpIHNoYWxsIG1lYW4gYW4gaW5kaXZpZHVhbCBvciBMZWdhbCBFbnRpdHkKICAgICAgZXhlcmNpc2luZyBwZXJtaXNzaW9ucyBncmFudGVkIGJ5IHRoaXMgTGljZW5zZS4KCiAgICAgICJTb3VyY2UiIGZvcm0gc2hhbGwgbWVhbiB0aGUgcHJlZmVycmVkIGZvcm0gZm9yIG1ha2luZyBtb2RpZmljYXRpb25zLAogICAgICBpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIHNvZnR3YXJlIHNvdXJjZSBjb2RlLCBkb2N1bWVudGF0aW9uCiAgICAgIHNvdXJjZSwgYW5kIGNvbmZpZ3VyYXRpb24gZmlsZXMuCgogICAgICAiT2JqZWN0IiBmb3JtIHNoYWxsIG1lYW4gYW55IGZvcm0gcmVzdWx0aW5nIGZyb20gbWVjaGFuaWNhbAogICAgICB0cmFuc2Zvcm1hdGlvbiBvciB0cmFuc2xhdGlvbiBvZiBhIFNvdXJjZSBmb3JtLCBpbmNsdWRpbmcgYnV0CiAgICAgIG5vdCBsaW1pdGVkIHRvIGNvbXBpbGVkIG9iamVjdCBjb2RlLCBnZW5lcmF0ZWQgZG9jdW1lbnRhdGlvbiwKICAgICAgYW5kIGNvbnZlcnNpb25zIHRvIG90aGVyIG1lZGlhIHR5cGVzLgoKICAgICAgIldvcmsiIHNoYWxsIG1lYW4gdGhlIHdvcmsgb2YgYXV0aG9yc2hpcCwgd2hldGhlciBpbiBTb3VyY2Ugb3IKICAgICAgT2JqZWN0IGZvcm0sIG1hZGUgYXZhaWxhYmxlIHVuZGVyIHRoZSBMaWNlbnNlLCBhcyBpbmRpY2F0ZWQgYnkgYQogICAgICBjb3B5cmlnaHQgbm90aWNlIHRoYXQgaXMgaW5jbHVkZWQgaW4gb3IgYXR0YWNoZWQgdG8gdGhlIHdvcmsKICAgICAgKGFuIGV4YW1wbGUgaXMgcHJvdmlkZWQgaW4gdGhlIEFwcGVuZGl4IGJlbG93KS4KCiAgICAgICJEZXJpdmF0aXZlIFdvcmtzIiBzaGFsbCBtZWFuIGFueSB3b3JrLCB3aGV0aGVyIGluIFNvdXJjZSBvciBPYmplY3QKICAgICAgZm9ybSwgdGhhdCBpcyBiYXNlZCBvbiAob3IgZGVyaXZlZCBmcm9tKSB0aGUgV29yayBhbmQgZm9yIHdoaWNoIHRoZQogICAgICBlZGl0b3JpYWwgcmV2aXNpb25zLCBhbm5vdGF0aW9ucywgZWxhYm9yYXRpb25zLCBvciBvdGhlciBtb2RpZmljYXRpb25zCiAgICAgIHJlcHJlc2VudCwgYXMgYSB3aG9sZSwgYW4gb3JpZ2luYWwgd29yayBvZiBhdXRob3JzaGlwLiBGb3IgdGhlIHB1cnBvc2VzCiAgICAgIG9mIHRoaXMgTGljZW5zZSwgRGVyaXZhdGl2ZSBXb3JrcyBzaGFsbCBub3QgaW5jbHVkZSB3b3JrcyB0aGF0IHJlbWFpbgogICAgICBzZXBhcmFibGUgZnJvbSwgb3IgbWVyZWx5IGxpbmsgKG9yIGJpbmQgYnkgbmFtZSkgdG8gdGhlIGludGVyZmFjZXMgb2YsCiAgICAgIHRoZSBXb3JrIGFuZCBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YuCgogICAgICAiQ29udHJpYnV0aW9uIiBzaGFsbCBtZWFuIGFueSB3b3JrIG9mIGF1dGhvcnNoaXAsIGluY2x1ZGluZwogICAgICB0aGUgb3JpZ2luYWwgdmVyc2lvbiBvZiB0aGUgV29yayBhbmQgYW55IG1vZGlmaWNhdGlvbnMgb3IgYWRkaXRpb25zCiAgICAgIHRvIHRoYXQgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIHRoYXQgaXMgaW50ZW50aW9uYWxseQogICAgICBzdWJtaXR0ZWQgdG8gTGljZW5zb3IgZm9yIGluY2x1c2lvbiBpbiB0aGUgV29yayBieSB0aGUgY29weXJpZ2h0IG93bmVyCiAgICAgIG9yIGJ5IGFuIGluZGl2aWR1YWwgb3IgTGVnYWwgRW50aXR5IGF1dGhvcml6ZWQgdG8gc3VibWl0IG9uIGJlaGFsZiBvZgogICAgICB0aGUgY29weXJpZ2h0IG93bmVyLiBGb3IgdGhlIHB1cnBvc2VzIG9mIHRoaXMgZGVmaW5pdGlvbiwgInN1Ym1pdHRlZCIKICAgICAgbWVhbnMgYW55IGZvcm0gb2YgZWxlY3Ryb25pYywgdmVyYmFsLCBvciB3cml0dGVuIGNvbW11bmljYXRpb24gc2VudAogICAgICB0byB0aGUgTGljZW5zb3Igb3IgaXRzIHJlcHJlc2VudGF0aXZlcywgaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0bwogICAgICBjb21tdW5pY2F0aW9uIG9uIGVsZWN0cm9uaWMgbWFpbGluZyBsaXN0cywgc291cmNlIGNvZGUgY29udHJvbCBzeXN0ZW1zLAogICAgICBhbmQgaXNzdWUgdHJhY2tpbmcgc3lzdGVtcyB0aGF0IGFyZSBtYW5hZ2VkIGJ5LCBvciBvbiBiZWhhbGYgb2YsIHRoZQogICAgICBMaWNlbnNvciBmb3IgdGhlIHB1cnBvc2Ugb2YgZGlzY3Vzc2luZyBhbmQgaW1wcm92aW5nIHRoZSBXb3JrLCBidXQKICAgICAgZXhjbHVkaW5nIGNvbW11bmljYXRpb24gdGhhdCBpcyBjb25zcGljdW91c2x5IG1hcmtlZCBvciBvdGhlcndpc2UKICAgICAgZGVzaWduYXRlZCBpbiB3cml0aW5nIGJ5IHRoZSBjb3B5cmlnaHQgb3duZXIgYXMgIk5vdCBhIENvbnRyaWJ1dGlvbi4iCgogICAgICAiQ29udHJpYnV0b3IiIHNoYWxsIG1lYW4gTGljZW5zb3IgYW5kIGFueSBpbmRpdmlkdWFsIG9yIExlZ2FsIEVudGl0eQogICAgICBvbiBiZWhhbGYgb2Ygd2hvbSBhIENvbnRyaWJ1dGlvbiBoYXMgYmVlbiByZWNlaXZlZCBieSBMaWNlbnNvciBhbmQKICAgICAgc3Vic2VxdWVudGx5IGluY29ycG9yYXRlZCB3aXRoaW4gdGhlIFdvcmsuCgogICAyLiBHcmFudCBvZiBDb3B5cmlnaHQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICBjb3B5cmlnaHQgbGljZW5zZSB0byByZXByb2R1Y2UsIHByZXBhcmUgRGVyaXZhdGl2ZSBXb3JrcyBvZiwKICAgICAgcHVibGljbHkgZGlzcGxheSwgcHVibGljbHkgcGVyZm9ybSwgc3VibGljZW5zZSwgYW5kIGRpc3RyaWJ1dGUgdGhlCiAgICAgIFdvcmsgYW5kIHN1Y2ggRGVyaXZhdGl2ZSBXb3JrcyBpbiBTb3VyY2Ugb3IgT2JqZWN0IGZvcm0uCgogICAzLiBHcmFudCBvZiBQYXRlbnQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICAoZXhjZXB0IGFzIHN0YXRlZCBpbiB0aGlzIHNlY3Rpb24pIHBhdGVudCBsaWNlbnNlIHRvIG1ha2UsIGhhdmUgbWFkZSwKICAgICAgdXNlLCBvZmZlciB0byBzZWxsLCBzZWxsLCBpbXBvcnQsIGFuZCBvdGhlcndpc2UgdHJhbnNmZXIgdGhlIFdvcmssCiAgICAgIHdoZXJlIHN1Y2ggbGljZW5zZSBhcHBsaWVzIG9ubHkgdG8gdGhvc2UgcGF0ZW50IGNsYWltcyBsaWNlbnNhYmxlCiAgICAgIGJ5IHN1Y2ggQ29udHJpYnV0b3IgdGhhdCBhcmUgbmVjZXNzYXJpbHkgaW5mcmluZ2VkIGJ5IHRoZWlyCiAgICAgIENvbnRyaWJ1dGlvbihzKSBhbG9uZSBvciBieSBjb21iaW5hdGlvbiBvZiB0aGVpciBDb250cmlidXRpb24ocykKICAgICAgd2l0aCB0aGUgV29yayB0byB3aGljaCBzdWNoIENvbnRyaWJ1dGlvbihzKSB3YXMgc3VibWl0dGVkLiBJZiBZb3UKICAgICAgaW5zdGl0dXRlIHBhdGVudCBsaXRpZ2F0aW9uIGFnYWluc3QgYW55IGVudGl0eSAoaW5jbHVkaW5nIGEKICAgICAgY3Jvc3MtY2xhaW0gb3IgY291bnRlcmNsYWltIGluIGEgbGF3c3VpdCkgYWxsZWdpbmcgdGhhdCB0aGUgV29yawogICAgICBvciBhIENvbnRyaWJ1dGlvbiBpbmNvcnBvcmF0ZWQgd2l0aGluIHRoZSBXb3JrIGNvbnN0aXR1dGVzIGRpcmVjdAogICAgICBvciBjb250cmlidXRvcnkgcGF0ZW50IGluZnJpbmdlbWVudCwgdGhlbiBhbnkgcGF0ZW50IGxpY2Vuc2VzCiAgICAgIGdyYW50ZWQgdG8gWW91IHVuZGVyIHRoaXMgTGljZW5zZSBmb3IgdGhhdCBXb3JrIHNoYWxsIHRlcm1pbmF0ZQogICAgICBhcyBvZiB0aGUgZGF0ZSBzdWNoIGxpdGlnYXRpb24gaXMgZmlsZWQuCgogICA0LiBSZWRpc3RyaWJ1dGlvbi4gWW91IG1heSByZXByb2R1Y2UgYW5kIGRpc3RyaWJ1dGUgY29waWVzIG9mIHRoZQogICAgICBXb3JrIG9yIERlcml2YXRpdmUgV29ya3MgdGhlcmVvZiBpbiBhbnkgbWVkaXVtLCB3aXRoIG9yIHdpdGhvdXQKICAgICAgbW9kaWZpY2F0aW9ucywgYW5kIGluIFNvdXJjZSBvciBPYmplY3QgZm9ybSwgcHJvdmlkZWQgdGhhdCBZb3UKICAgICAgbWVldCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnM6CgogICAgICAoYSkgWW91IG11c3QgZ2l2ZSBhbnkgb3RoZXIgcmVjaXBpZW50cyBvZiB0aGUgV29yayBvcgogICAgICAgICAgRGVyaXZhdGl2ZSBXb3JrcyBhIGNvcHkgb2YgdGhpcyBMaWNlbnNlOyBhbmQKCiAgICAgIChiKSBZb3UgbXVzdCBjYXVzZSBhbnkgbW9kaWZpZWQgZmlsZXMgdG8gY2FycnkgcHJvbWluZW50IG5vdGljZXMKICAgICAgICAgIHN0YXRpbmcgdGhhdCBZb3UgY2hhbmdlZCB0aGUgZmlsZXM7IGFuZAoKICAgICAgKGMpIFlvdSBtdXN0IHJldGFpbiwgaW4gdGhlIFNvdXJjZSBmb3JtIG9mIGFueSBEZXJpdmF0aXZlIFdvcmtzCiAgICAgICAgICB0aGF0IFlvdSBkaXN0cmlidXRlLCBhbGwgY29weXJpZ2h0LCBwYXRlbnQsIHRyYWRlbWFyaywgYW5kCiAgICAgICAgICBhdHRyaWJ1dGlvbiBub3RpY2VzIGZyb20gdGhlIFNvdXJjZSBmb3JtIG9mIHRoZSBXb3JrLAogICAgICAgICAgZXhjbHVkaW5nIHRob3NlIG5vdGljZXMgdGhhdCBkbyBub3QgcGVydGFpbiB0byBhbnkgcGFydCBvZgogICAgICAgICAgdGhlIERlcml2YXRpdmUgV29ya3M7IGFuZAoKICAgICAgKGQpIElmIHRoZSBXb3JrIGluY2x1ZGVzIGEgIk5PVElDRSIgdGV4dCBmaWxlIGFzIHBhcnQgb2YgaXRzCiAgICAgICAgICBkaXN0cmlidXRpb24sIHRoZW4gYW55IERlcml2YXRpdmUgV29ya3MgdGhhdCBZb3UgZGlzdHJpYnV0ZSBtdXN0CiAgICAgICAgICBpbmNsdWRlIGEgcmVhZGFibGUgY29weSBvZiB0aGUgYXR0cmlidXRpb24gbm90aWNlcyBjb250YWluZWQKICAgICAgICAgIHdpdGhpbiBzdWNoIE5PVElDRSBmaWxlLCBleGNsdWRpbmcgdGhvc2Ugbm90aWNlcyB0aGF0IGRvIG5vdAogICAgICAgICAgcGVydGFpbiB0byBhbnkgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaW4gYXQgbGVhc3Qgb25lCiAgICAgICAgICBvZiB0aGUgZm9sbG93aW5nIHBsYWNlczogd2l0aGluIGEgTk9USUNFIHRleHQgZmlsZSBkaXN0cmlidXRlZAogICAgICAgICAgYXMgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgd2l0aGluIHRoZSBTb3VyY2UgZm9ybSBvcgogICAgICAgICAgZG9jdW1lbnRhdGlvbiwgaWYgcHJvdmlkZWQgYWxvbmcgd2l0aCB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgb3IsCiAgICAgICAgICB3aXRoaW4gYSBkaXNwbGF5IGdlbmVyYXRlZCBieSB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaWYgYW5kCiAgICAgICAgICB3aGVyZXZlciBzdWNoIHRoaXJkLXBhcnR5IG5vdGljZXMgbm9ybWFsbHkgYXBwZWFyLiBUaGUgY29udGVudHMKICAgICAgICAgIG9mIHRoZSBOT1RJQ0UgZmlsZSBhcmUgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seSBhbmQKICAgICAgICAgIGRvIG5vdCBtb2RpZnkgdGhlIExpY2Vuc2UuIFlvdSBtYXkgYWRkIFlvdXIgb3duIGF0dHJpYnV0aW9uCiAgICAgICAgICBub3RpY2VzIHdpdGhpbiBEZXJpdmF0aXZlIFdvcmtzIHRoYXQgWW91IGRpc3RyaWJ1dGUsIGFsb25nc2lkZQogICAgICAgICAgb3IgYXMgYW4gYWRkZW5kdW0gdG8gdGhlIE5PVElDRSB0ZXh0IGZyb20gdGhlIFdvcmssIHByb3ZpZGVkCiAgICAgICAgICB0aGF0IHN1Y2ggYWRkaXRpb25hbCBhdHRyaWJ1dGlvbiBub3RpY2VzIGNhbm5vdCBiZSBjb25zdHJ1ZWQKICAgICAgICAgIGFzIG1vZGlmeWluZyB0aGUgTGljZW5zZS4KCiAgICAgIFlvdSBtYXkgYWRkIFlvdXIgb3duIGNvcHlyaWdodCBzdGF0ZW1lbnQgdG8gWW91ciBtb2RpZmljYXRpb25zIGFuZAogICAgICBtYXkgcHJvdmlkZSBhZGRpdGlvbmFsIG9yIGRpZmZlcmVudCBsaWNlbnNlIHRlcm1zIGFuZCBjb25kaXRpb25zCiAgICAgIGZvciB1c2UsIHJlcHJvZHVjdGlvbiwgb3IgZGlzdHJpYnV0aW9uIG9mIFlvdXIgbW9kaWZpY2F0aW9ucywgb3IKICAgICAgZm9yIGFueSBzdWNoIERlcml2YXRpdmUgV29ya3MgYXMgYSB3aG9sZSwgcHJvdmlkZWQgWW91ciB1c2UsCiAgICAgIHJlcHJvZHVjdGlvbiwgYW5kIGRpc3RyaWJ1dGlvbiBvZiB0aGUgV29yayBvdGhlcndpc2UgY29tcGxpZXMgd2l0aAogICAgICB0aGUgY29uZGl0aW9ucyBzdGF0ZWQgaW4gdGhpcyBMaWNlbnNlLgoKICAgNS4gU3VibWlzc2lvbiBvZiBDb250cmlidXRpb25zLiBVbmxlc3MgWW91IGV4cGxpY2l0bHkgc3RhdGUgb3RoZXJ3aXNlLAogICAgICBhbnkgQ29udHJpYnV0aW9uIGludGVudGlvbmFsbHkgc3VibWl0dGVkIGZvciBpbmNsdXNpb24gaW4gdGhlIFdvcmsKICAgICAgYnkgWW91IHRvIHRoZSBMaWNlbnNvciBzaGFsbCBiZSB1bmRlciB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCB3aXRob3V0IGFueSBhZGRpdGlvbmFsIHRlcm1zIG9yIGNvbmRpdGlvbnMuCiAgICAgIE5vdHdpdGhzdGFuZGluZyB0aGUgYWJvdmUsIG5vdGhpbmcgaGVyZWluIHNoYWxsIHN1cGVyc2VkZSBvciBtb2RpZnkKICAgICAgdGhlIHRlcm1zIG9mIGFueSBzZXBhcmF0ZSBsaWNlbnNlIGFncmVlbWVudCB5b3UgbWF5IGhhdmUgZXhlY3V0ZWQKICAgICAgd2l0aCBMaWNlbnNvciByZWdhcmRpbmcgc3VjaCBDb250cmlidXRpb25zLgoKICAgNi4gVHJhZGVtYXJrcy4gVGhpcyBMaWNlbnNlIGRvZXMgbm90IGdyYW50IHBlcm1pc3Npb24gdG8gdXNlIHRoZSB0cmFkZQogICAgICBuYW1lcywgdHJhZGVtYXJrcywgc2VydmljZSBtYXJrcywgb3IgcHJvZHVjdCBuYW1lcyBvZiB0aGUgTGljZW5zb3IsCiAgICAgIGV4Y2VwdCBhcyByZXF1aXJlZCBmb3IgcmVhc29uYWJsZSBhbmQgY3VzdG9tYXJ5IHVzZSBpbiBkZXNjcmliaW5nIHRoZQogICAgICBvcmlnaW4gb2YgdGhlIFdvcmsgYW5kIHJlcHJvZHVjaW5nIHRoZSBjb250ZW50IG9mIHRoZSBOT1RJQ0UgZmlsZS4KCiAgIDcuIERpc2NsYWltZXIgb2YgV2FycmFudHkuIFVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvcgogICAgICBhZ3JlZWQgdG8gaW4gd3JpdGluZywgTGljZW5zb3IgcHJvdmlkZXMgdGhlIFdvcmsgKGFuZCBlYWNoCiAgICAgIENvbnRyaWJ1dG9yIHByb3ZpZGVzIGl0cyBDb250cmlidXRpb25zKSBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICAgICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IKICAgICAgaW1wbGllZCwgaW5jbHVkaW5nLCB3aXRob3V0IGxpbWl0YXRpb24sIGFueSB3YXJyYW50aWVzIG9yIGNvbmRpdGlvbnMKICAgICAgb2YgVElUTEUsIE5PTi1JTkZSSU5HRU1FTlQsIE1FUkNIQU5UQUJJTElUWSwgb3IgRklUTkVTUyBGT1IgQQogICAgICBQQVJUSUNVTEFSIFBVUlBPU0UuIFlvdSBhcmUgc29sZWx5IHJlc3BvbnNpYmxlIGZvciBkZXRlcm1pbmluZyB0aGUKICAgICAgYXBwcm9wcmlhdGVuZXNzIG9mIHVzaW5nIG9yIHJlZGlzdHJpYnV0aW5nIHRoZSBXb3JrIGFuZCBhc3N1bWUgYW55CiAgICAgIHJpc2tzIGFzc29jaWF0ZWQgd2l0aCBZb3VyIGV4ZXJjaXNlIG9mIHBlcm1pc3Npb25zIHVuZGVyIHRoaXMgTGljZW5zZS4KCiAgIDguIExpbWl0YXRpb24gb2YgTGlhYmlsaXR5LiBJbiBubyBldmVudCBhbmQgdW5kZXIgbm8gbGVnYWwgdGhlb3J5LAogICAgICB3aGV0aGVyIGluIHRvcnQgKGluY2x1ZGluZyBuZWdsaWdlbmNlKSwgY29udHJhY3QsIG9yIG90aGVyd2lzZSwKICAgICAgdW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IChzdWNoIGFzIGRlbGliZXJhdGUgYW5kIGdyb3NzbHkKICAgICAgbmVnbGlnZW50IGFjdHMpIG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzaGFsbCBhbnkgQ29udHJpYnV0b3IgYmUKICAgICAgbGlhYmxlIHRvIFlvdSBmb3IgZGFtYWdlcywgaW5jbHVkaW5nIGFueSBkaXJlY3QsIGluZGlyZWN0LCBzcGVjaWFsLAogICAgICBpbmNpZGVudGFsLCBvciBjb25zZXF1ZW50aWFsIGRhbWFnZXMgb2YgYW55IGNoYXJhY3RlciBhcmlzaW5nIGFzIGEKICAgICAgcmVzdWx0IG9mIHRoaXMgTGljZW5zZSBvciBvdXQgb2YgdGhlIHVzZSBvciBpbmFiaWxpdHkgdG8gdXNlIHRoZQogICAgICBXb3JrIChpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIGRhbWFnZXMgZm9yIGxvc3Mgb2YgZ29vZHdpbGwsCiAgICAgIHdvcmsgc3RvcHBhZ2UsIGNvbXB1dGVyIGZhaWx1cmUgb3IgbWFsZnVuY3Rpb24sIG9yIGFueSBhbmQgYWxsCiAgICAgIG90aGVyIGNvbW1lcmNpYWwgZGFtYWdlcyBvciBsb3NzZXMpLCBldmVuIGlmIHN1Y2ggQ29udHJpYnV0b3IKICAgICAgaGFzIGJlZW4gYWR2aXNlZCBvZiB0aGUgcG9zc2liaWxpdHkgb2Ygc3VjaCBkYW1hZ2VzLgoKICAgOS4gQWNjZXB0aW5nIFdhcnJhbnR5IG9yIEFkZGl0aW9uYWwgTGlhYmlsaXR5LiBXaGlsZSByZWRpc3RyaWJ1dGluZwogICAgICB0aGUgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIFlvdSBtYXkgY2hvb3NlIHRvIG9mZmVyLAogICAgICBhbmQgY2hhcmdlIGEgZmVlIGZvciwgYWNjZXB0YW5jZSBvZiBzdXBwb3J0LCB3YXJyYW50eSwgaW5kZW1uaXR5LAogICAgICBvciBvdGhlciBsaWFiaWxpdHkgb2JsaWdhdGlvbnMgYW5kL29yIHJpZ2h0cyBjb25zaXN0ZW50IHdpdGggdGhpcwogICAgICBMaWNlbnNlLiBIb3dldmVyLCBpbiBhY2NlcHRpbmcgc3VjaCBvYmxpZ2F0aW9ucywgWW91IG1heSBhY3Qgb25seQogICAgICBvbiBZb3VyIG93biBiZWhhbGYgYW5kIG9uIFlvdXIgc29sZSByZXNwb25zaWJpbGl0eSwgbm90IG9uIGJlaGFsZgogICAgICBvZiBhbnkgb3RoZXIgQ29udHJpYnV0b3IsIGFuZCBvbmx5IGlmIFlvdSBhZ3JlZSB0byBpbmRlbW5pZnksCiAgICAgIGRlZmVuZCwgYW5kIGhvbGQgZWFjaCBDb250cmlidXRvciBoYXJtbGVzcyBmb3IgYW55IGxpYWJpbGl0eQogICAgICBpbmN1cnJlZCBieSwgb3IgY2xhaW1zIGFzc2VydGVkIGFnYWluc3QsIHN1Y2ggQ29udHJpYnV0b3IgYnkgcmVhc29uCiAgICAgIG9mIHlvdXIgYWNjZXB0aW5nIGFueSBzdWNoIHdhcnJhbnR5IG9yIGFkZGl0aW9uYWwgbGlhYmlsaXR5LgoKICAgRU5EIE9GIFRFUk1TIEFORCBDT05ESVRJT05TCgogICBBUFBFTkRJWDogSG93IHRvIGFwcGx5IHRoZSBBcGFjaGUgTGljZW5zZSB0byB5b3VyIHdvcmsuCgogICAgICBUbyBhcHBseSB0aGUgQXBhY2hlIExpY2Vuc2UgdG8geW91ciB3b3JrLCBhdHRhY2ggdGhlIGZvbGxvd2luZwogICAgICBib2lsZXJwbGF0ZSBub3RpY2UsIHdpdGggdGhlIGZpZWxkcyBlbmNsb3NlZCBieSBicmFja2V0cyAiW10iCiAgICAgIHJlcGxhY2VkIHdpdGggeW91ciBvd24gaWRlbnRpZnlpbmcgaW5mb3JtYXRpb24uIChEb24ndCBpbmNsdWRlCiAgICAgIHRoZSBicmFja2V0cyEpICBUaGUgdGV4dCBzaG91bGQgYmUgZW5jbG9zZWQgaW4gdGhlIGFwcHJvcHJpYXRlCiAgICAgIGNvbW1lbnQgc3ludGF4IGZvciB0aGUgZmlsZSBmb3JtYXQuIFdlIGFsc28gcmVjb21tZW5kIHRoYXQgYQogICAgICBmaWxlIG9yIGNsYXNzIG5hbWUgYW5kIGRlc2NyaXB0aW9uIG9mIHB1cnBvc2UgYmUgaW5jbHVkZWQgb24gdGhlCiAgICAgIHNhbWUgInByaW50ZWQgcGFnZSIgYXMgdGhlIGNvcHlyaWdodCBub3RpY2UgZm9yIGVhc2llcgogICAgICBpZGVudGlmaWNhdGlvbiB3aXRoaW4gdGhpcmQtcGFydHkgYXJjaGl2ZXMuCgogICBDb3B5cmlnaHQgW3l5eXldIFtuYW1lIG9mIGNvcHlyaWdodCBvd25lcl0KCiAgIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSAiTGljZW5zZSIpOwogICB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiAgIFlvdSBtYXkgb2J0YWluIGEgY29weSBvZiB0aGUgTGljZW5zZSBhdAoKICAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMAoKICAgVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZQogICBkaXN0cmlidXRlZCB1bmRlciB0aGUgTGljZW5zZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KICAgU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zIGFuZAogICBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS4= + https://www.apache.org/licenses/LICENSE-2.0.txt + + + pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar + + + + Apache Super Heros + Apache + org.apache.tomcat + tomcat-catalina + 9.0.14 + Apache Catalina + + + Apache-2.0 + + + pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.14?packaging=jar + + + + + 7638417db6d59f3c431d3e1f261cc637155684cd + https://location/to/7638417db6d59f3c431d3e1f261cc637155684cd + + 2018-11-07T22:01:45Z + John Doe + john.doe@example.com + + + 2018-11-07T22:01:45Z + Jane Doe + jane.doe@example.com + + Initial commit + + + Commentary here + + + + + Example Inc. + https://example.com + https://example.net + + Example Support AMER + support@example.com + 800-555-1212 + + + Example Support APAC + support@apac.example.com + + + Example Super Heros + org.example + mylibrary + 1.0.0 + required + + 2342c2eaf1feb9a80195dbaddf2ebaa3 + 68b78babe00a053f9e35ec6a2d9080f5b90122b0 + 708f1f53b41f11f02d12a11b1a38d2905d47b099afc71a0f1124ef8582ec7313 + 387b7ae16b9cae45f830671541539bf544202faae5aac544a93b7b0a04f5f846fa2f4e81ef3f1677e13aed7496408a441f5657ab6d54423e56bf6f38da124aef + + + EPL-2.0 OR GPL-2.0-with-classpath-exception + + Copyright Example Inc. All rights reserved. + cpe:/a:example:myapplication:1.0.0 + pkg:maven/com.example/myapplication@1.0.0?packaging=war + false + + + http://example.org/docs + All component versions are documented here + + + http://example.org/security + + + + + Example Super Heros + com.example + myframework + 1.0.0 + Example Inc, enterprise framework + required + + cfcb0b64aacd2f81c1cd546543de965a + 7fbeef2346c45d565c3341f037bce4e088af8a52 + 0384db3cec55d86a6898c489fdb75a8e75fe66b26639634983d2f3c3558493d1 + 854909cdb9e3ca183056837144aab6d8069b377bd66445087cc7157bf0c3f620418705dd0b83bdc2f73a508c2bdb316ca1809d75ee6972d02023a3e7dd655c79 + + + + Some random license + + + pkg:maven/com.example/myframework@1.0.0?packaging=war + false + + + http://example.com/myframework + + + http://example.com/security + + + + + diff --git a/src/test/resources/1.5/valid-component-hashes-1.5.json b/src/test/resources/1.5/valid-component-hashes-1.5.json new file mode 100644 index 000000000..bcba3635f --- /dev/null +++ b/src/test/resources/1.5/valid-component-hashes-1.5.json @@ -0,0 +1,63 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "type": "library", + "name": "acme-example", + "version": "1.0.0", + "hashes": [ + { + "alg": "MD5", + "content": "641b6e166f8b33c5e959e2adcc18b1c7" + }, + { + "alg": "SHA-1", + "content": "9188560f22e0b73070d2efce670c74af2bdf30af" + }, + { + "alg": "SHA-256", + "content": "d88bc4e70bfb34d18b5542136639acbb26a8ae2429aa1e47489332fb389cc964" + }, + { + "alg": "SHA-384", + "content": "d4835048a0f57c74b8fb617d5366ab81376fc92bebe9a93bf24ba7f9da6c9aeeb6179f5d1361f6533211b15f3224cbad" + }, + { + "alg": "SHA-512", + "content": "74a51ff45e4c11df9ba1f0094282c80489649cb157a75fa337992d2d4592a5a1b8cb4525de8db0ae25233553924d76c36e093ea7fa9df4e5b8b07fd2e074efd6" + }, + { + "alg": "SHA3-256", + "content": "7478c7cf41c883a04ee89f1813f687886d53fa86f791fff90690c6221e3853aa" + }, + { + "alg": "SHA3-384", + "content": "a1eea7229716487ad2ebe96b2f997a8408f32f14047994fbcc99b49012cf86c96dbd518e5d57a61b0e57dd37dd0b48f5" + }, + { + "alg": "SHA3-512", + "content": "7d584825bc1767dfabe7e82b45ccb7a1119b145fa17e76b885e71429c706cef0a3171bc6575b968eec5da56a7966c02fec5402fcee55097ac01d40c550de9d20" + }, + { + "alg": "BLAKE2b-256", + "content": "d8779633380c050bccf4e733b763ab2abd8ad2db60b517d47fd29bbf76433237" + }, + { + "alg": "BLAKE2b-384", + "content": "e728ba56c2da995a559a178116c594e8bee4894a79ceb4399d8f479e5563cb1942b85936f646d14170717c576b14db7a" + }, + { + "alg": "BLAKE2b-512", + "content": "f8ce8d612a6c85c96cf7cebc230f6ddef26e6cedcfbc4a41c766033cc08c6ba097d1470948226807fb2d88d2a2b6fc0ff5e5440e93a603086fdd568bafcd1a9d" + }, + { + "alg": "BLAKE3", + "content": "26cdc7fb3fd65fc3b621a4ef70bc7d2489d5c19e70c76cf7ec20e538df0047cf" + } + ] + } + ] +} diff --git a/src/test/resources/1.5/valid-component-hashes-1.5.textproto b/src/test/resources/1.5/valid-component-hashes-1.5.textproto new file mode 100644 index 000000000..7802427e0 --- /dev/null +++ b/src/test/resources/1.5/valid-component-hashes-1.5.textproto @@ -0,0 +1,56 @@ +spec_version: "1.5" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +components { + type: CLASSIFICATION_LIBRARY + name: "acme-example" + version: "1.0.0" + hashes { + alg: HASH_ALG_MD_5 + value: "641b6e166f8b33c5e959e2adcc18b1c7" + } + hashes { + alg: HASH_ALG_SHA_1 + value: "9188560f22e0b73070d2efce670c74af2bdf30af" + } + hashes { + alg: HASH_ALG_SHA_256 + value: "d88bc4e70bfb34d18b5542136639acbb26a8ae2429aa1e47489332fb389cc964" + } + hashes { + alg: HASH_ALG_SHA_384 + value: "d4835048a0f57c74b8fb617d5366ab81376fc92bebe9a93bf24ba7f9da6c9aeeb6179f5d1361f6533211b15f3224cbad" + } + hashes { + alg: HASH_ALG_SHA_512 + value: "74a51ff45e4c11df9ba1f0094282c80489649cb157a75fa337992d2d4592a5a1b8cb4525de8db0ae25233553924d76c36e093ea7fa9df4e5b8b07fd2e074efd6" + } + hashes { + alg: HASH_ALG_SHA_3_256 + value: "7478c7cf41c883a04ee89f1813f687886d53fa86f791fff90690c6221e3853aa" + } + hashes { + alg: HASH_ALG_SHA_3_384 + value: "a1eea7229716487ad2ebe96b2f997a8408f32f14047994fbcc99b49012cf86c96dbd518e5d57a61b0e57dd37dd0b48f5" + } + hashes { + alg: HASH_ALG_SHA_3_512 + value: "7d584825bc1767dfabe7e82b45ccb7a1119b145fa17e76b885e71429c706cef0a3171bc6575b968eec5da56a7966c02fec5402fcee55097ac01d40c550de9d20" + } + hashes { + alg: HASH_ALG_BLAKE_2_B_256 + value: "d8779633380c050bccf4e733b763ab2abd8ad2db60b517d47fd29bbf76433237" + } + hashes { + alg: HASH_ALG_BLAKE_2_B_384 + value: "e728ba56c2da995a559a178116c594e8bee4894a79ceb4399d8f479e5563cb1942b85936f646d14170717c576b14db7a" + } + hashes { + alg: HASH_ALG_BLAKE_2_B_512 + value: "f8ce8d612a6c85c96cf7cebc230f6ddef26e6cedcfbc4a41c766033cc08c6ba097d1470948226807fb2d88d2a2b6fc0ff5e5440e93a603086fdd568bafcd1a9d" + } + hashes { + alg: HASH_ALG_BLAKE_3 + value: "26cdc7fb3fd65fc3b621a4ef70bc7d2489d5c19e70c76cf7ec20e538df0047cf" + } +} diff --git a/src/test/resources/1.5/valid-component-hashes-1.5.xml b/src/test/resources/1.5/valid-component-hashes-1.5.xml new file mode 100644 index 000000000..37d05b98b --- /dev/null +++ b/src/test/resources/1.5/valid-component-hashes-1.5.xml @@ -0,0 +1,23 @@ + + + + + acme-example + 1.0.0 + + 641b6e166f8b33c5e959e2adcc18b1c7 + 9188560f22e0b73070d2efce670c74af2bdf30af + d88bc4e70bfb34d18b5542136639acbb26a8ae2429aa1e47489332fb389cc964 + d4835048a0f57c74b8fb617d5366ab81376fc92bebe9a93bf24ba7f9da6c9aeeb6179f5d1361f6533211b15f3224cbad + 74a51ff45e4c11df9ba1f0094282c80489649cb157a75fa337992d2d4592a5a1b8cb4525de8db0ae25233553924d76c36e093ea7fa9df4e5b8b07fd2e074efd6 + 7478c7cf41c883a04ee89f1813f687886d53fa86f791fff90690c6221e3853aa + a1eea7229716487ad2ebe96b2f997a8408f32f14047994fbcc99b49012cf86c96dbd518e5d57a61b0e57dd37dd0b48f5 + 7d584825bc1767dfabe7e82b45ccb7a1119b145fa17e76b885e71429c706cef0a3171bc6575b968eec5da56a7966c02fec5402fcee55097ac01d40c550de9d20 + d8779633380c050bccf4e733b763ab2abd8ad2db60b517d47fd29bbf76433237 + e728ba56c2da995a559a178116c594e8bee4894a79ceb4399d8f479e5563cb1942b85936f646d14170717c576b14db7a + f8ce8d612a6c85c96cf7cebc230f6ddef26e6cedcfbc4a41c766033cc08c6ba097d1470948226807fb2d88d2a2b6fc0ff5e5440e93a603086fdd568bafcd1a9d + 26cdc7fb3fd65fc3b621a4ef70bc7d2489d5c19e70c76cf7ec20e538df0047cf + + + + diff --git a/src/test/resources/1.5/valid-component-ref-1.5.json b/src/test/resources/1.5/valid-component-ref-1.5.json new file mode 100644 index 000000000..3799d4964 --- /dev/null +++ b/src/test/resources/1.5/valid-component-ref-1.5.json @@ -0,0 +1,20 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "type": "library", + "bom-ref": "123", + "name": "acme-library", + "version": "1.0.0" + }, + { + "type": "library", + "bom-ref": "456", + "name": "acme-library", + "version": "1.0.0" + } + ] +} diff --git a/src/test/resources/1.5/valid-component-ref-1.5.textproto b/src/test/resources/1.5/valid-component-ref-1.5.textproto new file mode 100644 index 000000000..6660cd17f --- /dev/null +++ b/src/test/resources/1.5/valid-component-ref-1.5.textproto @@ -0,0 +1,15 @@ +spec_version: "1.5" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +components { + type: CLASSIFICATION_LIBRARY + bom_ref: "123" + name: "acme-library" + version: "1.0.0" +} +components { + type: CLASSIFICATION_LIBRARY + bom_ref: "456" + name: "acme-library" + version: "1.0.0" +} diff --git a/src/test/resources/1.5/valid-component-ref-1.5.xml b/src/test/resources/1.5/valid-component-ref-1.5.xml new file mode 100644 index 000000000..46448db82 --- /dev/null +++ b/src/test/resources/1.5/valid-component-ref-1.5.xml @@ -0,0 +1,19 @@ + + + + + acme-library + 1.0.0 + + + acme-library + 1.0.0 + + + + + acme-library + 1.0.0 + + + diff --git a/src/test/resources/1.5/valid-component-swid-1.5.json b/src/test/resources/1.5/valid-component-swid-1.5.json new file mode 100644 index 000000000..f28e9ded2 --- /dev/null +++ b/src/test/resources/1.5/valid-component-swid-1.5.json @@ -0,0 +1,19 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "type": "application", + "author": "Acme Super Heros", + "name": "Acme Application", + "version": "9.1.1", + "swid": { + "tagId": "swidgen-242eb18a-503e-ca37-393b-cf156ef09691_9.1.1", + "name": "Acme Application", + "version": "9.1.1" + } + } + ] +} diff --git a/src/test/resources/1.5/valid-component-swid-1.5.textproto b/src/test/resources/1.5/valid-component-swid-1.5.textproto new file mode 100644 index 000000000..55ee386bf --- /dev/null +++ b/src/test/resources/1.5/valid-component-swid-1.5.textproto @@ -0,0 +1,14 @@ +spec_version: "1.5" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +components { + type: CLASSIFICATION_APPLICATION + author: "Acme Super Heros" + name: "Acme Application" + version: "9.1.1" + swid { + tag_id: "swidgen-242eb18a-503e-ca37-393b-cf156ef09691_9.1.1" + name: "Acme Application" + version: "9.1.1" + } +} diff --git a/src/test/resources/1.5/valid-component-swid-1.5.xml b/src/test/resources/1.5/valid-component-swid-1.5.xml new file mode 100644 index 000000000..9e4a0a183 --- /dev/null +++ b/src/test/resources/1.5/valid-component-swid-1.5.xml @@ -0,0 +1,11 @@ + + + + + Acme Super Heros + Acme Application + 9.1.1 + + + + diff --git a/src/test/resources/1.5/valid-component-swid-full-1.5.json b/src/test/resources/1.5/valid-component-swid-full-1.5.json new file mode 100644 index 000000000..59cb168ca --- /dev/null +++ b/src/test/resources/1.5/valid-component-swid-full-1.5.json @@ -0,0 +1,24 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "type": "application", + "author": "Acme Super Heros", + "name": "Acme Application", + "version": "9.1.1", + "swid": { + "tagId": "swidgen-242eb18a-503e-ca37-393b-cf156ef09691_9.1.1", + "name": "Acme Application", + "version": "9.1.1", + "text": { + "contentType": "text/xml", + "encoding": "base64", + "content": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiID8+CjxTb2Z0d2FyZUlkZW50aXR5IHhtbDpsYW5nPSJFTiIgbmFtZT0iQWNtZSBBcHBsaWNhdGlvbiIgdmVyc2lvbj0iOS4xLjEiIAogdmVyc2lvblNjaGVtZT0ibXVsdGlwYXJ0bnVtZXJpYyIgCiB0YWdJZD0ic3dpZGdlbi1iNTk1MWFjOS00MmMwLWYzODItM2YxZS1iYzdhMmE0NDk3Y2JfOS4xLjEiIAogeG1sbnM9Imh0dHA6Ly9zdGFuZGFyZHMuaXNvLm9yZy9pc28vMTk3NzAvLTIvMjAxNS9zY2hlbWEueHNkIj4gCiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiAKIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL3N0YW5kYXJkcy5pc28ub3JnL2lzby8xOTc3MC8tMi8yMDE1LWN1cnJlbnQvc2NoZW1hLnhzZCBzY2hlbWEueHNkIiA+CiAgPE1ldGEgZ2VuZXJhdG9yPSJTV0lEIFRhZyBPbmxpbmUgR2VuZXJhdG9yIHYwLjEiIC8+IAogIDxFbnRpdHkgbmFtZT0iQWNtZSwgSW5jLiIgcmVnaWQ9ImV4YW1wbGUuY29tIiByb2xlPSJ0YWdDcmVhdG9yIiAvPiAKPC9Tb2Z0d2FyZUlkZW50aXR5Pg==" + } + } + } + ] +} diff --git a/src/test/resources/1.5/valid-component-swid-full-1.5.textproto b/src/test/resources/1.5/valid-component-swid-full-1.5.textproto new file mode 100644 index 000000000..d8c827976 --- /dev/null +++ b/src/test/resources/1.5/valid-component-swid-full-1.5.textproto @@ -0,0 +1,19 @@ +spec_version: "1.5" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +components { + type: CLASSIFICATION_APPLICATION + author: "Acme Super Heros" + name: "Acme Application" + version: "9.1.1" + swid { + tag_id: "swidgen-242eb18a-503e-ca37-393b-cf156ef09691_9.1.1" + name: "Acme Application" + version: "9.1.1" + text { + content_type: "text/xml" + encoding: "base64" + value: "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiID8+CjxTb2Z0d2FyZUlkZW50aXR5IHhtbDpsYW5nPSJFTiIgbmFtZT0iQWNtZSBBcHBsaWNhdGlvbiIgdmVyc2lvbj0iOS4xLjEiIAogdmVyc2lvblNjaGVtZT0ibXVsdGlwYXJ0bnVtZXJpYyIgCiB0YWdJZD0ic3dpZGdlbi1iNTk1MWFjOS00MmMwLWYzODItM2YxZS1iYzdhMmE0NDk3Y2JfOS4xLjEiIAogeG1sbnM9Imh0dHA6Ly9zdGFuZGFyZHMuaXNvLm9yZy9pc28vMTk3NzAvLTIvMjAxNS9zY2hlbWEueHNkIj4gCiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiAKIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL3N0YW5kYXJkcy5pc28ub3JnL2lzby8xOTc3MC8tMi8yMDE1LWN1cnJlbnQvc2NoZW1hLnhzZCBzY2hlbWEueHNkIiA+CiAgPE1ldGEgZ2VuZXJhdG9yPSJTV0lEIFRhZyBPbmxpbmUgR2VuZXJhdG9yIHYwLjEiIC8+IAogIDxFbnRpdHkgbmFtZT0iQWNtZSwgSW5jLiIgcmVnaWQ9ImV4YW1wbGUuY29tIiByb2xlPSJ0YWdDcmVhdG9yIiAvPiAKPC9Tb2Z0d2FyZUlkZW50aXR5Pg==" + } + } +} diff --git a/src/test/resources/1.5/valid-component-swid-full-1.5.xml b/src/test/resources/1.5/valid-component-swid-full-1.5.xml new file mode 100644 index 000000000..bb1c81a07 --- /dev/null +++ b/src/test/resources/1.5/valid-component-swid-full-1.5.xml @@ -0,0 +1,13 @@ + + + + + Acme Super Heros + Acme Application + 9.1.1 + + PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiID8+CjxTb2Z0d2FyZUlkZW50aXR5IHhtbDpsYW5nPSJFTiIgbmFtZT0iQWNtZSBBcHBsaWNhdGlvbiIgdmVyc2lvbj0iOS4xLjEiIAogdmVyc2lvblNjaGVtZT0ibXVsdGlwYXJ0bnVtZXJpYyIgCiB0YWdJZD0ic3dpZGdlbi1iNTk1MWFjOS00MmMwLWYzODItM2YxZS1iYzdhMmE0NDk3Y2JfOS4xLjEiIAogeG1sbnM9Imh0dHA6Ly9zdGFuZGFyZHMuaXNvLm9yZy9pc28vMTk3NzAvLTIvMjAxNS9zY2hlbWEueHNkIj4gCiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiAKIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL3N0YW5kYXJkcy5pc28ub3JnL2lzby8xOTc3MC8tMi8yMDE1LWN1cnJlbnQvc2NoZW1hLnhzZCBzY2hlbWEueHNkIiA+CiAgPE1ldGEgZ2VuZXJhdG9yPSJTV0lEIFRhZyBPbmxpbmUgR2VuZXJhdG9yIHYwLjEiIC8+IAogIDxFbnRpdHkgbmFtZT0iQWNtZSwgSW5jLiIgcmVnaWQ9ImV4YW1wbGUuY29tIiByb2xlPSJ0YWdDcmVhdG9yIiAvPiAKPC9Tb2Z0d2FyZUlkZW50aXR5Pg== + + + + diff --git a/src/test/resources/1.5/valid-component-types-1.5.json b/src/test/resources/1.5/valid-component-types-1.5.json new file mode 100644 index 000000000..6359068a4 --- /dev/null +++ b/src/test/resources/1.5/valid-component-types-1.5.json @@ -0,0 +1,48 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "type": "application", + "name": "application-a", + "version": "1.0" + }, + { + "type": "library", + "name": "library-a", + "version": "1.0" + }, + { + "type": "framework", + "name": "framework-a", + "version": "1.0" + }, + { + "type": "container", + "name": "container-a", + "version": "1.0" + }, + { + "type": "operating-system", + "name": "operating-system-a", + "version": "1.0" + }, + { + "type": "firmware", + "name": "firmware-a", + "version": "1.0" + }, + { + "type": "device", + "name": "device-a", + "version": "1.0" + }, + { + "type": "file", + "name": "file-a", + "version": "1.0" + } + ] +} diff --git a/src/test/resources/1.5/valid-component-types-1.5.textproto b/src/test/resources/1.5/valid-component-types-1.5.textproto new file mode 100644 index 000000000..b1edc8ff9 --- /dev/null +++ b/src/test/resources/1.5/valid-component-types-1.5.textproto @@ -0,0 +1,43 @@ +spec_version: "1.5" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +components { + type: CLASSIFICATION_APPLICATION + name: "application-a" + version: "1.0" +} +components { + type: CLASSIFICATION_LIBRARY + name: "library-a" + version: "1.0" +} +components { + type: CLASSIFICATION_FRAMEWORK + name: "framework-a" + version: "1.0" +} +components { + type: CLASSIFICATION_CONTAINER + name: "container-a" + version: "1.0" +} +components { + type: CLASSIFICATION_OPERATING_SYSTEM + name: "operating-system-a" + version: "1.0" +} +components { + type: CLASSIFICATION_FIRMWARE + name: "firmware-a" + version: "1.0" +} +components { + type: CLASSIFICATION_DEVICE + name: "device-a" + version: "1.0" +} +components { + type: CLASSIFICATION_FILE + name: "file-a" + version: "1.0" +} diff --git a/src/test/resources/1.5/valid-component-types-1.5.xml b/src/test/resources/1.5/valid-component-types-1.5.xml new file mode 100644 index 000000000..128a159b3 --- /dev/null +++ b/src/test/resources/1.5/valid-component-types-1.5.xml @@ -0,0 +1,37 @@ + + + + + application-a + 1.0 + + + library-a + 1.0 + + + framework-a + 1.0 + + + container-a + 1.0 + + + operating-system-a + 1.0 + + + firmware-a + 1.0 + + + device-a + 1.0 + + + file-a + 1.0 + + + diff --git a/src/test/resources/1.5/valid-compositions-1.5.json b/src/test/resources/1.5/valid-compositions-1.5.json new file mode 100644 index 000000000..551834e03 --- /dev/null +++ b/src/test/resources/1.5/valid-compositions-1.5.json @@ -0,0 +1,64 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "metadata": { + "component": { + "bom-ref": "acme-application-1.0", + "type": "application", + "name": "Acme Application", + "version": "1.0" + } + }, + "components": [ + { + "bom-ref": "pkg:maven/partner/shaded-library@1.0", + "type": "library", + "name": "Partner Shaded Library", + "version": "1.0", + "purl": "pkg:maven/partner/shaded-library@1.0", + "components": [ + { + "bom-ref": "pkg:maven/ossproject/library@2.0", + "type": "library", + "name": "Some Opensource Library", + "version": "2.0", + "purl": "pkg:maven/ossproject/library@2.0" + } + ] + }, + { + "type": "library", + "name": "Acme Library", + "version": "3.0", + "purl": "pkg:maven/acme/library@3.0" + } + ], + "dependencies": [ + { + "ref": "acme-application-1.0", + "dependsOn": [ + "pkg:maven/partner/shaded-library@1.0", + "pkg:maven/acme/library@3.0" + ] + } + ], + "compositions": [ + { + "aggregate": "complete", + "assemblies": [ + "pkg:maven/partner/shaded-library@1.0" + ], + "dependencies": [ + "acme-application-1.0" + ] + }, + { + "aggregate": "unknown", + "assemblies": [ + "pkg:maven/acme/library@3.0" + ] + } + ] +} diff --git a/src/test/resources/1.5/valid-compositions-1.5.textproto b/src/test/resources/1.5/valid-compositions-1.5.textproto new file mode 100644 index 000000000..d29b94fe5 --- /dev/null +++ b/src/test/resources/1.5/valid-compositions-1.5.textproto @@ -0,0 +1,49 @@ +spec_version: "1.5" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +metadata { + component { + type: CLASSIFICATION_APPLICATION + bom_ref: "acme-application-1.0" + name: "Acme Application" + version: "1.0" + } +} +components { + type: CLASSIFICATION_LIBRARY + bom_ref: "pkg:maven/partner/shaded-library@1.0" + name: "Partner Shaded Library" + version: "1.0" + purl: "pkg:maven/partner/shaded-library@1.0" + components { + type: CLASSIFICATION_LIBRARY + bom_ref: "pkg:maven/ossproject/library@2.0" + name: "Some Opensource Library" + version: "2.0" + purl: "pkg:maven/ossproject/library@2.0" + } +} +components { + type: CLASSIFICATION_LIBRARY + name: "Acme Library" + version: "3.0" + purl: "pkg:maven/acme/library@3.0" +} +dependencies { + ref: "acme-application-1.0" + dependencies { + ref: "pkg:maven/partner/shaded-library@1.0" + } + dependencies { + ref: "pkg:maven/acme/library@3.0" + } +} +compositions { + aggregate: AGGREGATE_COMPLETE + assemblies: "pkg:maven/partner/shaded-library@1.0" + dependencies: "acme-application-1.0" +} +compositions { + aggregate: AGGREGATE_UNKNOWN + assemblies: "pkg:maven/acme/library@3.0" +} diff --git a/src/test/resources/1.5/valid-compositions-1.5.xml b/src/test/resources/1.5/valid-compositions-1.5.xml new file mode 100644 index 000000000..82c16c553 --- /dev/null +++ b/src/test/resources/1.5/valid-compositions-1.5.xml @@ -0,0 +1,51 @@ + + + + + Acme Application + 1.0 + + + + + Partner Shaded Library + 1.0 + pkg:maven/partner/shaded-library@1.0 + + + Some Opensource Library + 2.0 + pkg:maven/ossproject/library@2.0 + + + + + Acme Library + 2.0 + pkg:maven/acme/library@3.0 + + + + + + + + + + + complete + + + + + + + + + unknown + + + + + + diff --git a/src/test/resources/1.5/valid-dependency-1.5.json b/src/test/resources/1.5/valid-dependency-1.5.json new file mode 100644 index 000000000..fcaec5926 --- /dev/null +++ b/src/test/resources/1.5/valid-dependency-1.5.json @@ -0,0 +1,38 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "bom-ref": "library-a", + "type": "library", + "name": "library-a", + "version": "1.0.0" + }, + { + "bom-ref": "library-b", + "type": "library", + "name": "library-b", + "version": "1.0.0" + }, + { + "bom-ref": "library-c", + "type": "library", + "name": "library-c", + "version": "1.0.0" + } + ], + "dependencies": [ + { + "ref": "library-a", + "dependsOn": [] + }, + { + "ref": "library-b", + "dependsOn": [ + "library-c" + ] + } + ] +} diff --git a/src/test/resources/1.5/valid-dependency-1.5.textproto b/src/test/resources/1.5/valid-dependency-1.5.textproto new file mode 100644 index 000000000..ea61f1968 --- /dev/null +++ b/src/test/resources/1.5/valid-dependency-1.5.textproto @@ -0,0 +1,30 @@ +spec_version: "1.5" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +components { + type: CLASSIFICATION_LIBRARY + bom_ref: "library-a" + name: "library-a" + version: "1.0.0" +} +components { + type: CLASSIFICATION_LIBRARY + bom_ref: "library-b" + name: "library-b" + version: "1.0.0" +} +components { + type: CLASSIFICATION_LIBRARY + bom_ref: "library-c" + name: "library-c" + version: "1.0.0" +} +dependencies { + ref: "library-a" +} +dependencies { + ref: "library-b" + dependencies { + ref: "library-c" + } +} diff --git a/src/test/resources/1.5/valid-dependency-1.5.xml b/src/test/resources/1.5/valid-dependency-1.5.xml new file mode 100644 index 000000000..1f02a1eb1 --- /dev/null +++ b/src/test/resources/1.5/valid-dependency-1.5.xml @@ -0,0 +1,23 @@ + + + + + acme-library-a + 1.0.0 + + + acme-library-b + 1.0.0 + + + acme-library-b + 1.0.0 + + + + + + + + + diff --git a/src/test/resources/1.5/valid-empty-components-1.5.json b/src/test/resources/1.5/valid-empty-components-1.5.json new file mode 100644 index 000000000..3c85b6a4b --- /dev/null +++ b/src/test/resources/1.5/valid-empty-components-1.5.json @@ -0,0 +1,8 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + ] +} diff --git a/src/test/resources/1.5/valid-empty-components-1.5.textproto b/src/test/resources/1.5/valid-empty-components-1.5.textproto new file mode 100644 index 000000000..fbb782f3d --- /dev/null +++ b/src/test/resources/1.5/valid-empty-components-1.5.textproto @@ -0,0 +1,3 @@ +spec_version: "1.5" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" diff --git a/src/test/resources/1.5/valid-empty-components-1.5.xml b/src/test/resources/1.5/valid-empty-components-1.5.xml new file mode 100644 index 000000000..03cd10bd4 --- /dev/null +++ b/src/test/resources/1.5/valid-empty-components-1.5.xml @@ -0,0 +1,5 @@ + + + + + diff --git a/src/test/resources/1.5/valid-evidence-1.5.json b/src/test/resources/1.5/valid-evidence-1.5.json new file mode 100644 index 000000000..8c44a9af4 --- /dev/null +++ b/src/test/resources/1.5/valid-evidence-1.5.json @@ -0,0 +1,53 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "type": "application", + "group": "com.google.code.findbugs", + "name": "findbugs-project", + "version": "3.0.0", + "licenses": [ + { + "license": { + "id": "LGPL-3.0-or-later", + "url": "https://www.gnu.org/licenses/lgpl-3.0-standalone.html" + } + } + ], + "purl": "pkg:maven/com.google.code.findbugs/findbugs-project@3.0.0", + "evidence": { + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + }, + { + "license": { + "id": "LGPL-2.1-only", + "url": "https://opensource.org/licenses/LGPL-2.1" + } + } + ], + "copyright": [ + { + "text": "Copyright 2012 Google Inc. All Rights Reserved." + }, + { + "text": "Copyright (C) 2004,2005 Dave Brosius " + }, + { + "text": "Copyright (C) 2005 William Pugh" + }, + { + "text": "Copyright (C) 2004,2005 University of Maryland" + } + ] + } + } + ] +} diff --git a/src/test/resources/1.5/valid-evidence-1.5.textproto b/src/test/resources/1.5/valid-evidence-1.5.textproto new file mode 100644 index 000000000..c83ad8960 --- /dev/null +++ b/src/test/resources/1.5/valid-evidence-1.5.textproto @@ -0,0 +1,42 @@ +spec_version: "1.5" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +components { + type: CLASSIFICATION_APPLICATION + group: "com.google.code.findbugs" + name: "findbugs-project" + version: "3.0.0" + licenses { + license { + id: "LGPL-3.0-or-later" + url: "https://www.gnu.org/licenses/lgpl-3.0-standalone.html" + } + } + purl: "pkg:maven/com.google.code.findbugs/findbugs-project@3.0.0" + evidence { + licenses { + license { + id: "Apache-2.0" + url: "http://www.apache.org/licenses/LICENSE-2.0" + } + } + licenses { + license { + id: "LGPL-2.1-only" + url: "https://opensource.org/licenses/LGPL-2.1" + } + } + copyright { + text: "Copyright 2012 Google Inc. All Rights Reserved." + } + copyright { + text: "Copyright (C) 2004,2005 Dave Brosius " + } + copyright { + text: "Copyright (C) 2005 William Pugh" + } + copyright { + text: "Copyright (C) 2004,2005 University of Maryland" + } + } +} diff --git a/src/test/resources/1.5/valid-evidence-1.5.xml b/src/test/resources/1.5/valid-evidence-1.5.xml new file mode 100644 index 000000000..e51286b8e --- /dev/null +++ b/src/test/resources/1.5/valid-evidence-1.5.xml @@ -0,0 +1,35 @@ + + + + + com.google.code.findbugs + findbugs-project + 3.0.0 + + + LGPL-3.0-or-later + https://www.gnu.org/licenses/lgpl-3.0-standalone.html + + + pkg:maven/com.google.code.findbugs/findbugs-project@3.0.0 + + + + Apache-2.0 + http://www.apache.org/licenses/LICENSE-2.0 + + + LGPL-2.1-only + https://opensource.org/licenses/LGPL-2.1 + + + + + ]]> + + + + + + + diff --git a/src/test/resources/1.5/valid-external-elements-1.5.xml b/src/test/resources/1.5/valid-external-elements-1.5.xml new file mode 100644 index 000000000..76d40c884 --- /dev/null +++ b/src/test/resources/1.5/valid-external-elements-1.5.xml @@ -0,0 +1,158 @@ + + + + + Acme Inc + com.acme + tomcat-catalina + 9.0.14 + Modified version of Apache Catalina + required + + 3942447fac867ae5cdb3229b658f4d48 + e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a + f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b + e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 + + + + Apache-2.0 + CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFwYWNoZSBMaWNlbnNlCiAgICAgICAgICAgICAgICAgICAgICAgICAgIFZlcnNpb24gMi4wLCBKYW51YXJ5IDIwMDQKICAgICAgICAgICAgICAgICAgICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzLwoKICAgVEVSTVMgQU5EIENPTkRJVElPTlMgRk9SIFVTRSwgUkVQUk9EVUNUSU9OLCBBTkQgRElTVFJJQlVUSU9OCgogICAxLiBEZWZpbml0aW9ucy4KCiAgICAgICJMaWNlbnNlIiBzaGFsbCBtZWFuIHRoZSB0ZXJtcyBhbmQgY29uZGl0aW9ucyBmb3IgdXNlLCByZXByb2R1Y3Rpb24sCiAgICAgIGFuZCBkaXN0cmlidXRpb24gYXMgZGVmaW5lZCBieSBTZWN0aW9ucyAxIHRocm91Z2ggOSBvZiB0aGlzIGRvY3VtZW50LgoKICAgICAgIkxpY2Vuc29yIiBzaGFsbCBtZWFuIHRoZSBjb3B5cmlnaHQgb3duZXIgb3IgZW50aXR5IGF1dGhvcml6ZWQgYnkKICAgICAgdGhlIGNvcHlyaWdodCBvd25lciB0aGF0IGlzIGdyYW50aW5nIHRoZSBMaWNlbnNlLgoKICAgICAgIkxlZ2FsIEVudGl0eSIgc2hhbGwgbWVhbiB0aGUgdW5pb24gb2YgdGhlIGFjdGluZyBlbnRpdHkgYW5kIGFsbAogICAgICBvdGhlciBlbnRpdGllcyB0aGF0IGNvbnRyb2wsIGFyZSBjb250cm9sbGVkIGJ5LCBvciBhcmUgdW5kZXIgY29tbW9uCiAgICAgIGNvbnRyb2wgd2l0aCB0aGF0IGVudGl0eS4gRm9yIHRoZSBwdXJwb3NlcyBvZiB0aGlzIGRlZmluaXRpb24sCiAgICAgICJjb250cm9sIiBtZWFucyAoaSkgdGhlIHBvd2VyLCBkaXJlY3Qgb3IgaW5kaXJlY3QsIHRvIGNhdXNlIHRoZQogICAgICBkaXJlY3Rpb24gb3IgbWFuYWdlbWVudCBvZiBzdWNoIGVudGl0eSwgd2hldGhlciBieSBjb250cmFjdCBvcgogICAgICBvdGhlcndpc2UsIG9yIChpaSkgb3duZXJzaGlwIG9mIGZpZnR5IHBlcmNlbnQgKDUwJSkgb3IgbW9yZSBvZiB0aGUKICAgICAgb3V0c3RhbmRpbmcgc2hhcmVzLCBvciAoaWlpKSBiZW5lZmljaWFsIG93bmVyc2hpcCBvZiBzdWNoIGVudGl0eS4KCiAgICAgICJZb3UiIChvciAiWW91ciIpIHNoYWxsIG1lYW4gYW4gaW5kaXZpZHVhbCBvciBMZWdhbCBFbnRpdHkKICAgICAgZXhlcmNpc2luZyBwZXJtaXNzaW9ucyBncmFudGVkIGJ5IHRoaXMgTGljZW5zZS4KCiAgICAgICJTb3VyY2UiIGZvcm0gc2hhbGwgbWVhbiB0aGUgcHJlZmVycmVkIGZvcm0gZm9yIG1ha2luZyBtb2RpZmljYXRpb25zLAogICAgICBpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIHNvZnR3YXJlIHNvdXJjZSBjb2RlLCBkb2N1bWVudGF0aW9uCiAgICAgIHNvdXJjZSwgYW5kIGNvbmZpZ3VyYXRpb24gZmlsZXMuCgogICAgICAiT2JqZWN0IiBmb3JtIHNoYWxsIG1lYW4gYW55IGZvcm0gcmVzdWx0aW5nIGZyb20gbWVjaGFuaWNhbAogICAgICB0cmFuc2Zvcm1hdGlvbiBvciB0cmFuc2xhdGlvbiBvZiBhIFNvdXJjZSBmb3JtLCBpbmNsdWRpbmcgYnV0CiAgICAgIG5vdCBsaW1pdGVkIHRvIGNvbXBpbGVkIG9iamVjdCBjb2RlLCBnZW5lcmF0ZWQgZG9jdW1lbnRhdGlvbiwKICAgICAgYW5kIGNvbnZlcnNpb25zIHRvIG90aGVyIG1lZGlhIHR5cGVzLgoKICAgICAgIldvcmsiIHNoYWxsIG1lYW4gdGhlIHdvcmsgb2YgYXV0aG9yc2hpcCwgd2hldGhlciBpbiBTb3VyY2Ugb3IKICAgICAgT2JqZWN0IGZvcm0sIG1hZGUgYXZhaWxhYmxlIHVuZGVyIHRoZSBMaWNlbnNlLCBhcyBpbmRpY2F0ZWQgYnkgYQogICAgICBjb3B5cmlnaHQgbm90aWNlIHRoYXQgaXMgaW5jbHVkZWQgaW4gb3IgYXR0YWNoZWQgdG8gdGhlIHdvcmsKICAgICAgKGFuIGV4YW1wbGUgaXMgcHJvdmlkZWQgaW4gdGhlIEFwcGVuZGl4IGJlbG93KS4KCiAgICAgICJEZXJpdmF0aXZlIFdvcmtzIiBzaGFsbCBtZWFuIGFueSB3b3JrLCB3aGV0aGVyIGluIFNvdXJjZSBvciBPYmplY3QKICAgICAgZm9ybSwgdGhhdCBpcyBiYXNlZCBvbiAob3IgZGVyaXZlZCBmcm9tKSB0aGUgV29yayBhbmQgZm9yIHdoaWNoIHRoZQogICAgICBlZGl0b3JpYWwgcmV2aXNpb25zLCBhbm5vdGF0aW9ucywgZWxhYm9yYXRpb25zLCBvciBvdGhlciBtb2RpZmljYXRpb25zCiAgICAgIHJlcHJlc2VudCwgYXMgYSB3aG9sZSwgYW4gb3JpZ2luYWwgd29yayBvZiBhdXRob3JzaGlwLiBGb3IgdGhlIHB1cnBvc2VzCiAgICAgIG9mIHRoaXMgTGljZW5zZSwgRGVyaXZhdGl2ZSBXb3JrcyBzaGFsbCBub3QgaW5jbHVkZSB3b3JrcyB0aGF0IHJlbWFpbgogICAgICBzZXBhcmFibGUgZnJvbSwgb3IgbWVyZWx5IGxpbmsgKG9yIGJpbmQgYnkgbmFtZSkgdG8gdGhlIGludGVyZmFjZXMgb2YsCiAgICAgIHRoZSBXb3JrIGFuZCBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YuCgogICAgICAiQ29udHJpYnV0aW9uIiBzaGFsbCBtZWFuIGFueSB3b3JrIG9mIGF1dGhvcnNoaXAsIGluY2x1ZGluZwogICAgICB0aGUgb3JpZ2luYWwgdmVyc2lvbiBvZiB0aGUgV29yayBhbmQgYW55IG1vZGlmaWNhdGlvbnMgb3IgYWRkaXRpb25zCiAgICAgIHRvIHRoYXQgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIHRoYXQgaXMgaW50ZW50aW9uYWxseQogICAgICBzdWJtaXR0ZWQgdG8gTGljZW5zb3IgZm9yIGluY2x1c2lvbiBpbiB0aGUgV29yayBieSB0aGUgY29weXJpZ2h0IG93bmVyCiAgICAgIG9yIGJ5IGFuIGluZGl2aWR1YWwgb3IgTGVnYWwgRW50aXR5IGF1dGhvcml6ZWQgdG8gc3VibWl0IG9uIGJlaGFsZiBvZgogICAgICB0aGUgY29weXJpZ2h0IG93bmVyLiBGb3IgdGhlIHB1cnBvc2VzIG9mIHRoaXMgZGVmaW5pdGlvbiwgInN1Ym1pdHRlZCIKICAgICAgbWVhbnMgYW55IGZvcm0gb2YgZWxlY3Ryb25pYywgdmVyYmFsLCBvciB3cml0dGVuIGNvbW11bmljYXRpb24gc2VudAogICAgICB0byB0aGUgTGljZW5zb3Igb3IgaXRzIHJlcHJlc2VudGF0aXZlcywgaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0bwogICAgICBjb21tdW5pY2F0aW9uIG9uIGVsZWN0cm9uaWMgbWFpbGluZyBsaXN0cywgc291cmNlIGNvZGUgY29udHJvbCBzeXN0ZW1zLAogICAgICBhbmQgaXNzdWUgdHJhY2tpbmcgc3lzdGVtcyB0aGF0IGFyZSBtYW5hZ2VkIGJ5LCBvciBvbiBiZWhhbGYgb2YsIHRoZQogICAgICBMaWNlbnNvciBmb3IgdGhlIHB1cnBvc2Ugb2YgZGlzY3Vzc2luZyBhbmQgaW1wcm92aW5nIHRoZSBXb3JrLCBidXQKICAgICAgZXhjbHVkaW5nIGNvbW11bmljYXRpb24gdGhhdCBpcyBjb25zcGljdW91c2x5IG1hcmtlZCBvciBvdGhlcndpc2UKICAgICAgZGVzaWduYXRlZCBpbiB3cml0aW5nIGJ5IHRoZSBjb3B5cmlnaHQgb3duZXIgYXMgIk5vdCBhIENvbnRyaWJ1dGlvbi4iCgogICAgICAiQ29udHJpYnV0b3IiIHNoYWxsIG1lYW4gTGljZW5zb3IgYW5kIGFueSBpbmRpdmlkdWFsIG9yIExlZ2FsIEVudGl0eQogICAgICBvbiBiZWhhbGYgb2Ygd2hvbSBhIENvbnRyaWJ1dGlvbiBoYXMgYmVlbiByZWNlaXZlZCBieSBMaWNlbnNvciBhbmQKICAgICAgc3Vic2VxdWVudGx5IGluY29ycG9yYXRlZCB3aXRoaW4gdGhlIFdvcmsuCgogICAyLiBHcmFudCBvZiBDb3B5cmlnaHQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICBjb3B5cmlnaHQgbGljZW5zZSB0byByZXByb2R1Y2UsIHByZXBhcmUgRGVyaXZhdGl2ZSBXb3JrcyBvZiwKICAgICAgcHVibGljbHkgZGlzcGxheSwgcHVibGljbHkgcGVyZm9ybSwgc3VibGljZW5zZSwgYW5kIGRpc3RyaWJ1dGUgdGhlCiAgICAgIFdvcmsgYW5kIHN1Y2ggRGVyaXZhdGl2ZSBXb3JrcyBpbiBTb3VyY2Ugb3IgT2JqZWN0IGZvcm0uCgogICAzLiBHcmFudCBvZiBQYXRlbnQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICAoZXhjZXB0IGFzIHN0YXRlZCBpbiB0aGlzIHNlY3Rpb24pIHBhdGVudCBsaWNlbnNlIHRvIG1ha2UsIGhhdmUgbWFkZSwKICAgICAgdXNlLCBvZmZlciB0byBzZWxsLCBzZWxsLCBpbXBvcnQsIGFuZCBvdGhlcndpc2UgdHJhbnNmZXIgdGhlIFdvcmssCiAgICAgIHdoZXJlIHN1Y2ggbGljZW5zZSBhcHBsaWVzIG9ubHkgdG8gdGhvc2UgcGF0ZW50IGNsYWltcyBsaWNlbnNhYmxlCiAgICAgIGJ5IHN1Y2ggQ29udHJpYnV0b3IgdGhhdCBhcmUgbmVjZXNzYXJpbHkgaW5mcmluZ2VkIGJ5IHRoZWlyCiAgICAgIENvbnRyaWJ1dGlvbihzKSBhbG9uZSBvciBieSBjb21iaW5hdGlvbiBvZiB0aGVpciBDb250cmlidXRpb24ocykKICAgICAgd2l0aCB0aGUgV29yayB0byB3aGljaCBzdWNoIENvbnRyaWJ1dGlvbihzKSB3YXMgc3VibWl0dGVkLiBJZiBZb3UKICAgICAgaW5zdGl0dXRlIHBhdGVudCBsaXRpZ2F0aW9uIGFnYWluc3QgYW55IGVudGl0eSAoaW5jbHVkaW5nIGEKICAgICAgY3Jvc3MtY2xhaW0gb3IgY291bnRlcmNsYWltIGluIGEgbGF3c3VpdCkgYWxsZWdpbmcgdGhhdCB0aGUgV29yawogICAgICBvciBhIENvbnRyaWJ1dGlvbiBpbmNvcnBvcmF0ZWQgd2l0aGluIHRoZSBXb3JrIGNvbnN0aXR1dGVzIGRpcmVjdAogICAgICBvciBjb250cmlidXRvcnkgcGF0ZW50IGluZnJpbmdlbWVudCwgdGhlbiBhbnkgcGF0ZW50IGxpY2Vuc2VzCiAgICAgIGdyYW50ZWQgdG8gWW91IHVuZGVyIHRoaXMgTGljZW5zZSBmb3IgdGhhdCBXb3JrIHNoYWxsIHRlcm1pbmF0ZQogICAgICBhcyBvZiB0aGUgZGF0ZSBzdWNoIGxpdGlnYXRpb24gaXMgZmlsZWQuCgogICA0LiBSZWRpc3RyaWJ1dGlvbi4gWW91IG1heSByZXByb2R1Y2UgYW5kIGRpc3RyaWJ1dGUgY29waWVzIG9mIHRoZQogICAgICBXb3JrIG9yIERlcml2YXRpdmUgV29ya3MgdGhlcmVvZiBpbiBhbnkgbWVkaXVtLCB3aXRoIG9yIHdpdGhvdXQKICAgICAgbW9kaWZpY2F0aW9ucywgYW5kIGluIFNvdXJjZSBvciBPYmplY3QgZm9ybSwgcHJvdmlkZWQgdGhhdCBZb3UKICAgICAgbWVldCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnM6CgogICAgICAoYSkgWW91IG11c3QgZ2l2ZSBhbnkgb3RoZXIgcmVjaXBpZW50cyBvZiB0aGUgV29yayBvcgogICAgICAgICAgRGVyaXZhdGl2ZSBXb3JrcyBhIGNvcHkgb2YgdGhpcyBMaWNlbnNlOyBhbmQKCiAgICAgIChiKSBZb3UgbXVzdCBjYXVzZSBhbnkgbW9kaWZpZWQgZmlsZXMgdG8gY2FycnkgcHJvbWluZW50IG5vdGljZXMKICAgICAgICAgIHN0YXRpbmcgdGhhdCBZb3UgY2hhbmdlZCB0aGUgZmlsZXM7IGFuZAoKICAgICAgKGMpIFlvdSBtdXN0IHJldGFpbiwgaW4gdGhlIFNvdXJjZSBmb3JtIG9mIGFueSBEZXJpdmF0aXZlIFdvcmtzCiAgICAgICAgICB0aGF0IFlvdSBkaXN0cmlidXRlLCBhbGwgY29weXJpZ2h0LCBwYXRlbnQsIHRyYWRlbWFyaywgYW5kCiAgICAgICAgICBhdHRyaWJ1dGlvbiBub3RpY2VzIGZyb20gdGhlIFNvdXJjZSBmb3JtIG9mIHRoZSBXb3JrLAogICAgICAgICAgZXhjbHVkaW5nIHRob3NlIG5vdGljZXMgdGhhdCBkbyBub3QgcGVydGFpbiB0byBhbnkgcGFydCBvZgogICAgICAgICAgdGhlIERlcml2YXRpdmUgV29ya3M7IGFuZAoKICAgICAgKGQpIElmIHRoZSBXb3JrIGluY2x1ZGVzIGEgIk5PVElDRSIgdGV4dCBmaWxlIGFzIHBhcnQgb2YgaXRzCiAgICAgICAgICBkaXN0cmlidXRpb24sIHRoZW4gYW55IERlcml2YXRpdmUgV29ya3MgdGhhdCBZb3UgZGlzdHJpYnV0ZSBtdXN0CiAgICAgICAgICBpbmNsdWRlIGEgcmVhZGFibGUgY29weSBvZiB0aGUgYXR0cmlidXRpb24gbm90aWNlcyBjb250YWluZWQKICAgICAgICAgIHdpdGhpbiBzdWNoIE5PVElDRSBmaWxlLCBleGNsdWRpbmcgdGhvc2Ugbm90aWNlcyB0aGF0IGRvIG5vdAogICAgICAgICAgcGVydGFpbiB0byBhbnkgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaW4gYXQgbGVhc3Qgb25lCiAgICAgICAgICBvZiB0aGUgZm9sbG93aW5nIHBsYWNlczogd2l0aGluIGEgTk9USUNFIHRleHQgZmlsZSBkaXN0cmlidXRlZAogICAgICAgICAgYXMgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgd2l0aGluIHRoZSBTb3VyY2UgZm9ybSBvcgogICAgICAgICAgZG9jdW1lbnRhdGlvbiwgaWYgcHJvdmlkZWQgYWxvbmcgd2l0aCB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgb3IsCiAgICAgICAgICB3aXRoaW4gYSBkaXNwbGF5IGdlbmVyYXRlZCBieSB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaWYgYW5kCiAgICAgICAgICB3aGVyZXZlciBzdWNoIHRoaXJkLXBhcnR5IG5vdGljZXMgbm9ybWFsbHkgYXBwZWFyLiBUaGUgY29udGVudHMKICAgICAgICAgIG9mIHRoZSBOT1RJQ0UgZmlsZSBhcmUgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seSBhbmQKICAgICAgICAgIGRvIG5vdCBtb2RpZnkgdGhlIExpY2Vuc2UuIFlvdSBtYXkgYWRkIFlvdXIgb3duIGF0dHJpYnV0aW9uCiAgICAgICAgICBub3RpY2VzIHdpdGhpbiBEZXJpdmF0aXZlIFdvcmtzIHRoYXQgWW91IGRpc3RyaWJ1dGUsIGFsb25nc2lkZQogICAgICAgICAgb3IgYXMgYW4gYWRkZW5kdW0gdG8gdGhlIE5PVElDRSB0ZXh0IGZyb20gdGhlIFdvcmssIHByb3ZpZGVkCiAgICAgICAgICB0aGF0IHN1Y2ggYWRkaXRpb25hbCBhdHRyaWJ1dGlvbiBub3RpY2VzIGNhbm5vdCBiZSBjb25zdHJ1ZWQKICAgICAgICAgIGFzIG1vZGlmeWluZyB0aGUgTGljZW5zZS4KCiAgICAgIFlvdSBtYXkgYWRkIFlvdXIgb3duIGNvcHlyaWdodCBzdGF0ZW1lbnQgdG8gWW91ciBtb2RpZmljYXRpb25zIGFuZAogICAgICBtYXkgcHJvdmlkZSBhZGRpdGlvbmFsIG9yIGRpZmZlcmVudCBsaWNlbnNlIHRlcm1zIGFuZCBjb25kaXRpb25zCiAgICAgIGZvciB1c2UsIHJlcHJvZHVjdGlvbiwgb3IgZGlzdHJpYnV0aW9uIG9mIFlvdXIgbW9kaWZpY2F0aW9ucywgb3IKICAgICAgZm9yIGFueSBzdWNoIERlcml2YXRpdmUgV29ya3MgYXMgYSB3aG9sZSwgcHJvdmlkZWQgWW91ciB1c2UsCiAgICAgIHJlcHJvZHVjdGlvbiwgYW5kIGRpc3RyaWJ1dGlvbiBvZiB0aGUgV29yayBvdGhlcndpc2UgY29tcGxpZXMgd2l0aAogICAgICB0aGUgY29uZGl0aW9ucyBzdGF0ZWQgaW4gdGhpcyBMaWNlbnNlLgoKICAgNS4gU3VibWlzc2lvbiBvZiBDb250cmlidXRpb25zLiBVbmxlc3MgWW91IGV4cGxpY2l0bHkgc3RhdGUgb3RoZXJ3aXNlLAogICAgICBhbnkgQ29udHJpYnV0aW9uIGludGVudGlvbmFsbHkgc3VibWl0dGVkIGZvciBpbmNsdXNpb24gaW4gdGhlIFdvcmsKICAgICAgYnkgWW91IHRvIHRoZSBMaWNlbnNvciBzaGFsbCBiZSB1bmRlciB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCB3aXRob3V0IGFueSBhZGRpdGlvbmFsIHRlcm1zIG9yIGNvbmRpdGlvbnMuCiAgICAgIE5vdHdpdGhzdGFuZGluZyB0aGUgYWJvdmUsIG5vdGhpbmcgaGVyZWluIHNoYWxsIHN1cGVyc2VkZSBvciBtb2RpZnkKICAgICAgdGhlIHRlcm1zIG9mIGFueSBzZXBhcmF0ZSBsaWNlbnNlIGFncmVlbWVudCB5b3UgbWF5IGhhdmUgZXhlY3V0ZWQKICAgICAgd2l0aCBMaWNlbnNvciByZWdhcmRpbmcgc3VjaCBDb250cmlidXRpb25zLgoKICAgNi4gVHJhZGVtYXJrcy4gVGhpcyBMaWNlbnNlIGRvZXMgbm90IGdyYW50IHBlcm1pc3Npb24gdG8gdXNlIHRoZSB0cmFkZQogICAgICBuYW1lcywgdHJhZGVtYXJrcywgc2VydmljZSBtYXJrcywgb3IgcHJvZHVjdCBuYW1lcyBvZiB0aGUgTGljZW5zb3IsCiAgICAgIGV4Y2VwdCBhcyByZXF1aXJlZCBmb3IgcmVhc29uYWJsZSBhbmQgY3VzdG9tYXJ5IHVzZSBpbiBkZXNjcmliaW5nIHRoZQogICAgICBvcmlnaW4gb2YgdGhlIFdvcmsgYW5kIHJlcHJvZHVjaW5nIHRoZSBjb250ZW50IG9mIHRoZSBOT1RJQ0UgZmlsZS4KCiAgIDcuIERpc2NsYWltZXIgb2YgV2FycmFudHkuIFVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvcgogICAgICBhZ3JlZWQgdG8gaW4gd3JpdGluZywgTGljZW5zb3IgcHJvdmlkZXMgdGhlIFdvcmsgKGFuZCBlYWNoCiAgICAgIENvbnRyaWJ1dG9yIHByb3ZpZGVzIGl0cyBDb250cmlidXRpb25zKSBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICAgICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IKICAgICAgaW1wbGllZCwgaW5jbHVkaW5nLCB3aXRob3V0IGxpbWl0YXRpb24sIGFueSB3YXJyYW50aWVzIG9yIGNvbmRpdGlvbnMKICAgICAgb2YgVElUTEUsIE5PTi1JTkZSSU5HRU1FTlQsIE1FUkNIQU5UQUJJTElUWSwgb3IgRklUTkVTUyBGT1IgQQogICAgICBQQVJUSUNVTEFSIFBVUlBPU0UuIFlvdSBhcmUgc29sZWx5IHJlc3BvbnNpYmxlIGZvciBkZXRlcm1pbmluZyB0aGUKICAgICAgYXBwcm9wcmlhdGVuZXNzIG9mIHVzaW5nIG9yIHJlZGlzdHJpYnV0aW5nIHRoZSBXb3JrIGFuZCBhc3N1bWUgYW55CiAgICAgIHJpc2tzIGFzc29jaWF0ZWQgd2l0aCBZb3VyIGV4ZXJjaXNlIG9mIHBlcm1pc3Npb25zIHVuZGVyIHRoaXMgTGljZW5zZS4KCiAgIDguIExpbWl0YXRpb24gb2YgTGlhYmlsaXR5LiBJbiBubyBldmVudCBhbmQgdW5kZXIgbm8gbGVnYWwgdGhlb3J5LAogICAgICB3aGV0aGVyIGluIHRvcnQgKGluY2x1ZGluZyBuZWdsaWdlbmNlKSwgY29udHJhY3QsIG9yIG90aGVyd2lzZSwKICAgICAgdW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IChzdWNoIGFzIGRlbGliZXJhdGUgYW5kIGdyb3NzbHkKICAgICAgbmVnbGlnZW50IGFjdHMpIG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzaGFsbCBhbnkgQ29udHJpYnV0b3IgYmUKICAgICAgbGlhYmxlIHRvIFlvdSBmb3IgZGFtYWdlcywgaW5jbHVkaW5nIGFueSBkaXJlY3QsIGluZGlyZWN0LCBzcGVjaWFsLAogICAgICBpbmNpZGVudGFsLCBvciBjb25zZXF1ZW50aWFsIGRhbWFnZXMgb2YgYW55IGNoYXJhY3RlciBhcmlzaW5nIGFzIGEKICAgICAgcmVzdWx0IG9mIHRoaXMgTGljZW5zZSBvciBvdXQgb2YgdGhlIHVzZSBvciBpbmFiaWxpdHkgdG8gdXNlIHRoZQogICAgICBXb3JrIChpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIGRhbWFnZXMgZm9yIGxvc3Mgb2YgZ29vZHdpbGwsCiAgICAgIHdvcmsgc3RvcHBhZ2UsIGNvbXB1dGVyIGZhaWx1cmUgb3IgbWFsZnVuY3Rpb24sIG9yIGFueSBhbmQgYWxsCiAgICAgIG90aGVyIGNvbW1lcmNpYWwgZGFtYWdlcyBvciBsb3NzZXMpLCBldmVuIGlmIHN1Y2ggQ29udHJpYnV0b3IKICAgICAgaGFzIGJlZW4gYWR2aXNlZCBvZiB0aGUgcG9zc2liaWxpdHkgb2Ygc3VjaCBkYW1hZ2VzLgoKICAgOS4gQWNjZXB0aW5nIFdhcnJhbnR5IG9yIEFkZGl0aW9uYWwgTGlhYmlsaXR5LiBXaGlsZSByZWRpc3RyaWJ1dGluZwogICAgICB0aGUgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIFlvdSBtYXkgY2hvb3NlIHRvIG9mZmVyLAogICAgICBhbmQgY2hhcmdlIGEgZmVlIGZvciwgYWNjZXB0YW5jZSBvZiBzdXBwb3J0LCB3YXJyYW50eSwgaW5kZW1uaXR5LAogICAgICBvciBvdGhlciBsaWFiaWxpdHkgb2JsaWdhdGlvbnMgYW5kL29yIHJpZ2h0cyBjb25zaXN0ZW50IHdpdGggdGhpcwogICAgICBMaWNlbnNlLiBIb3dldmVyLCBpbiBhY2NlcHRpbmcgc3VjaCBvYmxpZ2F0aW9ucywgWW91IG1heSBhY3Qgb25seQogICAgICBvbiBZb3VyIG93biBiZWhhbGYgYW5kIG9uIFlvdXIgc29sZSByZXNwb25zaWJpbGl0eSwgbm90IG9uIGJlaGFsZgogICAgICBvZiBhbnkgb3RoZXIgQ29udHJpYnV0b3IsIGFuZCBvbmx5IGlmIFlvdSBhZ3JlZSB0byBpbmRlbW5pZnksCiAgICAgIGRlZmVuZCwgYW5kIGhvbGQgZWFjaCBDb250cmlidXRvciBoYXJtbGVzcyBmb3IgYW55IGxpYWJpbGl0eQogICAgICBpbmN1cnJlZCBieSwgb3IgY2xhaW1zIGFzc2VydGVkIGFnYWluc3QsIHN1Y2ggQ29udHJpYnV0b3IgYnkgcmVhc29uCiAgICAgIG9mIHlvdXIgYWNjZXB0aW5nIGFueSBzdWNoIHdhcnJhbnR5IG9yIGFkZGl0aW9uYWwgbGlhYmlsaXR5LgoKICAgRU5EIE9GIFRFUk1TIEFORCBDT05ESVRJT05TCgogICBBUFBFTkRJWDogSG93IHRvIGFwcGx5IHRoZSBBcGFjaGUgTGljZW5zZSB0byB5b3VyIHdvcmsuCgogICAgICBUbyBhcHBseSB0aGUgQXBhY2hlIExpY2Vuc2UgdG8geW91ciB3b3JrLCBhdHRhY2ggdGhlIGZvbGxvd2luZwogICAgICBib2lsZXJwbGF0ZSBub3RpY2UsIHdpdGggdGhlIGZpZWxkcyBlbmNsb3NlZCBieSBicmFja2V0cyAiW10iCiAgICAgIHJlcGxhY2VkIHdpdGggeW91ciBvd24gaWRlbnRpZnlpbmcgaW5mb3JtYXRpb24uIChEb24ndCBpbmNsdWRlCiAgICAgIHRoZSBicmFja2V0cyEpICBUaGUgdGV4dCBzaG91bGQgYmUgZW5jbG9zZWQgaW4gdGhlIGFwcHJvcHJpYXRlCiAgICAgIGNvbW1lbnQgc3ludGF4IGZvciB0aGUgZmlsZSBmb3JtYXQuIFdlIGFsc28gcmVjb21tZW5kIHRoYXQgYQogICAgICBmaWxlIG9yIGNsYXNzIG5hbWUgYW5kIGRlc2NyaXB0aW9uIG9mIHB1cnBvc2UgYmUgaW5jbHVkZWQgb24gdGhlCiAgICAgIHNhbWUgInByaW50ZWQgcGFnZSIgYXMgdGhlIGNvcHlyaWdodCBub3RpY2UgZm9yIGVhc2llcgogICAgICBpZGVudGlmaWNhdGlvbiB3aXRoaW4gdGhpcmQtcGFydHkgYXJjaGl2ZXMuCgogICBDb3B5cmlnaHQgW3l5eXldIFtuYW1lIG9mIGNvcHlyaWdodCBvd25lcl0KCiAgIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSAiTGljZW5zZSIpOwogICB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiAgIFlvdSBtYXkgb2J0YWluIGEgY29weSBvZiB0aGUgTGljZW5zZSBhdAoKICAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMAoKICAgVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZQogICBkaXN0cmlidXRlZCB1bmRlciB0aGUgTGljZW5zZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KICAgU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zIGFuZAogICBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS4= + https://www.apache.org/licenses/LICENSE-2.0.txt + + Banana + + + Banana + + + + pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar + + + + Apache + org.apache.tomcat + tomcat-catalina + 9.0.14 + Apache Catalina + + + Apache-2.0 + + Banana + + + Banana + + + + pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.14?packaging=jar + + Banana + + + Banana + + + + Banana + + + Banana + + + + + foo + 1.0 + + + Banana + + + Banana + + + + + bar + 1.0 + + + Banana + + + Banana + + + + + 7638417db6d59f3c431d3e1f261cc637155684cd + https://location/to/7638417db6d59f3c431d3e1f261cc637155684cd + + 2018-11-07T22:01:45Z + John Doe + john.doe@example.com + + Banana + + + Banana + + + + 2018-11-07T22:01:45Z + Jane Doe + jane.doe@example.com + + Banana + + + Banana + + + Initial commit + + Banana + + + Banana + + + + Banana + + + Banana + + + Commentary here + + Banana + + + Banana + + + + Banana + + + Banana + + + + Banana + + + Banana + + + + Banana + + + Banana + + diff --git a/src/test/resources/1.5/valid-external-reference-1.5.json b/src/test/resources/1.5/valid-external-reference-1.5.json new file mode 100644 index 000000000..78a3eb63f --- /dev/null +++ b/src/test/resources/1.5/valid-external-reference-1.5.json @@ -0,0 +1,38 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "type": "library", + "publisher": "Acme Inc", + "group": "org.example", + "name": "mylibrary", + "version": "1.0.0", + "externalReferences": [ + { + "type": "advisories", + "url": "https://example.org/security/feed/csaf", + "comment": "Security advisories from the vendor" + }, + { + "type": "bom", + "url": "https://example.org/support/sbom/portal-server/1.0.0", + "comment": "An external SBOM that describes what this component includes", + "hashes": [ + { + "alg": "SHA-256", + "content": "708f1f53b41f11f02d12a11b1a38d2905d47b099afc71a0f1124ef8582ec7313" + } + ] + }, + { + "type": "documentation", + "url": "https://example.org/support/documentation/portal-server/1.0.0", + "comment": "Vendor provided documentation for the product" + } + ] + } + ] +} diff --git a/src/test/resources/1.5/valid-external-reference-1.5.textproto b/src/test/resources/1.5/valid-external-reference-1.5.textproto new file mode 100644 index 000000000..6ea87fc8c --- /dev/null +++ b/src/test/resources/1.5/valid-external-reference-1.5.textproto @@ -0,0 +1,29 @@ +spec_version: "1.5" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +components { + type: CLASSIFICATION_LIBRARY + publisher: "Acme Inc" + group: "org.example" + name: "mylibrary" + version: "1.0.0" + external_references { + type: EXTERNAL_REFERENCE_TYPE_ADVISORIES + url: "https://example.org/security/feed/csaf" + comment: "Security advisories from the vendor" + } + external_references { + type: EXTERNAL_REFERENCE_TYPE_BOM + url: "https://example.org/support/sbom/portal-server/1.0.0" + comment: "An external SBOM that describes what this component includes" + hashes { + alg: HASH_ALG_SHA_256 + value: "708f1f53b41f11f02d12a11b1a38d2905d47b099afc71a0f1124ef8582ec7313" + } + } + external_references { + type: EXTERNAL_REFERENCE_TYPE_DOCUMENTATION + url: "https://example.org/support/documentation/portal-server/1.0.0" + comment: "Vendor provided documentation for the product" + } +} diff --git a/src/test/resources/1.5/valid-external-reference-1.5.xml b/src/test/resources/1.5/valid-external-reference-1.5.xml new file mode 100644 index 000000000..0599884bb --- /dev/null +++ b/src/test/resources/1.5/valid-external-reference-1.5.xml @@ -0,0 +1,27 @@ + + + + + org.example + mylibrary + 1.0.0 + + + https://example.org/security/feed/csaf + Security advisories from the vendor + + + https://example.org/support/sbom/portal-server/1.0.0 + An external SBOM that describes what this component includes + + f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b + + + + https://example.org/support/documentation/portal-server/1.0.0 + Vendor provided documentation for the product + + + + + diff --git a/src/test/resources/1.5/valid-license-expression-1.5.json b/src/test/resources/1.5/valid-license-expression-1.5.json new file mode 100644 index 000000000..98b34e948 --- /dev/null +++ b/src/test/resources/1.5/valid-license-expression-1.5.json @@ -0,0 +1,20 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "type": "library", + "publisher": "Acme Inc", + "group": "com.acme", + "name": "tomcat-catalina", + "version": "9.0.14", + "licenses": [ + { + "expression": "EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0" + } + ] + } + ] +} diff --git a/src/test/resources/1.5/valid-license-expression-1.5.textproto b/src/test/resources/1.5/valid-license-expression-1.5.textproto new file mode 100644 index 000000000..d09924f97 --- /dev/null +++ b/src/test/resources/1.5/valid-license-expression-1.5.textproto @@ -0,0 +1,13 @@ +spec_version: "1.5" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +components { + type: CLASSIFICATION_LIBRARY + publisher: "Acme Inc" + group: "com.acme" + name: "tomcat-catalina" + version: "9.0.14" + licenses { + expression: "EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0" + } +} diff --git a/src/test/resources/1.5/valid-license-expression-1.5.xml b/src/test/resources/1.5/valid-license-expression-1.5.xml new file mode 100644 index 000000000..6b146205e --- /dev/null +++ b/src/test/resources/1.5/valid-license-expression-1.5.xml @@ -0,0 +1,23 @@ + + + + + Acme Inc + com.acme + tomcat-catalina + 9.0.14 + Modified version of Apache Catalina + required + + 3942447fac867ae5cdb3229b658f4d48 + e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a + f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b + e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 + + + EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 + + pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar + + + diff --git a/src/test/resources/1.5/valid-license-id-1.5.json b/src/test/resources/1.5/valid-license-id-1.5.json new file mode 100644 index 000000000..5f13e0117 --- /dev/null +++ b/src/test/resources/1.5/valid-license-id-1.5.json @@ -0,0 +1,22 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "type": "library", + "publisher": "Acme Inc", + "group": "com.acme", + "name": "tomcat-catalina", + "version": "9.0.14", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ] + } + ] +} diff --git a/src/test/resources/1.5/valid-license-id-1.5.textproto b/src/test/resources/1.5/valid-license-id-1.5.textproto new file mode 100644 index 000000000..105b5a236 --- /dev/null +++ b/src/test/resources/1.5/valid-license-id-1.5.textproto @@ -0,0 +1,15 @@ +spec_version: "1.5" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +components { + type: CLASSIFICATION_LIBRARY + publisher: "Acme Inc" + group: "com.acme" + name: "tomcat-catalina" + version: "9.0.14" + licenses { + license { + id: "Apache-2.0" + } + } +} diff --git a/src/test/resources/1.5/valid-license-id-1.5.xml b/src/test/resources/1.5/valid-license-id-1.5.xml new file mode 100644 index 000000000..242a0a938 --- /dev/null +++ b/src/test/resources/1.5/valid-license-id-1.5.xml @@ -0,0 +1,25 @@ + + + + + Acme Inc + com.acme + tomcat-catalina + 9.0.14 + Modified version of Apache Catalina + required + + 3942447fac867ae5cdb3229b658f4d48 + e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a + f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b + e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 + + + + Apache-2.0 + + + pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar + + + diff --git a/src/test/resources/1.5/valid-license-name-1.5.json b/src/test/resources/1.5/valid-license-name-1.5.json new file mode 100644 index 000000000..b856f70d1 --- /dev/null +++ b/src/test/resources/1.5/valid-license-name-1.5.json @@ -0,0 +1,22 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "type": "library", + "publisher": "Acme Inc", + "group": "com.acme", + "name": "tomcat-catalina", + "version": "9.0.14", + "licenses": [ + { + "license": { + "name": "Apache License 2.0" + } + } + ] + } + ] +} diff --git a/src/test/resources/1.5/valid-license-name-1.5.textproto b/src/test/resources/1.5/valid-license-name-1.5.textproto new file mode 100644 index 000000000..e77390bf5 --- /dev/null +++ b/src/test/resources/1.5/valid-license-name-1.5.textproto @@ -0,0 +1,15 @@ +spec_version: "1.5" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +components { + type: CLASSIFICATION_LIBRARY + publisher: "Acme Inc" + group: "com.acme" + name: "tomcat-catalina" + version: "9.0.14" + licenses { + license { + name: "Apache License 2.0" + } + } +} diff --git a/src/test/resources/1.5/valid-license-name-1.5.xml b/src/test/resources/1.5/valid-license-name-1.5.xml new file mode 100644 index 000000000..fee242f1f --- /dev/null +++ b/src/test/resources/1.5/valid-license-name-1.5.xml @@ -0,0 +1,25 @@ + + + + + Acme Inc + com.acme + tomcat-catalina + 9.0.14 + Modified version of Apache Catalina + required + + 3942447fac867ae5cdb3229b658f4d48 + e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a + f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b + e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 + + + + Apache License 2.0 + + + pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar + + + diff --git a/src/test/resources/1.5/valid-metadata-author-1.5.json b/src/test/resources/1.5/valid-metadata-author-1.5.json new file mode 100644 index 000000000..c5471c27e --- /dev/null +++ b/src/test/resources/1.5/valid-metadata-author-1.5.json @@ -0,0 +1,16 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "metadata": { + "authors": [ + { + "name": "Samantha Wright", + "email": "samantha.wright@example.com", + "phone": "800-555-1212" + } + ] + }, + "components": [] +} diff --git a/src/test/resources/1.5/valid-metadata-author-1.5.textproto b/src/test/resources/1.5/valid-metadata-author-1.5.textproto new file mode 100644 index 000000000..effa2fafa --- /dev/null +++ b/src/test/resources/1.5/valid-metadata-author-1.5.textproto @@ -0,0 +1,10 @@ +spec_version: "1.5" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +metadata { + authors { + name: "Samantha Wright" + email: "samantha.wright@example.com" + phone: "800-555-1212" + } +} diff --git a/src/test/resources/1.5/valid-metadata-author-1.5.xml b/src/test/resources/1.5/valid-metadata-author-1.5.xml new file mode 100644 index 000000000..3085a308c --- /dev/null +++ b/src/test/resources/1.5/valid-metadata-author-1.5.xml @@ -0,0 +1,13 @@ + + + + + + Samantha Wright + samantha.wright@example.com + 800-555-1212 + + + + + diff --git a/src/test/resources/1.5/valid-metadata-license-1.5.json b/src/test/resources/1.5/valid-metadata-license-1.5.json new file mode 100644 index 000000000..5016d6a21 --- /dev/null +++ b/src/test/resources/1.5/valid-metadata-license-1.5.json @@ -0,0 +1,16 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "metadata": { + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ] + }, + "components": [] +} diff --git a/src/test/resources/1.5/valid-metadata-license-1.5.textproto b/src/test/resources/1.5/valid-metadata-license-1.5.textproto new file mode 100644 index 000000000..5c0535934 --- /dev/null +++ b/src/test/resources/1.5/valid-metadata-license-1.5.textproto @@ -0,0 +1,10 @@ +spec_version: "1.5" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +metadata { + licenses { + license { + id: "Apache-2.0" + } + } +} diff --git a/src/test/resources/1.5/valid-metadata-license-1.5.xml b/src/test/resources/1.5/valid-metadata-license-1.5.xml new file mode 100644 index 000000000..60212faa2 --- /dev/null +++ b/src/test/resources/1.5/valid-metadata-license-1.5.xml @@ -0,0 +1,11 @@ + + + + + + Apache-2.0 + + + + + \ No newline at end of file diff --git a/src/test/resources/1.5/valid-metadata-manufacture-1.5.json b/src/test/resources/1.5/valid-metadata-manufacture-1.5.json new file mode 100644 index 000000000..6323f0004 --- /dev/null +++ b/src/test/resources/1.5/valid-metadata-manufacture-1.5.json @@ -0,0 +1,21 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "metadata": { + "manufacture": { + "name": "Acme, Inc.", + "url": [ + "https://example.com" + ], + "contact": [ + { + "name": "Acme Professional Services", + "email": "professional.services@example.com" + } + ] + } + }, + "components": [] +} diff --git a/src/test/resources/1.5/valid-metadata-manufacture-1.5.textproto b/src/test/resources/1.5/valid-metadata-manufacture-1.5.textproto new file mode 100644 index 000000000..9482b2199 --- /dev/null +++ b/src/test/resources/1.5/valid-metadata-manufacture-1.5.textproto @@ -0,0 +1,13 @@ +spec_version: "1.5" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +metadata { + manufacture { + name: "Acme, Inc." + url: "https://example.com" + contact { + name: "Acme Professional Services" + email: "professional.services@example.com" + } + } +} diff --git a/src/test/resources/1.5/valid-metadata-manufacture-1.5.xml b/src/test/resources/1.5/valid-metadata-manufacture-1.5.xml new file mode 100644 index 000000000..794939158 --- /dev/null +++ b/src/test/resources/1.5/valid-metadata-manufacture-1.5.xml @@ -0,0 +1,14 @@ + + + + + Acme, Inc. + https://example.com + + Acme Professional Services + professional.services@example.com + + + + + diff --git a/src/test/resources/1.5/valid-metadata-supplier-1.5.json b/src/test/resources/1.5/valid-metadata-supplier-1.5.json new file mode 100644 index 000000000..e445641fc --- /dev/null +++ b/src/test/resources/1.5/valid-metadata-supplier-1.5.json @@ -0,0 +1,21 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "metadata": { + "supplier": { + "name": "Acme, Inc.", + "url": [ + "https://example.com" + ], + "contact": [ + { + "name": "Acme Distribution", + "email": "distribution@example.com" + } + ] + } + }, + "components": [] +} diff --git a/src/test/resources/1.5/valid-metadata-supplier-1.5.textproto b/src/test/resources/1.5/valid-metadata-supplier-1.5.textproto new file mode 100644 index 000000000..c980f3127 --- /dev/null +++ b/src/test/resources/1.5/valid-metadata-supplier-1.5.textproto @@ -0,0 +1,13 @@ +spec_version: "1.5" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +metadata { + supplier { + name: "Acme, Inc." + url: "https://example.com" + contact { + name: "Acme Distribution" + email: "distribution@example.com" + } + } +} diff --git a/src/test/resources/1.5/valid-metadata-supplier-1.5.xml b/src/test/resources/1.5/valid-metadata-supplier-1.5.xml new file mode 100644 index 000000000..2ed3c913d --- /dev/null +++ b/src/test/resources/1.5/valid-metadata-supplier-1.5.xml @@ -0,0 +1,14 @@ + + + + + Acme, Inc. + https://example.com + + Acme Distribution + distribution@example.com + + + + + diff --git a/src/test/resources/1.5/valid-metadata-timestamp-1.5.json b/src/test/resources/1.5/valid-metadata-timestamp-1.5.json new file mode 100644 index 000000000..1d54539c8 --- /dev/null +++ b/src/test/resources/1.5/valid-metadata-timestamp-1.5.json @@ -0,0 +1,10 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "metadata": { + "timestamp": "2020-04-13T20:20:39+00:00" + }, + "components": [] +} diff --git a/src/test/resources/1.5/valid-metadata-timestamp-1.5.textproto b/src/test/resources/1.5/valid-metadata-timestamp-1.5.textproto new file mode 100644 index 000000000..f93c59067 --- /dev/null +++ b/src/test/resources/1.5/valid-metadata-timestamp-1.5.textproto @@ -0,0 +1,9 @@ +spec_version: "1.5" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +metadata { + timestamp { + seconds: 3173618478 + nanos: 3 + } +} diff --git a/src/test/resources/1.5/valid-metadata-timestamp-1.5.xml b/src/test/resources/1.5/valid-metadata-timestamp-1.5.xml new file mode 100644 index 000000000..fb1e8236c --- /dev/null +++ b/src/test/resources/1.5/valid-metadata-timestamp-1.5.xml @@ -0,0 +1,7 @@ + + + + 2020-04-07T07:01:00Z + + + diff --git a/src/test/resources/1.5/valid-metadata-tool-1.5.json b/src/test/resources/1.5/valid-metadata-tool-1.5.json new file mode 100644 index 000000000..81e908a98 --- /dev/null +++ b/src/test/resources/1.5/valid-metadata-tool-1.5.json @@ -0,0 +1,26 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "metadata": { + "tools": [ + { + "vendor": "Awesome Vendor", + "name": "Awesome Tool", + "version": "9.1.2", + "hashes": [ + { + "alg": "SHA-1", + "content": "25ed8e31b995bb927966616df2a42b979a2717f0" + }, + { + "alg": "SHA-256", + "content": "a74f733635a19aefb1f73e5947cef59cd7440c6952ef0f03d09d974274cbd6df" + } + ] + } + ] + }, + "components": [] +} diff --git a/src/test/resources/1.5/valid-metadata-tool-1.5.textproto b/src/test/resources/1.5/valid-metadata-tool-1.5.textproto new file mode 100644 index 000000000..7c3d0cb08 --- /dev/null +++ b/src/test/resources/1.5/valid-metadata-tool-1.5.textproto @@ -0,0 +1,18 @@ +spec_version: "1.5" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +metadata { + tools { + vendor: "Awesome Vendor" + name: "Awesome Tool" + version: "9.1.2" + hashes { + alg: HASH_ALG_SHA_1 + value: "25ed8e31b995bb927966616df2a42b979a2717f0" + } + hashes { + alg: HASH_ALG_SHA_256 + value: "a74f733635a19aefb1f73e5947cef59cd7440c6952ef0f03d09d974274cbd6df" + } + } +} diff --git a/src/test/resources/1.5/valid-metadata-tool-1.5.xml b/src/test/resources/1.5/valid-metadata-tool-1.5.xml new file mode 100644 index 000000000..caf273f6c --- /dev/null +++ b/src/test/resources/1.5/valid-metadata-tool-1.5.xml @@ -0,0 +1,17 @@ + + + + + + Awesome Vendor + Awesome Tool + 9.1.2 + + 25ed8e31b995bb927966616df2a42b979a2717f0 + a74f733635a19aefb1f73e5947cef59cd7440c6952ef0f03d09d974274cbd6df + + + + + + diff --git a/src/test/resources/1.5/valid-minimal-viable-1.5.json b/src/test/resources/1.5/valid-minimal-viable-1.5.json new file mode 100644 index 000000000..5000812c1 --- /dev/null +++ b/src/test/resources/1.5/valid-minimal-viable-1.5.json @@ -0,0 +1,12 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "type": "library", + "name": "acme-library" + } + ] +} diff --git a/src/test/resources/1.5/valid-minimal-viable-1.5.textproto b/src/test/resources/1.5/valid-minimal-viable-1.5.textproto new file mode 100644 index 000000000..387e40c7f --- /dev/null +++ b/src/test/resources/1.5/valid-minimal-viable-1.5.textproto @@ -0,0 +1,7 @@ +spec_version: "1.5" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +components { + type: CLASSIFICATION_LIBRARY + name: "acme-library" +} diff --git a/src/test/resources/1.5/valid-minimal-viable-1.5.xml b/src/test/resources/1.5/valid-minimal-viable-1.5.xml new file mode 100644 index 000000000..f792405fa --- /dev/null +++ b/src/test/resources/1.5/valid-minimal-viable-1.5.xml @@ -0,0 +1,8 @@ + + + + + acme-library + + + diff --git a/src/test/resources/1.5/valid-patch-1.5.json b/src/test/resources/1.5/valid-patch-1.5.json new file mode 100644 index 000000000..6639beaed --- /dev/null +++ b/src/test/resources/1.5/valid-patch-1.5.json @@ -0,0 +1,88 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "type": "library", + "group": "com.acme", + "name": "sample-library", + "version": "1.0.0", + "pedigree": { + "ancestors": [ + { + "type": "library", + "group": "org.example", + "name": "sample-library", + "version": "1.0.0" + } + ], + "patches": [ + { + "type": "unofficial", + "diff": { + "text": { + "contentType": "text/plain", + "encoding": "base64", + "content": "blah" + }, + "url": "uri/to/changes.diff" + }, + "resolves": [ + { + "type": "enhancement", + "id": "JIRA-17240", + "description": "Great new feature that does something", + "source": { + "name": "Acme Org", + "url": "https://issues.acme.org/17240" + } + } + ] + }, + { + "type": "backport", + "diff": { + "text": { + "contentType": "text/plain", + "encoding": "base64", + "content": "blah" + }, + "url": "uri/to/changes.diff" + }, + "resolves": [ + { + "type": "security", + "id": "CVE-2019-9997", + "name": "CVE-2019-9997", + "description": "blah blah", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9997" + }, + "references": [ + "http://some/other/site-1", + "http://some/other/site-2" + ] + }, + { + "type": "defect", + "id": "JIRA-874319", + "description": "Enable to do something", + "source": { + "name": "Example Org", + "url": "https://issues.example.org/874319" + }, + "references": [ + "http://some/other/site-1", + "http://some/other/site-2" + ] + } + ] + } + ] + } + } + ] +} diff --git a/src/test/resources/1.5/valid-patch-1.5.textproto b/src/test/resources/1.5/valid-patch-1.5.textproto new file mode 100644 index 000000000..d3895eccc --- /dev/null +++ b/src/test/resources/1.5/valid-patch-1.5.textproto @@ -0,0 +1,71 @@ +spec_version: "1.5" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +components { + type: CLASSIFICATION_LIBRARY + group: "com.acme" + name: "sample-library" + version: "1.0.0" + pedigree { + ancestors { + type: CLASSIFICATION_LIBRARY + group: "org.example" + name: "sample-library" + version: "1.0.0" + } + patches { + type: PATCH_CLASSIFICATION_UNOFFICIAL + diff { + text { + content_type: "text/plain" + encoding: "base64" + value: "blah" + } + url: "uri/to/changes.diff" + } + resolves { + type: ISSUE_CLASSIFICATION_ENHANCEMENT + id: "JIRA-17240" + description: "Great new feature that does something" + source { + name: "Acme Org" + url: "https://issues.acme.org/17240" + } + } + } + patches { + type: PATCH_CLASSIFICATION_BACKPORT + diff { + text { + content_type: "text/plain" + encoding: "base64" + value: "blah" + } + url: "uri/to/changes.diff" + } + resolves { + type: ISSUE_CLASSIFICATION_SECURITY + id: "CVE-2019-9997" + name: "CVE-2019-9997" + description: "blah blah" + source { + name: "NVD" + url: "https://nvd.nist.gov/vuln/detail/CVE-2019-9997" + } + references: "http://some/other/site-1" + references: "http://some/other/site-2" + } + resolves { + type: ISSUE_CLASSIFICATION_DEFECT + id: "JIRA-874319" + description: "Enable to do something" + source { + name: "Example Org" + url: "https://issues.example.org/874319" + } + references: "http://some/other/site-1" + references: "http://some/other/site-2" + } + } + } +} diff --git a/src/test/resources/1.5/valid-patch-1.5.xml b/src/test/resources/1.5/valid-patch-1.5.xml new file mode 100644 index 000000000..409798fc6 --- /dev/null +++ b/src/test/resources/1.5/valid-patch-1.5.xml @@ -0,0 +1,70 @@ + + + + + com.acme + sample-library + 1.0.0 + + + + org.example + sample-library + 1.0.0 + + + + + + blah + uri/to/changes.diff + + + + JIRA-17240 + Great new feature that does something + + Acme Org + https://issues.acme.org/17240 + + + + + + + blah + uri/to/changes.diff + + + + CVE-2019-9997 + CVE-2019-9997 + blah blah + + NVD + https://nvd.nist.gov/vuln/detail/CVE-2019-9997 + + + http://some/other/site-1 + http://some/other/site-2 + + + + JIRA-874319 + Enable to do something + + Example Org + https://issues.example.org/874319 + + + http://some/other/site-1 + http://some/other/site-2 + + + + + + + + + diff --git a/src/test/resources/1.5/valid-properties-1.5.json b/src/test/resources/1.5/valid-properties-1.5.json new file mode 100644 index 000000000..3a33ccfa9 --- /dev/null +++ b/src/test/resources/1.5/valid-properties-1.5.json @@ -0,0 +1,55 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "metadata": { + "properties": [ + { + "name": "Foo", + "value": "Bar" + }, + { + "name": "Foo", + "value": "You" + }, + { + "name": "Foo", + "value": "Two" + }, + { + "name": "Bar", + "value": "Foo" + } + ] + }, + "components": [ + { + "type": "library", + "name": "acme-library", + "version": "1.0.0", + "properties": [ + { + "name": "Foo", + "value": "Bar" + } + ] + } + ], + "services": [ + { + "bom-ref": "b2a46a4b-8367-4bae-9820-95557cfe03a8", + "group": "org.partner", + "name": "Stock ticker service", + "endpoints": [ + "https://partner.org/api/v1/stock" + ], + "properties": [ + { + "name": "Foo", + "value": "Bar" + } + ] + } + ] +} diff --git a/src/test/resources/1.5/valid-properties-1.5.textproto b/src/test/resources/1.5/valid-properties-1.5.textproto new file mode 100644 index 000000000..94f4e2b42 --- /dev/null +++ b/src/test/resources/1.5/valid-properties-1.5.textproto @@ -0,0 +1,40 @@ +spec_version: "1.5" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +metadata { + properties { + name: "Foo" + value: "Bar" + } + properties { + name: "Foo" + value: "You" + } + properties { + name: "Foo" + value: "Two" + } + properties { + name: "Bar" + value: "Foo" + } +} +components { + type: CLASSIFICATION_LIBRARY + name: "acme-library" + version: "1.0.0" + properties { + name: "Foo" + value: "Bar" + } +} +services { + bom_ref: "b2a46a4b-8367-4bae-9820-95557cfe03a8" + group: "org.partner" + name: "Stock ticker service" + endpoints: "https://partner.org/api/v1/stock" + properties { + name: "Foo" + value: "Bar" + } +} diff --git a/src/test/resources/1.5/valid-properties-1.5.xml b/src/test/resources/1.5/valid-properties-1.5.xml new file mode 100644 index 000000000..85abf9e9f --- /dev/null +++ b/src/test/resources/1.5/valid-properties-1.5.xml @@ -0,0 +1,34 @@ + + + + + Bar + You + Two + Foo + + + + + acme-library + 1.0.0 + + Bar + Foo + + + + + + org.partner + Stock ticker service + + https://partner.org/api/v1/stock + + + Bar + Foo + + + + diff --git a/src/test/resources/1.5/valid-random-attributes-1.5.xml b/src/test/resources/1.5/valid-random-attributes-1.5.xml new file mode 100644 index 000000000..403c77402 --- /dev/null +++ b/src/test/resources/1.5/valid-random-attributes-1.5.xml @@ -0,0 +1,118 @@ + + + + + Acme Inc + com.acme + tomcat-catalina + 9.0.14 + Modified version of Apache Catalina + required + + 3942447fac867ae5cdb3229b658f4d48 + e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a + f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b + e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 + + + + Apache-2.0 + CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFwYWNoZSBMaWNlbnNlCiAgICAgICAgICAgICAgICAgICAgICAgICAgIFZlcnNpb24gMi4wLCBKYW51YXJ5IDIwMDQKICAgICAgICAgICAgICAgICAgICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzLwoKICAgVEVSTVMgQU5EIENPTkRJVElPTlMgRk9SIFVTRSwgUkVQUk9EVUNUSU9OLCBBTkQgRElTVFJJQlVUSU9OCgogICAxLiBEZWZpbml0aW9ucy4KCiAgICAgICJMaWNlbnNlIiBzaGFsbCBtZWFuIHRoZSB0ZXJtcyBhbmQgY29uZGl0aW9ucyBmb3IgdXNlLCByZXByb2R1Y3Rpb24sCiAgICAgIGFuZCBkaXN0cmlidXRpb24gYXMgZGVmaW5lZCBieSBTZWN0aW9ucyAxIHRocm91Z2ggOSBvZiB0aGlzIGRvY3VtZW50LgoKICAgICAgIkxpY2Vuc29yIiBzaGFsbCBtZWFuIHRoZSBjb3B5cmlnaHQgb3duZXIgb3IgZW50aXR5IGF1dGhvcml6ZWQgYnkKICAgICAgdGhlIGNvcHlyaWdodCBvd25lciB0aGF0IGlzIGdyYW50aW5nIHRoZSBMaWNlbnNlLgoKICAgICAgIkxlZ2FsIEVudGl0eSIgc2hhbGwgbWVhbiB0aGUgdW5pb24gb2YgdGhlIGFjdGluZyBlbnRpdHkgYW5kIGFsbAogICAgICBvdGhlciBlbnRpdGllcyB0aGF0IGNvbnRyb2wsIGFyZSBjb250cm9sbGVkIGJ5LCBvciBhcmUgdW5kZXIgY29tbW9uCiAgICAgIGNvbnRyb2wgd2l0aCB0aGF0IGVudGl0eS4gRm9yIHRoZSBwdXJwb3NlcyBvZiB0aGlzIGRlZmluaXRpb24sCiAgICAgICJjb250cm9sIiBtZWFucyAoaSkgdGhlIHBvd2VyLCBkaXJlY3Qgb3IgaW5kaXJlY3QsIHRvIGNhdXNlIHRoZQogICAgICBkaXJlY3Rpb24gb3IgbWFuYWdlbWVudCBvZiBzdWNoIGVudGl0eSwgd2hldGhlciBieSBjb250cmFjdCBvcgogICAgICBvdGhlcndpc2UsIG9yIChpaSkgb3duZXJzaGlwIG9mIGZpZnR5IHBlcmNlbnQgKDUwJSkgb3IgbW9yZSBvZiB0aGUKICAgICAgb3V0c3RhbmRpbmcgc2hhcmVzLCBvciAoaWlpKSBiZW5lZmljaWFsIG93bmVyc2hpcCBvZiBzdWNoIGVudGl0eS4KCiAgICAgICJZb3UiIChvciAiWW91ciIpIHNoYWxsIG1lYW4gYW4gaW5kaXZpZHVhbCBvciBMZWdhbCBFbnRpdHkKICAgICAgZXhlcmNpc2luZyBwZXJtaXNzaW9ucyBncmFudGVkIGJ5IHRoaXMgTGljZW5zZS4KCiAgICAgICJTb3VyY2UiIGZvcm0gc2hhbGwgbWVhbiB0aGUgcHJlZmVycmVkIGZvcm0gZm9yIG1ha2luZyBtb2RpZmljYXRpb25zLAogICAgICBpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIHNvZnR3YXJlIHNvdXJjZSBjb2RlLCBkb2N1bWVudGF0aW9uCiAgICAgIHNvdXJjZSwgYW5kIGNvbmZpZ3VyYXRpb24gZmlsZXMuCgogICAgICAiT2JqZWN0IiBmb3JtIHNoYWxsIG1lYW4gYW55IGZvcm0gcmVzdWx0aW5nIGZyb20gbWVjaGFuaWNhbAogICAgICB0cmFuc2Zvcm1hdGlvbiBvciB0cmFuc2xhdGlvbiBvZiBhIFNvdXJjZSBmb3JtLCBpbmNsdWRpbmcgYnV0CiAgICAgIG5vdCBsaW1pdGVkIHRvIGNvbXBpbGVkIG9iamVjdCBjb2RlLCBnZW5lcmF0ZWQgZG9jdW1lbnRhdGlvbiwKICAgICAgYW5kIGNvbnZlcnNpb25zIHRvIG90aGVyIG1lZGlhIHR5cGVzLgoKICAgICAgIldvcmsiIHNoYWxsIG1lYW4gdGhlIHdvcmsgb2YgYXV0aG9yc2hpcCwgd2hldGhlciBpbiBTb3VyY2Ugb3IKICAgICAgT2JqZWN0IGZvcm0sIG1hZGUgYXZhaWxhYmxlIHVuZGVyIHRoZSBMaWNlbnNlLCBhcyBpbmRpY2F0ZWQgYnkgYQogICAgICBjb3B5cmlnaHQgbm90aWNlIHRoYXQgaXMgaW5jbHVkZWQgaW4gb3IgYXR0YWNoZWQgdG8gdGhlIHdvcmsKICAgICAgKGFuIGV4YW1wbGUgaXMgcHJvdmlkZWQgaW4gdGhlIEFwcGVuZGl4IGJlbG93KS4KCiAgICAgICJEZXJpdmF0aXZlIFdvcmtzIiBzaGFsbCBtZWFuIGFueSB3b3JrLCB3aGV0aGVyIGluIFNvdXJjZSBvciBPYmplY3QKICAgICAgZm9ybSwgdGhhdCBpcyBiYXNlZCBvbiAob3IgZGVyaXZlZCBmcm9tKSB0aGUgV29yayBhbmQgZm9yIHdoaWNoIHRoZQogICAgICBlZGl0b3JpYWwgcmV2aXNpb25zLCBhbm5vdGF0aW9ucywgZWxhYm9yYXRpb25zLCBvciBvdGhlciBtb2RpZmljYXRpb25zCiAgICAgIHJlcHJlc2VudCwgYXMgYSB3aG9sZSwgYW4gb3JpZ2luYWwgd29yayBvZiBhdXRob3JzaGlwLiBGb3IgdGhlIHB1cnBvc2VzCiAgICAgIG9mIHRoaXMgTGljZW5zZSwgRGVyaXZhdGl2ZSBXb3JrcyBzaGFsbCBub3QgaW5jbHVkZSB3b3JrcyB0aGF0IHJlbWFpbgogICAgICBzZXBhcmFibGUgZnJvbSwgb3IgbWVyZWx5IGxpbmsgKG9yIGJpbmQgYnkgbmFtZSkgdG8gdGhlIGludGVyZmFjZXMgb2YsCiAgICAgIHRoZSBXb3JrIGFuZCBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YuCgogICAgICAiQ29udHJpYnV0aW9uIiBzaGFsbCBtZWFuIGFueSB3b3JrIG9mIGF1dGhvcnNoaXAsIGluY2x1ZGluZwogICAgICB0aGUgb3JpZ2luYWwgdmVyc2lvbiBvZiB0aGUgV29yayBhbmQgYW55IG1vZGlmaWNhdGlvbnMgb3IgYWRkaXRpb25zCiAgICAgIHRvIHRoYXQgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIHRoYXQgaXMgaW50ZW50aW9uYWxseQogICAgICBzdWJtaXR0ZWQgdG8gTGljZW5zb3IgZm9yIGluY2x1c2lvbiBpbiB0aGUgV29yayBieSB0aGUgY29weXJpZ2h0IG93bmVyCiAgICAgIG9yIGJ5IGFuIGluZGl2aWR1YWwgb3IgTGVnYWwgRW50aXR5IGF1dGhvcml6ZWQgdG8gc3VibWl0IG9uIGJlaGFsZiBvZgogICAgICB0aGUgY29weXJpZ2h0IG93bmVyLiBGb3IgdGhlIHB1cnBvc2VzIG9mIHRoaXMgZGVmaW5pdGlvbiwgInN1Ym1pdHRlZCIKICAgICAgbWVhbnMgYW55IGZvcm0gb2YgZWxlY3Ryb25pYywgdmVyYmFsLCBvciB3cml0dGVuIGNvbW11bmljYXRpb24gc2VudAogICAgICB0byB0aGUgTGljZW5zb3Igb3IgaXRzIHJlcHJlc2VudGF0aXZlcywgaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0bwogICAgICBjb21tdW5pY2F0aW9uIG9uIGVsZWN0cm9uaWMgbWFpbGluZyBsaXN0cywgc291cmNlIGNvZGUgY29udHJvbCBzeXN0ZW1zLAogICAgICBhbmQgaXNzdWUgdHJhY2tpbmcgc3lzdGVtcyB0aGF0IGFyZSBtYW5hZ2VkIGJ5LCBvciBvbiBiZWhhbGYgb2YsIHRoZQogICAgICBMaWNlbnNvciBmb3IgdGhlIHB1cnBvc2Ugb2YgZGlzY3Vzc2luZyBhbmQgaW1wcm92aW5nIHRoZSBXb3JrLCBidXQKICAgICAgZXhjbHVkaW5nIGNvbW11bmljYXRpb24gdGhhdCBpcyBjb25zcGljdW91c2x5IG1hcmtlZCBvciBvdGhlcndpc2UKICAgICAgZGVzaWduYXRlZCBpbiB3cml0aW5nIGJ5IHRoZSBjb3B5cmlnaHQgb3duZXIgYXMgIk5vdCBhIENvbnRyaWJ1dGlvbi4iCgogICAgICAiQ29udHJpYnV0b3IiIHNoYWxsIG1lYW4gTGljZW5zb3IgYW5kIGFueSBpbmRpdmlkdWFsIG9yIExlZ2FsIEVudGl0eQogICAgICBvbiBiZWhhbGYgb2Ygd2hvbSBhIENvbnRyaWJ1dGlvbiBoYXMgYmVlbiByZWNlaXZlZCBieSBMaWNlbnNvciBhbmQKICAgICAgc3Vic2VxdWVudGx5IGluY29ycG9yYXRlZCB3aXRoaW4gdGhlIFdvcmsuCgogICAyLiBHcmFudCBvZiBDb3B5cmlnaHQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICBjb3B5cmlnaHQgbGljZW5zZSB0byByZXByb2R1Y2UsIHByZXBhcmUgRGVyaXZhdGl2ZSBXb3JrcyBvZiwKICAgICAgcHVibGljbHkgZGlzcGxheSwgcHVibGljbHkgcGVyZm9ybSwgc3VibGljZW5zZSwgYW5kIGRpc3RyaWJ1dGUgdGhlCiAgICAgIFdvcmsgYW5kIHN1Y2ggRGVyaXZhdGl2ZSBXb3JrcyBpbiBTb3VyY2Ugb3IgT2JqZWN0IGZvcm0uCgogICAzLiBHcmFudCBvZiBQYXRlbnQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICAoZXhjZXB0IGFzIHN0YXRlZCBpbiB0aGlzIHNlY3Rpb24pIHBhdGVudCBsaWNlbnNlIHRvIG1ha2UsIGhhdmUgbWFkZSwKICAgICAgdXNlLCBvZmZlciB0byBzZWxsLCBzZWxsLCBpbXBvcnQsIGFuZCBvdGhlcndpc2UgdHJhbnNmZXIgdGhlIFdvcmssCiAgICAgIHdoZXJlIHN1Y2ggbGljZW5zZSBhcHBsaWVzIG9ubHkgdG8gdGhvc2UgcGF0ZW50IGNsYWltcyBsaWNlbnNhYmxlCiAgICAgIGJ5IHN1Y2ggQ29udHJpYnV0b3IgdGhhdCBhcmUgbmVjZXNzYXJpbHkgaW5mcmluZ2VkIGJ5IHRoZWlyCiAgICAgIENvbnRyaWJ1dGlvbihzKSBhbG9uZSBvciBieSBjb21iaW5hdGlvbiBvZiB0aGVpciBDb250cmlidXRpb24ocykKICAgICAgd2l0aCB0aGUgV29yayB0byB3aGljaCBzdWNoIENvbnRyaWJ1dGlvbihzKSB3YXMgc3VibWl0dGVkLiBJZiBZb3UKICAgICAgaW5zdGl0dXRlIHBhdGVudCBsaXRpZ2F0aW9uIGFnYWluc3QgYW55IGVudGl0eSAoaW5jbHVkaW5nIGEKICAgICAgY3Jvc3MtY2xhaW0gb3IgY291bnRlcmNsYWltIGluIGEgbGF3c3VpdCkgYWxsZWdpbmcgdGhhdCB0aGUgV29yawogICAgICBvciBhIENvbnRyaWJ1dGlvbiBpbmNvcnBvcmF0ZWQgd2l0aGluIHRoZSBXb3JrIGNvbnN0aXR1dGVzIGRpcmVjdAogICAgICBvciBjb250cmlidXRvcnkgcGF0ZW50IGluZnJpbmdlbWVudCwgdGhlbiBhbnkgcGF0ZW50IGxpY2Vuc2VzCiAgICAgIGdyYW50ZWQgdG8gWW91IHVuZGVyIHRoaXMgTGljZW5zZSBmb3IgdGhhdCBXb3JrIHNoYWxsIHRlcm1pbmF0ZQogICAgICBhcyBvZiB0aGUgZGF0ZSBzdWNoIGxpdGlnYXRpb24gaXMgZmlsZWQuCgogICA0LiBSZWRpc3RyaWJ1dGlvbi4gWW91IG1heSByZXByb2R1Y2UgYW5kIGRpc3RyaWJ1dGUgY29waWVzIG9mIHRoZQogICAgICBXb3JrIG9yIERlcml2YXRpdmUgV29ya3MgdGhlcmVvZiBpbiBhbnkgbWVkaXVtLCB3aXRoIG9yIHdpdGhvdXQKICAgICAgbW9kaWZpY2F0aW9ucywgYW5kIGluIFNvdXJjZSBvciBPYmplY3QgZm9ybSwgcHJvdmlkZWQgdGhhdCBZb3UKICAgICAgbWVldCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnM6CgogICAgICAoYSkgWW91IG11c3QgZ2l2ZSBhbnkgb3RoZXIgcmVjaXBpZW50cyBvZiB0aGUgV29yayBvcgogICAgICAgICAgRGVyaXZhdGl2ZSBXb3JrcyBhIGNvcHkgb2YgdGhpcyBMaWNlbnNlOyBhbmQKCiAgICAgIChiKSBZb3UgbXVzdCBjYXVzZSBhbnkgbW9kaWZpZWQgZmlsZXMgdG8gY2FycnkgcHJvbWluZW50IG5vdGljZXMKICAgICAgICAgIHN0YXRpbmcgdGhhdCBZb3UgY2hhbmdlZCB0aGUgZmlsZXM7IGFuZAoKICAgICAgKGMpIFlvdSBtdXN0IHJldGFpbiwgaW4gdGhlIFNvdXJjZSBmb3JtIG9mIGFueSBEZXJpdmF0aXZlIFdvcmtzCiAgICAgICAgICB0aGF0IFlvdSBkaXN0cmlidXRlLCBhbGwgY29weXJpZ2h0LCBwYXRlbnQsIHRyYWRlbWFyaywgYW5kCiAgICAgICAgICBhdHRyaWJ1dGlvbiBub3RpY2VzIGZyb20gdGhlIFNvdXJjZSBmb3JtIG9mIHRoZSBXb3JrLAogICAgICAgICAgZXhjbHVkaW5nIHRob3NlIG5vdGljZXMgdGhhdCBkbyBub3QgcGVydGFpbiB0byBhbnkgcGFydCBvZgogICAgICAgICAgdGhlIERlcml2YXRpdmUgV29ya3M7IGFuZAoKICAgICAgKGQpIElmIHRoZSBXb3JrIGluY2x1ZGVzIGEgIk5PVElDRSIgdGV4dCBmaWxlIGFzIHBhcnQgb2YgaXRzCiAgICAgICAgICBkaXN0cmlidXRpb24sIHRoZW4gYW55IERlcml2YXRpdmUgV29ya3MgdGhhdCBZb3UgZGlzdHJpYnV0ZSBtdXN0CiAgICAgICAgICBpbmNsdWRlIGEgcmVhZGFibGUgY29weSBvZiB0aGUgYXR0cmlidXRpb24gbm90aWNlcyBjb250YWluZWQKICAgICAgICAgIHdpdGhpbiBzdWNoIE5PVElDRSBmaWxlLCBleGNsdWRpbmcgdGhvc2Ugbm90aWNlcyB0aGF0IGRvIG5vdAogICAgICAgICAgcGVydGFpbiB0byBhbnkgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaW4gYXQgbGVhc3Qgb25lCiAgICAgICAgICBvZiB0aGUgZm9sbG93aW5nIHBsYWNlczogd2l0aGluIGEgTk9USUNFIHRleHQgZmlsZSBkaXN0cmlidXRlZAogICAgICAgICAgYXMgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgd2l0aGluIHRoZSBTb3VyY2UgZm9ybSBvcgogICAgICAgICAgZG9jdW1lbnRhdGlvbiwgaWYgcHJvdmlkZWQgYWxvbmcgd2l0aCB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgb3IsCiAgICAgICAgICB3aXRoaW4gYSBkaXNwbGF5IGdlbmVyYXRlZCBieSB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaWYgYW5kCiAgICAgICAgICB3aGVyZXZlciBzdWNoIHRoaXJkLXBhcnR5IG5vdGljZXMgbm9ybWFsbHkgYXBwZWFyLiBUaGUgY29udGVudHMKICAgICAgICAgIG9mIHRoZSBOT1RJQ0UgZmlsZSBhcmUgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seSBhbmQKICAgICAgICAgIGRvIG5vdCBtb2RpZnkgdGhlIExpY2Vuc2UuIFlvdSBtYXkgYWRkIFlvdXIgb3duIGF0dHJpYnV0aW9uCiAgICAgICAgICBub3RpY2VzIHdpdGhpbiBEZXJpdmF0aXZlIFdvcmtzIHRoYXQgWW91IGRpc3RyaWJ1dGUsIGFsb25nc2lkZQogICAgICAgICAgb3IgYXMgYW4gYWRkZW5kdW0gdG8gdGhlIE5PVElDRSB0ZXh0IGZyb20gdGhlIFdvcmssIHByb3ZpZGVkCiAgICAgICAgICB0aGF0IHN1Y2ggYWRkaXRpb25hbCBhdHRyaWJ1dGlvbiBub3RpY2VzIGNhbm5vdCBiZSBjb25zdHJ1ZWQKICAgICAgICAgIGFzIG1vZGlmeWluZyB0aGUgTGljZW5zZS4KCiAgICAgIFlvdSBtYXkgYWRkIFlvdXIgb3duIGNvcHlyaWdodCBzdGF0ZW1lbnQgdG8gWW91ciBtb2RpZmljYXRpb25zIGFuZAogICAgICBtYXkgcHJvdmlkZSBhZGRpdGlvbmFsIG9yIGRpZmZlcmVudCBsaWNlbnNlIHRlcm1zIGFuZCBjb25kaXRpb25zCiAgICAgIGZvciB1c2UsIHJlcHJvZHVjdGlvbiwgb3IgZGlzdHJpYnV0aW9uIG9mIFlvdXIgbW9kaWZpY2F0aW9ucywgb3IKICAgICAgZm9yIGFueSBzdWNoIERlcml2YXRpdmUgV29ya3MgYXMgYSB3aG9sZSwgcHJvdmlkZWQgWW91ciB1c2UsCiAgICAgIHJlcHJvZHVjdGlvbiwgYW5kIGRpc3RyaWJ1dGlvbiBvZiB0aGUgV29yayBvdGhlcndpc2UgY29tcGxpZXMgd2l0aAogICAgICB0aGUgY29uZGl0aW9ucyBzdGF0ZWQgaW4gdGhpcyBMaWNlbnNlLgoKICAgNS4gU3VibWlzc2lvbiBvZiBDb250cmlidXRpb25zLiBVbmxlc3MgWW91IGV4cGxpY2l0bHkgc3RhdGUgb3RoZXJ3aXNlLAogICAgICBhbnkgQ29udHJpYnV0aW9uIGludGVudGlvbmFsbHkgc3VibWl0dGVkIGZvciBpbmNsdXNpb24gaW4gdGhlIFdvcmsKICAgICAgYnkgWW91IHRvIHRoZSBMaWNlbnNvciBzaGFsbCBiZSB1bmRlciB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCB3aXRob3V0IGFueSBhZGRpdGlvbmFsIHRlcm1zIG9yIGNvbmRpdGlvbnMuCiAgICAgIE5vdHdpdGhzdGFuZGluZyB0aGUgYWJvdmUsIG5vdGhpbmcgaGVyZWluIHNoYWxsIHN1cGVyc2VkZSBvciBtb2RpZnkKICAgICAgdGhlIHRlcm1zIG9mIGFueSBzZXBhcmF0ZSBsaWNlbnNlIGFncmVlbWVudCB5b3UgbWF5IGhhdmUgZXhlY3V0ZWQKICAgICAgd2l0aCBMaWNlbnNvciByZWdhcmRpbmcgc3VjaCBDb250cmlidXRpb25zLgoKICAgNi4gVHJhZGVtYXJrcy4gVGhpcyBMaWNlbnNlIGRvZXMgbm90IGdyYW50IHBlcm1pc3Npb24gdG8gdXNlIHRoZSB0cmFkZQogICAgICBuYW1lcywgdHJhZGVtYXJrcywgc2VydmljZSBtYXJrcywgb3IgcHJvZHVjdCBuYW1lcyBvZiB0aGUgTGljZW5zb3IsCiAgICAgIGV4Y2VwdCBhcyByZXF1aXJlZCBmb3IgcmVhc29uYWJsZSBhbmQgY3VzdG9tYXJ5IHVzZSBpbiBkZXNjcmliaW5nIHRoZQogICAgICBvcmlnaW4gb2YgdGhlIFdvcmsgYW5kIHJlcHJvZHVjaW5nIHRoZSBjb250ZW50IG9mIHRoZSBOT1RJQ0UgZmlsZS4KCiAgIDcuIERpc2NsYWltZXIgb2YgV2FycmFudHkuIFVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvcgogICAgICBhZ3JlZWQgdG8gaW4gd3JpdGluZywgTGljZW5zb3IgcHJvdmlkZXMgdGhlIFdvcmsgKGFuZCBlYWNoCiAgICAgIENvbnRyaWJ1dG9yIHByb3ZpZGVzIGl0cyBDb250cmlidXRpb25zKSBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICAgICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IKICAgICAgaW1wbGllZCwgaW5jbHVkaW5nLCB3aXRob3V0IGxpbWl0YXRpb24sIGFueSB3YXJyYW50aWVzIG9yIGNvbmRpdGlvbnMKICAgICAgb2YgVElUTEUsIE5PTi1JTkZSSU5HRU1FTlQsIE1FUkNIQU5UQUJJTElUWSwgb3IgRklUTkVTUyBGT1IgQQogICAgICBQQVJUSUNVTEFSIFBVUlBPU0UuIFlvdSBhcmUgc29sZWx5IHJlc3BvbnNpYmxlIGZvciBkZXRlcm1pbmluZyB0aGUKICAgICAgYXBwcm9wcmlhdGVuZXNzIG9mIHVzaW5nIG9yIHJlZGlzdHJpYnV0aW5nIHRoZSBXb3JrIGFuZCBhc3N1bWUgYW55CiAgICAgIHJpc2tzIGFzc29jaWF0ZWQgd2l0aCBZb3VyIGV4ZXJjaXNlIG9mIHBlcm1pc3Npb25zIHVuZGVyIHRoaXMgTGljZW5zZS4KCiAgIDguIExpbWl0YXRpb24gb2YgTGlhYmlsaXR5LiBJbiBubyBldmVudCBhbmQgdW5kZXIgbm8gbGVnYWwgdGhlb3J5LAogICAgICB3aGV0aGVyIGluIHRvcnQgKGluY2x1ZGluZyBuZWdsaWdlbmNlKSwgY29udHJhY3QsIG9yIG90aGVyd2lzZSwKICAgICAgdW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IChzdWNoIGFzIGRlbGliZXJhdGUgYW5kIGdyb3NzbHkKICAgICAgbmVnbGlnZW50IGFjdHMpIG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzaGFsbCBhbnkgQ29udHJpYnV0b3IgYmUKICAgICAgbGlhYmxlIHRvIFlvdSBmb3IgZGFtYWdlcywgaW5jbHVkaW5nIGFueSBkaXJlY3QsIGluZGlyZWN0LCBzcGVjaWFsLAogICAgICBpbmNpZGVudGFsLCBvciBjb25zZXF1ZW50aWFsIGRhbWFnZXMgb2YgYW55IGNoYXJhY3RlciBhcmlzaW5nIGFzIGEKICAgICAgcmVzdWx0IG9mIHRoaXMgTGljZW5zZSBvciBvdXQgb2YgdGhlIHVzZSBvciBpbmFiaWxpdHkgdG8gdXNlIHRoZQogICAgICBXb3JrIChpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIGRhbWFnZXMgZm9yIGxvc3Mgb2YgZ29vZHdpbGwsCiAgICAgIHdvcmsgc3RvcHBhZ2UsIGNvbXB1dGVyIGZhaWx1cmUgb3IgbWFsZnVuY3Rpb24sIG9yIGFueSBhbmQgYWxsCiAgICAgIG90aGVyIGNvbW1lcmNpYWwgZGFtYWdlcyBvciBsb3NzZXMpLCBldmVuIGlmIHN1Y2ggQ29udHJpYnV0b3IKICAgICAgaGFzIGJlZW4gYWR2aXNlZCBvZiB0aGUgcG9zc2liaWxpdHkgb2Ygc3VjaCBkYW1hZ2VzLgoKICAgOS4gQWNjZXB0aW5nIFdhcnJhbnR5IG9yIEFkZGl0aW9uYWwgTGlhYmlsaXR5LiBXaGlsZSByZWRpc3RyaWJ1dGluZwogICAgICB0aGUgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIFlvdSBtYXkgY2hvb3NlIHRvIG9mZmVyLAogICAgICBhbmQgY2hhcmdlIGEgZmVlIGZvciwgYWNjZXB0YW5jZSBvZiBzdXBwb3J0LCB3YXJyYW50eSwgaW5kZW1uaXR5LAogICAgICBvciBvdGhlciBsaWFiaWxpdHkgb2JsaWdhdGlvbnMgYW5kL29yIHJpZ2h0cyBjb25zaXN0ZW50IHdpdGggdGhpcwogICAgICBMaWNlbnNlLiBIb3dldmVyLCBpbiBhY2NlcHRpbmcgc3VjaCBvYmxpZ2F0aW9ucywgWW91IG1heSBhY3Qgb25seQogICAgICBvbiBZb3VyIG93biBiZWhhbGYgYW5kIG9uIFlvdXIgc29sZSByZXNwb25zaWJpbGl0eSwgbm90IG9uIGJlaGFsZgogICAgICBvZiBhbnkgb3RoZXIgQ29udHJpYnV0b3IsIGFuZCBvbmx5IGlmIFlvdSBhZ3JlZSB0byBpbmRlbW5pZnksCiAgICAgIGRlZmVuZCwgYW5kIGhvbGQgZWFjaCBDb250cmlidXRvciBoYXJtbGVzcyBmb3IgYW55IGxpYWJpbGl0eQogICAgICBpbmN1cnJlZCBieSwgb3IgY2xhaW1zIGFzc2VydGVkIGFnYWluc3QsIHN1Y2ggQ29udHJpYnV0b3IgYnkgcmVhc29uCiAgICAgIG9mIHlvdXIgYWNjZXB0aW5nIGFueSBzdWNoIHdhcnJhbnR5IG9yIGFkZGl0aW9uYWwgbGlhYmlsaXR5LgoKICAgRU5EIE9GIFRFUk1TIEFORCBDT05ESVRJT05TCgogICBBUFBFTkRJWDogSG93IHRvIGFwcGx5IHRoZSBBcGFjaGUgTGljZW5zZSB0byB5b3VyIHdvcmsuCgogICAgICBUbyBhcHBseSB0aGUgQXBhY2hlIExpY2Vuc2UgdG8geW91ciB3b3JrLCBhdHRhY2ggdGhlIGZvbGxvd2luZwogICAgICBib2lsZXJwbGF0ZSBub3RpY2UsIHdpdGggdGhlIGZpZWxkcyBlbmNsb3NlZCBieSBicmFja2V0cyAiW10iCiAgICAgIHJlcGxhY2VkIHdpdGggeW91ciBvd24gaWRlbnRpZnlpbmcgaW5mb3JtYXRpb24uIChEb24ndCBpbmNsdWRlCiAgICAgIHRoZSBicmFja2V0cyEpICBUaGUgdGV4dCBzaG91bGQgYmUgZW5jbG9zZWQgaW4gdGhlIGFwcHJvcHJpYXRlCiAgICAgIGNvbW1lbnQgc3ludGF4IGZvciB0aGUgZmlsZSBmb3JtYXQuIFdlIGFsc28gcmVjb21tZW5kIHRoYXQgYQogICAgICBmaWxlIG9yIGNsYXNzIG5hbWUgYW5kIGRlc2NyaXB0aW9uIG9mIHB1cnBvc2UgYmUgaW5jbHVkZWQgb24gdGhlCiAgICAgIHNhbWUgInByaW50ZWQgcGFnZSIgYXMgdGhlIGNvcHlyaWdodCBub3RpY2UgZm9yIGVhc2llcgogICAgICBpZGVudGlmaWNhdGlvbiB3aXRoaW4gdGhpcmQtcGFydHkgYXJjaGl2ZXMuCgogICBDb3B5cmlnaHQgW3l5eXldIFtuYW1lIG9mIGNvcHlyaWdodCBvd25lcl0KCiAgIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSAiTGljZW5zZSIpOwogICB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiAgIFlvdSBtYXkgb2J0YWluIGEgY29weSBvZiB0aGUgTGljZW5zZSBhdAoKICAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMAoKICAgVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZQogICBkaXN0cmlidXRlZCB1bmRlciB0aGUgTGljZW5zZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KICAgU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zIGFuZAogICBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS4= + https://www.apache.org/licenses/LICENSE-2.0.txt + + + pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar + + + + Apache + org.apache.tomcat + tomcat-catalina + 9.0.14 + Apache Catalina + + + Apache-2.0 + + + pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.14?packaging=jar + + + + + 7638417db6d59f3c431d3e1f261cc637155684cd + https://location/to/7638417db6d59f3c431d3e1f261cc637155684cd + + 2018-11-07T22:01:45Z + John Doe + john.doe@example.com + + + 2018-11-07T22:01:45Z + Jane Doe + jane.doe@example.com + + Initial commit + + + Commentary here + + + + org.example + mylibrary + 1.0.0 + required + + 2342c2eaf1feb9a80195dbaddf2ebaa3 + 68b78babe00a053f9e35ec6a2d9080f5b90122b0 + 708f1f53b41f11f02d12a11b1a38d2905d47b099afc71a0f1124ef8582ec7313 + 387b7ae16b9cae45f830671541539bf544202faae5aac544a93b7b0a04f5f846fa2f4e81ef3f1677e13aed7496408a441f5657ab6d54423e56bf6f38da124aef + + + EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 + + Copyright Example Inc. All rights reserved. + cpe:/a:example:myapplication:1.0.0 + pkg:maven/com.example/myapplication@1.0.0?packaging=war + false + + + http://example.org/docs + All component versions are documented here + + + http://example.org/security + + + + + com.example + myframework + 1.0.0 + Example Inc, enterprise framework + required + + cfcb0b64aacd2f81c1cd546543de965a + 7fbeef2346c45d565c3341f037bce4e088af8a52 + 0384db3cec55d86a6898c489fdb75a8e75fe66b26639634983d2f3c3558493d1 + 854909cdb9e3ca183056837144aab6d8069b377bd66445087cc7157bf0c3f620418705dd0b83bdc2f73a508c2bdb316ca1809d75ee6972d02023a3e7dd655c79 + + + + Some random license + + + pkg:maven/com.example/myframework@1.0.0?packaging=war + false + + + http://example.com/myframework + + + http://example.com/security + + + + + diff --git a/src/test/resources/1.5/valid-release-notes-1.5.json b/src/test/resources/1.5/valid-release-notes-1.5.json new file mode 100644 index 000000000..7b583cd8f --- /dev/null +++ b/src/test/resources/1.5/valid-release-notes-1.5.json @@ -0,0 +1,194 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "type": "library", + "name": "acme-example", + "version": "1.0.0", + "releaseNotes": { + "type": "major", + "title": "My new release", + "featuredImage": "https://example.com/featured_image.png", + "socialImage": "https://example.com/social_image.png", + "description": "The main description of your release", + "timestamp": "2021-09-17T00:51:18+00:00", + "aliases": [ + "Project Orion" + ], + "tags": [ + "CMS", + "SEO", + "wysiwyg" + ], + "resolves": [ + { + "type": "enhancement", + "id": "JIRA-17240", + "description": "Great new feature that does something", + "source": { + "name": "Acme Org", + "url": "https://issues.example.com/17240" + } + }, + { + "type": "security", + "id": "CVE-2019-9997", + "name": "CVE-2019-9997", + "description": "Great new feature that does something", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9997" + }, + "references": [ + "http://some/other/site-1", + "http://some/other/site-2" + ] + } + ], + "notes": [ + { + "locale": "en-US", + "text": { + "contentType": "text/html", + "encoding": "base64", + "content": "PGgxPk15IG5ldyByZWxlYXNlPGgxPgo8cD5SZWxlYXNlIG5vdGVzIGhlcmU8L3A+" + } + }, + { + "locale": "es", + "text": { + "contentType": "text/html", + "encoding": "base64", + "content": "PGgxPk15IG5ldyByZWxlYXNlPGgxPgo8cD5Ob3RhcyBkZSBsYSB2ZXJzacOzbiBhcXXDrTwvcD4=" + } + } + ] + } + } + ], + "services": [ + { + "bom-ref": "b2a46a4b-8367-4bae-9820-95557cfe03a8", + "provider": { + "name": "Partner Org", + "url": [ + "https://partner.org" + ], + "contact": [ + { + "name": "Support", + "email": "support@partner", + "phone": "800-555-1212" + } + ] + }, + "group": "org.partner", + "name": "Stock ticker service", + "version": "2020-Q2", + "description": "Provides real-time stock information", + "endpoints": [ + "https://partner.org/api/v1/lookup", + "https://partner.org/api/v1/stock" + ], + "authenticated": true, + "x-trust-boundary": true, + "data": [ + { + "classification": "PII", + "flow": "inbound" + }, + { + "classification": "PIFI", + "flow": "outbound" + }, + { + "classification": "pubic", + "flow": "bi-directional" + }, + { + "classification": "partner-data", + "flow": "unknown" + } + ], + "licenses": [ + { + "license": { + "name": "Partner license" + } + } + ], + "externalReferences": [ + { + "type": "website", + "url": "http://partner.org" + }, + { + "type": "documentation", + "url": "http://api.partner.org/swagger" + } + ], + "releaseNotes": { + "type": "major", + "title": "My new release", + "featuredImage": "https://example.com/featured_image.png", + "socialImage": "https://example.com/social_image.png", + "description": "The main description of your release", + "timestamp": "2021-09-17T00:51:18+00:00", + "aliases": [ + "Project Orion" + ], + "tags": [ + "CMS", + "SEO", + "wysiwyg" + ], + "resolves": [ + { + "type": "enhancement", + "id": "JIRA-17240", + "description": "Great new feature that does something", + "source": { + "name": "Acme Org", + "url": "https://issues.example.com/17240" + } + }, + { + "type": "security", + "id": "CVE-2019-9997", + "name": "CVE-2019-9997", + "description": "Great new feature that does something", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9997" + }, + "references": [ + "http://some/other/site-1", + "http://some/other/site-2" + ] + } + ], + "notes": [ + { + "locale": "en-US", + "text": { + "contentType": "text/html", + "encoding": "base64", + "content": "PGgxPk15IG5ldyByZWxlYXNlPGgxPgo8cD5SZWxlYXNlIG5vdGVzIGhlcmU8L3A+" + } + }, + { + "locale": "es", + "text": { + "contentType": "text/html", + "encoding": "base64", + "content": "PGgxPk15IG5ldyByZWxlYXNlPGgxPgo8cD5Ob3RhcyBkZSBsYSB2ZXJzacOzbiBhcXXDrTwvcD4=" + } + } + ] + } + } + ] +} diff --git a/src/test/resources/1.5/valid-release-notes-1.5.textproto b/src/test/resources/1.5/valid-release-notes-1.5.textproto new file mode 100644 index 000000000..0c6c0d40e --- /dev/null +++ b/src/test/resources/1.5/valid-release-notes-1.5.textproto @@ -0,0 +1,117 @@ +spec_version: "1.5" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +components { + type: CLASSIFICATION_LIBRARY + name: "acme-example" + version: "1.0.0" + releaseNotes: { + type: "major" + title: "My new release" + featuredImage: "https://example.com/featured_image.png" + socialImage: "https://example.com/social_image.png" + description: "The main description of your release" + aliases: "Project Orion" + tags: "CMS" + tags: "SEO" + tags: "wysiwyg" + resolves { + type: ISSUE_CLASSIFICATION_ENHANCEMENT + id: "JIRA-17240" + description: "Great new feature that does something" + source { + name: "Acme Org" + url: "https://issues.acme.org/17240" + } + } + resolves { + type: ISSUE_CLASSIFICATION_SECURITY + id: "CVE-2019-9997" + name: "CVE-2019-9997" + description: "Great new feature that does something" + source { + name: "NVD" + url: "https://nvd.nist.gov/vuln/detail/CVE-2019-9997" + } + } + } +} +services { + bom_ref: "b2a46a4b-8367-4bae-9820-95557cfe03a8" + provider { + name: "Partner Org" + url: "https://partner.org" + contact { + name: "Support" + email: "support@partner" + phone: "800-555-1212" + } + } + group: "org.partner" + name: "Stock ticker service" + version: "2020-Q2" + description: "Provides real-time stock information" + endpoints: "https://partner.org/api/v1/lookup" + endpoints: "https://partner.org/api/v1/stock" + authenticated: true + x_trust_boundary: true + data { + flow: DATA_FLOW_INBOUND + value: "PII" + } + data { + flow: DATA_FLOW_OUTBOUND + value: "PIFI" + } + data { + flow: DATA_FLOW_BI_DIRECTIONAL + value: "public" + } + data { + flow: DATA_FLOW_UNKNOWN + value: "partner-data" + } + licenses { + license { + name: "Partner license" + } + } + external_references { + type: EXTERNAL_REFERENCE_TYPE_WEBSITE + url: "http://partner.org" + } + external_references { + type: EXTERNAL_REFERENCE_TYPE_DOCUMENTATION + url: "http://api.partner.org/swagger" + } + releaseNotes: { + type: RELEASE_TYPE_MAJOR + title: "My new release" + featuredImage: "https://example.com/featured_image.png" + socialImage: "https://example.com/social_image.png" + description: "The main description of your release" + aliases: "Project Orion" + tags: "CMS" + tags: "SEO" + tags: "wysiwyg" + resolves { + type: ISSUE_CLASSIFICATION_ENHANCEMENT + id: "JIRA-17240" + description: "Great new feature that does something" + source { + name: "Acme Org" + url: "https://issues.acme.org/17240" + } + } + resolves { + type: ISSUE_CLASSIFICATION_SECURITY + id: "CVE-2019-9997" + name: "CVE-2019-9997" + description: "Great new feature that does something" + source { + name: "NVD" + url: "https://nvd.nist.gov/vuln/detail/CVE-2019-9997" + } + } + } +} diff --git a/src/test/resources/1.5/valid-release-notes-1.5.xml b/src/test/resources/1.5/valid-release-notes-1.5.xml new file mode 100644 index 000000000..490969e38 --- /dev/null +++ b/src/test/resources/1.5/valid-release-notes-1.5.xml @@ -0,0 +1,149 @@ + + + + + acme-example + 1.0.0 + + major + My new release + https://example.com/featured_image.png + https://example.com/social_image.png + The main description of your release + 2021-09-17T00:51:18+00:00 + + Project Orion + + + CMS + SEO + wysiwyg + + + + JIRA-17240 + Great new feature that does something + + Acme Org + https://issues.example.com/17240 + + + + CVE-2019-9997 + CVE-2019-9997 + A security issue was fixed that did something bad + + NVD + https://nvd.nist.gov/vuln/detail/CVE-2019-9997 + + + http://some/other/site-1 + http://some/other/site-2 + + + + + + en-US + PGgxPk15IG5ldyByZWxlYXNlPGgxPgo8cD5SZWxlYXNlIG5vdGVzIGhlcmU8L3A+ + + + es + PGgxPk15IG5ldyByZWxlYXNlPGgxPgo8cD5Ob3RhcyBkZSBsYSB2ZXJzacOzbiBhcXXDrTwvcD4= + + + + + + + + + Partner Org + https://partner.org + + Support + support@partner + 800-555-1212 + + + org.partner + Stock ticker service + 2020-Q2 + Provides real-time stock information + + https://partner.org/api/v1/lookup + https://partner.org/api/v1/stock + + true + true + + PII + PIFI + pubic + partner-data + + + + Partner license + + + + + http://partner.org + + + http://api.partner.org/swagger + + + + major + My new release + https://example.com/featured_image.png + https://example.com/social_image.png + The main description of your release + 2021-09-17T00:51:18+00:00 + + Project Orion + + + CMS + SEO + wysiwyg + + + + JIRA-17240 + Great new feature that does something + + Acme Org + https://issues.example.com/17240 + + + + CVE-2019-9997 + CVE-2019-9997 + A security issue was fixed that did something bad + + NVD + https://nvd.nist.gov/vuln/detail/CVE-2019-9997 + + + http://some/other/site-1 + http://some/other/site-2 + + + + + + en-US + PGgxPk15IG5ldyByZWxlYXNlPGgxPgo8cD5SZWxlYXNlIG5vdGVzIGhlcmU8L3A+ + + + es + PGgxPk15IG5ldyByZWxlYXNlPGgxPgo8cD5Ob3RhcyBkZSBsYSB2ZXJzacOzbiBhcXXDrTwvcD4= + + + + + + diff --git a/src/test/resources/1.5/valid-service-1.5.json b/src/test/resources/1.5/valid-service-1.5.json new file mode 100644 index 000000000..11dd19a7a --- /dev/null +++ b/src/test/resources/1.5/valid-service-1.5.json @@ -0,0 +1,101 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "bom-ref": "pkg:npm/acme/component@1.0.0", + "type": "library", + "publisher": "Acme Inc", + "group": "com.acme", + "name": "stock-java-client", + "version": "1.0.12", + "hashes": [ + { + "alg": "SHA-1", + "content": "e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.acme/stock-java-client@1.0.12" + } + ], + "services": [ + { + "bom-ref": "b2a46a4b-8367-4bae-9820-95557cfe03a8", + "provider": { + "name": "Partner Org", + "url": [ + "https://partner.org" + ], + "contact": [ + { + "name": "Support", + "email": "support@partner", + "phone": "800-555-1212" + } + ] + }, + "group": "org.partner", + "name": "Stock ticker service", + "version": "2020-Q2", + "description": "Provides real-time stock information", + "endpoints": [ + "https://partner.org/api/v1/lookup", + "https://partner.org/api/v1/stock" + ], + "authenticated": true, + "x-trust-boundary": true, + "data": [ + { + "classification": "PII", + "flow": "inbound" + }, + { + "classification": "PIFI", + "flow": "outbound" + }, + { + "classification": "pubic", + "flow": "bi-directional" + }, + { + "classification": "partner-data", + "flow": "unknown" + } + ], + "licenses": [ + { + "license": { + "name": "Partner license" + } + } + ], + "externalReferences": [ + { + "type": "website", + "url": "http://partner.org" + }, + { + "type": "documentation", + "url": "http://api.partner.org/swagger" + } + ] + } + ], + "dependencies": [ + { + "ref": "pkg:maven/com.acme/stock-java-client@1.0.12", + "dependsOn": [ + "b2a46a4b-8367-4bae-9820-95557cfe03a8" + ] + } + ] +} diff --git a/src/test/resources/1.5/valid-service-1.5.textproto b/src/test/resources/1.5/valid-service-1.5.textproto new file mode 100644 index 000000000..ab0c1c7b8 --- /dev/null +++ b/src/test/resources/1.5/valid-service-1.5.textproto @@ -0,0 +1,76 @@ +spec_version: "1.5" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +components { + type: CLASSIFICATION_LIBRARY + bom_ref: "pkg:npm/acme/component@1.0.0" + publisher: "Acme Inc" + group: "com.acme" + name: "stock-java-client" + version: "1.0.12" + hashes { + alg: HASH_ALG_SHA_1 + value: "e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a" + } + licenses { + license { + id: "Apache-2.0" + } + } + purl: "pkg:maven/com.acme/stock-java-client@1.0.12" +} +services { + bom_ref: "b2a46a4b-8367-4bae-9820-95557cfe03a8" + provider { + name: "Partner Org" + url: "https://partner.org" + contact { + name: "Support" + email: "support@partner" + phone: "800-555-1212" + } + } + group: "org.partner" + name: "Stock ticker service" + version: "2020-Q2" + description: "Provides real-time stock information" + endpoints: "https://partner.org/api/v1/lookup" + endpoints: "https://partner.org/api/v1/stock" + authenticated: true + x_trust_boundary: true + data { + flow: DATA_FLOW_INBOUND + value: "PII" + } + data { + flow: DATA_FLOW_OUTBOUND + value: "PIFI" + } + data { + flow: DATA_FLOW_BI_DIRECTIONAL + value: "public" + } + data { + flow: DATA_FLOW_UNKNOWN + value: "partner-data" + } + licenses { + license { + name: "Partner license" + } + } + external_references { + type: EXTERNAL_REFERENCE_TYPE_WEBSITE + url: "http://partner.org" + } + external_references { + type: EXTERNAL_REFERENCE_TYPE_DOCUMENTATION + url: "http://api.partner.org/swagger" + } +} +dependencies { + ref: "pkg:maven/com.acme/stock-java-client@1.0.12" + dependencies { + ref: "b2a46a4b-8367-4bae-9820-95557cfe03a8" + } +} diff --git a/src/test/resources/1.5/valid-service-1.5.xml b/src/test/resources/1.5/valid-service-1.5.xml new file mode 100644 index 000000000..03bc664df --- /dev/null +++ b/src/test/resources/1.5/valid-service-1.5.xml @@ -0,0 +1,66 @@ + + + + + com.acme + stock-java-client + 1.0.12 + + e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a + + + + Apache-2.0 + + + pkg:maven/com.acme/stock-java-client@1.0.12 + + + + + + Partner Org + https://partner.org + + Support + support@partner + 800-555-1212 + + + org.partner + Stock ticker service + 2020-Q2 + Provides real-time stock information + + https://partner.org/api/v1/lookup + https://partner.org/api/v1/stock + + true + true + + PII + PIFI + pubic + partner-data + + + + Partner license + + + + + http://partner.org + + + http://api.partner.org/swagger + + + + + + + + + + diff --git a/src/test/resources/1.5/valid-service-empty-objects-1.5.json b/src/test/resources/1.5/valid-service-empty-objects-1.5.json new file mode 100644 index 000000000..14b70f4e4 --- /dev/null +++ b/src/test/resources/1.5/valid-service-empty-objects-1.5.json @@ -0,0 +1,22 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "services": [ + { + "bom-ref": "b2a46a4b-8367-4bae-9820-95557cfe03a8", + "provider": { + "contact": [ + ] + }, + "name": "Stock ticker service", + "endpoints": [ + ], + "data": [ + ], + "externalReferences": [ + ] + } + ] +} diff --git a/src/test/resources/1.5/valid-service-empty-objects-1.5.textproto b/src/test/resources/1.5/valid-service-empty-objects-1.5.textproto new file mode 100644 index 000000000..3cbacc90b --- /dev/null +++ b/src/test/resources/1.5/valid-service-empty-objects-1.5.textproto @@ -0,0 +1,9 @@ +spec_version: "1.5" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +services { + bom_ref: "b2a46a4b-8367-4bae-9820-95557cfe03a8" + provider { + } + name: "Stock ticker service" +} diff --git a/src/test/resources/1.5/valid-service-empty-objects-1.5.xml b/src/test/resources/1.5/valid-service-empty-objects-1.5.xml new file mode 100644 index 000000000..59f6f5f68 --- /dev/null +++ b/src/test/resources/1.5/valid-service-empty-objects-1.5.xml @@ -0,0 +1,16 @@ + + + + + + + Stock ticker service + + + + + + + + + diff --git a/src/test/resources/1.5/valid-signatures-1.5.json b/src/test/resources/1.5/valid-signatures-1.5.json new file mode 100644 index 000000000..e439dc16b --- /dev/null +++ b/src/test/resources/1.5/valid-signatures-1.5.json @@ -0,0 +1,78 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "bom-ref": "5366293e-0740-4dcf-b1d0-0c1fc26e4981", + "type": "application", + "name": "amce app", + "version": "1.0", + "signature": { + "algorithm": "ES256", + "certificatePath": [ + "MIIB-TCCAVigAwIBAgIGAWFcc4YkMAwGCCqGSM49BAMEBQAwLTELMAkGA1UEBhMCRVUxHjAcBgNVBAMTFVRydXN0IE5ldHdvcmsgU3ViIENBMzAeFw0xODAxMDEwMDAwMDBaFw0yMjEyMzEyMzU5NTlaMDIxCzAJBgNVBAYTAkZSMQ0wCwYDVQQFEwQ0NTAxMRQwEgYDVQQDEwtleGFtcGxlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABHHp7A83DBJIInj8-g1we3A7sBXprIQBUfdFDVUBQoPExq8rze6ewG0-eVcSF72J77gKiD0IHnzpwHaU7t6nVeajXTBbMAkGA1UdEwQCMAAwDgYDVR0PAQH_BAQDAgP4MB0GA1UdDgQWBBQQyJ9rXSIskoUuA946von62LoxqzAfBgNVHSMEGDAWgBTUWrS54qC2NgG3UK6rVAr0gbQ0MTAMBggqhkjOPQQDBAUAA4GMADCBiAJCAaWoVQ0r6jFjhO5e0WJTgyMmA8BhpO1t7gXQ6xoKGso9jCOYf9OG9BFfZoVmdIyfYiwkhy1ld27tiOJ5X4m6WasRAkIBpEkUDf8irbSZ1V7zXALaR2mJTjKQV_5jRHsiBQWA-5DxEa-x_zJVRz8tpp-jjT2tSCU82bwUOBLu6te1YIDpWCA", + "MIIDsTCCAZmgAwIBAgIBAzANBgkqhkiG9w0BAQ0FADAuMQswCQYDVQQGEwJVUzEfMB0GA1UEAxMWVHJ1c3QgTmV0d29yayBSb290IENBMTAeFw0xNjA3MTAxMDAwMDBaFw0yNTA3MTAwOTU5NTlaMC0xCzAJBgNVBAYTAkVVMR4wHAYDVQQDExVUcnVzdCBOZXR3b3JrIFN1YiBDQTMwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABAGJzPZsjniwyZeXrgrlQM3Y13r3znR8FSQpKbC2bplrOWySQJPGm-GFObe5Dk4t3Jrtk_Pbs8-3VW_4q5drL0YqYwBYNJPhqjbSM6SGHrc6wNdPZRw_WnJVa0ELXKICC73lkjskWPfE-cLpZ3sTq1ovEmoNjgaySVRUH1wFDdkqyReJaKNjMGEwDwYDVR0TAQH_BAUwAwEB_zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFNRatLnioLY2AbdQrqtUCvSBtDQxMB8GA1UdIwQYMBaAFEkmC1HDAh0fXehpiUhUGE868Hk2MA0GCSqGSIb3DQEBDQUAA4ICAQAs2KADYyGQCVy8tJZWakNtGdww4OumZpBuR66p_2xK7veRubQEhG-nJn7oVkJ4w5pEec3sYQEqtPbHyZcEKEYbOJ2cVf1nMH-DvFZ6ypQocGRp3WSWsTzL3SgqiWrQdPX1Y5dO6Hvx7p9ST9H2WgkxB-Q75Jov1gVF3bScAbxb7Mw7tf5z3Cvqmfo0Gatkgzz6-jDPrtUK7AAAOw3C0kHMbE3EnNarsfhBkUerE8QVmHIvz373mWt0SnguaHq0A9ZuSia_pF7bgfVRZi2ZzIzpu2O276sB2Yji9tcSn5l21jq63rXtvY_DLAi4kaLyf9sHT_tkH-gkTdkdkfQq8sA5ysRW21wPQbmjTIVwsfY4JjajVIUitjPbkUJqURpf2VD0JXdYQHS6KVPWqHWTlKPlsKbhw4ghuLqCMYda88L9rxWnSC5L8s0DJSuBBm-nq23NtHl5FbCzeXWcKRayIgimT-An1WIOeJP4F7-BctYLIooKoQzJZR1tOWvprUs22_xAivVBz7J_LmJyVlKesB2ic8qYdt7YVoCsWrnEUgoNoJPwLHeva8KPvd0gLXrwaMyTCCjeoemXFj6nCbbMHJeVffh6jYBAzlbcAEvTiZcdzrVVr54kOtWskyaeDnAcMXW4Of1vWdUJ2as5nyfletfTp4E6A9P2dZ5g7nMoL90yIw" + ], + "value": "tqITqIm0gUMWXIjqDgwqzqPw1CwTUKRewZQ5YpX3VwFMWV68NJgX4npU91cSwSC-MRlx1QfOYwSQkeU26VpXSg" + } + } + ], + "services": [ + { + "bom-ref": "ee10d0a2-baba-4656-a5ac-d49e172a0d3d", + "group": "org.partner", + "name": "Stock ticker service", + "version": "2020-Q2", + "endpoints": [ + "https://partner.org/api/v1/lookup", + "https://partner.org/api/v1/stock" + ], + "authenticated": true, + "x-trust-boundary": true, + "data": [ + { + "classification": "PII", + "flow": "inbound" + } + ], + "signature": { + "algorithm": "ES256", + "certificatePath": [ + "MIIB-TCCAVigAwIBAgIGAWFcc4YkMAwGCCqGSM49BAMEBQAwLTELMAkGA1UEBhMCRVUxHjAcBgNVBAMTFVRydXN0IE5ldHdvcmsgU3ViIENBMzAeFw0xODAxMDEwMDAwMDBaFw0yMjEyMzEyMzU5NTlaMDIxCzAJBgNVBAYTAkZSMQ0wCwYDVQQFEwQ0NTAxMRQwEgYDVQQDEwtleGFtcGxlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABHHp7A83DBJIInj8-g1we3A7sBXprIQBUfdFDVUBQoPExq8rze6ewG0-eVcSF72J77gKiD0IHnzpwHaU7t6nVeajXTBbMAkGA1UdEwQCMAAwDgYDVR0PAQH_BAQDAgP4MB0GA1UdDgQWBBQQyJ9rXSIskoUuA946von62LoxqzAfBgNVHSMEGDAWgBTUWrS54qC2NgG3UK6rVAr0gbQ0MTAMBggqhkjOPQQDBAUAA4GMADCBiAJCAaWoVQ0r6jFjhO5e0WJTgyMmA8BhpO1t7gXQ6xoKGso9jCOYf9OG9BFfZoVmdIyfYiwkhy1ld27tiOJ5X4m6WasRAkIBpEkUDf8irbSZ1V7zXALaR2mJTjKQV_5jRHsiBQWA-5DxEa-x_zJVRz8tpp-jjT2tSCU82bwUOBLu6te1YIDpWCA", + "MIIDsTCCAZmgAwIBAgIBAzANBgkqhkiG9w0BAQ0FADAuMQswCQYDVQQGEwJVUzEfMB0GA1UEAxMWVHJ1c3QgTmV0d29yayBSb290IENBMTAeFw0xNjA3MTAxMDAwMDBaFw0yNTA3MTAwOTU5NTlaMC0xCzAJBgNVBAYTAkVVMR4wHAYDVQQDExVUcnVzdCBOZXR3b3JrIFN1YiBDQTMwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABAGJzPZsjniwyZeXrgrlQM3Y13r3znR8FSQpKbC2bplrOWySQJPGm-GFObe5Dk4t3Jrtk_Pbs8-3VW_4q5drL0YqYwBYNJPhqjbSM6SGHrc6wNdPZRw_WnJVa0ELXKICC73lkjskWPfE-cLpZ3sTq1ovEmoNjgaySVRUH1wFDdkqyReJaKNjMGEwDwYDVR0TAQH_BAUwAwEB_zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFNRatLnioLY2AbdQrqtUCvSBtDQxMB8GA1UdIwQYMBaAFEkmC1HDAh0fXehpiUhUGE868Hk2MA0GCSqGSIb3DQEBDQUAA4ICAQAs2KADYyGQCVy8tJZWakNtGdww4OumZpBuR66p_2xK7veRubQEhG-nJn7oVkJ4w5pEec3sYQEqtPbHyZcEKEYbOJ2cVf1nMH-DvFZ6ypQocGRp3WSWsTzL3SgqiWrQdPX1Y5dO6Hvx7p9ST9H2WgkxB-Q75Jov1gVF3bScAbxb7Mw7tf5z3Cvqmfo0Gatkgzz6-jDPrtUK7AAAOw3C0kHMbE3EnNarsfhBkUerE8QVmHIvz373mWt0SnguaHq0A9ZuSia_pF7bgfVRZi2ZzIzpu2O276sB2Yji9tcSn5l21jq63rXtvY_DLAi4kaLyf9sHT_tkH-gkTdkdkfQq8sA5ysRW21wPQbmjTIVwsfY4JjajVIUitjPbkUJqURpf2VD0JXdYQHS6KVPWqHWTlKPlsKbhw4ghuLqCMYda88L9rxWnSC5L8s0DJSuBBm-nq23NtHl5FbCzeXWcKRayIgimT-An1WIOeJP4F7-BctYLIooKoQzJZR1tOWvprUs22_xAivVBz7J_LmJyVlKesB2ic8qYdt7YVoCsWrnEUgoNoJPwLHeva8KPvd0gLXrwaMyTCCjeoemXFj6nCbbMHJeVffh6jYBAzlbcAEvTiZcdzrVVr54kOtWskyaeDnAcMXW4Of1vWdUJ2as5nyfletfTp4E6A9P2dZ5g7nMoL90yIw" + ], + "value": "6A77T3RBTAuVpZOgFFFfOvGOQ1hqMbfSQ91VucRM1RIP6QqX9kEF1Pi1_vCl37qpVzK51kIyppgUF_i9s999XA" + } + } + ], + "compositions": [ + { + "aggregate": "complete", + "assemblies": [ + "5366293e-0740-4dcf-b1d0-0c1fc26e4981", + "ee10d0a2-baba-4656-a5ac-d49e172a0d3d" + ], + "dependencies": [ + "5366293e-0740-4dcf-b1d0-0c1fc26e4981" + ], + "signature": { + "algorithm": "ES256", + "certificatePath": [ + "MIIB-TCCAVigAwIBAgIGAWFcc4YkMAwGCCqGSM49BAMEBQAwLTELMAkGA1UEBhMCRVUxHjAcBgNVBAMTFVRydXN0IE5ldHdvcmsgU3ViIENBMzAeFw0xODAxMDEwMDAwMDBaFw0yMjEyMzEyMzU5NTlaMDIxCzAJBgNVBAYTAkZSMQ0wCwYDVQQFEwQ0NTAxMRQwEgYDVQQDEwtleGFtcGxlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABHHp7A83DBJIInj8-g1we3A7sBXprIQBUfdFDVUBQoPExq8rze6ewG0-eVcSF72J77gKiD0IHnzpwHaU7t6nVeajXTBbMAkGA1UdEwQCMAAwDgYDVR0PAQH_BAQDAgP4MB0GA1UdDgQWBBQQyJ9rXSIskoUuA946von62LoxqzAfBgNVHSMEGDAWgBTUWrS54qC2NgG3UK6rVAr0gbQ0MTAMBggqhkjOPQQDBAUAA4GMADCBiAJCAaWoVQ0r6jFjhO5e0WJTgyMmA8BhpO1t7gXQ6xoKGso9jCOYf9OG9BFfZoVmdIyfYiwkhy1ld27tiOJ5X4m6WasRAkIBpEkUDf8irbSZ1V7zXALaR2mJTjKQV_5jRHsiBQWA-5DxEa-x_zJVRz8tpp-jjT2tSCU82bwUOBLu6te1YIDpWCA", + "MIIDsTCCAZmgAwIBAgIBAzANBgkqhkiG9w0BAQ0FADAuMQswCQYDVQQGEwJVUzEfMB0GA1UEAxMWVHJ1c3QgTmV0d29yayBSb290IENBMTAeFw0xNjA3MTAxMDAwMDBaFw0yNTA3MTAwOTU5NTlaMC0xCzAJBgNVBAYTAkVVMR4wHAYDVQQDExVUcnVzdCBOZXR3b3JrIFN1YiBDQTMwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABAGJzPZsjniwyZeXrgrlQM3Y13r3znR8FSQpKbC2bplrOWySQJPGm-GFObe5Dk4t3Jrtk_Pbs8-3VW_4q5drL0YqYwBYNJPhqjbSM6SGHrc6wNdPZRw_WnJVa0ELXKICC73lkjskWPfE-cLpZ3sTq1ovEmoNjgaySVRUH1wFDdkqyReJaKNjMGEwDwYDVR0TAQH_BAUwAwEB_zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFNRatLnioLY2AbdQrqtUCvSBtDQxMB8GA1UdIwQYMBaAFEkmC1HDAh0fXehpiUhUGE868Hk2MA0GCSqGSIb3DQEBDQUAA4ICAQAs2KADYyGQCVy8tJZWakNtGdww4OumZpBuR66p_2xK7veRubQEhG-nJn7oVkJ4w5pEec3sYQEqtPbHyZcEKEYbOJ2cVf1nMH-DvFZ6ypQocGRp3WSWsTzL3SgqiWrQdPX1Y5dO6Hvx7p9ST9H2WgkxB-Q75Jov1gVF3bScAbxb7Mw7tf5z3Cvqmfo0Gatkgzz6-jDPrtUK7AAAOw3C0kHMbE3EnNarsfhBkUerE8QVmHIvz373mWt0SnguaHq0A9ZuSia_pF7bgfVRZi2ZzIzpu2O276sB2Yji9tcSn5l21jq63rXtvY_DLAi4kaLyf9sHT_tkH-gkTdkdkfQq8sA5ysRW21wPQbmjTIVwsfY4JjajVIUitjPbkUJqURpf2VD0JXdYQHS6KVPWqHWTlKPlsKbhw4ghuLqCMYda88L9rxWnSC5L8s0DJSuBBm-nq23NtHl5FbCzeXWcKRayIgimT-An1WIOeJP4F7-BctYLIooKoQzJZR1tOWvprUs22_xAivVBz7J_LmJyVlKesB2ic8qYdt7YVoCsWrnEUgoNoJPwLHeva8KPvd0gLXrwaMyTCCjeoemXFj6nCbbMHJeVffh6jYBAzlbcAEvTiZcdzrVVr54kOtWskyaeDnAcMXW4Of1vWdUJ2as5nyfletfTp4E6A9P2dZ5g7nMoL90yIw" + ], + "value": "lm6wx-elyBTbNMKNF8riooZhvrm6f5j8JpvgP9JtVv50dd7sXQLH7PqJcn9fmKV8eoF8cszPllEsQQhEQOM4hA" + } + } + ], + "signature": { + "algorithm": "ES256", + "certificatePath": [ + "MIIB-TCCAVigAwIBAgIGAWFcc4YkMAwGCCqGSM49BAMEBQAwLTELMAkGA1UEBhMCRVUxHjAcBgNVBAMTFVRydXN0IE5ldHdvcmsgU3ViIENBMzAeFw0xODAxMDEwMDAwMDBaFw0yMjEyMzEyMzU5NTlaMDIxCzAJBgNVBAYTAkZSMQ0wCwYDVQQFEwQ0NTAxMRQwEgYDVQQDEwtleGFtcGxlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABHHp7A83DBJIInj8-g1we3A7sBXprIQBUfdFDVUBQoPExq8rze6ewG0-eVcSF72J77gKiD0IHnzpwHaU7t6nVeajXTBbMAkGA1UdEwQCMAAwDgYDVR0PAQH_BAQDAgP4MB0GA1UdDgQWBBQQyJ9rXSIskoUuA946von62LoxqzAfBgNVHSMEGDAWgBTUWrS54qC2NgG3UK6rVAr0gbQ0MTAMBggqhkjOPQQDBAUAA4GMADCBiAJCAaWoVQ0r6jFjhO5e0WJTgyMmA8BhpO1t7gXQ6xoKGso9jCOYf9OG9BFfZoVmdIyfYiwkhy1ld27tiOJ5X4m6WasRAkIBpEkUDf8irbSZ1V7zXALaR2mJTjKQV_5jRHsiBQWA-5DxEa-x_zJVRz8tpp-jjT2tSCU82bwUOBLu6te1YIDpWCA", + "MIIDsTCCAZmgAwIBAgIBAzANBgkqhkiG9w0BAQ0FADAuMQswCQYDVQQGEwJVUzEfMB0GA1UEAxMWVHJ1c3QgTmV0d29yayBSb290IENBMTAeFw0xNjA3MTAxMDAwMDBaFw0yNTA3MTAwOTU5NTlaMC0xCzAJBgNVBAYTAkVVMR4wHAYDVQQDExVUcnVzdCBOZXR3b3JrIFN1YiBDQTMwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABAGJzPZsjniwyZeXrgrlQM3Y13r3znR8FSQpKbC2bplrOWySQJPGm-GFObe5Dk4t3Jrtk_Pbs8-3VW_4q5drL0YqYwBYNJPhqjbSM6SGHrc6wNdPZRw_WnJVa0ELXKICC73lkjskWPfE-cLpZ3sTq1ovEmoNjgaySVRUH1wFDdkqyReJaKNjMGEwDwYDVR0TAQH_BAUwAwEB_zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFNRatLnioLY2AbdQrqtUCvSBtDQxMB8GA1UdIwQYMBaAFEkmC1HDAh0fXehpiUhUGE868Hk2MA0GCSqGSIb3DQEBDQUAA4ICAQAs2KADYyGQCVy8tJZWakNtGdww4OumZpBuR66p_2xK7veRubQEhG-nJn7oVkJ4w5pEec3sYQEqtPbHyZcEKEYbOJ2cVf1nMH-DvFZ6ypQocGRp3WSWsTzL3SgqiWrQdPX1Y5dO6Hvx7p9ST9H2WgkxB-Q75Jov1gVF3bScAbxb7Mw7tf5z3Cvqmfo0Gatkgzz6-jDPrtUK7AAAOw3C0kHMbE3EnNarsfhBkUerE8QVmHIvz373mWt0SnguaHq0A9ZuSia_pF7bgfVRZi2ZzIzpu2O276sB2Yji9tcSn5l21jq63rXtvY_DLAi4kaLyf9sHT_tkH-gkTdkdkfQq8sA5ysRW21wPQbmjTIVwsfY4JjajVIUitjPbkUJqURpf2VD0JXdYQHS6KVPWqHWTlKPlsKbhw4ghuLqCMYda88L9rxWnSC5L8s0DJSuBBm-nq23NtHl5FbCzeXWcKRayIgimT-An1WIOeJP4F7-BctYLIooKoQzJZR1tOWvprUs22_xAivVBz7J_LmJyVlKesB2ic8qYdt7YVoCsWrnEUgoNoJPwLHeva8KPvd0gLXrwaMyTCCjeoemXFj6nCbbMHJeVffh6jYBAzlbcAEvTiZcdzrVVr54kOtWskyaeDnAcMXW4Of1vWdUJ2as5nyfletfTp4E6A9P2dZ5g7nMoL90yIw" + ], + "value": "m4pMbQQVV61TlP4Og7a75SeY8lh00LkkUDXZ4PIhXsR512MPRgZmusFYorJlYq9wM3P9n9gM3T8BTg9XdFdQkQ" + } +} diff --git a/src/test/resources/1.5/valid-vulnerability-1.5.json b/src/test/resources/1.5/valid-vulnerability-1.5.json new file mode 100644 index 000000000..112a08399 --- /dev/null +++ b/src/test/resources/1.5/valid-vulnerability-1.5.json @@ -0,0 +1,140 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "bom-ref": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4", + "type": "library", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.4", + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4" + } + ], + "vulnerabilities": [ + { + "bom-ref": "6eee14da-8f42-4cc4-bb65-203235f02415", + "id": "SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111", + "source": { + "name": "Snyk", + "url": "https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111" + }, + "references": [ + { + "id": "CVE-2018-7489", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9997" + } + } + ], + "ratings": [ + { + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&version=3.0" + }, + "score": 9.8, + "severity": "critical", + "method": "CVSSv3", + "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "justification": "An optional reason for rating the vulnerability as it was" + } + ], + "cwes": [ + 184, + 502 + ], + "description": "FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath.", + "detail": "", + "recommendation": "Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.6.7.5, 2.8.11.1, 2.9.5 or higher.", + "advisories": [ + { + "title": "GitHub Commit", + "url": "https://github.com/FasterXML/jackson-databind/commit/6799f8f10cc78e9af6d443ed6982d00a13f2e7d2" + }, + { + "title": "GitHub Issue", + "url": "https://github.com/FasterXML/jackson-databind/issues/1931" + } + ], + "created": "2021-01-01T00:00:00.000Z", + "published": "2021-01-01T00:00:00.000Z", + "updated": "2021-01-01T00:00:00.000Z", + "credits": { + "organizations": [ + { + "name": "Acme, Inc.", + "url": [ + "https://example.com" + ] + } + ], + "individuals": [ + { + "name": "Jane Doe", + "email": "jane.doe@example.com" + } + ] + }, + "tools": [ + { + "vendor": "Snyk", + "name": "Snyk CLI (Linux)", + "version": "1.729.0", + "hashes": [ + { + "alg": "SHA-256", + "content": "2eaf8c62831a1658c95d41fdc683cd177c147733c64a93e59cb2362829e45b7d" + } + ] + } + ], + "analysis": { + "state": "not_affected", + "justification": "code_not_reachable", + "response": ["will_not_fix", "update"], + "detail": "An optional explanation of why the application is not affected by the vulnerable component." + }, + "affects": [ + { + "ref": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4", + "versions": [ + { + "range": "vers:semver/<2.6.7.5", + "status": "affected" + }, + { + "range": "vers:semver/2.7.0|<2.8.11.1", + "status": "affected" + }, + { + "range": "vers:semver/2.9.0|<2.9.5", + "status": "affected" + } + ] + } + ], + "properties": [ + { + "name": "Foo", + "value": "Bar" + }, + { + "name": "Foo", + "value": "You" + }, + { + "name": "Foo", + "value": "Two" + }, + { + "name": "Bar", + "value": "Foo" + } + ] + } + ] +} diff --git a/src/test/resources/1.5/valid-vulnerability-1.5.textproto b/src/test/resources/1.5/valid-vulnerability-1.5.textproto new file mode 100644 index 000000000..4cecc1285 --- /dev/null +++ b/src/test/resources/1.5/valid-vulnerability-1.5.textproto @@ -0,0 +1,119 @@ +spec_version: "1.5" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +components { + type: CLASSIFICATION_LIBRARY + bom_ref: "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4" + group: "com.fasterxml.jackson.core" + name: "jackson-databind" + version: "2.9.4" + purl: "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4" +} +vulnerabilities { + bom_ref: "6eee14da-8f42-4cc4-bb65-203235f02415" + id: "SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111" + source: { + name: "Snyk" + url: "https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111" + } + references: { + id: "CVE-2018-7489" + source: { + name: "NVD", + url: "https://nvd.nist.gov/vuln/detail/CVE-2019-9997" + } + } + ratings: { + source: { + name: "NVD" + url: "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&version=3.0" + } + score: 9.8 + severity: SEVERITY_CRITICAL + method: SCORE_METHOD_CVSSV3 + vector: "AN/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + justification: "An optional reason for rating the vulnerability as it was" + } + cwes: 184 + cwes: 502 + description: "FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath." + detail: "" + recommendation: "Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.6.7.5, 2.8.11.1, 2.9.5 or higher." + advisories: { + title: "GitHub Commit" + url: "https://github.com/FasterXML/jackson-databind/commit/6799f8f10cc78e9af6d443ed6982d00a13f2e7d2" + } + advisories: { + title: "GitHub Issue" + url: "https://github.com/FasterXML/jackson-databind/issues/1931" + } + created: { + seconds: 3173618478 + nanos: 3 + } + published: { + seconds: 3173618478 + nanos: 3 + } + updated: { + seconds: 3173618478 + nanos: 3 + } + credits: { + organizations: { + name: "Acme, Inc." + url: "https://example.com" + } + individuals: { + name: "Jane Doe" + email: "jane.doe@example.com" + } + } + tools: { + vendor: "Snyk" + name: "Snyk CLI (Linux)" + version: "1.729.0" + hashes: { + alg: HASH_ALG_SHA_256 + value: "2eaf8c62831a1658c95d41fdc683cd177c147733c64a93e59cb2362829e45b7d" + } + } + analysis: { + state: IMPACT_ANALYSIS_STATE_NOT_AFFECTED + justification: IMPACT_ANALYSIS_JUSTIFICATION_CODE_NOT_REACHABLE + response: VULNERABILITY_RESPONSE_WILL_NOT_FIX + response: VULNERABILITY_RESPONSE_UPDATE + detail: "An optional explanation of why the application is not affected by the vulnerable component." + } + affects: { + ref: "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4" + versions: { + range: "vers:semver/<2.6.7.5" + status: VULNERABILITY_AFFECTED_STATUS_AFFECTED + } + versions: { + range: "vers:semver/2.7.0|<2.8.11.1" + status: VULNERABILITY_AFFECTED_STATUS_AFFECTED + } + versions: { + range: "vers:semver/2.9.0|<2.9.5" + status: VULNERABILITY_AFFECTED_STATUS_AFFECTED + } + } + properties { + name: "Foo" + value: "Bar" + } + properties { + name: "Foo" + value: "You" + } + properties { + name: "Foo" + value: "Two" + } + properties { + name: "Bar" + value: "Foo" + } +} diff --git a/src/test/resources/1.5/valid-vulnerability-1.5.xml b/src/test/resources/1.5/valid-vulnerability-1.5.xml new file mode 100644 index 000000000..332890004 --- /dev/null +++ b/src/test/resources/1.5/valid-vulnerability-1.5.xml @@ -0,0 +1,127 @@ + + + + + com.fasterxml.jackson.core + jackson-databind + 2.9.4 + pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4 + + + + + SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111 + + Snyk + https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111 + + + + CVE-2018-7489 + + NVD + https://nvd.nist.gov/vuln/detail/CVE-2019-9997 + + + + CVE-2018-7489 + + NVD + https://nvd.nist.gov/vuln/detail/CVE-2019-9997 + + + + + + + NVD + https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&version=3.0 + + 9.8 + critical + CVSSv3 + AN/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + An optional reason for rating the vulnerability as it was + + + + 184 + 502 + + FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath. + + Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.6.7.5, 2.8.11.1, 2.9.5 or higher. + + + GitHub Commit + https://github.com/FasterXML/jackson-databind/commit/6799f8f10cc78e9af6d443ed6982d00a13f2e7d2 + + + GitHub Issue + https://github.com/FasterXML/jackson-databind/issues/1931 + + + 2021-01-01T00:00:00.000Z + 2021-01-01T00:00:00.000Z + 2021-01-01T00:00:00.000Z + + + + Acme, Inc. + https://example.com + + + + + Jane Doe + jane.doe@example.com + + + + + + Snyk + Snyk CLI (Linux) + 1.729.0 + + 2eaf8c62831a1658c95d41fdc683cd177c147733c64a93e59cb2362829e45b7d + + + + + not_affected + code_not_reachable + + will_not_fix + update + + An optional explanation of why the application is not affected by the vulnerable component. + + + + pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4 + + + vers:semver/<2.6.7.5 + affected + + + vers:semver/2.7.0|<2.8.11.1 + affected + + + vers:semver/2.9.0|<2.9.5 + affected + + + + + + Bar + You + Two + Foo + + + + diff --git a/src/test/resources/1.5/valid-xml-signature-1.5.xml b/src/test/resources/1.5/valid-xml-signature-1.5.xml new file mode 100644 index 000000000..13d242b26 --- /dev/null +++ b/src/test/resources/1.5/valid-xml-signature-1.5.xml @@ -0,0 +1,177 @@ + + + + + Acme Inc + com.acme + tomcat-catalina + 9.0.14 + + 3942447fac867ae5cdb3229b658f4d48 + e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a + f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b + e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 + + + + Apache-2.0 + + + pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar + + + + Apache + org.apache.tomcat + tomcat-catalina + 9.0.14 + + + Apache-2.0 + + + pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.14?packaging=jar + + + + + + 7638417db6d59f3c431d3e1f261cc637155684cd + https://location/to/7638417db6d59f3c431d3e1f261cc637155684cd + + 2018-11-07T22:01:45Z + John Doe + jdoe@example.com + + + 2018-11-07T22:01:45Z + John Doe + jdoe@example.com + + Initial commit + + + + + + org.example + mylibrary + 1.0.0 + required + + 2342c2eaf1feb9a80195dbaddf2ebaa3 + 68b78babe00a053f9e35ec6a2d9080f5b90122b0 + 708f1f53b41f11f02d12a11b1a38d2905d47b099afc71a0f1124ef8582ec7313 + 387b7ae16b9cae45f830671541539bf544202faae5aac544a93b7b0a04f5f846fa2f4e81ef3f1677e13aed7496408a441f5657ab6d54423e56bf6f38da124aef + + + + Apache-2.0 + blah + fdaf + + + Copyright Example Inc. All rights reserved. + cpe:/a:example:myapplication:1.0.0 + pkg:maven/com.example/myapplication@1.0.0?packaging=war + false + + + com.example + myframework + 1.0.0 + Example Inc, enterprise framework + required + + cfcb0b64aacd2f81c1cd546543de965a + 7fbeef2346c45d565c3341f037bce4e088af8a52 + 0384db3cec55d86a6898c489fdb75a8e75fe66b26639634983d2f3c3558493d1 + 854909cdb9e3ca183056837144aab6d8069b377bd66445087cc7157bf0c3f620418705dd0b83bdc2f73a508c2bdb316ca1809d75ee6972d02023a3e7dd655c79 + + + + Apache-2.0 + + + pkg:maven/com.example/myframework@1.0.0?packaging=war + false + + + http://example.com/myframework + + + http://example.com/security + + + + + + + + + + + + + + PrB8/rofGs34XwIX5OIdYSjV2aKSe5VaztJKBvsgjIk= + + + + ePGNg30Zl9CW7RZdcRn8gFCp1AlWncjudA9pQDXyqZOvyj9RC2YtkI688WdfDOdVRZs6mflJFXr7 + IKA9wY6jVrEqZmlef55Qp/8iGwOjOjWbwYsm2AhrdkUi9gaFSWEd8uITYHOpWbiPFSsnimiK9+ft + 56dkg/oJMLdXzlaukzq9iGkRcafRkW433OQcZIXwD2K8lg4cdD0pNNNqBa+PgIvzbxA5H84TyQDB + HBcQiw/j1edRBJgPOwlqzZDUawOJaFhAPUQ+GGKMetIJH2FqqrHXGuV1NIwnbWTCg40RdOcBdCrl + PDtDVjFh34uZ4dYBpJBIlM4daD2N4B6WPB5iHRyuZTczF2q03ObabuTgkpK6EeadFVqFNsEOOPPt + MDDyda+Lwff5KjvUHvRRtUDIOm2rNIQKzaseulwYcA9UWQHAFcupJmWcLLM4zzY7F/uOdZuSurzh + U6h5kdb76Juepof6ee4Q5YpwNOGNL5JfB4C3sc/Dbbv8dZ8OuXFYSZN7reUGZzCNksByqERPEbAe + n1ldJu1HnRXRQpwaon8Asy9CuNmPfFCfDwOs2B4p4tb+tLNIKFHdRlpd19Zr9vCMCbltXeqq0Cpq + OejSyLYGqSWzzzUh449dJrg6KTevrTNEln5GAlLBFSdjM5JA7KV2u/GyDVFwSEW7UKooGN4CtgU= + + + + CN=bomsigner,OU=development,O=cyclonedx + + MIIE+DCCAuCgAwIBAgIEXGzayTANBgkqhkiG9w0BAQsFADA+MRIwEAYDVQQKDAljeWNsb25lZHgx + FDASBgNVBAsMC2RldmVsb3BtZW50MRIwEAYDVQQDDAlib21zaWduZXIwHhcNMTkwMjIwMDQ0MjQ5 + WhcNNDkwMjIwMDQ0MjQ5WjA+MRIwEAYDVQQKDAljeWNsb25lZHgxFDASBgNVBAsMC2RldmVsb3Bt + ZW50MRIwEAYDVQQDDAlib21zaWduZXIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCo + 5JZsM4ZLfWW/dpRlU6CpnItWspddF+bEVDETKVwVj9tGpqR5jURgKS/BOQP2TGUsR3/ZJJBhYRll + ONhrUQrVKV/I6wp3Z40qPEa1RJLE+QlG9iL8qBV52CnXkLmnUSax3dspSzmSct5vDiTnvpHG9jr0 + AKFeTjy7U9rv8GJybz0ijwlpBoO9JRdYPX2PrrzoSeJLoxKq+GwuyCZ5LhXRN0p1a+NAirTAmY+c + G1ZTLkMmfeCUy1t6H/bG4RnYOSSPOvk7Rb68lQpUqb+pbbNuB2o/b9cDwtLLCtGVlu+5Wj8mrytY + 3FGFQM20j3yVeRInmGqTTDBelQa/CO4JKqBlmaeYEIvNYbFs9+AlqadivwDO51RpdPo9fPSpsBpy + ZMv6S2bXNuUML+Rk99WyKJTPM0PTZhRLZ64ZXEhlz3kQWVoSlrcwwim6sj6LRUb5IRqA3lxRFUI6 + NXKyiQLamQp+t3/9OGW9L1rLCcw7yFo0s8LhMTPMiv4ol9/hQViT+8ICzDsr0OM9ZiF4/UagFRlt + IClV70cjh1DpsZjzQIRVGaj8uQ/JdtfRz4E43Ki7U0a2Vpho/t6poLVndv46tkX5nYGtMW4WfMoD + ZflQ9pajvvKtr2jB1wob6nsU+VTmAcWZy4BCPH+XyfDw/0SFBdUceJJJtPWIeYFDUY7onptf+wID + AQABMA0GCSqGSIb3DQEBCwUAA4ICAQCOVariNgK+9OF/5T9ZaSvZbkk45RTmzgQNXtFc5xfRvqwP + s+pu/DFXm1R+ltjyS5j3w6NBZUFUI5MqLQr6JEEDrbu8BvfBO57wJNAEATj1JIHEfDfh7BxnBF8f + oYFOwbrh4jOt0wz0FW2obsSVmF4GSvS7tTlWqTcsxjdZVmwP40RWu18B9jzv7M61adrWD3ksDA5O + amSOsZi3Nt0aacDkyGRdCIEFi0fplxQInXMtD1z3RhXu2JSTAIr54Cei49Bh71kAXSWHMCog/f8a + lSrZyqZBty/ACfU9DqlPIM+giHePKm4z2bcdpUdKZk6wcKDn4CvuBOqsMBMg7L05UEyyqTPD/4dk + 2GwJ8Nv0E5gsYHCIXF2cZ3OUVsw0mB/ozleEJVDE02uZZN/1wW1Xq028LsMdgN0Wk1WvWyF5MEdh + nPWuhqp6tNaDI/kK6XQF+LjYJUzua3AQFOHfYNLKhO6d+bJ4rr0833v4v3cLW34kbXkKb6U3Yv8X + SK3jBGCACiPgnc0N6awkh1kDlrZQ7GMsl14c+2+vpl9Lf0sL0mRUIyICfSC8MjlsP/BZH3emyfsk + iWivPALomycKqP+PSkt1WaWApGENZWk1wNN99FYSYlt6LViW2p6T97fRx4jPRlHu+wecfD2k9RP4 + bt5W2HWfOP0zNAS7SnAVLEl2QZxXKw== + + + + + + qOSWbDOGS31lv3aUZVOgqZyLVrKXXRfmxFQxEylcFY/bRqakeY1EYCkvwTkD9kxlLEd/2SSQYWEZ + ZTjYa1EK1SlfyOsKd2eNKjxGtUSSxPkJRvYi/KgVedgp15C5p1Emsd3bKUs5knLebw4k576RxvY6 + 9AChXk48u1Pa7/Bicm89Io8JaQaDvSUXWD19j6686EniS6MSqvhsLsgmeS4V0TdKdWvjQIq0wJmP + nBtWUy5DJn3glMtbeh/2xuEZ2Dkkjzr5O0W+vJUKVKm/qW2zbgdqP2/XA8LSywrRlZbvuVo/Jq8r + WNxRhUDNtI98lXkSJ5hqk0wwXpUGvwjuCSqgZZmnmBCLzWGxbPfgJamnYr8AzudUaXT6PXz0qbAa + cmTL+ktm1zblDC/kZPfVsiiUzzND02YUS2euGVxIZc95EFlaEpa3MMIpurI+i0VG+SEagN5cURVC + OjVysokC2pkKfrd//ThlvS9aywnMO8haNLPC4TEzzIr+KJff4UFYk/vCAsw7K9DjPWYheP1GoBUZ + bSApVe9HI4dQ6bGY80CEVRmo/LkPyXbX0c+BONyou1NGtlaYaP7eqaC1Z3b+OrZF+Z2BrTFuFnzK + A2X5UPaWo77yra9owdcKG+p7FPlU5gHFmcuAQjx/l8nw8P9EhQXVHHiSSbT1iHmBQ1GO6J6bX/s= + + AQAB + + + + diff --git a/src/test/resources/bom-1.5.json b/src/test/resources/bom-1.5.json new file mode 100644 index 000000000..d92a9f96a --- /dev/null +++ b/src/test/resources/bom-1.5.json @@ -0,0 +1,416 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "metadata": { + "timestamp": "2020-04-07T07:01:00Z", + "tools": [ + { + "vendor": "Awesome Vendor", + "name": "Awesome Tool", + "version": "9.1.2", + "hashes": [ + { + "alg": "SHA-1", + "content": "25ed8e31b995bb927966616df2a42b979a2717f0" + } + ] + } + ], + "authors": [ + { + "name": "Samantha Wright", + "email": "samantha.wright@example.com", + "phone": "800-555-1212" + } + ], + "component": { + "type": "application", + "author": "Acme Super Heros", + "name": "Acme Application", + "version": "9.1.1", + "swid": { + "tagId": "swidgen-242eb18a-503e-ca37-393b-cf156ef09691_9.1.1", + "name": "Acme Application", + "version": "9.1.1", + "text": { + "contentType": "text/xml", + "encoding": "base64", + "content": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiID8+CjxTb2Z0d2FyZUlkZW50aXR5IHhtbDpsYW5nPSJFTiIgbmFtZT0iQWNtZSBBcHBsaWNhdGlvbiIgdmVyc2lvbj0iOS4xLjEiIAogdmVyc2lvblNjaGVtZT0ibXVsdGlwYXJ0bnVtZXJpYyIgCiB0YWdJZD0ic3dpZGdlbi1iNTk1MWFjOS00MmMwLWYzODItM2YxZS1iYzdhMmE0NDk3Y2JfOS4xLjEiIAogeG1sbnM9Imh0dHA6Ly9zdGFuZGFyZHMuaXNvLm9yZy9pc28vMTk3NzAvLTIvMjAxNS9zY2hlbWEueHNkIj4gCiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiAKIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL3N0YW5kYXJkcy5pc28ub3JnL2lzby8xOTc3MC8tMi8yMDE1LWN1cnJlbnQvc2NoZW1hLnhzZCBzY2hlbWEueHNkIiA+CiAgPE1ldGEgZ2VuZXJhdG9yPSJTV0lEIFRhZyBPbmxpbmUgR2VuZXJhdG9yIHYwLjEiIC8+IAogIDxFbnRpdHkgbmFtZT0iQWNtZSwgSW5jLiIgcmVnaWQ9ImV4YW1wbGUuY29tIiByb2xlPSJ0YWdDcmVhdG9yIiAvPiAKPC9Tb2Z0d2FyZUlkZW50aXR5Pg==" + } + }, + "releaseNotes": { + "type": "major", + "title": "My new release", + "featuredImage": "https://example.com/featured_image.png", + "socialImage": "https://example.com/social_image.png", + "description": "The main description of your release", + "timestamp": "2020-04-07T07:01:00Z", + "aliases": [ + "Project Orion" + ], + "tags": [ + "CMS" + ], + "resolves": [ + { + "type": "security", + "id": "CVE-2019-9997", + "name": "CVE-2019-9997", + "description": "A security issue was fixed that did something bad", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9997" + }, + "references": [ + "http://some/other/site-1" + ] + } + ], + "notes": [ + { + "locale": "en-US", + "text": { + "contentType": "text/html", + "encoding": "base64", + "content": "PGgxPk15IG5ldyByZWxlYXNlPGgxPgo8cD5SZWxlYXNlIG5vdGVzIGhlcmU8L3A+" + } + } + ] + } + }, + "manufacture": { + "name": "Acme, Inc.", + "url": [ + "https://example.com" + ], + "contact": [ + { + "name": "Acme Professional Services", + "email": "professional.services@example.com" + } + ] + }, + "supplier": { + "name": "Acme, Inc.", + "url": [ + "https://example.com" + ], + "contact": [ + { + "name": "Acme Distribution", + "email": "distribution@example.com" + } + ] + } + }, + "components": [ + { + "type": "library", + "bom-ref": "pkg:maven/com.acme/jackson-databind@2.9.4", + "group": "com.acme", + "name": "jackson-databind", + "version": "2.9.4", + "hashes": [ + { + "alg": "MD5", + "content": "641b6e166f8b33c5e959e2adcc18b1c7" + }, + { + "alg": "SHA-1", + "content": "9188560f22e0b73070d2efce670c74af2bdf30af" + }, + { + "alg": "SHA-256", + "content": "d88bc4e70bfb34d18b5542136639acbb26a8ae2429aa1e47489332fb389cc964" + }, + { + "alg": "SHA-384", + "content": "d4835048a0f57c74b8fb617d5366ab81376fc92bebe9a93bf24ba7f9da6c9aeeb6179f5d1361f6533211b15f3224cbad" + }, + { + "alg": "SHA-512", + "content": "74a51ff45e4c11df9ba1f0094282c80489649cb157a75fa337992d2d4592a5a1b8cb4525de8db0ae25233553924d76c36e093ea7fa9df4e5b8b07fd2e074efd6" + }, + { + "alg": "SHA3-256", + "content": "7478c7cf41c883a04ee89f1813f687886d53fa86f791fff90690c6221e3853aa" + }, + { + "alg": "SHA3-384", + "content": "a1eea7229716487ad2ebe96b2f997a8408f32f14047994fbcc99b49012cf86c96dbd518e5d57a61b0e57dd37dd0b48f5" + }, + { + "alg": "SHA3-512", + "content": "7d584825bc1767dfabe7e82b45ccb7a1119b145fa17e76b885e71429c706cef0a3171bc6575b968eec5da56a7966c02fec5402fcee55097ac01d40c550de9d20" + }, + { + "alg": "BLAKE2b-256", + "content": "d8779633380c050bccf4e733b763ab2abd8ad2db60b517d47fd29bbf76433237" + }, + { + "alg": "BLAKE2b-384", + "content": "e728ba56c2da995a559a178116c594e8bee4894a79ceb4399d8f479e5563cb1942b85936f646d14170717c576b14db7a" + }, + { + "alg": "BLAKE2b-512", + "content": "f8ce8d612a6c85c96cf7cebc230f6ddef26e6cedcfbc4a41c766033cc08c6ba097d1470948226807fb2d88d2a2b6fc0ff5e5440e93a603086fdd568bafcd1a9d" + }, + { + "alg": "BLAKE3", + "content": "26cdc7fb3fd65fc3b621a4ef70bc7d2489d5c19e70c76cf7ec20e538df0047cf" + } + ], + "licenses": [ + { + "expression": "EPL-2.0 OR GPL-2.0-with-classpath-exception" + } + ], + "copyright": "Copyright Example Inc. All rights reserved.", + "cpe": "cpe:/a:example:myapplication:1.0.0", + "purl": "pkg:maven/com.acme/jackson-databind@2.9.4", + "swid": { + "tagId": "swidgen-242eb18a-503e-ca37-393b-cf156ef09691_9.1.1", + "name": "Acme Application", + "version": "9.1.1" + }, + "modified": false, + "externalReferences": [ + { + "type": "documentation", + "url": "http://example.org/docs", + "comment": "All component versions are documented here" + } + ], + "evidence": { + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "copyright": [ + { + "text": "Copyright 2012 Google Inc. All Rights Reserved." + } + ] + } + } + ], + "services": [ + { + "bom-ref": "b2a46a4b-8367-4bae-9820-95557cfe03a8", + "provider": { + "name": "Partner Org", + "url": [ + "https://partner.org" + ], + "contact": [ + { + "name": "Support", + "email": "support@partner", + "phone": "800-555-1212" + } + ] + }, + "group": "org.partner", + "name": "Stock ticker service", + "version": "2020-Q2", + "description": "Provides real-time stock information", + "endpoints": [ + "https://partner.org/api/v1/lookup", + "https://partner.org/api/v1/stock" + ], + "authenticated": true, + "x-trust-boundary": true, + "data": [ + { + "flow": "inbound", + "classification": "PII" + }, + { + "flow": "outbound", + "classification": "PIFI" + }, + { + "flow": "bi-directional", + "classification": "pubic" + }, + { + "flow": "unknown", + "classification": "partner-data" + } + ], + "licenses": [ + { + "license": { + "name": "Partner license" + } + } + ], + "externalReferences": [ + { + "type": "website", + "url": "http://partner.org" + }, + { + "type": "documentation", + "url": "http://api.partner.org/swagger" + } + ] + } + ], + "dependencies": [ + { + "ref": "pkg:npm/acme/component@1.0.0", + "dependsOn": [ + "pkg:npm/acme/common@1.0.0" + ] + }, + { + "ref": "pkg:npm/acme/component@2.0.0", + "dependsOn": [ + "pkg:npm/acme/common@1.1.0", + "pkg:npm/acme/common@2.2.0", + "pkg:npm/acme/common@3.3.0" + ] + } + ], + "compositions": [ + { + "aggregate": "complete", + "assemblies": [ + "pkg:maven/partner/shaded-library@1.0" + ], + "dependencies": [ + "acme-application-1.0" + ] + }, + { + "aggregate": "unknown", + "assemblies": [ + "pkg:maven/acme/library@3.0" + ] + } + ], + "vulnerabilities": [ + { + "bom-ref": "6eee14da-8f42-4cc4-bb65-203235f02415", + "id": "SONATYPE-2021123", + "source": { + "name": "Sonatype", + "url": "https://www.vuln.com" + }, + "references": [ + { + "id": "CVE-2018-7489", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9997" + } + } + ], + "ratings": [ + { + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&version=3.0" + }, + "score": 9.8, + "severity": "critical", + "method": "CVSSv3", + "vector": "AN/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "justification": "An optional reason for rating the vulnerability as it was" + } + ], + "cwes": [ + 184 + ], + "description": "Description", + "detail": "Detail", + "recommendation": "Upgrade", + "advisories": [ + { + "title": "GitHub Commit", + "url": "https://github.com/FasterXML/jackson-databind/commit/6799f8f10cc78e9af6d443ed6982d00a13f2e7d2" + } + ], + "created": "2020-04-07T07:01:00Z", + "published": "2020-04-07T07:01:00Z", + "updated": "2020-04-07T07:01:00Z", + "credits": { + "organizations": [ + { + "name": "Acme, Inc.", + "url": [ + "https://example.com" + ] + } + ], + "individuals": [ + { + "name": "Jane Doe", + "email": "jane.doe@example.com" + } + ] + }, + "tools": [ + { + "vendor": "Sonatype", + "name": "Sonatype CLI", + "version": "1.131", + "hashes": [ + { + "alg": "SHA-256", + "content": "2eaf8c62831a1658c95d41fdc683cd177c147733c64a93e59cb2362829e45b7d" + } + ] + } + ], + "analysis": { + "state": "not_affected", + "justification": "code_not_reachable", + "response": [ + "update" + ], + "detail": "An optional explanation of why the application is not affected by the vulnerable component." + }, + "affects": [ + { + "ref": "pkg:maven/com.acme/jackson-databind@2.9.9", + "versions": [ + { + "range": "vers:semver/<2.6.7.5", + "status": "affected" + }, + { + "version": "2.9.9", + "status": "affected" + } + ] + } + ], + "properties": [ + { + "name": "Foo", + "value": "Bar" + }, + { + "name": "Foo", + "value": "You" + }, + { + "name": "Foo", + "value": "Two" + }, + { + "name": "Bar", + "value": "Foo" + } + ] + } + ] +} diff --git a/src/test/resources/bom-1.5.xml b/src/test/resources/bom-1.5.xml new file mode 100644 index 000000000..f58b3e5c6 --- /dev/null +++ b/src/test/resources/bom-1.5.xml @@ -0,0 +1,288 @@ + + + + 2020-04-07T07:01:00Z + + + Awesome Vendor + Awesome Tool + 9.1.2 + + 25ed8e31b995bb927966616df2a42b979a2717f0 + + + + + + Samantha Wright + samantha.wright@example.com + 800-555-1212 + + + + Acme Super Heros + Acme Application + 9.1.1 + + PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiID8+CjxTb2Z0d2FyZUlkZW50aXR5IHhtbDpsYW5nPSJFTiIgbmFtZT0iQWNtZSBBcHBsaWNhdGlvbiIgdmVyc2lvbj0iOS4xLjEiIAogdmVyc2lvblNjaGVtZT0ibXVsdGlwYXJ0bnVtZXJpYyIgCiB0YWdJZD0ic3dpZGdlbi1iNTk1MWFjOS00MmMwLWYzODItM2YxZS1iYzdhMmE0NDk3Y2JfOS4xLjEiIAogeG1sbnM9Imh0dHA6Ly9zdGFuZGFyZHMuaXNvLm9yZy9pc28vMTk3NzAvLTIvMjAxNS9zY2hlbWEueHNkIj4gCiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiAKIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL3N0YW5kYXJkcy5pc28ub3JnL2lzby8xOTc3MC8tMi8yMDE1LWN1cnJlbnQvc2NoZW1hLnhzZCBzY2hlbWEueHNkIiA+CiAgPE1ldGEgZ2VuZXJhdG9yPSJTV0lEIFRhZyBPbmxpbmUgR2VuZXJhdG9yIHYwLjEiIC8+IAogIDxFbnRpdHkgbmFtZT0iQWNtZSwgSW5jLiIgcmVnaWQ9ImV4YW1wbGUuY29tIiByb2xlPSJ0YWdDcmVhdG9yIiAvPiAKPC9Tb2Z0d2FyZUlkZW50aXR5Pg== + + + major + My new release + https://example.com/featured_image.png + https://example.com/social_image.png + The main description of your release + 2020-04-07T07:01:00Z + + Project Orion + + + CMS + + + + CVE-2019-9997 + CVE-2019-9997 + A security issue was fixed that did something bad + + NVD + https://nvd.nist.gov/vuln/detail/CVE-2019-9997 + + + http://some/other/site-1 + + + + + + en-US + PGgxPk15IG5ldyByZWxlYXNlPGgxPgo8cD5SZWxlYXNlIG5vdGVzIGhlcmU8L3A+ + + + + + + Acme, Inc. + https://example.com + + Acme Professional Services + professional.services@example.com + + + + Acme, Inc. + https://example.com + + Acme Distribution + distribution@example.com + + + + + + com.acme + jackson-databind + 2.9.4 + + 641b6e166f8b33c5e959e2adcc18b1c7 + 9188560f22e0b73070d2efce670c74af2bdf30af + d88bc4e70bfb34d18b5542136639acbb26a8ae2429aa1e47489332fb389cc964 + d4835048a0f57c74b8fb617d5366ab81376fc92bebe9a93bf24ba7f9da6c9aeeb6179f5d1361f6533211b15f3224cbad + 74a51ff45e4c11df9ba1f0094282c80489649cb157a75fa337992d2d4592a5a1b8cb4525de8db0ae25233553924d76c36e093ea7fa9df4e5b8b07fd2e074efd6 + 7478c7cf41c883a04ee89f1813f687886d53fa86f791fff90690c6221e3853aa + a1eea7229716487ad2ebe96b2f997a8408f32f14047994fbcc99b49012cf86c96dbd518e5d57a61b0e57dd37dd0b48f5 + 7d584825bc1767dfabe7e82b45ccb7a1119b145fa17e76b885e71429c706cef0a3171bc6575b968eec5da56a7966c02fec5402fcee55097ac01d40c550de9d20 + d8779633380c050bccf4e733b763ab2abd8ad2db60b517d47fd29bbf76433237 + e728ba56c2da995a559a178116c594e8bee4894a79ceb4399d8f479e5563cb1942b85936f646d14170717c576b14db7a + f8ce8d612a6c85c96cf7cebc230f6ddef26e6cedcfbc4a41c766033cc08c6ba097d1470948226807fb2d88d2a2b6fc0ff5e5440e93a603086fdd568bafcd1a9d + 26cdc7fb3fd65fc3b621a4ef70bc7d2489d5c19e70c76cf7ec20e538df0047cf + + + EPL-2.0 OR GPL-2.0-with-classpath-exception + + Copyright Example Inc. All rights reserved. + cpe:/a:example:myapplication:1.0.0 + pkg:maven/com.acme/jackson-databind@2.9.4 + + false + + + http://example.org/docs + All component versions are documented here + + + + + + Apache-2.0 + http://www.apache.org/licenses/LICENSE-2.0 + + + + + + + + + + + + Partner Org + https://partner.org + + Support + support@partner + 800-555-1212 + + + org.partner + Stock ticker service + 2020-Q2 + Provides real-time stock information + + https://partner.org/api/v1/lookup + https://partner.org/api/v1/stock + + true + true + + PII + PIFI + pubic + partner-data + + + + Partner license + + + + + http://partner.org + + + http://api.partner.org/swagger + + + + + + + + + + complete + + + + + + + + + unknown + + + + + + + + SONATYPE-2021123 + + Sonatype + https://www.vuln.com + + + + CVE-2018-7489 + + NVD + https://nvd.nist.gov/vuln/detail/CVE-2019-9997 + + + + + + + NVD + https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&version=3.0 + + 9.8 + critical + CVSSv3 + AN/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + An optional reason for rating the vulnerability as it was + + + + 184 + + Description + Detail + Upgrade + + + GitHub Commit + https://github.com/FasterXML/jackson-databind/commit/6799f8f10cc78e9af6d443ed6982d00a13f2e7d2 + + + 2020-04-07T07:01:00Z + 2020-04-07T07:01:00Z + 2020-04-07T07:01:00Z + + + + Acme, Inc. + https://example.com + + + + + Jane Doe + jane.doe@example.com + + + + + + Sonatype + Sonatype CLI + 1.131 + + 2eaf8c62831a1658c95d41fdc683cd177c147733c64a93e59cb2362829e45b7d + + + + + not_affected + code_not_reachable + + update + + An optional explanation of why the application is not affected by the vulnerable component. + + + + pkg:maven/com.acme/jackson-databind@2.9.9 + + + vers:semver/<2.6.7.5 + affected + + + 2.9.9 + affected + + + + + + Bar + You + Two + Foo + + + + From d28fd8d6938c2fce7dc008739d2e1f52a9703766 Mon Sep 17 00:00:00 2001 From: Jeffry Hesse <5544326+DarthHater@users.noreply.github.com> Date: Fri, 3 Feb 2023 04:14:30 -0900 Subject: [PATCH 02/40] Invert the VersionFilter (#261) --- src/main/java/org/cyclonedx/model/Bom.java | 17 ++++++++-------- .../java/org/cyclonedx/model/Component.java | 20 +++++++++---------- .../cyclonedx/model/ExternalReference.java | 2 +- .../java/org/cyclonedx/model/Metadata.java | 16 +++++++-------- .../java/org/cyclonedx/model/Pedigree.java | 2 +- .../org/cyclonedx/model/ReleaseNotes.java | 2 +- .../java/org/cyclonedx/model/Service.java | 4 ++-- .../org/cyclonedx/model/VersionFilter.java | 1 + .../model/vulnerability/Vulnerability.java | 6 +++--- .../VersionJsonAnnotationIntrospector.java | 2 +- .../VersionXmlAnnotationIntrospector.java | 2 +- 11 files changed, 37 insertions(+), 37 deletions(-) diff --git a/src/main/java/org/cyclonedx/model/Bom.java b/src/main/java/org/cyclonedx/model/Bom.java index 5f9493513..fa0cf601a 100644 --- a/src/main/java/org/cyclonedx/model/Bom.java +++ b/src/main/java/org/cyclonedx/model/Bom.java @@ -58,29 +58,28 @@ public class Bom extends ExtensibleElement { @JacksonXmlProperty(isAttribute = true) private String xmlns; - @VersionFilter(versions = {"1.2", "1.3", "1.4"}) + @VersionFilter(versions = { "1.0", "1.1" }) private Metadata metadata; - @VersionFilter(versions = {"1.0", "1.1", "1.2", "1.3", "1.4"}) private List components; - @VersionFilter(versions = {"1.2", "1.3", "1.4"}) + @VersionFilter(versions = {"1.0", "1.1"}) private List services; - @VersionFilter(versions = {"1.1", "1.2", "1.3", "1.4"}) + @VersionFilter(versions = {"1.0"}) private DependencyList dependencies; - @VersionFilter(versions = {"1.1", "1.2", "1.3", "1.4"}) + @VersionFilter(versions = {"1.0"}) private List externalReferences; - @VersionFilter(versions = {"1.3", "1.4"}) + @VersionFilter(versions = {"1.0", "1.1", "1.2"}) private List compositions; - @VersionFilter(versions = {"1.4"}) + @VersionFilter(versions = {"1.0", "1.1", "1.2", "1.3"}) @JsonDeserialize(using = VulnerabilityDeserializer.class) private List vulnerabilities; - @VersionFilter(versions = {"1.3", "1.4"}) + @VersionFilter(versions = {"1.0", "1.1", "1.2"}) private List properties; @JacksonXmlProperty(isAttribute = true) @@ -96,7 +95,7 @@ public class Bom extends ExtensibleElement { private String bomFormat; @JsonOnly - @VersionFilter(versions = {"1.4"}) + @VersionFilter(versions = {"1.0", "1.1", "1.2", "1.3"}) private Signature signature; public Metadata getMetadata() { diff --git a/src/main/java/org/cyclonedx/model/Component.java b/src/main/java/org/cyclonedx/model/Component.java index c3b466b8f..22f9a79d5 100644 --- a/src/main/java/org/cyclonedx/model/Component.java +++ b/src/main/java/org/cyclonedx/model/Component.java @@ -117,11 +117,11 @@ public String getScopeName() { @JacksonXmlProperty(isAttribute = true, localName = "mime-type") @JsonProperty("mime-type") private String mimeType; - @VersionFilter(versions = {"1.2", "1.3", "1.4"}) + @VersionFilter(versions = {"1.0", "1.1"}) private OrganizationalEntity supplier; - @VersionFilter(versions = {"1.2", "1.3", "1.4"}) + @VersionFilter(versions = {"1.0", "1.1"}) private String author; - @VersionFilter(versions = {"1.1", "1.2", "1.3", "1.4"}) + @VersionFilter(versions = {"1.0"}) private String publisher; private String group; private String name; @@ -133,24 +133,24 @@ public String getScopeName() { private String copyright; private String cpe; private String purl; - @VersionFilter(versions = {"1.2", "1.3", "1.4"}) + @VersionFilter(versions = {"1.0", "1.1"}) private Swid swid; private Boolean modified; - @VersionFilter(versions = {"1.1", "1.2", "1.3", "1.4"}) + @VersionFilter(versions = {"1.0"}) private Pedigree pedigree; - @VersionFilter(versions = {"1.1", "1.2", "1.3", "1.4"}) + @VersionFilter(versions = {"1.0"}) private List externalReferences; - @VersionFilter(versions = {"1.3", "1.4"}) + @VersionFilter(versions = {"1.0", "1.1", "1.2"}) private List properties; private List components; - @VersionFilter(versions = {"1.3", "1.4"}) + @VersionFilter(versions = {"1.0", "1.1", "1.2"}) private Evidence evidence; @JacksonXmlProperty(isAttribute = true) private Type type; - @VersionFilter(versions = {"1.4"}) + @VersionFilter(versions = {"1.0", "1.1", "1.2", "1.3"}) private ReleaseNotes releaseNotes; @JsonOnly - @VersionFilter(versions = {"1.4"}) + @VersionFilter(versions = {"1.0", "1.1", "1.2", "1.3"}) private Signature signature; public String getBomRef() { diff --git a/src/main/java/org/cyclonedx/model/ExternalReference.java b/src/main/java/org/cyclonedx/model/ExternalReference.java index 5e78e895c..56be165bd 100644 --- a/src/main/java/org/cyclonedx/model/ExternalReference.java +++ b/src/main/java/org/cyclonedx/model/ExternalReference.java @@ -87,7 +87,7 @@ public String getTypeName() { private Type type; private String comment; - @VersionFilter(versions = {"1.3", "1.4"}) + @VersionFilter(versions = {"1.0", "1.1", "1.2"}) private List hashes; public String getUrl() { diff --git a/src/main/java/org/cyclonedx/model/Metadata.java b/src/main/java/org/cyclonedx/model/Metadata.java index 1d5ce93a8..221b6c5a7 100644 --- a/src/main/java/org/cyclonedx/model/Metadata.java +++ b/src/main/java/org/cyclonedx/model/Metadata.java @@ -39,28 +39,28 @@ public class Metadata extends ExtensibleElement { @JsonSerialize(using = CustomDateSerializer.class) - @VersionFilter(versions = {"1.2", "1.3", "1.4"}) + @VersionFilter(versions = {"1.0", "1.1"}) private Date timestamp = new Date(); - @VersionFilter(versions = {"1.2", "1.3", "1.4"}) + @VersionFilter(versions = {"1.0", "1.1"}) private List tools; - @VersionFilter(versions = {"1.2", "1.3", "1.4"}) + @VersionFilter(versions = {"1.0", "1.1"}) private List authors; - @VersionFilter(versions = {"1.2", "1.3", "1.4"}) + @VersionFilter(versions = {"1.0", "1.1"}) private Component component; - @VersionFilter(versions = {"1.2", "1.3", "1.4"}) + @VersionFilter(versions = {"1.0", "1.1"}) private OrganizationalEntity manufacture; - @VersionFilter(versions = {"1.2", "1.3", "1.4"}) + @VersionFilter(versions = {"1.0", "1.1"}) private OrganizationalEntity supplier; - @VersionFilter(versions = {"1.3", "1.4"}) + @VersionFilter(versions = {"1.0", "1.1", "1.2"}) private LicenseChoice license; - @VersionFilter(versions = {"1.3", "1.4"}) + @VersionFilter(versions = {"1.0", "1.1", "1.2"}) private List properties; public Date getTimestamp() { diff --git a/src/main/java/org/cyclonedx/model/Pedigree.java b/src/main/java/org/cyclonedx/model/Pedigree.java index fbd96d216..5c2163d8b 100644 --- a/src/main/java/org/cyclonedx/model/Pedigree.java +++ b/src/main/java/org/cyclonedx/model/Pedigree.java @@ -45,7 +45,7 @@ public class Pedigree extends ExtensibleElement { private List commits; - @VersionFilter(versions = {"1.2", "1.3", "1.4"}) + @VersionFilter(versions = {"1.0", "1.1"}) private List patches; private String notes; diff --git a/src/main/java/org/cyclonedx/model/ReleaseNotes.java b/src/main/java/org/cyclonedx/model/ReleaseNotes.java index 051918eca..1792343d5 100644 --- a/src/main/java/org/cyclonedx/model/ReleaseNotes.java +++ b/src/main/java/org/cyclonedx/model/ReleaseNotes.java @@ -58,7 +58,7 @@ public ReleaseNotes() {} private String socialImage; private String description; @JsonSerialize(using = CustomDateSerializer.class) - @VersionFilter(versions = {"1.4"}) + @VersionFilter(versions = {"1.0", "1.1", "1.2", "1.3"}) private Date timestamp; private List aliases; private List tags; diff --git a/src/main/java/org/cyclonedx/model/Service.java b/src/main/java/org/cyclonedx/model/Service.java index 275211b93..6f1f1eb82 100644 --- a/src/main/java/org/cyclonedx/model/Service.java +++ b/src/main/java/org/cyclonedx/model/Service.java @@ -67,12 +67,12 @@ public class Service extends ExtensibleElement { private List data; private LicenseChoice license; private List externalReferences; - @VersionFilter(versions = {"1.3", "1.4"}) + @VersionFilter(versions = {"1.0", "1.1", "1.2"}) private List properties; private List services; private ReleaseNotes releaseNotes; @JsonOnly - @VersionFilter(versions = {"1.4"}) + @VersionFilter(versions = {"1.0", "1.1", "1.2", "1.3"}) private Signature signature; public String getBomRef() { diff --git a/src/main/java/org/cyclonedx/model/VersionFilter.java b/src/main/java/org/cyclonedx/model/VersionFilter.java index 502f202a9..1f6bb5ced 100644 --- a/src/main/java/org/cyclonedx/model/VersionFilter.java +++ b/src/main/java/org/cyclonedx/model/VersionFilter.java @@ -26,5 +26,6 @@ @Retention(RetentionPolicy.RUNTIME) @Target(ElementType.FIELD) public @interface VersionFilter { + //Versions that are excluded by the filter String[] versions(); } diff --git a/src/main/java/org/cyclonedx/model/vulnerability/Vulnerability.java b/src/main/java/org/cyclonedx/model/vulnerability/Vulnerability.java index 2dfe9b7f6..e6611cfc9 100644 --- a/src/main/java/org/cyclonedx/model/vulnerability/Vulnerability.java +++ b/src/main/java/org/cyclonedx/model/vulnerability/Vulnerability.java @@ -78,13 +78,13 @@ public Vulnerability() {} private String recommendation; private List advisories; @JsonSerialize(using = CustomDateSerializer.class) - @VersionFilter(versions = { "1.4"}) + @VersionFilter(versions = { "1.0", "1.1", "1.2", "1.3"}) private Date created; @JsonSerialize(using = CustomDateSerializer.class) - @VersionFilter(versions = {"1.4"}) + @VersionFilter(versions = {"1.0", "1.1", "1.2", "1.3"}) private Date published; @JsonSerialize(using = CustomDateSerializer.class) - @VersionFilter(versions = {"1.4"}) + @VersionFilter(versions = {"1.0", "1.1", "1.2", "1.3"}) private Date updated; private Credits credits; @JacksonXmlElementWrapper(localName = "tools") diff --git a/src/main/java/org/cyclonedx/util/VersionJsonAnnotationIntrospector.java b/src/main/java/org/cyclonedx/util/VersionJsonAnnotationIntrospector.java index 5d89133a8..a5b05ace3 100644 --- a/src/main/java/org/cyclonedx/util/VersionJsonAnnotationIntrospector.java +++ b/src/main/java/org/cyclonedx/util/VersionJsonAnnotationIntrospector.java @@ -36,7 +36,7 @@ public VersionJsonAnnotationIntrospector(final String version) { public boolean hasIgnoreMarker(final AnnotatedMember m) { if (m.hasAnnotation(VersionFilter.class)) { VersionFilter filter = m.getAnnotation(VersionFilter.class); - if (Arrays.stream(filter.versions()).noneMatch(v -> v.equals(version))) { + if (Arrays.stream(filter.versions()).anyMatch(v -> v.equals(version))) { return true; } } diff --git a/src/main/java/org/cyclonedx/util/VersionXmlAnnotationIntrospector.java b/src/main/java/org/cyclonedx/util/VersionXmlAnnotationIntrospector.java index d69d94375..8e6867f82 100644 --- a/src/main/java/org/cyclonedx/util/VersionXmlAnnotationIntrospector.java +++ b/src/main/java/org/cyclonedx/util/VersionXmlAnnotationIntrospector.java @@ -37,7 +37,7 @@ public VersionXmlAnnotationIntrospector(final String version) { public boolean hasIgnoreMarker(final AnnotatedMember m) { if (m.hasAnnotation(VersionFilter.class)) { VersionFilter filter = m.getAnnotation(VersionFilter.class); - if (Arrays.stream(filter.versions()).noneMatch(v -> v.equals(version))) { + if (Arrays.stream(filter.versions()).anyMatch(v -> v.equals(version))) { return true; } } From fc2a77eaae0cf5d11f1e65552569e0bc2662046b Mon Sep 17 00:00:00 2001 From: Alexander Alzate Date: Thu, 2 Mar 2023 11:21:53 -0500 Subject: [PATCH 03/40] Security contact and vuln analysis time for 1.5 spec (#264) --- .../cyclonedx/model/ExternalReference.java | 2 + .../model/vulnerability/Vulnerability.java | 24 +++ src/main/resources/bom-1.5.proto | 4 + .../org/cyclonedx/parsers/JsonParserTest.java | 38 +++- .../org/cyclonedx/parsers/XmlParserTest.java | 45 ++++- src/test/resources/bom-1.5.json | 9 +- src/test/resources/bom-1.5.xml | 6 + src/test/resources/bom-1.5_ejemplo.xml | 181 ++++++++++++++++++ 8 files changed, 294 insertions(+), 15 deletions(-) create mode 100644 src/test/resources/bom-1.5_ejemplo.xml diff --git a/src/main/java/org/cyclonedx/model/ExternalReference.java b/src/main/java/org/cyclonedx/model/ExternalReference.java index 56be165bd..3d78bff41 100644 --- a/src/main/java/org/cyclonedx/model/ExternalReference.java +++ b/src/main/java/org/cyclonedx/model/ExternalReference.java @@ -68,6 +68,8 @@ public enum Type { BUILD_SYSTEM("build-system"), @JsonProperty("release-notes") RELEASE_NOTES("release-notes"), + @JsonProperty("security-contact") + SECURITY_CONTACT("security-contact"), @JsonProperty("other") OTHER("other"); diff --git a/src/main/java/org/cyclonedx/model/vulnerability/Vulnerability.java b/src/main/java/org/cyclonedx/model/vulnerability/Vulnerability.java index e6611cfc9..c26ca41d9 100644 --- a/src/main/java/org/cyclonedx/model/vulnerability/Vulnerability.java +++ b/src/main/java/org/cyclonedx/model/vulnerability/Vulnerability.java @@ -579,6 +579,14 @@ public static Analysis.Response fromString(String text) { private List responses; private String detail; + @JsonSerialize(using = CustomDateSerializer.class) + @VersionFilter(versions = {"1.0", "1.1", "1.2", "1.3", "1.4"}) + private Date firstIssued; + + @JsonSerialize(using = CustomDateSerializer.class) + @VersionFilter(versions = {"1.0", "1.1", "1.2", "1.3", "1.4"}) + private Date lastUpdated; + public State getState() { return state; } @@ -613,6 +621,22 @@ public String getDetail() { public void setDetail(final String detail) { this.detail = detail; } + + public Date getFirstIssued() { + return firstIssued; + } + + public void setFirstIssued(final Date firstIssued) { + this.firstIssued = firstIssued; + } + + public Date getLastUpdated() { + return lastUpdated; + } + + public void setLastUpdated(final Date lastUpdated) { + this.lastUpdated = lastUpdated; + } } @JsonInclude(JsonInclude.Include.NON_EMPTY) diff --git a/src/main/resources/bom-1.5.proto b/src/main/resources/bom-1.5.proto index 6f33059f1..b36b2983c 100644 --- a/src/main/resources/bom-1.5.proto +++ b/src/main/resources/bom-1.5.proto @@ -638,6 +638,10 @@ message VulnerabilityAnalysis { repeated VulnerabilityResponse response = 3; // Detailed description of the impact including methods used during assessment. If a vulnerability is not exploitable, this field should include specific details on why the component or service is not impacted by this vulnerability. optional string detail = 4; + // The date and time (timestamp) when the analysis was first issued. + optional google.protobuf.Timestamp firstIssued = 5; + // The date and time (timestamp) when the analysis was last updated. + optional google.protobuf.Timestamp lastUpdated = 6; } enum ImpactAnalysisState { diff --git a/src/test/java/org/cyclonedx/parsers/JsonParserTest.java b/src/test/java/org/cyclonedx/parsers/JsonParserTest.java index 89d59108b..bfca40d0c 100644 --- a/src/test/java/org/cyclonedx/parsers/JsonParserTest.java +++ b/src/test/java/org/cyclonedx/parsers/JsonParserTest.java @@ -20,6 +20,7 @@ import org.apache.commons.io.IOUtils; import org.cyclonedx.CycloneDxSchema; +import org.cyclonedx.CycloneDxSchema.Version; import org.cyclonedx.model.Bom; import org.cyclonedx.model.Component; import org.cyclonedx.model.Dependency; @@ -333,9 +334,9 @@ public void testParsedObjects14Bom() throws Exception { assertEquals(1, bom.getVersion()); assertMetadata(bom.getMetadata()); - assertComponent(bom); + assertComponent(bom, Version.VERSION_14); assertServices(bom); - assertVulnerabilities(bom); + assertVulnerabilities(bom, Version.VERSION_14); // Dependencies assertEquals(2, bom.getDependencies().size()); @@ -354,9 +355,9 @@ public void testParsedObjects15Bom() throws Exception { assertEquals(1, bom.getVersion()); assertMetadata(bom.getMetadata()); - assertComponent(bom); + assertComponent(bom, Version.VERSION_15); assertServices(bom); - assertVulnerabilities(bom); + assertVulnerabilities(bom, Version.VERSION_15); // Dependencies assertEquals(2, bom.getDependencies().size()); @@ -365,7 +366,7 @@ public void testParsedObjects15Bom() throws Exception { assertEquals("pkg:npm/acme/component@1.0.0", d1.getRef()); } - private void assertVulnerabilities(final Bom bom) { + private void assertVulnerabilities(final Bom bom, Version version) { final List vulnerabilities = bom.getVulnerabilities(); assertEquals(1, vulnerabilities.size()); Vulnerability vuln = vulnerabilities.get(0); @@ -434,6 +435,15 @@ private void assertVulnerabilities(final Bom bom) { vuln.getAnalysis().getDetail()); assertEquals("update", vuln.getAnalysis().getResponses().get(0).getResponseName()); + //Vulnerability Analysis Timestamp 1.5 + if (version != Version.VERSION_14) { + assertNotNull(vuln.getAnalysis().getFirstIssued()); + assertNotNull(vuln.getAnalysis().getLastUpdated()); + } else { + assertNull(vuln.getAnalysis().getFirstIssued()); + assertNull(vuln.getAnalysis().getLastUpdated()); + } + //Affects assertEquals(1, vuln.getAffects().size()); assertEquals("pkg:maven/com.acme/jackson-databind@2.9.9", vuln.getAffects().get(0).getRef()); @@ -495,7 +505,7 @@ private void assertServices(final Bom bom) { assertEquals("http://api.partner.org/swagger", s.getExternalReferences().get(1).getUrl()); } - private void assertComponent(final Bom bom) { + private void assertComponent(final Bom bom, final Version version) { final List components = bom.getComponents(); assertEquals(1, components.size()); Component component = components.get(0); @@ -510,7 +520,15 @@ private void assertComponent(final Bom bom) { assertEquals("Acme Application", component.getSwid().getName()); assertEquals("9.1.1", component.getSwid().getVersion()); assertEquals("swidgen-242eb18a-503e-ca37-393b-cf156ef09691_9.1.1", component.getSwid().getTagId()); - assertEquals(1, component.getExternalReferences().size()); + + if (version == Version.VERSION_14) { + assertEquals(1, component.getExternalReferences().size()); + } + else { + assertEquals(2, component.getExternalReferences().size()); + //Security Contact + assertSecurityContact(component.getExternalReferences().get(1)); + } //Evidence assertNotNull(component.getEvidence()); @@ -521,6 +539,12 @@ private void assertComponent(final Bom bom) { component.getEvidence().getLicenseChoice().getLicenses().get(0).getUrl()); } + private void assertSecurityContact(ExternalReference externalReference){ + assertEquals(externalReference.getType(), ExternalReference.Type.SECURITY_CONTACT); + assertEquals(externalReference.getComment(), "test"); + assertEquals(externalReference.getUrl(), "http://example.org/docs"); + } + private void assertMetadata(final Metadata metadata) { assertNotNull(metadata); assertNotNull(metadata.getTimestamp()); diff --git a/src/test/java/org/cyclonedx/parsers/XmlParserTest.java b/src/test/java/org/cyclonedx/parsers/XmlParserTest.java index 5713c1a12..6c531d0d8 100644 --- a/src/test/java/org/cyclonedx/parsers/XmlParserTest.java +++ b/src/test/java/org/cyclonedx/parsers/XmlParserTest.java @@ -20,6 +20,7 @@ import org.apache.commons.io.IOUtils; import org.cyclonedx.CycloneDxSchema; +import org.cyclonedx.CycloneDxSchema.Version; import org.cyclonedx.model.Bom; import org.cyclonedx.model.Component; import org.cyclonedx.model.Dependency; @@ -458,9 +459,9 @@ public void testParsedObjects14Bom() throws Exception { assertEquals(1, bom.getVersion()); assertMetadata(bom.getMetadata()); - assertComponent(bom); + assertComponent(bom, Version.VERSION_14); assertServices(bom); - assertVulnerabilities(bom); + assertVulnerabilities(bom, Version.VERSION_14); // Dependencies assertEquals(1, bom.getDependencies().size()); @@ -479,15 +480,22 @@ public void testParsedObjects15Bom() throws Exception { assertEquals(1, bom.getVersion()); assertMetadata(bom.getMetadata()); - assertComponent(bom); + assertComponent(bom, Version.VERSION_15); assertServices(bom); - assertVulnerabilities(bom); + assertVulnerabilities(bom, Version.VERSION_15); // Dependencies assertEquals(1, bom.getDependencies().size()); Dependency d1 = bom.getDependencies().get(0); assertNotNull(d1); assertEquals("pkg:maven/com.acme/jackson-databind@2.9.4", d1.getRef()); + + //Assert Licensing + //Assert Vulnerability Rejected + //Assert Annotations + //Assert Bom Properties + //Assert License Properties + //Assert Vulnerabilities Timestamps } @Test @@ -501,7 +509,7 @@ public void testParsedObjects14Bom_WithVulnsExtension() throws Exception { assertNull(bom.getVulnerabilities()); } - private void assertVulnerabilities(final Bom bom) { + private void assertVulnerabilities(final Bom bom, final Version version) { final List vulnerabilities = bom.getVulnerabilities(); assertEquals(1, vulnerabilities.size()); Vulnerability vuln = vulnerabilities.get(0); @@ -570,6 +578,15 @@ private void assertVulnerabilities(final Bom bom) { vuln.getAnalysis().getDetail()); assertEquals("update", vuln.getAnalysis().getResponses().get(0).getResponseName()); + //Vulnerability Analysis Timestamp 1.5 + if (version != Version.VERSION_14) { + assertNotNull(vuln.getAnalysis().getFirstIssued()); + assertNotNull(vuln.getAnalysis().getLastUpdated()); + } else { + assertNull(vuln.getAnalysis().getFirstIssued()); + assertNull(vuln.getAnalysis().getLastUpdated()); + } + //Affects assertEquals(1, vuln.getAffects().size()); assertEquals("pkg:maven/com.acme/jackson-databind@2.9.9", vuln.getAffects().get(0).getRef()); @@ -631,7 +648,7 @@ private void assertServices(final Bom bom) { assertEquals("http://api.partner.org/swagger", s.getExternalReferences().get(1).getUrl()); } - private void assertComponent(final Bom bom) { + private void assertComponent(final Bom bom, final Version version) { final List components = bom.getComponents(); assertEquals(1, components.size()); Component component = components.get(0); @@ -646,7 +663,15 @@ private void assertComponent(final Bom bom) { assertEquals("Acme Application", component.getSwid().getName()); assertEquals("9.1.1", component.getSwid().getVersion()); assertEquals("swidgen-242eb18a-503e-ca37-393b-cf156ef09691_9.1.1", component.getSwid().getTagId()); - assertEquals(1, component.getExternalReferences().size()); + + if (version == Version.VERSION_14) { + assertEquals(1, component.getExternalReferences().size()); + } + else { + assertEquals(2, component.getExternalReferences().size()); + //Security Contact + assertSecurityContact(component.getExternalReferences().get(1)); + } //Evidence assertNotNull(component.getEvidence()); @@ -657,6 +682,12 @@ private void assertComponent(final Bom bom) { component.getEvidence().getLicenseChoice().getLicenses().get(0).getUrl()); } + private void assertSecurityContact(ExternalReference externalReference){ + assertEquals(externalReference.getType(), ExternalReference.Type.SECURITY_CONTACT); + assertEquals(externalReference.getComment(), "test"); + assertEquals(externalReference.getUrl(), "http://example.org/docs"); + } + private void assertMetadata(final Metadata metadata) { assertNotNull(metadata); assertNotNull(metadata.getTimestamp()); diff --git a/src/test/resources/bom-1.5.json b/src/test/resources/bom-1.5.json index d92a9f96a..1f2f1a60b 100644 --- a/src/test/resources/bom-1.5.json +++ b/src/test/resources/bom-1.5.json @@ -181,6 +181,11 @@ "type": "documentation", "url": "http://example.org/docs", "comment": "All component versions are documented here" + }, + { + "type": "security-contact", + "url": "http://example.org/docs", + "comment": "test" } ], "evidence": { @@ -376,7 +381,9 @@ "response": [ "update" ], - "detail": "An optional explanation of why the application is not affected by the vulnerable component." + "detail": "An optional explanation of why the application is not affected by the vulnerable component.", + "firstIssued": "2022-01-01T00:00:00.000Z", + "lastUpdated": "2022-02-01T00:00:00.000Z" }, "affects": [ { diff --git a/src/test/resources/bom-1.5.xml b/src/test/resources/bom-1.5.xml index f58b3e5c6..a4a2567d5 100644 --- a/src/test/resources/bom-1.5.xml +++ b/src/test/resources/bom-1.5.xml @@ -110,6 +110,10 @@ http://example.org/docs All component versions are documented here + + http://example.org/docs + test + @@ -261,6 +265,8 @@ update An optional explanation of why the application is not affected by the vulnerable component. + 2020-04-07T07:01:00Z + 2020-04-07T07:01:00Z diff --git a/src/test/resources/bom-1.5_ejemplo.xml b/src/test/resources/bom-1.5_ejemplo.xml new file mode 100644 index 000000000..913285eac --- /dev/null +++ b/src/test/resources/bom-1.5_ejemplo.xml @@ -0,0 +1,181 @@ + + + + 2020-04-07T07:01:00Z + + + Awesome Vendor + Awesome Tool + 9.1.2 + + 25ed8e31b995bb927966616df2a42b979a2717f0 + a74f733635a19aefb1f73e5947cef59cd7440c6952ef0f03d09d974274cbd6df + + + + + + Samantha Wright + samantha.wright@example.com + 800-555-1212 + + + + Acme Super Heros + Acme Application + 9.1.1 + + PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiID8+CjxTb2Z0d2FyZUlkZW50aXR5IHhtbDpsYW5nPSJFTiIgbmFtZT0iQWNtZSBBcHBsaWNhdGlvbiIgdmVyc2lvbj0iOS4xLjEiIAogdmVyc2lvblNjaGVtZT0ibXVsdGlwYXJ0bnVtZXJpYyIgCiB0YWdJZD0ic3dpZGdlbi1iNTk1MWFjOS00MmMwLWYzODItM2YxZS1iYzdhMmE0NDk3Y2JfOS4xLjEiIAogeG1sbnM9Imh0dHA6Ly9zdGFuZGFyZHMuaXNvLm9yZy9pc28vMTk3NzAvLTIvMjAxNS9zY2hlbWEueHNkIj4gCiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiAKIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL3N0YW5kYXJkcy5pc28ub3JnL2lzby8xOTc3MC8tMi8yMDE1LWN1cnJlbnQvc2NoZW1hLnhzZCBzY2hlbWEueHNkIiA+CiAgPE1ldGEgZ2VuZXJhdG9yPSJTV0lEIFRhZyBPbmxpbmUgR2VuZXJhdG9yIHYwLjEiIC8+IAogIDxFbnRpdHkgbmFtZT0iQWNtZSwgSW5jLiIgcmVnaWQ9ImV4YW1wbGUuY29tIiByb2xlPSJ0YWdDcmVhdG9yIiAvPiAKPC9Tb2Z0d2FyZUlkZW50aXR5Pg== + + + + Acme, Inc. + https://example.com + + Acme Professional Services + professional.services@example.com + + + + Acme, Inc. + https://example.com + + Acme Distribution + distribution@example.com + + + + + + Acme Super Heros + Acme Inc + com.acme + tomcat-catalina + 9.0.14 + Modified version of Apache Catalina + required + + 3942447fac867ae5cdb3229b658f4d48 + e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a + f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b + e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 + + + + Apache-2.0 + CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFwYWNoZSBMaWNlbnNlCiAgICAgICAgICAgICAgICAgICAgICAgICAgIFZlcnNpb24gMi4wLCBKYW51YXJ5IDIwMDQKICAgICAgICAgICAgICAgICAgICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzLwoKICAgVEVSTVMgQU5EIENPTkRJVElPTlMgRk9SIFVTRSwgUkVQUk9EVUNUSU9OLCBBTkQgRElTVFJJQlVUSU9OCgogICAxLiBEZWZpbml0aW9ucy4KCiAgICAgICJMaWNlbnNlIiBzaGFsbCBtZWFuIHRoZSB0ZXJtcyBhbmQgY29uZGl0aW9ucyBmb3IgdXNlLCByZXByb2R1Y3Rpb24sCiAgICAgIGFuZCBkaXN0cmlidXRpb24gYXMgZGVmaW5lZCBieSBTZWN0aW9ucyAxIHRocm91Z2ggOSBvZiB0aGlzIGRvY3VtZW50LgoKICAgICAgIkxpY2Vuc29yIiBzaGFsbCBtZWFuIHRoZSBjb3B5cmlnaHQgb3duZXIgb3IgZW50aXR5IGF1dGhvcml6ZWQgYnkKICAgICAgdGhlIGNvcHlyaWdodCBvd25lciB0aGF0IGlzIGdyYW50aW5nIHRoZSBMaWNlbnNlLgoKICAgICAgIkxlZ2FsIEVudGl0eSIgc2hhbGwgbWVhbiB0aGUgdW5pb24gb2YgdGhlIGFjdGluZyBlbnRpdHkgYW5kIGFsbAogICAgICBvdGhlciBlbnRpdGllcyB0aGF0IGNvbnRyb2wsIGFyZSBjb250cm9sbGVkIGJ5LCBvciBhcmUgdW5kZXIgY29tbW9uCiAgICAgIGNvbnRyb2wgd2l0aCB0aGF0IGVudGl0eS4gRm9yIHRoZSBwdXJwb3NlcyBvZiB0aGlzIGRlZmluaXRpb24sCiAgICAgICJjb250cm9sIiBtZWFucyAoaSkgdGhlIHBvd2VyLCBkaXJlY3Qgb3IgaW5kaXJlY3QsIHRvIGNhdXNlIHRoZQogICAgICBkaXJlY3Rpb24gb3IgbWFuYWdlbWVudCBvZiBzdWNoIGVudGl0eSwgd2hldGhlciBieSBjb250cmFjdCBvcgogICAgICBvdGhlcndpc2UsIG9yIChpaSkgb3duZXJzaGlwIG9mIGZpZnR5IHBlcmNlbnQgKDUwJSkgb3IgbW9yZSBvZiB0aGUKICAgICAgb3V0c3RhbmRpbmcgc2hhcmVzLCBvciAoaWlpKSBiZW5lZmljaWFsIG93bmVyc2hpcCBvZiBzdWNoIGVudGl0eS4KCiAgICAgICJZb3UiIChvciAiWW91ciIpIHNoYWxsIG1lYW4gYW4gaW5kaXZpZHVhbCBvciBMZWdhbCBFbnRpdHkKICAgICAgZXhlcmNpc2luZyBwZXJtaXNzaW9ucyBncmFudGVkIGJ5IHRoaXMgTGljZW5zZS4KCiAgICAgICJTb3VyY2UiIGZvcm0gc2hhbGwgbWVhbiB0aGUgcHJlZmVycmVkIGZvcm0gZm9yIG1ha2luZyBtb2RpZmljYXRpb25zLAogICAgICBpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIHNvZnR3YXJlIHNvdXJjZSBjb2RlLCBkb2N1bWVudGF0aW9uCiAgICAgIHNvdXJjZSwgYW5kIGNvbmZpZ3VyYXRpb24gZmlsZXMuCgogICAgICAiT2JqZWN0IiBmb3JtIHNoYWxsIG1lYW4gYW55IGZvcm0gcmVzdWx0aW5nIGZyb20gbWVjaGFuaWNhbAogICAgICB0cmFuc2Zvcm1hdGlvbiBvciB0cmFuc2xhdGlvbiBvZiBhIFNvdXJjZSBmb3JtLCBpbmNsdWRpbmcgYnV0CiAgICAgIG5vdCBsaW1pdGVkIHRvIGNvbXBpbGVkIG9iamVjdCBjb2RlLCBnZW5lcmF0ZWQgZG9jdW1lbnRhdGlvbiwKICAgICAgYW5kIGNvbnZlcnNpb25zIHRvIG90aGVyIG1lZGlhIHR5cGVzLgoKICAgICAgIldvcmsiIHNoYWxsIG1lYW4gdGhlIHdvcmsgb2YgYXV0aG9yc2hpcCwgd2hldGhlciBpbiBTb3VyY2Ugb3IKICAgICAgT2JqZWN0IGZvcm0sIG1hZGUgYXZhaWxhYmxlIHVuZGVyIHRoZSBMaWNlbnNlLCBhcyBpbmRpY2F0ZWQgYnkgYQogICAgICBjb3B5cmlnaHQgbm90aWNlIHRoYXQgaXMgaW5jbHVkZWQgaW4gb3IgYXR0YWNoZWQgdG8gdGhlIHdvcmsKICAgICAgKGFuIGV4YW1wbGUgaXMgcHJvdmlkZWQgaW4gdGhlIEFwcGVuZGl4IGJlbG93KS4KCiAgICAgICJEZXJpdmF0aXZlIFdvcmtzIiBzaGFsbCBtZWFuIGFueSB3b3JrLCB3aGV0aGVyIGluIFNvdXJjZSBvciBPYmplY3QKICAgICAgZm9ybSwgdGhhdCBpcyBiYXNlZCBvbiAob3IgZGVyaXZlZCBmcm9tKSB0aGUgV29yayBhbmQgZm9yIHdoaWNoIHRoZQogICAgICBlZGl0b3JpYWwgcmV2aXNpb25zLCBhbm5vdGF0aW9ucywgZWxhYm9yYXRpb25zLCBvciBvdGhlciBtb2RpZmljYXRpb25zCiAgICAgIHJlcHJlc2VudCwgYXMgYSB3aG9sZSwgYW4gb3JpZ2luYWwgd29yayBvZiBhdXRob3JzaGlwLiBGb3IgdGhlIHB1cnBvc2VzCiAgICAgIG9mIHRoaXMgTGljZW5zZSwgRGVyaXZhdGl2ZSBXb3JrcyBzaGFsbCBub3QgaW5jbHVkZSB3b3JrcyB0aGF0IHJlbWFpbgogICAgICBzZXBhcmFibGUgZnJvbSwgb3IgbWVyZWx5IGxpbmsgKG9yIGJpbmQgYnkgbmFtZSkgdG8gdGhlIGludGVyZmFjZXMgb2YsCiAgICAgIHRoZSBXb3JrIGFuZCBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YuCgogICAgICAiQ29udHJpYnV0aW9uIiBzaGFsbCBtZWFuIGFueSB3b3JrIG9mIGF1dGhvcnNoaXAsIGluY2x1ZGluZwogICAgICB0aGUgb3JpZ2luYWwgdmVyc2lvbiBvZiB0aGUgV29yayBhbmQgYW55IG1vZGlmaWNhdGlvbnMgb3IgYWRkaXRpb25zCiAgICAgIHRvIHRoYXQgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIHRoYXQgaXMgaW50ZW50aW9uYWxseQogICAgICBzdWJtaXR0ZWQgdG8gTGljZW5zb3IgZm9yIGluY2x1c2lvbiBpbiB0aGUgV29yayBieSB0aGUgY29weXJpZ2h0IG93bmVyCiAgICAgIG9yIGJ5IGFuIGluZGl2aWR1YWwgb3IgTGVnYWwgRW50aXR5IGF1dGhvcml6ZWQgdG8gc3VibWl0IG9uIGJlaGFsZiBvZgogICAgICB0aGUgY29weXJpZ2h0IG93bmVyLiBGb3IgdGhlIHB1cnBvc2VzIG9mIHRoaXMgZGVmaW5pdGlvbiwgInN1Ym1pdHRlZCIKICAgICAgbWVhbnMgYW55IGZvcm0gb2YgZWxlY3Ryb25pYywgdmVyYmFsLCBvciB3cml0dGVuIGNvbW11bmljYXRpb24gc2VudAogICAgICB0byB0aGUgTGljZW5zb3Igb3IgaXRzIHJlcHJlc2VudGF0aXZlcywgaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0bwogICAgICBjb21tdW5pY2F0aW9uIG9uIGVsZWN0cm9uaWMgbWFpbGluZyBsaXN0cywgc291cmNlIGNvZGUgY29udHJvbCBzeXN0ZW1zLAogICAgICBhbmQgaXNzdWUgdHJhY2tpbmcgc3lzdGVtcyB0aGF0IGFyZSBtYW5hZ2VkIGJ5LCBvciBvbiBiZWhhbGYgb2YsIHRoZQogICAgICBMaWNlbnNvciBmb3IgdGhlIHB1cnBvc2Ugb2YgZGlzY3Vzc2luZyBhbmQgaW1wcm92aW5nIHRoZSBXb3JrLCBidXQKICAgICAgZXhjbHVkaW5nIGNvbW11bmljYXRpb24gdGhhdCBpcyBjb25zcGljdW91c2x5IG1hcmtlZCBvciBvdGhlcndpc2UKICAgICAgZGVzaWduYXRlZCBpbiB3cml0aW5nIGJ5IHRoZSBjb3B5cmlnaHQgb3duZXIgYXMgIk5vdCBhIENvbnRyaWJ1dGlvbi4iCgogICAgICAiQ29udHJpYnV0b3IiIHNoYWxsIG1lYW4gTGljZW5zb3IgYW5kIGFueSBpbmRpdmlkdWFsIG9yIExlZ2FsIEVudGl0eQogICAgICBvbiBiZWhhbGYgb2Ygd2hvbSBhIENvbnRyaWJ1dGlvbiBoYXMgYmVlbiByZWNlaXZlZCBieSBMaWNlbnNvciBhbmQKICAgICAgc3Vic2VxdWVudGx5IGluY29ycG9yYXRlZCB3aXRoaW4gdGhlIFdvcmsuCgogICAyLiBHcmFudCBvZiBDb3B5cmlnaHQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICBjb3B5cmlnaHQgbGljZW5zZSB0byByZXByb2R1Y2UsIHByZXBhcmUgRGVyaXZhdGl2ZSBXb3JrcyBvZiwKICAgICAgcHVibGljbHkgZGlzcGxheSwgcHVibGljbHkgcGVyZm9ybSwgc3VibGljZW5zZSwgYW5kIGRpc3RyaWJ1dGUgdGhlCiAgICAgIFdvcmsgYW5kIHN1Y2ggRGVyaXZhdGl2ZSBXb3JrcyBpbiBTb3VyY2Ugb3IgT2JqZWN0IGZvcm0uCgogICAzLiBHcmFudCBvZiBQYXRlbnQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICAoZXhjZXB0IGFzIHN0YXRlZCBpbiB0aGlzIHNlY3Rpb24pIHBhdGVudCBsaWNlbnNlIHRvIG1ha2UsIGhhdmUgbWFkZSwKICAgICAgdXNlLCBvZmZlciB0byBzZWxsLCBzZWxsLCBpbXBvcnQsIGFuZCBvdGhlcndpc2UgdHJhbnNmZXIgdGhlIFdvcmssCiAgICAgIHdoZXJlIHN1Y2ggbGljZW5zZSBhcHBsaWVzIG9ubHkgdG8gdGhvc2UgcGF0ZW50IGNsYWltcyBsaWNlbnNhYmxlCiAgICAgIGJ5IHN1Y2ggQ29udHJpYnV0b3IgdGhhdCBhcmUgbmVjZXNzYXJpbHkgaW5mcmluZ2VkIGJ5IHRoZWlyCiAgICAgIENvbnRyaWJ1dGlvbihzKSBhbG9uZSBvciBieSBjb21iaW5hdGlvbiBvZiB0aGVpciBDb250cmlidXRpb24ocykKICAgICAgd2l0aCB0aGUgV29yayB0byB3aGljaCBzdWNoIENvbnRyaWJ1dGlvbihzKSB3YXMgc3VibWl0dGVkLiBJZiBZb3UKICAgICAgaW5zdGl0dXRlIHBhdGVudCBsaXRpZ2F0aW9uIGFnYWluc3QgYW55IGVudGl0eSAoaW5jbHVkaW5nIGEKICAgICAgY3Jvc3MtY2xhaW0gb3IgY291bnRlcmNsYWltIGluIGEgbGF3c3VpdCkgYWxsZWdpbmcgdGhhdCB0aGUgV29yawogICAgICBvciBhIENvbnRyaWJ1dGlvbiBpbmNvcnBvcmF0ZWQgd2l0aGluIHRoZSBXb3JrIGNvbnN0aXR1dGVzIGRpcmVjdAogICAgICBvciBjb250cmlidXRvcnkgcGF0ZW50IGluZnJpbmdlbWVudCwgdGhlbiBhbnkgcGF0ZW50IGxpY2Vuc2VzCiAgICAgIGdyYW50ZWQgdG8gWW91IHVuZGVyIHRoaXMgTGljZW5zZSBmb3IgdGhhdCBXb3JrIHNoYWxsIHRlcm1pbmF0ZQogICAgICBhcyBvZiB0aGUgZGF0ZSBzdWNoIGxpdGlnYXRpb24gaXMgZmlsZWQuCgogICA0LiBSZWRpc3RyaWJ1dGlvbi4gWW91IG1heSByZXByb2R1Y2UgYW5kIGRpc3RyaWJ1dGUgY29waWVzIG9mIHRoZQogICAgICBXb3JrIG9yIERlcml2YXRpdmUgV29ya3MgdGhlcmVvZiBpbiBhbnkgbWVkaXVtLCB3aXRoIG9yIHdpdGhvdXQKICAgICAgbW9kaWZpY2F0aW9ucywgYW5kIGluIFNvdXJjZSBvciBPYmplY3QgZm9ybSwgcHJvdmlkZWQgdGhhdCBZb3UKICAgICAgbWVldCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnM6CgogICAgICAoYSkgWW91IG11c3QgZ2l2ZSBhbnkgb3RoZXIgcmVjaXBpZW50cyBvZiB0aGUgV29yayBvcgogICAgICAgICAgRGVyaXZhdGl2ZSBXb3JrcyBhIGNvcHkgb2YgdGhpcyBMaWNlbnNlOyBhbmQKCiAgICAgIChiKSBZb3UgbXVzdCBjYXVzZSBhbnkgbW9kaWZpZWQgZmlsZXMgdG8gY2FycnkgcHJvbWluZW50IG5vdGljZXMKICAgICAgICAgIHN0YXRpbmcgdGhhdCBZb3UgY2hhbmdlZCB0aGUgZmlsZXM7IGFuZAoKICAgICAgKGMpIFlvdSBtdXN0IHJldGFpbiwgaW4gdGhlIFNvdXJjZSBmb3JtIG9mIGFueSBEZXJpdmF0aXZlIFdvcmtzCiAgICAgICAgICB0aGF0IFlvdSBkaXN0cmlidXRlLCBhbGwgY29weXJpZ2h0LCBwYXRlbnQsIHRyYWRlbWFyaywgYW5kCiAgICAgICAgICBhdHRyaWJ1dGlvbiBub3RpY2VzIGZyb20gdGhlIFNvdXJjZSBmb3JtIG9mIHRoZSBXb3JrLAogICAgICAgICAgZXhjbHVkaW5nIHRob3NlIG5vdGljZXMgdGhhdCBkbyBub3QgcGVydGFpbiB0byBhbnkgcGFydCBvZgogICAgICAgICAgdGhlIERlcml2YXRpdmUgV29ya3M7IGFuZAoKICAgICAgKGQpIElmIHRoZSBXb3JrIGluY2x1ZGVzIGEgIk5PVElDRSIgdGV4dCBmaWxlIGFzIHBhcnQgb2YgaXRzCiAgICAgICAgICBkaXN0cmlidXRpb24sIHRoZW4gYW55IERlcml2YXRpdmUgV29ya3MgdGhhdCBZb3UgZGlzdHJpYnV0ZSBtdXN0CiAgICAgICAgICBpbmNsdWRlIGEgcmVhZGFibGUgY29weSBvZiB0aGUgYXR0cmlidXRpb24gbm90aWNlcyBjb250YWluZWQKICAgICAgICAgIHdpdGhpbiBzdWNoIE5PVElDRSBmaWxlLCBleGNsdWRpbmcgdGhvc2Ugbm90aWNlcyB0aGF0IGRvIG5vdAogICAgICAgICAgcGVydGFpbiB0byBhbnkgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaW4gYXQgbGVhc3Qgb25lCiAgICAgICAgICBvZiB0aGUgZm9sbG93aW5nIHBsYWNlczogd2l0aGluIGEgTk9USUNFIHRleHQgZmlsZSBkaXN0cmlidXRlZAogICAgICAgICAgYXMgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgd2l0aGluIHRoZSBTb3VyY2UgZm9ybSBvcgogICAgICAgICAgZG9jdW1lbnRhdGlvbiwgaWYgcHJvdmlkZWQgYWxvbmcgd2l0aCB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgb3IsCiAgICAgICAgICB3aXRoaW4gYSBkaXNwbGF5IGdlbmVyYXRlZCBieSB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaWYgYW5kCiAgICAgICAgICB3aGVyZXZlciBzdWNoIHRoaXJkLXBhcnR5IG5vdGljZXMgbm9ybWFsbHkgYXBwZWFyLiBUaGUgY29udGVudHMKICAgICAgICAgIG9mIHRoZSBOT1RJQ0UgZmlsZSBhcmUgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seSBhbmQKICAgICAgICAgIGRvIG5vdCBtb2RpZnkgdGhlIExpY2Vuc2UuIFlvdSBtYXkgYWRkIFlvdXIgb3duIGF0dHJpYnV0aW9uCiAgICAgICAgICBub3RpY2VzIHdpdGhpbiBEZXJpdmF0aXZlIFdvcmtzIHRoYXQgWW91IGRpc3RyaWJ1dGUsIGFsb25nc2lkZQogICAgICAgICAgb3IgYXMgYW4gYWRkZW5kdW0gdG8gdGhlIE5PVElDRSB0ZXh0IGZyb20gdGhlIFdvcmssIHByb3ZpZGVkCiAgICAgICAgICB0aGF0IHN1Y2ggYWRkaXRpb25hbCBhdHRyaWJ1dGlvbiBub3RpY2VzIGNhbm5vdCBiZSBjb25zdHJ1ZWQKICAgICAgICAgIGFzIG1vZGlmeWluZyB0aGUgTGljZW5zZS4KCiAgICAgIFlvdSBtYXkgYWRkIFlvdXIgb3duIGNvcHlyaWdodCBzdGF0ZW1lbnQgdG8gWW91ciBtb2RpZmljYXRpb25zIGFuZAogICAgICBtYXkgcHJvdmlkZSBhZGRpdGlvbmFsIG9yIGRpZmZlcmVudCBsaWNlbnNlIHRlcm1zIGFuZCBjb25kaXRpb25zCiAgICAgIGZvciB1c2UsIHJlcHJvZHVjdGlvbiwgb3IgZGlzdHJpYnV0aW9uIG9mIFlvdXIgbW9kaWZpY2F0aW9ucywgb3IKICAgICAgZm9yIGFueSBzdWNoIERlcml2YXRpdmUgV29ya3MgYXMgYSB3aG9sZSwgcHJvdmlkZWQgWW91ciB1c2UsCiAgICAgIHJlcHJvZHVjdGlvbiwgYW5kIGRpc3RyaWJ1dGlvbiBvZiB0aGUgV29yayBvdGhlcndpc2UgY29tcGxpZXMgd2l0aAogICAgICB0aGUgY29uZGl0aW9ucyBzdGF0ZWQgaW4gdGhpcyBMaWNlbnNlLgoKICAgNS4gU3VibWlzc2lvbiBvZiBDb250cmlidXRpb25zLiBVbmxlc3MgWW91IGV4cGxpY2l0bHkgc3RhdGUgb3RoZXJ3aXNlLAogICAgICBhbnkgQ29udHJpYnV0aW9uIGludGVudGlvbmFsbHkgc3VibWl0dGVkIGZvciBpbmNsdXNpb24gaW4gdGhlIFdvcmsKICAgICAgYnkgWW91IHRvIHRoZSBMaWNlbnNvciBzaGFsbCBiZSB1bmRlciB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCB3aXRob3V0IGFueSBhZGRpdGlvbmFsIHRlcm1zIG9yIGNvbmRpdGlvbnMuCiAgICAgIE5vdHdpdGhzdGFuZGluZyB0aGUgYWJvdmUsIG5vdGhpbmcgaGVyZWluIHNoYWxsIHN1cGVyc2VkZSBvciBtb2RpZnkKICAgICAgdGhlIHRlcm1zIG9mIGFueSBzZXBhcmF0ZSBsaWNlbnNlIGFncmVlbWVudCB5b3UgbWF5IGhhdmUgZXhlY3V0ZWQKICAgICAgd2l0aCBMaWNlbnNvciByZWdhcmRpbmcgc3VjaCBDb250cmlidXRpb25zLgoKICAgNi4gVHJhZGVtYXJrcy4gVGhpcyBMaWNlbnNlIGRvZXMgbm90IGdyYW50IHBlcm1pc3Npb24gdG8gdXNlIHRoZSB0cmFkZQogICAgICBuYW1lcywgdHJhZGVtYXJrcywgc2VydmljZSBtYXJrcywgb3IgcHJvZHVjdCBuYW1lcyBvZiB0aGUgTGljZW5zb3IsCiAgICAgIGV4Y2VwdCBhcyByZXF1aXJlZCBmb3IgcmVhc29uYWJsZSBhbmQgY3VzdG9tYXJ5IHVzZSBpbiBkZXNjcmliaW5nIHRoZQogICAgICBvcmlnaW4gb2YgdGhlIFdvcmsgYW5kIHJlcHJvZHVjaW5nIHRoZSBjb250ZW50IG9mIHRoZSBOT1RJQ0UgZmlsZS4KCiAgIDcuIERpc2NsYWltZXIgb2YgV2FycmFudHkuIFVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvcgogICAgICBhZ3JlZWQgdG8gaW4gd3JpdGluZywgTGljZW5zb3IgcHJvdmlkZXMgdGhlIFdvcmsgKGFuZCBlYWNoCiAgICAgIENvbnRyaWJ1dG9yIHByb3ZpZGVzIGl0cyBDb250cmlidXRpb25zKSBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICAgICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IKICAgICAgaW1wbGllZCwgaW5jbHVkaW5nLCB3aXRob3V0IGxpbWl0YXRpb24sIGFueSB3YXJyYW50aWVzIG9yIGNvbmRpdGlvbnMKICAgICAgb2YgVElUTEUsIE5PTi1JTkZSSU5HRU1FTlQsIE1FUkNIQU5UQUJJTElUWSwgb3IgRklUTkVTUyBGT1IgQQogICAgICBQQVJUSUNVTEFSIFBVUlBPU0UuIFlvdSBhcmUgc29sZWx5IHJlc3BvbnNpYmxlIGZvciBkZXRlcm1pbmluZyB0aGUKICAgICAgYXBwcm9wcmlhdGVuZXNzIG9mIHVzaW5nIG9yIHJlZGlzdHJpYnV0aW5nIHRoZSBXb3JrIGFuZCBhc3N1bWUgYW55CiAgICAgIHJpc2tzIGFzc29jaWF0ZWQgd2l0aCBZb3VyIGV4ZXJjaXNlIG9mIHBlcm1pc3Npb25zIHVuZGVyIHRoaXMgTGljZW5zZS4KCiAgIDguIExpbWl0YXRpb24gb2YgTGlhYmlsaXR5LiBJbiBubyBldmVudCBhbmQgdW5kZXIgbm8gbGVnYWwgdGhlb3J5LAogICAgICB3aGV0aGVyIGluIHRvcnQgKGluY2x1ZGluZyBuZWdsaWdlbmNlKSwgY29udHJhY3QsIG9yIG90aGVyd2lzZSwKICAgICAgdW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IChzdWNoIGFzIGRlbGliZXJhdGUgYW5kIGdyb3NzbHkKICAgICAgbmVnbGlnZW50IGFjdHMpIG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzaGFsbCBhbnkgQ29udHJpYnV0b3IgYmUKICAgICAgbGlhYmxlIHRvIFlvdSBmb3IgZGFtYWdlcywgaW5jbHVkaW5nIGFueSBkaXJlY3QsIGluZGlyZWN0LCBzcGVjaWFsLAogICAgICBpbmNpZGVudGFsLCBvciBjb25zZXF1ZW50aWFsIGRhbWFnZXMgb2YgYW55IGNoYXJhY3RlciBhcmlzaW5nIGFzIGEKICAgICAgcmVzdWx0IG9mIHRoaXMgTGljZW5zZSBvciBvdXQgb2YgdGhlIHVzZSBvciBpbmFiaWxpdHkgdG8gdXNlIHRoZQogICAgICBXb3JrIChpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIGRhbWFnZXMgZm9yIGxvc3Mgb2YgZ29vZHdpbGwsCiAgICAgIHdvcmsgc3RvcHBhZ2UsIGNvbXB1dGVyIGZhaWx1cmUgb3IgbWFsZnVuY3Rpb24sIG9yIGFueSBhbmQgYWxsCiAgICAgIG90aGVyIGNvbW1lcmNpYWwgZGFtYWdlcyBvciBsb3NzZXMpLCBldmVuIGlmIHN1Y2ggQ29udHJpYnV0b3IKICAgICAgaGFzIGJlZW4gYWR2aXNlZCBvZiB0aGUgcG9zc2liaWxpdHkgb2Ygc3VjaCBkYW1hZ2VzLgoKICAgOS4gQWNjZXB0aW5nIFdhcnJhbnR5IG9yIEFkZGl0aW9uYWwgTGlhYmlsaXR5LiBXaGlsZSByZWRpc3RyaWJ1dGluZwogICAgICB0aGUgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIFlvdSBtYXkgY2hvb3NlIHRvIG9mZmVyLAogICAgICBhbmQgY2hhcmdlIGEgZmVlIGZvciwgYWNjZXB0YW5jZSBvZiBzdXBwb3J0LCB3YXJyYW50eSwgaW5kZW1uaXR5LAogICAgICBvciBvdGhlciBsaWFiaWxpdHkgb2JsaWdhdGlvbnMgYW5kL29yIHJpZ2h0cyBjb25zaXN0ZW50IHdpdGggdGhpcwogICAgICBMaWNlbnNlLiBIb3dldmVyLCBpbiBhY2NlcHRpbmcgc3VjaCBvYmxpZ2F0aW9ucywgWW91IG1heSBhY3Qgb25seQogICAgICBvbiBZb3VyIG93biBiZWhhbGYgYW5kIG9uIFlvdXIgc29sZSByZXNwb25zaWJpbGl0eSwgbm90IG9uIGJlaGFsZgogICAgICBvZiBhbnkgb3RoZXIgQ29udHJpYnV0b3IsIGFuZCBvbmx5IGlmIFlvdSBhZ3JlZSB0byBpbmRlbW5pZnksCiAgICAgIGRlZmVuZCwgYW5kIGhvbGQgZWFjaCBDb250cmlidXRvciBoYXJtbGVzcyBmb3IgYW55IGxpYWJpbGl0eQogICAgICBpbmN1cnJlZCBieSwgb3IgY2xhaW1zIGFzc2VydGVkIGFnYWluc3QsIHN1Y2ggQ29udHJpYnV0b3IgYnkgcmVhc29uCiAgICAgIG9mIHlvdXIgYWNjZXB0aW5nIGFueSBzdWNoIHdhcnJhbnR5IG9yIGFkZGl0aW9uYWwgbGlhYmlsaXR5LgoKICAgRU5EIE9GIFRFUk1TIEFORCBDT05ESVRJT05TCgogICBBUFBFTkRJWDogSG93IHRvIGFwcGx5IHRoZSBBcGFjaGUgTGljZW5zZSB0byB5b3VyIHdvcmsuCgogICAgICBUbyBhcHBseSB0aGUgQXBhY2hlIExpY2Vuc2UgdG8geW91ciB3b3JrLCBhdHRhY2ggdGhlIGZvbGxvd2luZwogICAgICBib2lsZXJwbGF0ZSBub3RpY2UsIHdpdGggdGhlIGZpZWxkcyBlbmNsb3NlZCBieSBicmFja2V0cyAiW10iCiAgICAgIHJlcGxhY2VkIHdpdGggeW91ciBvd24gaWRlbnRpZnlpbmcgaW5mb3JtYXRpb24uIChEb24ndCBpbmNsdWRlCiAgICAgIHRoZSBicmFja2V0cyEpICBUaGUgdGV4dCBzaG91bGQgYmUgZW5jbG9zZWQgaW4gdGhlIGFwcHJvcHJpYXRlCiAgICAgIGNvbW1lbnQgc3ludGF4IGZvciB0aGUgZmlsZSBmb3JtYXQuIFdlIGFsc28gcmVjb21tZW5kIHRoYXQgYQogICAgICBmaWxlIG9yIGNsYXNzIG5hbWUgYW5kIGRlc2NyaXB0aW9uIG9mIHB1cnBvc2UgYmUgaW5jbHVkZWQgb24gdGhlCiAgICAgIHNhbWUgInByaW50ZWQgcGFnZSIgYXMgdGhlIGNvcHlyaWdodCBub3RpY2UgZm9yIGVhc2llcgogICAgICBpZGVudGlmaWNhdGlvbiB3aXRoaW4gdGhpcmQtcGFydHkgYXJjaGl2ZXMuCgogICBDb3B5cmlnaHQgW3l5eXldIFtuYW1lIG9mIGNvcHlyaWdodCBvd25lcl0KCiAgIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSAiTGljZW5zZSIpOwogICB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiAgIFlvdSBtYXkgb2J0YWluIGEgY29weSBvZiB0aGUgTGljZW5zZSBhdAoKICAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMAoKICAgVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZQogICBkaXN0cmlidXRlZCB1bmRlciB0aGUgTGljZW5zZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KICAgU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zIGFuZAogICBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS4= + https://www.apache.org/licenses/LICENSE-2.0.txt + + + pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar + + + + Apache Super Heros + Apache + org.apache.tomcat + tomcat-catalina + 9.0.14 + Apache Catalina + + + Apache-2.0 + + + pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.14?packaging=jar + + + + + 7638417db6d59f3c431d3e1f261cc637155684cd + https://location/to/7638417db6d59f3c431d3e1f261cc637155684cd + + 2018-11-07T22:01:45Z + John Doe + john.doe@example.com + + + 2018-11-07T22:01:45Z + Jane Doe + jane.doe@example.com + + Initial commit + + + Commentary here + + + + + Example Inc. + https://example.com + https://example.net + + Example Support AMER + support@example.com + 800-555-1212 + + + Example Support APAC + support@apac.example.com + + + Example Super Heros + org.example + mylibrary + 1.0.0 + required + + 2342c2eaf1feb9a80195dbaddf2ebaa3 + 68b78babe00a053f9e35ec6a2d9080f5b90122b0 + 708f1f53b41f11f02d12a11b1a38d2905d47b099afc71a0f1124ef8582ec7313 + 387b7ae16b9cae45f830671541539bf544202faae5aac544a93b7b0a04f5f846fa2f4e81ef3f1677e13aed7496408a441f5657ab6d54423e56bf6f38da124aef + + + EPL-2.0 OR GPL-2.0-with-classpath-exception + + Copyright Example Inc. All rights reserved. + cpe:/a:example:myapplication:1.0.0 + pkg:maven/com.example/myapplication@1.0.0?packaging=war + false + + + http://example.org/docs + All component versions are documented here + + + http://example.org/security + + + + + Example Super Heros + com.example + myframework + 1.0.0 + Example Inc, enterprise framework + required + + cfcb0b64aacd2f81c1cd546543de965a + 7fbeef2346c45d565c3341f037bce4e088af8a52 + 0384db3cec55d86a6898c489fdb75a8e75fe66b26639634983d2f3c3558493d1 + 854909cdb9e3ca183056837144aab6d8069b377bd66445087cc7157bf0c3f620418705dd0b83bdc2f73a508c2bdb316ca1809d75ee6972d02023a3e7dd655c79 + + + + Some random license + + + pkg:maven/com.example/myframework@1.0.0?packaging=war + false + + + http://example.com/myframework + + + http://example.com/security + + + + + From 52dd3eb8df324487fd52dee8aa546c8ef5f3f0be Mon Sep 17 00:00:00 2001 From: Alexander Alzate Date: Thu, 2 Mar 2023 11:33:28 -0500 Subject: [PATCH 04/40] 1.5 support rejected vex (#265) --- .../cyclonedx/model/vulnerability/Vulnerability.java | 12 ++++++++++++ .../java/org/cyclonedx/parsers/JsonParserTest.java | 12 ++++++++++-- .../java/org/cyclonedx/parsers/XmlParserTest.java | 8 ++++++++ src/test/resources/bom-1.5.json | 1 + src/test/resources/bom-1.5.xml | 1 + 5 files changed, 32 insertions(+), 2 deletions(-) diff --git a/src/main/java/org/cyclonedx/model/vulnerability/Vulnerability.java b/src/main/java/org/cyclonedx/model/vulnerability/Vulnerability.java index c26ca41d9..dcb64da53 100644 --- a/src/main/java/org/cyclonedx/model/vulnerability/Vulnerability.java +++ b/src/main/java/org/cyclonedx/model/vulnerability/Vulnerability.java @@ -54,6 +54,7 @@ "created", "published", "updated", + "rejected", "credits", "tools", "analysis", @@ -86,6 +87,9 @@ public Vulnerability() {} @JsonSerialize(using = CustomDateSerializer.class) @VersionFilter(versions = {"1.0", "1.1", "1.2", "1.3"}) private Date updated; + @JsonSerialize(using = CustomDateSerializer.class) + @VersionFilter(versions = {"1.0", "1.1", "1.2", "1.3", "1.4"}) + private Date rejected; private Credits credits; @JacksonXmlElementWrapper(localName = "tools") @JacksonXmlProperty(localName = "tool") @@ -220,6 +224,14 @@ public void setUpdated(final Date updated) { this.updated = updated; } + public Date getRejected() { + return rejected; + } + + public void setRejected(final Date rejected) { + this.rejected = rejected; + } + public Credits getCredits() { return credits; } diff --git a/src/test/java/org/cyclonedx/parsers/JsonParserTest.java b/src/test/java/org/cyclonedx/parsers/JsonParserTest.java index bfca40d0c..7cdb3600c 100644 --- a/src/test/java/org/cyclonedx/parsers/JsonParserTest.java +++ b/src/test/java/org/cyclonedx/parsers/JsonParserTest.java @@ -365,8 +365,8 @@ public void testParsedObjects15Bom() throws Exception { assertNotNull(d1); assertEquals("pkg:npm/acme/component@1.0.0", d1.getRef()); } - - private void assertVulnerabilities(final Bom bom, Version version) { + + private void assertVulnerabilities(final Bom bom, final Version version) { final List vulnerabilities = bom.getVulnerabilities(); assertEquals(1, vulnerabilities.size()); Vulnerability vuln = vulnerabilities.get(0); @@ -381,6 +381,14 @@ private void assertVulnerabilities(final Bom bom, Version version) { assertNotNull(vuln.getPublished()); assertNotNull(vuln.getUpdated()); + //Assert Vulnerability Rejected + if (version != Version.VERSION_14) { + assertNotNull(vuln.getRejected()); + } + else { + assertNull(vuln.getRejected()); + } + //Source assertEquals("Sonatype", vuln.getSource().getName()); assertEquals("https://www.vuln.com", vuln.getSource().getUrl()); diff --git a/src/test/java/org/cyclonedx/parsers/XmlParserTest.java b/src/test/java/org/cyclonedx/parsers/XmlParserTest.java index 6c531d0d8..beffabdad 100644 --- a/src/test/java/org/cyclonedx/parsers/XmlParserTest.java +++ b/src/test/java/org/cyclonedx/parsers/XmlParserTest.java @@ -524,6 +524,14 @@ private void assertVulnerabilities(final Bom bom, final Version version) { assertNotNull(vuln.getPublished()); assertNotNull(vuln.getUpdated()); + //Assert Vulnerability Rejected + if (version != Version.VERSION_14) { + assertNotNull(vuln.getRejected()); + } + else { + assertNull(vuln.getRejected()); + } + //Source assertEquals("Sonatype", vuln.getSource().getName()); assertEquals("https://www.vuln.com", vuln.getSource().getUrl()); diff --git a/src/test/resources/bom-1.5.json b/src/test/resources/bom-1.5.json index 1f2f1a60b..2ee6f2834 100644 --- a/src/test/resources/bom-1.5.json +++ b/src/test/resources/bom-1.5.json @@ -346,6 +346,7 @@ "created": "2020-04-07T07:01:00Z", "published": "2020-04-07T07:01:00Z", "updated": "2020-04-07T07:01:00Z", + "rejected": "2023-02-13T07:01:00Z", "credits": { "organizations": [ { diff --git a/src/test/resources/bom-1.5.xml b/src/test/resources/bom-1.5.xml index a4a2567d5..97e810bbc 100644 --- a/src/test/resources/bom-1.5.xml +++ b/src/test/resources/bom-1.5.xml @@ -234,6 +234,7 @@ 2020-04-07T07:01:00Z 2020-04-07T07:01:00Z 2020-04-07T07:01:00Z + 2023-02-16T07:01:00Z From 9003163c423ad03e5e27245964375d0794af9b25 Mon Sep 17 00:00:00 2001 From: Jeffry Hesse <5544326+DarthHater@users.noreply.github.com> Date: Thu, 2 Mar 2023 07:40:50 -0900 Subject: [PATCH 05/40] Add properties on license (#262) --- .../java/org/cyclonedx/model/License.java | 22 ++++++++++++++--- src/main/resources/bom-1.5.proto | 2 ++ src/main/resources/bom-1.5.schema.json | 9 +++++++ .../org/cyclonedx/parsers/JsonParserTest.java | 24 +++++++++++++++++-- .../org/cyclonedx/parsers/XmlParserTest.java | 24 +++++++++++++++++-- src/test/resources/bom-1.4.json | 4 +++- src/test/resources/bom-1.4.xml | 4 +++- src/test/resources/bom-1.5.json | 10 +++++++- src/test/resources/bom-1.5.xml | 7 +++++- 9 files changed, 95 insertions(+), 11 deletions(-) diff --git a/src/main/java/org/cyclonedx/model/License.java b/src/main/java/org/cyclonedx/model/License.java index 8b715113f..1f9157ed8 100644 --- a/src/main/java/org/cyclonedx/model/License.java +++ b/src/main/java/org/cyclonedx/model/License.java @@ -18,18 +18,20 @@ */ package org.cyclonedx.model; +import java.util.List; import java.util.Objects; import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonInclude; import com.fasterxml.jackson.annotation.JsonProperty; import com.fasterxml.jackson.annotation.JsonPropertyOrder; import com.fasterxml.jackson.annotation.JsonRootName; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; @SuppressWarnings("unused") @JsonIgnoreProperties(ignoreUnknown = true) @JsonInclude(JsonInclude.Include.NON_NULL) -@JsonPropertyOrder({"id", "name", "text", "url"}) +@JsonPropertyOrder({"id", "name", "text", "url", "properties"}) @JsonRootName("license") public class License extends ExtensibleElement { @@ -43,6 +45,9 @@ public class License extends ExtensibleElement { private AttachmentText attachmentText; private String url; + @VersionFilter(versions = {"1.1", "1.2", "1.3", "1.4"}) + private List properties; + public String getId() { return id; } @@ -67,6 +72,16 @@ public void setUrl(String url) { this.url = url; } + @JacksonXmlElementWrapper(localName = "properties") + @JacksonXmlProperty(localName = "property") + public List getProperties() { + return properties; + } + + public void setProperties(final List properties) { + this.properties = properties; + } + public AttachmentText getAttachmentText() { return attachmentText; } @@ -83,11 +98,12 @@ public boolean equals(Object o) { return Objects.equals(id, license.id) && Objects.equals(name, license.name) && Objects.equals(url, license.url) && - Objects.equals(attachmentText, license.attachmentText); + Objects.equals(attachmentText, license.attachmentText) && + Objects.equals(properties, license.properties); } @Override public int hashCode() { - return Objects.hash(id, name, url, attachmentText); + return Objects.hash(id, name, url, attachmentText, properties); } } diff --git a/src/main/resources/bom-1.5.proto b/src/main/resources/bom-1.5.proto index b36b2983c..111217429 100644 --- a/src/main/resources/bom-1.5.proto +++ b/src/main/resources/bom-1.5.proto @@ -277,6 +277,8 @@ message License { optional string bom_ref = 5; // Licensing details describing the licensor/licensee, license type, renewal and expiration dates, and other important metadata optional Licensing licensing = 6; + // Specifies optional, custom, properties + repeated Property properties = 7; } message Licensing { diff --git a/src/main/resources/bom-1.5.schema.json b/src/main/resources/bom-1.5.schema.json index 43a09c02d..2d3b30050 100644 --- a/src/main/resources/bom-1.5.schema.json +++ b/src/main/resources/bom-1.5.schema.json @@ -789,6 +789,15 @@ "description": "The timestamp indicating when the current license expires (if applicable)." } } + }, + "properties": { + "type": "array", + "title": "Properties", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL.", + "additionalItems": false, + "items": { + "$ref": "#/definitions/property" + } } } }, diff --git a/src/test/java/org/cyclonedx/parsers/JsonParserTest.java b/src/test/java/org/cyclonedx/parsers/JsonParserTest.java index 7cdb3600c..901b7f127 100644 --- a/src/test/java/org/cyclonedx/parsers/JsonParserTest.java +++ b/src/test/java/org/cyclonedx/parsers/JsonParserTest.java @@ -25,6 +25,8 @@ import org.cyclonedx.model.Component; import org.cyclonedx.model.Dependency; import org.cyclonedx.model.ExternalReference; +import org.cyclonedx.model.License; +import org.cyclonedx.model.LicenseChoice; import org.cyclonedx.model.Metadata; import org.cyclonedx.model.OrganizationalContact; import org.cyclonedx.model.OrganizationalEntity; @@ -523,7 +525,10 @@ private void assertComponent(final Bom bom, final Version version) { assertEquals(Component.Type.LIBRARY, component.getType()); assertEquals("pkg:maven/com.acme/jackson-databind@2.9.4", component.getPurl()); assertEquals(12, component.getHashes().size()); - assertNotNull(component.getLicenseChoice().getExpression()); + + //Licenses + assertLicense(component.getLicenseChoice(), version); + assertEquals("Copyright Example Inc. All rights reserved.", component.getCopyright()); assertEquals("Acme Application", component.getSwid().getName()); assertEquals("9.1.1", component.getSwid().getVersion()); @@ -547,12 +552,27 @@ private void assertComponent(final Bom bom, final Version version) { component.getEvidence().getLicenseChoice().getLicenses().get(0).getUrl()); } - private void assertSecurityContact(ExternalReference externalReference){ + private void assertSecurityContact(ExternalReference externalReference) { assertEquals(externalReference.getType(), ExternalReference.Type.SECURITY_CONTACT); assertEquals(externalReference.getComment(), "test"); assertEquals(externalReference.getUrl(), "http://example.org/docs"); } + private void assertLicense(LicenseChoice licenseChoice, final Version version) { + assertNotNull(licenseChoice); + assertNull(licenseChoice.getExpression()); + + assertEquals(licenseChoice.getLicenses().size(), 1); + License license = licenseChoice.getLicenses().get(0); + + if (version == Version.VERSION_15) { + assertEquals(license.getProperties().size(), 1); + } + else { + assertNull(license.getProperties()); + } + } + private void assertMetadata(final Metadata metadata) { assertNotNull(metadata); assertNotNull(metadata.getTimestamp()); diff --git a/src/test/java/org/cyclonedx/parsers/XmlParserTest.java b/src/test/java/org/cyclonedx/parsers/XmlParserTest.java index beffabdad..d29a59739 100644 --- a/src/test/java/org/cyclonedx/parsers/XmlParserTest.java +++ b/src/test/java/org/cyclonedx/parsers/XmlParserTest.java @@ -25,6 +25,8 @@ import org.cyclonedx.model.Component; import org.cyclonedx.model.Dependency; import org.cyclonedx.model.ExternalReference; +import org.cyclonedx.model.License; +import org.cyclonedx.model.LicenseChoice; import org.cyclonedx.model.Metadata; import org.cyclonedx.model.OrganizationalContact; import org.cyclonedx.model.OrganizationalEntity; @@ -666,7 +668,10 @@ private void assertComponent(final Bom bom, final Version version) { assertEquals(Component.Type.LIBRARY, component.getType()); assertEquals("pkg:maven/com.acme/jackson-databind@2.9.4", component.getPurl()); assertEquals(12, component.getHashes().size()); - assertNotNull(component.getLicenseChoice().getExpression()); + + //Licenses + assertLicense(component.getLicenseChoice(), version); + assertEquals("Copyright Example Inc. All rights reserved.", component.getCopyright()); assertEquals("Acme Application", component.getSwid().getName()); assertEquals("9.1.1", component.getSwid().getVersion()); @@ -690,12 +695,27 @@ private void assertComponent(final Bom bom, final Version version) { component.getEvidence().getLicenseChoice().getLicenses().get(0).getUrl()); } - private void assertSecurityContact(ExternalReference externalReference){ + private void assertSecurityContact(ExternalReference externalReference) { assertEquals(externalReference.getType(), ExternalReference.Type.SECURITY_CONTACT); assertEquals(externalReference.getComment(), "test"); assertEquals(externalReference.getUrl(), "http://example.org/docs"); } + private void assertLicense(LicenseChoice licenseChoice, final Version version) { + assertNotNull(licenseChoice); + assertNull(licenseChoice.getExpression()); + + assertEquals(licenseChoice.getLicenses().size(), 1); + License license = licenseChoice.getLicenses().get(0); + + if (version == Version.VERSION_15) { + assertEquals(license.getProperties().size(), 1); + } + else { + assertNull(license.getProperties()); + } + } + private void assertMetadata(final Metadata metadata) { assertNotNull(metadata); assertNotNull(metadata.getTimestamp()); diff --git a/src/test/resources/bom-1.4.json b/src/test/resources/bom-1.4.json index 3ccf48006..7857f464f 100644 --- a/src/test/resources/bom-1.4.json +++ b/src/test/resources/bom-1.4.json @@ -164,7 +164,9 @@ ], "licenses": [ { - "expression": "EPL-2.0 OR GPL-2.0-with-classpath-exception" + "license": { + "id": "Apache-2.0" + } } ], "copyright": "Copyright Example Inc. All rights reserved.", diff --git a/src/test/resources/bom-1.4.xml b/src/test/resources/bom-1.4.xml index 25095bef2..0fe4b725b 100644 --- a/src/test/resources/bom-1.4.xml +++ b/src/test/resources/bom-1.4.xml @@ -98,7 +98,9 @@ 26cdc7fb3fd65fc3b621a4ef70bc7d2489d5c19e70c76cf7ec20e538df0047cf - EPL-2.0 OR GPL-2.0-with-classpath-exception + + Apache-2.0 + Copyright Example Inc. All rights reserved. cpe:/a:example:myapplication:1.0.0 diff --git a/src/test/resources/bom-1.5.json b/src/test/resources/bom-1.5.json index 2ee6f2834..c90ac3497 100644 --- a/src/test/resources/bom-1.5.json +++ b/src/test/resources/bom-1.5.json @@ -164,7 +164,15 @@ ], "licenses": [ { - "expression": "EPL-2.0 OR GPL-2.0-with-classpath-exception" + "license": { + "id": "Apache-2.0", + "properties": [ + { + "name": "Foo", + "value": "Bar" + } + ] + } } ], "copyright": "Copyright Example Inc. All rights reserved.", diff --git a/src/test/resources/bom-1.5.xml b/src/test/resources/bom-1.5.xml index 97e810bbc..13d6093c9 100644 --- a/src/test/resources/bom-1.5.xml +++ b/src/test/resources/bom-1.5.xml @@ -98,7 +98,12 @@ 26cdc7fb3fd65fc3b621a4ef70bc7d2489d5c19e70c76cf7ec20e538df0047cf - EPL-2.0 OR GPL-2.0-with-classpath-exception + + Apache-2.0 + + Bar + + Copyright Example Inc. All rights reserved. cpe:/a:example:myapplication:1.0.0 From 9b6507940d421f219a053ca6708b5f41c428894a Mon Sep 17 00:00:00 2001 From: Alex Alzate Date: Thu, 2 Mar 2023 12:09:27 -0500 Subject: [PATCH 06/40] Add Missing Bom Properties --- src/main/java/org/cyclonedx/model/Bom.java | 2 +- src/main/resources/bom-1.5.proto | 2 ++ src/main/resources/bom-1.5.schema.json | 9 +++++++++ src/test/java/org/cyclonedx/parsers/JsonParserTest.java | 6 ++++++ src/test/java/org/cyclonedx/parsers/XmlParserTest.java | 8 +++++++- src/test/resources/bom-1.5.json | 6 ++++++ src/test/resources/bom-1.5.xml | 3 +++ 7 files changed, 34 insertions(+), 2 deletions(-) diff --git a/src/main/java/org/cyclonedx/model/Bom.java b/src/main/java/org/cyclonedx/model/Bom.java index fa0cf601a..05e927f98 100644 --- a/src/main/java/org/cyclonedx/model/Bom.java +++ b/src/main/java/org/cyclonedx/model/Bom.java @@ -48,8 +48,8 @@ "externalReferences", "dependencies", "compositions", - "vulnerabilities", "properties", + "vulnerabilities", "signature" }) public class Bom extends ExtensibleElement { diff --git a/src/main/resources/bom-1.5.proto b/src/main/resources/bom-1.5.proto index 111217429..acf137ba8 100644 --- a/src/main/resources/bom-1.5.proto +++ b/src/main/resources/bom-1.5.proto @@ -33,6 +33,8 @@ message Bom { repeated Composition compositions = 9; // Vulnerabilities identified in components or services. repeated Vulnerability vulnerabilities = 10; + // Specifies optional, custom, properties + repeated Property properties = 11; } enum Classification { diff --git a/src/main/resources/bom-1.5.schema.json b/src/main/resources/bom-1.5.schema.json index 2d3b30050..921ac710e 100644 --- a/src/main/resources/bom-1.5.schema.json +++ b/src/main/resources/bom-1.5.schema.json @@ -89,6 +89,15 @@ "title": "Compositions", "description": "Compositions describe constituent parts (including components, services, and dependency relationships) and their completeness." }, + "properties": { + "type": "array", + "title": "Properties", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL.", + "additionalItems": false, + "items": { + "$ref": "#/definitions/property" + } + }, "vulnerabilities": { "type": "array", "additionalItems": false, diff --git a/src/test/java/org/cyclonedx/parsers/JsonParserTest.java b/src/test/java/org/cyclonedx/parsers/JsonParserTest.java index 901b7f127..4671d4c2b 100644 --- a/src/test/java/org/cyclonedx/parsers/JsonParserTest.java +++ b/src/test/java/org/cyclonedx/parsers/JsonParserTest.java @@ -345,6 +345,9 @@ public void testParsedObjects14Bom() throws Exception { Dependency d1 = bom.getDependencies().get(0); assertNotNull(d1); assertEquals("pkg:npm/acme/component@1.0.0", d1.getRef()); + + //Assert Bom Properties + assertNull(bom.getProperties()); } @Test @@ -366,6 +369,9 @@ public void testParsedObjects15Bom() throws Exception { Dependency d1 = bom.getDependencies().get(0); assertNotNull(d1); assertEquals("pkg:npm/acme/component@1.0.0", d1.getRef()); + + //Assert Bom Properties + assertEquals(bom.getProperties().size(), 1); } private void assertVulnerabilities(final Bom bom, final Version version) { diff --git a/src/test/java/org/cyclonedx/parsers/XmlParserTest.java b/src/test/java/org/cyclonedx/parsers/XmlParserTest.java index d29a59739..3b21b0544 100644 --- a/src/test/java/org/cyclonedx/parsers/XmlParserTest.java +++ b/src/test/java/org/cyclonedx/parsers/XmlParserTest.java @@ -470,6 +470,9 @@ public void testParsedObjects14Bom() throws Exception { Dependency d1 = bom.getDependencies().get(0); assertNotNull(d1); assertEquals("pkg:maven/com.acme/jackson-databind@2.9.4", d1.getRef()); + + //Assert Bom Properties + assertNull(bom.getProperties()); } @Test @@ -492,10 +495,13 @@ public void testParsedObjects15Bom() throws Exception { assertNotNull(d1); assertEquals("pkg:maven/com.acme/jackson-databind@2.9.4", d1.getRef()); + //Assert Bom Properties + assertEquals(bom.getProperties().size(), 1); + //Assert Licensing //Assert Vulnerability Rejected //Assert Annotations - //Assert Bom Properties + //Assert License Properties //Assert Vulnerabilities Timestamps } diff --git a/src/test/resources/bom-1.5.json b/src/test/resources/bom-1.5.json index c90ac3497..3cd0cb724 100644 --- a/src/test/resources/bom-1.5.json +++ b/src/test/resources/bom-1.5.json @@ -309,6 +309,12 @@ ] } ], + "properties": [ + { + "name": "Foo", + "value": "Bar" + } + ], "vulnerabilities": [ { "bom-ref": "6eee14da-8f42-4cc4-bb65-203235f02415", diff --git a/src/test/resources/bom-1.5.xml b/src/test/resources/bom-1.5.xml index 13d6093c9..694bec758 100644 --- a/src/test/resources/bom-1.5.xml +++ b/src/test/resources/bom-1.5.xml @@ -195,6 +195,9 @@ + + Bar + SONATYPE-2021123 From bb7cbab473655233ce1fbc1cdea82796f60a3093 Mon Sep 17 00:00:00 2001 From: Alex Alzate Date: Thu, 16 Feb 2023 21:16:39 -0500 Subject: [PATCH 07/40] Initial test for properties Signed-off-by: Alex Alzate --- src/main/java/org/cyclonedx/parsers/JsonParser.java | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/main/java/org/cyclonedx/parsers/JsonParser.java b/src/main/java/org/cyclonedx/parsers/JsonParser.java index e53cf13fa..c230e898f 100644 --- a/src/main/java/org/cyclonedx/parsers/JsonParser.java +++ b/src/main/java/org/cyclonedx/parsers/JsonParser.java @@ -26,6 +26,8 @@ import org.cyclonedx.CycloneDxSchema; import org.cyclonedx.exception.ParseException; import org.cyclonedx.model.Bom; +import org.cyclonedx.util.VersionJsonAnnotationIntrospector; + import java.io.File; import java.io.IOException; import java.io.InputStream; From b2096d5d52b24f5279e7de09deac23bfdd350c98 Mon Sep 17 00:00:00 2001 From: Jeffry Hesse <5544326+DarthHater@users.noreply.github.com> Date: Thu, 2 Feb 2023 11:28:12 -0900 Subject: [PATCH 08/40] Add licensing Signed-off-by: Jeffry Hesse <5544326+DarthHater@users.noreply.github.com> Signed-off-by: Alex Alzate --- .../java/org/cyclonedx/model/License.java | 11 ++ .../java/org/cyclonedx/model/Licensing.java | 144 ++++++++++++++++++ 2 files changed, 155 insertions(+) create mode 100644 src/main/java/org/cyclonedx/model/Licensing.java diff --git a/src/main/java/org/cyclonedx/model/License.java b/src/main/java/org/cyclonedx/model/License.java index 1f9157ed8..27c63bf8c 100644 --- a/src/main/java/org/cyclonedx/model/License.java +++ b/src/main/java/org/cyclonedx/model/License.java @@ -40,6 +40,9 @@ public class License extends ExtensibleElement { private String id; private String name; + @VersionFilter(versions = {"1.5"}) + private Licensing licensing; + @JacksonXmlProperty(localName = "text") @JsonProperty("text") private AttachmentText attachmentText; @@ -64,6 +67,14 @@ public void setName(String name) { this.name = name; } + public Licensing getLicensing() { + return licensing; + } + + public void setLicensing(final Licensing licensing) { + this.licensing = licensing; + } + public String getUrl() { return url; } diff --git a/src/main/java/org/cyclonedx/model/Licensing.java b/src/main/java/org/cyclonedx/model/Licensing.java new file mode 100644 index 000000000..14b2947c5 --- /dev/null +++ b/src/main/java/org/cyclonedx/model/Licensing.java @@ -0,0 +1,144 @@ +/* + * This file is part of CycloneDX Core (Java). + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * Copyright (c) OWASP Foundation. All Rights Reserved. + */ +package org.cyclonedx.model; + +import java.util.Date; +import java.util.List; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.annotation.JsonPropertyOrder; +import com.fasterxml.jackson.annotation.JsonRootName; + +@JsonIgnoreProperties(ignoreUnknown = true) +@JsonInclude(JsonInclude.Include.NON_NULL) +@JsonPropertyOrder({"altIds", "licensor", "licensee", "purchaser", "purchaseOrder", "licenseTypes", "lastRenewal", "expiration"}) +@JsonRootName("licensing") +public class Licensing extends ExtensibleElement +{ + public enum LicensingType { + @JsonProperty("academic") + ACADEMIC("academic"), + @JsonProperty("appliance") + APPLIANCE("appliance"), + @JsonProperty("client-access") + CLIENT_ACCESS("client-access"), + @JsonProperty("concurrent-user") + CONCURRENT_USER("concurrent-user"), + @JsonProperty("core-points") + CORE_POINTS("core-points"), + @JsonProperty("custom-metric") + CUSTOM_METRIC("custom-metric"), + @JsonProperty("device") + DEVICE("device"), + @JsonProperty("evaluation") + EVALUATION("evaluation"), + @JsonProperty("named-user") + NAMED_USER("named-user"), + @JsonProperty("node-locked") + NODE_LOCKED("node-locked"), + @JsonProperty("oem") + OEM("oem"), + @JsonProperty("perpetual") + PERPETUAL("perpetual"), + @JsonProperty("processor-points") + PROCESSOR_POINTS("processor-points"), + @JsonProperty("subscription") + SUBSCRIPTION("subscription"), + @JsonProperty("user") + USER("user"), + @JsonProperty("other") + OTHER("other"); + + private final String name; + + public String getLicensingType() { + return this.name; + } + + LicensingType(String name) { + this.name = name; + } + } + + private List altIds; + + private OrganizationalEntity licensor; + + private OrganizationalEntity licensee; + + private OrganizationalEntity purchaser; + + private String purchaseOrder; + + private List licenseTypes; + + private Date lastRenewal = new Date(); + + private Date expiration = new Date(); + + public List getAltIds() { + return altIds; + } + + public void setAltIds(final List altIds) { + this.altIds = altIds; + } + + public OrganizationalEntity getLicensor() { + return licensor; + } + + public void setLicensor(final OrganizationalEntity licensor) { + this.licensor = licensor; + } + + public OrganizationalEntity getLicensee() { + return licensee; + } + + public void setLicensee(final OrganizationalEntity licensee) { + this.licensee = licensee; + } + + public OrganizationalEntity getPurchaser() { + return purchaser; + } + + public void setPurchaser(final OrganizationalEntity purchaser) { + this.purchaser = purchaser; + } + + public String getPurchaseOrder() { + return purchaseOrder; + } + + public void setPurchaseOrder(final String purchaseOrder) { + this.purchaseOrder = purchaseOrder; + } + + public List getLicenseTypes() { + return licenseTypes; + } + + public void setLicenseTypes(final List licenseTypes) { + this.licenseTypes = licenseTypes; + } +} From f5bb5d4b9de4d7cc288f68c8b263427506714e22 Mon Sep 17 00:00:00 2001 From: Jeffry Hesse <5544326+DarthHater@users.noreply.github.com> Date: Thu, 2 Feb 2023 11:32:50 -0900 Subject: [PATCH 09/40] json property order Signed-off-by: Jeffry Hesse <5544326+DarthHater@users.noreply.github.com> Signed-off-by: Alex Alzate --- src/main/java/org/cyclonedx/model/License.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/org/cyclonedx/model/License.java b/src/main/java/org/cyclonedx/model/License.java index 27c63bf8c..d20e76060 100644 --- a/src/main/java/org/cyclonedx/model/License.java +++ b/src/main/java/org/cyclonedx/model/License.java @@ -31,7 +31,7 @@ @SuppressWarnings("unused") @JsonIgnoreProperties(ignoreUnknown = true) @JsonInclude(JsonInclude.Include.NON_NULL) -@JsonPropertyOrder({"id", "name", "text", "url", "properties"}) +@JsonPropertyOrder({"id", "name", "licensing", "text", "url", "properties"}) @JsonRootName("license") public class License extends ExtensibleElement { From 0dc1b9ce5c522ca300f9736ec625767eabf68c65 Mon Sep 17 00:00:00 2001 From: Jeffry Hesse <5544326+DarthHater@users.noreply.github.com> Date: Fri, 3 Feb 2023 10:46:28 -0900 Subject: [PATCH 10/40] The basics of the whole well it can be either of these two things, I guess Signed-off-by: Alex Alzate --- .../java/org/cyclonedx/model/Licensing.java | 18 +++--- .../model/OrganizationalContact.java | 2 +- .../cyclonedx/model/OrganizationalEntity.java | 2 +- .../model/OrganizationalInstance.java | 27 +++++++++ .../OrganizationalInstanceDeserializer.java | 59 +++++++++++++++++++ 5 files changed, 97 insertions(+), 11 deletions(-) create mode 100644 src/main/java/org/cyclonedx/model/OrganizationalInstance.java create mode 100644 src/main/java/org/cyclonedx/util/OrganizationalInstanceDeserializer.java diff --git a/src/main/java/org/cyclonedx/model/Licensing.java b/src/main/java/org/cyclonedx/model/Licensing.java index 14b2947c5..c421cc266 100644 --- a/src/main/java/org/cyclonedx/model/Licensing.java +++ b/src/main/java/org/cyclonedx/model/Licensing.java @@ -80,11 +80,11 @@ public String getLicensingType() { private List altIds; - private OrganizationalEntity licensor; + private OrganizationalInstance licensor; - private OrganizationalEntity licensee; + private OrganizationalInstance licensee; - private OrganizationalEntity purchaser; + private OrganizationalInstance purchaser; private String purchaseOrder; @@ -102,27 +102,27 @@ public void setAltIds(final List altIds) { this.altIds = altIds; } - public OrganizationalEntity getLicensor() { + public OrganizationalInstance getLicensor() { return licensor; } - public void setLicensor(final OrganizationalEntity licensor) { + public void setLicensor(final OrganizationalInstance licensor) { this.licensor = licensor; } - public OrganizationalEntity getLicensee() { + public OrganizationalInstance getLicensee() { return licensee; } - public void setLicensee(final OrganizationalEntity licensee) { + public void setLicensee(final OrganizationalInstance licensee) { this.licensee = licensee; } - public OrganizationalEntity getPurchaser() { + public OrganizationalInstance getPurchaser() { return purchaser; } - public void setPurchaser(final OrganizationalEntity purchaser) { + public void setPurchaser(final OrganizationalInstance purchaser) { this.purchaser = purchaser; } diff --git a/src/main/java/org/cyclonedx/model/OrganizationalContact.java b/src/main/java/org/cyclonedx/model/OrganizationalContact.java index 20636f167..d7ebebd60 100644 --- a/src/main/java/org/cyclonedx/model/OrganizationalContact.java +++ b/src/main/java/org/cyclonedx/model/OrganizationalContact.java @@ -26,7 +26,7 @@ @JsonIgnoreProperties(ignoreUnknown = true) @JsonInclude(JsonInclude.Include.NON_NULL) @JsonPropertyOrder({"name", "email", "phone"}) -public class OrganizationalContact extends ExtensibleElement { +public class OrganizationalContact extends OrganizationalInstance { private String name; private String email; diff --git a/src/main/java/org/cyclonedx/model/OrganizationalEntity.java b/src/main/java/org/cyclonedx/model/OrganizationalEntity.java index 32f45287f..a9c2f4385 100644 --- a/src/main/java/org/cyclonedx/model/OrganizationalEntity.java +++ b/src/main/java/org/cyclonedx/model/OrganizationalEntity.java @@ -31,7 +31,7 @@ @JsonIgnoreProperties(ignoreUnknown = true) @JsonInclude(JsonInclude.Include.NON_EMPTY) @JsonPropertyOrder({"name", "url", "contact"}) -public class OrganizationalEntity extends ExtensibleElement { +public class OrganizationalEntity extends OrganizationalInstance { private String name; diff --git a/src/main/java/org/cyclonedx/model/OrganizationalInstance.java b/src/main/java/org/cyclonedx/model/OrganizationalInstance.java new file mode 100644 index 000000000..fe305a53b --- /dev/null +++ b/src/main/java/org/cyclonedx/model/OrganizationalInstance.java @@ -0,0 +1,27 @@ +/* + * This file is part of CycloneDX Core (Java). + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * Copyright (c) OWASP Foundation. All Rights Reserved. + */ +package org.cyclonedx.model; + +import com.fasterxml.jackson.databind.annotation.JsonDeserialize; +import org.cyclonedx.util.OrganizationalInstanceDeserializer; + +@JsonDeserialize(using = OrganizationalInstanceDeserializer.class) +public abstract class OrganizationalInstance extends ExtensibleElement +{ +} diff --git a/src/main/java/org/cyclonedx/util/OrganizationalInstanceDeserializer.java b/src/main/java/org/cyclonedx/util/OrganizationalInstanceDeserializer.java new file mode 100644 index 000000000..acd8dee1d --- /dev/null +++ b/src/main/java/org/cyclonedx/util/OrganizationalInstanceDeserializer.java @@ -0,0 +1,59 @@ +/* + * This file is part of CycloneDX Core (Java). + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * Copyright (c) OWASP Foundation. All Rights Reserved. + */ +package org.cyclonedx.util; + +import java.io.DataInput; +import java.io.IOException; + +import com.fasterxml.jackson.core.JacksonException; +import com.fasterxml.jackson.core.JsonParser; +import com.fasterxml.jackson.databind.DeserializationContext; +import com.fasterxml.jackson.databind.JsonDeserializer; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.databind.node.ObjectNode; +import org.cyclonedx.model.OrganizationalContact; +import org.cyclonedx.model.OrganizationalEntity; +import org.cyclonedx.model.OrganizationalInstance; + +public class OrganizationalInstanceDeserializer extends JsonDeserializer +{ + @Override + public OrganizationalInstance deserialize( + final JsonParser jsonParser, + final DeserializationContext deserializationContext) + throws IOException, JacksonException + { + ObjectMapper mapper = (ObjectMapper) jsonParser.getCodec(); + ObjectNode root = (ObjectNode) mapper.readTree(jsonParser); + + Class instanceClass; + + // TODO: Method that determines which entity it is + if (true) { + instanceClass = OrganizationalEntity.class; + } else { + instanceClass = OrganizationalContact.class; + } + if (instanceClass == null) { + return null; + } + + return mapper.readValue((DataInput) root, instanceClass); + } +} From 23c7bf168c92edc20a30bb985de6887a019ead3e Mon Sep 17 00:00:00 2001 From: Alex Alzate Date: Thu, 16 Feb 2023 21:26:47 -0500 Subject: [PATCH 11/40] fix example --- .../json/AbstractBomJsonGenerator.java | 8 +- .../xml/AbstractBomXmlGenerator.java | 2 +- src/main/java/org/cyclonedx/model/Bom.java | 4 +- .../java/org/cyclonedx/model/Component.java | 2 +- .../java/org/cyclonedx/model/Evidence.java | 2 +- .../cyclonedx/model/ExtensibleElement.java | 4 +- .../java/org/cyclonedx/model/Extension.java | 2 +- .../cyclonedx/model/ExternalReference.java | 2 +- .../model/IdentifiableActionType.java | 2 +- .../java/org/cyclonedx/model/License.java | 17 +++- .../java/org/cyclonedx/model/Licensing.java | 79 ++++++++++++++++--- .../java/org/cyclonedx/model/Metadata.java | 4 +- .../cyclonedx/model/OrganizationalChoice.java | 69 ++++++++++++++++ .../model/OrganizationalContact.java | 5 +- .../cyclonedx/model/OrganizationalEntity.java | 2 +- .../model/OrganizationalInstance.java | 27 ------- .../java/org/cyclonedx/model/Pedigree.java | 2 +- .../org/cyclonedx/model/ReleaseNotes.java | 2 +- .../java/org/cyclonedx/model/Service.java | 2 +- .../model/vulnerability/Vulnerability.java | 2 +- .../org/cyclonedx/parsers/JsonParser.java | 1 - .../OrganizationalInstanceDeserializer.java | 59 -------------- .../ComponentWrapperDeserializer.java | 2 +- .../DependencyDeserializer.java | 2 +- .../ExtensionDeserializer.java | 2 +- .../LicenseDeserializer.java | 2 +- .../VulnerabilityDeserializer.java | 2 +- .../CollectionTypeSerializer.java | 2 +- .../ComponentWrapperSerializer.java | 2 +- .../CustomDateSerializer.java | 2 +- .../DependencySerializer.java | 2 +- .../ExtensibleTypesSerializer.java | 2 +- .../{ => serializer}/ExtensionSerializer.java | 2 +- .../ExternalReferenceSerializer.java | 4 +- .../LicenseChoiceSerializer.java | 2 +- .../TrimStringSerializer.java | 2 +- src/main/resources/bom-1.5.schema.json | 7 -- .../org/cyclonedx/parsers/JsonParserTest.java | 53 ++++++++++++- .../org/cyclonedx/parsers/XmlParserTest.java | 67 ++++++++++++---- src/test/resources/bom-1.5.json | 33 ++++++++ src/test/resources/bom-1.5.xml | 34 +++++++- 41 files changed, 358 insertions(+), 165 deletions(-) create mode 100644 src/main/java/org/cyclonedx/model/OrganizationalChoice.java delete mode 100644 src/main/java/org/cyclonedx/model/OrganizationalInstance.java delete mode 100644 src/main/java/org/cyclonedx/util/OrganizationalInstanceDeserializer.java rename src/main/java/org/cyclonedx/util/{ => deserializer}/ComponentWrapperDeserializer.java (98%) rename src/main/java/org/cyclonedx/util/{ => deserializer}/DependencyDeserializer.java (97%) rename src/main/java/org/cyclonedx/util/{ => deserializer}/ExtensionDeserializer.java (99%) rename src/main/java/org/cyclonedx/util/{ => deserializer}/LicenseDeserializer.java (98%) rename src/main/java/org/cyclonedx/util/{ => deserializer}/VulnerabilityDeserializer.java (97%) rename src/main/java/org/cyclonedx/util/{ => serializer}/CollectionTypeSerializer.java (98%) rename src/main/java/org/cyclonedx/util/{ => serializer}/ComponentWrapperSerializer.java (97%) rename src/main/java/org/cyclonedx/util/{ => serializer}/CustomDateSerializer.java (97%) rename src/main/java/org/cyclonedx/util/{ => serializer}/DependencySerializer.java (99%) rename src/main/java/org/cyclonedx/util/{ => serializer}/ExtensibleTypesSerializer.java (98%) rename src/main/java/org/cyclonedx/util/{ => serializer}/ExtensionSerializer.java (99%) rename src/main/java/org/cyclonedx/util/{ => serializer}/ExternalReferenceSerializer.java (98%) rename src/main/java/org/cyclonedx/util/{ => serializer}/LicenseChoiceSerializer.java (97%) rename src/main/java/org/cyclonedx/util/{ => serializer}/TrimStringSerializer.java (97%) diff --git a/src/main/java/org/cyclonedx/generators/json/AbstractBomJsonGenerator.java b/src/main/java/org/cyclonedx/generators/json/AbstractBomJsonGenerator.java index 5ceba4e93..5dc498214 100644 --- a/src/main/java/org/cyclonedx/generators/json/AbstractBomJsonGenerator.java +++ b/src/main/java/org/cyclonedx/generators/json/AbstractBomJsonGenerator.java @@ -24,11 +24,11 @@ import org.cyclonedx.exception.GeneratorException; import org.cyclonedx.model.Bom; import org.cyclonedx.model.BomReference; -import org.cyclonedx.util.ComponentWrapperSerializer; -import org.cyclonedx.util.LicenseChoiceSerializer; -import org.cyclonedx.util.TrimStringSerializer; +import org.cyclonedx.util.serializer.ComponentWrapperSerializer; +import org.cyclonedx.util.serializer.LicenseChoiceSerializer; +import org.cyclonedx.util.serializer.TrimStringSerializer; import org.cyclonedx.util.VersionJsonAnnotationIntrospector; -import org.cyclonedx.util.DependencySerializer; +import org.cyclonedx.util.serializer.DependencySerializer; import com.fasterxml.jackson.core.JsonProcessingException; import com.fasterxml.jackson.core.util.DefaultIndenter; import com.fasterxml.jackson.core.util.DefaultPrettyPrinter; diff --git a/src/main/java/org/cyclonedx/generators/xml/AbstractBomXmlGenerator.java b/src/main/java/org/cyclonedx/generators/xml/AbstractBomXmlGenerator.java index 6e73eb98f..855e83734 100644 --- a/src/main/java/org/cyclonedx/generators/xml/AbstractBomXmlGenerator.java +++ b/src/main/java/org/cyclonedx/generators/xml/AbstractBomXmlGenerator.java @@ -27,7 +27,7 @@ import org.cyclonedx.CycloneDxSchema; import org.cyclonedx.exception.GeneratorException; import org.cyclonedx.model.Bom; -import org.cyclonedx.util.DependencySerializer; +import org.cyclonedx.util.serializer.DependencySerializer; import org.cyclonedx.util.VersionXmlAnnotationIntrospector; import org.w3c.dom.Document; import org.xml.sax.InputSource; diff --git a/src/main/java/org/cyclonedx/model/Bom.java b/src/main/java/org/cyclonedx/model/Bom.java index 05e927f98..e37fc8f59 100644 --- a/src/main/java/org/cyclonedx/model/Bom.java +++ b/src/main/java/org/cyclonedx/model/Bom.java @@ -30,8 +30,8 @@ import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlRootElement; import org.cyclonedx.model.vulnerability.Vulnerability; -import org.cyclonedx.util.DependencyDeserializer; -import org.cyclonedx.util.VulnerabilityDeserializer; +import org.cyclonedx.util.deserializer.DependencyDeserializer; +import org.cyclonedx.util.deserializer.VulnerabilityDeserializer; @SuppressWarnings("unused") @JacksonXmlRootElement(localName = "bom") diff --git a/src/main/java/org/cyclonedx/model/Component.java b/src/main/java/org/cyclonedx/model/Component.java index 22f9a79d5..afa62ebc5 100644 --- a/src/main/java/org/cyclonedx/model/Component.java +++ b/src/main/java/org/cyclonedx/model/Component.java @@ -22,7 +22,7 @@ import java.util.List; import java.util.Objects; -import org.cyclonedx.util.LicenseDeserializer; +import org.cyclonedx.util.deserializer.LicenseDeserializer; import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonInclude; import com.fasterxml.jackson.annotation.JsonProperty; diff --git a/src/main/java/org/cyclonedx/model/Evidence.java b/src/main/java/org/cyclonedx/model/Evidence.java index 112fba90c..67fb8dbd9 100644 --- a/src/main/java/org/cyclonedx/model/Evidence.java +++ b/src/main/java/org/cyclonedx/model/Evidence.java @@ -25,7 +25,7 @@ import com.fasterxml.jackson.databind.annotation.JsonDeserialize; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; -import org.cyclonedx.util.LicenseDeserializer; +import org.cyclonedx.util.deserializer.LicenseDeserializer; import java.util.ArrayList; import java.util.List; diff --git a/src/main/java/org/cyclonedx/model/ExtensibleElement.java b/src/main/java/org/cyclonedx/model/ExtensibleElement.java index d0f00c207..ffcdcdb34 100644 --- a/src/main/java/org/cyclonedx/model/ExtensibleElement.java +++ b/src/main/java/org/cyclonedx/model/ExtensibleElement.java @@ -29,8 +29,8 @@ import com.fasterxml.jackson.databind.annotation.JsonDeserialize; import com.fasterxml.jackson.databind.annotation.JsonSerialize; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; -import org.cyclonedx.util.ExtensibleTypesSerializer; -import org.cyclonedx.util.ExtensionDeserializer; +import org.cyclonedx.util.serializer.ExtensibleTypesSerializer; +import org.cyclonedx.util.deserializer.ExtensionDeserializer; @JsonInclude(Include.NON_NULL) public abstract class ExtensibleElement { diff --git a/src/main/java/org/cyclonedx/model/Extension.java b/src/main/java/org/cyclonedx/model/Extension.java index 7260d35ae..cc60551e3 100644 --- a/src/main/java/org/cyclonedx/model/Extension.java +++ b/src/main/java/org/cyclonedx/model/Extension.java @@ -21,7 +21,7 @@ import java.util.ArrayList; import java.util.List; import com.fasterxml.jackson.databind.annotation.JsonSerialize; -import org.cyclonedx.util.ExtensionSerializer; +import org.cyclonedx.util.serializer.ExtensionSerializer; @JsonSerialize(using = ExtensionSerializer.class) public class Extension { diff --git a/src/main/java/org/cyclonedx/model/ExternalReference.java b/src/main/java/org/cyclonedx/model/ExternalReference.java index 3d78bff41..ef112158a 100644 --- a/src/main/java/org/cyclonedx/model/ExternalReference.java +++ b/src/main/java/org/cyclonedx/model/ExternalReference.java @@ -28,7 +28,7 @@ import com.fasterxml.jackson.databind.annotation.JsonSerialize; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; -import org.cyclonedx.util.ExternalReferenceSerializer; +import org.cyclonedx.util.serializer.ExternalReferenceSerializer; @SuppressWarnings("unused") @JsonIgnoreProperties(ignoreUnknown = true) diff --git a/src/main/java/org/cyclonedx/model/IdentifiableActionType.java b/src/main/java/org/cyclonedx/model/IdentifiableActionType.java index cdb5937ef..ae65fe003 100644 --- a/src/main/java/org/cyclonedx/model/IdentifiableActionType.java +++ b/src/main/java/org/cyclonedx/model/IdentifiableActionType.java @@ -24,7 +24,7 @@ import com.fasterxml.jackson.annotation.JsonInclude; import com.fasterxml.jackson.annotation.JsonPropertyOrder; import com.fasterxml.jackson.databind.annotation.JsonSerialize; -import org.cyclonedx.util.CustomDateSerializer; +import org.cyclonedx.util.serializer.CustomDateSerializer; @SuppressWarnings("unused") @JsonIgnoreProperties(ignoreUnknown = true) diff --git a/src/main/java/org/cyclonedx/model/License.java b/src/main/java/org/cyclonedx/model/License.java index d20e76060..796cd752d 100644 --- a/src/main/java/org/cyclonedx/model/License.java +++ b/src/main/java/org/cyclonedx/model/License.java @@ -35,12 +35,16 @@ @JsonRootName("license") public class License extends ExtensibleElement { + @VersionFilter(versions = {"1.1", "1.2", "1.3", "1.4"}) + @JacksonXmlProperty(isAttribute = true, localName = "bom-ref") + @JsonProperty("bom-ref") + private String bomRef; @JacksonXmlProperty(localName = "id") @JsonProperty("id") private String id; private String name; - @VersionFilter(versions = {"1.5"}) + @VersionFilter(versions = {"1.1", "1.2", "1.3", "1.4"}) private Licensing licensing; @JacksonXmlProperty(localName = "text") @@ -51,6 +55,14 @@ public class License extends ExtensibleElement { @VersionFilter(versions = {"1.1", "1.2", "1.3", "1.4"}) private List properties; + public String getBomRef() { + return bomRef; + } + + public void setBomRef(final String bomRef) { + this.bomRef = bomRef; + } + public String getId() { return id; } @@ -110,11 +122,12 @@ public boolean equals(Object o) { Objects.equals(name, license.name) && Objects.equals(url, license.url) && Objects.equals(attachmentText, license.attachmentText) && + Objects.equals(licensing, license.licensing) && Objects.equals(properties, license.properties); } @Override public int hashCode() { - return Objects.hash(id, name, url, attachmentText, properties); + return Objects.hash(id, name, url, attachmentText, properties, licensing); } } diff --git a/src/main/java/org/cyclonedx/model/Licensing.java b/src/main/java/org/cyclonedx/model/Licensing.java index c421cc266..5dda550d5 100644 --- a/src/main/java/org/cyclonedx/model/Licensing.java +++ b/src/main/java/org/cyclonedx/model/Licensing.java @@ -20,20 +20,26 @@ import java.util.Date; import java.util.List; +import java.util.Objects; import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonInclude; import com.fasterxml.jackson.annotation.JsonProperty; import com.fasterxml.jackson.annotation.JsonPropertyOrder; import com.fasterxml.jackson.annotation.JsonRootName; +import com.fasterxml.jackson.databind.annotation.JsonSerialize; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; +import org.cyclonedx.util.serializer.CustomDateSerializer; @JsonIgnoreProperties(ignoreUnknown = true) -@JsonInclude(JsonInclude.Include.NON_NULL) +@JsonInclude(JsonInclude.Include.NON_EMPTY) @JsonPropertyOrder({"altIds", "licensor", "licensee", "purchaser", "purchaseOrder", "licenseTypes", "lastRenewal", "expiration"}) @JsonRootName("licensing") public class Licensing extends ExtensibleElement { - public enum LicensingType { + public enum LicensingType + { @JsonProperty("academic") ACADEMIC("academic"), @JsonProperty("appliance") @@ -80,20 +86,26 @@ public String getLicensingType() { private List altIds; - private OrganizationalInstance licensor; + private OrganizationalChoice licensor; - private OrganizationalInstance licensee; + private OrganizationalChoice licensee; - private OrganizationalInstance purchaser; + private OrganizationalChoice purchaser; private String purchaseOrder; + @JacksonXmlElementWrapper(localName = "licenseTypes") + @JacksonXmlProperty(localName = "licenseType") private List licenseTypes; + @JsonSerialize(using = CustomDateSerializer.class) private Date lastRenewal = new Date(); + @JsonSerialize(using = CustomDateSerializer.class) private Date expiration = new Date(); + @JacksonXmlElementWrapper(localName = "altIds") + @JacksonXmlProperty(localName = "altId") public List getAltIds() { return altIds; } @@ -102,27 +114,33 @@ public void setAltIds(final List altIds) { this.altIds = altIds; } - public OrganizationalInstance getLicensor() { + @JacksonXmlProperty(localName = "licensor") + @JsonProperty("licensor") + public OrganizationalChoice getLicensor() { return licensor; } - public void setLicensor(final OrganizationalInstance licensor) { + public void setLicensor(final OrganizationalChoice licensor) { this.licensor = licensor; } - public OrganizationalInstance getLicensee() { + @JacksonXmlProperty(localName = "licensee") + @JsonProperty("licensee") + public OrganizationalChoice getLicensee() { return licensee; } - public void setLicensee(final OrganizationalInstance licensee) { + public void setLicensee(final OrganizationalChoice licensee) { this.licensee = licensee; } - public OrganizationalInstance getPurchaser() { + @JacksonXmlProperty(localName = "purchaser") + @JsonProperty("purchaser") + public OrganizationalChoice getPurchaser() { return purchaser; } - public void setPurchaser(final OrganizationalInstance purchaser) { + public void setPurchaser(final OrganizationalChoice purchaser) { this.purchaser = purchaser; } @@ -141,4 +159,43 @@ public List getLicenseTypes() { public void setLicenseTypes(final List licenseTypes) { this.licenseTypes = licenseTypes; } + + public Date getLastRenewal() { + return lastRenewal; + } + + public void setLastRenewal(final Date lastRenewal) { + this.lastRenewal = lastRenewal; + } + + public Date getExpiration() { + return expiration; + } + + public void setExpiration(final Date expiration) { + this.expiration = expiration; + } + + @Override + public boolean equals(final Object o) { + if (this == o) { + return true; + } + if (!(o instanceof Licensing)) { + return false; + } + Licensing licensing = (Licensing) o; + return Objects.equals(altIds, licensing.altIds) && Objects.equals(licensor, licensing.licensor) && + Objects.equals(licensee, licensing.licensee) && + Objects.equals(purchaser, licensing.purchaser) && + Objects.equals(purchaseOrder, licensing.purchaseOrder) && + Objects.equals(licenseTypes, licensing.licenseTypes) && + Objects.equals(lastRenewal, licensing.lastRenewal) && + Objects.equals(expiration, licensing.expiration); + } + + @Override + public int hashCode() { + return Objects.hash(altIds, licensor, licensee, purchaser, purchaseOrder, licenseTypes, lastRenewal, expiration); + } } diff --git a/src/main/java/org/cyclonedx/model/Metadata.java b/src/main/java/org/cyclonedx/model/Metadata.java index 221b6c5a7..63e457fb8 100644 --- a/src/main/java/org/cyclonedx/model/Metadata.java +++ b/src/main/java/org/cyclonedx/model/Metadata.java @@ -26,8 +26,8 @@ import com.fasterxml.jackson.databind.annotation.JsonSerialize; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; -import org.cyclonedx.util.CustomDateSerializer; -import org.cyclonedx.util.LicenseDeserializer; +import org.cyclonedx.util.serializer.CustomDateSerializer; +import org.cyclonedx.util.deserializer.LicenseDeserializer; import java.util.ArrayList; import java.util.Date; import java.util.List; diff --git a/src/main/java/org/cyclonedx/model/OrganizationalChoice.java b/src/main/java/org/cyclonedx/model/OrganizationalChoice.java new file mode 100644 index 000000000..6bc2f0eaa --- /dev/null +++ b/src/main/java/org/cyclonedx/model/OrganizationalChoice.java @@ -0,0 +1,69 @@ +/* + * This file is part of CycloneDX Core (Java). + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * Copyright (c) OWASP Foundation. All Rights Reserved. + */ +package org.cyclonedx.model; + +import java.util.Objects; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; + +@JsonIgnoreProperties(ignoreUnknown = true) +@JsonInclude(JsonInclude.Include.NON_EMPTY) +public class OrganizationalChoice +{ + private OrganizationalContact individual; + + private OrganizationalEntity organization; + + public OrganizationalContact getIndividual() { + return individual; + } + + public void setIndividual(final OrganizationalContact individual) { + this.individual = individual; + this.organization = null; + } + + public OrganizationalEntity getOrganization() { + return organization; + } + + public void setOrganization(final OrganizationalEntity organization) { + this.organization = organization; + this.individual = null; + } + + @Override + public boolean equals(final Object o) { + if (this == o) { + return true; + } + if (o == null || getClass() != o.getClass()) { + return false; + } + OrganizationalChoice that = (OrganizationalChoice) o; + return Objects.equals(individual, that.individual) && + Objects.equals(organization, that.organization); + } + + @Override + public int hashCode() { + return Objects.hash(individual, organization); + } +} diff --git a/src/main/java/org/cyclonedx/model/OrganizationalContact.java b/src/main/java/org/cyclonedx/model/OrganizationalContact.java index d7ebebd60..a118bc01a 100644 --- a/src/main/java/org/cyclonedx/model/OrganizationalContact.java +++ b/src/main/java/org/cyclonedx/model/OrganizationalContact.java @@ -20,13 +20,14 @@ import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonInclude.Include; import com.fasterxml.jackson.annotation.JsonPropertyOrder; import java.util.Objects; @JsonIgnoreProperties(ignoreUnknown = true) -@JsonInclude(JsonInclude.Include.NON_NULL) +@JsonInclude(Include.NON_EMPTY) @JsonPropertyOrder({"name", "email", "phone"}) -public class OrganizationalContact extends OrganizationalInstance { +public class OrganizationalContact { private String name; private String email; diff --git a/src/main/java/org/cyclonedx/model/OrganizationalEntity.java b/src/main/java/org/cyclonedx/model/OrganizationalEntity.java index a9c2f4385..13beb7f5e 100644 --- a/src/main/java/org/cyclonedx/model/OrganizationalEntity.java +++ b/src/main/java/org/cyclonedx/model/OrganizationalEntity.java @@ -31,7 +31,7 @@ @JsonIgnoreProperties(ignoreUnknown = true) @JsonInclude(JsonInclude.Include.NON_EMPTY) @JsonPropertyOrder({"name", "url", "contact"}) -public class OrganizationalEntity extends OrganizationalInstance { +public class OrganizationalEntity { private String name; diff --git a/src/main/java/org/cyclonedx/model/OrganizationalInstance.java b/src/main/java/org/cyclonedx/model/OrganizationalInstance.java deleted file mode 100644 index fe305a53b..000000000 --- a/src/main/java/org/cyclonedx/model/OrganizationalInstance.java +++ /dev/null @@ -1,27 +0,0 @@ -/* - * This file is part of CycloneDX Core (Java). - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * SPDX-License-Identifier: Apache-2.0 - * Copyright (c) OWASP Foundation. All Rights Reserved. - */ -package org.cyclonedx.model; - -import com.fasterxml.jackson.databind.annotation.JsonDeserialize; -import org.cyclonedx.util.OrganizationalInstanceDeserializer; - -@JsonDeserialize(using = OrganizationalInstanceDeserializer.class) -public abstract class OrganizationalInstance extends ExtensibleElement -{ -} diff --git a/src/main/java/org/cyclonedx/model/Pedigree.java b/src/main/java/org/cyclonedx/model/Pedigree.java index 5c2163d8b..58118bf21 100644 --- a/src/main/java/org/cyclonedx/model/Pedigree.java +++ b/src/main/java/org/cyclonedx/model/Pedigree.java @@ -26,7 +26,7 @@ import com.fasterxml.jackson.databind.annotation.JsonDeserialize; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; -import org.cyclonedx.util.ComponentWrapperDeserializer; +import org.cyclonedx.util.deserializer.ComponentWrapperDeserializer; @SuppressWarnings("unused") @JsonIgnoreProperties(ignoreUnknown = true) diff --git a/src/main/java/org/cyclonedx/model/ReleaseNotes.java b/src/main/java/org/cyclonedx/model/ReleaseNotes.java index 1792343d5..7b4a1ad6c 100644 --- a/src/main/java/org/cyclonedx/model/ReleaseNotes.java +++ b/src/main/java/org/cyclonedx/model/ReleaseNotes.java @@ -28,7 +28,7 @@ import com.fasterxml.jackson.databind.annotation.JsonSerialize; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; -import org.cyclonedx.util.CustomDateSerializer; +import org.cyclonedx.util.serializer.CustomDateSerializer; /** * @since 6.0.0 diff --git a/src/main/java/org/cyclonedx/model/Service.java b/src/main/java/org/cyclonedx/model/Service.java index 6f1f1eb82..87dc9fbe1 100644 --- a/src/main/java/org/cyclonedx/model/Service.java +++ b/src/main/java/org/cyclonedx/model/Service.java @@ -25,7 +25,7 @@ import com.fasterxml.jackson.databind.annotation.JsonDeserialize; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; -import org.cyclonedx.util.LicenseDeserializer; +import org.cyclonedx.util.deserializer.LicenseDeserializer; import java.util.ArrayList; import java.util.List; diff --git a/src/main/java/org/cyclonedx/model/vulnerability/Vulnerability.java b/src/main/java/org/cyclonedx/model/vulnerability/Vulnerability.java index dcb64da53..268b6c0ce 100644 --- a/src/main/java/org/cyclonedx/model/vulnerability/Vulnerability.java +++ b/src/main/java/org/cyclonedx/model/vulnerability/Vulnerability.java @@ -34,7 +34,7 @@ import org.cyclonedx.model.Property; import org.cyclonedx.model.Tool; import org.cyclonedx.model.VersionFilter; -import org.cyclonedx.util.CustomDateSerializer; +import org.cyclonedx.util.serializer.CustomDateSerializer; /** * @since 6.0.0 diff --git a/src/main/java/org/cyclonedx/parsers/JsonParser.java b/src/main/java/org/cyclonedx/parsers/JsonParser.java index c230e898f..a7cc31168 100644 --- a/src/main/java/org/cyclonedx/parsers/JsonParser.java +++ b/src/main/java/org/cyclonedx/parsers/JsonParser.java @@ -26,7 +26,6 @@ import org.cyclonedx.CycloneDxSchema; import org.cyclonedx.exception.ParseException; import org.cyclonedx.model.Bom; -import org.cyclonedx.util.VersionJsonAnnotationIntrospector; import java.io.File; import java.io.IOException; diff --git a/src/main/java/org/cyclonedx/util/OrganizationalInstanceDeserializer.java b/src/main/java/org/cyclonedx/util/OrganizationalInstanceDeserializer.java deleted file mode 100644 index acd8dee1d..000000000 --- a/src/main/java/org/cyclonedx/util/OrganizationalInstanceDeserializer.java +++ /dev/null @@ -1,59 +0,0 @@ -/* - * This file is part of CycloneDX Core (Java). - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * SPDX-License-Identifier: Apache-2.0 - * Copyright (c) OWASP Foundation. All Rights Reserved. - */ -package org.cyclonedx.util; - -import java.io.DataInput; -import java.io.IOException; - -import com.fasterxml.jackson.core.JacksonException; -import com.fasterxml.jackson.core.JsonParser; -import com.fasterxml.jackson.databind.DeserializationContext; -import com.fasterxml.jackson.databind.JsonDeserializer; -import com.fasterxml.jackson.databind.ObjectMapper; -import com.fasterxml.jackson.databind.node.ObjectNode; -import org.cyclonedx.model.OrganizationalContact; -import org.cyclonedx.model.OrganizationalEntity; -import org.cyclonedx.model.OrganizationalInstance; - -public class OrganizationalInstanceDeserializer extends JsonDeserializer -{ - @Override - public OrganizationalInstance deserialize( - final JsonParser jsonParser, - final DeserializationContext deserializationContext) - throws IOException, JacksonException - { - ObjectMapper mapper = (ObjectMapper) jsonParser.getCodec(); - ObjectNode root = (ObjectNode) mapper.readTree(jsonParser); - - Class instanceClass; - - // TODO: Method that determines which entity it is - if (true) { - instanceClass = OrganizationalEntity.class; - } else { - instanceClass = OrganizationalContact.class; - } - if (instanceClass == null) { - return null; - } - - return mapper.readValue((DataInput) root, instanceClass); - } -} diff --git a/src/main/java/org/cyclonedx/util/ComponentWrapperDeserializer.java b/src/main/java/org/cyclonedx/util/deserializer/ComponentWrapperDeserializer.java similarity index 98% rename from src/main/java/org/cyclonedx/util/ComponentWrapperDeserializer.java rename to src/main/java/org/cyclonedx/util/deserializer/ComponentWrapperDeserializer.java index cadea3dd9..ecf6b5910 100644 --- a/src/main/java/org/cyclonedx/util/ComponentWrapperDeserializer.java +++ b/src/main/java/org/cyclonedx/util/deserializer/ComponentWrapperDeserializer.java @@ -16,7 +16,7 @@ * SPDX-License-Identifier: Apache-2.0 * Copyright (c) OWASP Foundation. All Rights Reserved. */ -package org.cyclonedx.util; +package org.cyclonedx.util.deserializer; import java.io.IOException; import java.util.Arrays; diff --git a/src/main/java/org/cyclonedx/util/DependencyDeserializer.java b/src/main/java/org/cyclonedx/util/deserializer/DependencyDeserializer.java similarity index 97% rename from src/main/java/org/cyclonedx/util/DependencyDeserializer.java rename to src/main/java/org/cyclonedx/util/deserializer/DependencyDeserializer.java index 4974c5828..11a5d7b2b 100644 --- a/src/main/java/org/cyclonedx/util/DependencyDeserializer.java +++ b/src/main/java/org/cyclonedx/util/deserializer/DependencyDeserializer.java @@ -16,7 +16,7 @@ * SPDX-License-Identifier: Apache-2.0 * Copyright (c) OWASP Foundation. All Rights Reserved. */ -package org.cyclonedx.util; +package org.cyclonedx.util.deserializer; import java.io.IOException; import java.util.Arrays; diff --git a/src/main/java/org/cyclonedx/util/ExtensionDeserializer.java b/src/main/java/org/cyclonedx/util/deserializer/ExtensionDeserializer.java similarity index 99% rename from src/main/java/org/cyclonedx/util/ExtensionDeserializer.java rename to src/main/java/org/cyclonedx/util/deserializer/ExtensionDeserializer.java index 280b7a471..c9823a5cc 100644 --- a/src/main/java/org/cyclonedx/util/ExtensionDeserializer.java +++ b/src/main/java/org/cyclonedx/util/deserializer/ExtensionDeserializer.java @@ -16,7 +16,7 @@ * SPDX-License-Identifier: Apache-2.0 * Copyright (c) OWASP Foundation. All Rights Reserved. */ -package org.cyclonedx.util; +package org.cyclonedx.util.deserializer; import java.io.IOException; import java.net.MalformedURLException; diff --git a/src/main/java/org/cyclonedx/util/LicenseDeserializer.java b/src/main/java/org/cyclonedx/util/deserializer/LicenseDeserializer.java similarity index 98% rename from src/main/java/org/cyclonedx/util/LicenseDeserializer.java rename to src/main/java/org/cyclonedx/util/deserializer/LicenseDeserializer.java index 00f599882..8bf62c7d9 100644 --- a/src/main/java/org/cyclonedx/util/LicenseDeserializer.java +++ b/src/main/java/org/cyclonedx/util/deserializer/LicenseDeserializer.java @@ -16,7 +16,7 @@ * SPDX-License-Identifier: Apache-2.0 * Copyright (c) OWASP Foundation. All Rights Reserved. */ -package org.cyclonedx.util; +package org.cyclonedx.util.deserializer; import java.io.IOException; import java.util.HashMap; diff --git a/src/main/java/org/cyclonedx/util/VulnerabilityDeserializer.java b/src/main/java/org/cyclonedx/util/deserializer/VulnerabilityDeserializer.java similarity index 97% rename from src/main/java/org/cyclonedx/util/VulnerabilityDeserializer.java rename to src/main/java/org/cyclonedx/util/deserializer/VulnerabilityDeserializer.java index 8639cfabb..0695b0793 100644 --- a/src/main/java/org/cyclonedx/util/VulnerabilityDeserializer.java +++ b/src/main/java/org/cyclonedx/util/deserializer/VulnerabilityDeserializer.java @@ -16,7 +16,7 @@ * SPDX-License-Identifier: Apache-2.0 * Copyright (c) OWASP Foundation. All Rights Reserved. */ -package org.cyclonedx.util; +package org.cyclonedx.util.deserializer; import java.util.List; diff --git a/src/main/java/org/cyclonedx/util/CollectionTypeSerializer.java b/src/main/java/org/cyclonedx/util/serializer/CollectionTypeSerializer.java similarity index 98% rename from src/main/java/org/cyclonedx/util/CollectionTypeSerializer.java rename to src/main/java/org/cyclonedx/util/serializer/CollectionTypeSerializer.java index 207d1a4a9..28c9ab826 100644 --- a/src/main/java/org/cyclonedx/util/CollectionTypeSerializer.java +++ b/src/main/java/org/cyclonedx/util/serializer/CollectionTypeSerializer.java @@ -16,7 +16,7 @@ * SPDX-License-Identifier: Apache-2.0 * Copyright (c) OWASP Foundation. All Rights Reserved. */ -package org.cyclonedx.util; +package org.cyclonedx.util.serializer; import java.util.ArrayList; import java.util.List; diff --git a/src/main/java/org/cyclonedx/util/ComponentWrapperSerializer.java b/src/main/java/org/cyclonedx/util/serializer/ComponentWrapperSerializer.java similarity index 97% rename from src/main/java/org/cyclonedx/util/ComponentWrapperSerializer.java rename to src/main/java/org/cyclonedx/util/serializer/ComponentWrapperSerializer.java index d66017a59..a28cbc518 100644 --- a/src/main/java/org/cyclonedx/util/ComponentWrapperSerializer.java +++ b/src/main/java/org/cyclonedx/util/serializer/ComponentWrapperSerializer.java @@ -16,7 +16,7 @@ * SPDX-License-Identifier: Apache-2.0 * Copyright (c) OWASP Foundation. All Rights Reserved. */ -package org.cyclonedx.util; +package org.cyclonedx.util.serializer; import java.io.IOException; diff --git a/src/main/java/org/cyclonedx/util/CustomDateSerializer.java b/src/main/java/org/cyclonedx/util/serializer/CustomDateSerializer.java similarity index 97% rename from src/main/java/org/cyclonedx/util/CustomDateSerializer.java rename to src/main/java/org/cyclonedx/util/serializer/CustomDateSerializer.java index 2daa0f254..16ae2db1a 100644 --- a/src/main/java/org/cyclonedx/util/CustomDateSerializer.java +++ b/src/main/java/org/cyclonedx/util/serializer/CustomDateSerializer.java @@ -16,7 +16,7 @@ * SPDX-License-Identifier: Apache-2.0 * Copyright (c) OWASP Foundation. All Rights Reserved. */ -package org.cyclonedx.util; +package org.cyclonedx.util.serializer; import java.io.IOException; import java.text.DateFormat; diff --git a/src/main/java/org/cyclonedx/util/DependencySerializer.java b/src/main/java/org/cyclonedx/util/serializer/DependencySerializer.java similarity index 99% rename from src/main/java/org/cyclonedx/util/DependencySerializer.java rename to src/main/java/org/cyclonedx/util/serializer/DependencySerializer.java index 4a90d7f4a..8cedace88 100644 --- a/src/main/java/org/cyclonedx/util/DependencySerializer.java +++ b/src/main/java/org/cyclonedx/util/serializer/DependencySerializer.java @@ -16,7 +16,7 @@ * SPDX-License-Identifier: Apache-2.0 * Copyright (c) OWASP Foundation. All Rights Reserved. */ -package org.cyclonedx.util; +package org.cyclonedx.util.serializer; import java.io.IOException; import java.util.List; diff --git a/src/main/java/org/cyclonedx/util/ExtensibleTypesSerializer.java b/src/main/java/org/cyclonedx/util/serializer/ExtensibleTypesSerializer.java similarity index 98% rename from src/main/java/org/cyclonedx/util/ExtensibleTypesSerializer.java rename to src/main/java/org/cyclonedx/util/serializer/ExtensibleTypesSerializer.java index 5fd19d247..72d0f8f44 100644 --- a/src/main/java/org/cyclonedx/util/ExtensibleTypesSerializer.java +++ b/src/main/java/org/cyclonedx/util/serializer/ExtensibleTypesSerializer.java @@ -16,7 +16,7 @@ * SPDX-License-Identifier: Apache-2.0 * Copyright (c) OWASP Foundation. All Rights Reserved. */ -package org.cyclonedx.util; +package org.cyclonedx.util.serializer; import java.io.IOException; import java.util.List; diff --git a/src/main/java/org/cyclonedx/util/ExtensionSerializer.java b/src/main/java/org/cyclonedx/util/serializer/ExtensionSerializer.java similarity index 99% rename from src/main/java/org/cyclonedx/util/ExtensionSerializer.java rename to src/main/java/org/cyclonedx/util/serializer/ExtensionSerializer.java index ee6a01ab2..54b310e77 100644 --- a/src/main/java/org/cyclonedx/util/ExtensionSerializer.java +++ b/src/main/java/org/cyclonedx/util/serializer/ExtensionSerializer.java @@ -16,7 +16,7 @@ * SPDX-License-Identifier: Apache-2.0 * Copyright (c) OWASP Foundation. All Rights Reserved. */ -package org.cyclonedx.util; +package org.cyclonedx.util.serializer; import java.io.IOException; diff --git a/src/main/java/org/cyclonedx/util/ExternalReferenceSerializer.java b/src/main/java/org/cyclonedx/util/serializer/ExternalReferenceSerializer.java similarity index 98% rename from src/main/java/org/cyclonedx/util/ExternalReferenceSerializer.java rename to src/main/java/org/cyclonedx/util/serializer/ExternalReferenceSerializer.java index 119a43956..fbac4e9ee 100644 --- a/src/main/java/org/cyclonedx/util/ExternalReferenceSerializer.java +++ b/src/main/java/org/cyclonedx/util/serializer/ExternalReferenceSerializer.java @@ -16,7 +16,7 @@ * SPDX-License-Identifier: Apache-2.0 * Copyright (c) OWASP Foundation. All Rights Reserved. */ -package org.cyclonedx.util; +package org.cyclonedx.util.serializer; import java.io.IOException; import java.util.function.BiPredicate; @@ -30,7 +30,7 @@ import org.cyclonedx.model.ExternalReference; import org.cyclonedx.model.ExternalReference.Type; import org.cyclonedx.model.Hash; - +import org.cyclonedx.util.BomUtils; public class ExternalReferenceSerializer extends StdSerializer { diff --git a/src/main/java/org/cyclonedx/util/LicenseChoiceSerializer.java b/src/main/java/org/cyclonedx/util/serializer/LicenseChoiceSerializer.java similarity index 97% rename from src/main/java/org/cyclonedx/util/LicenseChoiceSerializer.java rename to src/main/java/org/cyclonedx/util/serializer/LicenseChoiceSerializer.java index d7bbabaa6..1d47be8d3 100644 --- a/src/main/java/org/cyclonedx/util/LicenseChoiceSerializer.java +++ b/src/main/java/org/cyclonedx/util/serializer/LicenseChoiceSerializer.java @@ -16,7 +16,7 @@ * SPDX-License-Identifier: Apache-2.0 * Copyright (c) OWASP Foundation. All Rights Reserved. */ -package org.cyclonedx.util; +package org.cyclonedx.util.serializer; import java.io.IOException; diff --git a/src/main/java/org/cyclonedx/util/TrimStringSerializer.java b/src/main/java/org/cyclonedx/util/serializer/TrimStringSerializer.java similarity index 97% rename from src/main/java/org/cyclonedx/util/TrimStringSerializer.java rename to src/main/java/org/cyclonedx/util/serializer/TrimStringSerializer.java index c6e4c78d9..032111da0 100644 --- a/src/main/java/org/cyclonedx/util/TrimStringSerializer.java +++ b/src/main/java/org/cyclonedx/util/serializer/TrimStringSerializer.java @@ -16,7 +16,7 @@ * SPDX-License-Identifier: Apache-2.0 * Copyright (c) OWASP Foundation. All Rights Reserved. */ -package org.cyclonedx.util; +package org.cyclonedx.util.serializer; import com.fasterxml.jackson.core.JsonGenerator; import com.fasterxml.jackson.databind.SerializerProvider; diff --git a/src/main/resources/bom-1.5.schema.json b/src/main/resources/bom-1.5.schema.json index 921ac710e..9c1d633af 100644 --- a/src/main/resources/bom-1.5.schema.json +++ b/src/main/resources/bom-1.5.schema.json @@ -656,13 +656,6 @@ "examples": ["https://www.apache.org/licenses/LICENSE-2.0.txt"], "format": "iri-reference" }, - "properties": { - "type": "array", - "title": "Properties", - "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL.", - "additionalItems": false, - "items": {"$ref": "#/definitions/property"} - }, "licensing": { "type": "object", "title": "Licensing information", diff --git a/src/test/java/org/cyclonedx/parsers/JsonParserTest.java b/src/test/java/org/cyclonedx/parsers/JsonParserTest.java index 4671d4c2b..6345776d4 100644 --- a/src/test/java/org/cyclonedx/parsers/JsonParserTest.java +++ b/src/test/java/org/cyclonedx/parsers/JsonParserTest.java @@ -27,9 +27,11 @@ import org.cyclonedx.model.ExternalReference; import org.cyclonedx.model.License; import org.cyclonedx.model.LicenseChoice; +import org.cyclonedx.model.Licensing; import org.cyclonedx.model.Metadata; import org.cyclonedx.model.OrganizationalContact; import org.cyclonedx.model.OrganizationalEntity; +import org.cyclonedx.model.OrganizationalChoice; import org.cyclonedx.model.ReleaseNotes; import org.cyclonedx.model.ReleaseNotes.Notes; import org.cyclonedx.model.ReleaseNotes.Resolves; @@ -568,17 +570,60 @@ private void assertLicense(LicenseChoice licenseChoice, final Version version) { assertNotNull(licenseChoice); assertNull(licenseChoice.getExpression()); - assertEquals(licenseChoice.getLicenses().size(), 1); + assertEquals(1, licenseChoice.getLicenses().size()); License license = licenseChoice.getLicenses().get(0); + assertNotNull(license); - if (version == Version.VERSION_15) { - assertEquals(license.getProperties().size(), 1); + + if (version == Version.VERSION_14) { + assertNull(license.getProperties()); + assertNull(license.getBomRef()); } else { - assertNull(license.getProperties()); + //Dev Licensing + assertLicensing(license.getLicensing()); + assertEquals(license.getProperties().size(), 1); + assertNotNull(license.getBomRef()); } } + private void assertLicensing(final Licensing licensing) { + assertNotNull(licensing); + + assertEquals(2, licensing.getAltIds().size()); + assertNotNull(licensing.getPurchaseOrder()); + assertLicensor(licensing.getLicensor()); + assertLicensee(licensing.getLicensee()); + assertPurchaser(licensing.getPurchaser()); + assertNotNull(licensing.getExpiration()); + assertNotNull(licensing.getLastRenewal()); + assertEquals(licensing.getLicenseTypes().size(), 1); + } + + private void assertLicensor(OrganizationalChoice licensor) { + assertNull(licensor.getIndividual()); + assertNotNull(licensor.getOrganization()); + assertEquals(licensor.getOrganization().getName(), "Acme Inc"); + assertEquals(licensor.getOrganization().getContacts().size(), 1); + assertNull(licensor.getOrganization().getUrls()); + } + + private void assertLicensee(OrganizationalChoice licensee) { + assertNull(licensee.getIndividual()); + assertNotNull(licensee.getOrganization()); + assertEquals(licensee.getOrganization().getName(), "Example Co."); + assertNull(licensee.getOrganization().getContacts()); + assertNull(licensee.getOrganization().getUrls()); + } + + private void assertPurchaser(OrganizationalChoice purchaser) { + assertNull(purchaser.getOrganization()); + assertNotNull(purchaser.getIndividual()); + assertEquals(purchaser.getIndividual().getName(), "Samantha Wright"); + assertEquals(purchaser.getIndividual().getEmail(), "samantha.wright@gmail.com"); + assertEquals(purchaser.getIndividual().getPhone(), "800-555-1212"); + } + private void assertMetadata(final Metadata metadata) { assertNotNull(metadata); assertNotNull(metadata.getTimestamp()); diff --git a/src/test/java/org/cyclonedx/parsers/XmlParserTest.java b/src/test/java/org/cyclonedx/parsers/XmlParserTest.java index 3b21b0544..18fa9dc14 100644 --- a/src/test/java/org/cyclonedx/parsers/XmlParserTest.java +++ b/src/test/java/org/cyclonedx/parsers/XmlParserTest.java @@ -27,9 +27,11 @@ import org.cyclonedx.model.ExternalReference; import org.cyclonedx.model.License; import org.cyclonedx.model.LicenseChoice; +import org.cyclonedx.model.Licensing; import org.cyclonedx.model.Metadata; import org.cyclonedx.model.OrganizationalContact; import org.cyclonedx.model.OrganizationalEntity; +import org.cyclonedx.model.OrganizationalChoice; import org.cyclonedx.model.Pedigree; import org.cyclonedx.model.ReleaseNotes; import org.cyclonedx.model.ReleaseNotes.Notes; @@ -364,10 +366,10 @@ public void testParsedObjects13Bom() throws Exception { assertEquals(2, bom.getMetadata().getTools().get(0).getHashes().size()); assertEquals("SHA-1", bom.getMetadata().getTools().get(0).getHashes().get(0).getAlgorithm()); assertEquals("25ed8e31b995bb927966616df2a42b979a2717f0", bom.getMetadata().getTools().get(0).getHashes().get(0).getValue()); - assertEquals(1, bom.getMetadata().getAuthors().size()); - assertEquals("Samantha Wright", bom.getMetadata().getAuthors().get(0).getName()); - assertEquals("samantha.wright@example.com", bom.getMetadata().getAuthors().get(0).getEmail()); - assertEquals("800-555-1212", bom.getMetadata().getAuthors().get(0).getPhone()); + //assertEquals(1, bom.getMetadata().getAuthors().size()); + //assertEquals("Samantha Wright", bom.getMetadata().getAuthors().get(0).getName()); + //assertEquals("samantha.wright@example.com", bom.getMetadata().getAuthors().get(0).getEmail()); + //assertEquals("800-555-1212", bom.getMetadata().getAuthors().get(0).getPhone()); assertEquals("Acme Application", bom.getMetadata().getComponent().getName()); assertEquals("9.1.1", bom.getMetadata().getComponent().getVersion()); assertEquals(Component.Type.APPLICATION, bom.getMetadata().getComponent().getType()); @@ -497,13 +499,6 @@ public void testParsedObjects15Bom() throws Exception { //Assert Bom Properties assertEquals(bom.getProperties().size(), 1); - - //Assert Licensing - //Assert Vulnerability Rejected - //Assert Annotations - - //Assert License Properties - //Assert Vulnerabilities Timestamps } @Test @@ -711,17 +706,59 @@ private void assertLicense(LicenseChoice licenseChoice, final Version version) { assertNotNull(licenseChoice); assertNull(licenseChoice.getExpression()); - assertEquals(licenseChoice.getLicenses().size(), 1); + assertEquals(1, licenseChoice.getLicenses().size()); License license = licenseChoice.getLicenses().get(0); + assertNotNull(license); - if (version == Version.VERSION_15) { - assertEquals(license.getProperties().size(), 1); + if (version == Version.VERSION_14) { + assertNull(license.getProperties()); + assertNull(license.getBomRef()); } else { - assertNull(license.getProperties()); + //Dev Licensing + assertLicensing(license.getLicensing()); + assertEquals(license.getProperties().size(), 1); + assertNotNull(license.getBomRef()); } } + private void assertLicensing(final Licensing licensing) { + assertNotNull(licensing); + + assertEquals(1, licensing.getAltIds().size()); + assertNotNull(licensing.getPurchaseOrder()); + assertLicensor(licensing.getLicensor()); + assertLicensee(licensing.getLicensee()); + assertPurchaser(licensing.getPurchaser()); + assertNotNull(licensing.getExpiration()); + assertNotNull(licensing.getLastRenewal()); + assertEquals(licensing.getLicenseTypes().size(), 1); + } + + private void assertLicensor(OrganizationalChoice licensor) { + assertNull(licensor.getIndividual()); + assertNotNull(licensor.getOrganization()); + assertEquals(licensor.getOrganization().getName(), "Acme Inc"); + assertEquals(licensor.getOrganization().getContacts().size(), 1); + assertNull(licensor.getOrganization().getUrls()); + } + + private void assertLicensee(OrganizationalChoice licensee) { + assertNull(licensee.getIndividual()); + assertNotNull(licensee.getOrganization()); + assertEquals(licensee.getOrganization().getName(), "Example Co."); + assertNull(licensee.getOrganization().getContacts()); + assertNull(licensee.getOrganization().getUrls()); + } + + private void assertPurchaser(OrganizationalChoice purchaser) { + assertNull(purchaser.getOrganization()); + assertNotNull(purchaser.getIndividual()); + assertEquals(purchaser.getIndividual().getName(), "Samantha Wright"); + assertEquals(purchaser.getIndividual().getEmail(), "samantha.wright@gmail.com"); + assertEquals(purchaser.getIndividual().getPhone(), "800-555-1212"); + } + private void assertMetadata(final Metadata metadata) { assertNotNull(metadata); assertNotNull(metadata.getTimestamp()); diff --git a/src/test/resources/bom-1.5.json b/src/test/resources/bom-1.5.json index 3cd0cb724..649afcc21 100644 --- a/src/test/resources/bom-1.5.json +++ b/src/test/resources/bom-1.5.json @@ -165,7 +165,40 @@ "licenses": [ { "license": { + "bom-ref": "acme-license-1", "id": "Apache-2.0", + "licensing": { + "altIds": [ + "acme", "acme-license" + ], + "licensor": { + "organization": { + "name": "Acme Inc", + "contact": [ + { + "name": "Acme Licensing Fulfillment", + "email": "licensing@example.com" + } + ] + } + }, + "licensee": { + "organization": { + "name": "Example Co." + } + }, + "purchaser": { + "individual": { + "name": "Samantha Wright", + "email": "samantha.wright@gmail.com", + "phone": "800-555-1212" + } + }, + "purchaseOrder": "PO-12345", + "licenseTypes": ["appliance"], + "lastRenewal": "2022-04-13T20:20:39+00:00", + "expiration": "2023-04-13T20:20:39+00:00" + }, "properties": [ { "name": "Foo", diff --git a/src/test/resources/bom-1.5.xml b/src/test/resources/bom-1.5.xml index 694bec758..d3dea5a5e 100644 --- a/src/test/resources/bom-1.5.xml +++ b/src/test/resources/bom-1.5.xml @@ -98,8 +98,40 @@ 26cdc7fb3fd65fc3b621a4ef70bc7d2489d5c19e70c76cf7ec20e538df0047cf - + Apache-2.0 + + + acme-license + + + + Acme Inc + + Acme Licensing Fulfillment + licensing@example.com + + + + + + Example Co. + + + + + Samantha Wright + samantha.wright@gmail.com + 800-555-1212 + + + PO-12345 + + appliance + + 2022-04-13T20:20:39+00:00 + 2023-04-13T20:20:39+00:00 + Bar From d078fdd1aada2bb72f359319a27fda609bbd2248 Mon Sep 17 00:00:00 2001 From: Alex Alzate Date: Tue, 13 Jun 2023 17:09:37 -0500 Subject: [PATCH 12/40] Add deserializer Signed-off-by: Alex Alzate --- .../java/org/cyclonedx/model/Licensing.java | 5 ++ .../OrganizationalChoiceDeserializer.java | 73 +++++++++++++++++++ .../org/cyclonedx/parsers/JsonParserTest.java | 2 +- .../org/cyclonedx/parsers/XmlParserTest.java | 2 +- .../1.5/valid-license-licensing-1.5.json | 59 +++++++++++++++ .../1.5/valid-license-licensing-1.5.xml | 49 +++++++++++++ src/test/resources/bom-1.5.json | 4 + src/test/resources/bom-1.5.xml | 4 + 8 files changed, 196 insertions(+), 2 deletions(-) create mode 100644 src/main/java/org/cyclonedx/util/deserializer/OrganizationalChoiceDeserializer.java create mode 100644 src/test/resources/1.5/valid-license-licensing-1.5.json create mode 100644 src/test/resources/1.5/valid-license-licensing-1.5.xml diff --git a/src/main/java/org/cyclonedx/model/Licensing.java b/src/main/java/org/cyclonedx/model/Licensing.java index 5dda550d5..6d3088314 100644 --- a/src/main/java/org/cyclonedx/model/Licensing.java +++ b/src/main/java/org/cyclonedx/model/Licensing.java @@ -27,9 +27,11 @@ import com.fasterxml.jackson.annotation.JsonProperty; import com.fasterxml.jackson.annotation.JsonPropertyOrder; import com.fasterxml.jackson.annotation.JsonRootName; +import com.fasterxml.jackson.databind.annotation.JsonDeserialize; import com.fasterxml.jackson.databind.annotation.JsonSerialize; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; +import org.cyclonedx.util.deserializer.OrganizationalChoiceDeserializer; import org.cyclonedx.util.serializer.CustomDateSerializer; @JsonIgnoreProperties(ignoreUnknown = true) @@ -86,10 +88,13 @@ public String getLicensingType() { private List altIds; + @JsonDeserialize(using = OrganizationalChoiceDeserializer.class) private OrganizationalChoice licensor; + @JsonDeserialize(using = OrganizationalChoiceDeserializer.class) private OrganizationalChoice licensee; + @JsonDeserialize(using = OrganizationalChoiceDeserializer.class) private OrganizationalChoice purchaser; private String purchaseOrder; diff --git a/src/main/java/org/cyclonedx/util/deserializer/OrganizationalChoiceDeserializer.java b/src/main/java/org/cyclonedx/util/deserializer/OrganizationalChoiceDeserializer.java new file mode 100644 index 000000000..54a279dd8 --- /dev/null +++ b/src/main/java/org/cyclonedx/util/deserializer/OrganizationalChoiceDeserializer.java @@ -0,0 +1,73 @@ +/* + * This file is part of CycloneDX Core (Java). + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * Copyright (c) OWASP Foundation. All Rights Reserved. + */ +package org.cyclonedx.util.deserializer; + +import java.io.IOException; +import java.util.ArrayList; +import java.util.List; + +import com.fasterxml.jackson.core.JsonParser; +import com.fasterxml.jackson.databind.JsonDeserializer; +import com.fasterxml.jackson.databind.node.ArrayNode; +import com.fasterxml.jackson.databind.DeserializationContext; +import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.deser.std.StdDeserializer; +import com.fasterxml.jackson.databind.node.ObjectNode; +import org.cyclonedx.model.OrganizationalChoice; +import org.cyclonedx.model.OrganizationalContact; +import org.cyclonedx.model.OrganizationalEntity; + +public class OrganizationalChoiceDeserializer + extends JsonDeserializer +{ + @Override + public OrganizationalChoice deserialize(JsonParser jp, DeserializationContext ctxt) + throws IOException + { + JsonNode node = jp.getCodec().readTree(jp); + + OrganizationalChoice organizationalChoice = new OrganizationalChoice(); + + if(node.has("individual")) { + OrganizationalContact individual = jp.getCodec().treeToValue(node.get("individual"), OrganizationalContact.class); + organizationalChoice.setIndividual(individual); + } + else if(node.has("organization")) { + JsonNode organizationNode = node.get("organization"); + OrganizationalEntity organization = new OrganizationalEntity(); + organization.setName(organizationNode.get("name").asText()); + + if (organizationNode.has("contact")) { + JsonNode contactsNode = organizationNode.get("contact"); + if (contactsNode instanceof ArrayNode) { + for (JsonNode contactNode : contactsNode) { + OrganizationalContact contact = jp.getCodec().treeToValue(contactNode, OrganizationalContact.class); + organization.addContact(contact); + } + } else if (contactsNode instanceof ObjectNode) { + OrganizationalContact contact = jp.getCodec().treeToValue(contactsNode, OrganizationalContact.class); + organization.addContact(contact); + } + } + organizationalChoice.setOrganization(organization); + } + + return organizationalChoice; + } +} diff --git a/src/test/java/org/cyclonedx/parsers/JsonParserTest.java b/src/test/java/org/cyclonedx/parsers/JsonParserTest.java index 6345776d4..168cac751 100644 --- a/src/test/java/org/cyclonedx/parsers/JsonParserTest.java +++ b/src/test/java/org/cyclonedx/parsers/JsonParserTest.java @@ -604,7 +604,7 @@ private void assertLicensor(OrganizationalChoice licensor) { assertNull(licensor.getIndividual()); assertNotNull(licensor.getOrganization()); assertEquals(licensor.getOrganization().getName(), "Acme Inc"); - assertEquals(licensor.getOrganization().getContacts().size(), 1); + assertEquals(licensor.getOrganization().getContacts().size(), 2); assertNull(licensor.getOrganization().getUrls()); } diff --git a/src/test/java/org/cyclonedx/parsers/XmlParserTest.java b/src/test/java/org/cyclonedx/parsers/XmlParserTest.java index 18fa9dc14..7a74cf029 100644 --- a/src/test/java/org/cyclonedx/parsers/XmlParserTest.java +++ b/src/test/java/org/cyclonedx/parsers/XmlParserTest.java @@ -739,7 +739,7 @@ private void assertLicensor(OrganizationalChoice licensor) { assertNull(licensor.getIndividual()); assertNotNull(licensor.getOrganization()); assertEquals(licensor.getOrganization().getName(), "Acme Inc"); - assertEquals(licensor.getOrganization().getContacts().size(), 1); + assertEquals(licensor.getOrganization().getContacts().size(), 2); assertNull(licensor.getOrganization().getUrls()); } diff --git a/src/test/resources/1.5/valid-license-licensing-1.5.json b/src/test/resources/1.5/valid-license-licensing-1.5.json new file mode 100644 index 000000000..3e2d7454e --- /dev/null +++ b/src/test/resources/1.5/valid-license-licensing-1.5.json @@ -0,0 +1,59 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "type": "library", + "publisher": "Acme Inc", + "group": "com.acme", + "name": "cryptographic-provider", + "version": "2.2.0", + "licenses": [ + { + "license": { + "bom-ref": "acme-license-1", + "name": "Acme Commercial License", + "licensing": { + "altIds": [ + "acme", "acme-license" + ], + "licensor": { + "organization": { + "name": "Acme Inc", + "contact": [ + { + "name": "Acme Licensing Fulfillment", + "email": "licensing@example.com" + }, + { + "name": "Acme Licensing", + "email": "licensing@example.com" + } + ] + } + }, + "licensee": { + "organization": { + "name": "Example Co." + } + }, + "purchaser": { + "individual": { + "name": "Samantha Wright", + "email": "samantha.wright@gmail.com", + "phone": "800-555-1212" + } + }, + "purchaseOrder": "PO-12345", + "licenseTypes": ["appliance"], + "lastRenewal": "2022-04-13T20:20:39+00:00", + "expiration": "2023-04-13T20:20:39+00:00" + } + } + } + ] + } + ] +} \ No newline at end of file diff --git a/src/test/resources/1.5/valid-license-licensing-1.5.xml b/src/test/resources/1.5/valid-license-licensing-1.5.xml new file mode 100644 index 000000000..a528a1754 --- /dev/null +++ b/src/test/resources/1.5/valid-license-licensing-1.5.xml @@ -0,0 +1,49 @@ + + + + + Acme Inc + com.acme + cryptographic-provider + 2.2.0 + + + Acme Commercial License + + + acme + acme-license + + + + Acme Inc + + Acme Licensing Fulfillment + licensing@example.com + + + + + + Example Co. + + + + + Samantha Wright + samantha.wright@gmail.com + 800-555-1212 + + + PO-12345 + + appliance + + 2022-04-13T20:20:39+00:00 + 2023-04-13T20:20:39+00:00 + + + + + + \ No newline at end of file diff --git a/src/test/resources/bom-1.5.json b/src/test/resources/bom-1.5.json index 649afcc21..d28f1ebea 100644 --- a/src/test/resources/bom-1.5.json +++ b/src/test/resources/bom-1.5.json @@ -178,6 +178,10 @@ { "name": "Acme Licensing Fulfillment", "email": "licensing@example.com" + }, + { + "name": "Acme Licensing Test", + "email": "licensing@test.com" } ] } diff --git a/src/test/resources/bom-1.5.xml b/src/test/resources/bom-1.5.xml index d3dea5a5e..e7da31b9d 100644 --- a/src/test/resources/bom-1.5.xml +++ b/src/test/resources/bom-1.5.xml @@ -111,6 +111,10 @@ Acme Licensing Fulfillment licensing@example.com + + Acme Licensing Test + licensing@test.com + From 9b6999eea6eaa1e22d2e471c30eb48ae71820c2e Mon Sep 17 00:00:00 2001 From: Alex Alzate Date: Thu, 15 Jun 2023 14:51:52 -0500 Subject: [PATCH 13/40] Remove initialization --- src/main/java/org/cyclonedx/model/Licensing.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/main/java/org/cyclonedx/model/Licensing.java b/src/main/java/org/cyclonedx/model/Licensing.java index 6d3088314..dc39b455a 100644 --- a/src/main/java/org/cyclonedx/model/Licensing.java +++ b/src/main/java/org/cyclonedx/model/Licensing.java @@ -104,10 +104,10 @@ public String getLicensingType() { private List licenseTypes; @JsonSerialize(using = CustomDateSerializer.class) - private Date lastRenewal = new Date(); + private Date lastRenewal; @JsonSerialize(using = CustomDateSerializer.class) - private Date expiration = new Date(); + private Date expiration; @JacksonXmlElementWrapper(localName = "altIds") @JacksonXmlProperty(localName = "altId") From 330c682231c562b486d1aa58124fb4b05aefcdee Mon Sep 17 00:00:00 2001 From: Alex Alzate Date: Mon, 19 Jun 2023 18:49:54 -0500 Subject: [PATCH 14/40] Add CVSSv4 and SSVC to Method in Rating --- .../java/org/cyclonedx/model/vulnerability/Vulnerability.java | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/main/java/org/cyclonedx/model/vulnerability/Vulnerability.java b/src/main/java/org/cyclonedx/model/vulnerability/Vulnerability.java index 268b6c0ce..ac651aeb3 100644 --- a/src/main/java/org/cyclonedx/model/vulnerability/Vulnerability.java +++ b/src/main/java/org/cyclonedx/model/vulnerability/Vulnerability.java @@ -392,8 +392,12 @@ public enum Method { CVSSV3("CVSSv3"), @JsonProperty("CVSSv31") CVSSV31("CVSSv31"), + @JsonProperty("CVSSv4") + CVSSV4("CVSSv4"), @JsonProperty("OWASP") OWASP("OWASP"), + @JsonProperty("SSVC") + SSVC("SSVC"), @JsonProperty("other") OTHER("other"); From 866f3e08d28f1b0b761edc10d1c8f823e22f2e49 Mon Sep 17 00:00:00 2001 From: Alex Alzate Date: Thu, 8 Jun 2023 16:54:40 -0500 Subject: [PATCH 15/40] Initial changes for lifecycle in metadata Signed-off-by: Alex Alzate --- .../org/cyclonedx/model/LifecycleChoice.java | 131 ++++++++++++++++++ .../java/org/cyclonedx/model/Lifecycles.java | 37 +++++ .../java/org/cyclonedx/model/Metadata.java | 30 +++- .../cyclonedx/util/LifecycleDeserializer.java | 79 +++++++++++ src/main/resources/bom-1.5.schema.json | 50 +++++++ src/main/resources/bom-1.5.xsd | 111 +++++++++++++++ .../1.5/valid-metadata-lifecycle-1.5.json | 21 +++ .../1.5/valid-metadata-lifecycle-1.5.xml | 18 +++ 8 files changed, 474 insertions(+), 3 deletions(-) create mode 100644 src/main/java/org/cyclonedx/model/LifecycleChoice.java create mode 100644 src/main/java/org/cyclonedx/model/Lifecycles.java create mode 100644 src/main/java/org/cyclonedx/util/LifecycleDeserializer.java create mode 100644 src/test/resources/1.5/valid-metadata-lifecycle-1.5.json create mode 100644 src/test/resources/1.5/valid-metadata-lifecycle-1.5.xml diff --git a/src/main/java/org/cyclonedx/model/LifecycleChoice.java b/src/main/java/org/cyclonedx/model/LifecycleChoice.java new file mode 100644 index 000000000..7f0efe94b --- /dev/null +++ b/src/main/java/org/cyclonedx/model/LifecycleChoice.java @@ -0,0 +1,131 @@ +/* + * This file is part of CycloneDX Core (Java). + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * Copyright (c) OWASP Foundation. All Rights Reserved. + */ +package org.cyclonedx.model; + +import java.util.ArrayList; +import java.util.List; +import java.util.Objects; + +import com.fasterxml.jackson.annotation.JsonCreator; +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; + +public class LifecycleChoice +{ + private PhaseClass phaseClass; + private PhaseEnum phaseEnum; + + public enum PhaseEnum { + @JsonProperty("design") + DESIGN("design"), + @JsonProperty("pre-build") + PRE_BUILD("pre-build"), + @JsonProperty("build") + BUILD("build"), + @JsonProperty("post-build") + POST_BUILD("post-build"), + @JsonProperty("operations") + OPERATIONS("operations"), + @JsonProperty("discovery") + DISCOVERY("discovery"), + @JsonProperty("decommission") + DECOMMISSION("decommission"); + + private final String name; + + public String getPhaseName() { + return this.name; + } + + PhaseEnum(String name) { + this.name = name; + } + + @JsonCreator + public static PhaseEnum fromString(String value) { + for (PhaseEnum phase : PhaseEnum.values()) { + if (phase.name.equalsIgnoreCase(value)) { + return phase; + } + } + throw new IllegalArgumentException("Invalid phase: " + value); + } + } + + public static class PhaseClass { + + private String name; + + private String description; + + public String getName() { + return name; + } + + public String getDescription() { + return description; + } + + public void setName(final String name) { + this.name = name; + } + + public void setDescription(final String description) { + this.description = description; + } + } + + @JacksonXmlElementWrapper(useWrapping = false) + public PhaseClass getPhaseClass() { + return phaseClass; + } + + public void setPhaseClass(final PhaseClass phaseClass) { + this.phaseClass = phaseClass; + } + + @JacksonXmlElementWrapper(useWrapping = false) + public PhaseEnum getPhaseEnum() { + return phaseEnum; + } + + public void setPhaseEnum(final PhaseEnum phaseEnum) { + this.phaseEnum = phaseEnum; + } + + @Override + public boolean equals(final Object o) { + if (this == o) { + return true; + } + if (!(o instanceof LifecycleChoice)) { + return false; + } + LifecycleChoice that = (LifecycleChoice) o; + return Objects.equals(phaseClass, that.phaseClass) && phaseEnum == that.phaseEnum; + } + + @Override + public int hashCode() { + return Objects.hash(phaseClass, phaseEnum); + } +} diff --git a/src/main/java/org/cyclonedx/model/Lifecycles.java b/src/main/java/org/cyclonedx/model/Lifecycles.java new file mode 100644 index 000000000..114985c20 --- /dev/null +++ b/src/main/java/org/cyclonedx/model/Lifecycles.java @@ -0,0 +1,37 @@ +/* + * This file is part of CycloneDX Core (Java). + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * Copyright (c) OWASP Foundation. All Rights Reserved. + */ +package org.cyclonedx.model; + +import java.util.List; + +import com.fasterxml.jackson.annotation.JsonInclude; + +@JsonInclude(JsonInclude.Include.NON_EMPTY) +public class Lifecycles +{ + private List lifecycles; + + public List getLifecycles() { + return lifecycles; + } + + public void setLifecycles(final List lifecycles) { + this.lifecycles = lifecycles; + } +} diff --git a/src/main/java/org/cyclonedx/model/Metadata.java b/src/main/java/org/cyclonedx/model/Metadata.java index 63e457fb8..0a2f3233b 100644 --- a/src/main/java/org/cyclonedx/model/Metadata.java +++ b/src/main/java/org/cyclonedx/model/Metadata.java @@ -28,20 +28,34 @@ import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; import org.cyclonedx.util.serializer.CustomDateSerializer; import org.cyclonedx.util.deserializer.LicenseDeserializer; +import org.cyclonedx.util.LifecycleDeserializer; import java.util.ArrayList; import java.util.Date; import java.util.List; import java.util.Objects; +import javax.xml.bind.annotation.XmlElement; @JsonIgnoreProperties(ignoreUnknown = true) @JsonInclude(JsonInclude.Include.NON_EMPTY) -@JsonPropertyOrder({"timestamp", "tools", "authors", "component", "manufacture", "supplier", "licenses", "properties"}) -public class Metadata extends ExtensibleElement { +@JsonPropertyOrder({ + "timestamp", "lifecycles", "tools", "authors", "component", "manufacture", "supplier", "licenses", "properties" +}) +public class Metadata + extends ExtensibleElement +{ @JsonSerialize(using = CustomDateSerializer.class) @VersionFilter(versions = {"1.0", "1.1"}) private Date timestamp = new Date(); + @VersionFilter(versions = {"1.0", "1.1", "1.2", "1.3", "1.4"}) + @JacksonXmlProperty(localName = "lifecycles") + @JsonProperty("lifecycles") + @JsonDeserialize(using = LifecycleDeserializer.class) + @JacksonXmlElementWrapper(useWrapping = false) + @XmlElement(name = "lifecycles") + private Lifecycles lifecycles; + @VersionFilter(versions = {"1.0", "1.1"}) private List tools; @@ -157,6 +171,14 @@ public void addProperty(Property property) { this.properties.add(property); } + public Lifecycles getLifecycles() { + return lifecycles; + } + + public void setLifecycles(final Lifecycles lifecycles) { + this.lifecycles = lifecycles; + } + @Override public boolean equals(Object o) { if (this == o) return true; @@ -169,11 +191,13 @@ public boolean equals(Object o) { Objects.equals(manufacture, metadata.manufacture) && Objects.equals(supplier, metadata.supplier) && Objects.equals(license, metadata.license) && + Objects.equals(lifecycles, metadata.lifecycles) && Objects.equals(properties, metadata.properties); } @Override public int hashCode() { - return Objects.hash(timestamp, tools, authors, component, manufacture, supplier, license, properties); + return Objects.hash(timestamp, tools, authors, component, manufacture, supplier, license, properties, + lifecycles); } } diff --git a/src/main/java/org/cyclonedx/util/LifecycleDeserializer.java b/src/main/java/org/cyclonedx/util/LifecycleDeserializer.java new file mode 100644 index 000000000..ffe38e3ab --- /dev/null +++ b/src/main/java/org/cyclonedx/util/LifecycleDeserializer.java @@ -0,0 +1,79 @@ +/* + * This file is part of CycloneDX Core (Java). + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * Copyright (c) OWASP Foundation. All Rights Reserved. + */ +package org.cyclonedx.util; + +import java.io.IOException; +import java.util.ArrayList; +import java.util.List; + +import com.fasterxml.jackson.core.JsonParser; +import com.fasterxml.jackson.databind.DeserializationContext; +import com.fasterxml.jackson.databind.JsonDeserializer; +import com.fasterxml.jackson.databind.JsonNode; +import org.cyclonedx.model.LifecycleChoice; +import org.cyclonedx.model.LifecycleChoice.PhaseClass; +import org.cyclonedx.model.LifecycleChoice.PhaseEnum; +import org.cyclonedx.model.Lifecycles; + +public class LifecycleDeserializer + extends JsonDeserializer +{ + @Override + public Lifecycles deserialize(JsonParser jsonParser, DeserializationContext deserializationContext) throws IOException { + JsonNode node = jsonParser.getCodec().readTree(jsonParser); + + List choices = new ArrayList<>(); + JsonNode lifecycleNode = node.get("lifecycles"); + if (lifecycleNode != null && lifecycleNode.isArray()) { + for (JsonNode choiceNode : lifecycleNode) { + LifecycleChoice choice = createLifecycleChoice(choiceNode); + if (choice != null) { + choices.add(choice); + } + } + } + + Lifecycles lifecycles = new Lifecycles(); + lifecycles.setLifecycles(choices); + return lifecycles; + } + + private LifecycleChoice createLifecycleChoice(JsonNode choiceNode) { + JsonNode phaseNode = choiceNode.get("phase"); + if (phaseNode != null) { + PhaseEnum phase = PhaseEnum.fromString(phaseNode.asText()); + LifecycleChoice choice = new LifecycleChoice(); + choice.setPhaseEnum(phase); + return choice; + } + + JsonNode nameNode = choiceNode.get("name"); + JsonNode descriptionNode = choiceNode.get("description"); + if (nameNode != null && descriptionNode != null) { + PhaseClass phaseClass = new PhaseClass(); + phaseClass.setName(nameNode.asText()); + phaseClass.setDescription(descriptionNode.asText()); + LifecycleChoice choice = new LifecycleChoice(); + choice.setPhaseClass(phaseClass); + return choice; + } + + return null; + } +} diff --git a/src/main/resources/bom-1.5.schema.json b/src/main/resources/bom-1.5.schema.json index 9c1d633af..2a59bf5a1 100644 --- a/src/main/resources/bom-1.5.schema.json +++ b/src/main/resources/bom-1.5.schema.json @@ -136,6 +136,56 @@ "title": "Timestamp", "description": "The date and time (timestamp) when the BOM was created." }, + "lifecycles": { + "type": "array", + "title": "Lifecycles", + "description": "", + "additionalItems": false, + "items": { + "type": "object", + "title": "Lifecycle", + "description": "The product lifecycle(s) that this BOM represents.", + "additionalProperties": false, + "oneOf": [ + { + "required": ["phase"], + "additionalProperties": false, + "properties": { + "phase": { + "type": "string", + "title": "Phase", + "description": "A pre-defined phase in the product lifecycle.\n\n* __design__ = BOM produced early in the development lifecycle containing inventory of components and services that are proposed or planned to be used. The inventory may need to be procured, retrieved, or resourced prior to use.\n* __pre-build__ = BOM consisting of information obtained prior to a build process and may contain source files and development artifacts and manifests. The inventory may need to be resolved and retrieved prior to use.\n* __build__ = BOM consisting of information obtained during a build process where component inventory is available for use. The precise versions of resolved components are usually available at this time as well as the provenance of where the components were retrieved from.\n* __post-build__ = BOM consisting of information obtained after a build process has completed and the resulting components(s) are available for further analysis. Built components may exist as the result of a CI/CD process, may have been installed or deployed to a system or device, and may need to be retrieved or extracted from the system or device.\n* __operations__ = BOM produced that represents inventory that is running and operational. This may include staging or production environments and will generally encompass multiple SBOMs describing the applications and operating system, along with HBOMs describing the hardware that makes up the system. Operations Bill of Materials (OBOM) can provide full-stack inventory of runtime environments, configurations, and additional dependencies.\n* __discovery__ = BOM consisting of information observed through network discovery providing point-in-time enumeration of embedded, on-premise, and cloud-native services such as server applications, connected devices, microservices, and serverless functions.\n* __decommission__ = BOM containing inventory that will be, or has been retired from operations.", + "enum": [ + "design", + "pre-build", + "build", + "post-build", + "operations", + "discovery", + "decommission" + ] + } + } + }, + { + "required": ["name"], + "additionalProperties": false, + "properties": { + "name": { + "type": "string", + "title": "Name", + "description": "The name of the lifecycle phase" + }, + "description": { + "type": "string", + "title": "Description", + "description": "The description of the lifecycle phase" + } + } + } + ] + } + }, "tools": { "type": "array", "title": "Creation Tools", diff --git a/src/main/resources/bom-1.5.xsd b/src/main/resources/bom-1.5.xsd index c1e221eb9..d0f0d4168 100644 --- a/src/main/resources/bom-1.5.xsd +++ b/src/main/resources/bom-1.5.xsd @@ -49,6 +49,48 @@ limitations under the License. The date and time (timestamp) when the BOM was created. + + + + The product lifecycle(s) that this BOM represents. + + + + + + + + + + + + A pre-defined phase in the product lifecycle. + + + + + + + + + The name of the lifecycle phase + + + + + + + The description of the lifecycle phase + + + + + + + + + + The tool(s) used in the creation of the BOM. @@ -113,6 +155,75 @@ limitations under the License. + + + + + + BOM produced early in the development lifecycle containing inventory of components and services + that are proposed or planned to be used. The inventory may need to be procured, retrieved, + or resourced prior to use. + + + + + + + BOM consisting of information obtained prior to a build process and may contain source files + and development artifacts and manifests. The inventory may need to be resolved and retrieved + prior to use. + + + + + + + BOM consisting of information obtained during a build process where component inventory is + available for use. The precise versions of resolved components are usually available at this + time as well as the provenance of where the components were retrieved from. + + + + + + + BOM consisting of information obtained after a build process has completed and the resulting + components(s) are available for further analysis. Built components may exist as the result of a + CI/CD process, may have been installed or deployed to a system or device, and may need to be + retrieved or extracted from the system or device. + + + + + + + BOM produced that represents inventory that is running and operational. This may include staging + or production environments and will generally encompass multiple SBOMs describing the applications + and operating system, along with HBOMs describing the hardware that makes up the system. Operations + Bill of Materials (OBOM) can provide full-stack inventory of runtime environments, configurations, + and additional dependencies. + + + + + + + BOM consisting of information observed through network discovery providing point-in-time + enumeration of embedded, on-premise, and cloud-native services such as server applications, + connected devices, microservices, and serverless functions. + + + + + + + BOM containing inventory that will be, or has been retired from operations. + + + + + + diff --git a/src/test/resources/1.5/valid-metadata-lifecycle-1.5.json b/src/test/resources/1.5/valid-metadata-lifecycle-1.5.json new file mode 100644 index 000000000..c08a076d0 --- /dev/null +++ b/src/test/resources/1.5/valid-metadata-lifecycle-1.5.json @@ -0,0 +1,21 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "metadata": { + "lifecycles": [ + { + "phase": "build" + }, + { + "phase": "post-build" + }, + { + "name": "platform-integration-testing", + "description": "Integration testing specific to the runtime platform" + } + ] + }, + "components": [] +} \ No newline at end of file diff --git a/src/test/resources/1.5/valid-metadata-lifecycle-1.5.xml b/src/test/resources/1.5/valid-metadata-lifecycle-1.5.xml new file mode 100644 index 000000000..824093e5b --- /dev/null +++ b/src/test/resources/1.5/valid-metadata-lifecycle-1.5.xml @@ -0,0 +1,18 @@ + + + + + + build + + + post-build + + + platform-integration-testing + Integration testing specific to the runtime platform + + + + + \ No newline at end of file From 0e6e3fc4aebf3e793898a41aeef4e5bf2a16f516 Mon Sep 17 00:00:00 2001 From: Alex Alzate Date: Mon, 12 Jun 2023 20:13:27 -0500 Subject: [PATCH 16/40] Update serializer Signed-off-by: Alex Alzate --- .../org/cyclonedx/model/LifecycleChoice.java | 62 ++++++++----------- .../cyclonedx/util/LifecycleDeserializer.java | 21 +++---- 2 files changed, 33 insertions(+), 50 deletions(-) diff --git a/src/main/java/org/cyclonedx/model/LifecycleChoice.java b/src/main/java/org/cyclonedx/model/LifecycleChoice.java index 7f0efe94b..70021371a 100644 --- a/src/main/java/org/cyclonedx/model/LifecycleChoice.java +++ b/src/main/java/org/cyclonedx/model/LifecycleChoice.java @@ -18,23 +18,22 @@ */ package org.cyclonedx.model; -import java.util.ArrayList; -import java.util.List; -import java.util.Objects; - import com.fasterxml.jackson.annotation.JsonCreator; -import com.fasterxml.jackson.annotation.JsonIgnoreProperties; -import com.fasterxml.jackson.annotation.JsonInclude; import com.fasterxml.jackson.annotation.JsonProperty; -import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; -import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; public class LifecycleChoice { - private PhaseClass phaseClass; - private PhaseEnum phaseEnum; + @JsonProperty("phase") + private Phase phase; + + @JsonProperty("name") + private String name; + + @JsonProperty("description") + private String description; - public enum PhaseEnum { + public enum Phase + { @JsonProperty("design") DESIGN("design"), @JsonProperty("pre-build") @@ -56,13 +55,13 @@ public String getPhaseName() { return this.name; } - PhaseEnum(String name) { + Phase(String name) { this.name = name; } @JsonCreator - public static PhaseEnum fromString(String value) { - for (PhaseEnum phase : PhaseEnum.values()) { + public static Phase fromString(String value) { + for (Phase phase : Phase.values()) { if (phase.name.equalsIgnoreCase(value)) { return phase; } @@ -94,38 +93,27 @@ public void setDescription(final String description) { } } - @JacksonXmlElementWrapper(useWrapping = false) - public PhaseClass getPhaseClass() { - return phaseClass; + public String getName() { + return name; } - public void setPhaseClass(final PhaseClass phaseClass) { - this.phaseClass = phaseClass; + public void setName(final String name) { + this.name = name; } - @JacksonXmlElementWrapper(useWrapping = false) - public PhaseEnum getPhaseEnum() { - return phaseEnum; + public String getDescription() { + return description; } - public void setPhaseEnum(final PhaseEnum phaseEnum) { - this.phaseEnum = phaseEnum; + public void setDescription(final String description) { + this.description = description; } - @Override - public boolean equals(final Object o) { - if (this == o) { - return true; - } - if (!(o instanceof LifecycleChoice)) { - return false; - } - LifecycleChoice that = (LifecycleChoice) o; - return Objects.equals(phaseClass, that.phaseClass) && phaseEnum == that.phaseEnum; + public Phase getPhase() { + return phase; } - @Override - public int hashCode() { - return Objects.hash(phaseClass, phaseEnum); + public void setPhase(final Phase phase) { + this.phase = phase; } } diff --git a/src/main/java/org/cyclonedx/util/LifecycleDeserializer.java b/src/main/java/org/cyclonedx/util/LifecycleDeserializer.java index ffe38e3ab..b06e619fa 100644 --- a/src/main/java/org/cyclonedx/util/LifecycleDeserializer.java +++ b/src/main/java/org/cyclonedx/util/LifecycleDeserializer.java @@ -27,8 +27,7 @@ import com.fasterxml.jackson.databind.JsonDeserializer; import com.fasterxml.jackson.databind.JsonNode; import org.cyclonedx.model.LifecycleChoice; -import org.cyclonedx.model.LifecycleChoice.PhaseClass; -import org.cyclonedx.model.LifecycleChoice.PhaseEnum; +import org.cyclonedx.model.LifecycleChoice.Phase; import org.cyclonedx.model.Lifecycles; public class LifecycleDeserializer @@ -39,9 +38,8 @@ public Lifecycles deserialize(JsonParser jsonParser, DeserializationContext dese JsonNode node = jsonParser.getCodec().readTree(jsonParser); List choices = new ArrayList<>(); - JsonNode lifecycleNode = node.get("lifecycles"); - if (lifecycleNode != null && lifecycleNode.isArray()) { - for (JsonNode choiceNode : lifecycleNode) { + if (node != null && node.isArray()) { + for (JsonNode choiceNode : node) { LifecycleChoice choice = createLifecycleChoice(choiceNode); if (choice != null) { choices.add(choice); @@ -55,22 +53,19 @@ public Lifecycles deserialize(JsonParser jsonParser, DeserializationContext dese } private LifecycleChoice createLifecycleChoice(JsonNode choiceNode) { + LifecycleChoice choice = new LifecycleChoice(); JsonNode phaseNode = choiceNode.get("phase"); if (phaseNode != null) { - PhaseEnum phase = PhaseEnum.fromString(phaseNode.asText()); - LifecycleChoice choice = new LifecycleChoice(); - choice.setPhaseEnum(phase); + Phase phase = Phase.fromString(phaseNode.asText()); + choice.setPhase(phase); return choice; } JsonNode nameNode = choiceNode.get("name"); JsonNode descriptionNode = choiceNode.get("description"); if (nameNode != null && descriptionNode != null) { - PhaseClass phaseClass = new PhaseClass(); - phaseClass.setName(nameNode.asText()); - phaseClass.setDescription(descriptionNode.asText()); - LifecycleChoice choice = new LifecycleChoice(); - choice.setPhaseClass(phaseClass); + choice.setName(nameNode.asText()); + choice.setDescription(descriptionNode.asText()); return choice; } From 0536c80b27defa37557911cfb93240b296114076 Mon Sep 17 00:00:00 2001 From: Alex Alzate Date: Tue, 13 Jun 2023 08:29:31 -0500 Subject: [PATCH 17/40] Update Json Schema to fix issue Signed-off-by: Alex Alzate --- src/main/resources/bom-1.5.schema.json | 1 - 1 file changed, 1 deletion(-) diff --git a/src/main/resources/bom-1.5.schema.json b/src/main/resources/bom-1.5.schema.json index 2a59bf5a1..eb1cd1e5c 100644 --- a/src/main/resources/bom-1.5.schema.json +++ b/src/main/resources/bom-1.5.schema.json @@ -145,7 +145,6 @@ "type": "object", "title": "Lifecycle", "description": "The product lifecycle(s) that this BOM represents.", - "additionalProperties": false, "oneOf": [ { "required": ["phase"], From 7884bd32d67462979d934b6979db0ea973365c3f Mon Sep 17 00:00:00 2001 From: Alex Alzate Date: Tue, 13 Jun 2023 11:42:18 -0500 Subject: [PATCH 18/40] Add serializer Signed-off-by: Alex Alzate --- .../xml/AbstractBomXmlGenerator.java | 5 ++ .../org/cyclonedx/model/LifecycleChoice.java | 33 +++------- .../java/org/cyclonedx/model/Lifecycles.java | 17 +++-- .../java/org/cyclonedx/model/Metadata.java | 6 +- .../cyclonedx/util/LifecycleDeserializer.java | 43 ++++++++++--- .../cyclonedx/util/LifecycleSerializer.java | 62 +++++++++++++++++++ .../org/cyclonedx/parsers/JsonParserTest.java | 25 +++++++- .../org/cyclonedx/parsers/XmlParserTest.java | 25 +++++++- src/test/resources/bom-1.5.json | 9 +++ src/test/resources/bom-1.5.xml | 9 +++ 10 files changed, 189 insertions(+), 45 deletions(-) create mode 100644 src/main/java/org/cyclonedx/util/LifecycleSerializer.java diff --git a/src/main/java/org/cyclonedx/generators/xml/AbstractBomXmlGenerator.java b/src/main/java/org/cyclonedx/generators/xml/AbstractBomXmlGenerator.java index 855e83734..8321100d1 100644 --- a/src/main/java/org/cyclonedx/generators/xml/AbstractBomXmlGenerator.java +++ b/src/main/java/org/cyclonedx/generators/xml/AbstractBomXmlGenerator.java @@ -28,6 +28,7 @@ import org.cyclonedx.exception.GeneratorException; import org.cyclonedx.model.Bom; import org.cyclonedx.util.serializer.DependencySerializer; +import org.cyclonedx.util.LifecycleSerializer; import org.cyclonedx.util.VersionXmlAnnotationIntrospector; import org.w3c.dom.Document; import org.xml.sax.InputSource; @@ -69,6 +70,10 @@ private void setupObjectMapper(final ObjectMapper mapper) { boolean useNamespace = this.getSchemaVersion().getVersion() == 1.1; registerDependencyModule(mapper, useNamespace); } + + SimpleModule lifecycleModule = new SimpleModule(); + lifecycleModule.addSerializer(new LifecycleSerializer(true)); + mapper.registerModule(lifecycleModule); } private void registerDependencyModule(final ObjectMapper mapper, final boolean useNamespace) { diff --git a/src/main/java/org/cyclonedx/model/LifecycleChoice.java b/src/main/java/org/cyclonedx/model/LifecycleChoice.java index 70021371a..60a24749f 100644 --- a/src/main/java/org/cyclonedx/model/LifecycleChoice.java +++ b/src/main/java/org/cyclonedx/model/LifecycleChoice.java @@ -19,17 +19,27 @@ package org.cyclonedx.model; import com.fasterxml.jackson.annotation.JsonCreator; +import com.fasterxml.jackson.annotation.JsonInclude; import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlElement; +@JsonInclude(JsonInclude.Include.NON_EMPTY) +@XmlAccessorType(XmlAccessType.FIELD) public class LifecycleChoice { @JsonProperty("phase") + @JacksonXmlProperty(localName = "phase") private Phase phase; @JsonProperty("name") + @JacksonXmlProperty(localName = "phase") private String name; @JsonProperty("description") + @JacksonXmlProperty(localName = "phase") private String description; public enum Phase @@ -70,29 +80,6 @@ public static Phase fromString(String value) { } } - public static class PhaseClass { - - private String name; - - private String description; - - public String getName() { - return name; - } - - public String getDescription() { - return description; - } - - public void setName(final String name) { - this.name = name; - } - - public void setDescription(final String description) { - this.description = description; - } - } - public String getName() { return name; } diff --git a/src/main/java/org/cyclonedx/model/Lifecycles.java b/src/main/java/org/cyclonedx/model/Lifecycles.java index 114985c20..296b66bc9 100644 --- a/src/main/java/org/cyclonedx/model/Lifecycles.java +++ b/src/main/java/org/cyclonedx/model/Lifecycles.java @@ -21,17 +21,24 @@ import java.util.List; import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlAccessorType; @JsonInclude(JsonInclude.Include.NON_EMPTY) +@XmlAccessorType(XmlAccessType.FIELD) public class Lifecycles { - private List lifecycles; + @JacksonXmlProperty(localName = "lifecycle") + private List lifecycleChoice; - public List getLifecycles() { - return lifecycles; + public List getLifecycleChoice() { + return lifecycleChoice; } - public void setLifecycles(final List lifecycles) { - this.lifecycles = lifecycles; + public void setLifecycleChoice(final List lifecycleChoice) { + this.lifecycleChoice = lifecycleChoice; } } diff --git a/src/main/java/org/cyclonedx/model/Metadata.java b/src/main/java/org/cyclonedx/model/Metadata.java index 0a2f3233b..0af1fe9c1 100644 --- a/src/main/java/org/cyclonedx/model/Metadata.java +++ b/src/main/java/org/cyclonedx/model/Metadata.java @@ -34,6 +34,7 @@ import java.util.List; import java.util.Objects; import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlElementWrapper; @JsonIgnoreProperties(ignoreUnknown = true) @JsonInclude(JsonInclude.Include.NON_EMPTY) @@ -49,11 +50,10 @@ public class Metadata private Date timestamp = new Date(); @VersionFilter(versions = {"1.0", "1.1", "1.2", "1.3", "1.4"}) - @JacksonXmlProperty(localName = "lifecycles") @JsonProperty("lifecycles") @JsonDeserialize(using = LifecycleDeserializer.class) - @JacksonXmlElementWrapper(useWrapping = false) - @XmlElement(name = "lifecycles") + @XmlElementWrapper(name = "lifecycles") + @XmlElement(name = "lifecycle") private Lifecycles lifecycles; @VersionFilter(versions = {"1.0", "1.1"}) diff --git a/src/main/java/org/cyclonedx/util/LifecycleDeserializer.java b/src/main/java/org/cyclonedx/util/LifecycleDeserializer.java index b06e619fa..63441b046 100644 --- a/src/main/java/org/cyclonedx/util/LifecycleDeserializer.java +++ b/src/main/java/org/cyclonedx/util/LifecycleDeserializer.java @@ -26,6 +26,7 @@ import com.fasterxml.jackson.databind.DeserializationContext; import com.fasterxml.jackson.databind.JsonDeserializer; import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.dataformat.xml.deser.FromXmlParser; import org.cyclonedx.model.LifecycleChoice; import org.cyclonedx.model.LifecycleChoice.Phase; import org.cyclonedx.model.Lifecycles; @@ -34,21 +35,47 @@ public class LifecycleDeserializer extends JsonDeserializer { @Override - public Lifecycles deserialize(JsonParser jsonParser, DeserializationContext deserializationContext) throws IOException { + public Lifecycles deserialize(JsonParser jsonParser, DeserializationContext deserializationContext) + throws IOException + { JsonNode node = jsonParser.getCodec().readTree(jsonParser); - List choices = new ArrayList<>(); - if (node != null && node.isArray()) { - for (JsonNode choiceNode : node) { - LifecycleChoice choice = createLifecycleChoice(choiceNode); - if (choice != null) { - choices.add(choice); + + if (jsonParser instanceof FromXmlParser) { + JsonNode lifecycleNode = node.get("lifecycle"); + + if (lifecycleNode != null) { + // If it's an array of lifecycle + if (lifecycleNode.isArray()) { + for (JsonNode choiceNode : lifecycleNode) { + LifecycleChoice choice = createLifecycleChoice(choiceNode); + if (choice != null) { + choices.add(choice); + } + } + } + // If it's a single lifecycle + else { + LifecycleChoice choice = createLifecycleChoice(lifecycleNode); + if (choice != null) { + choices.add(choice); + } + } + } + } + else { + if (node != null && node.isArray()) { + for (JsonNode choiceNode : node) { + LifecycleChoice choice = createLifecycleChoice(choiceNode); + if (choice != null) { + choices.add(choice); + } } } } Lifecycles lifecycles = new Lifecycles(); - lifecycles.setLifecycles(choices); + lifecycles.setLifecycleChoice(choices); return lifecycles; } diff --git a/src/main/java/org/cyclonedx/util/LifecycleSerializer.java b/src/main/java/org/cyclonedx/util/LifecycleSerializer.java new file mode 100644 index 000000000..44929e852 --- /dev/null +++ b/src/main/java/org/cyclonedx/util/LifecycleSerializer.java @@ -0,0 +1,62 @@ +package org.cyclonedx.util; + +import com.fasterxml.jackson.core.JsonGenerator; +import com.fasterxml.jackson.databind.SerializerProvider; +import com.fasterxml.jackson.databind.ser.std.StdSerializer; +import com.fasterxml.jackson.dataformat.xml.ser.ToXmlGenerator; +import org.cyclonedx.model.LifecycleChoice; +import org.cyclonedx.model.Lifecycles; + +import java.io.IOException; +import java.util.List; + +public class LifecycleSerializer + extends StdSerializer +{ + private final boolean isXml; + + public LifecycleSerializer(boolean isXml) { + this(null, isXml); + } + + public LifecycleSerializer(Class t, boolean isXml) { + super(t); + this.isXml = isXml; + } + + @Override + public void serialize(Lifecycles lifecycles, JsonGenerator jsonGenerator, SerializerProvider serializerProvider) + throws IOException { + if (isXml && jsonGenerator instanceof ToXmlGenerator) { + ToXmlGenerator xmlGenerator = (ToXmlGenerator) jsonGenerator; + xmlGenerator.writeStartObject(); + xmlGenerator.writeFieldName("lifecycle"); + xmlGenerator.writeStartArray(); + createLifecycleChoice(lifecycles, xmlGenerator); + xmlGenerator.writeEndArray(); + xmlGenerator.writeEndObject(); + } else { + jsonGenerator.writeObjectField("lifecycles", lifecycles.getLifecycleChoice()); + } + } + + private void createLifecycleChoice(final Lifecycles lifecycles, final JsonGenerator jsonGenerator) + throws IOException { + List lifecycleChoices = lifecycles.getLifecycleChoice(); + for (LifecycleChoice choice : lifecycleChoices) { + jsonGenerator.writeStartObject(); + if (choice.getPhase() != null) { + jsonGenerator.writeStringField("phase", choice.getPhase().getPhaseName()); + } else { + jsonGenerator.writeStringField("name", choice.getName()); + jsonGenerator.writeStringField("description", choice.getDescription()); + } + jsonGenerator.writeEndObject(); + } + } + + @Override + public Class handledType() { + return Lifecycles.class; + } +} diff --git a/src/test/java/org/cyclonedx/parsers/JsonParserTest.java b/src/test/java/org/cyclonedx/parsers/JsonParserTest.java index 168cac751..8e5cac935 100644 --- a/src/test/java/org/cyclonedx/parsers/JsonParserTest.java +++ b/src/test/java/org/cyclonedx/parsers/JsonParserTest.java @@ -28,6 +28,8 @@ import org.cyclonedx.model.License; import org.cyclonedx.model.LicenseChoice; import org.cyclonedx.model.Licensing; +import org.cyclonedx.model.LifecycleChoice; +import org.cyclonedx.model.LifecycleChoice.Phase; import org.cyclonedx.model.Metadata; import org.cyclonedx.model.OrganizationalContact; import org.cyclonedx.model.OrganizationalEntity; @@ -337,7 +339,7 @@ public void testParsedObjects14Bom() throws Exception { assertEquals("1.4", bom.getSpecVersion()); assertEquals(1, bom.getVersion()); - assertMetadata(bom.getMetadata()); + assertMetadata(bom.getMetadata(), Version.VERSION_14); assertComponent(bom, Version.VERSION_14); assertServices(bom); assertVulnerabilities(bom, Version.VERSION_14); @@ -361,7 +363,7 @@ public void testParsedObjects15Bom() throws Exception { assertEquals("1.5", bom.getSpecVersion()); assertEquals(1, bom.getVersion()); - assertMetadata(bom.getMetadata()); + assertMetadata(bom.getMetadata(), Version.VERSION_15); assertComponent(bom, Version.VERSION_15); assertServices(bom); assertVulnerabilities(bom, Version.VERSION_15); @@ -624,10 +626,27 @@ private void assertPurchaser(OrganizationalChoice purchaser) { assertEquals(purchaser.getIndividual().getPhone(), "800-555-1212"); } - private void assertMetadata(final Metadata metadata) { + private void assertMetadata(final Metadata metadata, final Version version) { assertNotNull(metadata); assertNotNull(metadata.getTimestamp()); + //Lifecycles + if(version == Version.VERSION_15) { + assertNotNull(metadata.getLifecycles()); + assertEquals(2, metadata.getLifecycles().getLifecycleChoice().size()); + LifecycleChoice firstChoice = metadata.getLifecycles().getLifecycleChoice().get(0); + assertEquals(Phase.BUILD.getPhaseName(), firstChoice.getPhase().getPhaseName()); + assertNull(firstChoice.getName()); + assertNull(firstChoice.getDescription()); + + LifecycleChoice secondChoice = metadata.getLifecycles().getLifecycleChoice().get(1); + assertEquals("platform-integration-testing", secondChoice.getName()); + assertNotNull(secondChoice.getDescription()); + assertNull(secondChoice.getPhase()); + } else { + assertNull(metadata.getLifecycles()); + } + //Tool assertEquals(1, metadata.getTools().size()); assertEquals("Awesome Vendor", metadata.getTools().get(0).getVendor()); diff --git a/src/test/java/org/cyclonedx/parsers/XmlParserTest.java b/src/test/java/org/cyclonedx/parsers/XmlParserTest.java index 7a74cf029..eed1f6a28 100644 --- a/src/test/java/org/cyclonedx/parsers/XmlParserTest.java +++ b/src/test/java/org/cyclonedx/parsers/XmlParserTest.java @@ -28,6 +28,8 @@ import org.cyclonedx.model.License; import org.cyclonedx.model.LicenseChoice; import org.cyclonedx.model.Licensing; +import org.cyclonedx.model.LifecycleChoice; +import org.cyclonedx.model.LifecycleChoice.Phase; import org.cyclonedx.model.Metadata; import org.cyclonedx.model.OrganizationalContact; import org.cyclonedx.model.OrganizationalEntity; @@ -462,7 +464,7 @@ public void testParsedObjects14Bom() throws Exception { assertEquals("1.4", bom.getSpecVersion()); assertEquals(1, bom.getVersion()); - assertMetadata(bom.getMetadata()); + assertMetadata(bom.getMetadata(), Version.VERSION_14); assertComponent(bom, Version.VERSION_14); assertServices(bom); assertVulnerabilities(bom, Version.VERSION_14); @@ -486,7 +488,7 @@ public void testParsedObjects15Bom() throws Exception { assertEquals("1.5", bom.getSpecVersion()); assertEquals(1, bom.getVersion()); - assertMetadata(bom.getMetadata()); + assertMetadata(bom.getMetadata(), Version.VERSION_15); assertComponent(bom, Version.VERSION_15); assertServices(bom); assertVulnerabilities(bom, Version.VERSION_15); @@ -759,10 +761,27 @@ private void assertPurchaser(OrganizationalChoice purchaser) { assertEquals(purchaser.getIndividual().getPhone(), "800-555-1212"); } - private void assertMetadata(final Metadata metadata) { + private void assertMetadata(final Metadata metadata, final Version version) { assertNotNull(metadata); assertNotNull(metadata.getTimestamp()); + //Lifecycles + if(version == Version.VERSION_15) { + assertNotNull(metadata.getLifecycles()); + assertEquals(2, metadata.getLifecycles().getLifecycleChoice().size()); + LifecycleChoice firstChoice = metadata.getLifecycles().getLifecycleChoice().get(0); + assertEquals(Phase.BUILD.getPhaseName(), firstChoice.getPhase().getPhaseName()); + assertNull(firstChoice.getName()); + assertNull(firstChoice.getDescription()); + + LifecycleChoice secondChoice = metadata.getLifecycles().getLifecycleChoice().get(1); + assertEquals("platform-integration-testing", secondChoice.getName()); + assertNotNull(secondChoice.getDescription()); + assertNull(secondChoice.getPhase()); + } else { + assertNull(metadata.getLifecycles()); + } + //Tool assertEquals(1, metadata.getTools().size()); assertEquals("Awesome Vendor", metadata.getTools().get(0).getVendor()); diff --git a/src/test/resources/bom-1.5.json b/src/test/resources/bom-1.5.json index d28f1ebea..54f751382 100644 --- a/src/test/resources/bom-1.5.json +++ b/src/test/resources/bom-1.5.json @@ -5,6 +5,15 @@ "version": 1, "metadata": { "timestamp": "2020-04-07T07:01:00Z", + "lifecycles": [ + { + "phase": "build" + }, + { + "name": "platform-integration-testing", + "description": "Integration testing specific to the runtime platform" + } + ], "tools": [ { "vendor": "Awesome Vendor", diff --git a/src/test/resources/bom-1.5.xml b/src/test/resources/bom-1.5.xml index e7da31b9d..e0958ed75 100644 --- a/src/test/resources/bom-1.5.xml +++ b/src/test/resources/bom-1.5.xml @@ -2,6 +2,15 @@ 2020-04-07T07:01:00Z + + + build + + + platform-integration-testing + Integration testing specific to the runtime platform + + Awesome Vendor From fb6d81609cddcbd44790d728c940e8a6b07b94d6 Mon Sep 17 00:00:00 2001 From: Alex Alzate Date: Tue, 13 Jun 2023 11:54:43 -0500 Subject: [PATCH 19/40] Fix serialization Signed-off-by: Alex Alzate --- .../cyclonedx/generators/json/AbstractBomJsonGenerator.java | 6 +++++- src/main/java/org/cyclonedx/model/LifecycleChoice.java | 1 - src/main/java/org/cyclonedx/model/Lifecycles.java | 2 -- src/main/java/org/cyclonedx/util/LifecycleSerializer.java | 4 +++- 4 files changed, 8 insertions(+), 5 deletions(-) diff --git a/src/main/java/org/cyclonedx/generators/json/AbstractBomJsonGenerator.java b/src/main/java/org/cyclonedx/generators/json/AbstractBomJsonGenerator.java index 5dc498214..1bd475843 100644 --- a/src/main/java/org/cyclonedx/generators/json/AbstractBomJsonGenerator.java +++ b/src/main/java/org/cyclonedx/generators/json/AbstractBomJsonGenerator.java @@ -27,6 +27,7 @@ import org.cyclonedx.util.serializer.ComponentWrapperSerializer; import org.cyclonedx.util.serializer.LicenseChoiceSerializer; import org.cyclonedx.util.serializer.TrimStringSerializer; +import org.cyclonedx.util.LifecycleSerializer; import org.cyclonedx.util.VersionJsonAnnotationIntrospector; import org.cyclonedx.util.serializer.DependencySerializer; import com.fasterxml.jackson.core.JsonProcessingException; @@ -72,9 +73,12 @@ private void setupObjectMapper(final ObjectMapper mapper) { mapper.registerModule(stringModule); licenseModule.addSerializer(new LicenseChoiceSerializer()); - mapper.registerModule(licenseModule); + SimpleModule lifecycleModule = new SimpleModule(); + lifecycleModule.addSerializer(new LifecycleSerializer(false)); + mapper.registerModule(lifecycleModule); + depModule.addSerializer(new DependencySerializer(false)); mapper.registerModule(depModule); diff --git a/src/main/java/org/cyclonedx/model/LifecycleChoice.java b/src/main/java/org/cyclonedx/model/LifecycleChoice.java index 60a24749f..9198f61e9 100644 --- a/src/main/java/org/cyclonedx/model/LifecycleChoice.java +++ b/src/main/java/org/cyclonedx/model/LifecycleChoice.java @@ -24,7 +24,6 @@ import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; import javax.xml.bind.annotation.XmlAccessType; import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlElement; @JsonInclude(JsonInclude.Include.NON_EMPTY) @XmlAccessorType(XmlAccessType.FIELD) diff --git a/src/main/java/org/cyclonedx/model/Lifecycles.java b/src/main/java/org/cyclonedx/model/Lifecycles.java index 296b66bc9..6c98d966a 100644 --- a/src/main/java/org/cyclonedx/model/Lifecycles.java +++ b/src/main/java/org/cyclonedx/model/Lifecycles.java @@ -21,10 +21,8 @@ import java.util.List; import com.fasterxml.jackson.annotation.JsonInclude; -import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlElement; import javax.xml.bind.annotation.XmlAccessorType; @JsonInclude(JsonInclude.Include.NON_EMPTY) diff --git a/src/main/java/org/cyclonedx/util/LifecycleSerializer.java b/src/main/java/org/cyclonedx/util/LifecycleSerializer.java index 44929e852..7438e9b2e 100644 --- a/src/main/java/org/cyclonedx/util/LifecycleSerializer.java +++ b/src/main/java/org/cyclonedx/util/LifecycleSerializer.java @@ -36,7 +36,9 @@ public void serialize(Lifecycles lifecycles, JsonGenerator jsonGenerator, Serial xmlGenerator.writeEndArray(); xmlGenerator.writeEndObject(); } else { - jsonGenerator.writeObjectField("lifecycles", lifecycles.getLifecycleChoice()); + jsonGenerator.writeStartArray(); + createLifecycleChoice(lifecycles, jsonGenerator); + jsonGenerator.writeEndArray(); } } From c84cf23aeda8217858c17e851264e1ecf07cd3d6 Mon Sep 17 00:00:00 2001 From: Jeffry Hesse <5544326+DarthHater@users.noreply.github.com> Date: Thu, 2 Feb 2023 10:31:15 -0900 Subject: [PATCH 20/40] ANNOTATIONS Signed-off-by: Jeffry Hesse <5544326+DarthHater@users.noreply.github.com> Signed-off-by: Alex Alzate --- .../java/org/cyclonedx/model/Annotation.java | 122 ++++++++++++++++++ .../java/org/cyclonedx/model/Annotator.java | 69 ++++++++++ src/main/java/org/cyclonedx/model/Bom.java | 14 ++ 3 files changed, 205 insertions(+) create mode 100644 src/main/java/org/cyclonedx/model/Annotation.java create mode 100644 src/main/java/org/cyclonedx/model/Annotator.java diff --git a/src/main/java/org/cyclonedx/model/Annotation.java b/src/main/java/org/cyclonedx/model/Annotation.java new file mode 100644 index 000000000..c319ef94c --- /dev/null +++ b/src/main/java/org/cyclonedx/model/Annotation.java @@ -0,0 +1,122 @@ +/* + * This file is part of CycloneDX Core (Java). + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * Copyright (c) OWASP Foundation. All Rights Reserved. + */ +package org.cyclonedx.model; + +import java.util.Date; +import java.util.List; +import java.util.Objects; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.annotation.JsonPropertyOrder; +import com.fasterxml.jackson.databind.annotation.JsonSerialize; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlRootElement; +import org.cyclonedx.util.CustomDateSerializer; + +@JacksonXmlRootElement(localName = "annotations") +@JsonIgnoreProperties(ignoreUnknown = true) +@JsonInclude(JsonInclude.Include.NON_EMPTY) +@JsonPropertyOrder( + {"bom-ref", + "subjects", + "annotator", + "timestamp", + "text", + "signature" + }) +public class Annotation extends ExtensibleElement +{ + @JacksonXmlProperty(isAttribute = true, localName = "bom-ref") + @JsonProperty("bom-ref") + private String bomRef; + + private List subjects; + + private Annotator annotator; + + @JsonSerialize(using = CustomDateSerializer.class) + private Date timestamp = new Date(); + + private String text; + + private Signature signature; + + public String getBomRef() { + return bomRef; + } + + public void setBomRef(final String bomRef) { + this.bomRef = bomRef; + } + + public List getSubjects() { + return subjects; + } + + public void setSubjects(final List subjects) { + this.subjects = subjects; + } + + public Annotator getAnnotator() { + return annotator; + } + + public void setAnnotator(final Annotator annotator) { + this.annotator = annotator; + } + + public Date getTimestamp() { + return timestamp; + } + + public void setTimestamp(final Date timestamp) { + this.timestamp = timestamp; + } + + public String getText() { + return text; + } + + public void setText(final String text) { + this.text = text; + } + + public Signature getSignature() { + return signature; + } + + public void setSignature(final Signature signature) { + this.signature = signature; + } + + @Override + public boolean equals(Object o) { + if (this == o) return true; + if (!(o instanceof Annotation)) return false; + Annotation that = (Annotation) o; + return Objects.equals(bomRef, that.bomRef); + } + + @Override + public int hashCode() { + return Objects.hash(bomRef); + } +} diff --git a/src/main/java/org/cyclonedx/model/Annotator.java b/src/main/java/org/cyclonedx/model/Annotator.java new file mode 100644 index 000000000..5cabba675 --- /dev/null +++ b/src/main/java/org/cyclonedx/model/Annotator.java @@ -0,0 +1,69 @@ +/* + * This file is part of CycloneDX Core (Java). + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * Copyright (c) OWASP Foundation. All Rights Reserved. + */ +package org.cyclonedx.model; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonPropertyOrder; + +@JsonIgnoreProperties(ignoreUnknown = true) +@JsonInclude(JsonInclude.Include.NON_NULL) +@JsonPropertyOrder({"organization", "individual", "component", "service"}) +public class Annotator extends ExtensibleElement +{ + private OrganizationalEntity organization; + + private OrganizationalContact individual; + + private Component component; + + private Service service; + + public OrganizationalEntity getOrganization() { + return organization; + } + + public void setOrganization(final OrganizationalEntity organization) { + this.organization = organization; + } + + public OrganizationalContact getIndividual() { + return individual; + } + + public void setIndividual(final OrganizationalContact individual) { + this.individual = individual; + } + + public Component getComponent() { + return component; + } + + public void setComponent(final Component component) { + this.component = component; + } + + public Service getService() { + return service; + } + + public void setService(final Service service) { + this.service = service; + } +} diff --git a/src/main/java/org/cyclonedx/model/Bom.java b/src/main/java/org/cyclonedx/model/Bom.java index e37fc8f59..c574af637 100644 --- a/src/main/java/org/cyclonedx/model/Bom.java +++ b/src/main/java/org/cyclonedx/model/Bom.java @@ -50,6 +50,7 @@ "compositions", "properties", "vulnerabilities", + "annotations", "signature" }) public class Bom extends ExtensibleElement { @@ -79,6 +80,9 @@ public class Bom extends ExtensibleElement { @JsonDeserialize(using = VulnerabilityDeserializer.class) private List vulnerabilities; + @VersionFilter(versions = {"1.0", "1.1", "1.2", "1.3", "1.4"}) + private List annotations; + @VersionFilter(versions = {"1.0", "1.1", "1.2"}) private List properties; @@ -188,6 +192,16 @@ public void setCompositions(List compositions) { public void setVulnerabilities(List vulnerabilities) { this.vulnerabilities = vulnerabilities; } + @JacksonXmlElementWrapper(localName = "annotations") + @JacksonXmlProperty(localName = "annotation") + public List getAnnotations() { + return annotations; + } + + public void setAnnotations(List annotations) { + this.annotations = annotations; + } + @JacksonXmlElementWrapper(localName = "properties") @JacksonXmlProperty(localName = "property") public List getProperties() { From 8cb5e88846b52e94c03bfa6f03d534b9ab3f3641 Mon Sep 17 00:00:00 2001 From: Alex Alzate Date: Thu, 2 Mar 2023 10:45:12 -0500 Subject: [PATCH 21/40] add missing data Signed-off-by: Alex Alzate --- src/main/resources/bom-1.5.proto | 30 +++++++++++++++++++++++++++++- 1 file changed, 29 insertions(+), 1 deletion(-) diff --git a/src/main/resources/bom-1.5.proto b/src/main/resources/bom-1.5.proto index acf137ba8..d041acad8 100644 --- a/src/main/resources/bom-1.5.proto +++ b/src/main/resources/bom-1.5.proto @@ -33,8 +33,10 @@ message Bom { repeated Composition compositions = 9; // Vulnerabilities identified in components or services. repeated Vulnerability vulnerabilities = 10; + // Comments made by people, organizations, or tools about any object with a bom-ref, such as components, services, vulnerabilities, or the BOM itself. Unlike inventory information, annotations may contain opinion or commentary from various stakeholders. + repeated Annotation annotations = 11; // Specifies optional, custom, properties - repeated Property properties = 11; + repeated Property properties = 12; } enum Classification { @@ -720,4 +722,30 @@ enum VulnerabilityAffectedStatus { VULNERABILITY_AFFECTED_STATUS_UNKNOWN = 0; VULNERABILITY_AFFECTED_STATUS_AFFECTED = 1; VULNERABILITY_AFFECTED_STATUS_NOT_AFFECTED = 2; +} + +message AnnotatorChoice { + oneof choice { + // The organization that created the annotation + OrganizationalEntity organization = 1; + // The person that created the annotation + OrganizationalContact individual = 2; + // The tool or component that created the annotation + Component component = 3; + // The service that created the annotation + Service service = 4; + } +} + +message Annotation { + // An optional identifier which can be used to reference the annotation elsewhere in the BOM. Every bom-ref MUST be unique within the BOM. + optional string bom_ref = 1; + // The object in the BOM identified by its bom-ref. This is often a component or service, but may be any object type supporting bom-refs. + repeated string subjects = 2; + // The organization, person, component, or service which created the textual content of the annotation. + AnnotatorChoice annotator = 3; + // The date and time (timestamp) when the annotation was created. + google.protobuf.Timestamp timestamp = 4; + // The textual content of the annotation. + string text = 5; } \ No newline at end of file From 77266dbaf37ec5462173b17d8b078e8146a18ff1 Mon Sep 17 00:00:00 2001 From: Alex Alzate Date: Thu, 2 Mar 2023 19:30:37 -0500 Subject: [PATCH 22/40] Add missing testing --- .../java/org/cyclonedx/model/Annotation.java | 11 +- .../java/org/cyclonedx/model/Annotator.java | 50 ++++-- src/main/java/org/cyclonedx/model/Bom.java | 4 +- .../org/cyclonedx/parsers/JsonParserTest.java | 40 +++++ .../org/cyclonedx/parsers/XmlParserTest.java | 39 +++++ .../resources/1.5/valid-annonation-1.5.xml | 87 +++++++++++ .../resources/1.5/valid-annotation-1.5.json | 102 +++++++++++++ src/test/resources/bom-1.5.json | 144 ++++++++++-------- src/test/resources/bom-1.5.xml | 19 +++ 9 files changed, 422 insertions(+), 74 deletions(-) create mode 100644 src/test/resources/1.5/valid-annonation-1.5.xml create mode 100644 src/test/resources/1.5/valid-annotation-1.5.json diff --git a/src/main/java/org/cyclonedx/model/Annotation.java b/src/main/java/org/cyclonedx/model/Annotation.java index c319ef94c..1f403e912 100644 --- a/src/main/java/org/cyclonedx/model/Annotation.java +++ b/src/main/java/org/cyclonedx/model/Annotation.java @@ -27,6 +27,7 @@ import com.fasterxml.jackson.annotation.JsonProperty; import com.fasterxml.jackson.annotation.JsonPropertyOrder; import com.fasterxml.jackson.databind.annotation.JsonSerialize; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlRootElement; import org.cyclonedx.util.CustomDateSerializer; @@ -48,12 +49,12 @@ public class Annotation extends ExtensibleElement @JsonProperty("bom-ref") private String bomRef; - private List subjects; + private List subjects; private Annotator annotator; @JsonSerialize(using = CustomDateSerializer.class) - private Date timestamp = new Date(); + private Date timestamp; private String text; @@ -67,11 +68,13 @@ public void setBomRef(final String bomRef) { this.bomRef = bomRef; } - public List getSubjects() { + @JacksonXmlElementWrapper(localName = "subjects") + @JacksonXmlProperty(localName = "subject") + public List getSubjects() { return subjects; } - public void setSubjects(final List subjects) { + public void setSubjects(final List subjects) { this.subjects = subjects; } diff --git a/src/main/java/org/cyclonedx/model/Annotator.java b/src/main/java/org/cyclonedx/model/Annotator.java index 5cabba675..fe9899183 100644 --- a/src/main/java/org/cyclonedx/model/Annotator.java +++ b/src/main/java/org/cyclonedx/model/Annotator.java @@ -18,12 +18,14 @@ */ package org.cyclonedx.model; +import java.util.Objects; + import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonInclude; import com.fasterxml.jackson.annotation.JsonPropertyOrder; @JsonIgnoreProperties(ignoreUnknown = true) -@JsonInclude(JsonInclude.Include.NON_NULL) +@JsonInclude(JsonInclude.Include.NON_EMPTY) @JsonPropertyOrder({"organization", "individual", "component", "service"}) public class Annotator extends ExtensibleElement { @@ -35,20 +37,26 @@ public class Annotator extends ExtensibleElement private Service service; - public OrganizationalEntity getOrganization() { - return organization; - } - - public void setOrganization(final OrganizationalEntity organization) { - this.organization = organization; - } - public OrganizationalContact getIndividual() { return individual; } public void setIndividual(final OrganizationalContact individual) { this.individual = individual; + this.organization = null; + this.component = null; + this.service = null; + } + + public OrganizationalEntity getOrganization() { + return organization; + } + + public void setOrganization(final OrganizationalEntity organization) { + this.organization = organization; + this.component = null; + this.service = null; + this.individual = null; } public Component getComponent() { @@ -57,6 +65,9 @@ public Component getComponent() { public void setComponent(final Component component) { this.component = component; + this.organization = null; + this.service = null; + this.individual = null; } public Service getService() { @@ -65,5 +76,26 @@ public Service getService() { public void setService(final Service service) { this.service = service; + this.organization = null; + this.component = null; + this.individual = null; + } + + @Override + public boolean equals(final Object o) { + if (this == o) { + return true; + } + if (!(o instanceof Annotator)) { + return false; + } + Annotator that = (Annotator) o; + return individual.equals(that.individual) && organization.equals(that.organization) && + component.equals(that.component) && service.equals(that.service); + } + + @Override + public int hashCode() { + return Objects.hash(individual, organization, component, service); } } diff --git a/src/main/java/org/cyclonedx/model/Bom.java b/src/main/java/org/cyclonedx/model/Bom.java index c574af637..56be1b74f 100644 --- a/src/main/java/org/cyclonedx/model/Bom.java +++ b/src/main/java/org/cyclonedx/model/Bom.java @@ -273,6 +273,7 @@ public boolean equals(Object o) { Objects.equals(externalReferences, bom.externalReferences) && Objects.equals(compositions, bom.compositions) && Objects.equals(vulnerabilities, bom.vulnerabilities) && + Objects.equals(annotations, bom.annotations) && Objects.equals(properties, bom.properties) && Objects.equals(serialNumber, bom.serialNumber) && Objects.equals(specVersion, bom.specVersion); @@ -280,6 +281,7 @@ public boolean equals(Object o) { @Override public int hashCode() { - return Objects.hash(metadata, components, dependencies, externalReferences, compositions, vulnerabilities, properties, version, serialNumber, specVersion); + return Objects.hash(metadata, components, dependencies, externalReferences, compositions, vulnerabilities, + annotations, properties, version, serialNumber, specVersion); } } diff --git a/src/test/java/org/cyclonedx/parsers/JsonParserTest.java b/src/test/java/org/cyclonedx/parsers/JsonParserTest.java index 8e5cac935..963f84521 100644 --- a/src/test/java/org/cyclonedx/parsers/JsonParserTest.java +++ b/src/test/java/org/cyclonedx/parsers/JsonParserTest.java @@ -21,6 +21,8 @@ import org.apache.commons.io.IOUtils; import org.cyclonedx.CycloneDxSchema; import org.cyclonedx.CycloneDxSchema.Version; +import org.cyclonedx.model.Annotation; +import org.cyclonedx.model.Annotator; import org.cyclonedx.model.Bom; import org.cyclonedx.model.Component; import org.cyclonedx.model.Dependency; @@ -352,6 +354,9 @@ public void testParsedObjects14Bom() throws Exception { //Assert Bom Properties assertNull(bom.getProperties()); + + //Assert Annotations + assertAnnotations(bom, Version.VERSION_14); } @Test @@ -376,6 +381,41 @@ public void testParsedObjects15Bom() throws Exception { //Assert Bom Properties assertEquals(bom.getProperties().size(), 1); + + //Assert Annotations + assertAnnotations(bom, Version.VERSION_15); + } + + + private void assertAnnotations(final Bom bom, final Version version) { + + if(version== Version.VERSION_15) { + List annotations = bom.getAnnotations(); + + assertEquals(annotations.size(), 1); + + Annotation annotation = annotations.get(0); + assertNotNull(annotation.getBomRef()); + assertNotNull(annotation.getText()); + assertNotNull(annotation.getTimestamp()); + + assertEquals(annotation.getSubjects().size(), 1); + assertAnnotator(annotation.getAnnotator()); + } else { + assertNull(bom.getAnnotations()); + } + } + + private void assertAnnotator(final Annotator annotator) { + assertNotNull(annotator); + assertNull(annotator.getIndividual()); + assertNull(annotator.getComponent()); + assertNull(annotator.getService()); + + assertNotNull(annotator.getOrganization()); + assertEquals(annotator.getOrganization().getName(), "Acme, Inc."); + assertEquals(annotator.getOrganization().getContacts().size(), 1); + assertEquals(annotator.getOrganization().getUrls().size(), 1); } private void assertVulnerabilities(final Bom bom, final Version version) { diff --git a/src/test/java/org/cyclonedx/parsers/XmlParserTest.java b/src/test/java/org/cyclonedx/parsers/XmlParserTest.java index eed1f6a28..50ee05526 100644 --- a/src/test/java/org/cyclonedx/parsers/XmlParserTest.java +++ b/src/test/java/org/cyclonedx/parsers/XmlParserTest.java @@ -21,6 +21,8 @@ import org.apache.commons.io.IOUtils; import org.cyclonedx.CycloneDxSchema; import org.cyclonedx.CycloneDxSchema.Version; +import org.cyclonedx.model.Annotation; +import org.cyclonedx.model.Annotator; import org.cyclonedx.model.Bom; import org.cyclonedx.model.Component; import org.cyclonedx.model.Dependency; @@ -477,6 +479,9 @@ public void testParsedObjects14Bom() throws Exception { //Assert Bom Properties assertNull(bom.getProperties()); + + //Assert Annotations + assertAnnotations(bom, Version.VERSION_14); } @Test @@ -501,6 +506,40 @@ public void testParsedObjects15Bom() throws Exception { //Assert Bom Properties assertEquals(bom.getProperties().size(), 1); + + //Assert Annotations + assertAnnotations(bom, Version.VERSION_15); + } + + private void assertAnnotations(final Bom bom, final Version version) { + + if(version== Version.VERSION_15) { + List annotations = bom.getAnnotations(); + + assertEquals(annotations.size(), 1); + + Annotation annotation = annotations.get(0); + assertNotNull(annotation.getBomRef()); + assertNotNull(annotation.getText()); + assertNotNull(annotation.getTimestamp()); + + assertEquals(annotation.getSubjects().size(), 1); + assertAnnotator(annotation.getAnnotator()); + } else { + assertNull(bom.getAnnotations()); + } + } + + private void assertAnnotator(final Annotator annotator) { + assertNotNull(annotator); + assertNull(annotator.getIndividual()); + assertNull(annotator.getComponent()); + assertNull(annotator.getService()); + + assertNotNull(annotator.getOrganization()); + assertEquals(annotator.getOrganization().getName(), "Acme, Inc."); + assertEquals(annotator.getOrganization().getContacts().size(), 1); + assertEquals(annotator.getOrganization().getUrls().size(), 1); } @Test diff --git a/src/test/resources/1.5/valid-annonation-1.5.xml b/src/test/resources/1.5/valid-annonation-1.5.xml new file mode 100644 index 000000000..3f8d3a931 --- /dev/null +++ b/src/test/resources/1.5/valid-annonation-1.5.xml @@ -0,0 +1,87 @@ + + + + + Component A + 1.0.0 + + + + + + + + + + Acme, Inc. + https://example.com + + Acme Professional Services + professional.services@example.com + + + + 2020-04-07T07:01:00Z + This is a sample annotation made by an organization + + + + + + + + Samantha Wright + samantha.wright@example.com + 800-555-1212 + + + 2020-04-07T07:01:00Z + This is a sample annotation made by an person + + + + + + + + Awesome Tool + 9.1.2 + + + 2020-04-07T07:01:00Z + This is a sample annotation made by a component + + + + + + + + + Partner Org + https://partner.org + + Support + support@partner + 800-555-1212 + + + org.partner + BOM Annotation Service + 2020-Q2 + + https://partner.org/api/v1/inspect + https://partner.org/api/v1/annotate + + true + true + + pubic + + + + 2020-04-07T07:01:00Z + This is a sample annotation made by a service + + + \ No newline at end of file diff --git a/src/test/resources/1.5/valid-annotation-1.5.json b/src/test/resources/1.5/valid-annotation-1.5.json new file mode 100644 index 000000000..e2f3085aa --- /dev/null +++ b/src/test/resources/1.5/valid-annotation-1.5.json @@ -0,0 +1,102 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "bom-ref": "component-a", + "type": "library", + "name": "Component A", + "version": "1.0.0" + } + ], + "annotations": [ + { + "bom-ref": "annotation-1", + "subjects": [ + "component-a" + ], + "annotator": { + "organization": { + "name": "Acme, Inc.", + "url": [ + "https://example.com" + ], + "contact": [ + { + "name": "Acme Professional Services", + "email": "professional.services@example.com" + } + ] + } + }, + "timestamp": "2022-01-01T00:00:00Z", + "text": "This is a sample annotation made by an organization" + }, + { + "bom-ref": "annotation-2", + "subjects": [ + "component-a" + ], + "annotator": { + "individual": { + "name": "Samantha Wright", + "email": "samantha.wright@example.com", + "phone": "800-555-1212" + } + }, + "timestamp": "2022-01-01T00:00:00Z", + "text": "This is a sample annotation made by a person" + }, + { + "bom-ref": "annotation-3", + "subjects": [ + "component-a" + ], + "annotator": { + "component": { + "type": "application", + "name": "Awesome Tool", + "version": "9.1.2" + } + }, + "timestamp": "2022-01-01T00:00:00Z", + "text": "This is a sample annotation made by a component" + }, + { + "bom-ref": "annotation-4", + "subjects": [ + "component-a" + ], + "annotator": { + "service": { + "bom-ref": "b2a46a4b-8367-4bae-9820-95557cfe03a8", + "provider": { + "name": "Partner Org", + "url": [ + "https://partner.org" + ] + }, + "group": "org.partner", + "name": "BOM Annotation Service", + "version": "2020-Q2", + "endpoints": [ + "https://partner.org/api/v1/inspect", + "https://partner.org/api/v1/annotate" + ], + "authenticated": true, + "x-trust-boundary": true, + "data": [ + { + "classification": "public", + "flow": "bi-directional" + } + ] + } + }, + "timestamp": "2022-01-01T00:00:00Z", + "text": "This is a sample annotation made by a service" + } + ] +} \ No newline at end of file diff --git a/src/test/resources/bom-1.5.json b/src/test/resources/bom-1.5.json index 54f751382..eb78f9996 100644 --- a/src/test/resources/bom-1.5.json +++ b/src/test/resources/bom-1.5.json @@ -246,8 +246,8 @@ "licenses": [ { "license": { - "id": "Apache-2.0", - "url": "http://www.apache.org/licenses/LICENSE-2.0" + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" } } ], @@ -265,7 +265,7 @@ "provider": { "name": "Partner Org", "url": [ - "https://partner.org" + "https://partner.org" ], "contact": [ { @@ -280,29 +280,29 @@ "version": "2020-Q2", "description": "Provides real-time stock information", "endpoints": [ - "https://partner.org/api/v1/lookup", - "https://partner.org/api/v1/stock" + "https://partner.org/api/v1/lookup", + "https://partner.org/api/v1/stock" ], "authenticated": true, "x-trust-boundary": true, "data": [ - { - "flow": "inbound", - "classification": "PII" - }, - { - "flow": "outbound", - "classification": "PIFI" - }, - { - "flow": "bi-directional", - "classification": "pubic" - }, - { - "flow": "unknown", - "classification": "partner-data" - } - ], + { + "flow": "inbound", + "classification": "PII" + }, + { + "flow": "outbound", + "classification": "PIFI" + }, + { + "flow": "bi-directional", + "classification": "pubic" + }, + { + "flow": "unknown", + "classification": "partner-data" + } + ], "licenses": [ { "license": { @@ -311,15 +311,15 @@ } ], "externalReferences": [ - { - "type": "website", - "url": "http://partner.org" - }, - { - "type": "documentation", - "url": "http://api.partner.org/swagger" - } - ] + { + "type": "website", + "url": "http://partner.org" + }, + { + "type": "documentation", + "url": "http://api.partner.org/swagger" + } + ] } ], "dependencies": [ @@ -339,22 +339,22 @@ } ], "compositions": [ - { - "aggregate": "complete", - "assemblies": [ - "pkg:maven/partner/shaded-library@1.0" - ], - "dependencies": [ - "acme-application-1.0" - ] - }, - { - "aggregate": "unknown", - "assemblies": [ - "pkg:maven/acme/library@3.0" - ] - } - ], + { + "aggregate": "complete", + "assemblies": [ + "pkg:maven/partner/shaded-library@1.0" + ], + "dependencies": [ + "acme-application-1.0" + ] + }, + { + "aggregate": "unknown", + "assemblies": [ + "pkg:maven/acme/library@3.0" + ] + } + ], "properties": [ { "name": "Foo", @@ -412,8 +412,8 @@ { "name": "Acme, Inc.", "url": [ - "https://example.com" - ] + "https://example.com" + ] } ], "individuals": [ @@ -447,18 +447,18 @@ "lastUpdated": "2022-02-01T00:00:00.000Z" }, "affects": [ - { + { "ref": "pkg:maven/com.acme/jackson-databind@2.9.9", - "versions": [ - { - "range": "vers:semver/<2.6.7.5", - "status": "affected" - }, - { - "version": "2.9.9", - "status": "affected" - } - ] + "versions": [ + { + "range": "vers:semver/<2.6.7.5", + "status": "affected" + }, + { + "version": "2.9.9", + "status": "affected" + } + ] } ], "properties": [ @@ -480,5 +480,29 @@ } ] } + ], + "annotations": [ + { + "bom-ref": "annotation-1", + "subjects": [ + "component-a" + ], + "annotator": { + "organization": { + "name": "Acme, Inc.", + "url": [ + "https://example.com" + ], + "contact": [ + { + "name": "Acme Professional Services", + "email": "professional.services@example.com" + } + ] + } + }, + "timestamp": "2022-01-01T00:00:00Z", + "text": "This is a sample annotation made by an organization" + } ] } diff --git a/src/test/resources/bom-1.5.xml b/src/test/resources/bom-1.5.xml index e0958ed75..84ba15036 100644 --- a/src/test/resources/bom-1.5.xml +++ b/src/test/resources/bom-1.5.xml @@ -345,4 +345,23 @@ + + + + + + + + Acme, Inc. + https://example.com + + Acme Professional Services + professional.services@example.com + + + + 2020-04-07T07:01:00Z + This is a sample annotation made by an organization + + From 16498a364acb5a048b33e8287794c1d4c2f5e762 Mon Sep 17 00:00:00 2001 From: Steve Springett Date: Tue, 27 Jun 2023 11:39:11 -0500 Subject: [PATCH 23/40] Fix package name --- src/main/java/org/cyclonedx/model/Annotation.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/org/cyclonedx/model/Annotation.java b/src/main/java/org/cyclonedx/model/Annotation.java index 1f403e912..ad9698405 100644 --- a/src/main/java/org/cyclonedx/model/Annotation.java +++ b/src/main/java/org/cyclonedx/model/Annotation.java @@ -30,7 +30,7 @@ import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlRootElement; -import org.cyclonedx.util.CustomDateSerializer; +import org.cyclonedx.util.serializer.CustomDateSerializer; @JacksonXmlRootElement(localName = "annotations") @JsonIgnoreProperties(ignoreUnknown = true) From 281b9e4447bcb95534cb13cf7a23fb7f2312a6be Mon Sep 17 00:00:00 2001 From: Steve Springett Date: Tue, 27 Jun 2023 11:40:55 -0500 Subject: [PATCH 24/40] Schema updates to released versions --- src/main/resources/bom-1.5.proto | 808 ++++- src/main/resources/bom-1.5.schema.json | 2052 ++++++++++++- src/main/resources/bom-1.5.xsd | 3724 ++++++++++++++++++++---- src/main/resources/spdx.schema.json | 1055 +++---- src/main/resources/spdx.xsd | 2521 +++++++++------- 5 files changed, 7859 insertions(+), 2301 deletions(-) diff --git a/src/main/resources/bom-1.5.proto b/src/main/resources/bom-1.5.proto index d041acad8..1f493d141 100644 --- a/src/main/resources/bom-1.5.proto +++ b/src/main/resources/bom-1.5.proto @@ -4,7 +4,7 @@ import "google/protobuf/timestamp.proto"; // Specifies attributes of the text message AttachedText { - // Specifies the content type of the text. Defaults to text/plain if not specified. + // Specifies the content type of the text. Defaults to 'text/plain' if not specified. optional string content_type = 1; // Specifies the optional encoding the text is represented in optional string encoding = 2; @@ -29,7 +29,7 @@ message Bom { repeated ExternalReference external_references = 7; // Provides the ability to document dependency relationships. repeated Dependency dependencies = 8; - // Provides the ability to document aggregate completeness + // Compositions describe constituent parts (including components, services, and dependency relationships) and their completeness. The completeness of vulnerabilities expressed in a BOM may also be described. repeated Composition compositions = 9; // Vulnerabilities identified in components or services. repeated Vulnerability vulnerabilities = 10; @@ -37,6 +37,8 @@ message Bom { repeated Annotation annotations = 11; // Specifies optional, custom, properties repeated Property properties = 12; + // Describes how a component or service was manufactured or deployed. This is achieved through the use of formulas, workflows, tasks, and steps, which declare the precise steps to reproduce along with the observed formulas describing the steps which transpired in the manufacturing process. + repeated Formula formulation = 13; } enum Classification { @@ -49,7 +51,7 @@ enum Classification { CLASSIFICATION_LIBRARY = 3; // A software operating system without regard to deployment model (i.e. installed on physical hardware, virtual machine, image, etc) Refer to https://en.wikipedia.org/wiki/Operating_system CLASSIFICATION_OPERATING_SYSTEM = 4; - // A hardware device such as a processor, or chip-set. A hardware device containing firmware should include a component for the physical hardware itself, and another component of type 'firmware' or 'operating-system' (whichever is relevant), describing information about the software running on the device. + // A hardware device such as a processor, or chip-set. A hardware device containing firmware should include a component for the physical hardware itself, and another component of type 'firmware' or 'operating-system' (whichever is relevant), describing information about the software running on the device. See also the list of known device properties: https://github.com/CycloneDX/cyclonedx-property-taxonomy/blob/main/cdx/device.md CLASSIFICATION_DEVICE = 5; // A computer file. Refer to https://en.wikipedia.org/wiki/Computer_file for information about files. CLASSIFICATION_FILE = 6; @@ -57,6 +59,14 @@ enum Classification { CLASSIFICATION_CONTAINER = 7; // A special type of software that provides low-level control over a devices hardware. Refer to https://en.wikipedia.org/wiki/Firmware CLASSIFICATION_FIRMWARE = 8; + // A special type of software that operates or controls a particular type of device. Refer to https://en.wikipedia.org/wiki/Device_driver + CLASSIFICATION_DEVICE_DRIVER = 9; + // A runtime environment which interprets or executes software. This may include runtimes such as those that execute bytecode or low-code/no-code application platforms. + CLASSIFICATION_PLATFORM = 10; + // A model based on training data that can make predictions or decisions without being explicitly programmed to do so. + CLASSIFICATION_MACHINE_LEARNING_MODEL = 11; + // A collection of discrete values that convey information. + CLASSIFICATION_DATA = 12; } message Commit { @@ -93,7 +103,7 @@ message Component { string version = 9; // Specifies a description for the component optional string description = 10; - // Specifies the scope of the component. If scope is not specified, 'runtime' scope should be assumed by the consumer of the BOM + // Specifies the scope of the component. If scope is not specified, SCOPE_REQUIRED scope should be assumed by the consumer of the BOM optional Scope scope = 11; repeated Hash hashes = 12; repeated LicenseChoice licenses = 13; @@ -119,18 +129,32 @@ message Component { repeated Evidence evidence = 23; // Specifies optional release notes. optional ReleaseNotes releaseNotes = 24; + // A model card describes the intended uses of a machine learning model, potential limitations, biases, ethical considerations, training parameters, datasets used to train the model, performance metrics, and other relevant data useful for ML transparency. + optional ModelCard modelCard = 25; + // This object SHOULD be specified for any component of type `data` and MUST NOT be specified for other component types. + optional ComponentData data = 26; } -// Specifies the data classification. -message DataClassification { +// Specifies the data flow. +message DataFlow { // Specifies the flow direction of the data. - DataFlow flow = 1; - // SimpleContent value of element + DataFlowDirection flow = 1; + // Data classification tags data according to its type, sensitivity, and value if altered, stolen, or destroyed. string value = 2; + // Name for the defined data + optional string name = 3; + // Short description of the data content and usage + optional string description = 4; + // The URI, URL, or BOM-Link of the components or services the data came in from + repeated string source = 5; + // The URI, URL, or BOM-Link of the components or services the data is sent to + repeated string destination = 6; + // Data Governance + optional DataGovernance governance = 7; } // Specifies the flow direction of the data. Valid values are: inbound, outbound, bi-directional, and unknown. Direction is relative to the service. Inbound flow states that data enters the service. Outbound flow states that data leaves the service. Bi-directional states that data flows both ways, and unknown states that the direction is not known. -enum DataFlow { +enum DataFlowDirection { DATA_FLOW_NULL = 0; DATA_FLOW_INBOUND = 1; DATA_FLOW_OUTBOUND = 2; @@ -193,6 +217,52 @@ enum ExternalReferenceType { EXTERNAL_REFERENCE_TYPE_BUILD_META = 13; // URL to an automated build system EXTERNAL_REFERENCE_TYPE_BUILD_SYSTEM = 14; + // Specifies a way to contact the maintainer, supplier, or provider in the event of a security incident. Common URIs include links to a disclosure procedure, a mailto (RFC-2368) that specifies an email address, a tel (RFC-3966) that specifies a phone number, or dns (RFC-4501]) that specifies the records containing DNS Security TXT. + EXTERNAL_REFERENCE_TYPE_SECURITY_CONTACT = 15; + // Human or machine-readable statements containing facts, evidence, or testimony + EXTERNAL_REFERENCE_TYPE_ATTESTATION = 16; + // An enumeration of identified weaknesses, threats, and countermeasures, dataflow diagram (DFD), attack tree, and other supporting documentation in human-readable or machine-readable format + EXTERNAL_REFERENCE_TYPE_THREAT_MODEL = 17; + // The defined assumptions, goals, and capabilities of an adversary. + EXTERNAL_REFERENCE_TYPE_ADVERSARY_MODEL = 18; + // Identifies and analyzes the potential of future events that may negatively impact individuals, assets, and/or the environment. Risk assessments may also include judgments on the tolerability of each risk. + EXTERNAL_REFERENCE_TYPE_RISK_ASSESSMENT = 19; + // The location where a component was published to. This is often the same as "distribution" but may also include specialized publishing processes that act as an intermediary + EXTERNAL_REFERENCE_TYPE_DISTRIBUTION_INTAKE = 20; + // A Vulnerability Disclosure Report (VDR) which asserts the known and previously unknown vulnerabilities that affect a component, service, or product including the analysis and findings describing the impact (or lack of impact) that the reported vulnerability has on a component, service, or product + EXTERNAL_REFERENCE_TYPE_VULNERABILITY_ASSERTION = 21; + // A Vulnerability Exploitability eXchange (VEX) which asserts the known vulnerabilities that do not affect a product, product family, or organization, and optionally the ones that do. The VEX should include the analysis and findings describing the impact (or lack of impact) that the reported vulnerability has on the product, product family, or organization + EXTERNAL_REFERENCE_TYPE_EXPLOITABILITY_STATEMENT = 22; + // Results from an authorized simulated cyberattack on a component or service, otherwise known as a penetration test + EXTERNAL_REFERENCE_TYPE_PENTEST_REPORT = 23; + // SARIF or proprietary machine or human-readable report for which static analysis has identified code quality, security, and other potential issues with the source code + EXTERNAL_REFERENCE_TYPE_STATIC_ANALYSIS_REPORT = 24; + // Dynamic analysis report that has identified issues such as vulnerabilities and misconfigurations + EXTERNAL_REFERENCE_TYPE_DYNAMIC_ANALYSIS_REPORT = 25; + // Report generated by analyzing the call stack of a running application + EXTERNAL_REFERENCE_TYPE_RUNTIME_ANALYSIS_REPORT = 26; + // Report generated by Software Composition Analysis (SCA), container analysis, or other forms of component analysis + EXTERNAL_REFERENCE_TYPE_COMPONENT_ANALYSIS_REPORT = 27; + // Report containing a formal assessment of an organization, business unit, or team against a maturity model + EXTERNAL_REFERENCE_TYPE_MATURITY_REPORT = 28; + // Industry, regulatory, or other certification from an accredited (if applicable) certification body + EXTERNAL_REFERENCE_TYPE_CERTIFICATION_REPORT = 29; + // Report or system in which quality metrics can be obtained + EXTERNAL_REFERENCE_TYPE_QUALITY_METRICS = 30; + // Code or configuration that defines and provisions virtualized infrastructure, commonly referred to as Infrastructure as Code (IaC) + EXTERNAL_REFERENCE_TYPE_CODIFIED_INFRASTRUCTURE = 31; + // A model card describes the intended uses of a machine learning model, potential limitations, biases, ethical considerations, training parameters, datasets used to train the model, performance metrics, and other relevant data useful for ML transparency. + EXTERNAL_REFERENCE_TYPE_MODEL_CARD = 32; + // Plans of Action and Milestones (POAM) compliment an "attestation" external reference. POAM is defined by NIST as a "document that identifies tasks needing to be accomplished. It details resources required to accomplish the elements of the plan, any milestones in meeting the tasks and scheduled completion dates for the milestones". + EXTERNAL_REFERENCE_TYPE_POAM = 33; + // A record of events that occurred in a computer system or application, such as problems, errors, or information on current operations. + EXTERNAL_REFERENCE_TYPE_LOG = 34; + // Parameters or settings that may be used by other components or services. + EXTERNAL_REFERENCE_TYPE_CONFIGURATION = 35; + // Information used to substantiate a claim. + EXTERNAL_REFERENCE_TYPE_EVIDENCE = 36; + // Describes how a component or service was manufactured or deployed. + EXTERNAL_REFERENCE_TYPE_FORMULATION = 37; } enum HashAlg { @@ -282,7 +352,7 @@ message License { // Licensing details describing the licensor/licensee, license type, renewal and expiration dates, and other important metadata optional Licensing licensing = 6; // Specifies optional, custom, properties - repeated Property properties = 7; + repeated Property properties = 7; } message Licensing { @@ -315,13 +385,43 @@ enum LicensingTypeEnum { LICENSING_TYPE_NULL = 0; // A license that grants use of software solely for the purpose of education or research. LICENSING_TYPE_ACADEMIC = 1; + // A license covering use of software embedded in a specific piece of hardware. + LICENSING_TYPE_APPLIANCE = 2; + // A Client Access License (CAL) allows client computers to access services provided by server software. + LICENSING_TYPE_CLIENT_ACCESS = 3; + // A Concurrent User license (aka floating license) limits the number of licenses for a software application and licenses are shared among a larger number of users. + LICENSING_TYPE_CONCURRENT_USER = 4; + // A license where the core of a computer's processor is assigned a specific number of points. + LICENSING_TYPE_CORE_POINTS = 5; + // A license for which consumption is measured by non-standard metrics. + LICENSING_TYPE_CUSTOM_METRIC = 6; + // A license that covers a defined number of installations on computers and other types of devices. + LICENSING_TYPE_DEVICE = 7; + // A license that grants permission to install and use software for trial purposes. + LICENSING_TYPE_EVALUATION = 8; + // A license that grants access to the software to one or more pre-defined users. + LICENSING_TYPE_NAMED_USER = 9; + // A license that grants access to the software on one or more pre-defined computers or devices. + LICENSING_TYPE_NODE_LOCKED = 10; + // An Original Equipment Manufacturer license that is delivered with hardware, cannot be transferred to other hardware, and is valid for the life of the hardware. + LICENSING_TYPE_OEM = 11; + // A license where the software is sold on a one-time basis and the licensee can use a copy of the software indefinitely. + LICENSING_TYPE_PERPETUAL = 12; + // A license where each installation consumes points per processor. + LICENSING_TYPE_PROCESSOR_POINTS = 13; + // A license where the licensee pays a fee to use the software or service. + LICENSING_TYPE_SUBSCRIPTION = 14; + // A license that grants access to the software or service by a specified number of users. + LICENSING_TYPE_USER = 15; + // Another license type. + LICENSING_TYPE_OTHER = 16; } message Metadata { // The date and time (timestamp) when the document was created. optional google.protobuf.Timestamp timestamp = 1; // The tool(s) used in the creation of the BOM. - repeated Tool tools = 2; + optional Tool tools = 2; // The person(s) who created the BOM. Authors are common in BOMs created through manual processes. BOMs created through automated means may not have authors. repeated OrganizationalContact authors = 3; // The component that the BOM describes. @@ -334,6 +434,36 @@ message Metadata { optional LicenseChoice licenses = 7; // Specifies optional, custom, properties repeated Property properties = 8; + // The product lifecycle(s) that this BOM represents. + repeated Lifecycles lifecycles = 9; +} + +message Lifecycles { + oneof choice { + // A pre-defined phase in the product lifecycle. + LifecyclePhase phase = 1; + // The name of the lifecycle phase + string name = 2; + } + // The description of the lifecycle phase + optional string description = 3; +} + +enum LifecyclePhase { + // BOM produced early in the development lifecycle containing inventory of components and services that are proposed or planned to be used. The inventory may need to be procured, retrieved, or resourced prior to use. + LIFECYCLE_PHASE_DESIGN = 0; + // BOM consisting of information obtained prior to a build process and may contain source files and development artifacts and manifests. The inventory may need to be resolved and retrieved prior to use. + LIFECYCLE_PHASE_PRE_BUILD = 1; + // BOM consisting of information obtained during a build process where component inventory is available for use. The precise versions of resolved components are usually available at this time as well as the provenance of where the components were retrieved from. + LIFECYCLE_PHASE_BUILD = 2; + // BOM consisting of information obtained after a build process has completed and the resulting components(s) are available for further analysis. Built components may exist as the result of a CI/CD process, may have been installed or deployed to a system or device, and may need to be retrieved or extracted from the system or device. + LIFECYCLE_PHASE_POST_BUILD = 3; + // BOM produced that represents inventory that is running and operational. This may include staging or production environments and will generally encompass multiple SBOMs describing the applications and operating system, along with HBOMs describing the hardware that makes up the system. Operations Bill of Materials (OBOM) can provide full-stack inventory of runtime environments, configurations, and additional dependencies. + LIFECYCLE_PHASE_OPERATIONS = 4; + // BOM consisting of information observed through network discovery providing point-in-time enumeration of embedded, on-premise, and cloud-native services such as server applications, connected devices, microservices, and serverless functions. + LIFECYCLE_PHASE_DISCOVERY = 5; + // BOM containing inventory that will be, or has been retired from operations. + LIFECYCLE_PHASE_DECOMMISSION = 6; } message OrganizationalContact { @@ -343,6 +473,8 @@ message OrganizationalContact { optional string email = 2; // The phone number of the contact. optional string phone = 3; + // An optional identifier which can be used to reference the object elsewhere in the BOM. Uniqueness is enforced within all elements and children of the root-level bom element. + optional string bom_ref = 4; } message OrganizationalEntity { @@ -352,6 +484,8 @@ message OrganizationalEntity { repeated string url = 2; // A contact person at the organization. Multiple contacts are allowed. repeated OrganizationalContact contact = 3; + // An optional identifier which can be used to reference the object elsewhere in the BOM. Uniqueness is enforced within all elements and children of the root-level bom element. + optional string bom_ref = 4; } enum PatchClassification { @@ -419,7 +553,7 @@ message Service { optional bool authenticated = 8; // A boolean value indicating if use of the service crosses a trust zone or boundary. A value of true indicates that by using the service, a trust boundary is crossed. A value of false indicates that by using the service, a trust boundary is not crossed. optional bool x_trust_boundary = 9; - repeated DataClassification data = 10; + repeated DataFlow data = 10; repeated LicenseChoice licenses = 11; // Provides the ability to document external references related to the service. repeated ExternalReference external_references = 12; @@ -429,6 +563,8 @@ message Service { repeated Property properties = 14; // Specifies optional release notes. optional ReleaseNotes releaseNotes = 15; + // The name of the trust zone the service resides in. + optional string trustZone = 16; } message Swid { @@ -436,11 +572,11 @@ message Swid { string tag_id = 1; // Maps to the name of a SoftwareIdentity. string name = 2; - // Maps to the version of a SoftwareIdentity. + // Maps to the version of a SoftwareIdentity. Defaults to '0.0' if not specified. optional string version = 3; - // Maps to the tagVersion of a SoftwareIdentity. + // Maps to the tagVersion of a SoftwareIdentity. Defaults to '0' if not specified. optional int32 tag_version = 4; - // Maps to the patch of a SoftwareIdentity. + // Maps to the patch of a SoftwareIdentity. Defaults to 'false' if not specified. optional bool patch = 5; // Specifies the full content of the SWID tag. optional AttachedText text = 6; @@ -450,15 +586,20 @@ message Swid { // Specifies a tool (manual or automated). message Tool { - // The vendor of the tool used to create the BOM. - optional string vendor = 1; - // The name of the tool used to create the BOM. - optional string name = 2; - // The version of the tool used to create the BOM. - optional string version = 3; - repeated Hash hashes = 4; - // Provides the ability to document external references related to the tool. - repeated ExternalReference external_references = 5; + // DEPRECATED - DO NOT USE - The vendor of the tool used to create the BOM. + optional string vendor = 1 [deprecated = true]; + // DEPRECATED - DO NOT USE - The name of the tool used to create the BOM. + optional string name = 2 [deprecated = true]; + // DEPRECATED - DO NOT USE - The version of the tool used to create the BOM. + optional string version = 3 [deprecated = true]; + // DEPRECATED - DO NOT USE + repeated Hash hashes = 4 [deprecated = true]; + // DEPRECATED - DO NOT USE - Provides the ability to document external references related to the tool. + repeated ExternalReference external_references = 5 [deprecated = true]; + // A list of software and hardware components used as tools + repeated Component components = 6; + // A list of services used as tools. This may include microservices, function-as-a-service, and other types of network or intra-process services. + repeated Service services = 7; } // Specifies a property @@ -468,18 +609,26 @@ message Property { } enum Aggregate { - // Default, no statement about the aggregate completeness is being made + // The relationship completeness is not specified. AGGREGATE_NOT_SPECIFIED = 0; - // The aggregate composition is complete + // The relationship is complete. No further relationships including constituent components, services, or dependencies are known to exist. AGGREGATE_COMPLETE = 1; - // The aggregate composition is incomplete + // The relationship is incomplete. Additional relationships exist and may include constituent components, services, or dependencies. AGGREGATE_INCOMPLETE = 2; - // The aggregate composition is incomplete for first party components, complete for third party components + // The relationship is incomplete. Only relationships for first-party components, services, or their dependencies are represented. AGGREGATE_INCOMPLETE_FIRST_PARTY_ONLY = 3; - // The aggregate composition is incomplete for third party components, complete for first party components + // The relationship is incomplete. Only relationships for third-party components, services, or their dependencies are represented. AGGREGATE_INCOMPLETE_THIRD_PARTY_ONLY = 4; - // The aggregate composition completeness is unknown + // The relationship may be complete or incomplete. This usually signifies a 'best-effort' to obtain constituent components, services, or dependencies but the completeness is inconclusive. AGGREGATE_UNKNOWN = 5; + // The relationship is incomplete. Only relationships for first-party components, services, or their dependencies are represented, limited specifically to those that are proprietary. + AGGREGATE_INCOMPLETE_FIRST_PARTY_PROPRIETARY_ONLY = 6; + // The relationship is incomplete. Only relationships for first-party components, services, or their dependencies are represented, limited specifically to those that are opensource. + AGGREGATE_INCOMPLETE_FIRST_PARTY_OPENSOURCE_ONLY = 7; + // The relationship is incomplete. Only relationships for third-party components, services, or their dependencies are represented, limited specifically to those that are proprietary. + AGGREGATE_INCOMPLETE_THIRD_PARTY_PROPRIETARY_ONLY = 8; + // The relationship is incomplete. Only relationships for third-party components, services, or their dependencies are represented, limited specifically to those that are opensource. + AGGREGATE_INCOMPLETE_THIRD_PARTY_OPENSOURCE_ONLY = 9; } message Composition { @@ -489,6 +638,10 @@ message Composition { repeated string assemblies = 2; // The dependencies the aggregate completeness applies to repeated string dependencies = 3; + // The bom-ref identifiers of the vulnerabilities being described. + repeated string vulnerabilities = 4; + // An optional identifier which can be used to reference the composition elsewhere in the BOM. Every bom-ref MUST be unique within the BOM. + optional string bom_ref = 5; } message EvidenceCopyright { @@ -499,6 +652,82 @@ message EvidenceCopyright { message Evidence { repeated LicenseChoice licenses = 1; repeated EvidenceCopyright copyright = 2; + repeated EvidenceIdentity identity = 3; + repeated EvidenceOccurrences occurrences = 4; + optional Callstack callstack = 5; +} + +// Evidence of the components use through the callstack. +message Callstack { + repeated Frames frames = 1; + + message Frames { + // A package organizes modules into namespaces, providing a unique namespace for each type it contains. + optional string package = 1; + // A module or class that encloses functions/methods and other code. + string module = 2; + // A block of code designed to perform a particular task. + optional string function = 3; + // Optional arguments that are passed to the module or function. + repeated string parameters = 4; + // The line number the code that is called resides on. + optional int32 line = 5; + // The column the code that is called resides. + optional int32 column = 6; + // The full path and filename of the module. + optional string fullFilename = 7; + } +} + +message EvidenceIdentity { + // The identity field of the component which the evidence describes. + EvidenceFieldType field = 1; + // The overall confidence of the evidence from 0 - 1, where 1 is 100% confidence. + optional float confidence = 2; + // The methods used to extract and/or analyze the evidence. + repeated EvidenceMethods methods = 3; + // The object in the BOM identified by its bom-ref. This is often a component or service, but may be any object type supporting bom-refs. Tools used for analysis should already be defined in the BOM, either in the metadata/tools, components, or formulation. + repeated string tools = 4; +} + +message EvidenceMethods { + // The technique used in this method of analysis. + EvidenceTechnique technique = 1; + // The confidence of the evidence from 0 - 1, where 1 is 100% confidence. Confidence is specific to the technique used. Each technique of analysis can have independent confidence. + float confidence = 2; + // The value or contents of the evidence. + optional string value = 3; +} + +message EvidenceOccurrences { + // An optional identifier which can be used to reference the occurrence elsewhere in the BOM. Every bom-ref MUST be unique within the BOM. + optional string bom_ref = 1; + // The location or path to where the component was found. + string location = 2; +} + +enum EvidenceFieldType { + EVIDENCE_FIELD_NULL = 0; + EVIDENCE_FIELD_GROUP = 1; + EVIDENCE_FIELD_NAME = 2; + EVIDENCE_FIELD_VERSION = 3; + EVIDENCE_FIELD_PURL = 4; + EVIDENCE_FIELD_CPE = 5; + EVIDENCE_FIELD_SWID = 6; + EVIDENCE_FIELD_HASH = 7; +} + +enum EvidenceTechnique { + EVIDENCE_TECHNIQUE_SOURCE_CODE_ANALYSIS = 0; + EVIDENCE_TECHNIQUE_BINARY_ANALYSIS = 1; + EVIDENCE_TECHNIQUE_MANIFEST_ANALYSIS = 2; + EVIDENCE_TECHNIQUE_AST_FINGERPRINT = 3; + EVIDENCE_TECHNIQUE_HASH_COMPARISON = 4; + EVIDENCE_TECHNIQUE_INSTRUMENTATION = 5; + EVIDENCE_TECHNIQUE_DYNAMIC_ANALYSIS = 6; + EVIDENCE_TECHNIQUE_FILENAME = 7; + EVIDENCE_TECHNIQUE_ATTESTATION = 8; + EVIDENCE_TECHNIQUE_OTHER = 9; } message Note { @@ -548,7 +777,7 @@ message Vulnerability { repeated int32 cwes = 6; // A description of the vulnerability as provided by the source. optional string description = 7; - // If available, an in-depth description of the vulnerability as provided by the source organization. Details often include examples, proof-of-concepts, and other information useful in understanding root cause. + // If available, an in-depth description of the vulnerability as provided by the source organization. Details often include information useful in understanding root cause. optional string detail = 8; // Recommendations of how the vulnerability can be remediated or mitigated. optional string recommendation = 9; @@ -563,7 +792,7 @@ message Vulnerability { // Individuals or organizations credited with the discovery of the vulnerability. optional VulnerabilityCredits credits = 14; // The tool(s) used to identify, confirm, or score the vulnerability. - repeated Tool tools = 15; + optional Tool tools = 15; // An assessment of the impact and exploitability of the vulnerability. optional VulnerabilityAnalysis analysis = 16; // affects @@ -572,13 +801,26 @@ message Vulnerability { repeated Property properties = 18; // The date and time (timestamp) when the vulnerability record was rejected (if applicable). optional google.protobuf.Timestamp rejected = 19; + // Evidence used to reproduce the vulnerability. + optional ProofOfConcept proofOfConcept = 20; + // A bypass, usually temporary, of the vulnerability that reduces its likelihood and/or impact. Workarounds often involve changes to configuration or deployments. + optional string workaround = 21; +} + +message ProofOfConcept { + // Precise steps to reproduce the vulnerability. + optional string reproductionSteps = 1; + // A description of the environment in which reproduction was possible. + optional string environment = 2; + // Supporting material that helps in reproducing or understanding how reproduction is possible. This may include screenshots, payloads, and PoC exploit code. + repeated AttachedText supportingMaterial = 3; } message VulnerabilityReference { // An identifier that uniquely identifies the vulnerability. - optional string id = 1; + string id = 1; // The source that published the vulnerability. - optional Source source = 2; + Source source = 2; } message VulnerabilityRating { @@ -619,6 +861,10 @@ enum ScoreMethod { SCORE_METHOD_OWASP = 4; // Other scoring method SCORE_METHOD_OTHER = 5; + // Common Vulnerability Scoring System v3.1 - https://www.first.org/cvss/v4-0/ + SCORE_METHOD_CVSSV4 = 6; + // Stakeholder Specific Vulnerability Categorization (all versions) - https://github.com/CERTCC/SSVC + SCORE_METHOD_SSVC = 7; } message Advisory { @@ -713,7 +959,7 @@ message VulnerabilityAffectedVersions { // A version range specified in Package URL Version Range syntax (vers) which is defined at https://github.com/package-url/purl-spec/VERSION-RANGE-SPEC.rst string range = 2; } - // The vulnerability status for the version or range of versions. + // The vulnerability status for the version or range of versions. Defaults to VULNERABILITY_AFFECTED_STATUS_AFFECTED if not specified. optional VulnerabilityAffectedStatus status = 3; } @@ -748,4 +994,494 @@ message Annotation { google.protobuf.Timestamp timestamp = 4; // The textual content of the annotation. string text = 5; -} \ No newline at end of file +} + +message ModelCard { + // An optional identifier which can be used to reference the model card elsewhere in the BOM. Every bom-ref MUST be unique within the BOM. + optional string bom_ref = 1; + // Hyper-parameters for construction of the model. + optional ModelParameters modelParameters = 2; + // A quantitative analysis of the model + optional QuantitativeAnalysis quantitativeAnalysis = 3; + // What considerations should be taken into account regarding the model's construction, training, and application? + optional ModelCardConsiderations considerations = 4; + + message ModelParameters { + // The overall approach to learning used by the model for problem solving. + optional Approach approach = 1; + // Directly influences the input and/or output. Examples include classification, regression, clustering, etc. + optional string task = 2; + // The model architecture family such as transformer network, convolutional neural network, residual neural network, LSTM neural network, etc. + optional string architectureFamily = 3; + //The specific architecture of the model such as GPT-1, ResNet-50, YOLOv3, etc. + optional string modelArchitecture = 4; + // The datasets used to train and evaluate the model. + repeated Datasets datasets = 5; + // The input format(s) of the model + repeated MachineLearningInputOutputParameters inputs = 6; + // The output format(s) from the model + repeated MachineLearningInputOutputParameters outputs = 7; + + message Approach { + optional ModelParameterApproachType type = 1; + } + message Datasets { + oneof choice { + ComponentData dataset = 1; + // References a data component by the components bom-ref attribute + string ref = 2; + } + } + message MachineLearningInputOutputParameters { + // The data format for input/output to the model. Example formats include string, image, time-series + optional string format = 1; + } + } + message QuantitativeAnalysis { + // The model performance metrics being reported. Examples may include accuracy, F1 score, precision, top-3 error rates, MSC, etc. + repeated PerformanceMetrics performanceMetrics = 1; + optional GraphicsCollection graphics = 2; + + message PerformanceMetrics { + // The type of performance metric. + optional string type = 1; + // The value of the performance metric. + optional string value = 2; + // The name of the slice this metric was computed on. By default, assume this metric is not sliced. + optional string slice = 3; + // The confidence interval of the metric. + optional ConfidenceInterval confidenceInterval = 4; + + message ConfidenceInterval { + // The lower bound of the confidence interval. + optional string lowerBound = 1; + // The upper bound of the confidence interval. + optional string upperBound = 2; + } + } + } + message ModelCardConsiderations { + // Who are the intended users of the model? + repeated string users = 1; + // What are the intended use cases of the model? + repeated string useCases = 2; + // What are the known technical limitations of the model? E.g. What kind(s) of data should the model be expected not to perform well on? What are the factors that might degrade model performance? + repeated string technicalLimitations = 3; + // What are the known tradeoffs in accuracy/performance of the model? + repeated string performanceTradeoffs = 4; + // What are the ethical (or environmental) risks involved in the application of this model? + repeated EthicalConsiderations ethicalConsiderations = 5; + // How does the model affect groups at risk of being systematically disadvantaged? What are the harms and benefits to the various affected groups? + repeated FairnessAssessments fairnessAssessments = 6; + + message EthicalConsiderations { + // The name of the risk. + optional string name = 1; + // Strategy used to address this risk. + optional string mitigationStrategy = 2; + } + message FairnessAssessments { + // The groups or individuals at risk of being systematically disadvantaged by the model. + optional string groupAtRisk = 1; + // Expected benefits to the identified groups. + optional string benefits = 2; + // Expected harms to the identified groups. + optional string harms = 3; + // With respect to the benefits and harms outlined, please describe any mitigation strategy implemented. + optional string mitigationStrategy = 4; + } + } +} + +enum ModelParameterApproachType { + MODEL_PARAMETER_APPROACH_TYPE_SUPERVISED = 0; + MODEL_PARAMETER_APPROACH_TYPE_UNSUPERVISED = 1; + MODEL_PARAMETER_APPROACH_TYPE_REINFORCED_LEARNING = 2; + MODEL_PARAMETER_APPROACH_TYPE_SEMI_SUPERVISED = 3; + MODEL_PARAMETER_APPROACH_TYPE_SELF_SUPERVISED = 4; +} + +message ComponentData { + // An optional identifier which can be used to reference the dataset elsewhere in the BOM. Every bom-ref MUST be unique within the BOM. + optional string bom_ref = 1; + // The general theme or subject matter of the data being specified. + ComponentDataType type = 2; + // The name of the dataset. + optional string name = 3; + // The contents or references to the contents of the data being described. + optional ComponentDataContents contents = 4; + // Data classification tags data according to its type, sensitivity, and value if altered, stolen, or destroyed. + optional string classification = 5; + // A description of any sensitive data in a dataset. + repeated string sensitiveData = 6; + // A collection of graphics that represent various measurements. + optional GraphicsCollection graphics = 7; + // A description of the dataset. Can describe size of dataset, whether it's used for source code, training, testing, or validation, etc. + optional string description = 8; + // Data Governance + optional DataGovernance governance = 9; + + message ComponentDataContents { + // An optional way to include textual or encoded data. + optional AttachedText attachment = 1; + // The URL to where the data can be retrieved. + optional string url = 2; + // Provides the ability to document name-value parameters used for configuration. + repeated Property properties = 3; + } +} + +message DataGovernance { + // Data custodians are responsible for the safe custody, transport, and storage of data. + repeated DataGovernanceResponsibleParty custodians = 1; + // Data stewards are responsible for data content, context, and associated business rules. + repeated DataGovernanceResponsibleParty stewards = 2; + // Data owners are concerned with risk and appropriate access to data. + repeated DataGovernanceResponsibleParty owners = 3; + + message DataGovernanceResponsibleParty { + oneof choice { + OrganizationalEntity organization = 1; + OrganizationalContact contact = 2; + } + } +} + +enum ComponentDataType { + // Any type of code, code snippet, or data-as-code + COMPONENT_DATA_TYPE_SOURCE_CODE = 0; + // Parameters or settings that may be used by other components. + COMPONENT_DATA_TYPE_CONFIGURATION = 1; + // A collection of data. + COMPONENT_DATA_TYPE_DATASET = 2; + // Data that can be used to create new instances of what the definition defines. + COMPONENT_DATA_TYPE_DEFINITION = 3; + // Any other type of data that does not fit into existing definitions. + COMPONENT_DATA_TYPE_OTHER = 4; +} + +message GraphicsCollection { + // A description of this collection of graphics. + optional string description = 1; + // A collection of graphics. + repeated Graphic graphic = 2; + + message Graphic { + // The name of the graphic. + optional string name = 1; + // The graphic (vector or raster). Base64 encoding MUST be specified for binary images. + optional AttachedText image = 2; + } +} + +// Describes workflows and resources that captures rules and other aspects of how the associated BOM component or service was formed. +message Formula { + // BOM unique reference to the resource. + optional string bom_ref = 1; + // Transient components that are used in tasks that constitute one or more of this formula's workflows + repeated Component components = 2; + // Transient services that are used in tasks that constitute one or more of this formula's workflows + repeated Service services = 3; + // List of workflows that can be declared to accomplish specific orchestrated goals and independently triggered. + repeated Workflow workflows = 4; + // Domain-specific formula properties. + repeated Property properties = 5; +} + +// A specialized orchestration task. +message Workflow { + // BOM unique reference to the resource. + string bom_ref = 1; + // The unique identifier for the resource instance within its deployment context. + string uid = 2; + // The name of the resource instance. + optional string name = 3; + // A description of the resource instance. + optional string description = 4; + // Domain-specific resource instance properties. + repeated Property properties = 5; + // References to component or service resources that are used to realize the resource instance. + repeated ResourceReferenceChoice resourceReferences = 6; + // The tasks that comprise the workflow. + repeated Task tasks = 7; + // The graph of dependencies between tasks within the workflow. + repeated Dependency taskDependencies = 8; + // Indicates the types of activities performed by the set of workflow tasks. + repeated TaskType taskTypes = 9; + // The trigger that initiated the task. + optional Trigger trigger = 10; + // The sequence of steps for the task. + repeated Step steps = 11; + // Represents resources and data brought into a task at runtime by executor or task commands + repeated InputType inputs = 12; + // Represents resources and data output from a task at runtime by executor or task commands + repeated OutputType outputs = 13; + // The date and time (timestamp) when the task started. + optional google.protobuf.Timestamp timeStart = 14; + // The date and time (timestamp) when the task ended. + optional google.protobuf.Timestamp timeEnd = 15; + // A set of named filesystem or data resource shareable by workflow tasks. + repeated Workspace workspaces = 16; + // A graph of the component runtime topology for workflow's instance. + repeated Dependency runtimeTopology = 17; +} + +// Describes the inputs, sequence of steps and resources used to accomplish a task and its output. +message Task { + // BOM unique reference to the resource. + string bom_ref = 1; + // The unique identifier for the resource instance within its deployment context. + string uid = 2; + // The name of the resource instance. + optional string name = 3; + // A description of the resource instance. + optional string description = 4; + // Domain-specific task instance properties. + repeated Property properties = 5; + // References to component or service resources that are used to realize the resource instance. + repeated ResourceReferenceChoice resourceReferences = 6; + // Indicates the types of activities performed by the set of workflow tasks. + repeated TaskType taskTypes = 7; + // The trigger that initiated the task. + optional Trigger trigger = 8; + // "The sequence of steps for the task. + repeated Step steps = 9; + // Represents resources and data brought into a task at runtime by executor or task commands + repeated InputType inputs = 10; + // Represents resources and data output from a task at runtime by executor or task commands + repeated OutputType outputs = 11; + // The date and time (timestamp) when the task started. + optional google.protobuf.Timestamp timeStart = 14; + // The date and time (timestamp) when the task ended. + optional google.protobuf.Timestamp timeEnd = 15; + // A set of named filesystem or data resource shareable by workflow tasks. + repeated Workspace workspaces = 16; + // A graph of the component runtime topology for task's instance. + repeated Dependency runtimeTopology = 17; +} + +// Executes specific commands or tools in order to accomplish its owning task as part of a sequence. +message Step { + // A name for the step. + optional string name = 1; + // A description of the step. + optional string description = 2; + // Ordered list of commands or directives for the step + repeated Command commands = 3; + // Domain-specific step properties. + repeated Property properties = 4; +} + +message Command { + // A text representation of the executed command. + optional string executed = 1; + // Domain-specific command properties. + repeated Property properties = 2; +} + +// A named filesystem or data resource shareable by workflow tasks. +message Workspace { + // BOM unique reference to the resource. + string bom_ref = 1; + // The unique identifier for the resource instance within its deployment context. + string uid = 2; + // The name of the resource instance. + optional string name = 3; + // The names for the workspace as referenced by other workflow tasks. Effectively, a name mapping so other tasks can use their own local name in their steps. + repeated string aliases = 4; + // A description of the resource instance. + optional string description = 5; + // Domain-specific workspace instance properties. + repeated Property properties = 6; + // References to component or service resources that are used to realize the resource instance. + repeated ResourceReferenceChoice resourceReferences = 7; + // Describes the read-write access control for the workspace relative to the owning resource instance. + optional AccessMode accessMode = 8; + // A path to a location on disk where the workspace will be available to the associated task's steps. + optional string mountPath = 9; + // The name of a domain-specific data type the workspace represents. + optional string managedDataType = 10; + // Identifies the reference to the request for a specific volume type and parameters. + optional string volumeRequest = 11; + // Information about the actual volume instance allocated to the workspace. + optional Volume volume = 12; + + enum AccessMode { + ACCESS_MODE_READ_ONLY = 0; + ACCESS_MODE_READ_WRITE = 1; + ACCESS_MODE_READ_WRITE_ONCE = 2; + ACCESS_MODE_WRITE_ONCE = 3; + ACCESS_MODE_WRITE_ONLY = 4; + } +} + +// An identifiable, logical unit of data storage tied to a physical device. +message Volume { + // The unique identifier for the volume instance within its deployment context. + optional string uid = 1; + // The name of the volume instance + optional string name = 2; + // The volume mode for the volume instance. + optional VolumeMode mode = 3; + // The underlying path created from the actual volume. + optional string path = 4; + // The allocated size of the volume accessible to the associated workspace. This should include the scalar size as well as IEC standard unit in either decimal or binary form. + optional string sizeAllocated = 5; + // Indicates if the volume persists beyond the life of the resource it is associated with. + optional bool persistent = 6; + // Indicates if the volume is remotely (i.e., network) attached. + optional bool remote = 7; + // Domain-specific volume instance properties. + repeated Property properties = 8; + + enum VolumeMode { + VOLUME_MODE_FILESYSTEM = 0; + VOLUME_MODE_BLOCK = 1; + } +} + +// Represents a resource that can conditionally activate (or fire) tasks based upon associated events and their data. +message Trigger { + // BOM unique reference to the resource. + string bom_ref = 1; + // The unique identifier for the resource instance within its deployment context. + string uid = 2; + // The name of the resource instance. + optional string name = 3; + // A description of the resource instance. + optional string description = 4; + // Additional properties of the trigger. + repeated Property properties = 5; + // References to component or service resources that are used to realize the resource instance. + repeated ResourceReferenceChoice resourceReferences = 6; + // The source type of event which caused the trigger to fire. + TriggerType type = 7; + // The event data that caused the associated trigger to activate. + optional Event event = 8; + // Conditions + repeated Condition conditions = 9; + // The date and time (timestamp) when the trigger was activated. + optional google.protobuf.Timestamp timeActivated = 10; + // Represents resources and data brought into a task at runtime by executor or task commands + repeated InputType inputs = 11; + // Represents resources and data output from a task at runtime by executor or task commands + repeated OutputType outputs = 12; + + enum TriggerType { + TRIGGER_TYPE_MANUAL = 0; + TRIGGER_TYPE_API = 1; + TRIGGER_TYPE_WEBHOOK = 2; + TRIGGER_TYPE_SCHEDULED = 3; + } +} + +// Represents something that happened that may trigger a response. +message Event { + // The unique identifier of the event. + optional string uid = 1; + // A description of the event. + optional string description = 2; + // The date and time (timestamp) when the event was received. + optional google.protobuf.Timestamp timeReceived = 3; + // Encoding of the raw event data. + optional AttachedText data = 4; + // References the component or service that was the source of the event + optional ResourceReferenceChoice source = 5; + // References the component or service that was the target of the event + optional ResourceReferenceChoice target = 6; + // Additional properties of the event. + repeated Property properties = 7; +} + +// Type that represents various input data types and formats. +message InputType { + // A references to the component or service that provided the input to the task (e.g., reference to a service with data flow value of `inbound`) + optional ResourceReferenceChoice source = 1; + // A reference to the component or service that received or stored the input if not the task itself (e.g., a local, named storage workspace) + optional ResourceReferenceChoice target = 2; + // A reference to an independent resource provided as an input to a task by the workflow runtime. + optional ResourceReferenceChoice resource = 3; + // Inputs that have the form of parameters with names and values. + repeated Parameter parameters = 4; + // Inputs that have the form of parameters with names and values. + repeated EnvironmentVars environmentVars = 5; + // Inputs that have the form of data. + optional AttachedText data = 6; + // Additional properties of the input data. + repeated Property properties = 7; +} + +message OutputType { + // Describes the type of data output. + optional OutputTypeType type = 1; + // Component or service that generated or provided the output from the task (e.g., a build tool) + optional ResourceReferenceChoice source = 2; + // Component or service that received the output from the task (e.g., reference to an artifactory service with data flow value of `outbound`) + optional ResourceReferenceChoice target = 3; + // A reference to an independent resource generated as output by the task. + optional ResourceReferenceChoice resource = 4; + // Outputs that have the form of data. + optional AttachedText data = 5; + // Outputs that have the form of environment variables. + repeated EnvironmentVars environmentVars = 6; + // Additional properties of the output data. + repeated Property properties = 7; + + enum OutputTypeType { + OUTPUT_TYPE_ARTIFACT = 0; + OUTPUT_TYPE_ATTESTATION = 1; + OUTPUT_TYPE_LOG = 2; + OUTPUT_TYPE_EVIDENCE = 3; + OUTPUT_TYPE_METRICS = 4; + OUTPUT_TYPE_OTHER = 5; + } +} + +message ResourceReferenceChoice { + oneof choice { + string ref = 1; + ExternalReference externalReference = 2; + } +} + +// A condition that was used to determine a trigger should be activated. +message Condition { + // Describes the set of conditions which cause the trigger to activate. + optional string description = 1; + // The logical expression that was evaluated that determined the trigger should be fired. + optional string expression = 2; + // Domain-specific condition instance properties. + repeated Property properties = 3; +} + +enum TaskType { + TASK_TYPE_COPY = 0; + TASK_TYPE_CLONE = 1; + TASK_TYPE_LINT = 2; + TASK_TYPE_SCAN = 3; + TASK_TYPE_MERGE = 4; + TASK_TYPE_BUILD = 5; + TASK_TYPE_TEST = 6; + TASK_TYPE_DELIVER = 7; + TASK_TYPE_DEPLOY = 8; + TASK_TYPE_RELEASE = 9; + TASK_TYPE_CLEAN = 10; + TASK_TYPE_OTHER = 11; +} + +// A representation of a functional parameter. +message Parameter { + // The name of the parameter. + optional string name = 1; + // The value of the parameter. + optional string value = 2; + // The data type of the parameter. + optional string dataType = 3; +} + +message EnvironmentVars { + oneof choice { + Property property = 1; + string value = 2; + } +} diff --git a/src/main/resources/bom-1.5.schema.json b/src/main/resources/bom-1.5.schema.json index eb1cd1e5c..3ecc1dcdb 100644 --- a/src/main/resources/bom-1.5.schema.json +++ b/src/main/resources/bom-1.5.schema.json @@ -6,8 +6,7 @@ "$comment" : "CycloneDX JSON schema is published under the terms of the Apache License 2.0.", "required": [ "bomFormat", - "specVersion", - "version" + "specVersion" ], "additionalProperties": false, "properties": { @@ -42,6 +41,7 @@ "type": "integer", "title": "BOM Version", "description": "Whenever an existing BOM is modified, either manually or through automated processes, the version of the BOM SHOULD be incremented by 1. When a system is presented with multiple BOMs with identical serial numbers, the system SHOULD use the most recent version of the BOM. The default version is '1'.", + "minimum": 1, "default": 1, "examples": [1] }, @@ -52,7 +52,6 @@ }, "components": { "type": "array", - "additionalItems": false, "items": {"$ref": "#/definitions/component"}, "uniqueItems": true, "title": "Components", @@ -60,7 +59,6 @@ }, "services": { "type": "array", - "additionalItems": false, "items": {"$ref": "#/definitions/service"}, "uniqueItems": true, "title": "Services", @@ -68,14 +66,12 @@ }, "externalReferences": { "type": "array", - "additionalItems": false, "items": {"$ref": "#/definitions/externalReference"}, "title": "External References", "description": "External references provide a way to document systems, sites, and information that may be relevant, but are not included with the BOM. They may also establish specific relationships within or external to the BOM." }, "dependencies": { "type": "array", - "additionalItems": false, "items": {"$ref": "#/definitions/dependency"}, "uniqueItems": true, "title": "Dependencies", @@ -83,24 +79,13 @@ }, "compositions": { "type": "array", - "additionalItems": false, "items": {"$ref": "#/definitions/compositions"}, "uniqueItems": true, "title": "Compositions", - "description": "Compositions describe constituent parts (including components, services, and dependency relationships) and their completeness." - }, - "properties": { - "type": "array", - "title": "Properties", - "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL.", - "additionalItems": false, - "items": { - "$ref": "#/definitions/property" - } + "description": "Compositions describe constituent parts (including components, services, and dependency relationships) and their completeness. The completeness of vulnerabilities expressed in a BOM may also be described." }, "vulnerabilities": { "type": "array", - "additionalItems": false, "items": {"$ref": "#/definitions/vulnerability"}, "uniqueItems": true, "title": "Vulnerabilities", @@ -108,12 +93,26 @@ }, "annotations": { "type": "array", - "additionalItems": false, "items": {"$ref": "#/definitions/annotations"}, "uniqueItems": true, "title": "Annotations", "description": "Comments made by people, organizations, or tools about any object with a bom-ref, such as components, services, vulnerabilities, or the BOM itself. Unlike inventory information, annotations may contain opinion or commentary from various stakeholders. Annotations may be inline (with inventory) or externalized via BOM-Link, and may optionally be signed." }, + "formulation": { + "type": "array", + "items": {"$ref": "#/definitions/formula"}, + "uniqueItems": true, + "title": "Formulation", + "description": "Describes how a component or service was manufactured or deployed. This is achieved through the use of formulas, workflows, tasks, and steps, which declare the precise steps to reproduce along with the observed formulas describing the steps which transpired in the manufacturing process." + }, + "properties": { + "type": "array", + "title": "Properties", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL.", + "items": { + "$ref": "#/definitions/property" + } + }, "signature": { "$ref": "#/definitions/signature", "title": "Signature", @@ -122,8 +121,42 @@ }, "definitions": { "refType": { - "$comment": "Identifier-DataType for interlinked elements.", - "type": "string" + "description": "Identifier for referable and therefore interlink-able elements.", + "type": "string", + "minLength": 1, + "$comment": "value SHOULD not start with the BOM-Link intro 'urn:cdx:'" + }, + "refLinkType": { + "description": "Descriptor for an element identified by the attribute 'bom-ref' in the same BOM document.\nIn contrast to `bomLinkElementType`.", + "allOf": [{"$ref": "#/definitions/refType"}] + }, + "bomLinkDocumentType": { + "title": "BOM-Link Document", + "description": "Descriptor for another BOM document. See https://cyclonedx.org/capabilities/bomlink/", + "type": "string", + "format": "iri-reference", + "pattern": "^urn:cdx:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/[1-9][0-9]*$", + "$comment": "part of the pattern is based on `bom.serialNumber`'s pattern" + }, + "bomLinkElementType": { + "title": "BOM-Link Element", + "description": "Descriptor for an element in a BOM document. See https://cyclonedx.org/capabilities/bomlink/", + "type": "string", + "format": "iri-reference", + "pattern": "^urn:cdx:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/[1-9][0-9]*#.+$", + "$comment": "part of the pattern is based on `bom.serialNumber`'s pattern" + }, + "bomLink": { + "anyOf": [ + { + "title": "BOM-Link Document", + "$ref": "#/definitions/bomLinkDocumentType" + }, + { + "title": "BOM-Link Element", + "$ref": "#/definitions/bomLinkElementType" + } + ] }, "metadata": { "type": "object", @@ -140,7 +173,6 @@ "type": "array", "title": "Lifecycles", "description": "", - "additionalItems": false, "items": { "type": "object", "title": "Lifecycle", @@ -184,19 +216,43 @@ } ] } - }, + }, "tools": { - "type": "array", - "title": "Creation Tools", - "description": "The tool(s) used in the creation of the BOM.", - "additionalItems": false, - "items": {"$ref": "#/definitions/tool"} + "oneOf": [ + { + "type": "object", + "title": "Creation Tools", + "description": "The tool(s) used in the creation of the BOM.", + "additionalProperties": false, + "properties": { + "components": { + "type": "array", + "items": {"$ref": "#/definitions/component"}, + "uniqueItems": true, + "title": "Components", + "description": "A list of software and hardware components used as tools" + }, + "services": { + "type": "array", + "items": {"$ref": "#/definitions/service"}, + "uniqueItems": true, + "title": "Services", + "description": "A list of services used as tools. This may include microservices, function-as-a-service, and other types of network or intra-process services." + } + } + }, + { + "type": "array", + "title": "Creation Tools (legacy)", + "description": "[Deprecated] The tool(s) used in the creation of the BOM.", + "items": {"$ref": "#/definitions/tool"} + } + ] }, "authors" :{ "type": "array", "title": "Authors", "description": "The person(s) who created the BOM. Authors are common in BOMs created through manual processes. BOMs created through automated means may not have authors.", - "additionalItems": false, "items": {"$ref": "#/definitions/organizationalContact"} }, "component": { @@ -215,16 +271,13 @@ "$ref": "#/definitions/organizationalEntity" }, "licenses": { - "type": "array", "title": "BOM License(s)", - "additionalItems": false, - "items": {"$ref": "#/definitions/licenseChoice"} + "$ref": "#/definitions/licenseChoice" }, "properties": { "type": "array", "title": "Properties", "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL.", - "additionalItems": false, "items": {"$ref": "#/definitions/property"} } } @@ -232,7 +285,7 @@ "tool": { "type": "object", "title": "Tool", - "description": "Information about the automated or manual tool used", + "description": "[Deprecated] - DO NOT USE. This will be removed in a future version. This will be removed in a future version. Use component or service instead. Information about the automated or manual tool used", "additionalProperties": false, "properties": { "vendor": { @@ -252,14 +305,12 @@ }, "hashes": { "type": "array", - "additionalItems": false, "items": {"$ref": "#/definitions/hash"}, "title": "Hashes", "description": "The hashes of the tool (if applicable)." }, "externalReferences": { "type": "array", - "additionalItems": false, "items": {"$ref": "#/definitions/externalReference"}, "title": "External References", "description": "External references provide a way to document systems, sites, and information that may be relevant, but are not included with the BOM. They may also establish specific relationships within or external to the BOM." @@ -272,6 +323,11 @@ "description": "", "additionalProperties": false, "properties": { + "bom-ref": { + "$ref": "#/definitions/refType", + "title": "BOM Reference", + "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref MUST be unique within the BOM." + }, "name": { "type": "string", "title": "Name", @@ -294,7 +350,6 @@ "type": "array", "title": "Contact", "description": "A contact at the organization. Multiple contacts are allowed.", - "additionalItems": false, "items": {"$ref": "#/definitions/organizationalContact"} } } @@ -305,6 +360,11 @@ "description": "", "additionalProperties": false, "properties": { + "bom-ref": { + "$ref": "#/definitions/refType", + "title": "BOM Reference", + "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref MUST be unique within the BOM." + }, "name": { "type": "string", "title": "Name", @@ -342,13 +402,17 @@ "framework", "library", "container", + "platform", "operating-system", "device", + "device-driver", "firmware", - "file" + "file", + "machine-learning-model", + "data" ], "title": "Component Type", - "description": "Specifies the type of component. For software components, classify as application if no more specific appropriate classification is available or cannot be determined for the component. Types include:\n\n* __application__ = A software application. Refer to [https://en.wikipedia.org/wiki/Application_software](https://en.wikipedia.org/wiki/Application_software) for information about applications.\n* __framework__ = A software framework. Refer to [https://en.wikipedia.org/wiki/Software_framework](https://en.wikipedia.org/wiki/Software_framework) for information on how frameworks vary slightly from libraries.\n* __library__ = A software library. Refer to [https://en.wikipedia.org/wiki/Library_(computing)](https://en.wikipedia.org/wiki/Library_(computing))\n for information about libraries. All third-party and open source reusable components will likely be a library. If the library also has key features of a framework, then it should be classified as a framework. If not, or is unknown, then specifying library is RECOMMENDED.\n* __container__ = A packaging and/or runtime format, not specific to any particular technology, which isolates software inside the container from software outside of a container through virtualization technology. Refer to [https://en.wikipedia.org/wiki/OS-level_virtualization](https://en.wikipedia.org/wiki/OS-level_virtualization)\n* __operating-system__ = A software operating system without regard to deployment model (i.e. installed on physical hardware, virtual machine, image, etc) Refer to [https://en.wikipedia.org/wiki/Operating_system](https://en.wikipedia.org/wiki/Operating_system)\n* __device__ = A hardware device such as a processor, or chip-set. A hardware device containing firmware SHOULD include a component for the physical hardware itself, and another component of type 'firmware' or 'operating-system' (whichever is relevant), describing information about the software running on the device.\n* __firmware__ = A special type of software that provides low-level control over a devices hardware. Refer to [https://en.wikipedia.org/wiki/Firmware](https://en.wikipedia.org/wiki/Firmware)\n* __file__ = A computer file. Refer to [https://en.wikipedia.org/wiki/Computer_file](https://en.wikipedia.org/wiki/Computer_file) for information about files.", + "description": "Specifies the type of component. For software components, classify as application if no more specific appropriate classification is available or cannot be determined for the component. Types include:\n\n* __application__ = A software application. Refer to [https://en.wikipedia.org/wiki/Application_software](https://en.wikipedia.org/wiki/Application_software) for information about applications.\n* __framework__ = A software framework. Refer to [https://en.wikipedia.org/wiki/Software_framework](https://en.wikipedia.org/wiki/Software_framework) for information on how frameworks vary slightly from libraries.\n* __library__ = A software library. Refer to [https://en.wikipedia.org/wiki/Library_(computing)](https://en.wikipedia.org/wiki/Library_(computing))\n for information about libraries. All third-party and open source reusable components will likely be a library. If the library also has key features of a framework, then it should be classified as a framework. If not, or is unknown, then specifying library is RECOMMENDED.\n* __container__ = A packaging and/or runtime format, not specific to any particular technology, which isolates software inside the container from software outside of a container through virtualization technology. Refer to [https://en.wikipedia.org/wiki/OS-level_virtualization](https://en.wikipedia.org/wiki/OS-level_virtualization)\n* __platform__ = A runtime environment which interprets or executes software. This may include runtimes such as those that execute bytecode or low-code/no-code application platforms.\n* __operating-system__ = A software operating system without regard to deployment model (i.e. installed on physical hardware, virtual machine, image, etc) Refer to [https://en.wikipedia.org/wiki/Operating_system](https://en.wikipedia.org/wiki/Operating_system)\n* __device__ = A hardware device such as a processor, or chip-set. A hardware device containing firmware SHOULD include a component for the physical hardware itself, and another component of type 'firmware' or 'operating-system' (whichever is relevant), describing information about the software running on the device.\n See also the list of [known device properties](https://github.com/CycloneDX/cyclonedx-property-taxonomy/blob/main/cdx/device.md).\n* __device-driver__ = A special type of software that operates or controls a particular type of device. Refer to [https://en.wikipedia.org/wiki/Device_driver](https://en.wikipedia.org/wiki/Device_driver)\n* __firmware__ = A special type of software that provides low-level control over a devices hardware. Refer to [https://en.wikipedia.org/wiki/Firmware](https://en.wikipedia.org/wiki/Firmware)\n* __file__ = A computer file. Refer to [https://en.wikipedia.org/wiki/Computer_file](https://en.wikipedia.org/wiki/Computer_file) for information about files.\n* __machine-learning-model__ = A model based on training data that can make predictions or decisions without being explicitly programmed to do so.\n* __data__ = A collection of discrete values that convey information.", "examples": ["library"] }, "mime-type": { @@ -417,13 +481,10 @@ "hashes": { "type": "array", "title": "Component Hashes", - "additionalItems": false, "items": {"$ref": "#/definitions/hash"} }, "licenses": { - "type": "array", - "additionalItems": false, - "items": {"$ref": "#/definitions/licenseChoice"}, + "$ref": "#/definitions/licenseChoice", "title": "Component License(s)" }, "copyright": { @@ -464,35 +525,30 @@ "type": "array", "title": "Ancestors", "description": "Describes zero or more components in which a component is derived from. This is commonly used to describe forks from existing projects where the forked version contains a ancestor node containing the original component it was forked from. For example, Component A is the original component. Component B is the component being used and documented in the BOM. However, Component B contains a pedigree node with a single ancestor documenting Component A - the original component from which Component B is derived from.", - "additionalItems": false, "items": {"$ref": "#/definitions/component"} }, "descendants": { "type": "array", "title": "Descendants", "description": "Descendants are the exact opposite of ancestors. This provides a way to document all forks (and their forks) of an original or root component.", - "additionalItems": false, "items": {"$ref": "#/definitions/component"} }, "variants": { "type": "array", "title": "Variants", "description": "Variants describe relations where the relationship between the components are not known. For example, if Component A contains nearly identical code to Component B. They are both related, but it is unclear if one is derived from the other, or if they share a common ancestor.", - "additionalItems": false, "items": {"$ref": "#/definitions/component"} }, "commits": { "type": "array", "title": "Commits", "description": "A list of zero or more commits which provide a trail describing how the component deviates from an ancestor, descendant, or variant.", - "additionalItems": false, "items": {"$ref": "#/definitions/commit"} }, "patches": { "type": "array", "title": "Patches", "description": ">A list of zero or more patches describing how the component deviates from an ancestor, descendant, or variant. Patches may be complimentary to commits or may be used in place of commits.", - "additionalItems": false, "items": {"$ref": "#/definitions/patch"} }, "notes": { @@ -504,14 +560,12 @@ }, "externalReferences": { "type": "array", - "additionalItems": false, "items": {"$ref": "#/definitions/externalReference"}, "title": "External References", "description": "External references provide a way to document systems, sites, and information that may be relevant, but are not included with the BOM. They may also establish specific relationships within or external to the BOM." }, "components": { "type": "array", - "additionalItems": false, "items": {"$ref": "#/definitions/component"}, "uniqueItems": true, "title": "Components", @@ -526,12 +580,21 @@ "$ref": "#/definitions/releaseNotes", "title": "Release notes", "description": "Specifies optional release notes." + }, + "modelCard": { + "$ref": "#/definitions/modelCard", + "title": "Machine Learning Model Card" + }, + "data": { + "type": "array", + "items": {"$ref": "#/definitions/componentData"}, + "title": "Data", + "description": "This object SHOULD be specified for any component of type `data` and MUST NOT be specified for other component types." }, "properties": { "type": "array", "title": "Properties", "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL.", - "additionalItems": false, "items": {"$ref": "#/definitions/property"} }, "signature": { @@ -715,7 +778,6 @@ "type": "array", "title": "Alternate License Identifiers", "description": "License identifiers that may be used to manage licenses and their lifecycle", - "additionalItems": false, "items": { "type": "string" } @@ -723,6 +785,7 @@ "licensor": { "title": "Licensor", "description": "The individual or organization that grants a license to another individual or organization", + "type": "object", "additionalProperties": false, "properties": { "organization": { @@ -748,6 +811,7 @@ "licensee": { "title": "Licensee", "description": "The individual or organization for which a license was granted to", + "type": "object", "additionalProperties": false, "properties": { "organization": { @@ -773,6 +837,7 @@ "purchaser": { "title": "Purchaser", "description": "The individual or organization that purchased the license", + "type": "object", "additionalProperties": false, "properties": { "organization": { @@ -803,8 +868,7 @@ "licenseTypes": { "type": "array", "title": "License Type", - "description": "The type of license(s) that was granted to the licensee\n\n* __academic__ = A license that grants use of software solely for the purpose of education or research.\n* __appliance__ = A license covering use of software embedded in a specific piece of hardware.\n* __client-access__ = A Client Access License (CAL) allows client computers to access services provided by server software.\n* __concurrent-user__ = A Concurrent User license (aka floating license) limits the number of licenses for a software application and licenses are shared among a larger number of users.\n* __core-points__ = A license where the core of a computer's processor is assigned a specific number of points.\n* __custom-metric__ = A license for which consumption is measured by non-standard metrics.\n* __device__ = A license which covers a defined number of installations on computers and other types of devices.\n* __evaluation__ = A license which grants permission to install and use software for trial purposes.\n* __named-user__ = A license that grants access to the software to one or more pre-defined users.\n* __node-locked__ = A license that grants access to the software on one or more pre-defined computers or devices.\n* __oem__ = An Original Equipment Manufacturer license that is delivered with hardware, cannot be transferred to other hardware, and is valid for the life of the hardware.\n* __perpetual__ = A license where the software is sold on a one-time basis and the licensee can use a copy of the software indefinitely.\n* __processor-points__ = A license where each installation consumes points per processor.\n* __subscription__ = A license where the licensee pays a fee to use the software or service.\n* __user__ = A license that grants access to the software or service by a specified number of users.\n* __other__ = Another license type.\n", - "additionalItems": false, + "description": "The type of license(s) that was granted to the licensee\n\n* __academic__ = A license that grants use of software solely for the purpose of education or research.\n* __appliance__ = A license covering use of software embedded in a specific piece of hardware.\n* __client-access__ = A Client Access License (CAL) allows client computers to access services provided by server software.\n* __concurrent-user__ = A Concurrent User license (aka floating license) limits the number of licenses for a software application and licenses are shared among a larger number of users.\n* __core-points__ = A license where the core of a computer's processor is assigned a specific number of points.\n* __custom-metric__ = A license for which consumption is measured by non-standard metrics.\n* __device__ = A license that covers a defined number of installations on computers and other types of devices.\n* __evaluation__ = A license that grants permission to install and use software for trial purposes.\n* __named-user__ = A license that grants access to the software to one or more pre-defined users.\n* __node-locked__ = A license that grants access to the software on one or more pre-defined computers or devices.\n* __oem__ = An Original Equipment Manufacturer license that is delivered with hardware, cannot be transferred to other hardware, and is valid for the life of the hardware.\n* __perpetual__ = A license where the software is sold on a one-time basis and the licensee can use a copy of the software indefinitely.\n* __processor-points__ = A license where each installation consumes points per processor.\n* __subscription__ = A license where the licensee pays a fee to use the software or service.\n* __user__ = A license that grants access to the software or service by a specified number of users.\n* __other__ = Another license type.\n", "items": { "type": "string", "enum": [ @@ -845,36 +909,55 @@ "type": "array", "title": "Properties", "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL.", - "additionalItems": false, - "items": { - "$ref": "#/definitions/property" - } + "items": {"$ref": "#/definitions/property"} } } }, "licenseChoice": { - "type": "object", - "title": "License(s)", - "additionalProperties": false, - "properties": { - "license": { - "$ref": "#/definitions/license" - }, - "expression": { - "type": "string", - "title": "SPDX License Expression", - "examples": [ - "Apache-2.0 AND (MIT OR GPL-2.0-only)", - "GPL-3.0-only WITH Classpath-exception-2.0" - ] - } - }, - "oneOf":[ + "title": "License Choice", + "description": "EITHER (list of SPDX licenses and/or named licenses) OR (tuple of one SPDX License Expression)", + "type": "array", + "oneOf": [ { - "required": ["license"] + "title": "Multiple licenses", + "description": "A list of SPDX licenses and/or named licenses.", + "type": "array", + "items": { + "type": "object", + "required": ["license"], + "additionalProperties": false, + "properties": { + "license": {"$ref": "#/definitions/license"} + } + } }, { - "required": ["expression"] + "title": "SPDX License Expression", + "description": "A tuple of exactly one SPDX License Expression.", + "type": "array", + "additionalItems": false, + "minItems": 1, + "maxItems": 1, + "items": [{ + "type": "object", + "additionalProperties": false, + "required": ["expression"], + "properties": { + "expression": { + "type": "string", + "title": "SPDX License Expression", + "examples": [ + "Apache-2.0 AND (MIT OR GPL-2.0-only)", + "GPL-3.0-only WITH Classpath-exception-2.0" + ] + }, + "bom-ref": { + "$ref": "#/definitions/refType", + "title": "BOM Reference", + "description": "An optional identifier which can be used to reference the license elsewhere in the BOM. Every bom-ref MUST be unique within the BOM." + } + } + }] } ] }, @@ -939,7 +1022,6 @@ }, "resolves": { "type": "array", - "additionalItems": false, "items": {"$ref": "#/definitions/issue"}, "title": "Resolves", "description": "A collection of issues the patch resolves" @@ -1066,10 +1148,19 @@ "additionalProperties": false, "properties": { "url": { - "type": "string", + "anyOf": [ + { + "title": "URL", + "type": "string", + "format": "iri-reference" + }, + { + "title": "BOM-Link", + "$ref": "#/definitions/bomLink" + } + ], "title": "URL", - "description": "The URI (URL or URN) to the external reference. External references are URIs and therefore can accept any URL scheme including https ([RFC-7230](https://www.ietf.org/rfc/rfc7230.txt)), mailto ([RFC-2368](https://www.ietf.org/rfc/rfc2368.txt)), tel ([RFC-3966](https://www.ietf.org/rfc/rfc3966.txt)), and dns ([RFC-4501](https://www.ietf.org/rfc/rfc4501.txt)). External references may also include formally registered URNs such as [CycloneDX BOM-Link](https://cyclonedx.org/capabilities/bomlink/) to reference CycloneDX BOMs or any object within a BOM. BOM-Link transforms applicable external references into relationships that can be expressed in a BOM or across BOMs.", - "format": "iri-reference" + "description": "The URI (URL or URN) to the external reference. External references are URIs and therefore can accept any URL scheme including https ([RFC-7230](https://www.ietf.org/rfc/rfc7230.txt)), mailto ([RFC-2368](https://www.ietf.org/rfc/rfc2368.txt)), tel ([RFC-3966](https://www.ietf.org/rfc/rfc3966.txt)), and dns ([RFC-4501](https://www.ietf.org/rfc/rfc4501.txt)). External references may also include formally registered URNs such as [CycloneDX BOM-Link](https://cyclonedx.org/capabilities/bomlink/) to reference CycloneDX BOMs or any object within a BOM. BOM-Link transforms applicable external references into relationships that can be expressed in a BOM or across BOMs." }, "comment": { "type": "string", @@ -1079,7 +1170,7 @@ "type": { "type": "string", "title": "Type", - "description": "Specifies the type of external reference.\n\n* __vcs__ = Version Control System\n* __issue-tracker__ = Issue or defect tracking system, or an Application Lifecycle Management (ALM) system\n* __website__ = Website\n* __advisories__ = Security advisories\n* __bom__ = Bill of Materials (SBOM, OBOM, HBOM, SaaSBOM, etc)\n* __mailing-list__ = Mailing list or discussion group\n* __social__ = Social media account\n* __chat__ = Real-time chat platform\n* __documentation__ = Documentation, guides, or how-to instructions\n* __support__ = Community or commercial support\n* __distribution__ = Direct or repository download location\n* __license__ = The URL to the license file. If a license URL has been defined in the license node, it should also be defined as an external reference for completeness\n* __build-meta__ = Build-system specific meta file (i.e. pom.xml, package.json, .nuspec, etc)\n* __build-system__ = URL to an automated build system\n* __release-notes__ = URL to release notes\n* __other__ = Use this if no other types accurately describe the purpose of the external reference", + "description": "Specifies the type of external reference.\n\n* __vcs__ = Version Control System\n* __issue-tracker__ = Issue or defect tracking system, or an Application Lifecycle Management (ALM) system\n* __website__ = Website\n* __advisories__ = Security advisories\n* __bom__ = Bill of Materials (SBOM, OBOM, HBOM, SaaSBOM, etc)\n* __mailing-list__ = Mailing list or discussion group\n* __social__ = Social media account\n* __chat__ = Real-time chat platform\n* __documentation__ = Documentation, guides, or how-to instructions\n* __support__ = Community or commercial support\n* __distribution__ = Direct or repository download location\n* __distribution-intake__ = The location where a component was published to. This is often the same as \"distribution\" but may also include specialized publishing processes that act as an intermediary\n* __license__ = The URL to the license file. If a license URL has been defined in the license node, it should also be defined as an external reference for completeness\n* __build-meta__ = Build-system specific meta file (i.e. pom.xml, package.json, .nuspec, etc)\n* __build-system__ = URL to an automated build system\n* __release-notes__ = URL to release notes\n* __security-contact__ = Specifies a way to contact the maintainer, supplier, or provider in the event of a security incident. Common URIs include links to a disclosure procedure, a mailto (RFC-2368) that specifies an email address, a tel (RFC-3966) that specifies a phone number, or dns (RFC-4501) that specifies the records containing DNS Security TXT\n* __model-card__ = A model card describes the intended uses of a machine learning model, potential limitations, biases, ethical considerations, training parameters, datasets used to train the model, performance metrics, and other relevant data useful for ML transparency\n* __log__ = A record of events that occurred in a computer system or application, such as problems, errors, or information on current operations\n* __configuration__ = Parameters or settings that may be used by other components or services\n* __evidence__ = Information used to substantiate a claim\n* __formulation__ = Describes how a component or service was manufactured or deployed\n* __attestation__ = Human or machine-readable statements containing facts, evidence, or testimony\n* __threat-model__ = An enumeration of identified weaknesses, threats, and countermeasures, dataflow diagram (DFD), attack tree, and other supporting documentation in human-readable or machine-readable format\n* __adversary-model__ = The defined assumptions, goals, and capabilities of an adversary.\n* __risk-assessment__ = Identifies and analyzes the potential of future events that may negatively impact individuals, assets, and/or the environment. Risk assessments may also include judgments on the tolerability of each risk.\n* __vulnerability-assertion__ = A Vulnerability Disclosure Report (VDR) which asserts the known and previously unknown vulnerabilities that affect a component, service, or product including the analysis and findings describing the impact (or lack of impact) that the reported vulnerability has on a component, service, or product.\n* __exploitability-statement__ = A Vulnerability Exploitability eXchange (VEX) which asserts the known vulnerabilities that do not affect a product, product family, or organization, and optionally the ones that do. The VEX should include the analysis and findings describing the impact (or lack of impact) that the reported vulnerability has on the product, product family, or organization.\n* __pentest-report__ = Results from an authorized simulated cyberattack on a component or service, otherwise known as a penetration test\n* __static-analysis-report__ = SARIF or proprietary machine or human-readable report for which static analysis has identified code quality, security, and other potential issues with the source code\n* __dynamic-analysis-report__ = Dynamic analysis report that has identified issues such as vulnerabilities and misconfigurations\n* __runtime-analysis-report__ = Report generated by analyzing the call stack of a running application\n* __component-analysis-report__ = Report generated by Software Composition Analysis (SCA), container analysis, or other forms of component analysis\n* __maturity-report__ = Report containing a formal assessment of an organization, business unit, or team against a maturity model\n* __certification-report__ = Industry, regulatory, or other certification from an accredited (if applicable) certification body\n* __quality-metrics__ = Report or system in which quality metrics can be obtained\n* __codified-infrastructure__ = Code or configuration that defines and provisions virtualized infrastructure, commonly referred to as Infrastructure as Code (IaC)\n* __poam__ = Plans of Action and Milestones (POAM) compliment an \"attestation\" external reference. POAM is defined by NIST as a \"document that identifies tasks needing to be accomplished. It details resources required to accomplish the elements of the plan, any milestones in meeting the tasks and scheduled completion dates for the milestones\".\n* __other__ = Use this if no other types accurately describe the purpose of the external reference", "enum": [ "vcs", "issue-tracker", @@ -1092,17 +1183,38 @@ "documentation", "support", "distribution", + "distribution-intake", "license", "build-meta", "build-system", "release-notes", "security-contact", + "model-card", + "log", + "configuration", + "evidence", + "formulation", + "attestation", + "threat-model", + "adversary-model", + "risk-assessment", + "vulnerability-assertion", + "exploitability-statement", + "pentest-report", + "static-analysis-report", + "dynamic-analysis-report", + "runtime-analysis-report", + "component-analysis-report", + "maturity-report", + "certification-report", + "codified-infrastructure", + "quality-metrics", + "poam", "other" ] }, "hashes": { "type": "array", - "additionalItems": false, "items": {"$ref": "#/definitions/hash"}, "title": "Hashes", "description": "The hashes of the external reference (if applicable)." @@ -1112,26 +1224,25 @@ "dependency": { "type": "object", "title": "Dependency", - "description": "Defines the direct dependencies of a component. Components that do not have their own dependencies MUST be declared as empty elements within the graph. Components that are not represented in the dependency graph MAY have unknown dependencies. It is RECOMMENDED that implementations assume this to be opaque and not an indicator of a component being dependency-free.", + "description": "Defines the direct dependencies of a component or service. Components or services that do not have their own dependencies MUST be declared as empty elements within the graph. Components or services that are not represented in the dependency graph MAY have unknown dependencies. It is RECOMMENDED that implementations assume this to be opaque and not an indicator of a object being dependency-free. It is RECOMMENDED to leverage compositions to indicate unknown dependency graphs.", "required": [ "ref" ], "additionalProperties": false, "properties": { "ref": { - "$ref": "#/definitions/refType", + "$ref": "#/definitions/refLinkType", "title": "Reference", - "description": "References a component by the components bom-ref attribute" + "description": "References a component or service by its bom-ref attribute" }, "dependsOn": { "type": "array", "uniqueItems": true, - "additionalItems": false, "items": { - "$ref": "#/definitions/refType" + "$ref": "#/definitions/refLinkType" }, "title": "Depends On", - "description": "The bom-ref identifiers of the components that are dependencies of this dependency object." + "description": "The bom-ref identifiers of the components or services that are dependencies of this dependency object." } } }, @@ -1196,29 +1307,29 @@ "title": "Crosses Trust Boundary", "description": "A boolean value indicating if use of the service crosses a trust zone or boundary. A value of true indicates that by using the service, a trust boundary is crossed. A value of false indicates that by using the service, a trust boundary is not crossed." }, + "trustZone": { + "type": "string", + "title": "Trust Zone", + "description": "The name of the trust zone the service resides in." + }, "data": { "type": "array", - "additionalItems": false, - "items": {"$ref": "#/definitions/dataClassification"}, - "title": "Data Classification", - "description": "Specifies the data classification." + "items": {"$ref": "#/definitions/serviceData"}, + "title": "Data", + "description": "Specifies information about the data including the directional flow of data and the data classification." }, "licenses": { - "type": "array", - "additionalItems": false, - "items": {"$ref": "#/definitions/licenseChoice"}, + "$ref": "#/definitions/licenseChoice", "title": "Component License(s)" }, "externalReferences": { "type": "array", - "additionalItems": false, "items": {"$ref": "#/definitions/externalReference"}, "title": "External References", "description": "External references provide a way to document systems, sites, and information that may be relevant, but are not included with the BOM. They may also establish specific relationships within or external to the BOM." }, "services": { "type": "array", - "additionalItems": false, "items": {"$ref": "#/definitions/service"}, "uniqueItems": true, "title": "Services", @@ -1233,7 +1344,6 @@ "type": "array", "title": "Properties", "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL.", - "additionalItems": false, "items": {"$ref": "#/definitions/property"} }, "signature": { @@ -1243,7 +1353,7 @@ } } }, - "dataClassification": { + "serviceData": { "type": "object", "title": "Hash Objects", "required": [ @@ -1253,18 +1363,73 @@ "additionalProperties": false, "properties": { "flow": { - "$ref": "#/definitions/dataFlow", + "$ref": "#/definitions/dataFlowDirection", "title": "Directional Flow", "description": "Specifies the flow direction of the data. Direction is relative to the service. Inbound flow states that data enters the service. Outbound flow states that data leaves the service. Bi-directional states that data flows both ways, and unknown states that the direction is not known." }, "classification": { + "$ref": "#/definitions/dataClassification" + }, + "name": { + "type": "string", + "title": "Name", + "description": "Name for the defined data", + "examples": [ + "Credit card reporting" + ] + }, + "description": { "type": "string", - "title": "Classification", - "description": "Data classification tags data according to its type, sensitivity, and value if altered, stolen, or destroyed." + "title": "Description", + "description": "Short description of the data content and usage", + "examples": [ + "Credit card information being exchanged in between the web app and the database" + ] + }, + "governance": { + "type": "object", + "title": "Data Governance", + "$ref": "#/definitions/dataGovernance" + }, + "source": { + "type": "array", + "items": { + "anyOf": [ + { + "title": "URL", + "type": "string", + "format": "iri-reference" + }, + { + "title": "BOM-Link Element", + "$ref": "#/definitions/bomLinkElementType" + } + ] + }, + "title": "Source", + "description": "The URI, URL, or BOM-Link of the components or services the data came in from" + }, + "destination": { + "type": "array", + "items": { + "anyOf": [ + { + "title": "URL", + "type": "string", + "format": "iri-reference" + }, + { + "title": "BOM-Link Element", + "$ref": "#/definitions/bomLinkElementType" + } + ] + }, + "title": "Destination", + "description": "The URI, URL, or BOM-Link of the components or services the data is sent to" } } }, - "dataFlow": { + "dataFlowDirection": { "type": "string", "enum": [ "inbound", @@ -1290,22 +1455,183 @@ } } }, - "componentEvidence": { "type": "object", "title": "Evidence", "description": "Provides the ability to document evidence collected through various forms of extraction or analysis.", "additionalProperties": false, "properties": { - "licenses": { + "identity": { + "type": "object", + "description": "Evidence that substantiates the identity of a component.", + "required": [ "field" ], + "additionalProperties": false, + "properties": { + "field": { + "type": "string", + "enum": [ + "group", "name", "version", "purl", "cpe", "swid", "hash" + ], + "title": "Field", + "description": "The identity field of the component which the evidence describes." + }, + "confidence": { + "type": "number", + "minimum": 0, + "maximum": 1, + "title": "Confidence", + "description": "The overall confidence of the evidence from 0 - 1, where 1 is 100% confidence." + }, + "methods": { + "type": "array", + "title": "Methods", + "description": "The methods used to extract and/or analyze the evidence.", + "items": { + "type": "object", + "required": [ + "technique" , + "confidence" + ], + "additionalProperties": false, + "properties": { + "technique": { + "title": "Technique", + "description": "The technique used in this method of analysis.", + "type": "string", + "enum": [ + "source-code-analysis", + "binary-analysis", + "manifest-analysis", + "ast-fingerprint", + "hash-comparison", + "instrumentation", + "dynamic-analysis", + "filename", + "attestation", + "other" + ] + }, + "confidence": { + "type": "number", + "minimum": 0, + "maximum": 1, + "title": "Confidence", + "description": "The confidence of the evidence from 0 - 1, where 1 is 100% confidence. Confidence is specific to the technique used. Each technique of analysis can have independent confidence." + }, + "value": { + "type": "string", + "title": "Value", + "description": "The value or contents of the evidence." + } + } + } + }, + "tools": { + "type": "array", + "uniqueItems": true, + "items": { + "anyOf": [ + { + "title": "Ref", + "$ref": "#/definitions/refLinkType" + }, + { + "title": "BOM-Link Element", + "$ref": "#/definitions/bomLinkElementType" + } + ] + }, + "title": "BOM References", + "description": "The object in the BOM identified by its bom-ref. This is often a component or service, but may be any object type supporting bom-refs. Tools used for analysis should already be defined in the BOM, either in the metadata/tools, components, or formulation." + } + } + }, + "occurrences": { "type": "array", - "additionalItems": false, - "items": {"$ref": "#/definitions/licenseChoice"}, + "title": "Occurrences", + "description": "Evidence of individual instances of a component spread across multiple locations.", + "items": { + "type": "object", + "required": [ "location" ], + "additionalProperties": false, + "properties": { + "bom-ref": { + "$ref": "#/definitions/refType", + "title": "BOM Reference", + "description": "An optional identifier which can be used to reference the occurrence elsewhere in the BOM. Every bom-ref MUST be unique within the BOM." + }, + "location": { + "type": "string", + "title": "Location", + "description": "The location or path to where the component was found." + } + } + } + }, + "callstack": { + "type": "object", + "description": "Evidence of the components use through the callstack.", + "additionalProperties": false, + "properties": { + "frames": { + "type": "array", + "title": "Methods", + "items": { + "type": "object", + "required": [ + "module" + ], + "additionalProperties": false, + "properties": { + "package": { + "title": "Package", + "description": "A package organizes modules into namespaces, providing a unique namespace for each type it contains.", + "type": "string" + }, + "module": { + "title": "Module", + "description": "A module or class that encloses functions/methods and other code.", + "type": "string" + }, + "function": { + "title": "Function", + "description": "A block of code designed to perform a particular task.", + "type": "string" + }, + "parameters": { + "title": "Parameters", + "description": "Optional arguments that are passed to the module or function.", + "type": "array", + "items": { + "type": "string" + } + }, + "line": { + "title": "Line", + "description": "The line number the code that is called resides on.", + "type": "integer" + }, + "column": { + "title": "Column", + "description": "The column the code that is called resides.", + "type": "integer" + }, + "fullFilename": { + "title": "Full Filename", + "description": "The full path and filename of the module.", + "type": "string" + } + } + } + } + } + }, + "licenses": { + "$ref": "#/definitions/licenseChoice", "title": "Component License(s)" }, "copyright": { "type": "array", - "additionalItems": false, "items": {"$ref": "#/definitions/copyright"}, "title": "Copyright" } @@ -1319,16 +1645,30 @@ ], "additionalProperties": false, "properties": { + "bom-ref": { + "$ref": "#/definitions/refType", + "title": "BOM Reference", + "description": "An optional identifier which can be used to reference the composition elsewhere in the BOM. Every bom-ref MUST be unique within the BOM." + }, "aggregate": { "$ref": "#/definitions/aggregateType", "title": "Aggregate", - "description": "Specifies an aggregate type that describe how complete a relationship is." + "description": "Specifies an aggregate type that describe how complete a relationship is.\n\n* __complete__ = The relationship is complete. No further relationships including constituent components, services, or dependencies are known to exist.\n* __incomplete__ = The relationship is incomplete. Additional relationships exist and may include constituent components, services, or dependencies.\n* __incomplete_first_party_only__ = The relationship is incomplete. Only relationships for first-party components, services, or their dependencies are represented.\n* __incomplete_first_party_proprietary_only__ = The relationship is incomplete. Only relationships for first-party components, services, or their dependencies are represented, limited specifically to those that are proprietary.\n* __incomplete_first_party_opensource_only__ = The relationship is incomplete. Only relationships for first-party components, services, or their dependencies are represented, limited specifically to those that are opensource.\n* __incomplete_third_party_only__ = The relationship is incomplete. Only relationships for third-party components, services, or their dependencies are represented.\n* __incomplete_third_party_proprietary_only__ = The relationship is incomplete. Only relationships for third-party components, services, or their dependencies are represented, limited specifically to those that are proprietary.\n* __incomplete_third_party_opensource_only__ = The relationship is incomplete. Only relationships for third-party components, services, or their dependencies are represented, limited specifically to those that are opensource.\n* __unknown__ = The relationship may be complete or incomplete. This usually signifies a 'best-effort' to obtain constituent components, services, or dependencies but the completeness is inconclusive.\n* __not_specified__ = The relationship completeness is not specified.\n" }, "assemblies": { "type": "array", "uniqueItems": true, "items": { - "type": "string" + "anyOf": [ + { + "title": "Ref", + "$ref": "#/definitions/refLinkType" + }, + { + "title": "BOM-Link Element", + "$ref": "#/definitions/bomLinkElementType" + } + ] }, "title": "BOM references", "description": "The bom-ref identifiers of the components or services being described. Assemblies refer to nested relationships whereby a constituent part may include other constituent parts. References do not cascade to child parts. References are explicit for the specified constituent part only." @@ -1342,6 +1682,15 @@ "title": "BOM references", "description": "The bom-ref identifiers of the components or services being described. Dependencies refer to a relationship whereby an independent constituent part requires another independent constituent part. References do not cascade to transitive dependencies. References are explicit for the specified dependency only." }, + "vulnerabilities": { + "type": "array", + "uniqueItems": true, + "items": { + "type": "string" + }, + "title": "BOM references", + "description": "The bom-ref identifiers of the vulnerabilities being described." + }, "signature": { "$ref": "#/definitions/signature", "title": "Signature", @@ -1356,7 +1705,11 @@ "complete", "incomplete", "incomplete_first_party_only", + "incomplete_first_party_proprietary_only", + "incomplete_first_party_opensource_only", "incomplete_third_party_only", + "incomplete_third_party_proprietary_only", + "incomplete_third_party_opensource_only", "unknown", "not_specified" ] @@ -1364,6 +1717,7 @@ "property": { "type": "object", "title": "Lightweight name-value pair", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL.", "properties": { "name": { "type": "string", @@ -1474,14 +1828,12 @@ }, "resolves": { "type": "array", - "additionalItems": false, "items": {"$ref": "#/definitions/issue"}, "title": "Resolves", "description": "A collection of issues that have been resolved." }, "notes": { "type": "array", - "additionalItems": false, "items": {"$ref": "#/definitions/note"}, "title": "Notes", "description": "Zero or more release notes containing the locale and content. Multiple note objects may be specified to support release notes in a wide variety of languages." @@ -1490,7 +1842,6 @@ "type": "array", "title": "Properties", "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL.", - "additionalItems": false, "items": {"$ref": "#/definitions/property"} } } @@ -1538,12 +1889,14 @@ "scoreMethod": { "type": "string", "title": "Method", - "description": "Specifies the severity or risk scoring methodology or standard used.\n\n* CVSSv2 - [Common Vulnerability Scoring System v2](https://www.first.org/cvss/v2/)\n* CVSSv3 - [Common Vulnerability Scoring System v3](https://www.first.org/cvss/v3-0/)\n* CVSSv31 - [Common Vulnerability Scoring System v3.1](https://www.first.org/cvss/v3-1/)\n* OWASP - [OWASP Risk Rating Methodology](https://owasp.org/www-community/OWASP_Risk_Rating_Methodology)", + "description": "Specifies the severity or risk scoring methodology or standard used.\n\n* CVSSv2 - [Common Vulnerability Scoring System v2](https://www.first.org/cvss/v2/)\n* CVSSv3 - [Common Vulnerability Scoring System v3](https://www.first.org/cvss/v3-0/)\n* CVSSv31 - [Common Vulnerability Scoring System v3.1](https://www.first.org/cvss/v3-1/)\n* CVSSv4 - [Common Vulnerability Scoring System v4](https://www.first.org/cvss/v4-0/)\n* OWASP - [OWASP Risk Rating Methodology](https://owasp.org/www-community/OWASP_Risk_Rating_Methodology)\n* SSVC - [Stakeholder Specific Vulnerability Categorization](https://github.com/CERTCC/SSVC) (all versions)", "enum": [ "CVSSv2", "CVSSv3", "CVSSv31", + "CVSSv4", "OWASP", + "SSVC", "other" ] }, @@ -1641,7 +1994,7 @@ "vulnerability": { "type": "object", "title": "Vulnerability", - "description": "Defines a weakness in an component or service that could be exploited or triggered by a threat source.", + "description": "Defines a weakness in a component or service that could be exploited or triggered by a threat source.", "additionalProperties": false, "properties": { "bom-ref": { @@ -1667,8 +2020,8 @@ "type": "array", "title": "References", "description": "Zero or more pointers to vulnerabilities that are the equivalent of the vulnerability specified. Often times, the same vulnerability may exist in multiple sources of vulnerability intelligence, but have different identifiers. References provide a way to correlate vulnerabilities across multiple sources of vulnerability intelligence.", - "additionalItems": false, "items": { + "type": "object", "required": [ "id", "source" @@ -1696,7 +2049,6 @@ "type": "array", "title": "Ratings", "description": "List of vulnerability ratings", - "additionalItems": false, "items": { "$ref": "#/definitions/rating" } @@ -1706,7 +2058,6 @@ "title": "CWEs", "description": "List of Common Weaknesses Enumerations (CWEs) codes that describes this vulnerability. For example 399 (of https://cwe.mitre.org/data/definitions/399.html)", "examples": [399], - "additionalItems": false, "items": { "$ref": "#/definitions/cwe" } @@ -1719,18 +2070,45 @@ "detail": { "type": "string", "title": "Details", - "description": "If available, an in-depth description of the vulnerability as provided by the source organization. Details often include examples, proof-of-concepts, and other information useful in understanding root cause." + "description": "If available, an in-depth description of the vulnerability as provided by the source organization. Details often include information useful in understanding root cause." }, "recommendation": { "type": "string", - "title": "Details", + "title": "Recommendation", "description": "Recommendations of how the vulnerability can be remediated or mitigated." }, + "workaround": { + "type": "string", + "title": "Workarounds", + "description": "A bypass, usually temporary, of the vulnerability that reduces its likelihood and/or impact. Workarounds often involve changes to configuration or deployments." + }, + "proofOfConcept": { + "type": "object", + "title": "Proof of Concept", + "description": "Evidence used to reproduce the vulnerability.", + "properties": { + "reproductionSteps": { + "type": "string", + "title": "Steps to Reproduce", + "description": "Precise steps to reproduce the vulnerability." + }, + "environment": { + "type": "string", + "title": "Environment", + "description": "A description of the environment in which reproduction was possible." + }, + "supportingMaterial": { + "type": "array", + "title": "Supporting Material", + "description": "Supporting material that helps in reproducing or understanding how reproduction is possible. This may include screenshots, payloads, and PoC exploit code.", + "items": { "$ref": "#/definitions/attachment" } + } + } + }, "advisories": { "type": "array", "title": "Advisories", "description": "Published advisories of the vulnerability if provided.", - "additionalItems": false, "items": { "$ref": "#/definitions/advisory" } @@ -1769,7 +2147,6 @@ "type": "array", "title": "Organizations", "description": "The organizations credited with vulnerability discovery.", - "additionalItems": false, "items": { "$ref": "#/definitions/organizationalEntity" } @@ -1778,7 +2155,6 @@ "type": "array", "title": "Individuals", "description": "The individuals, not associated with organizations, that are credited with vulnerability discovery.", - "additionalItems": false, "items": { "$ref": "#/definitions/organizationalContact" } @@ -1786,11 +2162,36 @@ } }, "tools": { - "type": "array", - "title": "Creation Tools", - "description": "The tool(s) used to identify, confirm, or score the vulnerability.", - "additionalItems": false, - "items": {"$ref": "#/definitions/tool"} + "oneOf": [ + { + "type": "object", + "title": "Tools", + "description": "The tool(s) used to identify, confirm, or score the vulnerability.", + "additionalProperties": false, + "properties": { + "components": { + "type": "array", + "items": {"$ref": "#/definitions/component"}, + "uniqueItems": true, + "title": "Components", + "description": "A list of software and hardware components used as tools" + }, + "services": { + "type": "array", + "items": {"$ref": "#/definitions/service"}, + "uniqueItems": true, + "title": "Services", + "description": "A list of services used as tools. This may include microservices, function-as-a-service, and other types of network or intra-process services." + } + } + }, + { + "type": "array", + "title": "Tools (legacy)", + "description": "[Deprecated] The tool(s) used to identify, confirm, or score the vulnerability.", + "items": {"$ref": "#/definitions/tool"} + } + ] }, "analysis": { "type": "object", @@ -1808,7 +2209,6 @@ "type": "array", "title": "Response", "description": "A response to the vulnerability by the manufacturer, supplier, or project responsible for the affected component or service. More than one response is allowed. Responses are strongly encouraged for vulnerabilities where the analysis state is exploitable.", - "additionalItems": false, "items": { "type": "string", "enum": [ @@ -1842,15 +2242,24 @@ "affects": { "type": "array", "uniqueItems": true, - "additionalItems": false, "items": { + "type": "object", "required": [ "ref" ], "additionalProperties": false, "properties": { "ref": { - "$ref": "#/definitions/refType", + "anyOf": [ + { + "title": "Ref", + "$ref": "#/definitions/refLinkType" + }, + { + "title": "BOM-Link Element", + "$ref": "#/definitions/bomLinkElementType" + } + ], "title": "Reference", "description": "References a component or service by the objects bom-ref" }, @@ -1858,8 +2267,8 @@ "type": "array", "title": "Versions", "description": "Zero or more individual versions or range of versions.", - "additionalItems": false, "items": { + "type": "object", "oneOf": [ { "required": ["version"] @@ -1876,7 +2285,7 @@ }, "range": { "description": "A version range specified in Package URL Version Range syntax (vers) which is defined at https://github.com/package-url/purl-spec/VERSION-RANGE-SPEC.rst", - "$ref": "#/definitions/version" + "$ref": "#/definitions/range" }, "status": { "description": "The vulnerability status for the version or range of versions.", @@ -1895,7 +2304,6 @@ "type": "array", "title": "Properties", "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL.", - "additionalItems": false, "items": { "$ref": "#/definitions/property" } @@ -1943,9 +2351,17 @@ "subjects": { "type": "array", "uniqueItems": true, - "additionalItems": false, "items": { - "$ref": "#/definitions/refType" + "anyOf": [ + { + "title": "Ref", + "$ref": "#/definitions/refLinkType" + }, + { + "title": "BOM-Link Element", + "$ref": "#/definitions/bomLinkElementType" + } + ] }, "title": "BOM References", "description": "The object in the BOM identified by its bom-ref. This is often a component or service, but may be any object type supporting bom-refs." @@ -2014,10 +2430,1370 @@ } } }, + "modelCard": { + "$comment": "Model card support in CycloneDX is derived from TensorFlow Model Card Toolkit released under the Apache 2.0 license and available from https://github.com/tensorflow/model-card-toolkit/blob/main/model_card_toolkit/schema/v0.0.2/model_card.schema.json. In addition, CycloneDX model card support includes portions of VerifyML, also released under the Apache 2.0 license and available from https://github.com/cylynx/verifyml/blob/main/verifyml/model_card_toolkit/schema/v0.0.4/model_card.schema.json.", + "type": "object", + "title": "Model Card", + "description": "A model card describes the intended uses of a machine learning model and potential limitations, including biases and ethical considerations. Model cards typically contain the training parameters, which datasets were used to train the model, performance metrics, and other relevant data useful for ML transparency. This object SHOULD be specified for any component of type `machine-learning-model` and MUST NOT be specified for other component types.", + "additionalProperties": false, + "properties": { + "bom-ref": { + "$ref": "#/definitions/refType", + "title": "BOM Reference", + "description": "An optional identifier which can be used to reference the model card elsewhere in the BOM. Every bom-ref MUST be unique within the BOM." + }, + "modelParameters": { + "type": "object", + "title": "Model Parameters", + "description": "Hyper-parameters for construction of the model.", + "additionalProperties": false, + "properties": { + "approach": { + "type": "object", + "title": "Approach", + "description": "The overall approach to learning used by the model for problem solving.", + "additionalProperties": false, + "properties": { + "type": { + "type": "string", + "title": "Learning Type", + "description": "Learning types describing the learning problem or hybrid learning problem.", + "enum": [ + "supervised", + "unsupervised", + "reinforcement-learning", + "semi-supervised", + "self-supervised" + ] + } + } + }, + "task": { + "type": "string", + "title": "Task", + "description": "Directly influences the input and/or output. Examples include classification, regression, clustering, etc." + }, + "architectureFamily": { + "type": "string", + "title": "Architecture Family", + "description": "The model architecture family such as transformer network, convolutional neural network, residual neural network, LSTM neural network, etc." + }, + "modelArchitecture": { + "type": "string", + "title": "Model Architecture", + "description": "The specific architecture of the model such as GPT-1, ResNet-50, YOLOv3, etc." + }, + "datasets": { + "type": "array", + "title": "Datasets", + "description": "The datasets used to train and evaluate the model.", + "items" : { + "oneOf" : [ + { + "title": "Inline Component Data", + "$ref": "#/definitions/componentData" + }, + { + "type": "object", + "title": "Data Component Reference", + "additionalProperties": false, + "properties": { + "ref": { + "anyOf": [ + { + "title": "Ref", + "$ref": "#/definitions/refLinkType" + }, + { + "title": "BOM-Link Element", + "$ref": "#/definitions/bomLinkElementType" + } + ], + "title": "Reference", + "description": "References a data component by the components bom-ref attribute" + } + } + } + ] + } + }, + "inputs": { + "type": "array", + "title": "Inputs", + "description": "The input format(s) of the model", + "items": { "$ref": "#/definitions/inputOutputMLParameters" } + }, + "outputs": { + "type": "array", + "title": "Outputs", + "description": "The output format(s) from the model", + "items": { "$ref": "#/definitions/inputOutputMLParameters" } + } + } + }, + "quantitativeAnalysis": { + "type": "object", + "title": "Quantitative Analysis", + "description": "A quantitative analysis of the model", + "additionalProperties": false, + "properties": { + "performanceMetrics": { + "type": "array", + "title": "Performance Metrics", + "description": "The model performance metrics being reported. Examples may include accuracy, F1 score, precision, top-3 error rates, MSC, etc.", + "items": { "$ref": "#/definitions/performanceMetric" } + }, + "graphics": { "$ref": "#/definitions/graphicsCollection" } + } + }, + "considerations": { + "type": "object", + "title": "Considerations", + "description": "What considerations should be taken into account regarding the model's construction, training, and application?", + "additionalProperties": false, + "properties": { + "users": { + "type": "array", + "title": "Users", + "description": "Who are the intended users of the model?", + "items": { + "type": "string" + } + }, + "useCases": { + "type": "array", + "title": "Use Cases", + "description": "What are the intended use cases of the model?", + "items": { + "type": "string" + } + }, + "technicalLimitations": { + "type": "array", + "title": "Technical Limitations", + "description": "What are the known technical limitations of the model? E.g. What kind(s) of data should the model be expected not to perform well on? What are the factors that might degrade model performance?", + "items": { + "type": "string" + } + }, + "performanceTradeoffs": { + "type": "array", + "title": "Performance Tradeoffs", + "description": "What are the known tradeoffs in accuracy/performance of the model?", + "items": { + "type": "string" + } + }, + "ethicalConsiderations": { + "type": "array", + "title": "Ethical Considerations", + "description": "What are the ethical (or environmental) risks involved in the application of this model?", + "items": { "$ref": "#/definitions/risk" } + }, + "fairnessAssessments": { + "type": "array", + "title": "Fairness Assessments", + "description": "How does the model affect groups at risk of being systematically disadvantaged? What are the harms and benefits to the various affected groups?", + "items": { + "$ref": "#/definitions/fairnessAssessment" + } + } + } + }, + "properties": { + "type": "array", + "title": "Properties", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL.", + "items": {"$ref": "#/definitions/property"} + } + } + }, + "inputOutputMLParameters": { + "type": "object", + "title": "Input and Output Parameters", + "additionalProperties": false, + "properties": { + "format": { + "description": "The data format for input/output to the model. Example formats include string, image, time-series", + "type": "string" + } + } + }, + "componentData": { + "type": "object", + "additionalProperties": false, + "required": [ + "type" + ], + "properties": { + "bom-ref": { + "$ref": "#/definitions/refType", + "title": "BOM Reference", + "description": "An optional identifier which can be used to reference the dataset elsewhere in the BOM. Every bom-ref MUST be unique within the BOM." + }, + "type": { + "type": "string", + "title": "Type of Data", + "description": "The general theme or subject matter of the data being specified.\n\n* __source-code__ = Any type of code, code snippet, or data-as-code.\n* __configuration__ = Parameters or settings that may be used by other components.\n* __dataset__ = A collection of data.\n* __definition__ = Data that can be used to create new instances of what the definition defines.\n* __other__ = Any other type of data that does not fit into existing definitions.", + "enum": [ + "source-code", + "configuration", + "dataset", + "definition", + "other" + ] + }, + "name": { + "description": "The name of the dataset.", + "type": "string" + }, + "contents": { + "type": "object", + "title": "Data Contents", + "description": "The contents or references to the contents of the data being described.", + "additionalProperties": false, + "properties": { + "attachment": { + "title": "Data Attachment", + "description": "An optional way to include textual or encoded data.", + "$ref": "#/definitions/attachment" + }, + "url": { + "type": "string", + "title": "Data URL", + "description": "The URL to where the data can be retrieved.", + "format": "iri-reference" + }, + "properties": { + "type": "array", + "title": "Configuration Properties", + "description": "Provides the ability to document name-value parameters used for configuration.", + "items": { + "$ref": "#/definitions/property" + } + } + } + }, + "classification": { + "$ref": "#/definitions/dataClassification" + }, + "sensitiveData": { + "type": "array", + "description": "A description of any sensitive data in a dataset.", + "items": { + "type": "string" + } + }, + "graphics": { "$ref": "#/definitions/graphicsCollection" }, + "description": { + "description": "A description of the dataset. Can describe size of dataset, whether it's used for source code, training, testing, or validation, etc.", + "type": "string" + }, + "governance": { + "type": "object", + "title": "Data Governance", + "$ref": "#/definitions/dataGovernance" + } + } + }, + "dataGovernance": { + "type": "object", + "title": "Data Governance", + "additionalProperties": false, + "properties": { + "custodians": { + "type": "array", + "title": "Data Custodians", + "description": "Data custodians are responsible for the safe custody, transport, and storage of data.", + "items": { "$ref": "#/definitions/dataGovernanceResponsibleParty" } + }, + "stewards": { + "type": "array", + "title": "Data Stewards", + "description": "Data stewards are responsible for data content, context, and associated business rules.", + "items": { "$ref": "#/definitions/dataGovernanceResponsibleParty" } + }, + "owners": { + "type": "array", + "title": "Data Owners", + "description": "Data owners are concerned with risk and appropriate access to data.", + "items": { "$ref": "#/definitions/dataGovernanceResponsibleParty" } + } + } + }, + "dataGovernanceResponsibleParty": { + "type": "object", + "additionalProperties": false, + "properties": { + "organization": { + "title": "Organization", + "$ref": "#/definitions/organizationalEntity" + }, + "contact": { + "title": "Individual", + "$ref": "#/definitions/organizationalContact" + } + }, + "oneOf":[ + { + "required": ["organization"] + }, + { + "required": ["contact"] + } + ] + }, + "graphicsCollection": { + "type": "object", + "title": "Graphics Collection", + "description": "A collection of graphics that represent various measurements.", + "additionalProperties": false, + "properties": { + "description": { + "description": "A description of this collection of graphics.", + "type": "string" + }, + "collection": { + "description": "A collection of graphics.", + "type": "array", + "items": { "$ref": "#/definitions/graphic" } + } + } + }, + "graphic": { + "type": "object", + "additionalProperties": false, + "properties": { + "name": { + "description": "The name of the graphic.", + "type": "string" + }, + "image": { + "title": "Graphic Image", + "description": "The graphic (vector or raster). Base64 encoding MUST be specified for binary images.", + "$ref": "#/definitions/attachment" + } + } + }, + "performanceMetric": { + "type": "object", + "additionalProperties": false, + "properties": { + "type": { + "description": "The type of performance metric.", + "type": "string" + }, + "value": { + "description": "The value of the performance metric.", + "type": "string" + }, + "slice": { + "description": "The name of the slice this metric was computed on. By default, assume this metric is not sliced.", + "type": "string" + }, + "confidenceInterval": { + "description": "The confidence interval of the metric.", + "type": "object", + "additionalProperties": false, + "properties": { + "lowerBound": { + "description": "The lower bound of the confidence interval.", + "type": "string" + }, + "upperBound": { + "description": "The upper bound of the confidence interval.", + "type": "string" + } + } + } + } + }, + "risk": { + "type": "object", + "additionalProperties": false, + "properties": { + "name": { + "description": "The name of the risk.", + "type": "string" + }, + "mitigationStrategy": { + "description": "Strategy used to address this risk.", + "type": "string" + } + } + }, + "fairnessAssessment": { + "type": "object", + "title": "Fairness Assessment", + "description": "Information about the benefits and harms of the model to an identified at risk group.", + "additionalProperties": false, + "properties": { + "groupAtRisk": { + "type": "string", + "description": "The groups or individuals at risk of being systematically disadvantaged by the model." + }, + "benefits": { + "type": "string", + "description": "Expected benefits to the identified groups." + }, + "harms": { + "type": "string", + "description": "Expected harms to the identified groups." + }, + "mitigationStrategy": { + "type": "string", + "description": "With respect to the benefits and harms outlined, please describe any mitigation strategy implemented." + } + } + }, + "dataClassification": { + "type": "string", + "title": "Data Classification", + "description": "Data classification tags data according to its type, sensitivity, and value if altered, stolen, or destroyed." + }, + "formula": { + "title": "Formula", + "description": "Describes workflows and resources that captures rules and other aspects of how the associated BOM component or service was formed.", + "type": "object", + "additionalProperties": false, + "properties": { + "bom-ref": { + "title": "BOM Reference", + "description": "An optional identifier which can be used to reference the formula elsewhere in the BOM. Every bom-ref MUST be unique within the BOM.", + "$ref": "#/definitions/refType" + }, + "components": { + "title": "Components", + "description": "Transient components that are used in tasks that constitute one or more of this formula's workflows", + "type": "array", + "items": { + "$ref": "#/definitions/component" + }, + "uniqueItems": true + }, + "services": { + "title": "Services", + "description": "Transient services that are used in tasks that constitute one or more of this formula's workflows", + "type": "array", + "items": { + "$ref": "#/definitions/service" + }, + "uniqueItems": true + }, + "workflows": { + "title": "Workflows", + "description": "List of workflows that can be declared to accomplish specific orchestrated goals and independently triggered.", + "$comment": "Different workflows can be designed to work together to perform end-to-end CI/CD builds and deployments.", + "type": "array", + "items": { + "$ref": "#/definitions/workflow" + }, + "uniqueItems": true + }, + "properties": { + "type": "array", + "title": "Properties", + "items": { + "$ref": "#/definitions/property" + } + } + } + }, + "workflow": { + "title": "Workflow", + "description": "A specialized orchestration task.", + "$comment": "Workflow are as task themselves and can trigger other workflow tasks. These relationships can be modeled in the taskDependencies graph.", + "type": "object", + "required": [ + "bom-ref", + "uid", + "taskTypes" + ], + "additionalProperties": false, + "properties": { + "bom-ref": { + "title": "BOM Reference", + "description": "An optional identifier which can be used to reference the workflow elsewhere in the BOM. Every bom-ref MUST be unique within the BOM.", + "$ref": "#/definitions/refType" + }, + "uid": { + "title": "Unique Identifier (UID)", + "description": "The unique identifier for the resource instance within its deployment context.", + "type": "string" + }, + "name": { + "title": "Name", + "description": "The name of the resource instance.", + "type": "string" + }, + "description": { + "title": "Description", + "description": "A description of the resource instance.", + "type": "string" + }, + "resourceReferences": { + "title": "Resource references", + "description": "References to component or service resources that are used to realize the resource instance.", + "type": "array", + "uniqueItems": true, + "items": { + "$ref": "#/definitions/resourceReferenceChoice" + } + }, + "tasks": { + "title": "Tasks", + "description": "The tasks that comprise the workflow.", + "$comment": "Note that tasks can appear more than once as different instances (by name or UID).", + "type": "array", + "uniqueItems": true, + "items": { + "$ref": "#/definitions/task" + } + }, + "taskDependencies": { + "title": "Task dependency graph", + "description": "The graph of dependencies between tasks within the workflow.", + "type": "array", + "uniqueItems": true, + "items": { + "$ref": "#/definitions/dependency" + } + }, + "taskTypes": { + "title": "Task types", + "description": "Indicates the types of activities performed by the set of workflow tasks.", + "$comment": "Currently, these types reflect common CI/CD actions.", + "type": "array", + "items": { + "$ref": "#/definitions/taskType" + } + }, + "trigger": { + "title": "Trigger", + "description": "The trigger that initiated the task.", + "$ref": "#/definitions/trigger" + }, + "steps": { + "title": "Steps", + "description": "The sequence of steps for the task.", + "type": "array", + "items": { + "$ref": "#/definitions/step" + }, + "uniqueItems": true + }, + "inputs": { + "title": "Inputs", + "description": "Represents resources and data brought into a task at runtime by executor or task commands", + "examples": ["a `configuration` file which was declared as a local `component` or `externalReference`"], + "type": "array", + "items": { + "$ref": "#/definitions/inputType" + }, + "uniqueItems": true + }, + "outputs": { + "title": "Outputs", + "description": "Represents resources and data output from a task at runtime by executor or task commands", + "examples": ["a log file or metrics data produced by the task"], + "type": "array", + "items": { + "$ref": "#/definitions/outputType" + }, + "uniqueItems": true + }, + "timeStart": { + "title": "Time start", + "description": "The date and time (timestamp) when the task started.", + "type": "string", + "format": "date-time" + }, + "timeEnd": { + "title": "Time end", + "description": "The date and time (timestamp) when the task ended.", + "type": "string", + "format": "date-time" + }, + "workspaces": { + "title": "Workspaces", + "description": "A set of named filesystem or data resource shareable by workflow tasks.", + "type": "array", + "uniqueItems": true, + "items": { + "$ref": "#/definitions/workspace" + } + }, + "runtimeTopology": { + "title": "Runtime topology", + "description": "A graph of the component runtime topology for workflow's instance.", + "$comment": "A description of the runtime component and service topology. This can describe a partial or complete topology used to host and execute the task (e.g., hardware, operating systems, configurations, etc.),", + "type": "array", + "uniqueItems": true, + "items": { + "$ref": "#/definitions/dependency" + } + }, + "properties": { + "type": "array", + "title": "Properties", + "items": { + "$ref": "#/definitions/property" + } + } + } + }, + "task": { + "title": "Task", + "description": "Describes the inputs, sequence of steps and resources used to accomplish a task and its output.", + "$comment": "Tasks are building blocks for constructing assemble CI/CD workflows or pipelines.", + "type": "object", + "required": [ + "bom-ref", + "uid", + "taskTypes" + ], + "additionalProperties": false, + "properties": { + "bom-ref": { + "title": "BOM Reference", + "description": "An optional identifier which can be used to reference the task elsewhere in the BOM. Every bom-ref MUST be unique within the BOM.", + "$ref": "#/definitions/refType" + }, + "uid": { + "title": "Unique Identifier (UID)", + "description": "The unique identifier for the resource instance within its deployment context.", + "type": "string" + }, + "name": { + "title": "Name", + "description": "The name of the resource instance.", + "type": "string" + }, + "description": { + "title": "Description", + "description": "A description of the resource instance.", + "type": "string" + }, + "resourceReferences": { + "title": "Resource references", + "description": "References to component or service resources that are used to realize the resource instance.", + "type": "array", + "uniqueItems": true, + "items": { + "$ref": "#/definitions/resourceReferenceChoice" + } + }, + "taskTypes": { + "title": "Task types", + "description": "Indicates the types of activities performed by the set of workflow tasks.", + "$comment": "Currently, these types reflect common CI/CD actions.", + "type": "array", + "items": { + "$ref": "#/definitions/taskType" + } + }, + "trigger": { + "title": "Trigger", + "description": "The trigger that initiated the task.", + "$ref": "#/definitions/trigger" + }, + "steps": { + "title": "Steps", + "description": "The sequence of steps for the task.", + "type": "array", + "items": { + "$ref": "#/definitions/step" + }, + "uniqueItems": true + }, + "inputs": { + "title": "Inputs", + "description": "Represents resources and data brought into a task at runtime by executor or task commands", + "examples": ["a `configuration` file which was declared as a local `component` or `externalReference`"], + "type": "array", + "items": { + "$ref": "#/definitions/inputType" + }, + "uniqueItems": true + }, + "outputs": { + "title": "Outputs", + "description": "Represents resources and data output from a task at runtime by executor or task commands", + "examples": ["a log file or metrics data produced by the task"], + "type": "array", + "items": { + "$ref": "#/definitions/outputType" + }, + "uniqueItems": true + }, + "timeStart": { + "title": "Time start", + "description": "The date and time (timestamp) when the task started.", + "type": "string", + "format": "date-time" + }, + "timeEnd": { + "title": "Time end", + "description": "The date and time (timestamp) when the task ended.", + "type": "string", + "format": "date-time" + }, + "workspaces": { + "title": "Workspaces", + "description": "A set of named filesystem or data resource shareable by workflow tasks.", + "type": "array", + "items": { + "$ref": "#/definitions/workspace" + }, + "uniqueItems": true + }, + "runtimeTopology": { + "title": "Runtime topology", + "description": "A graph of the component runtime topology for task's instance.", + "$comment": "A description of the runtime component and service topology. This can describe a partial or complete topology used to host and execute the task (e.g., hardware, operating systems, configurations, etc.),", + "type": "array", + "items": { + "$ref": "#/definitions/dependency" + }, + "uniqueItems": true + }, + "properties": { + "type": "array", + "title": "Properties", + "items": { + "$ref": "#/definitions/property" + } + } + } + }, + "step": { + "type": "object", + "description": "Executes specific commands or tools in order to accomplish its owning task as part of a sequence.", + "additionalProperties": false, + "properties": { + "name": { + "title": "Name", + "description": "A name for the step.", + "type": "string" + }, + "description": { + "title": "Description", + "description": "A description of the step.", + "type": "string" + }, + "commands": { + "title": "Commands", + "description": "Ordered list of commands or directives for the step", + "type": "array", + "items": { + "$ref": "#/definitions/command" + } + }, + "properties": { + "type": "array", + "title": "Properties", + "items": { + "$ref": "#/definitions/property" + } + } + } + }, + "command": { + "type": "object", + "additionalProperties": false, + "properties": { + "executed": { + "title": "Executed", + "description": "A text representation of the executed command.", + "type": "string" + }, + "properties": { + "type": "array", + "title": "Properties", + "items": { + "$ref": "#/definitions/property" + } + } + } + }, + "workspace": { + "title": "Workspace", + "description": "A named filesystem or data resource shareable by workflow tasks.", + "type": "object", + "required": [ + "bom-ref", + "uid" + ], + "additionalProperties": false, + "properties": { + "bom-ref": { + "title": "BOM Reference", + "description": "An optional identifier which can be used to reference the workspace elsewhere in the BOM. Every bom-ref MUST be unique within the BOM.", + "$ref": "#/definitions/refType" + }, + "uid": { + "title": "Unique Identifier (UID)", + "description": "The unique identifier for the resource instance within its deployment context.", + "type": "string" + }, + "name": { + "title": "Name", + "description": "The name of the resource instance.", + "type": "string" + }, + "aliases": { + "title": "Aliases", + "description": "The names for the workspace as referenced by other workflow tasks. Effectively, a name mapping so other tasks can use their own local name in their steps.", + "type": "array", + "items": {"type": "string"} + }, + "description": { + "title": "Description", + "description": "A description of the resource instance.", + "type": "string" + }, + "resourceReferences": { + "title": "Resource references", + "description": "References to component or service resources that are used to realize the resource instance.", + "type": "array", + "uniqueItems": true, + "items": { + "$ref": "#/definitions/resourceReferenceChoice" + } + }, + "accessMode": { + "title": "Access mode", + "description": "Describes the read-write access control for the workspace relative to the owning resource instance.", + "type": "string", + "enum": [ + "read-only", + "read-write", + "read-write-once", + "write-once", + "write-only" + ] + }, + "mountPath": { + "title": "Mount path", + "description": "A path to a location on disk where the workspace will be available to the associated task's steps.", + "type": "string" + }, + "managedDataType": { + "title": "Managed data type", + "description": "The name of a domain-specific data type the workspace represents.", + "$comment": "This property is for CI/CD frameworks that are able to provide access to structured, managed data at a more granular level than a filesystem.", + "examples": ["ConfigMap","Secret"], + "type": "string" + }, + "volumeRequest": { + "title": "Volume request", + "description": "Identifies the reference to the request for a specific volume type and parameters.", + "examples": ["a kubernetes Persistent Volume Claim (PVC) name"], + "type": "string" + }, + "volume": { + "title": "Volume", + "description": "Information about the actual volume instance allocated to the workspace.", + "$comment": "The actual volume allocated may be different than the request.", + "examples": ["see https://kubernetes.io/docs/concepts/storage/persistent-volumes/"], + "$ref": "#/definitions/volume" + }, + "properties": { + "type": "array", + "title": "Properties", + "items": { + "$ref": "#/definitions/property" + } + } + } + }, + "volume": { + "title": "Volume", + "description": "An identifiable, logical unit of data storage tied to a physical device.", + "type": "object", + "additionalProperties": false, + "properties": { + "uid": { + "title": "Unique Identifier (UID)", + "description": "The unique identifier for the volume instance within its deployment context.", + "type": "string" + }, + "name": { + "title": "Name", + "description": "The name of the volume instance", + "type": "string" + }, + "mode": { + "title": "Mode", + "description": "The mode for the volume instance.", + "type": "string", + "enum": [ + "filesystem", "block" + ], + "default": "filesystem" + }, + "path": { + "title": "Path", + "description": "The underlying path created from the actual volume.", + "type": "string" + }, + "sizeAllocated": { + "title": "Size allocated", + "description": "The allocated size of the volume accessible to the associated workspace. This should include the scalar size as well as IEC standard unit in either decimal or binary form.", + "examples": ["10GB", "2Ti", "1Pi"], + "type": "string" + }, + "persistent": { + "title": "Persistent", + "description": "Indicates if the volume persists beyond the life of the resource it is associated with.", + "type": "boolean" + }, + "remote": { + "title": "Remote", + "description": "Indicates if the volume is remotely (i.e., network) attached.", + "type": "boolean" + }, + "properties": { + "type": "array", + "title": "Properties", + "items": { + "$ref": "#/definitions/property" + } + } + } + }, + "trigger": { + "title": "Trigger", + "description": "Represents a resource that can conditionally activate (or fire) tasks based upon associated events and their data.", + "type": "object", + "additionalProperties": false, + "required": [ + "type", + "bom-ref", + "uid" + ], + "properties": { + "bom-ref": { + "title": "BOM Reference", + "description": "An optional identifier which can be used to reference the trigger elsewhere in the BOM. Every bom-ref MUST be unique within the BOM.", + "$ref": "#/definitions/refType" + }, + "uid": { + "title": "Unique Identifier (UID)", + "description": "The unique identifier for the resource instance within its deployment context.", + "type": "string" + }, + "name": { + "title": "Name", + "description": "The name of the resource instance.", + "type": "string" + }, + "description": { + "title": "Description", + "description": "A description of the resource instance.", + "type": "string" + }, + "resourceReferences": { + "title": "Resource references", + "description": "References to component or service resources that are used to realize the resource instance.", + "type": "array", + "uniqueItems": true, + "items": { + "$ref": "#/definitions/resourceReferenceChoice" + } + }, + "type": { + "title": "Type", + "description": "The source type of event which caused the trigger to fire.", + "type": "string", + "enum": [ + "manual", + "api", + "webhook", + "scheduled" + ] + }, + "event": { + "title": "Event", + "description": "The event data that caused the associated trigger to activate.", + "$ref": "#/definitions/event" + }, + "conditions": { + "type": "array", + "uniqueItems": true, + "items": { + "$ref": "#/definitions/condition" + } + }, + "timeActivated": { + "title": "Time activated", + "description": "The date and time (timestamp) when the trigger was activated.", + "type": "string", + "format": "date-time" + }, + "inputs": { + "title": "Inputs", + "description": "Represents resources and data brought into a task at runtime by executor or task commands", + "examples": ["a `configuration` file which was declared as a local `component` or `externalReference`"], + "type": "array", + "items": { + "$ref": "#/definitions/inputType" + }, + "uniqueItems": true + }, + "outputs": { + "title": "Outputs", + "description": "Represents resources and data output from a task at runtime by executor or task commands", + "examples": ["a log file or metrics data produced by the task"], + "type": "array", + "items": { + "$ref": "#/definitions/outputType" + }, + "uniqueItems": true + }, + "properties": { + "type": "array", + "title": "Properties", + "items": { + "$ref": "#/definitions/property" + } + } + } + }, + "event": { + "title": "Event", + "description": "Represents something that happened that may trigger a response.", + "type": "object", + "additionalProperties": false, + "properties": { + "uid": { + "title": "Unique Identifier (UID)", + "description": "The unique identifier of the event.", + "type": "string" + }, + "description": { + "title": "Description", + "description": "A description of the event.", + "type": "string" + }, + "timeReceived": { + "title": "Time Received", + "description": "The date and time (timestamp) when the event was received.", + "type": "string", + "format": "date-time" + }, + "data": { + "title": "Data", + "description": "Encoding of the raw event data.", + "$ref": "#/definitions/attachment" + }, + "source": { + "title": "Source", + "description": "References the component or service that was the source of the event", + "$ref": "#/definitions/resourceReferenceChoice" + }, + "target": { + "title": "Target", + "description": "References the component or service that was the target of the event", + "$ref": "#/definitions/resourceReferenceChoice" + }, + "properties": { + "type": "array", + "title": "Properties", + "items": { + "$ref": "#/definitions/property" + } + } + } + }, + "inputType": { + "title": "Input type", + "description": "Type that represents various input data types and formats.", + "type": "object", + "oneOf": [ + { + "required": [ + "resource" + ] + }, + { + "required": [ + "parameters" + ] + }, + { + "required": [ + "environmentVars" + ] + }, + { + "required": [ + "data" + ] + } + ], + "additionalProperties": false, + "properties": { + "source": { + "title": "Source", + "description": "A references to the component or service that provided the input to the task (e.g., reference to a service with data flow value of `inbound`)", + "examples": [ + "source code repository", + "database" + ], + "$ref": "#/definitions/resourceReferenceChoice" + }, + "target": { + "title": "Target", + "description": "A reference to the component or service that received or stored the input if not the task itself (e.g., a local, named storage workspace)", + "examples": [ + "workspace", + "directory" + ], + "$ref": "#/definitions/resourceReferenceChoice" + }, + "resource": { + "title": "Resource", + "description": "A reference to an independent resource provided as an input to a task by the workflow runtime.", + "examples": [ + "reference to a configuration file in a repository (i.e., a bom-ref)", + "reference to a scanning service used in a task (i.e., a bom-ref)" + ], + "$ref": "#/definitions/resourceReferenceChoice" + }, + "parameters": { + "title": "Parameters", + "description": "Inputs that have the form of parameters with names and values.", + "type": "array", + "uniqueItems": true, + "items": { + "$ref": "#/definitions/parameter" + } + }, + "environmentVars": { + "title": "Environment variables", + "description": "Inputs that have the form of parameters with names and values.", + "type": "array", + "uniqueItems": true, + "items": { + "oneOf": [ + { + "$ref": "#/definitions/property" + }, + { + "type": "string" + } + ] + } + }, + "data": { + "title": "Data", + "description": "Inputs that have the form of data.", + "$ref": "#/definitions/attachment" + }, + "properties": { + "type": "array", + "title": "Properties", + "items": { + "$ref": "#/definitions/property" + } + } + } + }, + "outputType": { + "type": "object", + "oneOf": [ + { + "required": [ + "resource" + ] + }, + { + "required": [ + "environmentVars" + ] + }, + { + "required": [ + "data" + ] + } + ], + "additionalProperties": false, + "properties": { + "type": { + "title": "Type", + "description": "Describes the type of data output.", + "type": "string", + "enum": [ + "artifact", + "attestation", + "log", + "evidence", + "metrics", + "other" + ] + }, + "source": { + "title": "Source", + "description": "Component or service that generated or provided the output from the task (e.g., a build tool)", + "$ref": "#/definitions/resourceReferenceChoice" + }, + "target": { + "title": "Target", + "description": "Component or service that received the output from the task (e.g., reference to an artifactory service with data flow value of `outbound`)", + "examples": ["a log file described as an `externalReference` within its target domain."], + "$ref": "#/definitions/resourceReferenceChoice" + }, + "resource": { + "title": "Resource", + "description": "A reference to an independent resource generated as output by the task.", + "examples": [ + "configuration file", + "source code", + "scanning service" + ], + "$ref": "#/definitions/resourceReferenceChoice" + }, + "data": { + "title": "Data", + "description": "Outputs that have the form of data.", + "$ref": "#/definitions/attachment" + }, + "environmentVars": { + "title": "Environment variables", + "description": "Outputs that have the form of environment variables.", + "type": "array", + "items": { + "oneOf": [ + { + "$ref": "#/definitions/property" + }, + { + "type": "string" + } + ] + }, + "uniqueItems": true + }, + "properties": { + "type": "array", + "title": "Properties", + "items": { + "$ref": "#/definitions/property" + } + } + } + }, + "resourceReferenceChoice": { + "title": "Resource reference choice", + "description": "A reference to a locally defined resource (e.g., a bom-ref) or an externally accessible resource.", + "$comment": "Enables reference to a resource that participates in a workflow; using either internal (bom-ref) or external (externalReference) types.", + "type": "object", + "additionalProperties": false, + "properties": { + "ref": { + "title": "BOM Reference", + "description": "References an object by its bom-ref attribute", + "anyOf": [ + { + "title": "Ref", + "$ref": "#/definitions/refLinkType" + }, + { + "title": "BOM-Link Element", + "$ref": "#/definitions/bomLinkElementType" + } + ] + }, + "externalReference": { + "title": "External reference", + "description": "Reference to an externally accessible resource.", + "$ref": "#/definitions/externalReference" + } + }, + "oneOf": [ + { + "required": [ + "ref" + ] + }, + { + "required": [ + "externalReference" + ] + } + ] + }, + "condition": { + "title": "Condition", + "description": "A condition that was used to determine a trigger should be activated.", + "type": "object", + "additionalProperties": false, + "properties": { + "description": { + "title": "Description", + "description": "Describes the set of conditions which cause the trigger to activate.", + "type": "string" + }, + "expression": { + "title": "Expression", + "description": "The logical expression that was evaluated that determined the trigger should be fired.", + "type": "string" + }, + "properties": { + "type": "array", + "title": "Properties", + "items": { + "$ref": "#/definitions/property" + } + } + } + }, + "taskType": { + "type": "string", + "enum": [ + "copy", + "clone", + "lint", + "scan", + "merge", + "build", + "test", + "deliver", + "deploy", + "release", + "clean", + "other" + ] + }, + "parameter": { + "title": "Parameter", + "description": "A representation of a functional parameter.", + "type": "object", + "additionalProperties": false, + "properties": { + "name": { + "title": "Name", + "description": "The name of the parameter.", + "type": "string" + }, + "value": { + "title": "Value", + "description": "The value of the parameter.", + "type": "string" + }, + "dataType": { + "title": "Data type", + "description": "The data type of the parameter.", + "type": "string" + } + } + }, "signature": { "$ref": "jsf-0.82.schema.json#/definitions/signature", "title": "Signature", "description": "Enveloped signature in [JSON Signature Format (JSF)](https://cyberphone.github.io/doc/security/jsf.html)." } } -} \ No newline at end of file +} diff --git a/src/main/resources/bom-1.5.xsd b/src/main/resources/bom-1.5.xsd index d0f0d4168..94c238712 100644 --- a/src/main/resources/bom-1.5.xsd +++ b/src/main/resources/bom-1.5.xsd @@ -37,9 +37,49 @@ limitations under the License. - Identifier-DataType for interlinked elements. + Identifier for referable and therefore interlink-able elements. - + + + + + + + + + Descriptor for an element identified by the attribute "bom-ref" in the same BOM document. + In contrast to `bomLinkElementType`. + + + + + + + + + Descriptor for another BOM document. + See https://cyclonedx.org/capabilities/bomlink/ + + + + + + + + + + + Descriptor for an element in another BOM document. + See https://cyclonedx.org/capabilities/bomlink/ + + + + + + + + + @@ -96,9 +136,27 @@ limitations under the License. The tool(s) used in the creation of the BOM. - - - + + + + + DEPRECATED. Use tools\components or tools\services instead. + + + + + + + A list of software and hardware components used as tools. + + + + + A list of services used as tools. + + + + @@ -131,7 +189,7 @@ limitations under the License. - Provides the ability to document properties in a key/value store. + Provides the ability to document properties in a name/value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the @@ -249,6 +307,14 @@ limitations under the License. + + + + An optional identifier which can be used to reference the object elsewhere in the BOM. + Uniqueness is enforced within all elements and children of the root-level bom element. + + + User-defined attributes may be used on this element as long as they @@ -330,6 +396,14 @@ limitations under the License. + + + + An optional identifier which can be used to reference the object elsewhere in the BOM. + Uniqueness is enforced within all elements and children of the root-level bom element. + + + User-defined attributes may be used on this element as long as they @@ -400,7 +474,7 @@ limitations under the License. Specifies a description for the component - + Specifies the scope of the component. If scope is not specified, 'required' scope SHOULD be assumed by the consumer of the BOM. @@ -469,7 +543,7 @@ limitations under the License. - Provides the ability to document properties in a key/value store. + Provides the ability to document properties in a name/value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the @@ -508,6 +582,21 @@ limitations under the License. Specifies optional release notes. + + + A model card describes the intended uses of a machine learning model and potential + limitations, including biases and ethical considerations. Model cards typically contain the + training parameters, which datasets were used to train the model, performance metrics, and other + relevant data useful for ML transparency. This object SHOULD be specified for any component of + type `machine-learning-model` and MUST NOT be specified for other component types. + + + + + This object SHOULD be specified for any component of type `data` and MUST NOT be + specified for other component types. + + @@ -707,8 +796,8 @@ limitations under the License. of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. Formal registration is OPTIONAL. - - + + @@ -819,6 +908,12 @@ limitations under the License. virtualization technology. Refer to https://en.wikipedia.org/wiki/OS-level_virtualization + + + A runtime environment which interprets or executes software. This may include + runtimes such as those that execute bytecode or low-code/no-code application platforms. + + A software operating system without regard to deployment model @@ -831,7 +926,15 @@ limitations under the License. A hardware device such as a processor, or chip-set. A hardware device containing firmware SHOULD include a component for the physical hardware itself, and another component of type 'firmware' or 'operating-system' (whichever is relevant), describing - information about the software running on the device. + information about the software running on the device. + See also the list of known device properties: https://github.com/CycloneDX/cyclonedx-property-taxonomy/blob/main/cdx/device.md + + + + + + A special type of software that operates or controls a particular type of device. + Refer to https://en.wikipedia.org/wiki/Device_driver @@ -846,8 +949,20 @@ limitations under the License. for information about files. + + + A model based on training data that can make predictions or decisions without + being explicitly programmed to do so. + + + + + A collection of discrete values that convey information. + + + @@ -864,6 +979,7 @@ limitations under the License. + @@ -905,13 +1021,13 @@ limitations under the License. - A license which covers a defined number of installations on + A license that covers a defined number of installations on computers and other types of devices. - A license which grants permission to install and use software + A license that grants permission to install and use software for trial purposes. @@ -1111,6 +1227,11 @@ limitations under the License. Direct or repository download location + + + The location where a component was published to. This is often the same as "distribution" but may also include specialized publishing processes that act as an intermediary + + The URL to the license file. If a license URL has been defined in the license @@ -1137,6 +1258,113 @@ limitations under the License. Specifies a way to contact the maintainer, supplier, or provider in the event of a security incident. Common URIs include links to a disclosure procedure, a mailto (RFC-2368) that specifies an email address, a tel (RFC-3966) that specifies a phone number, or dns (RFC-4501]) that specifies the records containing DNS Security TXT. + + + A model card describes the intended uses of a machine learning model, potential + limitations, biases, ethical considerations, training parameters, datasets used to train the + model, performance metrics, and other relevant data useful for ML transparency. + + + + + A record of events that occurred in a computer system or application, such as problems, errors, or information on current operations. + + + + + Parameters or settings that may be used by other components or services. + + + + + Information used to substantiate a claim. + + + + + Describes how a component or service was manufactured or deployed. + + + + + Human or machine-readable statements containing facts, evidence, or testimony + + + + + An enumeration of identified weaknesses, threats, and countermeasures, dataflow diagram (DFD), attack tree, and other supporting documentation in human-readable or machine-readable format + + + + + The defined assumptions, goals, and capabilities of an adversary. + + + + + Identifies and analyzes the potential of future events that may negatively impact individuals, assets, and/or the environment. Risk assessments may also include judgments on the tolerability of each risk. + + + + + A Vulnerability Disclosure Report (VDR) which asserts the known and previously unknown vulnerabilities that affect a component, service, or product including the analysis and findings describing the impact (or lack of impact) that the reported vulnerability has on a component, service, or product. + + + + + A Vulnerability Exploitability eXchange (VEX) which asserts the known vulnerabilities that do not affect a product, product family, or organization, and optionally the ones that do. The VEX should include the analysis and findings describing the impact (or lack of impact) that the reported vulnerability has on the product, product family, or organization. + + + + + Results from an authorized simulated cyberattack on a component or service, otherwise known as a penetration test + + + + + SARIF or proprietary machine or human-readable report for which static analysis has identified code quality, security, and other potential issues with the source code + + + + + Dynamic analysis report that has identified issues such as vulnerabilities and misconfigurations + + + + + Report generated by analyzing the call stack of a running application + + + + + Report generated by Software Composition Analysis (SCA), container analysis, or other forms of component analysis + + + + + Report containing a formal assessment of an organization, business unit, or team against a maturity model + + + + + Industry, regulatory, or other certification from an accredited (if applicable) certification body + + + + + Report or system in which quality metrics can be obtained + + + + + Code or configuration that defines and provisions virtualized infrastructure, commonly referred to as Infrastructure as Code (IaC) + + + + + Plans of Action and Milestones (POAM) compliment an "attestation" external reference. POAM is defined by NIST as a "document that identifies tasks needing to be accomplished. It details resources required to accomplish the elements of the plan, any milestones in meeting the tasks and scheduled completion dates for the milestones". + + Use this if no other types accurately describe the purpose of the external reference @@ -1161,18 +1389,21 @@ limitations under the License. + - + The URI (URL or URN) to the external reference. External references are URIs and therefore can accept any URL scheme including https, mailto, tel, and dns. External references may also include formally registered URNs such as CycloneDX BOM-Link to reference CycloneDX BOMs or any object within a BOM. BOM-Link transforms applicable external references into relationships that can be expressed in a BOM or across BOMs. Refer to: - https://cyclonedx.org/capabilities/bomlink/ - + https://cyclonedx.org/capabilities/bomlink/ + + + @@ -1553,9 +1784,9 @@ limitations under the License. - + - References a component or service by the its bom-ref attribute + References a component or service by its bom-ref attribute @@ -1570,10 +1801,12 @@ limitations under the License. - Components that do not have their own dependencies MUST be declared as empty - elements within the graph. Components that are not represented in the dependency graph MAY - have unknown dependencies. It is RECOMMENDED that implementations assume this to be opaque - and not an indicator of a component being dependency-free. + Defines the direct dependencies of a component or service. Components or services + that do not have their own dependencies MUST be declared as empty elements within the graph. + Components or services that are not represented in the dependency graph MAY have unknown + dependencies. It is RECOMMENDED that implementations assume this to be opaque and not an + indicator of a object being dependency-free. It is RECOMMENDED to leverage compositions to + indicate unknown dependency graphs. @@ -1653,15 +1886,85 @@ limitations under the License. A value of false indicates that by using the service, a trust boundary is not crossed. + + + The name of the trust zone the service resides in. + + - - + + + + + DEPRECATED: Specifies the data classification. THIS FIELD IS DEPRECATED AS OF v1.5. Use dataflow\classification instead + + + + Specifies the data classification. + + + + + Specifies the data classification. + + + + + + The URI, URL, or BOM-Link of the components or services the data came in from. + + + + + + + + + + + + + + The URI, URL, or BOM-Link of the components or services the data is sent to. + + + + + + + + + + + + + + + + Name for the defined data. + + + + + + + Short description of the data content and usage. + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + - + @@ -1672,7 +1975,7 @@ limitations under the License. - Provides the ability to document properties in a key/value store. + Provides the ability to document properties in a name/value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the @@ -1763,11 +2066,25 @@ limitations under the License. - + A valid SPDX license expression. Refer to https://spdx.org/specifications for syntax requirements + + + + + + + An optional identifier which can be used to reference the license elsewhere in the BOM. + Uniqueness is enforced within all elements and children of the root-level bom element. + + + + + + @@ -1778,77 +2095,277 @@ limitations under the License. - - - - - - - - Allows any undeclared elements as long as the elements are placed in a different namespace. - - - - - - - User-defined attributes may be used on this element as long as they - do not have the same name as an existing attribute used by the schema. - - - + + + + + + + + + + + - - - - - - - Allows any undeclared elements as long as the elements are placed in a different namespace. - - - - - - - User-defined attributes may be used on this element as long as they - do not have the same name as an existing attribute used by the schema. - - - + + + + + + - - - - - Specifies an aggregate type that describe how complete a relationship is. - - - + + + + + + + + + + + + + + + + + + - - The bom-ref identifiers of the components or services being described. Assemblies refer to - nested relationships whereby a constituent part may include other constituent parts. References - do not cascade to child parts. References are explicit for the specified constituent part only. - + Evidence that substantiates the identity of a component. - - - + + + + The identity field of the component which the evidence describes. + + + + + The overall confidence of the evidence from 0 - 1, where 1 is 100% confidence. + + + + + The methods used to extract and/or analyze the evidence. + + + + + + + + + The technique used in this method of analysis. + + + + + The confidence of the evidence from 0 - 1, where 1 is 100% confidence. Confidence is specific to the technique used. Each technique of analysis can have independent confidence. + + + + + The value or contents of the evidence. + + + + + + + + + - Allows any undeclared elements as long as the elements are placed in a different namespace. + The object in the BOM identified by its bom-ref. This is often a component or service, + but may be any object type supporting bom-refs. Tools used for analysis should already + be defined in the BOM, either in the metadata/tools, components, or formulation. - + + + + + + - + - - The bom-ref identifiers of the components or services being described. Dependencies refer to a + Evidence of individual instances of a component spread across multiple locations. + + + + + + + + + The location or path to where the component was found. + + + + + + + An optional identifier which can be used to reference the occurrence elsewhere + in the BOM. Every bom-ref MUST be unique within the BOM. + + + + + + + + + + + Evidence of the components use through the callstack. + + + + + + + + + + + + A package organizes modules into namespaces, providing a unique namespace for each type it contains. + + + + + A module or class that encloses functions/methods and other code. + + + + + A block of code designed to perform a particular task. + + + + + Optional arguments that are passed to the module or function. + + + + + + + + + + The line number the code that is called resides on. + + + + + The column the code that is called resides. + + + + + The full path and filename of the module. + + + + + + + + + + + + The object in the BOM identified by its bom-ref. This is often a component or service, + but may be any object type supporting bom-refs. Tools used for analysis should already + be defined in the BOM, either in the metadata/tools, components, or formulation. + + + + + + + + + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + Specifies an aggregate type that describe how complete a relationship is. + + + + + + The bom-ref identifiers of the components or services being described. Assemblies refer to + nested relationships whereby a constituent part may include other constituent parts. References + do not cascade to child parts. References are explicit for the specified constituent part only. + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + + + The bom-ref identifiers of the components or services being described. Dependencies refer to a relationship whereby an independent constituent part requires another independent constituent part. References do not cascade to transitive dependencies. References are explicit for the specified dependency only. @@ -1867,14 +2384,41 @@ limitations under the License. + + + + The bom-ref identifiers of the vulnerabilities being described. + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + + + An optional identifier which can be used to reference the composition elsewhere in the BOM. + Uniqueness is enforced within all elements and children of the root-level bom element. + + + - The relationship is complete. No further relationships including constituent components, services, or dependencies exist. + The relationship is complete. No further relationships including constituent components, services, or dependencies are known to exist. @@ -1887,11 +2431,31 @@ limitations under the License. The relationship is incomplete. Only relationships for first-party components, services, or their dependencies are represented. + + + The relationship is incomplete. Only relationships for third-party components, services, or their dependencies are represented, limited specifically to those that are proprietary. + + + + + The relationship is incomplete. Only relationships for third-party components, services, or their dependencies are represented, limited specifically to those that are opensource. + + The relationship is incomplete. Only relationships for third-party components, services, or their dependencies are represented. + + + The relationship is incomplete. Only relationships for third-party components, services, or their dependencies are represented, limited specifically to those that are proprietary. + + + + + The relationship is incomplete. Only relationships for third-party components, services, or their dependencies are represented, limited specifically to those that are opensource. + + The relationship may be complete or incomplete. This usually signifies a 'best-effort' to obtain constituent components, services, or dependencies but the completeness is inconclusive. @@ -1931,9 +2495,9 @@ limitations under the License. * minor = A minor release, also known as an update, may contain a smaller number of changes than major releases. * patch = Patch releases are typically unplanned and may resolve defects or important security issues. * pre-release = A pre-release may include alpha, beta, or release candidates and typically have - limited support. They provide the ability to preview a release prior to its general availability. + limited support. They provide the ability to preview a release prior to its general availability. * internal = Internal releases are not for public consumption and are intended to be used exclusively - by the project or manufacturer that produced it. + by the project or manufacturer that produced it. @@ -1968,7 +2532,7 @@ limitations under the License. One or more alternate names the release may be referred to. This may - include unofficial terms used by development and marketing teams (e.g. code names). + include unofficial terms used by development and marketing teams (e.g. code names). @@ -2001,7 +2565,7 @@ limitations under the License. Zero or more release notes containing the locale and content. Multiple - note elements may be specified to support release notes in a wide variety of languages. + note elements may be specified to support release notes in a wide variety of languages. @@ -2024,7 +2588,7 @@ limitations under the License. - Provides the ability to document properties in a key/value store. + Provides the ability to document properties in a name/value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the @@ -2048,341 +2612,247 @@ limitations under the License. - - - - References a component or service by the its bom-ref attribute - - - - - User-defined attributes may be used on this element as long as they - do not have the same name as an existing attribute used by the schema. - - - - - - - - - - - Allows any undeclared elements as long as the elements are placed in a different namespace. - - - - - - - User-defined attributes may be used on this element as long as they - do not have the same name as an existing attribute used by the schema. - - - - - + + - Specifies an individual property with a name and value. + + A model card describes the intended uses of a machine learning model and potential limitations, including + biases and ethical considerations. Model cards typically contain the training parameters, which datasets + were used to train the model, performance metrics, and other relevant data useful for ML transparency. + This object SHOULD be specified for any component of type `machine-learning-model` and MUST NOT be specified + for other component types. + - - - - - The name of the property. Duplicate names are allowed, each potentially having a different value. - - - - - - - - - - - Defines a weakness in an component or service that could be exploited or triggered by a threat source. - - - + + - Allows any undeclared elements as long as the elements are placed in a different namespace. + Hyper-parameters for construction of the model. - - - - - User-defined attributes may be used on this element as long as they - do not have the same name as an existing attribute used by the schema. - - - - - - - - - The identifier that uniquely identifies the vulnerability. For example: - CVE-2021-39182, GHSA-35m5-8cvj-8783, and SNYK-PYTHON-ENROCRYPT-1912876. - - - - - The source that published the vulnerability. - - - - - Zero or more pointers to vulnerabilities that are the equivalent of the - vulnerability specified. Often times, the same vulnerability may exist in multiple sources of - vulnerability intelligence, but have different identifiers. References provide a way to - correlate vulnerabilities across multiple sources of vulnerability intelligence. - - - + + - A pointer to a vulnerability that is the equivalent of the - vulnerability specified. + + The overall approach to learning used by the model for problem solving. + - - - - The identifier that uniquely identifies the vulnerability. For example: - CVE-2021-39182, GHSA-35m5-8cvj-8783, and SNYK-PYTHON-ENROCRYPT-1912876. - - - + + - The source that published the vulnerability. + + Learning types describing the learning problem or hybrid learning problem. + - + - Allows any undeclared elements as long as the elements are placed in a different namespace. + Directly influences the input and/or output. Examples include classification, + regression, clustering, etc. - - - - - - - List of vulnerability ratings. - - - - - - - - - - - - List of Common Weaknesses Enumerations (CWEs) codes that describes this vulnerability. - For example 399 (of https://cwe.mitre.org/data/definitions/399.html) - - - - - - - - - - A description of the vulnerability as provided by the source. - - - - - If available, an in-depth description of the vulnerability as provided by the - source organization. Details often include examples, proof-of-concepts, and other information - useful in understanding root cause. - - - - - Recommendations of how the vulnerability can be remediated or mitigated. - - - - - - - Published advisories of the vulnerability if provided. - - - - - - - - - - The date and time (timestamp) when the vulnerability record was created in the vulnerability database. - - - - - The date and time (timestamp) when the vulnerability record was first published. - - - - - The date and time (timestamp) when the vulnerability record was last updated. - - - - - The date and time (timestamp) when the vulnerability record was rejected (if applicable). - - - - - Individuals or organizations credited with the discovery of the vulnerability. - - - - - - The organizations credited with vulnerability discovery. - - - - - - - - - - The individuals, not associated with organizations, that are credited with vulnerability discovery. - - - - - - - - - - - - The tool(s) used to identify, confirm, or score the vulnerability. - - - - - - - - - - - - An assessment of the impact and exploitability of the vulnerability. - - - - + - - Declares the current state of an occurrence of a vulnerability, after automated or manual analysis. + + The model architecture family such as transformer network, convolutional neural + network, residual neural network, LSTM neural network, etc. - + - - The rationale of why the impact analysis state was asserted. + + The specific architecture of the model such as GPT-1, ResNet-50, YOLOv3, etc. - + - A response to the vulnerability by the manufacturer, supplier, or - project responsible for the affected component or service. More than one response - is allowed. Responses are strongly encouraged for vulnerabilities where the analysis - state is exploitable. + + The datasets used to train and evaluate the model. + - - - + + + + References a data component by the components bom-ref attribute + + + + + + + - - - - Detailed description of the impact including methods used during assessment. - If a vulnerability is not exploitable, this field should include specific details - on why the component or service is not impacted by this vulnerability. - - - - + - - The date and time (timestamp) when the analysis was first issued. + + The input format(s) of the model + + + + + + + + + The data format for input to the model. Example formats include string, image, time-series + + + + + + + + - + - - The date and time (timestamp) when the analysis was last updated. + + The output format(s) from the model + + + + + + + + + The data format for output from the model. Example formats include string, image, time-series + + + + + + + + - + - The components or services that are affected by the vulnerability. + + A quantitative analysis of the model + - - + + - - + + + + + + + + The type of performance metric. + + + + + + + The value of the performance metric. + + + + + + + The name of the slice this metric was computed on. By default, assume + this metric is not sliced. + + + + + + + The confidence interval of the metric. + + + + + + + + The lower bound of the confidence interval. + + + + + + + The upper bound of the confidence interval. + + + + + + + + + + + + + + + + A collection of graphics that represent various measurements + + + + + - References a component or service by the objects bom-ref. + + A description of this collection of graphics. + - + - Zero or more individual versions or range of versions. + + A collection of graphics. + - - + + - - - - - A single version of a component or service. - - - - - A version range specified in Package URL Version Range syntax (vers) which is defined at https://github.com/package-url/purl-spec/VERSION-RANGE-SPEC.rst - - - - + + - The vulnerability status for the version or range of versions. + The name of the graphic. + + + + + + + The graphic (vector or raster). Base64 encoding MUST be specified for binary images. @@ -2398,9 +2868,1834 @@ limitations under the License. + + + + What considerations should be taken into account regarding the model's construction, training, + and application? + + + + + + + + Who are the intended users of the model? + + + + + + + + + + + + What are the intended use cases of the model? + + + + + + + + + + + + What are the known technical limitations of the model? E.g. What kind(s) of data + should the model be expected not to perform well on? What are the factors that might + degrade model performance? + + + + + + + + + + + + What are the known tradeoffs in accuracy/performance of the model? + + + + + + + + + + + + What are the ethical (or environmental) risks involved in the application of this model? + + + + + + + + + + + The name of the risk + + + + + + + Strategy used to address this risk + + + + + + + + + + + + + How does the model affect groups at risk of being systematically disadvantaged? + What are the harms and benefits to the various affected groups? + + + + + + + + + + + The groups or individuals at risk of being systematically disadvantaged by the model. + + + + + + + Expected benefits to the identified groups. + + + + + + + Expected harms to the identified groups. + + + + + + + With respect to the benefits and harms outlined, please + describe any mitigation strategy implemented. + + + + + + + + + + + + + + + + + An optional identifier which can be used to reference the model card elsewhere in the BOM. + Every bom-ref MUST be unique within the BOM. + + + + + + + + + + TODO + + + + + TODO + + + + + TODO + + + + + TODO + + + + + TODO + + + + + + + + + + + The general theme or subject matter of the data being specified. + + + + + + + The name of the dataset. + + + + + + + The contents or references to the contents of the data being described. + + + + + + + An optional way to include textual or encoded data. + + + + + The URL to where the data can be retrieved. + + + + + Provides the ability to document name-value parameters used for configuration. + + + + + + + + + Data classification tags data according to its type, sensitivity, and value if altered, stolen, or destroyed. + + + + + + + A description of any sensitive data in a dataset. + + + + + + + A collection of graphics that represent various measurements. + + + + + + + A description of the dataset. Can describe size of dataset, whether it's used for source code, + training, testing, or validation, etc. + + + + + + + + + An optional identifier which can be used to reference the dataset elsewhere in the BOM. + Every bom-ref MUST be unique within the BOM. + + + + + + + + + + + Data custodians are responsible for the safe custody, transport, and storage of data. + + + + + + + + + + + + Data stewards are responsible for data content, context, and associated business rules. + + + + + + + + + + + + Data owners are concerned with risk and appropriate access to data. + + + + + + + + + + + + + + + + + + + + + + A collection of graphics that represent various measurements. + + + + + + + A description of this collection of graphics. + + + + + + + A collection of graphics. + + + + + + + + + + + The name of the graphic. + + + + + + + The graphic (vector or raster). Base64 encoding MUST be specified for binary images. + + + + + + + + + + + + + + + + + Any type of code, code snippet, or data-as-code. + + + + + Parameters or settings that may be used by other components. + + + + + A collection of data. + + + + + Data that can be used to create new instances of what the definition defines. + + + + + Any other type of data that does not fit into existing definitions. + + + + + + + + + References a component or service by its bom-ref attribute + + + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + Specifies an individual property with a name and value. + + + + + + The name of the property. Duplicate names are allowed, each potentially having a different value. + + + + + + + + + + + Defines a weakness in a component or service that could be exploited or triggered by a threat source. + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + The identifier that uniquely identifies the vulnerability. For example: + CVE-2021-39182, GHSA-35m5-8cvj-8783, and SNYK-PYTHON-ENROCRYPT-1912876. + + + + + The source that published the vulnerability. + + + + + Zero or more pointers to vulnerabilities that are the equivalent of the + vulnerability specified. Often times, the same vulnerability may exist in multiple sources of + vulnerability intelligence, but have different identifiers. References provide a way to + correlate vulnerabilities across multiple sources of vulnerability intelligence. + + + + + + A pointer to a vulnerability that is the equivalent of the + vulnerability specified. + + + + + + The identifier that uniquely identifies the vulnerability. For example: + CVE-2021-39182, GHSA-35m5-8cvj-8783, and SNYK-PYTHON-ENROCRYPT-1912876. + + + + + The source that published the vulnerability. + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + + List of vulnerability ratings. + + + + + + + + + + + + List of Common Weaknesses Enumerations (CWEs) codes that describes this vulnerability. + For example 399 (of https://cwe.mitre.org/data/definitions/399.html) + + + + + + + + + + A description of the vulnerability as provided by the source. + + + + + If available, an in-depth description of the vulnerability as provided by the + source organization. Details often include information useful in understanding root cause. + + + + + Recommendations of how the vulnerability can be remediated or mitigated. + + + + + A bypass, usually temporary, of the vulnerability that reduces its likelihood and/or impact. Workarounds often involve changes to configuration or deployments. + + + + + + + Evidence used to reproduce the vulnerability. + + + + + + Precise steps to reproduce the vulnerability. + + + + + A description of the environment in which reproduction was possible. + + + + + Supporting material that helps in reproducing or understanding how reproduction is possible. This may include screenshots, payloads, and PoC exploit code. + + + + + + + + + + + + + + + Published advisories of the vulnerability if provided. + + + + + + + + + + The date and time (timestamp) when the vulnerability record was created in the vulnerability database. + + + + + The date and time (timestamp) when the vulnerability record was first published. + + + + + The date and time (timestamp) when the vulnerability record was last updated. + + + + + The date and time (timestamp) when the vulnerability record was rejected (if applicable). + + + + + Individuals or organizations credited with the discovery of the vulnerability. + + + + + + The organizations credited with vulnerability discovery. + + + + + + + + + + The individuals, not associated with organizations, that are credited with vulnerability discovery. + + + + + + + + + + + + + The tool(s) used to identify, confirm, or score the vulnerability. + + + + + + + DEPRECATED. Use tools\components or tools\services instead. + + + + + + + A list of software and hardware components used as tools. + + + + + A list of services used as tools. + + + + + + + + + + + An assessment of the impact and exploitability of the vulnerability. + + + + + + + Declares the current state of an occurrence of a vulnerability, after automated or manual analysis. + + + + + + + The rationale of why the impact analysis state was asserted. + + + + + + A response to the vulnerability by the manufacturer, supplier, or + project responsible for the affected component or service. More than one response + is allowed. Responses are strongly encouraged for vulnerabilities where the analysis + state is exploitable. + + + + + + + + + + + Detailed description of the impact including methods used during assessment. + If a vulnerability is not exploitable, this field should include specific details + on why the component or service is not impacted by this vulnerability. + + + + + + + The date and time (timestamp) when the analysis was first issued. + + + + + + + The date and time (timestamp) when the analysis was last updated. + + + + + + + + + The components or services that are affected by the vulnerability. + + + + + + + + + References a component or service by the objects bom-ref. + + + + + + + + Zero or more individual versions or range of versions. + + + + + + + + + + A single version of a component or service. + + + + + A version range specified in Package URL Version Range syntax (vers) which is defined at https://github.com/package-url/purl-spec/VERSION-RANGE-SPEC.rst + + + + + + + The vulnerability status for the version or range of versions. + + + + + + + + + + + + + + + + + + Provides the ability to document properties in a name/value store. + This provides flexibility to include data not officially supported in the standard + without having to use additional namespaces or create extensions. Property names + of interest to the general public are encouraged to be registered in the + CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. + Formal registration is OPTIONAL. + + + + + + + An optional identifier which can be used to reference the vulnerability elsewhere in the BOM. + Uniqueness is enforced within all elements and children of the root-level bom element. + + + + + + + + + + The name of the source. + For example: NVD, National Vulnerability Database, OSS Index, VulnDB, and GitHub Advisories + + + + + + The url of the vulnerability documentation as provided by the source. + For example: https://nvd.nist.gov/vuln/detail/CVE-2021-39182 + + + + + + + + + + The source that calculated the severity or risk rating of the vulnerability. + + + + + The numerical score of the rating. + + + + + Textual representation of the severity that corresponds to the numerical score of the rating. + + + + + The risk scoring methodology/standard used. + + + + + Textual representation of the metric values used to score the vulnerability. + + + + + An optional reason for rating the vulnerability as it was. + + + + + + + + + + An optional name of the advisory. + + + + + Location where the advisory can be obtained. + + + + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + The organization that created the annotation + + + + + The person that created the annotation + + + + + The tool or component that created the annotation + + + + + The service that created the annotation + + + + + + + + + + + The objects in the BOM identified by their bom-ref's. This is often components or services, but may be any object type supporting bom-refs. + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + + The organization, individual, component, or service which created the textual content + of the annotation. + + + + + The date and time (timestamp) when the annotation was created. + + + + + The textual content of the annotation. + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + An optional identifier which can be used to reference the annotation elsewhere in the BOM. + Uniqueness is enforced within all elements and children of the root-level bom element. + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + Textual representation of the severity of the vulnerability adopted by the analysis method. If the + analysis method uses values other than what is provided, the user is expected to translate appropriately. + + + + + + + + + + + + + + + + + Declares the current state of an occurrence of a vulnerability, after automated or manual analysis. + + + + + + + The vulnerability has been remediated. + + + + + + + The vulnerability has been remediated and evidence of the changes are provided in the affected + components pedigree containing verifiable commit history and/or diff(s). + + + + + + + The vulnerability may be directly or indirectly exploitable. + + + + + + + The vulnerability is being investigated. + + + + + + + The vulnerability is not specific to the component or service and was falsely identified or associated. + + + + + + + The component or service is not affected by the vulnerability. Justification should be specified + for all not_affected cases. + + + + + + + + + + The rationale of why the impact analysis state was asserted. + + + + + + + The code has been removed or tree-shaked. + + + + + + + The vulnerable code is not invoked at runtime. + + + + + + + Exploitability requires a configurable option to be set/unset. + + + + + + + Exploitability requires a dependency that is not present. + + + + + + + Exploitability requires a certain environment which is not present. + + + + + + + Exploitability requires a compiler flag to be set/unset. + + + + + + + Exploits are prevented at runtime. + + + + + + + Attacks are blocked at physical, logical, or network perimeter. + + + + + + + Preventative measures have been implemented that reduce the likelihood and/or impact of the vulnerability. + + + + + + + + + + Specifies the severity or risk scoring methodology or standard used. + + + + + + + The rating is based on CVSS v2 standard + https://www.first.org/cvss/v2/ + + + + + + + The rating is based on CVSS v3.0 standard + https://www.first.org/cvss/v3-0/ + + + + + + + The rating is based on CVSS v3.1 standard + https://www.first.org/cvss/v3-1/ + + + + + + + The rating is based on CVSS v4.0 standard + https://www.first.org/cvss/v4-0/ + + + + + + + The rating is based on OWASP Risk Rating + https://owasp.org/www-community/OWASP_Risk_Rating_Methodology + + + + + + + The rating is based on Stakeholder Specific Vulnerability Categorization (all versions) + https://github.com/CERTCC/SSVC + + + + + + + Use this if the risk scoring methodology is not based on any of the options above + + + + + + + + + + The rationale of why the impact analysis state was asserted. + + + + + + + + + + + + + + + The vulnerability status of a given version or range of versions of a product. The statuses + 'affected' and 'unaffected' indicate that the version is affected or unaffected by the vulnerability. + The status 'unknown' indicates that it is unknown or unspecified whether the given version is affected. + There can be many reasons for an 'unknown' status, including that an investigation has not been + undertaken or that a vendor has not disclosed the status. + + + + + + + + + + + + + Describes how a component or service was manufactured or deployed. This is achieved through the use + of formulas, workflows, tasks, and steps, which declare the precise steps to reproduce along with the + observed formulas describing the steps which transpired in the manufacturing process. + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + Describes workflows and resources that captures rules and other aspects of how the associated + BOM component or service was formed. + + + + + + Transient components that are used in tasks that constitute one or more of + this formula's workflows + + + + + Transient services that are used in tasks that constitute one or more of + this formula's workflows + + + + + List of workflows that can be declared to accomplish specific orchestrated goals + and independently triggered. + + + + + Provides the ability to document properties in a name/value store. + This provides flexibility to include data not officially supported in the standard + without having to use additional namespaces or create extensions. Property names + of interest to the general public are encouraged to be registered in the + CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. + Formal registration is OPTIONAL. + + + + + + + An optional identifier which can be used to reference the formula elsewhere in the BOM. + Uniqueness is enforced within all elements and children of the root-level bom element. + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + + The unique identifier for the resource instance within its deployment context. + + + + + + + The name of the resource instance. + + + + + + + The description of the resource instance. + + + + + + References to component or service resources that are used to realize + the resource instance. + + + + + The tasks that comprise the workflow. + + + + + The graph of dependencies between tasks within the workflow. + + + + + Indicates the types of activities performed by the set of workflow tasks. + + + + + + + + + + The trigger that initiated the task. + + + + + + The sequence of steps for the task. + + + + + + + + + + + Represents resources and data brought into a task at runtime by executor + or task commands + + + + + + + + + + Represents resources and data output from a task at runtime by executor + or task commands + + + + + + + + + + + The date and time (timestamp) when the task started. + + + + + + + The date and time (timestamp) when the task ended. + + + + + + A set of named filesystem or data resource shareable by workflow tasks. + + + + + A graph of the component runtime topology for workflow's instance. + A description of the runtime component and service topology. This can describe a partial or + complete topology used to host and execute the task (e.g., hardware, operating systems, + configurations, etc.) + + + + + Provides the ability to document properties in a name/value store. + This provides flexibility to include data not officially supported in the standard + without having to use additional namespaces or create extensions. Property names + of interest to the general public are encouraged to be registered in the + CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. + Formal registration is OPTIONAL. + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + An optional identifier which can be used to reference the workflow elsewhere in the BOM. + Uniqueness is enforced within all elements and children of the root-level bom element. + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + + + References an object by its bom-ref attribute + + + + + + + + + + Reference to an externally accessible resource. + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + + The unique identifier for the resource instance within its deployment context. + + + + + + + The name of the resource instance. + + + + + + + The description of the resource instance. + + + + + + + References to component or service resources that are used to realize the resource instance. + + + + + + + Indicates the types of activities performed by the set of workflow tasks. + + + + + + + + + + + + The trigger that initiated the task. + + + + + + + The sequence of steps for the task. + + + + + + + + + + + + Represents resources and data brought into a task at runtime by executor or task commands. + + + + + + + + + + + + Represents resources and data output from a task at runtime by executor or task commands + + + + + + + + + + + + The date and time (timestamp) when the task started. + + + + + + + The date and time (timestamp) when the task ended. + + + + + + + A set of named filesystem or data resource shareable by workflow tasks. + + + + + + + A graph of the component runtime topology for task's instance. + + + + + + Provides the ability to document properties in a name/value store. + This provides flexibility to include data not officially supported in the standard + without having to use additional namespaces or create extensions. Property names + of interest to the general public are encouraged to be registered in the + CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. + Formal registration is OPTIONAL. + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + An optional identifier which can be used to reference the task elsewhere in the BOM. + Uniqueness is enforced within all elements and children of the root-level bom element. + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + + + + + + + + + + + + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + A named filesystem or data resource shareable by workflow tasks. + + + + + + + The unique identifier for the resource instance within its deployment context. + + + + + + + The name of the resource instance. + + + + + + + The names for the workspace as referenced by other workflow tasks. Effectively, a name mapping + so other tasks can use their own local name in their steps. + + + + + + + + + + + + The description of the resource instance. + + + + + + + References to component or service resources that are used to realize the resource instance. + + + + + + + Describes the read-write access control for the workspace relative to the owning resource instance. + + + + + + + A path to a location on disk where the workspace will be available to the associated task's steps. + + + + + + + The name of a domain-specific data type the workspace represents. This property is for CI/CD + frameworks that are able to provide access to structured, managed data at a more granular level + than a filesystem. + + + + + + + Identifies the reference to the request for a specific volume type and parameters. + + + + + + + Information about the actual volume instance allocated to the workspace. + + + - Provides the ability to document properties in a key/value store. + Provides the ability to document properties in a name/value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the @@ -2408,88 +4703,182 @@ limitations under the License. Formal registration is OPTIONAL. + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + - + - An optional identifier which can be used to reference the vulnerability elsewhere in the BOM. + An optional identifier which can be used to reference the workflow elsewhere in the BOM. Uniqueness is enforced within all elements and children of the root-level bom element. + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + - - - + + + + + + + + + + + + + + An identifiable, logical unit of data storage tied to a physical device. + + + + - The name of the source. - For example: NVD, National Vulnerability Database, OSS Index, VulnDB, and GitHub Advisories + + The unique identifier for the volume instance within its deployment context. - + - The url of the vulnerability documentation as provided by the source. - For example: https://nvd.nist.gov/vuln/detail/CVE-2021-39182 + + The name of the volume instance + - - - - - - + - The source that calculated the severity or risk rating of the vulnerability. + + The mode for the volume instance. + - + - The numerical score of the rating. + + The underlying path created from the actual volume. + - + - Textual representation of the severity that corresponds to the numerical score of the rating. + + The allocated size of the volume accessible to the associated workspace. This should include + the scalar size as well as IEC standard unit in either decimal or binary form. + - + - The risk scoring methodology/standard used. + + Indicates if the volume persists beyond the life of the resource it is associated with. + - + - Textual representation of the metric values used to score the vulnerability. + + Indicates if the volume is remotely (i.e., network) attached. + - + - An optional reason for rating the vulnerability as it was. + Provides the ability to document properties in a name/value store. + This provides flexibility to include data not officially supported in the standard + without having to use additional namespaces or create extensions. Property names + of interest to the general public are encouraged to be registered in the + CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. + Formal registration is OPTIONAL. - + + + + + + + + + + + Executes specific commands or tools in order to accomplish its owning task as part of a sequence. + + - + - An optional name of the advisory. + + A name for the step. + - + - Location where the advisory can be obtained. + + A description of the step. + + + + + + + Ordered list of commands or directives for the step + + + + + + + + + + + A text representation of the executed command. + + + + + + Provides the ability to document properties in a name/value store. + This provides flexibility to include data not officially supported in the standard + without having to use additional namespaces or create extensions. Property names + of interest to the general public are encouraged to be registered in the + CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. + Formal registration is OPTIONAL. + + + + + + + + + + + Provides the ability to document properties in a name/value store. + This provides flexibility to include data not officially supported in the standard + without having to use additional namespaces or create extensions. Property names + of interest to the general public are encouraged to be registered in the + CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. + Formal registration is OPTIONAL. - - - - - - @@ -2506,66 +4895,130 @@ limitations under the License. - - - + + + - The organization that created the annotation + + The unique identifier for the resource instance within its deployment context. + - + - The person that created the annotation + + The name of the resource instance. + - + - The tool or component that created the annotation + + The description of the resource instance. + - + - The service that created the annotation + + References to component or service resources that are used to realize the resource instance. + - - - - - - + - The objects in the BOM identified by their bom-ref's. This is often components or services, but may be any object type supporting bom-refs. + The source type of event which caused the trigger to fire. + + + + + + + The event data that caused the associated trigger to activate. + + - - - + + - Allows any undeclared elements as long as the elements are placed in a different namespace. + A condition that was used to determine a trigger should be activated. - + + + + + + Describes the set of conditions which cause the trigger to activate. + + + + + + + The logical expression that was evaluated that determined the trigger should be fired. + + + + + + Provides the ability to document properties in a name/value store. + This provides flexibility to include data not officially supported in the standard + without having to use additional namespaces or create extensions. Property names + of interest to the general public are encouraged to be registered in the + CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. + Formal registration is OPTIONAL. + + + + + - + - The organization, individual, component, or service which created the textual content - of the annotation. + + The date and time (timestamp) when the trigger was activated. + - + - The date and time (timestamp) when the annotation was created. + + Represents resources and data brought into a task at runtime by executor or task commands + + + + + + + + + + + + Represents resources and data output from a task at runtime by executor or task commands + + + + + + - + - The person(s) or organization(s) that published the component + Provides the ability to document properties in a name/value store. + This provides flexibility to include data not officially supported in the standard + without having to use additional namespaces or create extensions. Property names + of interest to the general public are encouraged to be registered in the + CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. + Formal registration is OPTIONAL. @@ -2576,10 +5029,10 @@ limitations under the License. - + - An optional identifier which can be used to reference the annotation elsewhere in the BOM. + An optional identifier which can be used to reference the trigger elsewhere in the BOM. Uniqueness is enforced within all elements and children of the root-level bom element. @@ -2592,232 +5045,320 @@ limitations under the License. - - - - Textual representation of the severity of the vulnerability adopted by the analysis method. If the - analysis method uses values other than what is provided, the user is expected to translate appropriately. - - + - - - - - - - + + + + - - - - Declares the current state of an occurrence of a vulnerability, after automated or manual analysis. - - - - + + + - The vulnerability has been remediated. + The unique identifier of the event. - - + + - The vulnerability has been remediated and evidence of the changes are provided in the affected - components pedigree containing verifiable commit history and/or diff(s). + A description of the event. - - + + - The vulnerability may be directly or indirectly exploitable. + The date and time (timestamp) when the event was received. - - + + + + + Encoding of the raw event data. + + + + - The vulnerability is being investigated. + References the component or service that was the source of the event - - + + - The vulnerability is not specific to the component or service and was falsely identified or associated. + References the component or service that was the target of the event - - + + + + Provides the ability to document properties in a name/value store. + This provides flexibility to include data not officially supported in the standard + without having to use additional namespaces or create extensions. Property names + of interest to the general public are encouraged to be registered in the + CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. + Formal registration is OPTIONAL. + + + - The component or service is not affected by the vulnerability. Justification should be specified - for all not_affected cases. + Allows any undeclared elements as long as the elements are placed in a different namespace. - - - + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + - + - - The rationale of why the impact analysis state was asserted. + + Type that represents various input data types and formats. - - + + + + + + A reference to an independent resource provided as an input to a task by the workflow runtime. + + + + + + + Inputs that have the form of parameters with names and values. + + + + + + + Inputs that have the form of parameters with names and values. + + + + + + + + + + + + + + + + Inputs that have the form of data. + + + + + - The code has been removed or tree-shaked. + A references to the component or service that provided the input to the task + (e.g., reference to a service with data flow value of inbound) - - + + - The vulnerable code is not invoked at runtime. + A reference to the component or service that received or stored the input if not the task + itself (e.g., a local, named storage workspace) - - + + - - Exploitability requires a configurable option to be set/unset. - + Provides the ability to document properties in a name/value store. + This provides flexibility to include data not officially supported in the standard + without having to use additional namespaces or create extensions. Property names + of interest to the general public are encouraged to be registered in the + CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. + Formal registration is OPTIONAL. - - + + - Exploitability requires a dependency that is not present. + Allows any undeclared elements as long as the elements are placed in a different namespace. - - + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + Represents resources and data output from a task at runtime by executor or task commands + + + + + + + + A reference to an independent resource generated as output by the task. + + + + + + + Outputs that have the form of environment variables. + + + + + + + + + + + + + + + + Outputs that have the form of data. + + + + + - Exploitability requires a certain environment which is not present. + Describes the type of data output. - - + + - Exploitability requires a compiler flag to be set/unset. + Component or service that generated or provided the output from the task (e.g., a build tool) - - + + - Exploits are prevented at runtime. + Component or service that received the output from the task + (e.g., reference to an artifactory service with data flow value of outbound) - - + + - - Attacks are blocked at physical, logical, or network perimeter. - + Provides the ability to document properties in a name/value store. + This provides flexibility to include data not officially supported in the standard + without having to use additional namespaces or create extensions. Property names + of interest to the general public are encouraged to be registered in the + CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. + Formal registration is OPTIONAL. - - + + - Preventative measures have been implemented that reduce the likelihood and/or impact of the vulnerability. + Allows any undeclared elements as long as the elements are placed in a different namespace. - + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + + + + - + + + + + + + - - Specifies the severity or risk scoring methodology or standard used. + + A representation of a functional parameter. - - - - - The rating is based on CVSS v2 standard - https://www.first.org/cvss/v2/ - - - - + + - - The rating is based on CVSS v3.0 standard - https://www.first.org/cvss/v3-0/ + + The name of the parameter. - - + + - - The rating is based on CVSS v3.1 standard - https://www.first.org/cvss/v3-1/ + + The value of the parameter. - - + + - - The rating is based on OWASP Risk Rating - https://owasp.org/www-community/OWASP_Risk_Rating_Methodology + + The data type of the parameter. - - + + - - Use this if the risk scoring methodology is not based on any of the options above + + Allows any undeclared elements as long as the elements are placed in a different namespace. - - - - - - - - The rationale of why the impact analysis state was asserted. - - - - - - - - - - - - - - - The vulnerability status of a given version or range of versions of a product. The statuses - 'affected' and 'unaffected' indicate that the version is affected or unaffected by the vulnerability. - The status 'unknown' indicates that it is unknown or unspecified whether the given version is affected. - There can be many reasons for an 'unknown' status, including that an investigation has not been - undertaken or that a vendor has not disclosed the status. - - - - - - - - - + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + @@ -2850,12 +5391,12 @@ limitations under the License. - Compositions describe constituent parts (including components, services, and dependency relationships) and their completeness. + Compositions describe constituent parts (including components, services, and dependency relationships) and their completeness. The completeness of vulnerabilities expressed in a BOM may also be described. - Provides the ability to document properties in a key/value store. + Provides the ability to document properties in a name/value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the @@ -2874,8 +5415,15 @@ limitations under the License. a bom-ref, such as components, services, vulnerabilities, or the BOM itself. Unlike inventory information, annotations may contain opinion or commentary from various stakeholders. Annotations may be inline (with inventory) or externalized via BOM-Link, - and may optionally be signed. - + and may optionally be signed. + + + + + Describes how a component or service was manufactured or deployed. This is + achieved through the use of formulas, workflows, tasks, and steps, which declare the precise + steps to reproduce along with the observed formulas describing the steps which transpired + in the manufacturing process. @@ -2886,7 +5434,7 @@ limitations under the License. - + Whenever an existing BOM is modified, either manually or through automated processes, the version of the BOM SHOULD be incremented by 1. When a system is presented with @@ -2913,4 +5461,4 @@ limitations under the License. - \ No newline at end of file + diff --git a/src/main/resources/spdx.schema.json b/src/main/resources/spdx.schema.json index b9fd44fc5..f04d013c7 100644 --- a/src/main/resources/spdx.schema.json +++ b/src/main/resources/spdx.schema.json @@ -1,538 +1,621 @@ { "$schema": "http://json-schema.org/draft-07/schema#", "$id": "http://cyclonedx.org/schema/spdx.schema.json", - "$comment": "v1.0-3.17", + "$comment": "v1.0-3.21", "type": "string", "enum": [ - "CC-BY-NC-ND-2.0", - "SGI-B-2.0", - "LPPL-1.3c", - "NIST-PD-fallback", - "libtiff", - "XSkat", - "PDDL-1.0", - "KiCad-libraries-exception", - "CC-BY-NC-SA-1.0", - "GFDL-1.1-no-invariants-only", - "Xerox", - "LPPL-1.1", - "VOSTROM", - "UCL-1.0", - "ADSL", - "OSL-2.0", + "0BSD", "AAL", - "FDK-AAC", - "W3C-20150513", + "Abstyles", + "AdaCore-doc", + "Adobe-2006", + "Adobe-Glyph", + "ADSL", "AFL-1.1", - "W3C", - "Sleepycat", - "CECILL-1.1", - "mpich2", - "SISSL", - "NLOD-1.0", - "ANTLR-PD", - "GPL-3.0-only", - "gnuplot", - "NLOD-2.0", - "BSD-3-Clause-Open-MPI", - "LiLiQ-P-1.1", - "BSD-3-Clause-Clear", - "FSFUL", - "CC-BY-NC-SA-2.0-UK", - "CERN-OHL-S-2.0", - "Spencer-94", - "CERN-OHL-1.2", - "GFDL-1.1-or-later", + "AFL-1.2", + "AFL-2.0", + "AFL-2.1", + "AFL-3.0", + "Afmparse", + "AGPL-1.0", + "AGPL-1.0-only", "AGPL-1.0-or-later", - "Wsuipa", + "AGPL-3.0", + "AGPL-3.0-only", + "AGPL-3.0-or-later", + "Aladdin", + "AMDPLPA", "AML", - "BSD-2-Clause", - "DSDP", - "CC-BY-2.5", - "MIT-CMU", - "Beerware", - "Sendmail", - "TU-Berlin-1.0", - "CNRI-Jython", - "mplus", - "CPOL-1.02", - "BSD-3-Clause-No-Nuclear-License-2014", - "ISC", - "CC-BY-SA-4.0", - "Eurosym", - "LGPL-3.0-only", - "OLDAP-1.3", - "GFDL-1.1-invariants-or-later", - "Glulxe", - "SimPL-2.0", - "CDLA-Permissive-2.0", - "GPL-2.0-with-font-exception", - "OGL-UK-2.0", - "CC-BY-SA-3.0-DE", - "CC-BY-ND-1.0", - "GFDL-1.1", - "CC-BY-4.0", - "OpenSSL", - "TU-Berlin-2.0", - "DOC", - "GFDL-1.2-no-invariants-or-later", - "QPL-1.0", - "OLDAP-2.8", - "OML", - "OLDAP-2.7", - "NIST-PD", - "Bitstream-Vera", - "GFDL-1.2-or-later", - "OFL-1.1-RFN", - "Bahyph", - "Barr", - "COIL-1.0", - "GFDL-1.3", - "CECILL-B", - "JPNIC", - "Zed", - "ICU", - "CC-BY-NC-SA-2.5", - "CC-BY-ND-3.0-DE", - "bzip2-1.0.5", - "SPL-1.0", - "YPL-1.0", - "OSET-PL-2.1", - "Noweb", - "RPSL-1.0", - "BSD-3-Clause-LBNL", - "CDLA-Sharing-1.0", - "CECILL-1.0", "AMPAS", + "ANTLR-PD", + "ANTLR-PD-fallback", + "Apache-1.0", + "Apache-1.1", + "Apache-2.0", "APAFML", - "CC-BY-ND-3.0", - "D-FSL-1.0", - "CC-BY-NC-3.0", - "libpng-2.0", - "PolyForm-Noncommercial-1.0.0", - "dvipdfm", - "GFDL-1.3-or-later", - "OGTSL", - "NPL-1.1", - "GPL-3.0", - "CERN-OHL-P-2.0", - "BlueOak-1.0.0", - "AGPL-3.0-or-later", - "blessing", - "ImageMagick", + "APL-1.0", + "App-s2p", + "APSL-1.0", + "APSL-1.1", + "APSL-1.2", "APSL-2.0", - "MIT-advertising", - "curl", - "CC0-1.0", - "Zimbra-1.4", - "SSPL-1.0", - "psutils", - "CC-BY-SA-2.0-UK", - "PSF-2.0", - "Net-SNMP", - "NAIST-2003", - "GFDL-1.2-invariants-or-later", - "SGI-B-1.0", - "NBPL-1.0", - "GFDL-1.2-invariants-only", - "W3C-19980720", - "OFL-1.0-no-RFN", - "NetCDF", - "TMate", - "NOSL", - "CNRI-Python-GPL-Compatible", + "Arphic-1999", + "Artistic-1.0", + "Artistic-1.0-cl8", + "Artistic-1.0-Perl", + "Artistic-2.0", + "ASWF-Digital-Assets-1.0", + "ASWF-Digital-Assets-1.1", + "Baekmuk", + "Bahyph", + "Barr", + "Beerware", + "Bitstream-Charter", + "Bitstream-Vera", + "BitTorrent-1.0", + "BitTorrent-1.1", + "blessing", + "BlueOak-1.0.0", + "Boehm-GC", + "Borceux", + "Brian-Gladman-3-Clause", "BSD-1-Clause", - "CC-BY-NC-SA-3.0-DE", + "BSD-2-Clause", + "BSD-2-Clause-FreeBSD", + "BSD-2-Clause-NetBSD", + "BSD-2-Clause-Patent", + "BSD-2-Clause-Views", + "BSD-3-Clause", + "BSD-3-Clause-Attribution", + "BSD-3-Clause-Clear", + "BSD-3-Clause-LBNL", "BSD-3-Clause-Modification", - "GLWTPL", - "GFDL-1.3-only", - "OLDAP-2.2", - "CC-BY-ND-4.0", - "CC-BY-NC-ND-3.0-DE", - "EUPL-1.0", - "Linux-OpenIB", - "LGPL-2.0-or-later", - "OSL-1.1", - "Spencer-86", - "LGPL-2.0", - "CC-PDDC", - "CC-BY-NC-ND-3.0", - "CDL-1.0", - "Elastic-2.0", - "CC-BY-2.0", "BSD-3-Clause-No-Military-License", - "IJG", - "LPPL-1.3a", - "SAX-PD", - "BitTorrent-1.0", - "OLDAP-2.0", - "Giftware", + "BSD-3-Clause-No-Nuclear-License", + "BSD-3-Clause-No-Nuclear-License-2014", + "BSD-3-Clause-No-Nuclear-Warranty", + "BSD-3-Clause-Open-MPI", + "BSD-4-Clause", + "BSD-4-Clause-Shortened", + "BSD-4-Clause-UC", + "BSD-4.3RENO", + "BSD-4.3TAHOE", + "BSD-Advertising-Acknowledgement", + "BSD-Attribution-HPND-disclaimer", + "BSD-Protection", + "BSD-Source-Code", + "BSL-1.0", + "BUSL-1.1", + "bzip2-1.0.5", + "bzip2-1.0.6", "C-UDA-1.0", - "LGPL-2.0+", - "Rdisc", - "GPL-2.0-with-classpath-exception", + "CAL-1.0", + "CAL-1.0-Combined-Work-Exception", + "Caldera", + "CATOSL-1.1", + "CC-BY-1.0", + "CC-BY-2.0", + "CC-BY-2.5", + "CC-BY-2.5-AU", + "CC-BY-3.0", + "CC-BY-3.0-AT", + "CC-BY-3.0-DE", + "CC-BY-3.0-IGO", + "CC-BY-3.0-NL", "CC-BY-3.0-US", - "CDDL-1.0", - "Xnet", - "CPL-1.0", - "LGPL-3.0-or-later", - "NASA-1.3", - "BUSL-1.1", - "etalab-2.0", - "MIT-open-group", - "OLDAP-1.4", - "GFDL-1.1-invariants-only", - "RPL-1.1", + "CC-BY-4.0", + "CC-BY-NC-1.0", + "CC-BY-NC-2.0", + "CC-BY-NC-2.5", + "CC-BY-NC-3.0", + "CC-BY-NC-3.0-DE", + "CC-BY-NC-4.0", + "CC-BY-NC-ND-1.0", + "CC-BY-NC-ND-2.0", "CC-BY-NC-ND-2.5", - "FSFULLR", - "Saxpath", - "NTP-0", - "SISSL-1.2", - "GPL-3.0-or-later", - "Apache-1.1", + "CC-BY-NC-ND-3.0", + "CC-BY-NC-ND-3.0-DE", + "CC-BY-NC-ND-3.0-IGO", + "CC-BY-NC-ND-4.0", + "CC-BY-NC-SA-1.0", + "CC-BY-NC-SA-2.0", + "CC-BY-NC-SA-2.0-DE", + "CC-BY-NC-SA-2.0-FR", + "CC-BY-NC-SA-2.0-UK", + "CC-BY-NC-SA-2.5", + "CC-BY-NC-SA-3.0", + "CC-BY-NC-SA-3.0-DE", + "CC-BY-NC-SA-3.0-IGO", + "CC-BY-NC-SA-4.0", + "CC-BY-ND-1.0", + "CC-BY-ND-2.0", + "CC-BY-ND-2.5", + "CC-BY-ND-3.0", + "CC-BY-ND-3.0-DE", + "CC-BY-ND-4.0", + "CC-BY-SA-1.0", + "CC-BY-SA-2.0", + "CC-BY-SA-2.0-UK", "CC-BY-SA-2.1-JP", - "AGPL-3.0-only", - "GPL-2.0-with-autoconf-exception", - "Artistic-2.0", - "App-s2p", - "Unicode-DFS-2015", - "diffmark", - "SNIA", "CC-BY-SA-2.5", - "Linux-man-pages-copyleft", - "HPND-sell-variant", - "ZPL-2.1", - "BSD-4-Clause-UC", - "LAL-1.2", - "AGPL-1.0-only", - "MIT-enna", + "CC-BY-SA-3.0", + "CC-BY-SA-3.0-AT", + "CC-BY-SA-3.0-DE", + "CC-BY-SA-3.0-IGO", + "CC-BY-SA-4.0", + "CC-PDDC", + "CC0-1.0", + "CDDL-1.0", + "CDDL-1.1", + "CDL-1.0", + "CDLA-Permissive-1.0", + "CDLA-Permissive-2.0", + "CDLA-Sharing-1.0", + "CECILL-1.0", + "CECILL-1.1", + "CECILL-2.0", + "CECILL-2.1", + "CECILL-B", + "CECILL-C", + "CERN-OHL-1.1", + "CERN-OHL-1.2", + "CERN-OHL-P-2.0", + "CERN-OHL-S-2.0", + "CERN-OHL-W-2.0", + "CFITSIO", + "checkmk", + "ClArtistic", + "Clips", + "CMU-Mach", + "CNRI-Jython", + "CNRI-Python", + "CNRI-Python-GPL-Compatible", + "COIL-1.0", + "Community-Spec-1.0", "Condor-1.1", - "Naumen", - "GFDL-1.3-no-invariants-or-later", - "RPL-1.5", - "PolyForm-Small-Business-1.0.0", - "EFL-1.0", - "MirOS", - "CC-BY-2.5-AU", - "Afmparse", - "MPL-2.0-no-copyleft-exception", - "LiLiQ-Rplus-1.1", - "AFL-1.2", - "OSL-1.0", - "GPL-1.0-only", - "APSL-1.0", - "OGL-Canada-2.0", + "copyleft-next-0.3.0", + "copyleft-next-0.3.1", + "Cornell-Lossless-JPEG", "CPAL-1.0", - "Latex2e", - "Zend-2.0", - "Unlicense", - "xpp", - "CC-BY-NC-1.0", - "GPL-3.0-with-autoconf-exception", - "CC-BY-NC-SA-3.0", - "TCP-wrappers", - "SCEA", - "SSH-short", - "CC-BY-3.0-NL", - "SchemeReport", - "CC-BY-3.0", - "MPL-2.0", - "Unicode-TOU", - "CC-BY-NC-ND-1.0", + "CPL-1.0", + "CPOL-1.02", + "Crossword", + "CrystalStacker", + "CUA-OPL-1.0", + "Cube", + "curl", + "D-FSL-1.0", + "diffmark", + "DL-DE-BY-2.0", + "DOC", + "Dotseqn", + "DRL-1.0", + "DSDP", + "dtoa", + "dvipdfm", + "ECL-1.0", + "ECL-2.0", + "eCos-2.0", + "EFL-1.0", + "EFL-2.0", + "eGenix", + "Elastic-2.0", "Entessa", - "BSD-3-Clause-No-Nuclear-License", - "SWL", - "GFDL-1.2-no-invariants-only", - "Parity-7.0.0", - "OLDAP-2.2.1", - "SGI-B-1.1", - "FTL", - "OLDAP-2.4", - "CC-BY-NC-4.0", - "bzip2-1.0.6", - "copyleft-next-0.3.0", - "MakeIndex", - "NRL", - "GFDL-1.3-invariants-or-later", - "CC-BY-NC-2.0", - "SugarCRM-1.1.3", - "AFL-2.1", - "GPL-2.0-only", - "GFDL-1.3-invariants-only", - "TORQUE-1.1", - "Ruby", - "X11", - "Borceux", - "Libpng", - "X11-distribute-modifications-variant", - "Frameworx-1.0", - "NCGL-UK-2.0", - "CECILL-2.1", - "CC-BY-3.0-AT", - "CNRI-Python", - "NCSA", - "gSOAP-1.3b", - "EUPL-1.1", - "AMDPLPA", - "Imlib2", - "CDDL-1.1", - "WTFPL", - "LPL-1.0", + "EPICS", "EPL-1.0", - "BSD-3-Clause-Attribution", - "OSL-3.0", - "RHeCos-1.1", - "PHP-3.0", - "BSD-Protection", - "CC-BY-NC-3.0-DE", - "APL-1.0", + "EPL-2.0", + "ErlPL-1.1", + "etalab-2.0", "EUDatagrid", - "GPL-1.0", - "SHL-0.5", - "CC-BY-SA-2.0", - "CC-BY-SA-3.0-AT", - "CC-BY-NC-SA-3.0-IGO", - "Adobe-2006", - "Newsletr", - "Nunit", - "Multics", - "OGL-UK-1.0", - "Vim", - "eCos-2.0", - "Zimbra-1.3", - "eGenix", - "IBM-pibs", - "BitTorrent-1.1", - "OFL-1.1-no-RFN", - "psfrag", - "CC-BY-ND-2.0", - "SHL-0.51", + "EUPL-1.0", + "EUPL-1.1", + "EUPL-1.2", + "Eurosym", + "Fair", + "FDK-AAC", + "Frameworx-1.0", "FreeBSD-DOC", - "Python-2.0", - "Mup", - "BSD-4-Clause-Shortened", - "CC-BY-NC-SA-4.0", - "HPND", - "OLDAP-2.6", - "MPL-1.1", + "FreeImage", + "FSFAP", + "FSFUL", + "FSFULLR", + "FSFULLRWD", + "FTL", + "GD", + "GFDL-1.1", + "GFDL-1.1-invariants-only", + "GFDL-1.1-invariants-or-later", + "GFDL-1.1-no-invariants-only", + "GFDL-1.1-no-invariants-or-later", + "GFDL-1.1-only", + "GFDL-1.1-or-later", + "GFDL-1.2", + "GFDL-1.2-invariants-only", + "GFDL-1.2-invariants-or-later", + "GFDL-1.2-no-invariants-only", + "GFDL-1.2-no-invariants-or-later", + "GFDL-1.2-only", + "GFDL-1.2-or-later", + "GFDL-1.3", + "GFDL-1.3-invariants-only", + "GFDL-1.3-invariants-or-later", + "GFDL-1.3-no-invariants-only", + "GFDL-1.3-no-invariants-or-later", + "GFDL-1.3-only", + "GFDL-1.3-or-later", + "Giftware", + "GL2PS", + "Glide", + "Glulxe", + "GLWTPL", + "gnuplot", + "GPL-1.0", + "GPL-1.0+", + "GPL-1.0-only", + "GPL-1.0-or-later", + "GPL-2.0", + "GPL-2.0+", + "GPL-2.0-only", + "GPL-2.0-or-later", + "GPL-2.0-with-autoconf-exception", + "GPL-2.0-with-bison-exception", + "GPL-2.0-with-classpath-exception", + "GPL-2.0-with-font-exception", "GPL-2.0-with-GCC-exception", + "GPL-3.0", + "GPL-3.0+", + "GPL-3.0-only", + "GPL-3.0-or-later", + "GPL-3.0-with-autoconf-exception", + "GPL-3.0-with-GCC-exception", + "Graphics-Gems", + "gSOAP-1.3b", "HaskellReport", - "ECL-1.0", + "Hippocratic-2.1", + "HP-1986", + "HPND", + "HPND-export-US", + "HPND-Markus-Kuhn", + "HPND-sell-variant", + "HPND-sell-variant-MIT-disclaimer", + "HTMLTIDY", + "IBM-pibs", + "ICU", + "IEC-Code-Components-EULA", + "IJG", + "IJG-short", + "ImageMagick", + "iMatix", + "Imlib2", + "Info-ZIP", + "Inner-Net-2.0", + "Intel", + "Intel-ACPI", + "Interbase-1.0", + "IPA", + "IPL-1.0", + "ISC", + "Jam", + "JasPer-2.0", + "JPL-image", + "JPNIC", + "JSON", + "Kazlib", + "Knuth-CTAN", + "LAL-1.2", + "LAL-1.3", + "Latex2e", + "Latex2e-translated-notice", + "Leptonica", + "LGPL-2.0", + "LGPL-2.0+", + "LGPL-2.0-only", + "LGPL-2.0-or-later", + "LGPL-2.1", + "LGPL-2.1+", + "LGPL-2.1-only", "LGPL-2.1-or-later", - "OFL-1.0", - "APSL-1.1", - "MITNFA", - "CECILL-2.0", - "Crossword", - "Aladdin", - "Baekmuk", - "XFree86-1.1", - "GPL-1.0-or-later", - "CERN-OHL-W-2.0", - "CC-BY-SA-1.0", - "NTP", - "PHP-3.01", - "OCLC-2.0", - "CC-BY-3.0-DE", - "CC-BY-NC-2.5", - "Zlib", - "CATOSL-1.1", + "LGPL-3.0", "LGPL-3.0+", - "CAL-1.0", - "NPL-1.0", - "SMLNJ", - "GPL-2.0+", - "OLDAP-2.5", - "JasPer-2.0", - "GPL-2.0-or-later", - "BSD-2-Clause-Patent", + "LGPL-3.0-only", + "LGPL-3.0-or-later", + "LGPLLR", + "Libpng", + "libpng-2.0", + "libselinux-1.0", + "libtiff", + "libutil-David-Nugent", + "LiLiQ-P-1.1", + "LiLiQ-R-1.1", + "LiLiQ-Rplus-1.1", + "Linux-man-pages-1-para", + "Linux-man-pages-copyleft", + "Linux-man-pages-copyleft-2-para", + "Linux-man-pages-copyleft-var", + "Linux-OpenIB", + "LOOP", + "LPL-1.0", + "LPL-1.02", + "LPPL-1.0", + "LPPL-1.1", + "LPPL-1.2", + "LPPL-1.3a", + "LPPL-1.3c", + "LZMA-SDK-9.11-to-9.20", + "LZMA-SDK-9.22", + "MakeIndex", + "Martin-Birgmeier", + "metamail", + "Minpack", + "MirOS", + "MIT", + "MIT-0", + "MIT-advertising", + "MIT-CMU", + "MIT-enna", + "MIT-feh", + "MIT-Festival", + "MIT-Modern-Variant", + "MIT-open-group", + "MIT-Wu", + "MITNFA", + "Motosoto", + "mpi-permissive", + "mpich2", + "MPL-1.0", + "MPL-1.1", + "MPL-2.0", + "MPL-2.0-no-copyleft-exception", + "mplus", + "MS-LPL", + "MS-PL", "MS-RL", - "CUA-OPL-1.0", - "IPA", + "MTLL", + "MulanPSL-1.0", + "MulanPSL-2.0", + "Multics", + "Mup", + "NAIST-2003", + "NASA-1.3", + "Naumen", + "NBPL-1.0", + "NCGL-UK-2.0", + "NCSA", + "Net-SNMP", + "NetCDF", + "Newsletr", + "NGPL", + "NICTA-1.0", + "NIST-PD", + "NIST-PD-fallback", + "NIST-Software", + "NLOD-1.0", + "NLOD-2.0", "NLPL", + "Nokia", + "NOSL", + "Noweb", + "NPL-1.0", + "NPL-1.1", + "NPOSL-3.0", + "NRL", + "NTP", + "NTP-0", + "Nunit", "O-UDA-1.0", - "MIT-Modern-Variant", - "OLDAP-1.2", - "BSD-2-Clause-FreeBSD", - "Info-ZIP", - "CC-BY-NC-SA-2.0-FR", - "0BSD", - "Unicode-DFS-2016", + "OCCT-PL", + "OCLC-2.0", + "ODbL-1.0", + "ODC-By-1.0", + "OFFIS", + "OFL-1.0", + "OFL-1.0-no-RFN", "OFL-1.0-RFN", - "Intel", - "AFL-2.0", - "GL2PS", - "TAPR-OHL-1.0", - "Apache-1.0", - "MTLL", - "Motosoto", + "OFL-1.1", + "OFL-1.1-no-RFN", + "OFL-1.1-RFN", + "OGC-1.0", + "OGDL-Taiwan-1.0", + "OGL-Canada-2.0", + "OGL-UK-1.0", + "OGL-UK-2.0", + "OGL-UK-3.0", + "OGTSL", + "OLDAP-1.1", + "OLDAP-1.2", + "OLDAP-1.3", + "OLDAP-1.4", + "OLDAP-2.0", + "OLDAP-2.0.1", + "OLDAP-2.1", + "OLDAP-2.2", + "OLDAP-2.2.1", + "OLDAP-2.2.2", + "OLDAP-2.3", + "OLDAP-2.4", + "OLDAP-2.5", + "OLDAP-2.6", + "OLDAP-2.7", + "OLDAP-2.8", + "OLFL-1.3", + "OML", + "OpenPBS-2.3", + "OpenSSL", + "OPL-1.0", + "OPL-UK-3.0", + "OPUBL-1.0", + "OSET-PL-2.1", + "OSL-1.0", + "OSL-1.1", + "OSL-2.0", + "OSL-2.1", + "OSL-3.0", + "Parity-6.0.0", + "Parity-7.0.0", + "PDDL-1.0", + "PHP-3.0", + "PHP-3.01", + "Plexus", + "PolyForm-Noncommercial-1.0.0", + "PolyForm-Small-Business-1.0.0", + "PostgreSQL", + "PSF-2.0", + "psfrag", + "psutils", + "Python-2.0", + "Python-2.0.1", + "Qhull", + "QPL-1.0", + "QPL-1.0-INRIA-2004", + "Rdisc", + "RHeCos-1.1", + "RPL-1.1", + "RPL-1.5", + "RPSL-1.0", "RSA-MD", - "Community-Spec-1.0", - "ODC-By-1.0", - "zlib-acknowledgement", - "DL-DE-BY-2.0", - "VSL-1.0", - "LiLiQ-R-1.1", - "OPL-1.0", - "GPL-3.0+", - "MulanPSL-2.0", - "APSL-1.2", - "OGDL-Taiwan-1.0", "RSCPL", - "OGC-1.0", - "EFL-2.0", - "CAL-1.0-Combined-Work-Exception", - "MS-PL", - "Plexus", + "Ruby", + "SAX-PD", + "Saxpath", + "SCEA", + "SchemeReport", + "Sendmail", "Sendmail-8.23", - "Cube", - "JSON", - "EUPL-1.2", - "Adobe-Glyph", - "FreeImage", - "Watcom-1.0", - "Jam", - "Hippocratic-2.1", - "OLDAP-2.0.1", - "CC-BY-NC-SA-2.0", - "Nokia", - "OCCT-PL", - "ErlPL-1.1", + "SGI-B-1.0", + "SGI-B-1.1", + "SGI-B-2.0", + "SGP4", + "SHL-0.5", + "SHL-0.51", + "SimPL-2.0", + "SISSL", + "SISSL-1.2", + "Sleepycat", + "SMLNJ", + "SMPPL", + "SNIA", + "snprintf", + "Spencer-86", + "Spencer-94", + "Spencer-99", + "SPL-1.0", + "SSH-OpenSSH", + "SSH-short", + "SSPL-1.0", + "StandardML-NJ", + "SugarCRM-1.1.3", + "SunPro", + "SWL", + "Symlinks", + "TAPR-OHL-1.0", + "TCL", + "TCP-wrappers", + "TermReadKey", + "TMate", + "TORQUE-1.1", "TOSL", - "OSL-2.1", - "ClArtistic", + "TPDL", + "TPL-1.0", + "TTWL", + "TU-Berlin-1.0", + "TU-Berlin-2.0", + "UCAR", + "UCL-1.0", + "Unicode-DFS-2015", + "Unicode-DFS-2016", + "Unicode-TOU", + "UnixCrypt", + "Unlicense", + "UPL-1.0", + "Vim", + "VOSTROM", + "VSL-1.0", + "W3C", + "W3C-19980720", + "W3C-20150513", + "w3m", + "Watcom-1.0", + "Widget-Workshop", + "Wsuipa", + "WTFPL", + "wxWindows", + "X11", + "X11-distribute-modifications-variant", + "Xdebug-1.03", + "Xerox", + "Xfig", + "XFree86-1.1", "xinetd", - "GPL-3.0-with-GCC-exception", - "ODbL-1.0", - "MIT", - "LGPL-2.1+", - "LGPL-2.1-only", - "CrystalStacker", - "ECL-2.0", - "LPPL-1.0", - "iMatix", - "CC-BY-NC-ND-3.0-IGO", - "BSD-Source-Code", - "Parity-6.0.0", - "TCL", - "Arphic-1999", - "CC-BY-SA-3.0", - "Caldera", - "AGPL-1.0", - "IPL-1.0", - "LAL-1.3", - "EPICS", - "NGPL", - "DRL-1.0", - "BSD-2-Clause-NetBSD", - "ZPL-1.1", - "GD", - "LPPL-1.2", - "Dotseqn", - "Spencer-99", - "OLDAP-2.3", + "xlock", + "Xnet", + "xpp", + "XSkat", + "YPL-1.0", "YPL-1.1", - "Fair", - "Qhull", - "GFDL-1.1-no-invariants-or-later", - "CECILL-C", - "MulanPSL-1.0", - "OLDAP-1.1", - "OLDAP-2.1", - "LPL-1.02", - "UPL-1.0", - "Abstyles", + "Zed", + "Zend-2.0", + "Zimbra-1.3", + "Zimbra-1.4", + "Zlib", + "zlib-acknowledgement", + "ZPL-1.1", "ZPL-2.0", - "MIT-0", - "LGPL-2.0-only", - "GFDL-1.3-no-invariants-only", - "AGPL-3.0", - "EPL-2.0", - "AFL-3.0", - "CDLA-Permissive-1.0", - "Artistic-1.0", - "CC-BY-NC-ND-4.0", - "HTMLTIDY", - "Glide", - "FSFAP", - "LGPLLR", - "OGL-UK-3.0", - "GFDL-1.2", - "SSH-OpenSSH", - "GFDL-1.1-only", - "MIT-feh", - "MPL-1.0", - "PostgreSQL", - "OLDAP-2.2.2", - "SMPPL", - "OFL-1.1", - "Leptonica", - "CERN-OHL-1.1", - "BSD-3-Clause-No-Nuclear-Warranty", - "CC-BY-ND-2.5", - "CC-BY-1.0", - "GFDL-1.2-only", - "OPUBL-1.0", - "libselinux-1.0", - "BSD-3-Clause", - "ANTLR-PD-fallback", - "copyleft-next-0.3.1", - "GPL-1.0+", - "wxWindows", - "LGPL-3.0", - "LGPL-2.1", - "StandardML-NJ", - "BSD-4-Clause", - "GPL-2.0-with-bison-exception", - "Apache-2.0", - "Artistic-1.0-cl8", - "GPL-2.0", - "Intel-ACPI", - "BSL-1.0", - "Artistic-1.0-Perl", - "BSD-2-Clause-Views", - "Interbase-1.0", - "NPOSL-3.0", - "FLTK-exception", - "Bootloader-exception", - "WxWindows-exception-3.1", - "Linux-syscall-note", - "Qt-LGPL-exception-1.1", - "LLVM-exception", - "PS-or-PDF-font-exception-20170817", - "GCC-exception-3.1", + "ZPL-2.1", + "389-exception", + "Asterisk-exception", + "Autoconf-exception-2.0", "Autoconf-exception-3.0", - "LGPL-3.0-linking-exception", - "GCC-exception-2.0", + "Autoconf-exception-generic", + "Autoconf-exception-macro", "Bison-exception-2.2", - "openvpn-openssl-exception", - "Libtool-exception", - "Autoconf-exception-2.0", + "Bootloader-exception", + "Classpath-exception-2.0", + "CLISP-exception-2.0", + "cryptsetup-OpenSSL-exception", + "DigiRule-FOSS-exception", + "eCos-exception-2.0", + "Fawkes-Runtime-exception", + "FLTK-exception", + "Font-exception-2.0", + "freertos-exception-2.0", + "GCC-exception-2.0", + "GCC-exception-3.1", + "GNAT-exception", + "gnu-javamail-exception", + "GPL-3.0-interface-exception", + "GPL-3.0-linking-exception", "GPL-3.0-linking-source-exception", "GPL-CC-1.0", - "OCaml-LGPL-linking-exception", - "Universal-FOSS-exception-1.0", + "GStreamer-exception-2005", + "GStreamer-exception-2008", "i2p-gpl-java-exception", - "CLISP-exception-2.0", + "KiCad-libraries-exception", + "LGPL-3.0-linking-exception", + "libpri-OpenH323-exception", + "Libtool-exception", + "Linux-syscall-note", + "LLGPL", + "LLVM-exception", + "LZMA-exception", + "mif-exception", + "Nokia-Qt-exception-1.1", + "OCaml-LGPL-linking-exception", "OCCT-exception-1.0", - "Qwt-exception-1.0", - "gnu-javamail-exception", - "u-boot-exception-2.0", - "freertos-exception-2.0", - "Qt-GPL-exception-1.0", "OpenJDK-assembly-exception-1.0", + "openvpn-openssl-exception", + "PS-or-PDF-font-exception-20170817", + "QPL-1.0-INRIA-2004-exception", + "Qt-GPL-exception-1.0", + "Qt-LGPL-exception-1.1", + "Qwt-exception-1.0", + "SHL-2.0", "SHL-2.1", - "mif-exception", - "Fawkes-Runtime-exception", + "SWI-exception", "Swift-exception", - "GPL-3.0-linking-exception", - "SHL-2.0", - "Classpath-exception-2.0", - "LZMA-exception", - "Font-exception-2.0", - "Nokia-Qt-exception-1.1", - "DigiRule-FOSS-exception", - "eCos-exception-2.0", - "389-exception" + "u-boot-exception-2.0", + "Universal-FOSS-exception-1.0", + "vsftpd-openssl-exception", + "WxWindows-exception-3.1", + "x11vnc-openssl-exception" ] } diff --git a/src/main/resources/spdx.xsd b/src/main/resources/spdx.xsd index 4fb43642d..5d086dbe1 100644 --- a/src/main/resources/spdx.xsd +++ b/src/main/resources/spdx.xsd @@ -2,239 +2,234 @@ + version="1.0-3.21"> - - - Creative Commons Attribution Non Commercial No Derivatives 2.0 Generic - - - + - SGI Free Software License B v2.0 + BSD Zero Clause License - + - LaTeX Project Public License v1.3c + Attribution Assurance License - + - NIST Public Domain Notice with license fallback + Abstyles License - + - libtiff License + AdaCore Doc License - + - XSkat License + Adobe Systems Incorporated Source Code License Agreement - + - Open Data Commons Public Domain Dedication & License 1.0 + Adobe Glyph List License - + - KiCad Libraries Exception + Amazon Digital Services License - + - Creative Commons Attribution Non Commercial Share Alike 1.0 Generic + Academic Free License v1.1 - + - GNU Free Documentation License v1.1 only - no invariants + Academic Free License v1.2 - + - Xerox License + Academic Free License v2.0 - + - LaTeX Project Public License v1.1 + Academic Free License v2.1 - + - VOSTROM Public License for Open Source + Academic Free License v3.0 - + - Upstream Compatibility License v1.0 + Afmparse License - + - Amazon Digital Services License + Affero General Public License v1.0 - + - Open Software License 2.0 + Affero General Public License v1.0 only - + - Attribution Assurance License + Affero General Public License v1.0 or later - + - Fraunhofer FDK AAC Codec Library + GNU Affero General Public License v3.0 - + - W3C Software Notice and Document License (2015-05-13) + GNU Affero General Public License v3.0 only - + - Academic Free License v1.1 + GNU Affero General Public License v3.0 or later - + - W3C Software Notice and License (2002-12-31) + Aladdin Free Public License - + - Sleepycat License + AMD's plpa_map.c License - + - CeCILL Free Software License Agreement v1.1 + Apple MIT License - + - mpich2 License + Academy of Motion Picture Arts and Sciences BSD - + - Sun Industry Standards Source License v1.1 + ANTLR Software Rights Notice - + - Norwegian Licence for Open Government Data (NLOD) 1.0 + ANTLR Software Rights Notice with license fallback - + - ANTLR Software Rights Notice + Apache License 1.0 - + - GNU General Public License v3.0 only + Apache License 1.1 - + - gnuplot License + Apache License 2.0 - + - Norwegian Licence for Open Government Data (NLOD) 2.0 + Adobe Postscript AFM License - + - BSD 3-Clause Open MPI variant + Adaptive Public License 1.0 - + - Licence Libre du Québec – Permissive version 1.1 + App::s2p License - + - BSD 3-Clause Clear License + Apple Public Source License 1.0 - + - FSF Unlimited License + Apple Public Source License 1.1 - + - Creative Commons Attribution Non Commercial Share Alike 2.0 England and Wales + Apple Public Source License 1.2 - + - CERN Open Hardware Licence Version 2 - Strongly Reciprocal + Apple Public Source License 2.0 - + - Spencer License 94 + Arphic Public License - + - CERN Open Hardware Licence v1.2 + Artistic License 1.0 - + - GNU Free Documentation License v1.1 or later + Artistic License 1.0 w/clause 8 - + - Affero General Public License v1.0 or later + Artistic License 1.0 (Perl) - + - Wsuipa License + Artistic License 2.0 - + - Apple MIT License + ASWF Digital Assets License version 1.0 - + - BSD 2-Clause "Simplified" License + ASWF Digital Assets License 1.1 - + - DSDP License + Baekmuk License - + - Creative Commons Attribution 2.5 Generic + Bahyph License - + - CMU License + Barr License @@ -242,284 +237,289 @@ Beerware License - + - Sendmail License + Bitstream Charter Font License - + - Technische Universitaet Berlin License 1.0 + Bitstream Vera Font License - + - CNRI Jython License + BitTorrent Open Source License v1.0 - + - mplus Font License + BitTorrent Open Source License v1.1 - + - Code Project Open License 1.02 + SQLite Blessing - + - BSD 3-Clause No Nuclear License 2014 + Blue Oak Model License 1.0.0 - + - ISC License + Boehm-Demers-Weiser GC License - + - Creative Commons Attribution Share Alike 4.0 International + Borceux license - + - Eurosym License + Brian Gladman 3-Clause License - + - GNU Lesser General Public License v3.0 only + BSD 1-Clause License - + - Open LDAP Public License v1.3 + BSD 2-Clause "Simplified" License - + - GNU Free Documentation License v1.1 or later - invariants + BSD 2-Clause FreeBSD License - + - Glulxe License + BSD 2-Clause NetBSD License - + - Simple Public License 2.0 + BSD-2-Clause Plus Patent License - + - Community Data License Agreement Permissive 2.0 + BSD 2-Clause with views sentence - + - GNU General Public License v2.0 w/Font exception + BSD 3-Clause "New" or "Revised" License - + - Open Government Licence v2.0 + BSD with attribution - + - Creative Commons Attribution Share Alike 3.0 Germany + BSD 3-Clause Clear License - + - Creative Commons Attribution No Derivatives 1.0 Generic + Lawrence Berkeley National Labs BSD variant license - + - GNU Free Documentation License v1.1 + BSD 3-Clause Modification - + - Creative Commons Attribution 4.0 International + BSD 3-Clause No Military License - + - OpenSSL License + BSD 3-Clause No Nuclear License - + - Technische Universitaet Berlin License 2.0 + BSD 3-Clause No Nuclear License 2014 - + - DOC License + BSD 3-Clause No Nuclear Warranty - + - GNU Free Documentation License v1.2 or later - no invariants + BSD 3-Clause Open MPI variant - + - Q Public License 1.0 + BSD 4-Clause "Original" or "Old" License - + - Open LDAP Public License v2.8 + BSD 4 Clause Shortened - + - Open Market License + BSD-4-Clause (University of California-Specific) - + - Open LDAP Public License v2.7 + BSD 4.3 RENO License - + - NIST Public Domain Notice + BSD 4.3 TAHOE License - + - Bitstream Vera Font License + BSD Advertising Acknowledgement License - + - GNU Free Documentation License v1.2 or later + BSD with Attribution and HPND disclaimer - + - SIL Open Font License 1.1 with Reserved Font Name + BSD Protection License - + - Bahyph License + BSD Source Code Attribution - + - Barr License + Boost Software License 1.0 - + - Copyfree Open Innovation License + Business Source License 1.1 - + - GNU Free Documentation License v1.3 + bzip2 and libbzip2 License v1.0.5 - + - CeCILL-B Free Software License Agreement + bzip2 and libbzip2 License v1.0.6 - + - Japan Network Information Center License + Computational Use of Data Agreement v1.0 - + - Zed License + Cryptographic Autonomy License 1.0 - + - ICU License + Cryptographic Autonomy License 1.0 (Combined Work Exception) - + - Creative Commons Attribution Non Commercial Share Alike 2.5 Generic + Caldera License - + - Creative Commons Attribution No Derivatives 3.0 Germany + Computer Associates Trusted Open Source License 1.1 - + - bzip2 and libbzip2 License v1.0.5 + Creative Commons Attribution 1.0 Generic - + - Sun Public License v1.0 + Creative Commons Attribution 2.0 Generic - + - Yahoo! Public License v1.0 + Creative Commons Attribution 2.5 Generic - + - OSET Public License version 2.1 + Creative Commons Attribution 2.5 Australia - + - Noweb License + Creative Commons Attribution 3.0 Unported - + - RealNetworks Public Source License v1.0 + Creative Commons Attribution 3.0 Austria - + - Lawrence Berkeley National Labs BSD variant license + Creative Commons Attribution 3.0 Germany - + - Community Data License Agreement Sharing 1.0 + Creative Commons Attribution 3.0 IGO - + - CeCILL Free Software License Agreement v1.0 + Creative Commons Attribution 3.0 Netherlands - + - Academy of Motion Picture Arts and Sciences BSD + Creative Commons Attribution 3.0 United States - + - Adobe Postscript AFM License + Creative Commons Attribution 4.0 International - + - Creative Commons Attribution No Derivatives 3.0 Unported + Creative Commons Attribution Non Commercial 1.0 Generic - + - Deutsche Freie Software Lizenz + Creative Commons Attribution Non Commercial 2.0 Generic + + + + + Creative Commons Attribution Non Commercial 2.5 Generic @@ -527,294 +527,679 @@ Creative Commons Attribution Non Commercial 3.0 Unported - + - PNG Reference Library version 2 + Creative Commons Attribution Non Commercial 3.0 Germany - + - PolyForm Noncommercial License 1.0.0 + Creative Commons Attribution Non Commercial 4.0 International - + - dvipdfm License + Creative Commons Attribution Non Commercial No Derivatives 1.0 Generic - + - GNU Free Documentation License v1.3 or later + Creative Commons Attribution Non Commercial No Derivatives 2.0 Generic - + - Open Group Test Suite License + Creative Commons Attribution Non Commercial No Derivatives 2.5 Generic - + - Netscape Public License v1.1 + Creative Commons Attribution Non Commercial No Derivatives 3.0 Unported - + - GNU General Public License v3.0 only + Creative Commons Attribution Non Commercial No Derivatives 3.0 Germany - + - CERN Open Hardware Licence Version 2 - Permissive + Creative Commons Attribution Non Commercial No Derivatives 3.0 IGO - + - Blue Oak Model License 1.0.0 + Creative Commons Attribution Non Commercial No Derivatives 4.0 International - + - GNU Affero General Public License v3.0 or later + Creative Commons Attribution Non Commercial Share Alike 1.0 Generic - + - SQLite Blessing + Creative Commons Attribution Non Commercial Share Alike 2.0 Generic - + - ImageMagick License + Creative Commons Attribution Non Commercial Share Alike 2.0 Germany - + - Apple Public Source License 2.0 + Creative Commons Attribution-NonCommercial-ShareAlike 2.0 France - + - Enlightenment License (e16) + Creative Commons Attribution Non Commercial Share Alike 2.0 England and Wales - + - curl License + Creative Commons Attribution Non Commercial Share Alike 2.5 Generic - + - Creative Commons Zero v1.0 Universal + Creative Commons Attribution Non Commercial Share Alike 3.0 Unported - + - Zimbra Public License v1.4 + Creative Commons Attribution Non Commercial Share Alike 3.0 Germany - + - Server Side Public License, v 1 + Creative Commons Attribution Non Commercial Share Alike 3.0 IGO - + - psutils License + Creative Commons Attribution Non Commercial Share Alike 4.0 International - + - Creative Commons Attribution Share Alike 2.0 England and Wales + Creative Commons Attribution No Derivatives 1.0 Generic - + - Python Software Foundation License 2.0 + Creative Commons Attribution No Derivatives 2.0 Generic - + - Net-SNMP License + Creative Commons Attribution No Derivatives 2.5 Generic - + - Nara Institute of Science and Technology License (2003) + Creative Commons Attribution No Derivatives 3.0 Unported - + - GNU Free Documentation License v1.2 or later - invariants + Creative Commons Attribution No Derivatives 3.0 Germany - + - SGI Free Software License B v1.0 + Creative Commons Attribution No Derivatives 4.0 International - + - Net Boolean Public License v1 + Creative Commons Attribution Share Alike 1.0 Generic - + - GNU Free Documentation License v1.2 only - invariants + Creative Commons Attribution Share Alike 2.0 Generic - + - W3C Software Notice and License (1998-07-20) + Creative Commons Attribution Share Alike 2.0 England and Wales - + - SIL Open Font License 1.0 with no Reserved Font Name + Creative Commons Attribution Share Alike 2.1 Japan - + - NetCDF license + Creative Commons Attribution Share Alike 2.5 Generic - + - TMate Open Source License + Creative Commons Attribution Share Alike 3.0 Unported + + + + + Creative Commons Attribution Share Alike 3.0 Austria + + + + + Creative Commons Attribution Share Alike 3.0 Germany + + + + + Creative Commons Attribution-ShareAlike 3.0 IGO + + + + + Creative Commons Attribution Share Alike 4.0 International + + + + + Creative Commons Public Domain Dedication and Certification + + + + + Creative Commons Zero v1.0 Universal + + + + + Common Development and Distribution License 1.0 + + + + + Common Development and Distribution License 1.1 + + + + + Common Documentation License 1.0 + + + + + Community Data License Agreement Permissive 1.0 + + + + + Community Data License Agreement Permissive 2.0 + + + + + Community Data License Agreement Sharing 1.0 + + + + + CeCILL Free Software License Agreement v1.0 + + + + + CeCILL Free Software License Agreement v1.1 + + + + + CeCILL Free Software License Agreement v2.0 + + + + + CeCILL Free Software License Agreement v2.1 + + + + + CeCILL-B Free Software License Agreement + + + + + CeCILL-C Free Software License Agreement + + + + + CERN Open Hardware Licence v1.1 + + + + + CERN Open Hardware Licence v1.2 + + + + + CERN Open Hardware Licence Version 2 - Permissive + + + + + CERN Open Hardware Licence Version 2 - Strongly Reciprocal + + + + + CERN Open Hardware Licence Version 2 - Weakly Reciprocal + + + + + CFITSIO License + + + + + Checkmk License + + + + + Clarified Artistic License + + + + + Clips License + + + + + CMU Mach License + + + + + CNRI Jython License + + + + + CNRI Python License + + + + + CNRI Python Open Source GPL Compatible License Agreement + + + + + Copyfree Open Innovation License + + + + + Community Specification License 1.0 + + + + + Condor Public License v1.1 + + + + + copyleft-next 0.3.0 + + + + + copyleft-next 0.3.1 + + + + + Cornell Lossless JPEG License + + + + + Common Public Attribution License 1.0 + + + + + Common Public License 1.0 + + + + + Code Project Open License 1.02 + + + + + Crossword License + + + + + CrystalStacker License + + + + + CUA Office Public License v1.0 + + + + + Cube License + + + + + curl License + + + + + Deutsche Freie Software Lizenz + + + + + diffmark license + + + + + Data licence Germany – attribution – version 2.0 + + + + + DOC License + + + + + Dotseqn License + + + + + Detection Rule License 1.0 + + + + + DSDP License + + + + + David M. Gay dtoa License + + + + + dvipdfm License + + + + + Educational Community License v1.0 + + + + + Educational Community License v2.0 + + + + + eCos license version 2.0 + + + + + Eiffel Forum License v1.0 + + + + + Eiffel Forum License v2.0 + + + + + eGenix.com Public License 1.1.0 + + + + + Elastic License 2.0 + + + + + Entessa Public License v1.0 + + + + + EPICS Open License + + + + + Eclipse Public License 1.0 - + - Netizen Open Source License + Eclipse Public License 2.0 - + - CNRI Python Open Source GPL Compatible License Agreement + Erlang Public License v1.1 - + - BSD 1-Clause License + Etalab Open License 2.0 - + - Creative Commons Attribution Non Commercial Share Alike 3.0 Germany + EU DataGrid Software License - + - BSD 3-Clause Modification + European Union Public License 1.0 - + - Good Luck With That Public License + European Union Public License 1.1 - + - GNU Free Documentation License v1.3 only + European Union Public License 1.2 - + - Open LDAP Public License v2.2 + Eurosym License - + - Creative Commons Attribution No Derivatives 4.0 International + Fair License - + - Creative Commons Attribution Non Commercial No Derivatives 3.0 Germany + Fraunhofer FDK AAC Codec Library - + - European Union Public License 1.0 + Frameworx Open License 1.0 - + - Linux Kernel Variant of OpenIB.org license + FreeBSD Documentation License - + - GNU Library General Public License v2 or later + FreeImage Public License v1.0 - + - Open Software License 1.1 + FSF All Permissive License - + - Spencer License 86 + FSF Unlimited License - + - GNU Library General Public License v2 only + FSF Unlimited License (with License Retention) - + - Creative Commons Public Domain Dedication and Certification + FSF Unlimited License (With License Retention and Warranty Disclaimer) - + - Creative Commons Attribution Non Commercial No Derivatives 3.0 Unported + Freetype Project License - + - Common Documentation License 1.0 + GD License - + - Elastic License 2.0 + GNU Free Documentation License v1.1 - + - Creative Commons Attribution 2.0 Generic + GNU Free Documentation License v1.1 only - invariants - + - BSD 3-Clause No Military License + GNU Free Documentation License v1.1 or later - invariants - + - Independent JPEG Group License + GNU Free Documentation License v1.1 only - no invariants - + - LaTeX Project Public License v1.3a + GNU Free Documentation License v1.1 or later - no invariants - + - Sax Public Domain Notice + GNU Free Documentation License v1.1 only - + - BitTorrent Open Source License v1.0 + GNU Free Documentation License v1.1 or later - + - Open LDAP Public License v2.0 (or possibly 2.0A and 2.0B) + GNU Free Documentation License v1.2 + + + + + GNU Free Documentation License v1.2 only - invariants + + + + + GNU Free Documentation License v1.2 or later - invariants + + + + + GNU Free Documentation License v1.2 only - no invariants + + + + + GNU Free Documentation License v1.2 or later - no invariants + + + + + GNU Free Documentation License v1.2 only + + + + + GNU Free Documentation License v1.2 or later + + + + + GNU Free Documentation License v1.3 + + + + + GNU Free Documentation License v1.3 only - invariants + + + + + GNU Free Documentation License v1.3 or later - invariants + + + + + GNU Free Documentation License v1.3 only - no invariants + + + + + GNU Free Documentation License v1.3 or later - no invariants + + + + + GNU Free Documentation License v1.3 only + + + + + GNU Free Documentation License v1.3 or later @@ -822,284 +1207,304 @@ Giftware License - + - Computational Use of Data Agreement v1.0 + GL2PS License - + - GNU Library General Public License v2 or later + 3dfx Glide License - + - Rdisc License + Glulxe License - + - GNU General Public License v2.0 w/Classpath exception + Good Luck With That Public License - + - Creative Commons Attribution 3.0 United States + gnuplot License - + - Common Development and Distribution License 1.0 + GNU General Public License v1.0 only - + - X.Net License + GNU General Public License v1.0 or later - + - Common Public License 1.0 + GNU General Public License v1.0 only - + - GNU Lesser General Public License v3.0 or later + GNU General Public License v1.0 or later - + - NASA Open Source Agreement 1.3 + GNU General Public License v2.0 only - + - Business Source License 1.1 + GNU General Public License v2.0 or later - + - Etalab Open License 2.0 + GNU General Public License v2.0 only - + - MIT Open Group variant + GNU General Public License v2.0 or later - + - Open LDAP Public License v1.4 + GNU General Public License v2.0 w/Autoconf exception - + - GNU Free Documentation License v1.1 only - invariants + GNU General Public License v2.0 w/Bison exception - + + + GNU General Public License v2.0 w/Classpath exception + + + + + GNU General Public License v2.0 w/Font exception + + + + + GNU General Public License v2.0 w/GCC Runtime Library exception + + + + + GNU General Public License v3.0 only + + + - Reciprocal Public License 1.1 + GNU General Public License v3.0 or later - + - Creative Commons Attribution Non Commercial No Derivatives 2.5 Generic + GNU General Public License v3.0 only - + - FSF Unlimited License (with License Retention) + GNU General Public License v3.0 or later - + - Saxpath License + GNU General Public License v3.0 w/Autoconf exception - + - NTP No Attribution + GNU General Public License v3.0 w/GCC Runtime Library exception - + - Sun Industry Standards Source License v1.2 + Graphics Gems License - + - GNU General Public License v3.0 or later + gSOAP Public License v1.3b - + - Apache License 1.1 + Haskell Language Report License - + - Creative Commons Attribution Share Alike 2.1 Japan + Hippocratic License 2.1 - + - GNU Affero General Public License v3.0 only + Hewlett-Packard 1986 License - + - GNU General Public License v2.0 w/Autoconf exception + Historical Permission Notice and Disclaimer - + - Artistic License 2.0 + HPND with US Government export control warning - + - App::s2p License + Historical Permission Notice and Disclaimer - Markus Kuhn variant - + - Unicode License Agreement - Data Files and Software (2015) + Historical Permission Notice and Disclaimer - sell variant - + - diffmark license + HPND sell variant with MIT disclaimer - + - SNIA Public License 1.1 + HTML Tidy License - + - Creative Commons Attribution Share Alike 2.5 Generic + IBM PowerPC Initialization and Boot Software - + - Linux man-pages Copyleft + ICU License - + - Historical Permission Notice and Disclaimer - sell variant + IEC Code Components End-user licence agreement - + - Zope Public License 2.1 + Independent JPEG Group License - + - BSD-4-Clause (University of California-Specific) + Independent JPEG Group License - short - + - Licence Art Libre 1.2 + ImageMagick License - + - Affero General Public License v1.0 only + iMatix Standard Function Library Agreement - + - enna License + Imlib2 License - + - Condor Public License v1.1 + Info-ZIP License - + - Naumen Public License + Inner Net License v2.0 - + - GNU Free Documentation License v1.3 or later - no invariants + Intel Open Source License - + - Reciprocal Public License 1.5 + Intel ACPI Software License Agreement - + - PolyForm Small Business License 1.0.0 + Interbase Public License v1.0 - + - Eiffel Forum License v1.0 + IPA Font License - + - The MirOS Licence + IBM Public License v1.0 - + - Creative Commons Attribution 2.5 Australia + ISC License - + - Afmparse License + Jam License - + - Mozilla Public License 2.0 (no copyleft exception) + JasPer License - + - Licence Libre du Québec – Réciprocité forte version 1.1 + JPL Image Use Policy - + - Academic Free License v1.2 + Japan Network Information Center License - + - Open Software License 1.0 + JSON License - + - GNU General Public License v1.0 only + Kazlib License - + - Apple Public Source License 1.0 + Knuth CTAN License - + - Open Government Licence - Canada + Licence Art Libre 1.2 - + - Common Public Attribution License 1.0 + Licence Art Libre 1.3 @@ -1107,1515 +1512,1520 @@ Latex2e License - + - Zend License v2.0 + Latex2e with translated notice permission - + - The Unlicense + Leptonica License - + - XPP License + GNU Library General Public License v2 only - + - Creative Commons Attribution Non Commercial 1.0 Generic + GNU Library General Public License v2 or later - + - GNU General Public License v3.0 w/Autoconf exception + GNU Library General Public License v2 only - + - Creative Commons Attribution Non Commercial Share Alike 3.0 Unported + GNU Library General Public License v2 or later - + - TCP Wrappers License + GNU Lesser General Public License v2.1 only - + - SCEA Shared Source License + GNU Lesser General Public License v2.1 or later - + - SSH short notice + GNU Lesser General Public License v2.1 only - + - Creative Commons Attribution 3.0 Netherlands + GNU Lesser General Public License v2.1 or later - + - Scheme Language Report License + GNU Lesser General Public License v3.0 only - + - Creative Commons Attribution 3.0 Unported + GNU Lesser General Public License v3.0 or later - + - Mozilla Public License 2.0 + GNU Lesser General Public License v3.0 only - + - Unicode Terms of Use + GNU Lesser General Public License v3.0 or later - + - Creative Commons Attribution Non Commercial No Derivatives 1.0 Generic + Lesser General Public License For Linguistic Resources - + - Entessa Public License v1.0 + libpng License - + - BSD 3-Clause No Nuclear License + PNG Reference Library version 2 - + - Scheme Widget Library (SWL) Software License Agreement + libselinux public domain notice - + - GNU Free Documentation License v1.2 only - no invariants + libtiff License - + - The Parity Public License 7.0.0 + libutil David Nugent License - + - Open LDAP Public License v2.2.1 + Licence Libre du Québec – Permissive version 1.1 - + - SGI Free Software License B v1.1 + Licence Libre du Québec – Réciprocité version 1.1 - + - Freetype Project License + Licence Libre du Québec – Réciprocité forte version 1.1 - + - Open LDAP Public License v2.4 + Linux man-pages - 1 paragraph - + - Creative Commons Attribution Non Commercial 4.0 International + Linux man-pages Copyleft - + - bzip2 and libbzip2 License v1.0.6 + Linux man-pages Copyleft - 2 paragraphs - + - copyleft-next 0.3.0 + Linux man-pages Copyleft Variant - + - MakeIndex License + Linux Kernel Variant of OpenIB.org license - + - NRL License + Common Lisp LOOP License - + - GNU Free Documentation License v1.3 or later - invariants + Lucent Public License Version 1.0 - + + + Lucent Public License v1.02 + + + - Creative Commons Attribution Non Commercial 2.0 Generic + LaTeX Project Public License v1.0 - + - SugarCRM Public License v1.1.3 + LaTeX Project Public License v1.1 - + - Academic Free License v2.1 + LaTeX Project Public License v1.2 - + - GNU General Public License v2.0 only + LaTeX Project Public License v1.3a - + - GNU Free Documentation License v1.3 only - invariants + LaTeX Project Public License v1.3c - + - TORQUE v2.5+ Software License v1.1 + LZMA SDK License (versions 9.11 to 9.20) - + - Ruby License + LZMA SDK License (versions 9.22 and beyond) - + - X11 License + MakeIndex License - + - Borceux license + Martin Birgmeier License - + - libpng License + metamail License - + - X11 License Distribution Modification Variant + Minpack License - + - Frameworx Open License 1.0 + The MirOS Licence - + - Non-Commercial Government Licence + MIT License - + - CeCILL Free Software License Agreement v2.1 + MIT No Attribution - + - Creative Commons Attribution 3.0 Austria + Enlightenment License (e16) - + - CNRI Python License + CMU License - + - University of Illinois/NCSA Open Source License + enna License - + - gSOAP Public License v1.3b + feh License - + - European Union Public License 1.1 + MIT Festival Variant - + - AMD's plpa_map.c License + MIT License Modern Variant - + - Imlib2 License + MIT Open Group variant - + - Common Development and Distribution License 1.1 + MIT Tom Wu Variant - + - Do What The F*ck You Want To Public License + MIT +no-false-attribs license - + - Lucent Public License Version 1.0 + Motosoto License - + - Eclipse Public License 1.0 + mpi Permissive License - + - BSD with attribution + mpich2 License - + - Open Software License 3.0 + Mozilla Public License 1.0 - + - Red Hat eCos Public License v1.1 + Mozilla Public License 1.1 - + - PHP License v3.0 + Mozilla Public License 2.0 - + - BSD Protection License + Mozilla Public License 2.0 (no copyleft exception) - + - Creative Commons Attribution Non Commercial 3.0 Germany + mplus Font License - + - Adaptive Public License 1.0 + Microsoft Limited Public License - + - EU DataGrid Software License + Microsoft Public License - + - GNU General Public License v1.0 only + Microsoft Reciprocal License - + - Solderpad Hardware License v0.5 + Matrix Template Library License - + - Creative Commons Attribution Share Alike 2.0 Generic + Mulan Permissive Software License, Version 1 - + - Creative Commons Attribution Share Alike 3.0 Austria + Mulan Permissive Software License, Version 2 - + - Creative Commons Attribution Non Commercial Share Alike 3.0 IGO + Multics License - + - Adobe Systems Incorporated Source Code License Agreement + Mup License - + - Newsletr License + Nara Institute of Science and Technology License (2003) - + - Nunit License + NASA Open Source Agreement 1.3 - + - Multics License + Naumen Public License - + - Open Government Licence v1.0 + Net Boolean Public License v1 - + - Vim License + Non-Commercial Government Licence - + - eCos license version 2.0 + University of Illinois/NCSA Open Source License - + - Zimbra Public License v1.3 + Net-SNMP License - + - eGenix.com Public License 1.1.0 + NetCDF license - + - IBM PowerPC Initialization and Boot Software + Newsletr License - + - BitTorrent Open Source License v1.1 + Nethack General Public License - + - SIL Open Font License 1.1 with no Reserved Font Name + NICTA Public Software License, Version 1.0 - + - psfrag License + NIST Public Domain Notice - + - Creative Commons Attribution No Derivatives 2.0 Generic + NIST Public Domain Notice with license fallback - + - Solderpad Hardware License, Version 0.51 + NIST Software License - + - FreeBSD Documentation License + Norwegian Licence for Open Government Data (NLOD) 1.0 - + - Python License 2.0 + Norwegian Licence for Open Government Data (NLOD) 2.0 - + - Mup License + No Limit Public License - + - BSD 4 Clause Shortened + Nokia Open Source License - + - Creative Commons Attribution Non Commercial Share Alike 4.0 International + Netizen Open Source License - + - Historical Permission Notice and Disclaimer + Noweb License - + - Open LDAP Public License v2.6 + Netscape Public License v1.0 - + - Mozilla Public License 1.1 + Netscape Public License v1.1 - + - GNU General Public License v2.0 w/GCC Runtime Library exception + Non-Profit Open Software License 3.0 - + - Haskell Language Report License + NRL License - + - Educational Community License v1.0 + NTP License - + - GNU Lesser General Public License v2.1 or later + NTP No Attribution - + - SIL Open Font License 1.0 + Nunit License - + - Apple Public Source License 1.1 + Open Use of Data Agreement v1.0 - + - MIT +no-false-attribs license + Open CASCADE Technology Public License - + - CeCILL Free Software License Agreement v2.0 + OCLC Research Public License 2.0 - + - Crossword License + Open Data Commons Open Database License v1.0 - + - Aladdin Free Public License + Open Data Commons Attribution License v1.0 - + - Baekmuk License + OFFIS License - + - XFree86 License 1.1 + SIL Open Font License 1.0 - + - GNU General Public License v1.0 or later + SIL Open Font License 1.0 with no Reserved Font Name - + - CERN Open Hardware Licence Version 2 - Weakly Reciprocal + SIL Open Font License 1.0 with Reserved Font Name - + - Creative Commons Attribution Share Alike 1.0 Generic + SIL Open Font License 1.1 - + - NTP License + SIL Open Font License 1.1 with no Reserved Font Name - + - PHP License v3.01 + SIL Open Font License 1.1 with Reserved Font Name - + - OCLC Research Public License 2.0 + OGC Software License, Version 1.0 - + - Creative Commons Attribution 3.0 Germany + Taiwan Open Government Data License, version 1.0 - + - Creative Commons Attribution Non Commercial 2.5 Generic + Open Government Licence - Canada - + - zlib License + Open Government Licence v1.0 - + - Computer Associates Trusted Open Source License 1.1 + Open Government Licence v2.0 - + - GNU Lesser General Public License v3.0 or later + Open Government Licence v3.0 - + - Cryptographic Autonomy License 1.0 + Open Group Test Suite License - + - Netscape Public License v1.0 + Open LDAP Public License v1.1 - + - Standard ML of New Jersey License + Open LDAP Public License v1.2 - + - GNU General Public License v2.0 or later + Open LDAP Public License v1.3 - + - Open LDAP Public License v2.5 + Open LDAP Public License v1.4 - + - JasPer License + Open LDAP Public License v2.0 (or possibly 2.0A and 2.0B) - + - GNU General Public License v2.0 or later + Open LDAP Public License v2.0.1 - + - BSD-2-Clause Plus Patent License + Open LDAP Public License v2.1 - + - Microsoft Reciprocal License + Open LDAP Public License v2.2 - + - CUA Office Public License v1.0 + Open LDAP Public License v2.2.1 - + - IPA Font License + Open LDAP Public License 2.2.2 - + - No Limit Public License + Open LDAP Public License v2.3 - + - Open Use of Data Agreement v1.0 + Open LDAP Public License v2.4 - + - MIT License Modern Variant + Open LDAP Public License v2.5 - + - Open LDAP Public License v1.2 + Open LDAP Public License v2.6 - + - BSD 2-Clause FreeBSD License + Open LDAP Public License v2.7 - + - Info-ZIP License + Open LDAP Public License v2.8 - + - Creative Commons Attribution-NonCommercial-ShareAlike 2.0 France + Open Logistics Foundation License Version 1.3 - + - BSD Zero Clause License + Open Market License - + - Unicode License Agreement - Data Files and Software (2016) + OpenPBS v2.3 Software License - + - SIL Open Font License 1.0 with Reserved Font Name + OpenSSL License - + - Intel Open Source License + Open Public License v1.0 - + - Academic Free License v2.0 + United Kingdom Open Parliament Licence v3.0 - + - GL2PS License + Open Publication License v1.0 - + - TAPR Open Hardware License v1.0 + OSET Public License version 2.1 - + - Apache License 1.0 + Open Software License 1.0 - + - Matrix Template Library License + Open Software License 1.1 - + - Motosoto License + Open Software License 2.0 - + - RSA Message-Digest License + Open Software License 2.1 - + - Community Specification License 1.0 + Open Software License 3.0 - + - Open Data Commons Attribution License v1.0 + The Parity Public License 6.0.0 - + - zlib/libpng License with Acknowledgement + The Parity Public License 7.0.0 - + - Data licence Germany – attribution – version 2.0 + Open Data Commons Public Domain Dedication & License 1.0 - + - Vovida Software License v1.0 + PHP License v3.0 - + - Licence Libre du Québec – Réciprocité version 1.1 + PHP License v3.01 - + - Open Public License v1.0 + Plexus Classworlds License - + - GNU General Public License v3.0 or later + PolyForm Noncommercial License 1.0.0 - + - Mulan Permissive Software License, Version 2 + PolyForm Small Business License 1.0.0 - + - Apple Public Source License 1.2 + PostgreSQL License - + - Taiwan Open Government Data License, version 1.0 + Python Software Foundation License 2.0 - + - Ricoh Source Code Public License + psfrag License - + - OGC Software License, Version 1.0 + psutils License - + - Eiffel Forum License v2.0 + Python License 2.0 - + - Cryptographic Autonomy License 1.0 (Combined Work Exception) + Python License 2.0.1 - + - Microsoft Public License + Qhull License - + - Plexus Classworlds License + Q Public License 1.0 - + - Sendmail License 8.23 + Q Public License 1.0 - INRIA 2004 variant - + - Cube License + Rdisc License - + - JSON License + Red Hat eCos Public License v1.1 - + - European Union Public License 1.2 + Reciprocal Public License 1.1 - + - Adobe Glyph List License + Reciprocal Public License 1.5 - + - FreeImage Public License v1.0 + RealNetworks Public Source License v1.0 - + - Sybase Open Watcom Public License 1.0 + RSA Message-Digest License - + - Jam License + Ricoh Source Code Public License - + - Hippocratic License 2.1 + Ruby License - + - Open LDAP Public License v2.0.1 + Sax Public Domain Notice - + - Creative Commons Attribution Non Commercial Share Alike 2.0 Generic + Saxpath License - + - Nokia Open Source License + SCEA Shared Source License - + - Open CASCADE Technology Public License + Scheme Language Report License - + - Erlang Public License v1.1 + Sendmail License - + - Trusster Open Source License + Sendmail License 8.23 - + - Open Software License 2.1 + SGI Free Software License B v1.0 - + - Clarified Artistic License + SGI Free Software License B v1.1 - + - xinetd License + SGI Free Software License B v2.0 - + - GNU General Public License v3.0 w/GCC Runtime Library exception + SGP4 Permission Notice - + - Open Data Commons Open Database License v1.0 + Solderpad Hardware License v0.5 - + - MIT License + Solderpad Hardware License, Version 0.51 - + - GNU Library General Public License v2.1 or later + Simple Public License 2.0 - + - GNU Lesser General Public License v2.1 only + Sun Industry Standards Source License v1.1 - + - CrystalStacker License + Sun Industry Standards Source License v1.2 - + - Educational Community License v2.0 + Sleepycat License - + - LaTeX Project Public License v1.0 + Standard ML of New Jersey License - + - iMatix Standard Function Library Agreement + Secure Messaging Protocol Public License - + - Creative Commons Attribution Non Commercial No Derivatives 3.0 IGO + SNIA Public License 1.1 - + - BSD Source Code Attribution + snprintf License - + - The Parity Public License 6.0.0 + Spencer License 86 - + - TCL/TK License + Spencer License 94 - + - Arphic Public License + Spencer License 99 - + - Creative Commons Attribution Share Alike 3.0 Unported + Sun Public License v1.0 - + - Caldera License + SSH OpenSSH license - + - Affero General Public License v1.0 + SSH short notice - + - IBM Public License v1.0 + Server Side Public License, v 1 - + - Licence Art Libre 1.3 + Standard ML of New Jersey License - + - EPICS Open License + SugarCRM Public License v1.1.3 - + - Nethack General Public License + SunPro License - + - Detection Rule License 1.0 + Scheme Widget Library (SWL) Software License Agreement - + - BSD 2-Clause NetBSD License + Symlinks License - + - Zope Public License 1.1 + TAPR Open Hardware License v1.0 - + - GD License + TCL/TK License - + - LaTeX Project Public License v1.2 + TCP Wrappers License - + - Dotseqn License + TermReadKey License - + - Spencer License 99 + TMate Open Source License - + - Open LDAP Public License v2.3 + TORQUE v2.5+ Software License v1.1 - + - Yahoo! Public License v1.1 + Trusster Open Source License - + - Fair License + Time::ParseDate License - + - Qhull License + THOR Public License 1.0 - + - GNU Free Documentation License v1.1 or later - no invariants + Text-Tabs+Wrap License - + - CeCILL-C Free Software License Agreement + Technische Universitaet Berlin License 1.0 - + - Mulan Permissive Software License, Version 1 + Technische Universitaet Berlin License 2.0 - + - Open LDAP Public License v1.1 + UCAR License - + - Open LDAP Public License v2.1 + Upstream Compatibility License v1.0 - + - Lucent Public License v1.02 + Unicode License Agreement - Data Files and Software (2015) - + - Universal Permissive License v1.0 + Unicode License Agreement - Data Files and Software (2016) - + - Abstyles License + Unicode Terms of Use - + - Zope Public License 2.0 + UnixCrypt License - + - MIT No Attribution + The Unlicense - + - GNU Library General Public License v2 only + Universal Permissive License v1.0 - + - GNU Free Documentation License v1.3 only - no invariants + Vim License - + - GNU Affero General Public License v3.0 + VOSTROM Public License for Open Source - + - Eclipse Public License 2.0 + Vovida Software License v1.0 - + - Academic Free License v3.0 + W3C Software Notice and License (2002-12-31) - + - Community Data License Agreement Permissive 1.0 + W3C Software Notice and License (1998-07-20) - + - Artistic License 1.0 + W3C Software Notice and Document License (2015-05-13) - + - Creative Commons Attribution Non Commercial No Derivatives 4.0 International + w3m License - + - HTML Tidy License + Sybase Open Watcom Public License 1.0 - + - 3dfx Glide License + Widget Workshop License - + - FSF All Permissive License + Wsuipa License - + - Lesser General Public License For Linguistic Resources + Do What The F*ck You Want To Public License - + - Open Government Licence v3.0 + wxWindows Library License - + - GNU Free Documentation License v1.2 + X11 License - + - SSH OpenSSH license + X11 License Distribution Modification Variant - + - GNU Free Documentation License v1.1 only + Xdebug License v 1.03 - + - feh License + Xerox License - + - Mozilla Public License 1.0 + Xfig License - + - PostgreSQL License + XFree86 License 1.1 - + - Open LDAP Public License 2.2.2 + xinetd License - + - Secure Messaging Protocol Public License + xlock License - + - SIL Open Font License 1.1 + X.Net License - + - Leptonica License + XPP License - + - CERN Open Hardware Licence v1.1 + XSkat License - + - BSD 3-Clause No Nuclear Warranty + Yahoo! Public License v1.0 - + - Creative Commons Attribution No Derivatives 2.5 Generic + Yahoo! Public License v1.1 - + - Creative Commons Attribution 1.0 Generic + Zed License - + - GNU Free Documentation License v1.2 only + Zend License v2.0 - + - Open Publication License v1.0 + Zimbra Public License v1.3 - + - libselinux public domain notice + Zimbra Public License v1.4 - + - BSD 3-Clause "New" or "Revised" License + zlib License - + - ANTLR Software Rights Notice with license fallback + zlib/libpng License with Acknowledgement - + - copyleft-next 0.3.1 + Zope Public License 1.1 - + - GNU General Public License v1.0 or later + Zope Public License 2.0 - + - wxWindows Library License + Zope Public License 2.1 - + + - GNU Lesser General Public License v3.0 only + 389 Directory Server Exception - + - GNU Lesser General Public License v2.1 only + Asterisk exception - + - Standard ML of New Jersey License + Autoconf exception 2.0 - + - BSD 4-Clause "Original" or "Old" License + Autoconf exception 3.0 - + - GNU General Public License v2.0 w/Bison exception + Autoconf generic exception - + - Apache License 2.0 + Autoconf macro exception - + - Artistic License 1.0 w/clause 8 + Bison exception 2.2 - + - GNU General Public License v2.0 only + Bootloader Distribution Exception - + - Intel ACPI Software License Agreement + Classpath exception 2.0 - + - Boost Software License 1.0 + CLISP exception 2.0 - + - Artistic License 1.0 (Perl) + cryptsetup OpenSSL exception - + - BSD 2-Clause with views sentence + DigiRule FOSS License Exception - + - Interbase Public License v1.0 + eCos exception 2.0 - + - Non-Profit Open Software License 3.0 + Fawkes Runtime Exception - FLTK exception - + - Bootloader Distribution Exception + Font exception 2.0 - + - WxWindows Library Exception 3.1 + FreeRTOS Exception 2.0 - + - Linux Syscall Note + GCC Runtime Library exception 2.0 - + - Qt LGPL exception 1.1 + GCC Runtime Library exception 3.1 - + - LLVM Exception + GNAT exception - + - PS/PDF font exception (2017-08-17) + GNU JavaMail exception - + - GCC Runtime Library exception 3.1 + GPL-3.0 Interface Exception - + - Autoconf exception 3.0 + GPL-3.0 Linking Exception - + - LGPL-3.0 Linking Exception + GPL-3.0 Linking Exception (with Corresponding Source) - + - GCC Runtime Library exception 2.0 + GPL Cooperation Commitment 1.0 - + - Bison exception 2.2 + GStreamer Exception (2005) - + - OpenVPN OpenSSL Exception + GStreamer Exception (2008) - + - Libtool Exception + i2p GPL+Java Exception - + - Autoconf exception 2.0 + KiCad Libraries Exception - + - GPL-3.0 Linking Exception (with Corresponding Source) + LGPL-3.0 Linking Exception - + - GPL Cooperation Commitment 1.0 + libpri OpenH323 exception - + - OCaml LGPL Linking Exception + Libtool Exception - + - Universal FOSS Exception, Version 1.0 + Linux Syscall Note - + - i2p GPL+Java Exception + LLGPL Preamble - + - CLISP exception 2.0 + LLVM Exception - + - Open CASCADE Exception 1.0 + LZMA exception - + - Qwt exception 1.0 + Macros and Inline Functions Exception - + - GNU JavaMail exception + Nokia Qt LGPL exception 1.1 - + - U-Boot exception 2.0 + OCaml LGPL Linking Exception - + - FreeRTOS Exception 2.0 + Open CASCADE Exception 1.0 - + - Qt GPL exception 1.0 + OpenJDK Assembly exception 1.0 - + - OpenJDK Assembly exception 1.0 + OpenVPN OpenSSL Exception - + - Solderpad Hardware License v2.1 + PS/PDF font exception (2017-08-17) - + - Macros and Inline Functions Exception + INRIA QPL 1.0 2004 variant exception - + - Fawkes Runtime Exception + Qt GPL exception 1.0 - + - Swift Exception + Qt LGPL exception 1.1 - + - GPL-3.0 Linking Exception + Qwt exception 1.0 @@ -2623,39 +3033,44 @@ Solderpad Hardware License v2.0 - + - Classpath exception 2.0 + Solderpad Hardware License v2.1 - + - LZMA exception + SWI exception - + - Font exception 2.0 + Swift Exception - + - Nokia Qt LGPL exception 1.1 + U-Boot exception 2.0 - + - DigiRule FOSS License Exception + Universal FOSS Exception, Version 1.0 - + - eCos exception 2.0 + vsftpd OpenSSL exception - + - 389 Directory Server Exception + WxWindows Library Exception 3.1 + + + + + x11vnc OpenSSL Exception From b7a34fb74eff742b83685f3403edf462765cecf7 Mon Sep 17 00:00:00 2001 From: Steve Springett Date: Tue, 27 Jun 2023 11:47:31 -0500 Subject: [PATCH 25/40] Version bump. Added 1.5 component types --- pom.xml | 2 +- src/main/java/org/cyclonedx/model/Component.java | 10 +++++++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/pom.xml b/pom.xml index 9cfaf6f08..aba9cab8a 100644 --- a/pom.xml +++ b/pom.xml @@ -23,7 +23,7 @@ org.cyclonedx cyclonedx-core-java jar - 7.3.3-SNAPSHOT + 7.4.0-SNAPSHOT CycloneDX Core (Java) The CycloneDX core module provides a model representation of the BOM along with utilities to assist in creating, parsing, and validating BOMs. diff --git a/src/main/java/org/cyclonedx/model/Component.java b/src/main/java/org/cyclonedx/model/Component.java index afa62ebc5..18adf3ebc 100644 --- a/src/main/java/org/cyclonedx/model/Component.java +++ b/src/main/java/org/cyclonedx/model/Component.java @@ -72,14 +72,22 @@ public enum Type { LIBRARY("library"), @JsonProperty("container") CONTAINER("container"), + @JsonProperty("platform") + PLATFORM("platform"), @JsonProperty("operating-system") OPERATING_SYSTEM("operating-system"), @JsonProperty("device") DEVICE("device"), + @JsonProperty("device-driver") + DEVICE_DRIVER("device-driver"), @JsonProperty("firmware") FIRMWARE("firmware"), @JsonProperty("file") - FILE("file"); + FILE("file"), + @JsonProperty("machine-learning-model") + MACHINE_LEARNING_MODEL("machine-learning-model"), + @JsonProperty("data") + DATA("data"); private final String name; From 26f68aba0a0fe1d06ac96b2b9fa8730dfd43ec0e Mon Sep 17 00:00:00 2001 From: Steve Springett Date: Tue, 27 Jun 2023 12:47:55 -0500 Subject: [PATCH 26/40] Synchronized test cases from specification repo --- .../1.5/invalid-component-ref-1.5.json | 6 + .../1.5/invalid-component-ref-1.5.xml | 6 + .../resources/1.5/invalid-dependency-1.5.json | 6 + .../resources/1.5/invalid-dependency-1.5.xml | 12 +- .../resources/1.5/valid-annotation-1.5.json | 2 +- .../1.5/valid-annotation-1.5.textproto | 94 +++++ .../resources/1.5/valid-annotation-1.5.xml | 87 +++++ src/test/resources/1.5/valid-bom-1.5.json | 8 +- .../resources/1.5/valid-compositions-1.5.json | 16 + .../1.5/valid-compositions-1.5.textproto | 12 + .../resources/1.5/valid-compositions-1.5.xml | 16 +- .../resources/1.5/valid-evidence-1.5.json | 57 +++ .../1.5/valid-evidence-1.5.textproto | 60 ++++ src/test/resources/1.5/valid-evidence-1.5.xml | 57 +++ .../resources/1.5/valid-formulation-1.5.json | 294 +++++++++++++++ .../1.5/valid-formulation-1.5.textproto | 336 ++++++++++++++++++ .../resources/1.5/valid-formulation-1.5.xml | 251 +++++++++++++ .../1.5/valid-license-expression-1.5.json | 3 +- .../1.5/valid-license-expression-1.5.xml | 4 +- .../resources/1.5/valid-license-id-1.5.json | 3 +- .../resources/1.5/valid-license-id-1.5.xml | 2 +- .../1.5/valid-license-licensing-1.5.json | 6 +- .../1.5/valid-license-licensing-1.5.textproto | 51 +++ .../1.5/valid-license-licensing-1.5.xml | 2 +- .../resources/1.5/valid-license-name-1.5.json | 3 +- .../resources/1.5/valid-license-name-1.5.xml | 2 +- .../1.5/valid-machine-learning-1.5.json | 92 +++++ .../1.5/valid-machine-learning-1.5.textproto | 63 ++++ .../1.5/valid-machine-learning-1.5.xml | 92 +++++ .../1.5/valid-metadata-lifecycle-1.5.json | 2 +- .../valid-metadata-lifecycle-1.5.textproto | 17 + .../1.5/valid-metadata-manufacture-1.5.json | 2 + .../valid-metadata-manufacture-1.5.textproto | 2 + .../1.5/valid-metadata-manufacture-1.5.xml | 4 +- .../1.5/valid-metadata-supplier-1.5.json | 2 + .../1.5/valid-metadata-supplier-1.5.textproto | 2 + .../1.5/valid-metadata-supplier-1.5.xml | 4 +- .../1.5/valid-metadata-tool-1.5.json | 53 ++- .../1.5/valid-metadata-tool-1.5.textproto | 37 +- .../resources/1.5/valid-metadata-tool-1.5.xml | 36 +- .../valid-metadata-tool-deprecated-1.5.json | 26 ++ ...lid-metadata-tool-deprecated-1.5.textproto | 18 + .../valid-metadata-tool-deprecated-1.5.xml | 17 + .../resources/1.5/valid-properties-1.5.json | 25 ++ .../1.5/valid-properties-1.5.textproto | 21 ++ .../resources/1.5/valid-properties-1.5.xml | 11 + .../1.5/valid-release-notes-1.5.json | 2 +- src/test/resources/1.5/valid-saasbom-1.5.json | 303 ++++++++++++++++ .../resources/1.5/valid-saasbom-1.5.textproto | 204 +++++++++++ src/test/resources/1.5/valid-saasbom-1.5.xml | 239 +++++++++++++ src/test/resources/1.5/valid-service-1.5.json | 2 +- .../1.5/valid-vulnerability-1.5.json | 57 ++- .../1.5/valid-vulnerability-1.5.textproto | 56 ++- .../resources/1.5/valid-vulnerability-1.5.xml | 40 ++- 54 files changed, 2735 insertions(+), 90 deletions(-) create mode 100644 src/test/resources/1.5/valid-annotation-1.5.textproto create mode 100644 src/test/resources/1.5/valid-annotation-1.5.xml create mode 100644 src/test/resources/1.5/valid-formulation-1.5.json create mode 100644 src/test/resources/1.5/valid-formulation-1.5.textproto create mode 100644 src/test/resources/1.5/valid-formulation-1.5.xml create mode 100644 src/test/resources/1.5/valid-license-licensing-1.5.textproto create mode 100644 src/test/resources/1.5/valid-machine-learning-1.5.json create mode 100644 src/test/resources/1.5/valid-machine-learning-1.5.textproto create mode 100644 src/test/resources/1.5/valid-machine-learning-1.5.xml create mode 100644 src/test/resources/1.5/valid-metadata-lifecycle-1.5.textproto create mode 100644 src/test/resources/1.5/valid-metadata-tool-deprecated-1.5.json create mode 100644 src/test/resources/1.5/valid-metadata-tool-deprecated-1.5.textproto create mode 100644 src/test/resources/1.5/valid-metadata-tool-deprecated-1.5.xml create mode 100644 src/test/resources/1.5/valid-saasbom-1.5.json create mode 100644 src/test/resources/1.5/valid-saasbom-1.5.textproto create mode 100644 src/test/resources/1.5/valid-saasbom-1.5.xml diff --git a/src/test/resources/1.5/invalid-component-ref-1.5.json b/src/test/resources/1.5/invalid-component-ref-1.5.json index c00f57d1b..ed13f526b 100644 --- a/src/test/resources/1.5/invalid-component-ref-1.5.json +++ b/src/test/resources/1.5/invalid-component-ref-1.5.json @@ -15,6 +15,12 @@ "bom-ref": "123", "name": "acme-library", "version": "1.0.0" + }, + { + "type": "library", + "bom-ref": "", + "name": "acme-library", + "version": "1.0.0" } ] } diff --git a/src/test/resources/1.5/invalid-component-ref-1.5.xml b/src/test/resources/1.5/invalid-component-ref-1.5.xml index cb83d8fce..5c42a883c 100644 --- a/src/test/resources/1.5/invalid-component-ref-1.5.xml +++ b/src/test/resources/1.5/invalid-component-ref-1.5.xml @@ -6,6 +6,12 @@ 1.0.0 + + acme-library + 1.0.0 + + + acme-library 1.0.0 diff --git a/src/test/resources/1.5/invalid-dependency-1.5.json b/src/test/resources/1.5/invalid-dependency-1.5.json index 8b46f0d0a..f4f524527 100644 --- a/src/test/resources/1.5/invalid-dependency-1.5.json +++ b/src/test/resources/1.5/invalid-dependency-1.5.json @@ -27,6 +27,12 @@ { "dependsOn": [] }, + { + "ref": "", + "dependsOn": [ + "library-a" + ] + }, { "ref": "library-b", "dependsOn": [ diff --git a/src/test/resources/1.5/invalid-dependency-1.5.xml b/src/test/resources/1.5/invalid-dependency-1.5.xml index 363956aac..f36722e59 100644 --- a/src/test/resources/1.5/invalid-dependency-1.5.xml +++ b/src/test/resources/1.5/invalid-dependency-1.5.xml @@ -15,9 +15,17 @@ - + + + + + + + - + + + diff --git a/src/test/resources/1.5/valid-annotation-1.5.json b/src/test/resources/1.5/valid-annotation-1.5.json index e2f3085aa..a8e4b6e53 100644 --- a/src/test/resources/1.5/valid-annotation-1.5.json +++ b/src/test/resources/1.5/valid-annotation-1.5.json @@ -99,4 +99,4 @@ "text": "This is a sample annotation made by a service" } ] -} \ No newline at end of file +} diff --git a/src/test/resources/1.5/valid-annotation-1.5.textproto b/src/test/resources/1.5/valid-annotation-1.5.textproto new file mode 100644 index 000000000..30a2d163b --- /dev/null +++ b/src/test/resources/1.5/valid-annotation-1.5.textproto @@ -0,0 +1,94 @@ +spec_version: "1.5" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +components { + type: CLASSIFICATION_LIBRARY + bom_ref: "component-a" + name: "Component A" + version: "1.0.0" +} +annotations { + bom_ref: "annotation-1" + subjects: "component-a" + annotator: { + organization: { + name: "Acme, Inc." + url: "https://example.com" + contact { + name: "Acme Professional Services" + email: "professional.services@example.com" + } + } + } + timestamp { + seconds: 3173618478 + nanos: 3 + } + text: "This is a sample annotation made by an organization" +} +annotations { + bom_ref: "annotation-2" + subjects: "component-a" + annotator: { + individual { + name: "Samantha Wright" + email: "samantha.wright@example.com" + phone: "800-555-1212" + } + } + timestamp { + seconds: 3173618478 + nanos: 3 + } + text: "This is a sample annotation made by an person" +} +annotations { + bom_ref: "annotation-3" + subjects: "component-a" + annotator: { + component { + type: CLASSIFICATION_APPLICATION + name: "Awesome Tool" + version: "9.1.2" + } + } + timestamp { + seconds: 3173618478 + nanos: 3 + } + text: "This is a sample annotation made by a component" +} +annotations { + bom_ref: "annotation-4" + subjects: "component-a" + annotator: { + service { + bom_ref: "b2a46a4b-8367-4bae-9820-95557cfe03a8" + provider { + name: "Partner Org" + url: "https://partner.org" + contact { + name: "Support" + email: "support@partner" + phone: "800-555-1212" + } + } + group: "org.partner" + name: "BOM Annotation Service" + version: "2020-Q2" + endpoints: "https://partner.org/api/v1/inspect" + endpoints: "https://partner.org/api/v1/annotate" + authenticated: true + x_trust_boundary: true + data { + flow: DATA_FLOW_BI_DIRECTIONAL + value: "public" + } + } + } + timestamp { + seconds: 3173618478 + nanos: 3 + } + text: "This is a sample annotation made by a service" +} diff --git a/src/test/resources/1.5/valid-annotation-1.5.xml b/src/test/resources/1.5/valid-annotation-1.5.xml new file mode 100644 index 000000000..dfbceb17b --- /dev/null +++ b/src/test/resources/1.5/valid-annotation-1.5.xml @@ -0,0 +1,87 @@ + + + + + Component A + 1.0.0 + + + + + + + + + + Acme, Inc. + https://example.com + + Acme Professional Services + professional.services@example.com + + + + 2020-04-07T07:01:00Z + This is a sample annotation made by an organization + + + + + + + + Samantha Wright + samantha.wright@example.com + 800-555-1212 + + + 2020-04-07T07:01:00Z + This is a sample annotation made by an person + + + + + + + + Awesome Tool + 9.1.2 + + + 2020-04-07T07:01:00Z + This is a sample annotation made by a component + + + + + + + + + Partner Org + https://partner.org + + Support + support@partner + 800-555-1212 + + + org.partner + BOM Annotation Service + 2020-Q2 + + https://partner.org/api/v1/inspect + https://partner.org/api/v1/annotate + + true + true + + pubic + + + + 2020-04-07T07:01:00Z + This is a sample annotation made by a service + + + diff --git a/src/test/resources/1.5/valid-bom-1.5.json b/src/test/resources/1.5/valid-bom-1.5.json index c0f3b17ef..3bdbeaa13 100644 --- a/src/test/resources/1.5/valid-bom-1.5.json +++ b/src/test/resources/1.5/valid-bom-1.5.json @@ -129,12 +129,12 @@ ], "commits": [ { - "uid": "123", - "url": "", + "uid": "7638417db6d59f3c431d3e1f261cc637155684cd", + "url": "https://location/to/7638417db6d59f3c431d3e1f261cc637155684cd", "author": { "timestamp": "2018-11-13T20:20:39+00:00", - "name": "", - "email": "" + "name": "me", + "email": "me@acme.org" } } ] diff --git a/src/test/resources/1.5/valid-compositions-1.5.json b/src/test/resources/1.5/valid-compositions-1.5.json index 551834e03..11c8a0012 100644 --- a/src/test/resources/1.5/valid-compositions-1.5.json +++ b/src/test/resources/1.5/valid-compositions-1.5.json @@ -44,8 +44,18 @@ ] } ], + "vulnerabilities": [ + { + "bom-ref": "vulnerability-1", + "id": "ACME-12345", + "source": { + "name": "Acme Inc" + } + } + ], "compositions": [ { + "bom-ref": "composition-1", "aggregate": "complete", "assemblies": [ "pkg:maven/partner/shaded-library@1.0" @@ -59,6 +69,12 @@ "assemblies": [ "pkg:maven/acme/library@3.0" ] + }, + { + "aggregate": "incomplete_first_party_only", + "vulnerabilities": [ + "vulnerability-1" + ] } ] } diff --git a/src/test/resources/1.5/valid-compositions-1.5.textproto b/src/test/resources/1.5/valid-compositions-1.5.textproto index d29b94fe5..bc542cf41 100644 --- a/src/test/resources/1.5/valid-compositions-1.5.textproto +++ b/src/test/resources/1.5/valid-compositions-1.5.textproto @@ -39,6 +39,7 @@ dependencies { } } compositions { + bom_ref: "composition-1" aggregate: AGGREGATE_COMPLETE assemblies: "pkg:maven/partner/shaded-library@1.0" dependencies: "acme-application-1.0" @@ -47,3 +48,14 @@ compositions { aggregate: AGGREGATE_UNKNOWN assemblies: "pkg:maven/acme/library@3.0" } +compositions { + aggregate: AGGREGATE_INCOMPLETE_FIRST_PARTY_ONLY, + vulnerabilities: "vulnerability-1" +} +vulnerabilities { + bom_ref: "vulnerability-1" + id: "ACME-12345" + source: { + name: "Acme Inc" + } +} diff --git a/src/test/resources/1.5/valid-compositions-1.5.xml b/src/test/resources/1.5/valid-compositions-1.5.xml index 82c16c553..992048784 100644 --- a/src/test/resources/1.5/valid-compositions-1.5.xml +++ b/src/test/resources/1.5/valid-compositions-1.5.xml @@ -32,7 +32,7 @@ - + complete @@ -47,5 +47,19 @@ + + incomplete_first_party_only + + + + + + + ACME-12345 + + Acme Inc + + + diff --git a/src/test/resources/1.5/valid-evidence-1.5.json b/src/test/resources/1.5/valid-evidence-1.5.json index 8c44a9af4..92740237c 100644 --- a/src/test/resources/1.5/valid-evidence-1.5.json +++ b/src/test/resources/1.5/valid-evidence-1.5.json @@ -19,6 +19,63 @@ ], "purl": "pkg:maven/com.google.code.findbugs/findbugs-project@3.0.0", "evidence": { + "identity": { + "field": "purl", + "confidence": 1, + "methods": [ + { + "technique": "filename", + "confidence": 0.1, + "value": "findbugs-project-3.0.0.jar" + }, + { + "technique": "ast-fingerprint", + "confidence": 0.9, + "value": "61e4bc08251761c3a73b606b9110a65899cb7d44f3b14c81ebc1e67c98e1d9ab" + }, + { + "technique": "hash-comparison", + "confidence": 0.7, + "value": "7c547a9d67cc7bc315c93b6e2ff8e4b6b41ae5be454ac249655ecb5ca2a85abf" + } + ], + "tools": [ + "bom-ref-of-tool-that-performed-analysis" + ] + }, + "occurrences": [ + { + "bom-ref": "d6bf237e-4e11-4713-9f62-56d18d5e2079", + "location": "/path/to/component" + }, + { + "bom-ref": "b574d5d1-e3cf-4dcd-9ba5-f3507eb1b175", + "location": "/another/path/to/component" + } + ], + "callstack": { + "frames": [ + { + + "package": "com.apache.logging.log4j.core", + "module": "Logger.class", + "function": "logMessage", + "parameters": [ + "com.acme.HelloWorld", "Level.INFO", "null", "Hello World" + ], + "line": 150, + "column": 17, + "fullFilename": "/path/to/log4j-core-2.14.0.jar!/org/apache/logging/log4j/core/Logger.class" + }, + { + "module": "HelloWorld.class", + "function": "main", + "line": 20, + "column": 12, + "fullFilename": "/path/to/HelloWorld.class" + } + ] + }, "licenses": [ { "license": { diff --git a/src/test/resources/1.5/valid-evidence-1.5.textproto b/src/test/resources/1.5/valid-evidence-1.5.textproto index c83ad8960..663f66df5 100644 --- a/src/test/resources/1.5/valid-evidence-1.5.textproto +++ b/src/test/resources/1.5/valid-evidence-1.5.textproto @@ -1,3 +1,6 @@ +# proto-file: bom-1.5.proto +# proto-message: Bom + spec_version: "1.5" version: 1 serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" @@ -14,6 +17,63 @@ components { } purl: "pkg:maven/com.google.code.findbugs/findbugs-project@3.0.0" evidence { + identity: { + field: EVIDENCE_FIELD_PURL, + confidence: 1, + methods: [ + { + technique: EVIDENCE_TECHNIQUE_FILENAME, + confidence: 0.1, + value: "findbugs-project-3.0.0.jar" + }, + { + technique: EVIDENCE_TECHNIQUE_AST_FINGERPRINT + confidence: 0.9, + value: "61e4bc08251761c3a73b606b9110a65899cb7d44f3b14c81ebc1e67c98e1d9ab" + }, + { + technique: EVIDENCE_TECHNIQUE_HASH_COMPARISON + confidence: 0.7, + value: "7c547a9d67cc7bc315c93b6e2ff8e4b6b41ae5be454ac249655ecb5ca2a85abf" + } + ], + tools: [ + "bom-ref-of-tool-that-performed-analysis", + "bom-ref-of-tool-that-performed-analysis" + ] + }, + occurrences: [ + { + bom_ref: "d6bf237e-4e11-4713-9f62-56d18d5e2079" + location: "/path/to/component" + }, + { + bom_ref: "b574d5d1-e3cf-4dcd-9ba5-f3507eb1b175" + location: "/another/path/to/component" + } + ], + callstack: { + frames: [ + { + package: "com.apache.logging.log4j.core" + module: "Logger.class" + function: "logMessage" + parameters: [ + "com.acme.HelloWorld", "Level.INFO", "null", "Hello World" + ], + line: 150 + column: 17 + fullFilename: "/path/to/log4j-core-2.14.0.jar!/org/apache/logging/log4j/core/Logger.class" + }, + { + module: "HelloWorld.class" + function: "main" + line: 20 + column: 12 + fullFilename: "/path/to/HelloWorld.class" + } + ] + }, licenses { license { id: "Apache-2.0" diff --git a/src/test/resources/1.5/valid-evidence-1.5.xml b/src/test/resources/1.5/valid-evidence-1.5.xml index e51286b8e..9dd512769 100644 --- a/src/test/resources/1.5/valid-evidence-1.5.xml +++ b/src/test/resources/1.5/valid-evidence-1.5.xml @@ -13,6 +13,63 @@ pkg:maven/com.google.code.findbugs/findbugs-project@3.0.0 + + purl + 1 + + + filename + 0.1 + findbugs-project-3.0.0.jar + + + ast-fingerprint + 0.9 + 61e4bc08251761c3a73b606b9110a65899cb7d44f3b14c81ebc1e67c98e1d9ab + + + hash-comparison + 0.7 + 7c547a9d67cc7bc315c93b6e2ff8e4b6b41ae5be454ac249655ecb5ca2a85abf + + + + + + + + + /path/to/component + + + /another/path/to/component + + + + + + com.apache.logging.log4j.core + Logger.class + logMessage + + com.acme.HelloWorld + Level.INFO + null + Hello World + + 150 + 17 + /path/to/log4j-core-2.14.0.jar!/org/apache/logging/log4j/core/Logger.class + + + HelloWorld.class + main + 20 + 12 + /path/to/HelloWorld.class + + + Apache-2.0 diff --git a/src/test/resources/1.5/valid-formulation-1.5.json b/src/test/resources/1.5/valid-formulation-1.5.json new file mode 100644 index 000000000..9f9490a1e --- /dev/null +++ b/src/test/resources/1.5/valid-formulation-1.5.json @@ -0,0 +1,294 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "type": "library", + "publisher": "Acme Inc", + "group": "org.example", + "name": "mylibrary", + "version": "1.0.0" + } + ], + "formulation": [ + { + "bom-ref": "formula-1", + "components": [ + { + "bom-ref": "component-1", + "type": "platform", + "name": "Pipeline controller image", + "version": "v0.47.0" + } + ], + "workflows": [ + { + "bom-ref": "workflow-1", + "uid": "8edb2b08-e2c7-11ed-b5ea-0242ac120002", + "name": "My workflow", + "description": "Workflow description here", + "resourceReferences": [ + { + "ref": "component-a" + } + ], + "tasks": [ + { + "bom-ref": "task-1", + "uid": "task-uid-1", + "name": "fetch-repository", + "description": "Description here", + "resourceReferences": [ + { + "ref": "component-a" + } + ], + "taskTypes": [ "clone", "build" ], + "trigger": { + "bom-ref": "trigger-1", + "uid": "trigger-1", + "type": "api" + }, + "steps": [ + { + "name": "My step" + } + ], + "inputs": [ + { + "resource": { + "ref": "component-a" + } + } + ], + "outputs": [ + { + "resource": { + "ref": "component-b" + } + } + ], + "timeStart": "2023-01-01T00:00:00+00:00", + "timeEnd": "2023-01-01T00:00:00+00:00", + "workspaces": [ + { + "bom-ref": "workspace-1", + "uid": "workspace-uid-1", + "name": "workspace" + } + ], + "runtimeTopology": [ + { + "ref": "task-1", + "dependsOn": [ "task-2" ] + } + ] + } + ], + "taskDependencies": [ + { + "ref": "task-1", + "dependsOn": ["task-2"] + } + ], + "taskTypes": [ "clone", "build" ], + "trigger": { + "bom-ref": "trigger-2", + "uid": "trigger-uid-2", + "name": "My trigger", + "description": "Description here", + "resourceReferences": [ + { + "ref": "component-a" + } + ], + "type": "api", + "event": { + "uid": "event-1", + "description": "Description here", + "timeReceived": "2023-01-01T00:00:00+00:00", + "data": { + "contentType": "text/plain", + "content": "Foo/Bar" + }, + "source": { + "ref": "component-g" + }, + "target": { + "ref": "component-h" + }, + "properties": [ + { + "name": "Foo", + "value": "Bar" + } + ] + }, + "conditions": [ + { + "description": "Description here", + "expression": "1 == 1", + "properties": [ + { + "name": "Foo", + "value": "Bar" + } + ] + } + ], + "timeActivated": "2023-01-01T00:00:00+00:00", + "inputs": [ + { + "resource": { + "ref": "component-10" + }, + "source": { + "ref": "component-11" + }, + "target": { + "ref": "component-12" + } + } + ], + "outputs": [ + { + "resource": { + "ref": "component-14" + }, + "type": "artifact", + "source": { + "ref": "component-15" + }, + "target": { + "ref": "component-16" + } + } + ], + "properties": [ + { + "name": "Foo", + "value": "Bar" + } + ] + }, + "steps": [ + { + "name": "My step", + "description": "Description here", + "commands": [ + { + "executed": "ls -las", + "properties": [ + { + "name": "Foo", + "value": "Bar" + } + ] + } + ], + "properties": [ + { + "name": "Foo", + "value": "Bar" + } + ] + } + ], + "inputs": [ + { + "environmentVars": [ + { + "name": "Foo", + "value": "Bar" + } + ] + }, + { + "environmentVars": [ + "FooBar" + ] + }, + { + "environmentVars": [ + { + "name": "Foo", + "value": "Bar" + }, + "FooBar" + ] + } + ], + "outputs": [ + { + "environmentVars": [ + { + "name": "Foo", + "value": "Bar" + } + ] + }, + { + "environmentVars": [ + "FooBar" + ] + }, + { + "environmentVars": [ + { + "name": "Foo", + "value": "Bar" + }, + "FooBar" + ] + } + ], + "timeStart": "2023-01-01T00:00:00+00:00", + "timeEnd": "2023-01-01T00:00:00+10:00", + "workspaces": [ + { + "bom-ref": "workspace-1", + "uid": "workspace-1", + "name": "My workspace", + "aliases": [ "default-workspace" ], + "description": "Description here", + "resourceReferences": [ + { + "ref": "component-t" + } + ], + "accessMode": "read-write", + "mountPath": "/tmp/workspace", + "managedDataType": "ConfigMap", + "volumeRequest": "requestedVolumeClaim", + "volume": { + "uid": "volume-1", + "name": "My volume", + "mode": "filesystem", + "path": "/", + "sizeAllocated": "10GB", + "persistent": true, + "remote": false + } + } + ], + "runtimeTopology": [ + { + "ref": "component-s", + "dependsOn": [ + "component-r" + ] + } + ], + "properties": [ + { + "name": "Foo", + "value": "Bar" + } + ] + } + ] + } + ] +} diff --git a/src/test/resources/1.5/valid-formulation-1.5.textproto b/src/test/resources/1.5/valid-formulation-1.5.textproto new file mode 100644 index 000000000..b7619428d --- /dev/null +++ b/src/test/resources/1.5/valid-formulation-1.5.textproto @@ -0,0 +1,336 @@ +spec_version: "1.5" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +components { + type: CLASSIFICATION_LIBRARY + publisher: "Acme Inc" + group: "org.example" + name: "mylibrary", + version: "1.0.0" +} +formulation: [ + { + bom_ref: "formula-1" + components: [ + { + bom_ref: "component-1" + type: CLASSIFICATION_PLATFORM + name: "Pipeline controller image" + version: "v0.47.0" + } + ] + workflows: [ + { + bom_ref: "workflow-1" + uid: "8edb2b08-e2c7-11ed-b5ea-0242ac120002" + name: "My workflow" + description: "Workflow description here" + resourceReferences: [ + { + ref: "component-a" + } + ] + tasks: [ + { + bom_ref: "task-1" + uid: "task-uid-1" + name: "fetch-repository" + taskTypes: [ TASK_TYPE_CLONE ] + description: "Description here" + resourceReferences: [ + { + ref: "component-a" + } + ] + taskTypes: [ + TASK_TYPE_CLONE, TASK_TYPE_BUILD + ] + trigger { + bom_ref: "trigger-1" + uid: "trigger-1" + type: TRIGGER_TYPE_API + } + steps: [ + { + name: "My step" + } + ] + inputs: [ + { + resource: { + ref: "component-a" + } + } + ] + outputs: [ + { + resource: { + ref: "component-a" + } + } + ] + timeStart { + seconds: 3173618478 + nanos: 3 + } + timeEnd { + seconds: 3173618478 + nanos: 3 + } + workspaces: [ + { + bom_ref: "workspace-1" + uid: "workspace-uid-1" + name: "workspace" + } + ] + runtimeTopology: [ + { + ref: "task-1" + dependencies: [ + { + ref: "task-2" + } + ] + } + ] + } + ] + taskDependencies: [ + { + ref: "task-1" + dependencies: [ + { + ref: "task-2" + } + ] + } + ] + taskTypes: [ TASK_TYPE_CLONE, TASK_TYPE_BUILD ] + trigger: { + bom_ref: "trigger-2" + uid: "trigger-uid-2" + name: "My trigger" + description: "Description here" + resourceReferences: [ + { + ref: "component-a" + } + ] + type: TRIGGER_TYPE_WEBHOOK + event: { + uid: "event-1" + description: "Description here" + timeReceived { + seconds: 3173618478 + nanos: 3 + } + data: { + content_type: "text/plain" + value: "Foo/Bar" + } + source: { + ref: "component-g" + } + target: { + ref: "component-h" + } + properties: [ + { + name: "Foo" + value: "Bar" + } + ] + } + conditions: [ + { + description: "Description here" + expression: "1 == 1" + properties: [ + { + name: "Foo" + value: "Bar" + } + ] + } + ] + timeActivated { + seconds: 3173618478 + nanos: 3 + } + inputs: [ + { + resource: { + ref: "component-10" + } + source: { + ref: "component-11" + } + target: { + ref: "component-12" + } + } + ] + outputs: [ + { + resource: { + ref: "component-14" + } + type: OUTPUT_TYPE_ARTIFACT + source: { + ref: "component-15" + } + target: { + ref: "component-16" + } + } + ] + } + properties: [ + { + name: "Foo" + value: "Bar" + } + ] + steps: [ + { + name: "My step" + description: "Description here" + commands: [ + { + executed: "ls -las" + properties: [ + { + name: "Foo" + value: "Bar" + } + ] + } + ] + properties: [ + { + name: "Foo" + value: "Bar" + } + ] + } + ] + inputs: [ + { + environmentVars: [ + { + property: { + name: "Foo" + value: "Bar" + } + } + ] + }, + { + environmentVars: [ + { + value: "FooBar" + } + ] + }, + { + environmentVars: [ + { + property: { + name: "Foo" + value: "Bar" + } + }, + { + value: "FooBar" + } + ] + } + ] + outputs: [ + { + environmentVars: [ + { + property: { + name: "Foo" + value: "Bar" + } + } + ] + }, + { + environmentVars: [ + { + value: "FooBar" + } + ] + }, + { + environmentVars: [ + { + property: { + name: "Foo" + value: "Bar" + } + }, + { + value: "FooBar" + } + ] + } + ] + timeStart { + seconds: 3173618478 + nanos: 3 + } + timeEnd { + seconds: 3173618478 + nanos: 3 + } + workspaces: [ + { + bom_ref: "workspace-1" + uid: "workspace-1" + name: "My workspace" + aliases: [ "default-workspace" ] + description: "Description here" + resourceReferences: [ + { + ref: "component-t" + } + ] + accessMode: ACCESS_MODE_READ_WRITE + mountPath: "/tmp/workspace" + managedDataType: "ConfigMap" + volumeRequest: "requestedVolumeClaim" + volume: { + uid: "volume-1" + name: "My volume" + mode: VOLUME_MODE_FILESYSTEM + path: "/" + sizeAllocated: "10GB" + persistent: true + remote: false + } + } + ] + runtimeTopology: [ + { + ref: "component-s" + dependencies: [ + { + ref: "component-r" + } + ] + } + ] + properties: [ + { + name: "Foo" + value: "Bar" + } + ] + } + ] + } +] diff --git a/src/test/resources/1.5/valid-formulation-1.5.xml b/src/test/resources/1.5/valid-formulation-1.5.xml new file mode 100644 index 000000000..8492e4b42 --- /dev/null +++ b/src/test/resources/1.5/valid-formulation-1.5.xml @@ -0,0 +1,251 @@ + + + + + Acme Inc + org.example + mylibrary + 1.0.0 + + + + + + + Pipeline controller image + v0.47.0 + + + + + 8edb2b08-e2c7-11ed-b5ea-0242ac120002 + My workflow + Workflow description here + + + component-a + + + + + task-uid-1 + fetch-repository + Description here + + + component-a + + + + clone + build + + + trigger-1 + api + + + + My step + + + + + + component-a + + + + + + + component-b + + + + 2023-01-01T00:00:00+00:00 + 2023-01-01T00:00:00+00:00 + + + workspace-uid-1 + workspace + + + + + + + + + + + + + + + + clean + build + + + trigger-uid-1 + My trigger + Description here + + + component-a + + + api + + event-1 + Description here + 2023-01-01T00:00:00+00:00 + FooBar + + component-g + + + component-h + + + Bar + + + + + Description here + 1 == 1 + + Bar + + + + 2023-01-01T00:00:00+00:00 + + + + component-10 + + + component-11 + + + component-12 + + + + + + + component-14 + + artifact + + component-15 + + + component-16 + + + + + Bar + + + + + My step + Description here + + + ls -las + + Bar + + + + + Bar + + + + + + + Bar + + + + + FooBar + + + + + Bar + FooBar + + + + + + + Bar + + + + + FooBar + + + + + Bar + FooBar + + + + 2023-01-01T00:00:00+00:00 + 2023-01-01T00:00:00+00:00 + + + workspace-1 + My workspace + + default-workspace + + Description here + + + component-t + + + read-write + /tmp/workspace + ConfigMap + requestedVolumeClaim + + volume-1 + My volume + filesystem + / + 10GB + true + false + + + + + + + + + + Bar + + + + + + diff --git a/src/test/resources/1.5/valid-license-expression-1.5.json b/src/test/resources/1.5/valid-license-expression-1.5.json index 98b34e948..95d7dbbdd 100644 --- a/src/test/resources/1.5/valid-license-expression-1.5.json +++ b/src/test/resources/1.5/valid-license-expression-1.5.json @@ -12,7 +12,8 @@ "version": "9.0.14", "licenses": [ { - "expression": "EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0" + "expression": "EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0", + "bom-ref": "my-license" } ] } diff --git a/src/test/resources/1.5/valid-license-expression-1.5.xml b/src/test/resources/1.5/valid-license-expression-1.5.xml index 6b146205e..0308af4e4 100644 --- a/src/test/resources/1.5/valid-license-expression-1.5.xml +++ b/src/test/resources/1.5/valid-license-expression-1.5.xml @@ -15,7 +15,9 @@ e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 - EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 + + EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 + pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar diff --git a/src/test/resources/1.5/valid-license-id-1.5.json b/src/test/resources/1.5/valid-license-id-1.5.json index 5f13e0117..08986cfdc 100644 --- a/src/test/resources/1.5/valid-license-id-1.5.json +++ b/src/test/resources/1.5/valid-license-id-1.5.json @@ -13,7 +13,8 @@ "licenses": [ { "license": { - "id": "Apache-2.0" + "id": "Apache-2.0", + "bom-ref": "my-license" } } ] diff --git a/src/test/resources/1.5/valid-license-id-1.5.xml b/src/test/resources/1.5/valid-license-id-1.5.xml index 242a0a938..42b12edda 100644 --- a/src/test/resources/1.5/valid-license-id-1.5.xml +++ b/src/test/resources/1.5/valid-license-id-1.5.xml @@ -15,7 +15,7 @@ e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 - + Apache-2.0 diff --git a/src/test/resources/1.5/valid-license-licensing-1.5.json b/src/test/resources/1.5/valid-license-licensing-1.5.json index 3e2d7454e..c692d39a9 100644 --- a/src/test/resources/1.5/valid-license-licensing-1.5.json +++ b/src/test/resources/1.5/valid-license-licensing-1.5.json @@ -26,10 +26,6 @@ { "name": "Acme Licensing Fulfillment", "email": "licensing@example.com" - }, - { - "name": "Acme Licensing", - "email": "licensing@example.com" } ] } @@ -56,4 +52,4 @@ ] } ] -} \ No newline at end of file +} diff --git a/src/test/resources/1.5/valid-license-licensing-1.5.textproto b/src/test/resources/1.5/valid-license-licensing-1.5.textproto new file mode 100644 index 000000000..490bb6768 --- /dev/null +++ b/src/test/resources/1.5/valid-license-licensing-1.5.textproto @@ -0,0 +1,51 @@ +spec_version: "1.5" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +components { + type: CLASSIFICATION_LIBRARY + publisher: "Acme Inc" + group: "com.acme" + name: "cryptographic-provider" + version: "2.2.0" + licenses { + license { + bom_ref: "acme-license-1" + name: "Acme Commercial License" + licensing { + altIds: "acme" + altIds: "acme-license" + licensor { + organization { + name: "Acme Inc" + contact { + name: "Acme Licensing Fulfillment" + email: "licensing@example.com" + } + } + } + licensee { + organization { + name: "Example Co." + } + } + purchaser { + individual { + name: "Samantha Wright" + email: "samantha.wright@gmail.com" + phone: "800-555-1212" + } + } + purchaseOrder: "PO-12345" + licenseTypes: LICENSING_TYPE_APPLIANCE + lastRenewal { + seconds: 1649881239 + nanos: 3 + } + expiration { + seconds: 1681417239 + nanos: 3 + } + } + } + } +} diff --git a/src/test/resources/1.5/valid-license-licensing-1.5.xml b/src/test/resources/1.5/valid-license-licensing-1.5.xml index a528a1754..520f0169c 100644 --- a/src/test/resources/1.5/valid-license-licensing-1.5.xml +++ b/src/test/resources/1.5/valid-license-licensing-1.5.xml @@ -46,4 +46,4 @@ - \ No newline at end of file + diff --git a/src/test/resources/1.5/valid-license-name-1.5.json b/src/test/resources/1.5/valid-license-name-1.5.json index b856f70d1..7a198054b 100644 --- a/src/test/resources/1.5/valid-license-name-1.5.json +++ b/src/test/resources/1.5/valid-license-name-1.5.json @@ -13,7 +13,8 @@ "licenses": [ { "license": { - "name": "Apache License 2.0" + "name": "Apache License 2.0", + "bom-ref": "my-license" } } ] diff --git a/src/test/resources/1.5/valid-license-name-1.5.xml b/src/test/resources/1.5/valid-license-name-1.5.xml index fee242f1f..f35283c0c 100644 --- a/src/test/resources/1.5/valid-license-name-1.5.xml +++ b/src/test/resources/1.5/valid-license-name-1.5.xml @@ -15,7 +15,7 @@ e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 - + Apache License 2.0 diff --git a/src/test/resources/1.5/valid-machine-learning-1.5.json b/src/test/resources/1.5/valid-machine-learning-1.5.json new file mode 100644 index 000000000..59dc3ceef --- /dev/null +++ b/src/test/resources/1.5/valid-machine-learning-1.5.json @@ -0,0 +1,92 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "components": [ + { + "bom-ref": "component-a", + "type": "machine-learning-model", + "group": "CompVis", + "name": "stable-diffusion", + "version": "1.4", + "description": "Stable Diffusion is a latent text-to-image diffusion model capable of generating photo-realistic images given any text input. For more information about how Stable Diffusion functions, please have a look at \uD83E\uDD17's Stable Diffusion with \uD83E\uDDE8Diffusers blog.", + "modelCard": { + "modelParameters": { + "approach": { + "type": "supervised" + }, + "task": "task goes here", + "architectureFamily": "the architecture family goes here", + "modelArchitecture": "The architecture of the model.", + "datasets": [ + { + "type": "dataset", + "name": "Training Data", + "contents": { + "url": "https://example.com/path/to/dataset" + }, + "classification": "public" + } + ], + "inputs": [ { "format": "string" } ], + "outputs": [ { "format": "byte[]" } ] + }, + "quantitativeAnalysis": { + "performanceMetrics": [ + { + "type": "The type of performance metric", + "value": "The value of the performance metric", + "slice": "The name of the slice this metric was computed on. By default, assume this metric is not sliced", + "confidenceInterval": { + "lowerBound": "The lower bound of the confidence interval", + "upperBound": "The upper bound of the confidence interval" + } + } + ], + "graphics": { + "description": "Performance images", + "collection": [ + { + "name": "FID vs CLIP Scores on 512x512 samples for different v1-versions", + "image": { + "contentType": "image/jpeg", + "encoding": "base64", + "content": "/9j/4AAQSkZJRgABAQEASABIAAD/2wBDAAIBAQEBAQIBAQECAgICAgQDAgICAgUEBAMEBgUGBgYFBgYGBwkIBgcJBwYGCAsICQoKCgoKBggLDAsKDAkKCgr/2wBDAQICAgICAgUDAwUKBwYHCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgr/wAARCAH4AxgDASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwD9/KKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAPDv2yv+CkH7G3/AAT/ALrwpYftYfFe68N3PjiW8i8K2tl4S1XV5dQe1WJrgKmnWs7LsWeI/OFyG4ztbGN+y9/wVb/YY/bK+Jp+D/7PHxO8Qav4gXTZb82mpfDPxDpMfkRlA7efqFhBDkF1+XfuOeAcHHyZ/wAFx/ird/BH/gpn+wN8U7D4UeLfHE2j+KfHUieFPAmnRXerahu0qyj2W8U0sSOw37yGkX5UY5JGD9i/smftw69+1R4r1Twvq37DPx4+FKaZp4uk1T4teE7HT7S9JkCeTA9tfXDNKM7iCqjaCc9qANj4f/t7fsnfFH4O/Ef4/eBPit9u8JfCTWNa0v4hat/YV/F/ZV3pMIm1CPypIFln8qMht0KSK/RC54rwnSf+DiL/AII+6xY22sJ+1feWenXao1vq+r/DHxLY2LK33W+03GnJCFOR8xcDnrXyt+wD/wAodv8Ago7/ANlg+NH/AKaEr7a/4IwWNlqf/BIL9njTdSs4ri2uPg3osdxbzxh0lRrNAysp4YEEgg8EGgD6G+F3xW+GPxu8B6d8Ufg58QtF8VeG9Xh83S9e8P6lFeWl0mSCUliZlbBBBweCCDgit+vzQ/4Je+GNH/ZN/wCC1X7Xn7C/wZtE0z4YXGjeHfH2h+FLQbLPQNSvLeNb1LeMfLCkzyBtigKqQxKoAQV9Zf8ABUXVP2qfDP7A/wATPHX7FPjt/D/xL8MeHX1zw5crpFrf/avsbLcT2fkXUUiOZ4I5oVwAweRSGBFAHvtFfB37Zv8AwVc1Sw/4I0eH/wBt39lSaMeP/jNpOiaJ8JdOjiiuHj8TauywJbqkqtHLLav9pYo6sjNaFWDAkHgv2/v2yv2sP2eP2i/gZ+w744/4KA+GvgRo+v8Awqk1Txd+0j4s8Eafdp4j8RWskVvLptulysenWLuC10xdAoWRFUL8quAfpdRXhH7BugftAaX4C1PWPjJ+3l4f/aD0nVLmKbwl4x0Pwhp+lGKEKwlikOnSvb3PzbSsiBMcgg9a8O/4ORPj78R/2dv+CPvxT8U/CjXZ9J1nWxpvh5dXtpSj2Vvf30NvcuGHKloHljDAgqZAQcgUAdj8TP8Aguz/AMEnfhN451P4d+KP2w9KvNT0SYxayfC/h/VNbtrBwSGWe6061ngiKkEMGcbSCDgg16F4w/4KZ/sI+CP2Qbn9vbVP2ktEvPhFZywRXXjTQIbjVIIpZbiO2SIxWUcswk86WNGTZuQt84UAkdh+yh+y58G/2Mv2fvDP7N/wI8IWWj+HfDOlxWsEdpbrG11IqASXUxUZkmlYF3kbLMzEkmvhf/g5o+Fvw2+FP/BC3426b8MvAek+H7bVfEug6nqNro1hHbRXF5Lr2nebcMkYCmR9oLNjLHJOSSSAfpbXnfgb9q74BfEn9ofx1+yn4K8e/bfH3w1s9NuvGug/2XdR/wBnQ38PnWjefJEsM3mR/NiJ3K9GCnivRK/PD9hr/lYa/bm/7E/4b/8ApnoA7zUf+Dhr/gkNpGo6pp2o/tS6jENF1SfTtWvT8LfE5s7S5hkMcqPdDTfJXawILb9vfOOa+svhR8Wvhj8dvh1pHxd+DXjzSvE/hjXrQXOj67ol6lxbXcRJG5HQkHDAqR1VlKkAgivx4/4Iz/8ABVf9ib9kL9lL4q/BL44ah4u1TxRJ8dfGV0nhDw18Lta1l9ShmugqQpLb2j2jPJtZdjzLjPzbQc19af8ABuV+zf8AG39mz/gnjcaX8b/hlf8AgWXxb8Sdd8UeGfAWqxmO58N6PdyR/ZrKSI8wsPLeTyyAyiYbgrblAB9c/tH/ALT37Pv7IXwtu/jV+0z8XNF8F+F7KVYpdX1u7EaPK2dsMajLzSsFYiOMM5CnAODXi3wH/wCC0/8AwTL/AGlfilo3wU+Ef7TsNz4q8RSFNA0bWfCmr6RLqTBSxFub+0hWY4BPyE5A4ry//gtj+yx+1P8AFXxd+z5+1l+y78F9M+K118BPiFc+INa+Eep6vFZf8JDBNBGizQSTgxC5tzGWj3AkNJuUOV2NF8Dv+C437PPxa/aC8Ifsr/tmfsffFL4CfEXxDqiJ4Hs/jB4NWPTtT1HIVI7C/BKvMWbYrlIwWdUVizhSAffNFfBPxj/aW/bl/bK/4KM+Pv8Agn3+wx8bdF+D/hv4J+HtHvvir8T7vwhBr2qXGparC1xZabY2t0fsyJ9nVneaQOQykADbhus+N3x4/ac/4JOf8E8/i9+1B+2D+0XY/HS88G2iXfhK+XwTb+HZ5ZJ3htLazu0tHaJgbuaPM0aoQjn5MqMgH2VRX5gfGnX/APgul+yR+xhP/wAFI/Hn7aXg7xrqPhnQIfFXjz9n5/hXY2OkQ6ZtWW8s7TVInN6JreEuRLIzhzEflPAboP8Agob/AMFC/wBsC68d/sQyf8E7/GOlaZaftJ3F7Nc2PirRYLq0msrjSbS6tbi5+UzKtqty9yY7eWJpTF5ZfDZAB+j9Ffmz+3B+19+2B/wS4+GXgv4M/Ev9vbwb43+JPx1+IZ0vwp8Sfin4S0zwx4f8BaVBbI+oXk6WsiJcLFuQxJNJuZ51VncKEfz3SP8AgqB8Sf2Rf2j/AIQaXr//AAWa+C/7XHgz4o/EKw8F+KPDnhqz8PWGu+F7i/LJbarapo9w5ls0mCpMJlYqrqAxZwVAP1oor8uvjt+3V+0d8Sv+ClvxW/ZD13/gqT4N/ZE0f4frpEfgLStf8D6TeXvjuK7tBNJqC3WtMIGjWUtEsVv8/wApDYZCW/Qb9mDw98Z/C3wQ0XRPj/8AHPS/iV4njE73PjjRvDselQatA8zvbSi1ikkjjbyGiVtjFWZSwwGwADv6K+P/APgrB+2p8f8A9n2/+Dv7LH7H9tokXxZ+P/jl/D/hrXvEtqbix8PWNvEJtQ1N4Aw+0PDEyFIidpLEndt2N5R46+Of/BRr/gl7+058ENI/az/a4034+fCf43fEG18AX2qXnw5sPDuq+FtfvEY2EkP2AiO4tpXSQOsilkVCdxOMgH6L0V+b/jP49/8ABTb49/8ABZH4y/sE/s7ftMaN4B+H/hf4deHdc/4SPUPA9lq11oEk8f7yOyidU8+e5kbJe6klihjgk2xFnXHoH/BN/wDaX/bB0r9tn42/8E2/21fi3pfxK1r4b6RoviTwf8SrDwxBo1xq+lagjh4ru0tv3EcsMqqoaMAMCxPYUAfbGrarYaHpVzreqz+Va2du89zLtLbI0UsxwAScAHgDNfFuif8ABxP/AMEifE2lw654c/aO8S6hZXAJt7yx+Cvi+WKUAkEq66SQ3II4PUV9h/EDSb7X/Aet6FpkQe5vdIuYLdCwUM7xMqjJ4HJHNflZ+zFr/wDwWR/4Inf8E4vCmifF39jb4U/ED4ZfCbQLm48XW/gf4jXf/CUWenG4mu7q88ue0W0l8hJXYxxyMSsR+YDLAA/TL43ftJ/Ar9m34OXn7QXx5+Jum+FPBthFBJea/rLtFDEJnVIgQRu3O7ooXG4lgMZrhf2KP+Ckv7FP/BRSx8S6p+xp8bY/Glt4QvILXxDPDoOoWSW0syyNEAby3i80MI3O6PcvHJGRntvh34x+CP7Y/wAAPC/xX0bSNO8UeCvGuiafr+ixa1psc0csEqJcW7vDKGCyLlTgjKOvYivi7/gkVaWtj/wU4/4KA2VjbRwwxfFPwykUMSBVRRpEgAAHAA9KAPpf9rP/AIKZ/sLfsN+JdM8EftQftC6b4b1/WbL7ZpXhyDT7vUdSurfe6CZLSyhmnMZaORQ+zBMbAHINbX7JH7eP7In7dvhnUfFn7J/xz0nxhb6NdLb61a2yTW17psrZ2rc2lykdxb7trbfMjXdsbGdpx6Nc+FfAmneJrj4oXfhzSYNZGlLZ3XiKSziW5FjG7yrC9wRv8lXkkcIW2guzYBJNfnP/AME8b/Sf20v+C1/xq/4KWfs3aCLP4L6b8MIPhpF4rt4fKtviF4gg1CO4uNTgwMXEVtHF9lFxyGCx7GILAAH6XVy/xr+M3w1/Z1+EfiP47fGPxJ/Y/hXwlo8+qeIdV+xzXH2S0hQvJJ5UCPJJhQTtRWY9ga/P79pz/gqN+0d/wSK/aK8eeB/217bXvix4E+IdrNq/7M2uaF4bt4r2XV8pGfBl0tjAil/MkjaC5dGdoixZpX+SP0jX/wBmb/gor+0B/wAEa/ij8GP2qPiHp/in44fFfwPrHk6FBZ2OnaZ4ZlvoSLbRYZII08yO3DKjTzPLIz7z5jrtoA6H4df8F4/+CXXxY8U6F4N8AfHXxNf33iXULWy0Qf8ACnPFkUNzNcOqQ/vpNLWJEZnX947KgByWAya9y/at/bO/Zc/Yd+HcHxX/AGsfjRpHgjQLq/FlaX+rM5+03JjeQQxJGrPI+yN22qpOFJr4XH7av/BSv/gkF+zv8Pb/APb6/ZL+Gur/AAQ8I6TofhbxL44+Efji9vNT8MQKkFjDf3lpeWkQuEaTywywHgyDBJwG/RzXvB3w7+JVppuoeJ/Cmja/BaTrfaRNqFhFdLBIUIWeEurbG2OQHXBwx5waAOD/AGOv23P2YP2/fhG/x2/ZI+Jw8W+FI9Xn0t9VGjXtji7hVGkj8u8hikOBIh3bdp3cE4OOE/aY/wCCvH/BOf8AZA+J1z8Ffj5+0zYab4vsreOfUPDGk6HqOsX9nE8ayI88GnW87who3RwXC5Vw3Qg14N/wbfgL+yx8Z1UYA/ap8c4A/wCvmGvuDxTd/Bj4GaP4q+Oni1fDvhazFp/afjTxVcww2okitoAgnu58AuI4Y1QM5O1EVRwAKAMj9mb9q39nP9sn4XwfGf8AZf8AjBovjTw1PO0H9p6NcFvJnUAtDNGwEkEoDKTHIquAykjBBPoNfnJ/wQp8Nav8Vfjx+1N/wUh8GfD+68H/AAm+P3jrSrj4V6Dd2RtW1G1022nt7jXvIIHlLfyy+cCQGYhycjYx+zf21PjF8Rf2ev2RPiX8dPhF8Pz4q8UeEfBGpatoHh4RO4vrqC3eSOMpH87ruUEonzMAQvJFAHp1FfmT/wAE6fjP+1h+2Na+AvjD4L/4L9/Dfx3qGof2fq/jX4M6Z8KtBj+y2zGOW80xRHMmpWrpGZIlnl3HcocpjIr1X/gq3+0ZrvwF8b6FJrH/AAWT8C/sweHbvQw0Oj3vw+0/Xdd1i7E0okuI1vHfZbKnlJ8lu3zh8uMgUAfcNFfnp/wRN/4KheKv2yvip8Yv2W/HH7R3hX40N8MG0q/8L/GLwl4cbR4/EumX0cm5bmy+5Bc280Rjby8I4cYHylm8p/4J3/ET/gtr/wAFK/2U/E3xi0L/AIKDeH/hxN4e8eeIdG8Jzn4T6Vqdx4ka1u3Ef21nRIbW1T5LZRBCZj5csryMSqUAfrDRX5YfsiftE/8ABYr/AIKufsEWf7a/wl/af8JfAm6stKu7XRvCumfDq11tPFep6fuiurm8nvmY2NvNdRSwpDApeJULmWQkIHftP/8ABXr9pnX/APg3P8K/8FQ/gTeW/hX4ja2+hx3iafptvcwm5/ttNOv4oYryOZFjlaOYJuVmRZBhiy7qAP1Nrz/x3+1J8Cfhn8fPAX7MHjfx19i8c/E631SfwPof9mXUn9pR6dAs94fOjiaGHy4mVsSuhbOE3Hivg39s34nf8Fkv+CdXwCH/AAUh+KH7WfhH4g6D4au7C9+KXwDsPhtZ2FhY6bc3EUNxHpeqLI15JLbGYBZJ3ZZApkKjHlN0n7YniXR/Gf8AwXJ/4J9eMPD1z51hq3hH4l3ljNtx5kMugWzo2O2VYGgD9DqK/LX48/8ABUjxv8ff25fip+zH4B/4KmfB79kvwR8GdRt9Fu/EPjQaJeeIPF+stHvuhbW+sTpDBZ25/dGQI7M4ODhsR7P7H3/BW347eJPhf+1V8JZfiL4A/aK+IX7Ovg//AISLwL4++GBhbTfiDZ3Gnz3FskkFjLLHHdRTwGGeKBsEuFQbhuYA/TGivy//AOCdPxy/a3/bV0fwJ8Y/Bv8AwX5+G3izW9USw1fxj8EtO+FOgoLGFtkt3pYVZk1OBo0MkQnkydyBymOK/UCgD59/au/4KnfsG/sSeP7D4UftIfHhdI8Ualpn9o2vhzSfDWp6zf8A2PeUFw8Gm21xJFGWVlDuFBKnBODXvtjeW+o2UOoWjlop4lkiZkKkqwyDggEcHoea/H/4C/sxftveIP8Agvj+0To2gf8ABTLXtI1jRvAvhS91TxAnws8P3Emq6XO8ksOlGKWAx28cKjYJogJZM7nJYZr3Hwt8dv8Agon/AMFNv2tfjh4I/ZI/ay034C/Cr4FeNpPAya1afDyw8Rat4o8Q26A35kF+TFbW0LsiqqLvcMDuBJ2gH6KUV+ef7N3/AAUO/ay139m79r/4G/tE6lokXx1/ZY0fUkm8ZeG9LSKy1qCbSLm+0fVhaS+YkUrrAXeAhowVHGGKCf8A4JK6l/wVU/bC/Z++DH7bX7Sn7b+maToes6Db3mo/DLQvhlprf8JFaeS8a3d7qDAPBPcPi52WkcMcSlI9rfMSAfoLWX448Z+Gvhx4L1j4h+M9S+xaPoOl3Go6teeS8nkW0EbSyybIwzttRWO1QWOMAE8VyP7Wn7Q/hv8AZJ/Zh+IH7Tvi3Tpb3T/AXhC/1y4sIHCvd/ZoHkWBWIIVpGVUBPALAmvzm8Rr/wAFqfij/wAEvPFP7ffj79rzwdfL4x+EWoeJrj9nmL4ZWsGmWug3enSTfZINWWT7aL1bOTzFeQyJ5wEbIy5egD7v1z/gop+xx4b/AGZPCP7Y+tfGHyfhv47vNNtfCniP/hH9Rb7dNfyeVaL9nW3M8XmOcZkjUL1YqOa1P2t/25P2U/2FPB+m+Ov2qvjBZ+FLHWtRFhosbWNze3Wo3O3cYre1tIpZ5iBydiNtyM4yM/nHpP7S3xp/ZV/4NyP2UfiL8CPF0Wi6xfan4E0a6u5tItL0PZXd4Ip4vLuopEBZCRvCh16qynmtD/grN8B/2p/G/wDwXM/Y2svh/wDtz6v4STxcfiA/gFYPAGj3y+BpLLw1atePCLmJhqBvOQftW/yN2YdpoA+1viD/AMFa/wDgn18KfgL4O/aV+I3x+Oj+FPiDc3EHgtr3wpqy6lq8kEjRzLDpn2X7cdjL8xMAADIejoT7L8FfjN8O/wBob4V6L8afhNq9zf8AhzxDafatJvLzSbqwlli3Fctb3ccc0Ryp+WRFPfGCK/J39s39lr9uiX/gtb+yh4Guf+CoOvy+I9Q8A+LX8M+MX+FHh7zPD0ltpNrHfyR2v2fyJzfMrO/mqfJ37YtqgCvV/wBsv/go18Xvh9+1n4W/4Jg6H/wUZ+GPwX1Hwp8LLDXviz+0R8VbPSIbrV759sMVrpunXUsNkLmfa11KMNHGkoCKNm1wD9NKK/OP/gnX/wAFJvHepf8ABQK+/wCCeXxK/bw+GP7Tek638P5fFfgb4t/DwaZDdW01vcLFdaRqdvpcslssgRhNHIgTKKcglgE47/gm/wDFD/gsD/wUh0D4l+Lb39vXTPht4X8BfHHxD4b0O/sfhVpOqapr0NrdAiCXzUSC3tYYmjhUrE1xI5mZ5RtQUAfqbRX5KTf8FU/H37afxz+KH/CJ/wDBZX4Jfsj+A/h746vvCfhTRfEUHh7UPEXimSyISfVbmPWblBb2bykiFYkDMqsGYFdzdR8Kv+CuXx5+LP8AwSn/AGsPHdl8XfBWrfFv9nK01rTrL4ofDhbW+0PxCIrM3Gna1bRv50H7xd2+E+ZGHibgBtigH6h1z/jv4s/Cv4Wz6Ha/E34l+H/DkvibXIdF8Nx69rMFm2ralMGMNlbCV1M9w4VtsSbnbacA4NfmP42+J/8AwW80D/gmLpv/AAVVb9uHwhY6honwtsfG+o/BU/Cmxl03VNNSzjuZlu9RyLpbuW33Tv8AZxDEkjGKNFUCSsP/AILTXvxi/ay8NfsB/tF/CT9ovUvAekfEX45eBZ9B0KHwxp9//YurajaT3dtrIluIy00tvG5jFs/+jvncyE4oA/XSivNP2VvhP8ffg58OLjwr+0b+1ZqPxh16XV5bmDxTqfhDTdFkhtWjiVLQQadHHEyqySP5hG8+aQThVx4F+3h+1V8fP2PP2/P2a/EF948x8Cfiprt38PvGuiTaXa7NP8R3UZl0a+W5MXnqZZFkgZDKIgqbthY5oA+yK+W/2kv+C1X/AAS9/ZH+Mb/s+fH79rbR9G8axXsFpc+G7TR9Q1G5tpplR4kmWyt5fJLLIjDeVGHB71znx0/aq+PfjP8A4LCfCP8AYK/Z28ef2R4c8O+BtT8ffHiSHS7W5N1pzMLTS9OEk8Tm3eS63SP5ZSUxEEMAMnyb/g5b8A+BNB/4Jwap4w0PwVpNlq+rfFjwe2q6paabFHc3rLqluoMsqqGkIVVUbicBQOwoA/SCiqHijxV4Y8EeH7rxZ408R2GkaVYxebfanql4lvb26dNzySEKg5HJIFfLn/BRP9pjx94p/YH+KfxH/wCCZX7Tvha9+JXgDQV8RWv/AAjl1pmuCW3tXE9xaSwMJgPPtoriNCAr79u1gQaAPrKivhH9u3/gqZrmmf8ABIrwr+1x+xzexr8QvjrD4f0H4M2jQw3Lx+INZZESIpKrRvLbL9pYo6Mpe22spBIrk/8Agob/AMFFfi7+zh8bfg7/AME1tC/bT+G3wv8AGfiH4eDxF8TP2hPizHp0FtZWUB+yCSzspnt7Sa+vLuKdhEdscaI5WMjlAD9GqK/Mn9j3/gpf4+8Cf8FFfAX7DXjn/gpb8Kv2sPC/xf0LV5vDXjbwNHo1tq/hfVtNt/tT2moQaPM9ubae3EhikKo7SRsvIQ5pfsv/ABa/4K3/ALfP7Tv7Unwf8Eftv6Z8L/A/wl+OGpaF4a8UQ/DHS9Y1V4gAIdMijnRIFggRfMeaZZp5WuUUOoQkgH6h15/+1H+1H8Cf2LvgTrv7S/7S/jn/AIRrwT4a+y/23rf9mXV59m+0XUVrD+5tYpZn3TTxJ8qHG7JwoJH54fFv9t/9qDx5/wAFFPiX+xt42/4KveDf2UrL4cWmiW/g2DxB4A0e4vviH9psVmn1RZ9YYW4j8/fGsFr8wwVJBQlvTP8Agqx8dP20P2Fv+CEvj744W/7UGjeLfiv4ZGkPY/E3TfA1hDa38F14ksoEl/s6YXNqGNlceW3DqWzIm07doB+gdFfFX/BSH9r39qWw/aw+Dn/BNf8AYd8SaJ4V8efFi01TWvEXxG1/RV1KPwnoNggLzwWbsqXNzLJujQSEoCmGHz74+R8E/tE/t5/sHf8ABRT4U/sZftpftF6Z8bPAfx80/V4fBHj5vBFnoGq6FrenW4uJLO5hscQTW8sTKEcIr73A4CMWAP0Dor8y/hL8ZP8Agqz+2n/wUC/ar/Zg+FX7Y2lfDPwB8J/Gul22ieKG+HOm6xqlqLiwEi6daxTIkJj3LJNLPc+fJzEkYQFmHXfsc/t8/tq6b8Fv2uPhD8erHTPin8Yv2WLi+XRtV0DQ/wCz18bwvpUl/pnmWcBIhuJTGUdIePnVVBYFmAP0Gor8tf8AgnT8fv2vf24vDfgf4yeEP+C+3w11zxNrENlq3i34Gaf8J9CA0xW2S3Wk7POTU4mjXzIhcOSSyb9pHB/UqgAooooAKKKKACiiigAooooAKKKKAPjP9v39lH4+/Gz/AIKU/sZfH/4Y+Av7T8I/CfxJ4uuvH+rf2paw/wBlQ3umW8Fs3lSyrLPvkRlxCjlcZYKCDX2ZRRQB+b/7IH7BP7WPwu/4JsftrfAHx38KfsPi34t/Ej4nap8PdJ/t2wl/tW01bTlh0+TzY52ig82QFdszxsnVwg5qp+xB8Vv+Cx/7LH7Fnw1/ZOsf+CMNxda14F8E2Gg/8JHr3x/8N2+nTSwQrH9oZLWS4nCZG7YqliOMjqP0rooA+Qf+CYf/AAT++Mv7N3jv4r/tiftj/EHQ/E/xz+OesWl54xm8LRSrpGh2FnEYbHSrEzASPHFGdpkcAvtjBBMe9/r10SRSjqGVhggjIIpaKAPyK/Y8/wCCSP7avw3/AOCiPhb4NfFbwFaQfsm/s/8AxM8WfEL4LamuvWco1G81QQNp2nNaJM1xF/Z8s97MkjxIpcS8kMm77W/bq8b/ALYWm+K4PAvw4/4JkeF/2iPhnqehRPqltqHj/S9Nu7XUhNOHje01WM29xAYvIKuJFYM0gIIxXb+P/j1+0X/w0XrPwF+BHwL8Fa+nh/wVouv6nq/i74k3ejEnUbvVbeOCKG30e+3hP7KdmdnTPnKAvykl3/Ccf8FC/wDo1/4M/wDh+NW/+ZegD5w/4I2/sH/HX9lz4w/Hv9oH4ifArwx8EvC3xc1rR7nwj8A/B/iCPUrPwybO2khuLt5LdEtUmumZXKW42KFAJIVAPpv9uv8AY9+HH7fX7JPjj9kT4rXM9to3jXSPsrX9qgaWxuY5EntrpFPDNFPFFKFPDbMHgmqf/Ccf8FC/+jX/AIM/+H41b/5l6P8AhOP+Chf/AEa/8Gf/AA/Grf8AzL0AfNPwb+NH/Bcb9ln4caZ+z/8AFH/gnT4f+PN/4ZsY9O034reDPjPpmiQa5bxKEhnvbPU0We3uCiqZWjEqs5YquMZwf+Co/wCzH/wU0/b2/wCCKfxH+B3jb4N+Dbj4y+LfEWmXeieA/A/iWP7JYadBq9jOtu99qDQRy3CQwyvJJlUZsiMY2ivrT/hOP+Chf/Rr/wAGf/D8at/8y9H/AAnH/BQv/o1/4M/+H41b/wCZegDwW1/b8/4LEy3McVz/AMECNbijaQCSU/tLeE22KTy2A+TjritT9lP9lH4+/Db/AILKftW/tWeNfAX2LwD8SvDfgm18Fa9/alrJ/aM1hpvk3a+RHK00PlyfLmVEDdVLDmvZv+E4/wCChf8A0a/8Gf8Aw/Grf/MvR/wnH/BQv/o1/wCDP/h+NW/+ZegDxn/gh3+yj8ff2Pv2W/Gvw5/aL8Bf8I7rOr/GzxPr+n2f9qWt35unXdwj282+1lkRd6gnYxDr/Eor7Mrxn/hOP+Chf/Rr/wAGf/D8at/8y9H/AAnH/BQv/o1/4M/+H41b/wCZegCt+2T8Sf27/ha3hjxL+xj+zR4S+KtiJbtPGnhnW/G39g6iVIh+zSWNzLG9ucHz/MSUDP7vaw+avj39pL4Cf8FLP+CtXxa+DHgz4/8A7EOjfs/fDT4V/FnTPHuu69rXxM0/xBrerzWAkEdjYxaaGS3WTzWDySOP4WAzHsk+y/8AhOP+Chf/AEa/8Gf/AA/Grf8AzL0f8Jx/wUL/AOjX/gz/AOH41b/5l6APm74x/s1/tzfsZ/8ABRrx9/wUD/YZ+B+jfGHw18bfD2j2PxU+GN14wt9B1S21PSoWtrLUrG6ux9meP7OzI8MjIxZiQTuyvW/HD4DftN/8FY/+Cefxd/Zf/bA/Z1sfgXeeMrRLTwlYr42t/EU8UkDw3dteXb2iLEoF3DHmKNnJRD8+WGPZP+E4/wCChf8A0a/8Gf8Aw/Grf/MvR/wnH/BQv/o1/wCDP/h+NW/+ZegD4n+NWg/8F0f2uP2MLj/gm747/Yq8H+CtR8TeH4fCvjz9oCT4q2N/o82m7VivL200uJBema4hDgRSKgQyn5hwV9V/aD/YA+KOk/tO/sFQ/ADwRLqnw+/Z1m1fTvE2rT6pawvpmnDQIdPsnaOWRJJy7RBSIUcg8kAc19B/8Jx/wUL/AOjX/gz/AOH41b/5l6P+E4/4KF/9Gv8AwZ/8Pxq3/wAy9AHkP/BXH/gn58Qf2wrH4WfHP4EaP4O1n4i/BHxfLrfh/wAK/EK283RPEtlcQiG+0u5Ox/KMsaRmOUqwR4xkDdvThfgjoX7UXiz4s+FtO1//AIN8/hF8LNPg1y1l1/xxqvj7w3fnTrdJVaSaxg060aeacAZiL+SAwBbGK+mP+E4/4KF/9Gv/AAZ/8Pxq3/zL0f8ACcf8FC/+jX/gz/4fjVv/AJl6APBP2zNa/bM+IXjPxF8KPHf/AAQ78BftB+Borp18Ia/qHxO0GGOa3dF/4+bTVoC9rIGyC8JkzgEAEV1//BFf9iz41/sFfsMad8B/jxrGmnWH8T6rrFr4c0PUZryw8L2d3cGWHSbaeYBpY4QSS2Mb5HwWADt6Z/wnH/BQv/o1/wCDP/h+NW/+Zej/AITj/goX/wBGv/Bn/wAPxq3/AMy9AHkv/BV/9iz4/ftBah8Hf2qP2QLjRJfix8APHL+IPDWg+JLs29j4hsbiIQ6hpjzhT9neaJUCSkFVKkHbu3r5R47+Bv8AwUZ/4Kh/tN/BDVv2sv2RtN+Afwn+CPxBtfH99pd58RrDxFqvinX7NWFhFD/Z4MdvbRO8hdpGDOrkBQcY+sf+E4/4KF/9Gv8AwZ/8Pxq3/wAy9H/Ccf8ABQv/AKNf+DP/AIfjVv8A5l6APJfgB+y38dvBP/BZn9oL9q/xP4F+y+APHHw38KaX4X1/+07V/tt3ZpILmPyElM8ewsPmkRVbPyk0fBn9lv47eFP+C1fxo/a31/wL9n+Hviz4P+HNE8P+IP7TtX+1X9rM7Tw+QspnTaCDueNVPYmvWv8AhOP+Chf/AEa/8Gf/AA/Grf8AzL0f8Jx/wUL/AOjX/gz/AOH41b/5l6APSfijqHxB0n4Z+ItV+Evh6w1fxXbaFdy+GdJ1S8Nva3uoLC5toJpQCYo3lCKzgHarE9q+Cf2mfin/AMFuP2w/gF4n/ZN8Kf8ABLbw78KLvx/oV14f1r4k+KvjnpWr6Zo9ldxNBczw21jH9qnk8p32ZjXaxUkNjbX1b/wnH/BQv/o1/wCDP/h+NW/+Zej/AITj/goX/wBGv/Bn/wAPxq3/AMy9AGT4J+F3xA/4J6f8E8vC/wAFv2YPg/efF/xB8MvBmlaLofhgeILTRZvEDw+TBNMbm7byLYlTLcEMcfKUXkrXw7+wcP8AgsH+zz+2x8dfjr44/wCCOOpJov7QHj/RNTuZF+PPhdj4Xtre3NrK7hJ2a7wrmXCKjELtAJINffH/AAnH/BQv/o1/4M/+H41b/wCZej/hOP8AgoX/ANGv/Bn/AMPxq3/zL0AfJX/BcXwD/wAFSP2kvF/hH9lf9mP9lnXvFfwB1SwjvvjNqvg34j6LoeseIB50ynw/HJqF1E9tbskcTzTIj+alx5YICSK/u/7AfxK/aZtG039njxj/AMEmb/8AZ8+HfhjwwYvDt+PiX4e1a0iaJ4kisUttNneVSyNI/msNuY23Hc4z33/Ccf8ABQv/AKNf+DP/AIfjVv8A5l6P+E4/4KF/9Gv/AAZ/8Pxq3/zL0AfHPxR/4JRfGP8A4K1fGz4mfGv/AIKU6NrHw/0PRbK58M/s0+CtK8SW8934WXdHKfFk0ljPJCb+aaOIpF5hEccZjcNhGr3b9nL4g/8ABVrwX+wXqOm/Gv8AZn0TxR8efAeox6RpwufG1laaX8RrKG6iT+1ormFpWsJJrQyuUuIkYTpkxqr7V9Q/4Tj/AIKF/wDRr/wZ/wDD8at/8y9H/Ccf8FC/+jX/AIM/+H41b/5l6APjP9tXwR/wV0/4K0/BWb9hXxl+wVo/7PPgLxfqNiPiN8QvEfxY0zxDdLptvdxXLwadaacCWmdoUAebYuMqQu7ev2p+0x4/+P37N/wS0ib9kT9kG7+Mmr2d7a6Yng+18c6foL21gsEgN0brUCI3CGOJPLHzt5u4cK1V/wDhOP8AgoX/ANGv/Bn/AMPxq3/zL0f8Jx/wUL/6Nf8Agz/4fjVv/mXoA+JP+CLHh7/gqj+yHNrXwA+P3/BLG/0Pwz4++Mmv+LtV+IA+M3h26j0C31FhKsTWVtPJNclGjVCUwTvztABqn/wVh+EX/BUH9rj9tbS/hXqf/BPzW/iV+yd4Kaz1I+GfC/xV8P6MfiJqwihnX+0/tt3HMljbTM8YtfLAleDzCzB49n3P/wAJx/wUL/6Nf+DP/h+NW/8AmXo/4Tj/AIKF/wDRr/wZ/wDD8at/8y9AFP8AYw+NX7UHxRtNW8P/ALQP/BPbUfgPp+g2lnD4ahu/HuiazFqKESK8USaXK4tlhWOIYcKCJQF+6cekfG/WPi94f+E2va38A/Bmk+IvGNrYNL4f0LXNUaytL+4BBEMk6qxhDDI37SAcEgiuD/4Tj/goX/0a/wDBn/w/Grf/ADL0f8Jx/wAFC/8Ao1/4M/8Ah+NW/wDmXoA/Pz9qn9i79tn/AIKL+P8AwHLF/wAEhvA37N/jLQfiJpXiHVf2hB8TNF1DVLCC1nEs0dp/ZUS3V3JKMhRceXHkDcFJDp6x8e/2av22v2dP+CtXij/gof8AAb9jPQv2g9B8ffDrS/D0OnzeN9P0TWPBVxZsd5t31EeU1tPkO4jYOXJJA2DzPqv/AITj/goX/wBGv/Bn/wAPxq3/AMy9H/Ccf8FC/wDo1/4M/wDh+NW/+ZegD5f/AOCbn7Ln/BQfwr/wVI/aC/bU/bV+GehaDYfFLwX4ch8PReG/EUF/aacbUOn9mBtyzyyQRCPzZ3hijkleQx5TBr0b/gh/+y38dv2QP2IpvhB+0V4F/wCEd8RN8SPE2qLp39p2t3m0u9Slmt5PMtZZI/njZW27ty5wwB4r1r/hOP8AgoX/ANGv/Bn/AMPxq3/zL0f8Jx/wUL/6Nf8Agz/4fjVv/mXoA8Z/4Iifso/H39kL/glV4V/Zt/aJ8Bf8I9410288SPe6L/alrd+Wt1q99cQHzraWSI7opo24c43YbBBA+DP2u/2VPjz+yl/waUeFf2Vv2gfDLeEfHeh+KNKttWsF1C2vTYSXHjJp4XEtrLJFJ+7mif5JDjOCQQQP1Z/4Tj/goX/0a/8ABn/w/Grf/MvXn/7TXwU/aV/bG+E1x8Df2jv2Jfgz4j8LXeoWd9caX/w0X4gs989rOlxA/mWvhuOQbZY0bAbBxgggkUAfOf7Z3wz/AOCyX/BRb4A/8O3vid+yV4S+HuheJruwsvij8fLH4lWd/YXum21xFNcS6XpaxreRy3JhBWOdFWMOYyxz5q+x/tE/sbfF/Wf+Cpv7G/xv+FHw88/4bfBvwx430zxVq39q2yf2St5o8Fpp6eTJKs0+94ymYkfbjL7RzXtP/Ccf8FC/+jX/AIM/+H41b/5l6P8AhOP+Chf/AEa/8Gf/AA/Grf8AzL0AfG3xN/YB/aB/ZI/bW+K/7RnwK/4J9fDf9pzwB8a9ag8Qan4X8Q6rpemeIPCmtCIR3T29xqkTW9zaTkCTZvR1c4AAXMnuv7MNn+1x4d+GHxK+Iejf8EtPhN8FfFi6Vbr8P/CGm+MbGefX7hBM0iald6daJDbR7vJEewzYLSM3QA+qf8Jx/wAFC/8Ao1/4M/8Ah+NW/wDmXo/4Tj/goX/0a/8ABn/w/Grf/MvQB+fH7YX7GP7cH/BSXX/CWmL/AMEgPAv7O3jnTPHel65fftFn4naLqGpaRHa3KzTfYzpcS3l1JIAQon8tM4LBTh0/W2vGf+E4/wCChf8A0a/8Gf8Aw/Grf/MvR/wnH/BQv/o1/wCDP/h+NW/+ZegDyX4Afst/HbwT/wAFmf2gv2r/ABP4F+y+APHHw38KaX4X1/8AtO1f7bd2aSC5j8hJTPHsLD5pEVWz8pNeV+FvgV/wUT/4Jk/tafHDxt+yT+yZpvx7+FXx18bSeOY9GtPiJYeHdW8L+IbhAL8SnUAIrm2mdUZWjbegUDaSDu+rv+E4/wCChf8A0a/8Gf8Aw/Grf/MvR/wnH/BQv/o1/wCDP/h+NW/+ZegD5Z/Zu/4J4/tY6F+zf+1/8c/2iNL0ST46ftT6PqTy+DfDeqJLZaLBDpFzY6PpIu5fLSWVFnKPOSsZLDnClz9Kf8Evfgz8Sv2df+CdfwV+BPxj8N/2P4q8JfDfStL8Q6V9shuPsl3DbokkfmwO8cmGBG5GZT2JrS/4Tj/goX/0a/8ABn/w/Grf/MvR/wAJx/wUL/6Nf+DP/h+NW/8AmXoA6P8Aa1/Z48Oftb/swfED9mHxZqUllp/j3whf6HcX8MYd7T7TA8azqpIDNGzK4BOCVANfn3pXhD/gubbf8E8NR/4Jg3n7Fvg9dW0z4bXHgey+PUPxTsX0zUdLjsmtI7iDTCq3YvZLYLEqzeVEJmEryIuVH3D/AMJx/wAFC/8Ao1/4M/8Ah+NW/wDmXo/4Tj/goX/0a/8ABn/w/Grf/MvQB8RfFT/gnX+2P4k/4IW/s6fscaL8HvO+JHgTxJ4KuvFfhz/hINOX7DDYXolu2+0NcCCXy0GcRyMW6KGPFfQn7Zf7Lnx2+K//AAVi/Yv/AGl/AHgb7f4J+E3/AAsX/hYGt/2naxf2V/amhQWtj+5klWafzZkZP3KSbMZfauDXrP8AwnH/AAUL/wCjX/gz/wCH41b/AOZej/hOP+Chf/Rr/wAGf/D8at/8y9AHkv7TP7Lfx2+IP/BYf9mP9qfwh4F+1+A/h54P8aWPjDXf7TtY/wCz57+zijtE8h5RNLvdWGY0cLjLFRzXnP7dH/BP742+G/2+h/wUg/Zs/ZX+Hnx4i8ReBYPC3xF+EXj27tLK4lNtN5lrqmmXl5FJBHOqHyZI5dqsijBJbKfUH/Ccf8FC/wDo1/4M/wDh+NW/+Zej/hOP+Chf/Rr/AMGf/D8at/8AMvQB5T+wtoHx11P403Pij4k/8Eg/hr+zvoNn4fnWz1yw8VaNqevXl88sIWFV0q3EcNv5Xnl2M7MWEYC4yaj/AOCLn7Lfx2/ZM/Z6+Ifgb9oHwL/YGqa78ePFniLSrX+07W78/Tb27WS2n3W0sirvUE7GIdf4lBr1r/hOP+Chf/Rr/wAGf/D8at/8y9H/AAnH/BQv/o1/4M/+H41b/wCZegD4b8N/sBftIf8ABPj4wfErRPhV/wAEvPhj+1F8MvH/AI+1Dxd4Y1C91zRdJ8ReFpb5lkn0y4OrRGO6tUkBMLxybwrNuBJ2r618R/2dv2nPjr/wSp/aF+Elv/wT7+H/AMHfHXj7wlqul+EPh34G8SadcPfh7ERwG9vI4bW1WdpnlUDcURNuZOTX0V/wnH/BQv8A6Nf+DP8A4fjVv/mXo/4Tj/goX/0a/wDBn/w/Grf/ADL0AeY/F79mX43+KP8Agh5rP7H2heCfP+It1+zGfCdv4d/tK2XdrH9gi0+zfaGkEA/f/J5hk8vvu28147+1P+wb+134o/4JvfsdaR8I/hlp2sfFD9mnxR8PfFmsfD7UfEdvZjVpNH0z7NeabHe5e3SXe5CyljHiNiC2Vz9Yf8Jx/wAFC/8Ao1/4M/8Ah+NW/wDmXo/4Tj/goX/0a/8ABn/w/Grf/MvQBufsr/Fj4+fGP4cXHir9o39lPUfg9r0WrS20PhbU/F2m61JNbLHGy3QuNOkeIKzPIgQkOPKJIAZc+df8Fav2NtU/bv8A2APiF+z94O/d+LptMXVvAF2s6wvba/YyLdWLJKxAh3TRLE0mRtSV+2a6n/hOP+Chf/Rr/wAGf/D8at/8y9H/AAnH/BQv/o1/4M/+H41b/wCZegD5+/4Ix/sr/tf+B9W+Mf7bP/BRfwBZ+HPjb8Z/FVmuo6LZ6raX0el6HplnHbWFuktrLLENxM8jBG5zGWAYEDzP/gvD4O/4KcfthfDvV/2N/wBmT/gmje+KvDFr4q8Pa3pvxPHxc8P2MV/9klgu5oRYXc0c8REgeDcxwSm8AqRX2b/wnH/BQv8A6Nf+DP8A4fjVv/mXo/4Tj/goX/0a/wDBn/w/Grf/ADL0AZv7PXir41ftjfB7xP4T/b//AOCd9n8NrK6uhYt4H8V+LtH8W2mvWRRXaSUWgeEJv+XypASSucYxXZfBT9jz9kj9muTVJv2c/wBlr4c+AH1yGOHWn8FeCLDSjqEabtiTm1hTzVXe+A2QN7Y6muf/AOE4/wCChf8A0a/8Gf8Aw/Grf/MvR/wnH/BQv/o1/wCDP/h+NW/+ZegD88v2GP8Agkr+2z8Lv+CgnhL4TfG3wLaw/ss/s3+NvGHi/wCA+pjX7Oc6pcatJCbCzltUmaeM2PnXkqyyRoPMDYyGXP0J/wAFK/8Agn58X/Gv7YfgH/go9+zb8DPAPxa8ReFfBl14O8Z/CX4jSwQW/iHRJLk3UL2V1cRSw2t7BcPIwaVdrJIRuXBD/RP/AAnH/BQv/o1/4M/+H41b/wCZej/hOP8AgoX/ANGv/Bn/AMPxq3/zL0AeJfsd6F+0Hr3x80jW/G3/AARP+GHwC0HTba5lu/GB8YaDqWsiZoWSOOzi0m2IQMzEPI8y/u2YBcnFaf8AwSy/Zb+O37OPxY/ar8TfGfwL/Y1j8Sf2kNX8U+Cp/wC07W4/tHSZoLdIrnEErmHcyMPLlCSDHKjIr1r/AITj/goX/wBGv/Bn/wAPxq3/AMy9H/Ccf8FC/wDo1/4M/wDh+NW/+ZegDwT9szWv2zPiF4z8RfCjx3/wQ78BftB+Borp18Ia/qHxO0GGOa3dF/4+bTVoC9rIGyC8JkzgEAEV83/EL/gkT+3D4b/4Nt/iL/wTw0Dw7pviX4neKPE9vrHhrwFofiWMWGgWb+JbDUP7JtrzUJIkaO3ghmkLOyguzqpclS/6F/8ACcf8FC/+jX/gz/4fjVv/AJl66T9l/wCMvif48fCT/hPPGngew8OavbeKPEGhanpGl64+pW0U+laze6W7xXMlvbNKkjWZkG6GMgSbSDjJAPmz/gpB+yF+1LfftYfBv/gpT+w94a0XxV48+E9pqmi+Ivhzr+tLpkfizQb9AHggvHVktrmKTdIhkAQl8sfk2Scj4J/Z2/by/bx/4KKfCn9s39tH9nPTfgl4E+Aen6vN4J8At43s9f1bXtb1GBbeS8uZrHMENvFEqlEDs+9AeQ7Bf0DooA+P/wDgnn+y38dvgZ+27+198X/in4F/svw78UfiRo+qeBdR/tO1n/tO0g03yZZPLhleSHbJ8u2VUY9QCOa5z9mf9m39sX9n39rf9uX9ojQPg/plxN8StY0DUvg9HrXiK3jtPEM1lozwOkzQPJLZp5+2MtLGpwdyqwGa+46KAPyP/bZ/Y0/bo/4KYroXhX/hz14E/Z98fweMdM1af9pBvihouoajoK210k8stk2mwre3UjqhVVmEaZYE4IDr+uFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRX5wf8Fev2Rv2N/ht8MdZ8TfCH4TXMv7U3xb8RSwfBbXND1y7Pid/EssomF1b3LTGS0sLQHz5wClrFBGUKgMikA/R+ivib/gpD+zT+z5P4NtvjT8aP8AgmL4i/aU8ey+GPsF5f8AgyK1+0ae1vDkSRm4vYZbQPI7lXsYpZwQTsJC59R/4JLatrOt/wDBNb4L6l4i+O8XxMv38CWi3vjaKWd/7RlUFWDNcok7PEQYWaZElLQsZFV9wAB0Xgf/AJSF/FD/ALIz4D/9O3i+vZq+ePgF8TvDfxR/b9+L+oeGtN8Q20enfCvwPY3C+IvCOo6O7ypqvi4lokv4IWni+YYmjDRMchXJU4+h6ACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAor5w/bY/bY8Vfs2eKtJ8D+B/Cmn3l7eaeL66utVWRoliMjxqiLG6HdmNiSTgDHBzx6/8A/itH8b/AIQ6J8UY9JaxOq27tLaM27y5EkeJwD3XchIPoRXzeB4tyLMeIMRktCo3iKCvNcrS6XtLZtc0b22ut9bfRY3hXO8vyHD5zXppYeu7QfMm+trx3V+WVu9ntpfsKKKK+kPnQooooAKKKKACiiigAooooAK8Z/YP/wCSIa5/2Wb4j/8Aqa63Xs1eM/sH/wDJENc/7LN8R/8A1NdboA9mooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAr4lm/wCCbn7cWjfto+Pf20vBX7fXgGfXfFYOneHF8a/AO41abwloCuXi0eylj8QW0aRZw8siwo9xKN8mcKq/bVFAHz98WvgN/wAFBvFniSa8+E3/AAUD8PeEtIvdMt4LrTrr4KQalPZ3Kwqk1xZTtqEYi8yQNKEuI7kIW25ZQBXc/sh/sv8AgD9jD9m/wp+zJ8ML/UrzR/Cti8MV/rFwJbu9mlmkuLi5mZVVTJLPLLK21VUFyAAABXpFFAHjPgf/AJSF/FD/ALIz4D/9O3i+vZq8Z8D/APKQv4of9kZ8B/8Ap28X17NQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFc58Vvi38N/gd4FvfiX8WPF1roeh6eoN1f3ZOAScKqqoLOxPAVQWPYGrhTnVmoQTbeiS1bfkiKlSnSg5zaSWrb0SXds6OiuJ+BH7RvwT/aa8IP47+BnxAtfEGmRXBgnmgikikhkAztkilVJIzggjcoyORkV21OrSq0Kjp1YuMlumrNeqYqNajiKSqUpKUXqmmmn6NaBRRRWZofP37XHw+8G/FD48fCHwH4v0GK8t9SvtWN2hZkeSCG2SUpvQhgu7BwDXu2haFo3hjRrbw94e0yGzsbOFYrW1t4wqRIBgKAK8j+I3/Ez/AG3PhxY9f7L8M6xeY9PMVYc/pXs9fI8PYbDPO81xigueVZQ5rLmahRpaXte3NJu199dz6vP8TiFk2WYRzfJGi58t3ZOdarra9r8qSvbbTYKKKK+uPlAooooAKKKKACiiigAooooAK8Z/YP8A+SIa5/2Wb4j/APqa63Xs1eM/sH/8kQ1z/ss3xH/9TXW6APZqKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigDxnwP8A8pC/ih/2RnwH/wCnbxfXs1eM+B/+UhfxQ/7Iz4D/APTt4vr2agAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKK+cf+Cp/j74+fDf9ky+8R/s+S39vqA1WCPWtR0tT9psdOKSmSaNl+ZCJBCpccqrscjGR5j/AMEVP2gvjb8avAHjXQ/i/wCO7vxBFoF/Zf2Re6tfG4vR56zGVJHcmRkHlxlS2eWcA4GB49TOaNPOYZc4S5pR5lL7Ozdu/Tfo9DwKvEGHo8QwymVOXPOPMpacuzdu70Tu1onZH25RRRXsHvhRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAV8m/8Fq/h1ofjv8AYN1zWda16WxfwtrFjq1gsabhdXBc2iwMPRhdN06MFPQGvrKvl/8A4KR/8V/rvwV/Zph+f/hN/irZ3OqQdfN0zTlNzdLj8YzntivZ4flOnnVCpF25JczflFSlL8E18zxOI4wqZHXpSV+ePKl5ycYx/wDJmn8il/wSo/YF8WfsP/DvxBd/EPxXa3+v+MJbOa9stOLm3sY4Fl8tAzqrNITO+87QOFAzjJ+raKK48wx+JzTGTxWId5y30t5Ky8krHbluXYXKsDDCYdWhBWV3d922+7bbCiiiuI7jxc/8TT/goEB1TS/hTn6SSah/8TXtFeMfDz/iZ/tu/EW+6/2X4X0izz6eYGmx+lez18xwt79HF1f58TXf3TjD/wBsPpeJ/drYSl/LhqC++Mp/+3hRRRX0580FFFFABRRRQAUUUUAFFFFABXjP7B//ACRDXP8Ass3xH/8AU11uvZq8Z/YP/wCSIa5/2Wb4j/8Aqa63QB7NRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABXzv4x/4Kt/sC/D74iah8MvGnx5Om3mka+dE1jV7rwrqq6Lp2oiXyTa3GrfZfsFvIJDsKyTrhuDzX0RXxV/wU68e3/wC1pa61/wAEhP2bLK11Txj8QtCWP4p6/JAJbD4d+GLlsTX112a/uE8xLO1yHdz57FI49zAHrvx3/wCCmH7Fn7Nfj7Ufhn8X/ivfWWr6JaRXWvx6Z4M1jU4NHgkj8xJb24srSaGyQoQ+6d0G05zjmvaPCfizwv488Lab448EeIrLV9G1iwivdJ1XTbpZ7e8tpUDxzRSISro6MGVgSCCCK+dP21v2nZP2b/BWgfsifs0+EofGnxq8faQ+mfDvwdeSeZFBbxxLBLrerPg+Tp1su1pZGGZmCwxhnf5fSP2IP2Y9O/Yv/ZD+HP7Kml+JZtZj8B+ErPSH1adNrXksUYEkoXJ2KzliqZO1SFycZoAzPA//ACkL+KH/AGRnwH/6dvF9ezV88fALUvivqf7fvxfk+LPgvw9olzH8K/A6aZF4d8Tz6olxZjVfF2yaV5rK0MMpO4GJVkVQARI2SB9D0AFFFeR/teftrfBH9ifwbY+MPjFdahK2q3LQaVpOjWyTXd4yAGQoruiBUDLuZmAG5RySBW+Gw2IxleNGhFynLZLdmGJxWHwVCVevNRhHVt6JHrlFcD+zV+0r8K/2sfhXa/F/4QapPPpk87288F5CI7izuEALwSoCQrgMp4JBDKQSCDXfVNajVw9WVKrFxlF2ae6fYqhXo4mjGrSkpRkrprVNPqgooorI1CiiigAooooAKKKKACiiigAooooAKKKKACiiigAr5i/bB8L+IP2cPinp37fnws0ma5i0+BNN+K2iWi86noxIAuwvea3ODn+4oyQqNn6dqK/sLHVbGfS9Ts4ri2uYWiuLeZAySowIZWB4IIJBB6g1yY3CrF0ORO0lrF/yyWz/AEa6ptdThzDBLHYZwT5ZJqUZdYyWqf6NdYuSe5V8K+KfD/jfwzp/jHwnq0N/pmqWcd1p97btlJoZFDI4PoQQav18sfs5399+xf8AtB3H7Fvi68lPgrxTJPqvwg1O5clYCW33OkMx/iRmLpnkhuSTIqj6npYHFPFUbzVpxdpLtJb/ACe8X1TXmTluNeNw95rlqRfLOP8ALJb/ACekovrFp9wooorsPQCiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACvl/Uv+Lrf8FaNNs/9ZYfCj4VzXW7r5Op6nP5W32zajOfavqCvl/8A4J8f8XE+LXx+/aTl+dfEnxNbQ9NnPPm2Okwi3hdf9lt7fitevln7rDYrEdocq9aklH/0lSPGzT99isLh/wCapzP0pxcv/SnA+oKKKK8g9kKKKy/G/im18DeC9X8a3trJPDo+l3F9NDD9+RYo2kKr7kLgVnVq06FKVWo7Rim2+ySbb+STfyNKVKpXqxpwV5SaSXdtpJfNtL5nln7Pf/Ex/aR+NPiHr5ms6VZhv+uFmVx/49Xs9fFv7CP7V2oeLP2gPEHgzWPCsMY8eavdarFcW8jFrSVIWfymzwyeXGQDgHd7Hj7Sr4jw5znLs84ceIwk+Ze1rc2jVpSqzqde8Zwfz7po+08Qcnx+S8Qqhi48r9lR5dU7qNKEOn96El8uzQUUUV92fDhRRRQAUUUUAFFFFABRRRQAV4z+wf8A8kQ1z/ss3xH/APU11uvZq8Z/YP8A+SIa5/2Wb4j/APqa63QB7NRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABXzFq3/AAR5/YM1X4keLfi3b+C/H2k6/wCO9fm1vxbd+Gfjn4v0mPUr+U5ed4bLVYogcYUBUCqoCqAoAH07RQB83fEX/gkt+w58Uvi/d/H3xR4L8bQeMb/QrLRr/wAQaB8Z/FWkz3NjaRiO3hk+w6nCHChcksCWcs7FnZmPuPws+GXhT4N/D/S/hj4HOqHSdHgMNkda8QXmq3W0sW/eXd7LLcTHLH5pJGOMDOAAOgooA8Z8D/8AKQv4of8AZGfAf/p28X17NXjPgf8A5SF/FD/sjPgP/wBO3i+vZqACvn3/AIKB/wDBPzwb+3t4N0TRtZ8a3PhzWPDlzNJo+sQWQukRJhGJo3hLpvDeVGQQ6kFB2JB+gqK6sHjMTl+JjiMPLlnHZ/h102OXG4LC5jhZYbEx5oS3X49Ndz45/wCCVOkaV+zC3jT9gjxrYix8aeHNdm1xbsuRF4k064EccWoQBidoVY4o3QE7CFyS28D7Gr5//bs/Z68aeOdJ0b9or9n9Fg+Kfw1ma/8ADbKP+Qta4/0jTJcY3pKm4KD0Y4BUOxr0L9mb9obwV+1F8GdI+MXgdmjhv4il/p8zfvtOvE4mtZRwQ6NkdBuBVhwwr0s2bzGP9px1c3aov5alt/8ADNK8ezUo9EeXlCWWy/suWigr03/NTvt/ig3yy7pxl1Z31FFFeGe8FFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQB5j+1t+znYftL/AAiuPB9vqJ0zxBp1wmp+ENejJWTTNTh+aGZWHIGflbHO1iRyARn/ALGn7Rl9+0B8M5rXxzpw0zx14TvW0fx3ojAK1tfx5UyKv/POUAupHH3lBO0mvXq+X/2uPDuufswfF+w/b5+GmlTT6fHDHpfxc0WzTJv9KJCx36qOs1udvPUoACVUOT5ONTwVdY2Hw7VF3j0l6wvr3g2uiPDzFPL8Ssxgvdso1V3h0n60769XByX2UfUFFUvDfiLQ/F/h+x8V+GNUhvtN1K0jurC8t33RzwyKGR1PcFSD+NXa9VNSV1se3GSkk07phRRRTGFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQBynx1+I1v8H/AIK+LfircsoXw54bvdRAbozQwO6r7ksoAHcmvNf+CaPw5uPhj+w58PNH1BW+26lov9s30kn33lvpGuyX77gJlXn+7iue/wCCr2sahcfsqJ8INCuTFqfxL8Y6P4U09k+9uuLpXcAd8xwup9mr6N0XSNP8P6PaaDpNuIbWxto7e2iXokaKFVfwAAr15fuMiiutWo38qcVFf+TTf3HjQ/f5/J9KVNL51JOT/wDJYL7yzRRRXkHshXP/ABX8V2fgb4Y+IfGN/HG8WmaLc3LRSqCsmyJiEIPXcQBjvmugrxn9ua9ub74PWXwx02Zku/G/ifT9EhKfeVZJg7t9NsZBPo1eNxFjp5ZkOJxUNZRhLlXeTXLBfOc4I9jh/AwzLPMNhp6RlOPM+0U+ab+UIyZV/Yl/Z0+H/wAMfhR4f8fxeFIU8Uazokc+o6nIztIVm/ehAGJWPCsikIFzt5ya9wqKys7bTrOHT7KERwwRLHDGvRVUYAH0AqWryLJ8HkOU0cDhoKMYRSdkleSSUpO27k0229XfVkZ3m+LzzNauNxM3KU5N6tuybbjFX2UU0kloraIKKKK9Y8oKKKKACiiigAooooAKKKKACvGf2D/+SIa5/wBlm+I//qa63Xs1eM/sH/8AJENc/wCyzfEf/wBTXW6APZqKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigDxnwP/ykL+KH/ZGfAf8A6dvF9ezV4z4H/wCUhfxQ/wCyM+A//Tt4vr2agAooooAK+Q/ipFL/AME8v2oD+0RpEbRfCL4o6nFa/Ea0jH7rw/rLnbDqwA+5FKTtlPqSTkmNR9eVi/EX4e+EPix4E1b4bePtGi1DRtbsZLTUbOUcSRuMHB6qw6hhypAIwQK9DLsZHCVmqq5qc1yzXePdf3ov3ovo12bPOzLBSxlFOk+WrB80Jdpdn/dkrxkuqfdI2IZoriJZ4JVdHUMjo2QwPIII6inV8t/sSfELxf8AAr4h6l/wTy+Oesy3eqeGrQ3nw08Q3ZwfEHh/JCJnoZ7cAoyj+FDgERlj9SVnjsHLA4h02+aLs4yW0ovVSXqt10aaeqNMvxscfhlUS5ZK6lF7xktJRfo9n1TTWjCiiiuM7QooooAKKKKACiiigAooooAKKKKACiiigAooooAKg1TS9N1zTLnRdYsYrq0vIHguraeMMk0bqVZGU8EEEgg9QanopNJqzE0mrM+Wf2ZdU1L9jv49XX7D3ja/lfwnrpn1b4O6tdyE/udxe40lnPV4mJZM8lSSfvoo+pq8s/a9/Zyg/aS+E0nh3SdT/svxRo10mq+C9fjO2TTtTh+aJww5CsRtbrw2cZUVB+xz+0bP+0R8LWuPFmmf2V408N3j6R450Jxtey1GL5XIXtHJjep5HJXJKmvJwbeBxH1KXwu7pvy6w9YX07wa/lPDwDeW4r+z5/A7ypP+79qn6wvePem1/IetUUUV657oUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH5Gf8ABWn4aftXfFX/AIKLr4Q+Glnr3iOS30HTtT8H6b4e8yVtGtztikmfy+LY/a45GMrFQA8eW+7j9UfhDp3jnSPhP4X0n4n6kl54ltfDtlD4ivI2BWe+WBFnkBGMhpA5z718/fsHf8Xh+P3xx/a3uP3ltrHi9fC3heU8r/Z2loI2kjP9yWRtx/2kNfUdfU8RZlOrh8PlrhFewjFNpauTinJP0ur95Xb1PkuGssp0sRiczjOT+sSk0m7pRUmotebs7do2S0Ciiivlj60K8V+Jv/Fd/tmfD/wOp32/hXRL7xFfRjoWkxbQE+6uCR9a9qrxX9n3/it/2ifiv8VW+eC11S28N6a/ZBaR5nUH3kZTXy/Ev+01cDgP+ftaLf8Agop1pfK8aa+Z9Nw5/s9LG47/AJ9UZJf46zVGPztKo/ke1UUUV9QfMhRRRQAUUUUAFFFFABRRRQAUUUUAFeM/sH/8kQ1z/ss3xH/9TXW69mrxn9g//kiGuf8AZZviP/6mut0AezUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFYnxMl+I0Hw38QT/B+z0e48Wpod23ha38RTSx6fLqIhf7Mt08IMiwGXYHKAsELFQTgUAbdFfA2rf8Edfjx+1JcP4i/4KH/8FS/jB4k1KdRLJ4I+D+rr4P8AC9grZIiW2hWSe6CEMqzzS+YwBLDOQILf/gh9f/s6qvi39h//AIKkftA/C3WIpo0tbTxT4vj8UeHZ5XcIi3GmX6BZizMqLiRW+bA5IoA/QCvk79pr9vn9rL9lrRfGfxu8df8ABPiSf4Q+A7m5m1zxTZ/FGzbW5dJgciXVbfSRbmN4RGGm8uS7jm2D/Vhvlr3n9nCL9oq3+C+i2v7WF14SuPH8AuItfu/AyXCaXdbbiVYJ4Uuf3kZktxC7xksEkd1VmVQx/O/9uf8A4KRfsZ/tkftO+I/+CdnxZ/bA8DfDT4NfD7WUtvjhe+JPFUGnal431CCUMfDVlHI6yR2KOgF7dYBlwbeI4MklAH01+2x/wUT+M/7KWt+CfEvgr9jg+Nvhj4r1zw1pl58SZPiHaabHZTazqUdjEsViYZrm4aMTQynKxIVkAD5DY+rq/On/AILuftn/ALIPw6/Zz+H3ws8R/H/wjpWsaj8TPh74p0fRZdTjSSfQYPElnK9/Eg62yRW8zbxwFib0r7u+DPxq+E37RPwz0v4y/Az4g6X4q8K60kraTr+i3QmtbsRyvC5Rxw22SN0PupHagDgfA/8AykL+KH/ZGfAf/p28X17NXzx8AvBfiTwT+378X7XxL8XPEPi+S8+Ffge5t7nxFbadE9jE2q+LgLWIWFpbKYlwSDIry5Y7pGGAPoegAooooAKKKKAPEv24f2Z9b+PPgGw8YfCrUV0r4leBb3+1/AOtAhStyuC9rITwYZ1UIwPy52kggEHc/ZD/AGmNE/an+Ddr4/t9ObS9bs5307xb4emBE2kapD8s9u6nkAH5lzyVZc4OQPUa+Sf2mNJ1T9hz9oWP9ufwHp80ngbxRJBpvxp0WzjLCEFtlvrSIOrxs22THJDdMyMw9vBNZlhvqM/jV3Sfm9ZU/SW8e01b7Z4WOTyzFf2hD+HKyqryWkanrDaXeDv9g+tqKr6Rq2l6/pVrruiahDd2V7bpPZ3dvIHjmidQyOrDhlIIII6g1YrxWmnZnuJpq6CiiikMKKKKACiiigAooooAKKKKACiiigAooooAKKKKACvlz9q3QtY/ZR+NVl+3l8PNNmm0S5SHSvjBo1nGWNzYFgsOpKg6ywHAJ6lMD5RvNfUdVta0bSfEej3fh/XtOhvLG+tnt7y0uIw0c0TqVdGB4KlSQR6GuTG4X63Q5U7STvF9pLZ+nRrqm0cGY4L69h+WL5ZxalCX8sls/TpJdYtoboWuaP4n0Sz8SeHtShvLDULWO5sru3cNHPE6hkdSOoKkEH3q3Xy5+yzrOrfskfG+8/YS8fajNL4e1BZtV+DusXkhYzWe4vPpbOessBJZR1K5PAKLX1HSwWK+t0OaStJO0l2kt16dU+qaYZdjfr2H5pLlnFuM4/yyW69OsX1i0+4UUUV2HeFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFeZftmfGhf2ev2WvHPxejuRFdaToE39mOT/wAvsuIbYf8Af6SOvTa+XP8AgoH/AMXd+L3wT/ZCtv3kPinxt/b/AImhXkHStLTz3jk9FkcgA/3o8V6OUUKeIzGnGp8CfNL/AAwTlL71G3zPMzjEVMNltSVP42uWP+KbUI/c5X+R6b+w98F2/Z9/ZN8C/Cu5tjFe2OgxTasjDkXs+Z7gH1xLK457AV6tRRXJia9TFYidafxSbb9W2/1OzDYenhMNChT+GCUV6JJfoFFFFYm5neLvEdl4P8Kan4t1I4t9L0+a7n5x8kaF2/RTXm37EPhy90T9nLRdX1cZ1DxDJPrV/JjHmPcytIrfjH5dcF/wU2+LvjP4e/CnT/BvhizC2nit7i11XUDHnyokVD5I7AyBm567UbHqOv8A2Cfih4o+Kn7O+n6j4q0mO2k0m5bS7SWGHYlzBDHGEkC9BjcUOOMxnp0r87XEOXYzxOWVe97Shh5Ne6+XmqShKWvlTUUns22k7pn6A8gx+D8Nnmnu+zr14p+8ublhGcY6edRybW6STas0e0UUUV+iH5+FFFFABRRRQAUUUUAFFFfCX7d//BWv4hfsv/tIzfBH4efDLRr+00OK1fXbrWjN5l0ZoY59luY3URgRyKN7B/mz8uBz5+ZZng8pw6rYl2i2lom9X5I8vN85y/I8KsRjJNRbUdE27vyXo36H3bRWH8MvHNl8T/ht4e+JWmWU1tbeIdDtNTt7a4x5kSTwpKqNj+IBwD7ityu6EozgpR2eq9Hr+p6UJxqQU4u6aTXo0mvwaCvGf2D/APkiGuf9lm+I/wD6mut17NXjP7B//JENc/7LN8R//U11uqKPZqKKKACiiigAooooAKKKKACiiigAooooAKKKKACmyyxQRNPPIqIilnd2wFA6knsKdWD8VPhn4F+NPww8SfBz4oaEuqeGfFug3mjeItMeeSIXdjdQPBcQl42V0Dxu67lZWGcgg4NAHyR/wUO0b48/s/8Axi0r/gp3+x/rs/i698L+GYtB+Lnwah1JGTxh4WguLi6WawQnCarZvdXUsXeZJHizyEk8y+A/jv4k/wDBbX9oDwn+1Hq+p6x4B/Za+G3iqz1r4XeFbqf7Fq3xN8QWU6y2+r30YbdFpttcRq0Fuf8AXSRiR8gBV+Rvij4F/wCDSPwT491T4cfC/wDYa8a/F3UNDu2tdZn+EFt4q1qztZlPzJ9qW/SGXH96J3Xnr1r2H/gm78Af+DYX49ftMaBp/wCzF+zXe+CvjR4N1S28R+HfCXj688SaVq8NxZyrcxXMMF5dmG6MbxeYY1MmFjYumwE0Afr1RRRQAUUUUAeM+B/+UhfxQ/7Iz4D/APTt4vr2avGfA/8AykL+KH/ZGfAf/p28X17NQAUUUUAFFFFABVLxJ4c0Lxh4evvCfijSYL/TdTtJLXULK5TdHPDIpV0YHqCpIP1q7RTTcWmt0JpSTTV0z5O/ZK8R69+x78cLn/gn58UdVnuNAvUm1P4K6/fSEm6sMlptKdz1mtySVHUpn7oMa19Y15L+2X+zHbftP/CQ6Do+rf2P4t0K8TVvA3iSI7ZdL1OE7onDAZCMRtcc8HOMquK37FH7Tlz+0j8MJ4/GukjR/HnhO9bR/H/h5wFey1CPKs6rn/VS7S6EZH3lBOwmvaxyWY4b6/Be+rKqv7z2n6T69pp/zI8PASeW4n+zpv3Hd0n/AHVvT9YX93vTa/kZ7HRRRXiHuhRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAeUfth/s5N+0Z8Kv7N8N6n/ZXjDw/eJq3gjXkO17DUofmjO7sj42N1GCGwSop37H37Ry/tH/ChdZ17TP7K8WaFdvpPjbQJBtk0/UoflkXaeQjEb168HbklTXqtfLf7UOkap+yH8dLT9ujwJYTSeGtWEGk/GLSLSMtvtdwS31VUHWSEkK3cqQONztXkYxPA4j67H4dFUX93pP1hfXvBv8AlPCzBPLcUsxh8DtGqv7v2anrC/vd6bf8qPqSiq+kavpev6Ta67omoQ3dle26T2l1byBo5onUMrqw4KkEEEdQasV6yaauj3E01dBRRRTGFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAV8ufAH/i+P/BRv4tfHGX97pnw70ez8B+HpTypuCftV+R2DpLhCeu1se1fQXxb+Iuj/CD4W+I/ip4gI+xeHNEutRuVLY3rDE0m0e524HqSK8e/4Jh/DrWPA37H+geJfFoLeIPHVzc+LfEE7LgzXF/IZlcjqD5Pkg57ivYwf+z5ZiMR1lamv+3ven/5LFL/ALePFxv+05rhsP0jzVZf9u+7D/yeTf8A26fQVFFFeOe0FFFFAHh/7R2m6d8Tf2gvhf8ABrVtPgvdOW6vdd1qzuYhJE8cEJSEOjAhlZ2dSCMc17RpWk6VoWnQ6PoemW9naW6BLe1tIVjjiUdFVVACj2FeO/Df/iuP20vH3jJvng8KeH7Dw/Zydi0pNzMB7qw2n617VXynDVOnicTjsyaXNVrTinZX5KPLSir2vbmjUdr2u726n1HEdSph8PgsuTfLTowk1d256vNVbte1+WVNXte2l+gUUUV9WfLhRRRQAUUUUAFFFFABXx5qnwC+D37X/wDwUk8eX/xT8C2utaR8NfCOjaYlvI8kccuozs92sknlsvnFIy0ZR9y4IBXgY+wmZUUu7AADJJPAFfNv/BNBW8Y/D/x1+0RcAs3xI+JWq6pYzEcmwjl+z26e4Xy5APrXkZlTp4rFYfDTScXJzaaurQjp/wCTSX3HhZtRpY3GYXCVIqUXKU5Jq6tTjpdP+/OP3H0hbW1vZ28dnZ26RRRIEiijQKqKBgKAOAAOMU+iivXPd2CvGf2D/wDkiGuf9lm+I/8A6mut17NXjP7B/wDyRDXP+yzfEf8A9TXW6APZqKKKACiiigAooooAKKKKACiiigAooooAKKKKACvPP2uvhx44+MX7KHxP+EXwx1gad4l8VfDzWtH8Pag0xjFrfXNhNDBLuHK7ZHRs9sZr0OoNU1TTND0y41rWtRgs7Ozgee7u7qZY4oIkUszuzEBVABJJOAASaAPzA/YO/wCC3P8AwTC/Yr/Zf8D/ALGv7ULap+zp4/8Ah34Xs9G8T/DzxZ4C1GDZewRLHcXUU1tbyQ3Ec8qvMJt++XzN7AliaqfGj9uH9mj/AILE/ta/s8eAv+Ccfh3WvH2pfCv41aX4w8Y/GSDwjeafpfhbRLNZGvdPN7dxRPJJeqyQi3QFJPvEnyxj9BfE3xp/Y48aW8dr4x+LPwz1aKJt0Uep69p86ofUB3IFeVftUf8ABRz4JfsrWvwj8N/CFvB/jCT4jfG3w18PxpGg+K7aI6TBqtw0LX6xwLJ5ghIB8vCBiwG9aAPqGiiigAooooA8Z8D/APKQv4of9kZ8B/8Ap28X17NXjPgf/lIX8UP+yM+A/wD07eL69moAKKKKACiiigAooooAK+VP2yfB3ib9l/4uWf8AwUP+DujTXUFnbx6f8YfD1kvOraMCAL5V7z23B3d0UZKqr5+q6ivbKz1Kzm07UbSOe3uImjngmQMkiMMMrKeCCCQQeua7cBjHgsRztc0WmpR6Si91+qfSSTWxw5hgljsPyJ8sk1KMusZLZ/o11i2nuUfBvjHwz8QvCem+OvBesw6jpOr2Ud3p19btlJ4ZFDKw+oPQ8joa06+RvgJe3v7A37SZ/Y+8VXcn/Cs/Ht3Pf/CDU7mQlNMvGbfcaK7HoCzb4snksBlmkO365qswwawdZcj5qclzQl3i+/mneMl0kn0aJy3GvG0H7RctSD5Zx7SXbvFq0ovrFrqnYooorgPQCiiigAooooAKKKKACiiigAorxn9vHwl8WfGn7P11ovwgju5rz7fE+p2dgx866swrh40A5Y7zGSo5IUjnofM/+CY9/wCNfCv/AAlfwh+JE2oadeWi2l7pfh3WIJIZ4Yn8wSyokgBCEmLOOAef4ufisXxhPB8aUMhqYWfJVjdVtoc1pNQWlm/da+JS5rWi1dn2WE4ShjODq2eQxUOelKzo7z5bxTm9bpe8n8Lja95J2R9ZUUUV9qfGhRRRQAVU8QaBovirQr3wx4j0yG90/UbWS2vrO4TdHPC6lXRgeoKkgj3q3RSaUlZiaUk09mfL37Juv61+yv8AGW+/YK+I+pzT6TJHLqvwg1q8fJvNNLFpdOZj1ltzkgdSmThV2A/UNeR/tk/s5XX7Qvwwj/4Q3UhpfjfwveLq/gXXEIV7PUIvmVC3/POTARgcjlWIO0Crf7Iv7Rtr+0p8JIfFGoaadL8S6VcvpfjLQZAVk03U4TtmjKnkKT8y5/hYA8g48rBN4Ku8FP4d6b/u9Y+sL6d4Nfys8TL28uxLy6fw2cqT7x6w9ad9O8HF/ZZ6jRRRXrHuBRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAfMf8AwVI1O/8AFfwl8Kfsu+Hrp49R+LnjrT9BkMJw8Ngsqz3c/wDuqsaBvZzX0rpemWGi6Zb6NpVqkFraQJDbQRjCxxqoVVHsAAK+VNE8U+GP2mv+CqCXfh3xHYarofwU8BSiGSyu0mRda1GTy5dpUkHbbrsbHKum04PFfWVezmUZYbB4fCtWai5y9aj0+6EY/eeJlco4rG4nFp3TkqcX/dpqz++cpfcFFFFeMe2FNmmit4XuJ5AiIpZ3Y4CgckmnV57+1f41Pw//AGcvGHiWOXZKNFktrZweRLPiBCPcNID+FcWZY2nluXVsZU+GnCU36Ri5fpb5nZl2CqZjmFHCU/iqTjBespKP63+RzP7DkMus/DDWfivdxsJvG/i/UdXBcfMIjMYo1+gEZx9a9orl/gn4LHw6+EPhrwOYtkmmaJbQTjGMyiMeYfxfcfxrqK4eGsFUy7h/C4er8ahFy/xyXPP/AMnnI7uI8bTzDPsTiKfwOcuX/BH3If8AkkIhRRRXtnihRRRQAUUUUAFFFFAHmP7aPxK/4VD+yj4/+IEdx5U9n4YuY7KTONtzMvkQn/v7IlWf2Rvhr/wqD9mLwJ8OZLfyp9N8MWi3qYxi5eMST/8AkV3NeY/8FI/+K30H4a/s5w/P/wALB+Jum2upQf3tOtmNxctjvt2RHFfSdeXS/fZvVn0hGMfnJub/AAUTxqH7/Pa0+lOEIL1k3Ul+Cggooor1D2Qrxn9g/wD5Ihrn/ZZviP8A+prrdezV4z+wf/yRDXP+yzfEf/1NdboA9mooooAKKKKACiiigAooooAKKKKACiiigAooooAK4D9q74Nf8NF/st/Er9nz7QsX/Cd+ANZ8O+azFQn22xmttxI6Y83Oa7+sP4m+G/E/jL4b+IfCHgnx5c+Fda1XQ7uz0jxPZ2cVxNpF1LC6RXiRTAxyvE7LIEcFWKAMCCaAPz7/AGJP+Dc//gnj4f8A2Svh94e/bC/YR8DXnxO07wzb2njW/stVvJ47y+iXy3uA6TKrGQKJDhQNzkYFWfj/AP8ABvR+x7oXjf4K/FT9gv8AZr8D+BPFHw/+PvhXxZ4j1ebUb5Hn0HT7z7ReW0OTMHmfbEUVgoJXl177+r/tO/8ABdH9kqQ+Gfiz+wD4P/aS0i3Oy1+IPwf8axeH76eIcK93pGoByJ2xlhbyGJSeOOKZpn7cP/Bbf9o6QeGPgL/wSW0T4RpMdr+O/jt8S4Z7Wz9T/Zmmp9qmbHIwyrnAJAyaAPvuvhv/AIKN65+3T+xv8CPiX+3Pof8AwUFtvsvhCSXVPDPwr1H4aaWui6jAbhVtdGlnCtqEt1PuS3WeK4jzLIpEQHy19Wfs3+BPjF8Nfgvovg74/wDxr/4WJ4xtxcSa74vGgw6Yl7LLcSzBY7WElIYokkWBFyzbIVLMzFmPxD8ZtM/b2+Lv7fV38UP2g/8Agmn4+8c/C34Va7v+BvhTwt498IJpl/fx7l/4SjUUvtYgllusE/ZYHiVbVWL4MzFlAPQdZ+Kv7Zf7Z/7X3xC/Z9+AX7Q0/wADtG+EHgzw7Prc9r4Q07Wb/VfEWsWst6ttP9vjkjSztrdIA6RLHLI87YlQKK9i/wCCbX7UPi79sT9jLwh8c/iPodjpvim4fUdI8W2Wmbvs0eraZqFzpt40IYlliee0kkRSSQjqCSRk+QeIvBf7ZX7Ln7ZHxH/as+AX7I1z8T9F+OXhDw9JrXhi38baVpWoeF/EWl20tqone7mWGa0lt5IFeSB5ZEe2bbHIrAn17/gmz+y94v8A2O/2MfCHwM+I+t2Oo+KYH1HV/Ft7pm77M+ranqFzqV4sJYBmiSe7kjRiASiKSATgAF7wP/ykL+KH/ZGfAf8A6dvF9ezV88fAL4R/Cj4Qft+/F/TfhN8MfD3he21T4V+B9Q1O38O6LBZJeXkmq+Lg9xKsKKJJWCqDI2WIUZPAr6HoAKKKKACiiigAooooAKKKKAPN/wBq39m7wt+1T8GNR+FfiK5eyumZbvQNagyJtK1GLJguoyCCCrcHBBKsy5Gc1yP7DH7SPin4u+E9V+EnxttksPil8O7tdK8baecD7SQP3OoRdN0U6AOCABuzgBSufdq+Yv25vhb41+GXi7Sf2/P2f9Ha58VeCbUweMtDt/l/4STw8TunhYDrLEAZEPJG3oxRFr2cvnDGUXl9V2u702/sz7N9Iz0T6KXLLueJmVOeCrrMaKvZWqJfah3S6yp6yXVx5o9j6dornvhP8UvBPxs+G+jfFf4dawl9ouu2KXVjcL12nqjD+F1YFWU8qykHkV0NeROE6U3Cas07NPdNbo9inUhVgpwd01dNbNPVMKKKKksKKKKACiiigAooooAK8r/aV+D/AIi8Uw6f8XPhO62/jrwkxn0iToNQg582yl/vI4Jxnox6jcTXqlFefmmW4bN8DPC172lazWkoyTvGcX0lGSUovo11TafflmY4nKcbDE0bXV7p6xlFq0oyXWMotxkuz6NJrkvgl8YPDvxv+H9p450BGgdyYdR0+b/W2N0nEkDjggqfUDIIPeutrwX4t6ZqP7MHxQk/aR8H2MsvhXXJUh+IukWyE+SxOE1KNR/EpOHA65J6sWX3PS9U07W9Mt9Z0i9iubS7gWa2uIXDJLGwBVlI6gggg152RZlia/tMBjrLE0bKVtFOL+CrFfyzS1X2KinB7Rv6Gd5dhqHJjsFd4atdxvq4SXx0pP8Amg3o/twcJreVp6KKK+hPACiiigAr5Z/aU03UP2Nvj9bftt+DLGVvB/iJoNK+MOlWsZIRCwS21dUHV42YI+OSDgDLsw+pqo+JvDWg+M/Dl/4R8U6VDfabqdpJa39ncLuSeGRSrow9CCRXHjsK8VRtF2nF3i+0lt8ns11i2uxwZjgnjcPaD5akXzQl/LJbP0esZLrFtdixpupafrGnW+r6TexXNrdQpNbXMEgZJY2AZXVhwQQQQR1BqavmD9kPxLr37M/xa1D9gT4n6rNcWltBJqfwl1u7bJ1HSCSXsmY9Zrc5GOpQEgBVXP0/TwWKWLoczVpLSS/lkt1+qfVNPqPLsasdhudrlmm4yj/LJbr9U+sXF9QooorrO4KKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAK5X466LN4k+CHjLw7beKv7Ckv/AArqNtHrmSP7OZ7aRRcZXkeXnfxz8tdVXzz/AMFQfiBrXhP9krVPAvg98+IfiLqVp4P8PwhsGWe/k8t145/1Am6d8V25bQnicwpUoOzco69tU2/RJNvyWpw5nXp4XLq1WaulGWnfRpJebbSVtbvTU+Kf+CLP7D/7ROm/Gnw/+15rkA0XwSdJvGs3e/RpNcWWOW3VPKRi6IsmJcyhcmJCoOQR+rlYXwv+H+i/Cj4baB8MPDibbDw9o1tp1p8uCY4YljBPuQuT7k1u13cQ51Wz3MpYmaSS92Nlb3U3a/d66/5Hn8OZHR4fyuOFpttv3pNu/vNK9uyutPvd2wooorxD3grxX9sT/iqrz4d/BuP5v+Em8cW0l7F132VqDNMMf98H8K9qrxW//wCK6/bvsLbG+18C+B5bjd/zzvLyTy8e2YRn8K+X4u/fZXDBLfEVaVL/ALdlNSn/AOU6cr+T8z6bhT9zmc8Y/wDmHp1an/byg4w/8nqRt6eR7VRRRX1B8yFFFFABRRRQAUUUUAFFFVNf13R/C2hXvibxDqMVnp+nWkl1fXc7YSCGNS7ux7AKCT7Ck2krsTaim3sj538Xf8XR/wCConhPQB+8s/hh8OL3WHbqsd9qEotQh/2vJAcewr6Tr4f/AOCff7XHwV+Nn7afxf1i21q5TXPG17aDwpFeWxRbnS9Pt2jAQ5+WQrmVkIBwM8kMB9wV4+SV6OLoVMRTkpc9Sb08mopf+AxT9GeBw7icPjsNWxVKal7SrN6O+zUYr/wGKfpJBRRRXsn0AV4z+wf/AMkQ1z/ss3xH/wDU11uvZq8Z/YP/AOSIa5/2Wb4j/wDqa63QB7NRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFfA37cvhn4jftw/wDBTnw1/wAE2dT/AGjPG3w3+GWl/A+X4ieJovhzrZ0vVPFl2+rnTYrF7xQXjtYFTzZET75nQN/CyfPn7Mnxy+LvhH/glD/wTm+KGjfGLxOniDxB8evD3h/XIR4guT/wkem6jc6nbXkF5HvxdokWJx5gbyzbBhgigD9fKKKKACiiigDxnwP/AMpC/ih/2RnwH/6dvF9ezV4z4H/5SF/FD/sjPgP/ANO3i+vZqACiiigAooooAKKKKACiiigApGVWUqwBBGCD3paKAPkLwgx/4J0ftTj4Z3beR8GPi7q7S+F5mOIfC/iF+Xss9I4LjGUHADAAABZGP17XFftDfAfwL+0t8H9a+DPxEtC+n6xbFFnjA820nX5oriMno6OAw7HGDkEg+V/sJfHjx1qg1v8AZM/aIux/ws34bFLe9unJxr+lnAttTiJ5cMpUOeSGILYL7R7mJ/4VMH9bX8Wmkqn96O0anrtGfnyye7Z4OF/4Scb9Tf8ACqNun/dlq5U/TeVPy5or4Uj6Jooorwz3gooooAKKKKACiiigAooooAh1LTrDWNPn0nVbOK4tbqForm3mQMkqMCGVgeCCCQRXhXwq1G//AGWvinH+zt4rvJJPB/iCeSb4earcOT9mkJy+myMe4JyhPXIHJbC+91ynxq+EXhv43fD+88B+I90Xm4lsb6IfvbK5XmOeM9Qyn3GQSOhNfPZ7lmJxHs8dgbLE0buF9FOL+OlJ/wAs0tHryTUJraV/fyTMsPQ58FjbvDVrKVtXCS+CrFfzQb1X24OcHvG3V0V5T+zV8XvEniIaj8Gvi3th8c+EyItS7LqVtwIr6P8AvK4I3Y6MRkDcAPVq9HK8zw2b4GGKoXSd009JRknaUJLpKMk4yXddU035+Z5biMpxssNWtdWaa1jKLV4yi+sZRacX2fRppFFFFegcAUUUUAeP/tnfs56l8fPhtb6l4A1EaZ498IXo1jwJrSkK0F9Hg+SzH/llKFCMD8v3WIO3B0/2S/2i9N/aY+EFt42bTjpuu2M76d4s0KQFZNL1OH5ZoWU8gZ+Zc87WGecgem18r/tDWV5+xX+0PB+2V4VtJP8AhBvFssGl/F3TbZCVtXLbLbV1Ud1ZgkmByG6FpCR5GLX1DEfXI/A7KovLaM/+3b2l/cf908LHp5Zi/wC0I/A7Rqry2jU9YXtLvB3+wfVFFRWV7Z6lZQ6jp13HPb3ESyQTwuGSRGGVZSOCCCCCOualr19z3U01dBRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABXy38Yv+L7f8FMfhv8ACWM+dpHwq8NXfjHW0HKNf3BFtZRt6On+uX2Y19RsyqpZmAAGSSelfLv/AATdB+LGu/Fn9su7HmD4jeOpbXw9Oed+i6aDa2rA9skSggcZQda9jK/3FDEYv+WPLH/FU938I87PFzX/AGjEYfBr7c+aX+Gn734y5EfUdFFFeOe0FFFFABXiv7KP/FXePvip8YnG4ax4yOmWch/jtrCMRIw9juP5V1P7TXx60f8AZ0+Fdz4+1OykuZ5ZxZ6Xax8ebdOjsgYn7qgIzE88L0JNecf8E1/if4X8Y/Ar/hB9Ktp4tT8OXLHWGnO7z3uZZZVmDd84ZcHkbO/Br4XM84yytx3gMplVXtYQq1eXq5OChBbWvyurNK+ybPt8tynMqPBGOzSNJ+znKlS5uiipuc3ve3MqUHpu0j6Iooor7o+ICiiigAooooAKKKKACvLv22fGnhvwB+yP8RvEfi2FZbE+Eb20e3Zyone4iNvHFkcjfJKi5HPzV6jXzR+3b/xd74r/AAh/ZFtv3kHiXxX/AG94oiHI/srTV85o5PRZZCFB/vR15+aVZUsBU5fikuVesvdX/pV/RM8vOq8qGWVeTWUlyR85T9xfjK78kzgP+Cd//BK7Sf2dvE/h/wDaR8d+O7nUvEZ0FJrTRF04W8ek3FzbbJld/MYzsqyPGDhByTgnGPtaiiqy7LcJleGVDDxtHd+b0u362/yKynKcDkuDWGwkOWO73u3ZXbv1dv0WgUUUV3HpBXjP7B//ACRDXP8Ass3xH/8AU11uvZq8Z/YP/wCSIa5/2Wb4j/8Aqa63QB7NRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAfDP7dXwS+E37b37f8A4b/Zcj13x78Lvit4E+EsvjrwL8dPh74iSyvra2uNSOnXWk+UyMLqAlIpJUf5QJYwCvmMWqf8E+/+CD/ww/Yq8VeCfGnxI/ah+IXxfuPhbZXNr8KdE8W3EUGi+ERcBhNcWljECv2lld1852YgNwAVVgn/AAVr/wCCfvhf44/FTwp+2n8Q/wDgqd4l/Zw074daL/Z2k6ppmpWGmW9pcTSzNPN9uuHjdTcI0MTwb/LkW1iyrEVxH7En7Pmq/Gr4o6N47+Bv/ByJ40+NOn+ENdsdS8ReENI1fRL6K9tYrhHe1u1tyZYoZgpiLYBIc4OaAP0pooooAKKKKAPGfA//ACkL+KH/AGRnwH/6dvF9ezV4z4H/AOUhfxQ/7Iz4D/8ATt4vr2agAooooAKKKKACiiigAooooAKKKKACvnX9u74E+Or46J+1x+ztZ5+Jnw23z2tpGDjxBpRybnTJQvL7lLNGOSGLBcM4YfRVFdWCxdTA4mNaGtt09mno4vyaun9+6RyY7B0sfhpUZ6X1TW8WtYyXnF2a+7Zs4v8AZ7+O3gX9pT4QaL8Zvh3eGTTtYtQ5hkI820mHyy28gHR0cFT24yMggntK+QfFIP8AwTn/AGqD8QrUGD4L/F7WFj8RxLxB4X8RPwl5jpHb3GMOeApBJICIp+vgQwDKcg9CK6MxwlOhONWhrSqK8X1XeL/vQej7q0tpHPlmMq4iEqVfStTdppbPtJf3ZrVdnzR3iFFFFeaemFFFFABRRRQAUUUUAFFFFAHk/wC0t8JPE2tnTvjX8IVWLxx4TzJYLj5dUteTLYyY+8GGdvoxOCN24dd8GPi54a+Nvw/svHvhksiTgx3llKf3tncLxJBIOzKfzBBHBFdVXgfxRsL79lb4qyftBeF7OR/BniO4SH4g6XboSLOYnampRqPc4kA65zyWyvx+ZRlw5mEs2pr/AGepb6xFfZeijiEv7qtGtbeHLU3pu/1uXNcQ4COV1H+/p39hJ/aWrlQb/vO8qN9p80Nqit75RUOn6hY6rYQappl3HcW1zEstvPC4ZJEYZVlI4IIIINTV9fGSkk07pnybTi2mrNBRRRTEFZ3i7wn4d8d+F9Q8F+LtJhv9L1WzktdQsp1yk0LqVZT9QT71o0UpRUotNXTFKMZxcZK6Z8x/sdeLPEX7O/xO1H9gL4r6tNc/2VbtqHws1u7bnVdEJJ+zFu81vypUfwqcAKgJ+nK8b/bS/Z11n44/D6z8TfDS+GnfELwVe/2v4F1YEApdJgtbOTwYplUIwPy52k5CkHc/ZT/aJ0X9pv4PWXxCtLE6fqsEr2PibRJQRLpepRYWe3dTyMN8y55KspODkDysDJ4Os8DN6JXpvvHrH1ht5xcX0Z4mXSlgMQ8uqPRK9JvrDrG/endLu4OL6M9Iooor1j3AooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAPFf+Ch/wAYLz4J/seeNfFGiO/9r3+m/wBj6FHD/rXvbxhbRlB3ZfMMgH/TM12P7M3wfs/gD+z94P8Ag3aIgPh7QLe1uXj6SXAQGeT/AIFKXb/gVeK/tcf8Xu/bY+CP7MEP72w0O8n+IHiqHqFiswYrHcO6tcM6kHjkda+o69jFf7NlNCh1m3Ufp8EPwUn8zxcJ/tOcV6/Smo0l6/HP8XBfIKKKK8c9oKKKKAPCv25NMsviPpXgv4ALAr3vi/xZDiQKDJa2tupe5nTIOGVGx9Gau4+AX7OPw2/Zw8PXPh/4ewXbm+mEt9fahMsk9wVBChiqquFBOAFA5PcmuP8AA/8Axdb9svxP44b95pvgDR4tC0w/wm9n/e3Lr/tKP3R9iK9tr4nI8twGZ55is/qUoupzulSm1qqdJezk0/79T2mu9opJpaP7PO8xx2W5Lhsip1ZKnyKrVino6lV+0imv7kPZ6bXk203qiiiivtj4wKKKKACiiigAooooAK+aP2bv+L2/tx/Fv9oaX97pvhFIPAXhmXqA0JE9/jtkTlcEdmr2X9ob4sWPwL+Bvir4u35TGgaJPdQxydJZwpEMf/A5Ci/8CrjP2APhNffB/wDZO8J6Jr4dta1WzbWtflmH7yS8vGNw+/1ZQ6xn/rnXl4n/AGjMqNHpC9R/L3Yfi5P5Hi4z/as3w+H6QTqy9V7kP/JpSl/26ey0UUV6h7QUUUUAFeM/sH/8kQ1z/ss3xH/9TXW69mrxn9g//kiGuf8AZZviP/6mut0AezUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH5qf8FB/D37J3xH/AOC1/wAJvh5/wUpm0Gb4VRfBC9vvhVo/j+5SPw5qPjP+1xHeJMsxEE9wtj9l2RTZU+YcAsUB5f8AbR+GP/BOT4L/ALdX7Kus/wDBO3w98OPDPx21D436XY6jo3wfjs7WW+8GSRT/ANtvqNrYYjNutsCwllXduQBCQr4+sv2nbr9lf9sD9rG1/wCCX37Rv7L2j/EGzPwwf4hahqHiGKKS30mL+0P7Ot1hBXzVuJX+0YkjZCqROMndg8UP2e/+Cdn/AARn8W/DjxF+zr+xB4f0KX4tfE7Tfh9deKtIYvf6XLqIl+zM01yZJmt3nhjjaNJFG6SNiG28AH2tX59f8FtP2UvgJqeq/B39rrUvAz3HxC079ob4a6Rp+uz6vdutrZnxLbbkitjL9njZhI4aRYw7A4LEAY/QWvlX/go3+wp+1L+25feGNF+F/wC2P4a+HnhTw14h0LxJHoupfCRtcup9b0vUTewXBuhqtqFgYpbo0HlE/u3PmfPhQDxr/gpRP+zLd/8ABSX4e6B/wU71vSLT9nqf4QanJ4Si8c6gbbwvceNF1GLzheszLA1yun7TbLcHHM5j/eV0P/BAX45p8Xf2fPi74L8MaxrWoeBvhv8AtCeIvDXwqu9fe4e4HhcR2l7p0W+5/fPGkV7tiMhLCDyR2AHuPjz4Fft7+J/hr4W8O+Hv23fBOneI7C2uY/GOs3nwOF5Za1I8qtBNb2baqrWTxINozNOrE7ivAA6z9kT9lnwt+yN8KJvh7ovinU/Eeraxr994h8ZeLtbEYvfEGtXsplu76ZYlWNCzYVY0UJHHHHGowgoA4n4BfE7w38Uf2/fi/qHhrTfENtHp3wr8D2NwviLwjqOju8qar4uJaJL+CFp4vmGJow0THIVyVOPoevGfA/8AykL+KH/ZGfAf/p28X17NQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQBzvxb+FXgn43/DbWfhP8RtIW+0XXbF7W+t24O08h1P8LqwDKw5VlBHSvBv2Gfip42+HHivVv2Bv2gtXa48WeB7VZvCOuXHH/CS+HidsFwpP3pYgBHIMkjaOWKu1fTdeEftz/s3+Kvi14W0n4wfBC4Sw+KXw6u21TwXf4x9rwP32ny8jdFOgK4JA3YyQpbPr5bXpVISwWIdoTd039ieyl6P4Z/3WnvE8fM6FalUjj8Or1IKzivtw3cf8S+KH95NbSPd6K85/ZU/aQ8K/tUfBfTfit4bt3s7iQta67o0+RNpWoRYE9rICAQVbkZAJVlbAzXo1ebXoVcNWlSqq0otprs1/X69T0sPXo4qhGtSd4ySafdP+vzW6CiiisjYKKKKACiiigAooooAKr6tpOm69pdzoms2MV1Z3kDw3VtOgZJY2BDKwPUEEirFFTKMZxcZK6ejXdMcZShJSi7Napng3wf1bUv2Zfien7NPjO+ll8MazJJP8OdYuXJ2c5fTZGP8AEpOUz1BA/iVR7zXI/G/4PeH/AI4fD+68E65I9vKWE+l6lDxLYXacxzoRggg9cEZBIzzXNfs1fGHxB4uttQ+FPxVjW28deE3FvrUPQX0X/LO9i6bkkGCcdCegDKK+SyuUuHcwjlFV/uJ3eHk+ltZUG+8FeVK796neGrpa/WZnGPEGAlm1Jfv4WWIiut9I10u03aNW3w1LS0VTT1Oiiivrz5IKKKKACvlb4721z+xD+0fF+1v4dt3X4e+ObiDTPixYwISmn3RbZbauFHTltkhHXcThmkBH1TWX418GeGfiJ4R1LwJ4z0iK/wBK1eyktNQs5h8ssTqVYe3B4I5BwRyK4sdhXiqK5HacXzRfaS/R6qS6pvsjz8ywUsZQXs3y1IPmhLtJd/7rV4yXWLfVI0bW6tr22jvLO4SaGZA8UsThldSMhgRwQRzmn18zfsZeMvE3wI+Iep/sB/F7V5bm68P2xvvhrrd0cHWdBJO2LPQzW+ChUfwqcDbHk/TNXgsUsXQU7Wa0kusZLdfJ7Pqmn1Ly/Gxx+GVS3LJNqUesZLSUX6PZ9U01owooorqO0KKKKACiiigAooooAKKKKACiiigAooooAKKK8B/4KUfteap+xf8Asz3HxL8N6Et/rOq6pHo2ieaxEVtczQzSCeTHJVFhc7RjLbRkAk104PCV8fi4Yairzm0l6v8Ap/ccuNxlDL8HUxNd2hBNv0X9JfM5n9iX/i9P7Unxx/axuP3tm3iGPwV4UlPRbLTlH2h4z3SWdlfPqpr6kr4f/wCCFP7Qtj8Tv2atS+DCeEvsF34AvUNzqCSFl1IX0tzMJWLc+aGSQNyRjZjHQfcFenxJRq4bOatCatycsUv7sYpRfzXvesmeVwxWpYrJKWIg7+05pt/3pSk5L5P3fSKCiiivDPfCsb4ieNNN+HPgPWPHmrkfZ9I02a7kUnG/YhYKPckAD3IrZrxT9sqebxla+EP2d9OlYTeOvEkUeoKjYYabbET3LDHphPrzXjcQ5jUyvJa2IpK9RK0F3qTahTXznOPyTPXyDL6eZ5xRw9V2pt3m+0Ipzm/lCMvm0a/7GngvUvCnwI07WfEIJ1jxRcS6/rEjDBee6bzAT6ER+WCPUGvVKbBBDawJbW8SpHGgWNEGAqgYAA7CnV05Tl1PKcro4Km7qnGMb92lq35yk5SfnJmGa5hUzXM62MmrOpJyt2TeiXlGKjFeUUFFFFegeeFFFFABRRRQAUUUUAfNH/BQZj8VfEvws/Y/syZF8feMkvfEUK850bTgLm4VvTcwj2k8EoRzX0sqqqhVUAAYAA6V+XvwT/4KSz/F3/gpzovxD8QfDkf2ZrUCeDPDdqJW8/TIbi7UpcsD8rSM7fvMAYRiATt+b9Q6+fyPHYXNKuIxNGV/eUfSMV7v33lI+X4czLBZzXxeMoS5vfUNmrRhH3d/5m5y+avqFFFFfQH1AUUUUAFeM/sH/wDJENc/7LN8R/8A1Ndbr2avGf2D/wDkiGuf9lm+I/8A6mut0AezUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFeW/tyfE7xJ8Ev2KfjB8Z/BkjprHhH4W+INa0po1ywubXTbieIgdzvjWgDwT9vv8AZe/bY8PftVeE/wDgo3/wTph8J69470TwTP4L8b/DjxxfPaWfinQHu/tkK290vFtdwXJkdWfCsJSCcApJ574c+Cv/AAVb/wCCif7Q/wAL/F37f3wI8DfA74U/CLxva+NbbwVoHjJNf1nxNr9mr/YGluYAIYbSGRzKV+8zKAQ2Q8eX+2V+1/8AHL9j/wD4N4PCXxe+H3xZ1XxF8WfGfw88KaP4c8XajeG4vb/W9aS2827SR8kyKk1zNF12mOMdFrzm7/4J+ePf+CNHxT/Zv/aF+FH7aPxa8bar49+MmgfD7416J458WvqGl+JV1oSQPfxwOoMUsFyFkjJZ2CdXOH3gH600UUUAFFFFAHjPgf8A5SF/FD/sjPgP/wBO3i+vZq8Z8D/8pC/ih/2RnwH/AOnbxfXs1ABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQB8i/Hazu/2A/2lh+134XtZB8MPiBeQ2Hxc023QlNKvmbZb60qjoCzbJcDksT8zSLt+trO8tNRtItQ0+6jngnjWSCeFwySIwyGUjgggggjrVDxr4M8MfETwjqXgPxro0Oo6RrFlJaajY3C5SaGRSrKfwPUcjqOa+Z/2MvGfif9mT4s3v8AwTu+MmszXUen2z6h8IPEN43Or6ICSbNm6Ge2wRtH8CnACopb3J/8KuB5/wDl9RWvedNaJ+cqeifeFn9lngw/4SMf7P8A5c1np2hUerj5RqatdFO6+2j6rooorwz3gooooAKKKKACiiigAooooAK8k/aV+FHie9udP+PPwdhC+NvCiloYAPl1ey6y2UgH3sjJT0YkDBII9borzs1yzD5vgZYatdXs1JaShJO8ZxfSUZJNP1TunJP0MrzLEZTjY4mlZ2unF6xlFq0oSXWMo3TXo1ZpNcx8H/iv4X+NXw/sfiB4UmPkXabZ7aQ/vLWdeJIZB2ZTx7jBHBBrp68C+Itnd/smfFeT45eHraRvAnim7SLx1p0CEjTbpjtTUUUdFJOJAOpPcldvvNneWmoWkV/YXMc0E8ayQzROGWRGGQwI4IIIINcGRZniMUqmDxtliaNlNLRST+CrBfyVEr215JqcHrFX7s7y3D4ZwxmCu8NWu4X1cWvipSf89Nu19OaDhNaSdpKKKK+gPBCiiigDxb9tf9nnxB8ZfAth46+FF0th8RvAl5/a/gjUhgFplAMlm5PWKdV2FScZ25+UEHpf2W/2hvD/AO038HdP+Jmj2rWV7ua01/R5ciXS9Riws9s4PIKtyMgEqynAzivRK+VPjRDN+wx+0vH+1FosTR/DX4h3kOn/ABQtIl/d6VqLHbb6uFH3VYnZKfViTuZ1x5GK/wCE/E/XF8ErKp5dIz/7d2l/daf2Twsb/wAJeM+vx/hytGqu3SNT/t2/LP8AuNN/AfVdFNhmhuYUuLeVZI5FDI6NkMDyCCOop1eue6FFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFfG/iLwh4f/wCCmP7WGq+H/F1i2pfBf4QyTadLbLcSRw+IfEkkZSYh42ViltG2AVIIcgglZDXpn7fnx98X/DP4faZ8Hfgq3m/Ev4m350PwbAjYa13AfaL9sfdSCNt27naxUkEBq9C/Zq+AfhD9mT4J6D8FvBa77bR7QLcXjriS9uWO6a4f/aeQs3sCAOAK9zCSlleCeMTtVqXjT7pbTmuz+xF93JrY8HGRjm2OWCavSp2lU7Se8Kb7r7c12UE9yT4Efs5fBP8AZl8IP4E+Bnw/tfD+mS3BnnhglklkmkIxukllZ5JDgADcxwOBgV21FFePVq1a9R1KsnKT3bd2/Vs9qjRo4ekqdKKjFaJJJJeiWgUUUVmaBXiXw9/4ur+2J4t+IL/vNN8C6XF4d0puqm7kPm3Tj0Zf9WfYivUfiX440/4a/D7WvH+qYMGkabNdMhON5RSVQe7HCj3NcV+xz4I1Dwb8BdKvdfy2r+IpJNc1mVhhpLi6bzMsPUIY1PutfLZt/wAKHEGCwC+GnzYif/bnuUk/WpOUv+4fkfT5X/sGQ4zHP4qlqEP+3/fqtelOEY/9v+Z6jRRRX1J8wFFFFABRRRQAUUUUAFcl8ePirpnwP+DHif4uavtMPh/RZ7xY3OBNIqHy4vq77UHuwrra+aP+Cgzv8V/EPww/Y5sXLj4geLkvPEkSnP8AxJdPxc3Ct/d3MI9pPBKEc1xZjiJ4bBTnD4to/wCKT5Y/i19zPOzbFTweX1KlP47Wj/ik1GP/AJNJP0TKP7AH7Cvwh+HPw48IfHzxt8PYLr4mappp1TU9cvJpWeGW7Zptqwl/KidEkWMsqBuDzya+paRESNBHGgVVGFUDAA9KWqwWCw+Aw0aNGKSVr2Vruyu33b3bLy7LsLleEjh6EUkkr2SV3ZJyfdvdt66hRRRXWdwUUUUAFeM/sH/8kQ1z/ss3xH/9TXW69mrxn9g//kiGuf8AZZviP/6mut0AezUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFUvEvhvQfGXhzUPCHirSYL/S9VspbPUrG5TdHc28qFJI3B6qysQR3Bq7RQB+eHwo/4N5Phj4A+LfgHUvGv7aXxf8AHPwo+E3iaPxB8L/gn4r1lLjSNEvoSxtdz433EVuWIiQgFV+Usys6v9UftS/sc6X+1T8UPg5418WfEG+sdG+EfxAHjFPDVtZo0es6nDbSw2Tyyk7o1gaaWQBQdzEZxtBrw39qH/g4M/4Jm/sr/GDUvgBrnxP13xj4y0SZote0L4c+FbnWH0yRTh45pYlEIdTlXQOXRgVYKeK9I/YQ/wCCtH7CX/BR641TQf2X/jGL3xFoUXm634P1zTJ9N1ayj3BTI1vcKpkjDMqtJGXRWZVZgSBQB9I0UV4X8d/+ClX7E37M/wAc/Dv7Nfxp+NqaT438VXum2mi6FB4f1G9aSW/ufstmJZLW3kjt1lmyivMyLkckDmgD3SivLf2k/wBtH9mv9kh9Ds/jv8Q5NO1DxNLPH4d0LSdBvtX1PUzCoaZoLHT4J7mVI1ZS7rGVTeu4jcM7v7P/AO0Z8E/2pvhvB8W/gD8QrPxJoE91Nam8tUkje3uYXKTW88MqrLbzIww0UqK6nqozQBx3gf8A5SF/FD/sjPgP/wBO3i+vZq8Z8D/8pC/ih/2RnwH/AOnbxfXs1ABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAV41+2x+zHd/tHfDK3uvAuqjR/H/hG9GsfD/xAhCtZ6hHgiNm/wCeUu0I4OR91iG2AV7LRW+FxNbB4iNak7Si7/8AAa6pq6a6ptHPisLRxuGlQqq8ZKz/AEafRp2ae6aTPJv2Nf2nLT9qD4Rr4j1XSTo/ivRLt9J8ceHJQVl0vVIflljKnkIxG5DzwcE7lYD1mvk79rHw7rn7HPxzt/8AgoD8MNKnn8O6gsOmfGvQLGMsbixyFh1ZEHWaAkBj1KY+6DI1fUnhzxFoXi7w/Y+KvDGqwX+m6laR3Vhe20gaOeGRQyOpHUFSCD7125lhqK5cVh1+6qXsv5ZL4oP0vePeDT6M4csxVaTlhMS71adrv+eL+Ga9bWkuk1JbNF2iiivLPWCiiigAooooAKKKKACiiigCrrei6T4k0e68P69p8V3ZXtu8F3bTLlJY2BDKR6EGvEvgtrerfs4fEpf2XvHeoSzaDqJef4b61dNnfFnL6fIx/wCWkefl9QQOMote71xvx1+DeifHDwDP4Q1O4e0u45FudG1WHiXT7xOY5kI5GDwQCMgkZHUfO57luKqunmGAS+s0b8qvZVIPWdKT7TteLfwVFGW3Pf6DJMxw1JTwGOf+zVrcz3dOa0hViu8b2kl8dNyjvy27KivMP2a/jJrnjrTr/wCHHxOt0svHPhSQWviC06C5X/lneR9N0cgwcjgE9ACufT69PLMywubYGGKw7fLLo1ZxadpRkukoyTjJPZrtZvzcyy7E5VjZ4Wuvej1WqkmrxlF9Yyi1KLW6fqkUUUV3nCFZHj3wL4W+JvgvVPh7430iO/0nWbKS01C0lHEkbjB56gjqCOQQCORWvRUyjGcXGSumTOEakHGSuno13T3Pmn9izx14q+DfjbVf2CPjLq0lzqvhS2+1+ANbuuDrnh8kiLB7ywY8tlHZcDIjLH6WrxL9tr9n3xN8VvB2m/E/4OzLZ/En4f3Z1XwZfAYM7AfvrF+m6OdBsKkgbtuTtLZ639mP9oLwx+018HdM+KnhyFrWWcNb6xpUp/e6bfR/LPbSA4IKt0yASpVsDdXl4GUsJVeBqPZXg31h29YbPvHlfc8bLZzwNd5dVd+VXpt/ah/LfrKnpF9XHkl3PQKKKK9Y9sKKKKACiiigAooooAKKKKACqmv69o3hbQr3xN4i1KGy0/TrSS5vry4fbHBDGpZ3YnooUEk+gq3Xyp+29r2s/tMfF3w//wAE7vh1qc0Nvq8aa18WdUtHIbT9CjcFbXcPuy3LhVA6hdpIKua7cvwf13EqDfLFXcpfyxWsn92iXVtLqcOY436jhXUiuabajGP80npFffq30ipPoH7EWg6z+0z8XvEH/BRD4iabNDbatHJonwl0u7TDafoUbkNd7T92W5cM2eoXcASjivquqmgaDo3hXQrLwx4c0yGy0/TrSO1sbO3TbHBDGoVEUdgFAAHoKt0ZhjPruJc0uWKtGMf5YrSK+7VvrJt9Qy7BfUcKqcnzTbcpS/mk9ZP79EukVFdAoooriO4KKKKAPE/2xZZPHD+DP2c7F2L+NvEcZ1RUPI021xPcHjp0THrg17VFFHBEsMMaoiKFRVGAAOgFeKfDP/i6n7XvjP4lSfvNO8FWEXhnR26qblj5t2w9GVv3ZPowr22vluHf9uxmNzR7VKns4f8AXuhemreUqntZeejPp+IP9iwmDyxb04e0n/18rWm7+cafso+WoUUUV9SfMBRRRQAUUUUAFFFFABXzP+z/AP8AF9P28vij8fJT52k+A7SHwJ4ZkPK+eh8/UGHYMspVMjkq+K9l/aJ+Len/AAH+Bnir4v6iUK6Bos91BHIeJZwuIY/+BylE/wCBVxv7Afwk1D4O/sp+FtG8Qh21zV7Ztb8QzTD95Je3jGd9/qyh1jP/AFzry8T/ALRmNGh0heo/l7sP/JnJ/I8XGf7Vm1DD9IXqy+XuU1/4E5S/7dPZaKKK9Q9oKKKKACiiigArxn9g/wD5Ihrn/ZZviP8A+prrdezV4z+wf/yRDXP+yzfEf/1NdboA9mooooAKKKKACiiigAooooAKKKKACiiigAooooAK8r/bo+K+v/Af9iT4x/HHwpceVqngz4V+Idd02UDOy4tNNuLiNvwaMGvVK4P9qX4ffC/4tfsx/Eb4VfG/xX/YPgvxN4D1fSfF+uf2jFZ/2dpdzZSw3Vz58wMcHlwvI/mSAom3cwIBoA8i/wCCQH7Lfwr/AGU/+CePwr8KfDjwxa2t9rngjS9c8XawsI+1a3q93ax3F1d3Mv35naWV9pcsVQKgO1QK8s/4Kx/DLwV8L/2mP2Vf25/BGg2umfEGx/aK8PeBtT16zhWOfVNA13ztPubK4ZQDOitJFJHv3eWVfbjeTXzRpX/BO/8A4I0aFpdtomif8HE3xZs7Kzt0gs7O1/bK0aOKCJFCpGiKgCqqgAADAAAFdH8I/wDgnb/wR5vPjv8ADnxFYf8ABcL4g/EnXfDPxD0XXfCPg7xL+1No+tW2o6zaXsU1lF9j8stOzTKqBI8SNvKqQWoA/WCvj3/gtP8A8kB+FP8A2dF8NP8A1JbOvsKvBf2sf+CZ37HX7b/i3TfG37S3gfxLrd7pFvaxadHpvxN8QaRawm2uJLiCYW2nX8EBnSWRnWcoZRhBvwiBQDwv9tS2+LnjL/grV8J/Cn7HPiPQPDPxZ0T4K+IdS13xJ49sZNQ0OXwtPqVhC1mLCF4p7i7N7FBIskVzbiKON95lEioN/wD4IvSX+leEPjx4B+IKxXHxK0T9ojXD8V9c025V9L1nW7i0sbgXVggjQ21v9kktI/sz7pInicPJKxMj+qeM/wDgmR+xZ8QvAfg74f8AjD4YatexeAI7mPwfrrePdbTXtMjuGLTomsJeDUGSQn5la4ZSFUEYRQPQ/wBnr9mz4G/sp/DpPhR+z78ObLw1oQvZr2a1tXkkkuruZt0tzcTSs8txO5A3Syu7tgZY4FAHmHwC1L4r6n+378X5Piz4L8PaJcx/CvwOmmReHfE8+qJcWY1XxdsmleaytDDKTuBiVZFUAESNkgfQ9eM+B/8AlIX8UP8AsjPgP/07eL69moAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigCtrGj6V4h0i60DXdOhvLG+tnt7y0uYw8c8TqVdGU8MpUkEHqDXyn+zHrGq/sQftBSfsKePtQmk8E+JHn1P4K63eSFhGm7fcaM7nq8bNujzyQ3XLoo+ta8t/a/8A2ZtG/an+Dlz4Ek1JtL12xuE1Lwh4hhJWbSNUh+aC4Rl5Az8rY5KscYOCPUy3E0Yc2GxD/dVLJv8AlkvhmvOLeq6xcl2PKzPC1p8uKwy/fU7tLbmi/ig/KSWj6TUX3PUqK8T/AGH/ANpnWfj58Pr7wr8UdNXSviT4Gvf7H8f6IwCmO7TIW6QDgwzqpdSPlzuAJCgn2yuPFYWtg8RKjVXvR+59mn1TVmn1TTOzCYqjjcNGvSfuyXzXRpro00010aaCiiiuc6QooooAKKKKACiiigAooooA8h/aU+F3ilNRsP2hvg3bD/hMvC8Z8yzXga1p+cy2bgfeOMlO4PTkqR3fwm+KPhb4y+ArD4heELkvaX0WWif/AFlvKOHicdmVsg/mMgg10deA+Oba4/ZF+LUnxe0WB/8AhX3i69RPGVjEpK6RfOdqX6KOiOTh8dz3JQD4/ME+GsxlmcP92qte3XSEtIxrpdto1v7vLV3hNn12Aa4jy+OWz/3mkn7B/wA8dXKg/PeVH+9zU9pxR79RTLa5t7y3ju7SdJYpUDxSxsGV1IyCCOCCO9Pr69NNXR8k007MKKKKYgr5U+K0cn7CX7TqftEaWjRfC/4mX8Vl8RbZB+60XVmOINUwOFSQkrKeBkljuZkA+q6xfiN8PvCXxX8Cat8N/HekpfaRrVi9rf2z/wASMMZB/hYHDKw5VgCORXFjsLLE0k6btUi+aL7Nd/KSvGS7PukedmWCnjKCdJ8tWD5oPtJdH/dkrxkuqfdI2Y5I5Y1licMrAFWU5BB7ilr5s/Ym+IXi34XeK9X/AGEPjXqr3HiDwZbC48Gazc8HXvD5O2CQeskPEbgdAAOdjNX0nV4PFRxlBVErPZp7xktGn6P71ZrRmmAxsMfhlVSs9VKL3jJaSi/NP71ZrRoKKKK6jtCiiigAooooAKKKKAOF/aU+PnhD9mT4Ka98afGrbrXR7Qtb2aNiS9uWO2G3T/aeQqvsCSeAa89/YD+Afi/4a/D/AFT4yfGpPN+JfxOvxrnjKZ0w1puH+j2C5+6kEZ27f4WZgCQFrhdS/wCM8f23U0Nf9J+FnwJ1MS33eDXPFePlj9HS0UnPo+QQVkFfW1e1if8AhOwCwq/iVLSn5R3hD/2+S7uCex4WF/4U8weLf8OleNPzltOf4ezi+ym1uFFFFeKe6FFFFABWB8U/Hdh8MPhxrfxB1LaYtI0yW52MceY6qdifVm2qPc1v18Z/8FRfjv4r0bU9P+A2jGGLTL7TYdS1Z9oZ7gidxHCc/dUNCHP97I7DB+T444lo8JcMYjMZ35kuWFlf95O6h8k9X5R8z6rgvhyrxVxJQy+FuVvmnd29yNnP5taLzfke/fsfeA7/AMCfATRzru5tW1zfrOsyuMO9xdHzTu/2gpRT/u16dXDfs1fETxB8V/gX4c+IHinR0sb/AFGyZri3jjKIdkjxh1U9FdVDgejiu5r0uHIYOnw/hI4Rt0vZQ5W1ZtOKd2nqm7uTv1k/V+bxDPF1M+xcsUkqntJ8yTuk1Jqya0aVklbol6Iooor2jxwooooAKKKKACiiigD5n/b5J+L3j74VfsdWhMkPjLxWNW8UxLyP7H04CeVH9BI+0KT/ABR4r6YAAGAMAdAK+Z/2bP8Ai+X7b3xY/aMm/faX4RWHwF4WlPK7oCJr9h2z55UBh1ViK+mK8vLf3062Kf25WX+GF4r73zs8XKf9oqV8a/8Al5K0f8FO8F98ueXzCiiivUPaCiiigAooooAK8Z/YP/5Ihrn/AGWb4j/+prrdezV4z+wf/wAkQ1z/ALLN8R//AFNdboA9mooooAKKKKACiiigAooooAKKKKACiiigAooooAK83/bJ8cfDT4ZfshfFX4k/GfwKPFHg7w98N9c1PxZ4ZMMcg1fTINPnlurPZIQj+bCjx7WIU78HjNekV5F/wUD+Ffjn46/sF/G74I/DDSF1DxL4y+EXiXQ/D1g9zHCLm+u9LubeCIySMqRhpJEXc7BRnJIAJoA+Wfif+xr/AMEMfgv+xzpn7bnxJ/4Js/Da08J6lp3h+6+zWnw8sp7uH+17mztbVCgABIlvYQ5DYADEZxz7x4I/4JFf8Ev/AIa+NNI+I3w//YJ+Feja9oGqW+paJq+neDrWK4sbuCRZYZ4nVMo6SKrKw5BUGvz3/aM0X/gv9+0L/wAE/NP/AGCrz/gkD4a0u00+w8LWw8SxfHvRZZHGi3+n3it5BkUDzTYBCN/yiUn5tuD9UfCL9sf/AILpeKPix4X8NfF3/gjb4X8L+E9R8RWVr4n8TW/x90q8k0jTpJ0S5u1t0+adooi8gjX5nKbRyaAPuuiiigAooooA8Z8D/wDKQv4of9kZ8B/+nbxfXs1eM+B/+UhfxQ/7Iz4D/wDTt4vr2agAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD5a/bZ8AeLvgJ8RtO/wCCh3wO0WW71Dw7aCy+J3h60GDr/h/ILyY6Ge3ADqx/hQZO2Pafoz4efEDwj8VfA2lfEjwFrMWoaNrdjHd6deQniSJxkZHVSOhU8ggg4INa80MNxC9vcRLJHIpV0dchgeCCD1FfIvwmmm/4J6ftPj9m/WpWj+EfxP1KW7+Gt5I37rQNYc7ptJJP3Y5Sd0Q9SANzGRh7lP8A4VcD7J/xqS93vOmtXHzlDWUe8OaP2UeDU/4SMf7VfwazXN2hUeil5RnpGXafLL7TPryiiivDPeCiiigAooooAKKKKACiiigAqn4g8P6N4r0O78NeItOivLC/t3gu7WZcrLGwwyn8DVyipnCFSDhNXTVmnqmno011TTsyoTnTmpwdmndNaNNapp90zwr4G+INZ/Z9+Ig/ZW+IWoyz6Xcq8/w41u5b/j4tgctYu3TzYs/L6r6AoK91rivj18F9J+OHgOTwzc3bWOpWsq3eg6vDkS6feJzHKpHOM8EDqCehwRkfs2/GfV/iLo994H+Itoth438LTC08S6fwBIcfJdR+scg+YEcAnjgqT8llM55Bj1k1d3pSu8PJ9lrKg2/tU1rTu7ypaaypO/1WaQhnuBeb0VarGyxEV3eirJL7NR6VLaRq66RqK3plFFFfXnyYUUUUAeG/tu/ALxZ8R/DGlfGT4KsLb4l/Du6bU/Cdwo/4/VA/f6fJ03RzICu0kfNgZAZs9v8As1/H3wn+0v8AB7Sfiz4TVoReRmPUdOlP73T7xPlmtpBwQyNnqBlSrYwwru6+A/2qf2mNJ/4Jjfti6hrfgDw//bmkfEvQ11nxN4L+2G0S0vxM8S38MvluoMuyXem35mUkkfJjw8wr0snr/XZu1OVoz9dozS6v7MratWf2T5vNMTQyDEf2jUdqM2o1PJ7Qml1enJJLVx5Xryn35RXG/s/fG7wn+0d8HNC+NXgiK4j03XbVpIobpQJIXSR4pY2xwSskbrkcHbkcGuyr2aVSnWpxqQd4tJp909UfQUa1LEUY1abvGSTTXVNXT+4KKKKs0CiiigArwv8Ab1/aG8T/AAZ+F9l4D+EUX2r4kfEPUBoPgSyQ/MlxJgSXjddscCNvLEFQxTdwSa9t1XVNN0PS7nW9Zv4rWzs7d57u6nkCRwxIpZnZjwFABJJ6AV8sfsa6VqX7WPx313/goT43sJU0ZUm0D4OaddIVNtpUbss+obT92S4fcAeGC715Uqa9bK6NKLljK6vTpWdn9qb+CHo2ry/uxfc8jNa9WShgqDtUq3V19mC+Ofqk+WP9+S7M9s/Za/Z68MfsufA7Q/g54Zl+0HT4DJqmpOP3moXsh3T3Lk8ku5JGScKFXOFFehUUV51etVxNaVWo7yk22+7Z6VChSw1CNGkrRikkuyWiCiiisjUKKKKAML4mfEPw58KPAeqfEPxZc+XY6XatNLgjdIeixrnqzMQoHqwry39n34EWXjDQ7/4yftB+CtM1bxL4zukv5LLV7CO4TS7UDFtbIsqnYVQgngHJAPK5qp4p/wCMpP2ho/AEP73wP8OrtLnxAw5j1PV+fKtfRki5LD1ypHKmveq+Nw9KlxNm8sVWipYbDuUKaaTjOp8NWpZppqGtKndNX9rJdGfX16tXhvKY4WlJxxNdRnUabUoU/ip07pppz0qzs07eyi+qGwww20KW9vCsccahY40UBVUDAAA6CnUUV9kkkrI+Qbbd2FFFFABRRRQAUUUUAFfPP/BTf9pj4lfsq/syv8QPhRaw/wBsX+uW+lxX88AlXT1kjlc3GxgVYgxBAGBXMgJBxg/Q1fLHxSsbL9s39tfT/gfeWcWofD/4QRx6x4yt5oxJb6lrcyEWlm6nKuscZZ2ByDmRGHSvLzipWWCdKjLlqVPdi1um+vpFJtvt52PFz6rXWXSoYeTjVqtQg1upPd+kYqUm+iWmrRw//BDj4u+LfHfwQ8U+BNf8Polr4d1xZ7XXFRg2oS3hmlmWRjw8iFFJbrtlQEcAn7frL8H+CPBfw80OPwx4A8IaXoemxMzRado+nx20CEnJIjjUKCT14rUrTKsHVy/LqeGqT53FWvt1f5ba69zXJMBWyvKqWEq1OeUFbmta+r/K9tde+oUUUV6B6oUUUUAFFFFABXjP7B//ACRDXP8Ass3xH/8AU11uvZq8Z/YP/wCSIa5/2Wb4j/8Aqa63QB7NRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRXy1+3D+3z8e/2PPip4I0jTf2LH8T/D3xV428N+GdQ+I8/xEtLBbC81fUksVWKwEM1xcNEZEkbcIkYNgSZBIAPqWivJf2hviF+2l4O8QWFn+zF+y94F8eaZNZl9SvvFfxbuPDsttPvIEaRRaPfCVduDvLocnG3jJ5n/AIJpftoeNf2+f2aD+0X4v+Clh4IguvFWraXodtpXi5tattVs7G5a0/tCG4eztG8qWaKcIDECURXz8+1QDa8D/wDKQv4of9kZ8B/+nbxfXqviG+vbZbSx02RY5r67ECTMm4RgI8jNjudqHHuRXlXgf/lIX8UP+yM+A/8A07eL69S8Qf8AIW0P/sKv/wCklxQAg8P6vjnxzqmfaG0/+MUv/CP6t/0POq/9+bT/AOMVqUUAZf8Awj+rf9Dzqv8A35tP/jFH/CP6t/0POq/9+bT/AOMVqUUAZf8Awj+rf9Dzqv8A35tP/jFH/CP6t/0POq/9+bT/AOMVqUUAZf8Awj+rf9Dzqv8A35tP/jFH/CP6t/0POq/9+bT/AOMVqVz3xa+Kfgf4G/C7xF8Z/ibqs1h4c8KaLc6tr1/b6fPdvbWdvE0s0oht0eWTaisxVEZsA4BoAu/8I/q3/Q86r/35tP8A4xR/wj+rf9Dzqv8A35tP/jFcve/tO/AbTv2aH/bEvPiRZp8NU8Gf8JYfFYilMJ0c2v2oXQQJ5hBhwwQJvOQoXccV8of8FLP26/8AgoD8HP2Xrv8Abg/YE8H/AAa1j4S6X8LIfGV3rnxRGuRarfCQPKsFtpsKQMgNubd83EsTBpGVkBTBAPtf/hH9W/6HnVf+/Np/8Yo/4R/Vv+h51X/vzaf/ABisr4G+N9W+JvwT8HfEjXre3hvvEPhbT9SvYrRGWJJZ7aOV1QMzEKGcgAknGMk9ap/tE6n+0DpHwb1m/wD2WfCvhfWvHqrAvh/TvGmqT2elyM08aytcTQRySKqQmVwEUlmRV43ZAB0P/CP6t/0POq/9+bT/AOMUh0DWQMx+ONSLDoJILUr+IEIP6ivlH/glh+2X+2H+0n8R/j58FP20dA+Gln4m+Dfjqy0GOb4X22oJY3Cz2K3TEvfSvJKRvChtkWcH5K+w6AKPhzUbnVNJS5vFUTJLLDNsGFLxyNGxA7AlSfxq9WX4P/5BM3/YVvv/AErlrUoAKKKKACuA/ab/AGePBf7UfwZ1b4PeNg0Ud9GJNO1KFf32nXicw3UR4IdG54I3KWU8Ma7+itaNarh60atN2lFpp9mjKvQpYmjKlVV4yTTT6pngH7Cn7Q/jPx9o2s/s9/H7bbfFP4bTrp/ieNj/AMhW3x/o+pxZxvSZNpJH8RyQodRXv9fnh/wXP0P4pfDW98C/tM/Aka3oOpQWt/o3ijxf4ZvZrW4itnMD2sEskLAiMt9oIJ4BwM8rWn/wTz/4KWzeDvgro/g79vfWfE+ialfXjnwp428U6FcJZavYFU8vdeFSHlVxMDI+FKBCXJzX1WL4eq4/LY5tgkmpvWnH4oyV+blV9Y3XMklzRjLZpJnyOE4jpZfmksnxzadNaVZaRlF25eZtaSs+Vyb5ZSjum2j78oqh4a8U+GfGmiQeJfB3iKx1bTbpN9rqGm3aTwTL6q6Eqw+hq/XyLjKLs1Zn2UZRkk07phRRRSGFFFFABRRRQAUUUUAFePftJfDTxVpmsWP7SXwas9/izw1CVv8ATo+Brmm5zLauB95gMsh5ORgAnbj2GivNzfK6GcYGWHqNxejjJfFCcXeM4vpKL1XRq8XeMmn6OVZnXynGxxFNKS1Uov4ZwkrShJdYyWj6p2krOKa5/wCFvxL8LfF/wJp/xC8HXnm2OoQ7lVsb4XHDxOOzq2QR7cZGDXQV4B4shl/Y++Lb/EnTImX4ceMr9U8T2sYymiai5wt6oH3YpDgPjof+ALXvsM0NxClxbyrJG6hkdGyGB5BBHUVxZFmlfGQnhcYlHE0Wo1Etnf4akP7lRLmW/LLng9Ya9md5ZQwk4YnCNyw1a7pt7q3xU5f36bdn/MuWa0lo6iiivfPCCvEf2tP+Cf8A8Af2yr/S9b+KUer2Wp6REYLfVNBvI4Z5ICxbyH8yORWQMWYfLkFmwRk59uorDE4XDYyi6VeClF9Hsc2MwWEzDDuhiYKcHumrrTY+Urj9lT42fsVSnxl+wvqs+u+GEAfXPhH4j1FnjucAb5rC4fJgnbGSp+ViT97Cx16/+zh+1p8KP2mNMuYvCV1c6Z4g0tvL8QeENbh+z6lpcoOGWWFuSoPG9cr2JByo9Orx39o/9jPwF8eNTtviLoGsXng34g6UM6J478Pny7uEgYEcwBAuYuxR/wCEkAqCc+f9Tr5f72C1h1pt6f8Abjfwv+6/cf8Ad3PK+oYnK/ey7WHWk3Zf9w278j/uu8H/AHHqexUV8z+A/wBsf4g/A7xZZ/BT9vjQ7XQb+6l8jQPiTpykaFrpHTzHwBaTkclWwvU/INufpaKWKeJZoZFdHUMjqchgehB7iu3C4yhi4vk0a3i9JRfZrp5PVPdNo9HBZhhsfFum2pR0lFq0ovtKL1Xk9U902h1FFeJfte/tdL8BINM+GXww8N/8JZ8UvFxMHg3whbtksxyDd3JBHlW0eCzMSN21gCAHdPSwuFr4yuqNJXk/kkurb2SS1beiRpi8XQwVB1qztFfNtvRJJatt6JLVv8PFv2x/2pvh3+1b8TNB/wCCc/wM+LFp9p8Va89p8R9ZtZSi2OnW6+bPZQysAs0820x4jLgbWRvvHH2N4U8LeH/A/hjTvBnhPSorHS9JsorPTrKBcJBBGgREUegUAfhX5vfsrf8ABDj4yfCb9pHwp8Xfib8XvDs+j+GtUtNYMOjPcNeXF5CySiEiSJUWPzVwX3kso+6pbj9Ma9/iJZVhoUMJl1b2lOKbk7bzb1b0V9Eklb3Vpd3bPnuGnm+JnXxmZ0PZVJNRir7QS0S1dlzNtu/vN3srJBRRRXzB9UFFFFABXmv7T3xd1f4aeCYNB8Cwi58X+KboaZ4WsxjPnvw059EiU7iTwDtB4NeiajqNhpGnz6tql3Hb21rC01xPK21I41BLMxPQAAkn2rxH9njTr/46fEvUf2sfFVpIlgVk0z4e2NwuDBYqxWS72no8zZ56hdw5BWvmuIcZiZKnleDly18Rdcy3p01b2lX1SfLDvUnH+Vn0eQYTDxdTM8ZHmo0LPle1So7+zp+ja5p9qcJfzI9F+BXwi0n4I/DSw8B6bMbiaIGbU79877y7fmWZieSS3TOSFCjtXX0UV7mDweGy/CU8Nh48sIJRil0SVl/wXu223q2eJjMXiMfip4nES5pzblJvq27v/htkkktEgooorpOcKKKKACiiigAooooA89/am+POk/s1/ArX/i3qMIuLiwtfL0iw5Jvb6Q7LeAAcndIVzjkKGPasH9iD4C6t8BvgZa2njeZrnxh4lu5de8bX8uDJPqdyd8isR12DbHxwShI+9Xn3jD/jLr9uzT/h7H+/8DfBBo9W17vFfeI5VP2WA9m8hMucdG3qw5FfUNeThv8AbMfPEP4YXhD1+3L77QXlGR4mE/4UMzni38FO9OHm/wDl5L70oJ9oy7hRRRXrHthRRRQAUUUUAFFFFABXjP7B/wDyRDXP+yzfEf8A9TXW69mrxn9g/wD5Ihrn/ZZviP8A+prrdAHs1FFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFfnp/wAF7v2xf2Wvg/4O+FvwZ+KHx58NaF4ri+OXw98VyaBqWpLHdLolv4khafUCh58hBbXBZ+g8l/Sv0LooA+P/APgox+25oF//AME0dQ+Jn7GvxD0zxPrfxkntvAnwd1jRLwSQ32s6vcnTopoZF4JgzcXBPQC0b0r6I/Zo+Angv9lr9nrwT+zh8O4NmieB/C9lounEoFaVLeFY/NfHV3Kl2PUsxJ613FFAHzx8AvBfiTwT+378X7XxL8XPEPi+S8+Ffge5t7nxFbadE9jE2q+LgLWIWFpbKYlwSDIry5Y7pGGAPc/EH/IW0P8A7Cr/APpJcV5b4H/5SF/FD/sjPgP/ANO3i+vUvEH/ACFtD/7Cr/8ApJcUAcN+0b+zP/w0V/Y3/GQPxO8C/wBj/aP+Sc+K/wCy/t3m+V/x8fu383Z5XydNvmSdd3HmP/Ds/wD6yBftN/8Ah1v/ALmr6bor0aGbZjhqSp0qlorpywf5wb/E83EZPluKrOrVp3k93zTXlsqkV+CPmT/h2f8A9ZAv2m//AA63/wBzUf8ADs//AKyBftN/+HW/+5q+m6K2/t3Nv+fv/ktP/wCVGH+r+T/8+v8Ayap/8tPmT/h2f/1kC/ab/wDDrf8A3NXT/Bz9hv8A4U98SNO+I3/DYPx08U/2d53/ABIfGXxB+3abdeZC8X76DyV37d+9eRh0Vu2K90oqKmdZnVpuE6l01Z+7DZ+lNP7mvU0p5HlVGopwp2ad171TdetRr70/QKra1o2k+I9Hu/D2vadDeWN/bSW97aXEYaOeJ1KujKeCpUkEdwas0V5Z6p+GGn634s1b4aaZ/wAGwt/qd9Jr1l+0g/h7Up3kb7RJ8I7cr4jS8aX+F3tmis1GcEDZk5wfvr/gvL8TPg78P/8Agk/8cPhZrPxB8NaJq2pfCq+i8P8Ahy61a3trm6QKEVbe3Zg0gGNoCKemO1fVEfwD+BUPxhk/aHi+C3hJfiBLpn9my+OV8OWo1h7Pj/Rje+X55i4H7vft4HHFYXxu/Yy/Y+/aZ1qz8SftIfso/DX4g6jp1qbbT7/xv4F0/Vp7WAsXMUb3ULsibiW2qQMknFAGF+w58Zvg/wCPf2TfBE/gT4q+G9bTQPAGjJrraPrlvdf2cwsI8rP5bt5R+R+Gwflb0Ndt4W/aF+A/jf4P2/7QnhL4zeF9Q8B3Vu1xb+MrbXYG0uSJZDE0gud/lbRIpTO7G4EdaofBn9k79lj9nHStW0L9nn9mn4f+A7HXtn9u2fgzwbY6XFqOxWVPPS2iQTbVdwN4OA7AdTVqL9mn9nKD4KH9mqH4AeCU+HJtTbHwAvhWzGieSZTKYvsPl+RsMhLldmNx3YzzQB8J/wDBJv8AaH+AFz/wUL/bUs7f45eDpJvFXxs0c+GIk8TWhbWB/Y8CZtQJM3Hz/L+73fNx1r9Iq8T8E/8ABNT/AIJzfDXxdpvxA+HP7AXwT0DXtGvI7vSNb0T4VaRaXdjcIdyTQzRW6vE6kAhlIIIyDXtlAGX4P/5BM3/YVvv/AErlrUrL8H/8gmb/ALCt9/6Vy1qUAFFFFABRRRQAVR8R+GfDfjHRbjw34u8P2WqaddJsurDUbRJ4Zl9GRwVYexFXqKabi7p2YnGMlZq6PmXxN/wTM8C+FdbuPHX7H3xW8SfBvX5n8yWPw3cm40i6ft5+nzExuOmFUqo/u1R/4aJ/b2/ZoP2f9pj9nSD4keHYPv8Ajb4TZe7RB/HPpsuHLY5YxlUXHevqiivWWcVqq5cZBVl/e+NelRWl9/MvI8eWS0KTc8FN0X/d+B+tN3h9yg/M8t+Af7aP7M/7S6fZ/hJ8VtPvNSUH7RoN4xtdRgZfvBraYLJ8pyCwBXI6mvUq8o+Pn7Ef7Mf7Sj/2j8UPhbZSawhDW/iPTM2epQuv3WFzCVdtp5AcsvtXlv8Awof/AIKC/szfvv2ePj/a/FTw5B93wd8VDt1FEH8MOpR4Lv0A83ai46Gn9VyvF/7vV9nL+Wpt8qkVb/wKMfUn63m2D/3mj7SP81Lf505O/wD4BKXofVNFfNHhP/gpr8M9E16DwF+1l8OfEfwa8RzNsjj8XWpfTLl+/kahGPKkQf32CLx1r6M0LX9C8UaRBr/hnWrTUbC6jD2t7YXKzQzKf4ldCVYe4NceLy/GYJr20Gk9nvF+kleL+TO7CZjgsen7Com1utpL1i7SXzXzLdFFFcZ2hRRRQAUUUUAUfE3hrQvGXh698K+JtNjvNP1C2aC7tpRlZEYYI9vqOQeRXjXwG8S658CvH5/ZR+JOpST2pief4d63cn/j+shybNm/56xDgDuo6AbM+51w/wAf/gtp/wAbvAraGt82n6xYTreeHdZiyJLC9TlJARztJ4YdwfUAj5zPcuxUpwzLAL/aaKdleyq03rOlJ/3rc1Nv4Kii9pTPockzDDRhPLsc/wDZ61rvd05rSNWK8r8s0vjpuS3jA7iivNv2b/jTqHxP0C88L+O7Ead408MTiy8UaYcDEo+7cIO8UgG4EcdQMjBPpNerluY4XNsDDF4d3hJddGmtHGS3UotOMovVSTXr5eY5ficrxs8LiFaUX01TT1UovZxkmpRa0aafoUUUV3HEFFFFAGP488AeCfih4UvPA3xD8L2Ws6Rfx7LvT7+ASRyDscHoQeQwwQQCCCM180y/Dj9pH9gKRtV+BcepfEv4SxMXuvAV3OZdY8PxdS2nytzcRL/zxbngAclpK+rq8b/a7/a40v8AZv0bTvCvhLw7J4p+IviuU2vgnwVZHM19OePOlx/q7dOrucDAIBHJXF5RLNcTGNC6q/ZkrJpbu99HBbyUvdtd6bnjZvh8EqX1upN05wWk4/Er7Rt9tN2XI07t6Weq4j4kf8FN/hDc/DPSLn9mc/8ACd+PvF87WPhPwRbgpdR3YHztexkhraKLO52bAYD5W25deo/ZB/ZFu/gtPqfxm+M/iNfFfxZ8XASeKvFEi5W3U4K2NoCB5VtHhQAAN+0EgAIq+S+C/wDgmd8V9AsG/aHtf2gbnSvj7qN9Nqmq69aQqdHkeYKW01rYLhrYbQu/G4nL7ThVHpnwU/bZuJPG8P7P37Wfg5fh98RG+WyWaXOleIBnAlsbgnadxx+6Y7gSFBZgQN55xLLaby6pZOTs60b8lXXSKbScF/cl8cveUpLlivHwVfEyxtOtnMeSWnsv+fabVrvV8tZ9pO0U+WnJvmb+gaKKKR9iFFFFABRRXKfGz4s6H8E/htqXxC1xfNFpHts7NT893ctxFCvfLNjpnAyegrnxeLw+Aws8TiJKMIJyk3skldv+t9EtWjowmFxGOxUMPQi5Tm1GKW7bdkv6829Ezzn9pHVtT+M3j7TP2SvB17JFFfRrqHjy/t2wbPTFYEQZHR5mwMehGQVY17TpGkaZoGk22haLZR21nZW6QWtvEuFijRQqqB2AAArzj9l34T654C8JXfjT4hsJvGXi+6/tLxLcMOY3Yfu7YeiRKdoHQEtjjFen14PD2ExFR1M1xkXGtiLWi96dJX9nT8nZ89TvUm19hHuZ/isPTVPK8JJSo0L3ktqlV29pU81dclP/AKdwT+2wooor6Y+bCiiigAooooAKKKKACvOP2sfj5Yfs1fAfXfipLbi5v7eAW2g6ftLNe6hKdlvCFHLZcgkDnarHtXo9fL2u5/a7/bxtfDC/v/AvwLZL7Uu8V/4mlU+TH6N9mQFuOVkDKRhq8/Ma9SlQUKX8Sb5Y+Te8vSKvJ+iXU8vNsTVoYZU6D/e1HyQ8m95ekI3k/RLqej/sU/AO/wD2fPgRY6B4ruDdeKtbuJda8aag7BnutUuTvmLMPvbfljB7iPPc161RRXVh6FPC0I0ae0VZf13erfm2dmFw1LB4aFCkvdikl8u/m9W31bbCiiitjoCiiigAooooAKKKKACvGf2D/wDkiGuf9lm+I/8A6mut17NXjP7B/wDyRDXP+yzfEf8A9TXW6APZqKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigDxnwP/AMpC/ih/2RnwH/6dvF9epeIP+Qtof/YVf/0kuK8t8D/8pC/ih/2RnwH/AOnbxfXqXiD/AJC2h/8AYVf/ANJLigDUorjPi7+0J8IPgP8A2f8A8LW8Xf2V/avm/YP+JfcT+b5Wzf8A6mN9uPMTrjOeM4NcX/w8I/ZB/wCiu/8AlA1D/wCR68LGcUcM5diZYfF42lTqRteMqkIyV1dXTaaunf0PbwfDPEeYYeOIwuDq1KctpRpylF2dnZpNOzVvU9norxj/AIeEfsg/9Fd/8oGof/I9H/Dwj9kH/orv/lA1D/5Hrl/124N/6GVD/wAG0/8A5I6v9TeL/wDoX1//AAVP/wCRPZ6K8Y/4eEfsg/8ARXf/ACgah/8AI9bXw9/bG/Zw+KvjCz8BeAviN9v1a/8AM+yWn9kXkW/ZG0jfNJCqjCIx5I6Y64Fa0OL+E8TWjRo4+jKcmkkqsG23okkndtvRIyrcJ8U4ajKrVwNaMIptt05pJLVttqySW7PTaKK5X46Xvxd034LeLdS+ANlo9z45tvDl7N4PtfEEEktjcaksDtbRXCxSxOYmlCK211IDEg8V9EfPnVUV8Oal/wAFgrRf+CI8H/BUTR/CtjN4svvBsUFj4QMMpifxlJcDTf7M8oOJmjXU8oUDCTykJyD8w8w/4Lm/sJ/Db46f8EwfHH7XX7XXhL+0vjF4J+BKqBoXiXVLXQtN1WJGmmmttPF20L4nmlCvP5z7FjBY7QaAP0yorz39kj/k1L4Y/wDZPdF/9IYaT9p39l/4V/te/DA/Bv40jW5fDc+ow3Wo6fofiO70tr9YskW801pJHK0LE5aMOA20A8cUAeh0V+Vmrfs1fAL9jj/gtL8AfgX/AMEr9CvPCmr3Wm6xqf7R3hDw5rV3NoqeF/soWzudTglleOK6a5YCBgBIzMpbKlCf1ToAy/B//IJm/wCwrff+lctalZfg/wD5BM3/AGFb7/0rlrUoAKKKKACiiigAooooAKKKKACiiigDN8WeDvCPj3QZ/C3jnwvp2s6ZdLtudO1WyS4glHoySAqfxFfOmu/8E0fD3gLV5/Gf7Fvxp8TfB/WJpDLLp+lXBvtEupPWawuCUPoNpCqOi19O0V24XMcbgk1Rm0nut4v1i7xfzXzOHF5bgcc060E5LaSupL0kmpL5O3kfK/8Aw1B+2/8As1/6L+1d+zMPGmgwcP48+EZa5ZUH8c+nSkSrxy7qQg5wDXr3wF/a/wD2bv2mLTzfg18WdL1W6VS0+kPIYL6DHXfbShZVAORu27eOCa9KryD49fsJfsv/ALRl5/b/AI++Glvba+jB7fxVoMhsNThkH3XE8OGcjsJN4HpXZ9ZyrGfx6TpS/mp6x+dOT/8ASJL0OP6rm+C/3eqqsf5amkvlUiv/AEuD9T1+ivlb/hT/APwUW/Zj/e/BD40af8ZPDUH3fC3xIYW2sJGP4IdRTCyuePmmwo7LWt4J/wCCm/wdg8Qw/D39prwf4g+DniiU7VsfHNmY7G4bu0F8o8mSMf322A9qmWTYipFzwklWj/c+JesHaa+SkvMcc7w1OShjIujJ/wA/wv0qK8H83F+R9J0VX0rVtK13TYdZ0PU7e8s7mMSW91aTLJHKh6MrKSGB9RVivJaadmewmmroKKKKQzxv9pD4c+KfDmv2f7TnwcsTJ4l8PQGPWdLj4GuaZ1kgYDrIoG5DyeMYJCgej/DT4jeFviz4H074geDb8XGn6lAJIicbo26NG47OrAqR6g1u18C/tEfG74ofsk/tJ+JfCfwSvX0bQ7+7ttTl0q4s45ra5mkhRpXiDoTGjMWUhCOUIyMAD834nzrC+HmIeb1FJ4XESUakIq7jVa92rFaL31Hlqq6u1CavLmUv0PhrJ8Vx9h1lVNpYmhFypzk7KVJP3qUnq/dcuam7OycoO0bNffVFeG6H+2s/9i2d54z/AGbfibp801rHJPNB4UaW13FQTscPkrnplQcYyKtD9vj9nS0OPEmq65ox7jVPDV2mPrtjavfhxtwnKClLGQhez9/mp766+0pw79/meHPgzimMnGOElO2nucs9u3JOf5fI9oory7Sv21P2WdYx9k+NOkpnp9q8yD/0ai4rnP2iv29fg98HPhwfEHw/1mx8c+I9QmFn4c8NeHdQjuJLq7fhPNaMnyIR1aR8ADgZJAPrYDOskzStGlhcXSnKTsrVaf61F9/RHk4/J85yyjKrisLVhGKu70qn6QfyXVmp+1z+1toX7NHh6w0bQ9Bl8T+PfE8xs/BHgqwObjUrk8b2xzHAhOXkPAHA5rE/ZE/ZJ134aazqP7Q/7Q+vQ+J/i74qiH9t6wBmDSLc8rp1kD/q4U4BIwXIyeMVR/Y1/ZmvfDmv3/7TX7QHjDT/ABb8W/E8AGo6haTrLa6DanldOsQCQkag4Zhy5zyRkt9E19VXxeGwuHeFwU1JS+Oovt/3Yv8A59p/ObV37vLE+Vw+DxOLxKxeOg48v8Om/sf3pLrUa+UE+Ve9zSCuR+NfwJ+FP7Q/gif4ffF3wfbavp0vzReaNsttJjAlhkHzROP7ykdwcgkHrqK8WpTp1qbhUScXunqmerVpUq9J06sVKL0aaumvNM+UF8T/ALS//BPpha/EB9W+KnwegOIfEcUfm6/4Zh7C6Qf8fcCj/loOVAJO0BUP0j8Nfif8P/jF4OtPiB8MfFtlrWj3ybre+sZdyk91YdUcdCjAMp4IBrdZVZSrAEEYIPevm74lfsYeMPhh4yu/jv8AsJ+JLXwl4iuX83XPBV4p/sHxFjkh4lwLaU84kTAyf4NzPXl+yxeW60b1KX8t7zj/AIW/iX92Tuvsyex4vscdlGtC9Wj/ACN3nBf3G376X8knzL7MnpE+kqK8W/Z1/bR8IfGPX5vhL8QvDl34E+JOnLjVPBOvMFlfAyZbWThbqIgEhl5wM424Y+016GHxNDF0vaUpXX5Pqmt011TSaPVwmMw2Oo+1oS5l+KfVNOzTXVNJrsFeC6Vj9qb9opvET/vvAvw0vTFpw6xaprYHzS+jJAMAH+9ggkMRXRftUfEvxHoujad8HfhjNnxj43nax0tkPNjb4/f3jY5UImcHrk5GdpFdt8KPhp4c+D/w90v4c+FYdtpplsIxIRhppDy8rf7TMSx9z6V8xjv+F/Oll61oYdxnW7SqfFSpeajpVqLypRe7R9pgf+EHJnj3pXrqUKXeNP4atXyctaVN+dWS2TOiooor64+UCiiigAooooAKKKKACiiqmv67o/hbQr3xN4h1GKz0/TrSS6vrudsJBDGpd3Y9gFBJ9hSbSV2JtRTb2R59+158foP2bPgNrPxJgt/tWrFFsfDWnBdzXupTnZbxKo5b5juIHO1GxVb9jH4A3H7OnwG0zwfr9z9q8SajLJq3jDUXfc93qlyd87s38W04jDd1jB6mvmnwB+1h8Hf+Cg37f3hHw/puq3Nt4V8Aaddar4b0vVrfy313W1OBOEBYbIYQZYwxDgox2gFgPuuvGwFejmmLnjKclKELwhb5Ocvm7RX91dmfPZXicPnOOqY+lJSpwvThbXs6kvm7RX92Lez1KKKK9o+iCiiigAooooAKKKKACiiigArxn9g//kiGuf8AZZviP/6mut17NXjP7B//ACRDXP8Ass3xH/8AU11ugD2aiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiivkL/got+1J+3h+yl8RPh74y+FGh/CO4+FXiD4leEfCevf8JDFqlx4hkl1bV47KdrdIZIbaFY45VZHdpSWzmPAGQD69or5U/b8/4KB6l+zl8UvCv7N/wy8YfDTwz4n8Q+Hr7xLr3jj4waybPw74T0K1nt7Y3VwFlha5mnurqGCGBZogSJGaRQgDexfsm+NfiX8Rfgrp/jX4ofE/4beNLrUJpZdO8U/CZZl0XUbPOI5YhNcXJDZDBts0i5HDdQADC8D/APKQv4of9kZ8B/8Ap28X16l4g/5C2h/9hV//AEkuK8t8D/8AKQv4of8AZGfAf/p28X16l4g/5C2h/wDYVf8A9JLigDUooooAKKKKACiiigAooooA/KrR/wDglj+2Ha/8FN4vhLc+ArQfsgab8fJ/jrYat/blp5jeIpNOXZpAsxL56QR6o0l0B5Xkle4bFe+/8FsrL9t74yfsr+N/2PP2Tf2FdT+JcPxI8B3enXPjC1+IWiaTBolzIxRY5LfULiKSf5QH3J8vzYzkV9sUUAfOP/BPr4g/td6j+zzH4I/aP/Ye1P4V6v4I8M6bpmh2upePtH1ceInhtDG7o2nzSLbAPEgxKQf3oIztNc78f/jp/wAFVLv/AIJuJ8SfgB+w7pth+0drkX2U/Di98eaXd23hlnmlQ3jXkk0Vre+XCscqxhwC8qg5COD9YUUAfnb/AMEuPCH7WP7Jj2vw78Vf8Eo/iJb614815L/4wfHfxj8XfCeoahrF++fM1C7jtb+Sdoo8sIrWEMIkO1QWLs36JUUUAZfg/wD5BM3/AGFb7/0rlrUrL8H/APIJm/7Ct9/6Vy1qUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABWT428BeB/iV4em8JfEPwfpmu6XcDE+n6vYx3EL+5SQEZ9+1a1FVGUoSUouzXVaEyhGcXGSun0eq+5ny/qv8AwTZh+GOpTeK/2H/jz4l+E+oSSGWTQopjqWg3L9T5llcEhSem4NhQflWq/wDw1t+2N+zd/on7YX7LsniDRYOJPiB8JC17AEH/AC0nsZMTQgDlnyF67VNfVFFess4qVly42CrLu9J/KcbS/wDAudHjvJadB82BqSovtHWHzpyvH/wHkZ578Cv2rv2d/wBpbTP7R+CfxZ0nXHWPfPYRT+XeQD1kt5AssY7ZZQD2Jr0KvGfjr+wH+y7+0Bqf/CVeKPh8ukeJUk8238XeFZzp2pwy9pPOhx5jDt5gcD0rzz/hXH/BST9mEeb8LPifpXxw8MQfd8PeOWGn67HGP4Ir9f3c7erzevC0/qeW4v8A3WtyS/lqWX3VF7r/AO3lD1F9dzTB6Yqjzx/npXf30376/wC3XP0PqmsnxB4B8C+LNQtdW8U+C9J1O6sW3WVzqGmxTSW5znKM6koc88YrwjwB/wAFNfgXfeI4vh1+0BomufCHxY/H9j/ECxNrBMehaG8/1MkeSMOxTd2FfRFhf2OqWUWpaZexXNvPGHguIJA6SKRkMrDgg+orzMfldailTxlHR6rmSlF21TTtKLtumm7b6M9PL81oYhupg62q0fK3GSvo01eMo32aaV9tSWggMNrDIPUGivK/2r/2rfBf7K/geDV9U0+41vxJrVx9i8H+ENMG691q9bAWKNQCQgLLvfBCgjgsyqxh8PWxdaNGlG8paJf106tvRK7bSQ8TiaGEoSrVpcsY6t/1u3skrttpJNsxP2yPjj8Ff2d/B1tceIPhpp/ivxZ4huPsXg3wbb6bFNea1eNgKiqVYrGCyl5MEKCAMsyqeN/ZY/4J/wCk6PpGp/E39qnQ9I1zxr4slFzf6LZW6xaT4fjP3bO0gjwgKjAaXlmI+8eWfa/ZN/ZS8aaR4yuv2sf2r9Qt9b+LGv2+yOKM7rPwrZHO3T7MZIUgEh5ASWJYAnLvJ9D1WZ5dkCoPCLD0qrfxzlTpyu19mDlBtQT3as5vXSNk88sx+fSrrGTr1aSX8Omqk48qf2pqM0nNraLuoLTWTk15DqP7Bv7KGov5zfCWG3kByslnqd3CVPsElA/Sqv8Awwx8KrP/AJFnxv450TH3f7K8Wzpt+m/dXtFFfIy4M4SlLmWBpJ94wUH98HB/ifXR4w4qjHl+u1Wu0puS+6amvwPF/wDhkzxlpn/IsftcfEuHH3RqerR3gH/faDNH/Cj/ANrHSjnQv2y3nQdINV8EWkmfq4bdXtFFL/U/I4/wlUh/gr14/wDuaRX+tudS/iunP/HQoS/9xI8X/wCEb/b10n/kH/Er4davjp/auj3Vvu+vknij/hKv28dJ/wCQh8Kvh/q+Ov8AZWuXFvn6ecOK9ooo/wBWHD+DjsTH/uNzL7p05fmH+sin/FwWGl/3C5X98KkfyPlD9orwb8Tv2h9Ah0z4w/sN3yahpzeZonirwt46tBqOlzA5ElvIF3rggHacqSASMgEcL4b/AG6f2rv2SvB97o37WvwP8S67pFpH5WgeP5NN8klzhYotR2bkBJIHmq25sDh2JYfdNUfEnhrw/wCMdAvPCvivRrbUdN1C3aC9sbyESRTRsMFWU8EVyS4ZzalVnXoZlU53Fr3oUXd2aXM4whez2bi2vNaHiZhLKsXWjicNgqdCunFuUJVXGaTXu1KcptTi1pdShON/cmtj5K/YE+PR/aL/AGhPFPj/AMcadDca9c+HYm0i8smJtLKxjkVHgiUliu55EfO45w3TJz9h18m6j+xv8SP2NfFd78Y/2BrO2vdNu0U+JPhZrdyWjvo1yc2V1IS8EvJIRmKknuAqV7D+zf8Atb/Cr9paxurPw1NdaT4l0k+X4h8G67D9n1LS5QcMJIm5ZQeN65HIBwcqM+C8Fjcgy7+zszq8+Ic6k+dq3tOeXNfm2lJL4tpaJcvKla8/4twnEGdpvDfVZckIRp83NTfJGz9jJ293qoO043fMpNuT9Rooor7Y4gooooAKKKKACiivOf2jf2o/hV+zH4Zh1nx9qM1xqWoSeToPhvS4vP1DVpyQFighHLZJALHCgkAnJAOVatSw9J1KslGK3b/r+uiZjiMRQwtGVWtJRit29v67LVt6JN6HbeK/FnhjwJ4cvPF/jPX7TS9L0+AzXuoX86xRQoOrMzHA/wAivlnXfHHxq/4KPx3ngb4Mi98E/Be6WS01zxxe2m3UPFEByksFhDIP3cDDKtKw5Bx2aM6XhT9mj4w/te+I7P4uftywrp3h61nFz4Y+DllcFrW2/uTak4x9pmx/yz+6OQQAzR19QWdnaadaRafp9rHBBBGscEEKBUjRRgKoHAAAAAHSvMcMTmq99OnRfTac159YRfb4mt3FOx4zhi86X7xOlh39nadRf3usIP8Al+OS+JwTsfJX7H//AAST+H37KHxx/wCF3H4p3/iO5sI508PWc2mLbCyEqNEzSMsjee/lOyghUHzE7emPrmiiuzA5fg8to+yw0OWN27a7v1ud+W5Xl+UYf2GDpqEbt2V9311bf/A0Ciiiuw9AKKKKACiiigAooooAKKKKACvGf2D/APkiGuf9lm+I/wD6mut17NXjP7B//JENc/7LN8R//U11ugD2aiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACvgz/gt18XNXj8O/Dj4L+Df2dfjF4z1XTPi74G8a3954B+Ems65YQaXYa/HPdBrqyt5IluEitpH+zlvMKtGduJFz950UAfnL+034Q0Hxd+3t8Cv+CtWufshfEfxv4CtvhprfhPVPDsnwtvZ/EPhS/a8E1lqcuhyxfbSrL9thJSFnjE0b42uGHr//AASJ+Enjn4feFPjL8QtW+DuqfDfwl8SfjZqfif4dfD7W7BbO70nSpbSzgaWW0B/0Frm5gubn7MQCgmBYBnYD67ooA+ePgF8MfDfwu/b9+L+n+GtS8Q3Meo/CvwPfXDeIvF2o6w6Svqvi4FYnv55mgi+UYhjKxKclUBY59z8Qf8hbQ/8AsKv/AOklxXlvgf8A5SF/FD/sjPgP/wBO3i+vUvEH/IW0P/sKv/6SXFAGpRXnH7QX/DXf/Eo/4ZW/4Vv/AMvH9vf8LB+3/wDTPyPs/wBj/wC22/f/ALGO9eb/APG3b/q3D/yv1w1sd7Go4eyqSt1jC6+T5l+R5uIzL6vWdP2FWVusYXT9Hzr8tz6Por5w/wCNu3/VuH/lfo/427f9W4f+V+sv7T/6cVf/AAD/AO3MP7Y/6hq3/gv/AO6H0fRXzh/xt2/6tw/8r9dJ8I/+HjH/AAsLT/8AhfH/AApT/hFP3v8Aav8AwiP9r/2j/qn8ryvtH7v/AFvl7t38G7HOKqGY881H2NRX6uFkvV870NKea+0qKH1esru13Tsl5t87su7sz2uiiuV+Onwc8FftD/Bbxb8BviPYfadA8Z+HL3RdYhAGWtrmB4ZNuejBXJB7EA9q9E9U6qvlz/goH/wVe+En/BOqacfEr9nP41+M7aw8MjX9Z1b4bfD1tR07SrDzZYjJdX0ssNtAwMLko8gbaVOPmXPwXN+1h8ZvEv8AwRW03/gl/L4iZPj9f/Fb/hmLUZVyXiWGbyp9UK53tb/2EokM2cFpN249/sf/AIK8/DDwd8Ev+CFfxk+DXw70sWWgeE/gjLo+iWa/8sbS2tkhiT3wiKKAPrf4deN9J+Jvw+0L4kaDb3ENj4h0a11Kyiu0VZUiniWVFcKzAMFcAgEjOcE9axP2gvjTbfs+fCjUvitdfDPxn4xXT5IEXw78P/Dsmq6tdtLMkSiG2QgsAXDMxIVEVnYhVJqj+yR/yal8Mf8Asnui/wDpDDXoLBipCtg44OOlAHyv8Jf+CtXwh8cfHTwz+zr8Yv2c/jN8F/E3jh5ovAyfF3wTHYWniCeKMySW1tdWtzcw+eIxu8qR0Y5AALMAfqmvyx/ac+GH7VH7PH7df7LPxh/4KVftQ2Hxu8B3XxitfC/w+07wf4Og8J/8I/4x1K2njsdRurQPdPqUIEcicXUXkMwfZICyn9TqAMvwf/yCZv8AsK33/pXLWpWX4P8A+QTN/wBhW+/9K5a1KACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigDE+IHw1+HvxX8OS+EPib4I0rX9Lm/1lhq9hHcRE/3grggMOzDkdjXzvff8E4tV+EN7L4k/YV/aH8R/DGdpDK3ha7lOq6BcMTkg2twSYi3ILqzFQflUV9R0V3YXMsbg4uNKfuveLtKL9YyvF/cn5nBi8swOOkp1Ye8tpK8ZL0lFqS9LteR+f37Wf8AwUw/bp/Yk8L2HhT41/s6+CZfEerSyDQ/F+maxNPpGoRw7PO/0TKTxuPMj4aRAd+QMDFdN/wSjktv2um8Qft9fGmaTWfH7a9caFpyzW+yx8PWkcUUgh0+Ms2wMtxhpCd5ywzku0n1L8d/2cvgn+014QTwJ8c/h/a+INMiuBPBDPLJFJDIBjdHLEySRnBIO1hkcHIrT+FPwk+G/wADvAtl8NPhP4RtdD0PT1ItbC0BwCTlmZmJZ2J5LMSx7k17dbOsreSOjh8P7PETdpSjonG92ldtpPS8VZabtPlPCo5Hmqz1V8Rifa4aCvCEtZKdrJu0Um462k7vXZNcx0dFFFfLH1gUUUUAFFFFABRRRQAUUUUAFeQftIfsbfD74/X9r490rVLzwj4+0kZ0Lx34ebyr22YDhJcEC4i7GN+xYAruOfX6KxxGHoYqk6dWN0/6uuqa6NNNdGc+KwmGxtF0q8VKL/Po09010aaa6M+ZfA/7YXxH+Animz+DH7fWi2ujXN1KIPD/AMTtNQjRNbPYTHAFnORyVbCdThF27vpiGaG5hS4t5lkjkUNHIjAqykZBBHUVl+OPAng34l+FbzwR8QPDNlrGkahF5d5p9/AJI5F9wehB5BHIIBBBFfNE/wAL/wBo/wDYGnfWf2fI9R+JHwpRi958O725MmraDHnLNp0rZM8Y/wCeDZPGBks0g87nxeW/xL1KX8284/4kvjX95LmXVS3PJ9pjso0q3rUf5t6kF/eS+OK/miudfajLc+raK4f4C/tF/CL9pXwaPGvwl8VR38KMI7+ykHl3VhL3inhPzRuMHrwcZUkc13FenSq0q9NVKck4vZrVM9mjXo4mkqtKSlF6pp3T+YUVT8Q+ItA8I6Hd+J/FOtWunadYwNNe317OsUMEajJd3YgKB6mvl3U/jD8dv2+NRn8G/sv3194J+FyTNBrXxSuLdo73WFB2vDpcbYKKeQZzgjnG0rtfnxeNp4VqFnKcvhit3/kl1k7Jeb0fJjsxo4Jxgk51JfDCPxPz7KK6ylaK7t2T6747/tmapb+OJf2dP2TvCkXjj4kMNt6BIf7L8OLnBmv5l4BU/wDLIHcSMHBKq2j+zl+xnpfwv8TTfG34y+K5fHnxQ1KP/iYeLNTjGyyUg/6PYxfdt4gCVG0BiCfug7B3XwI/Z8+FH7N3gaLwB8JfDEen2gPmXdwx33F9NjmaeU/NI59TwOgAAAHa1hRwVSrVVfGNSktYxXww9P5pf33/ANuqK35sPl1atWWJx7UprWMV8EPS/wAUu85K/wDKorcooor0z2QooooAKKKKACiiigAooooAKKKKACiiigArxn9g/wD5Ihrn/ZZviP8A+prrdezV4z+wf/yRDXP+yzfEf/1NdboA9mooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAPGfA/wDykL+KH/ZGfAf/AKdvF9epeIP+Qtof/YVf/wBJLivLfA//ACkL+KH/AGRnwH/6dvF9eoeKWNrJpurOjGGy1DzLgqpJVGhlj3YHYGQE+gyaANaisoeOfBJGf+Ew0sfW/jH/ALNS/wDCc+Cf+hw0r/wYR/8AxVAGpRWX/wAJz4J/6HDSv/BhH/8AFUf8Jz4J/wChw0r/AMGEf/xVAGpRWX/wnPgn/ocNK/8ABhH/APFUf8Jz4J/6HDSv/BhH/wDFUAalFZf/AAnPgn/ocNK/8GEf/wAVR/wnPgn/AKHDSv8AwYR//FUAfOVn/wAEjv2VrH/gpRN/wVJhv/FJ8fS2bougtqcH9hRXj2Cae+pJbeR5gu2tEEJk83aQSduTmrf/AAUD/wCCZ3hv/golo7+D/iF+1v8AGrwR4YvNBk0nXPCPw48TWFnpuswu5ZmuormxuDI+DtyGUbQBjvX0F/wnPgn/AKHDSv8AwYR//FUf8Jz4J/6HDSv/AAYR/wDxVAHj37H/AOwyv7IPw61n4Y237Wvxk+Imn6nY29np0nxL8S2d7NoUEMLxLHYtbWduIQVYZ3B+Y0xjBzVX/gn54f8A+GPfD37H7/tT/G4p4ZuVuLD4lx/EN4vFssyzSyh59QjiUTD980ZRoyjRqqspxXtf/Cc+Cf8AocNK/wDBhH/8VR/wnPgn/ocNK/8ABhH/APFUAfMfwq/4JC/Bfwf8cvDX7RPxs/aI+M3xt8S+CJnuPA7fGHxvHqFn4funXYbq2tLW3toBPt4EsiO4wrAhlVh9YVl/8Jz4J/6HDSv/AAYR/wDxVIfHXgsD5fFumueyx3qMx+gByfwoAXwf/wAgmb/sK33/AKVy1qVmeEIpo9DEk8LRme6uLhUdcMFkneRcg9DhhxWnQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAeD/Hr9iex8XeMj8ef2d/F8nw8+JkKk/27p0Q+yauOvk39vjbOjYAL4LDgnftArzTX/wDgq1a/s3xv8O/20Pgn4g0Tx1ZqhMHheGG6sdVgbcFvbaSWZNsTMjAqSSp4ySGC/YdfMn7eH/BNDwd+234m0bx2/wARrrwxrelWIsJbtNNF5Fc2gkeRYzGZI9rK8khDBv4yCDxjwMzweOw9KVfKtKresdOWV93Z2Sku6av1voz5fOcBmeEozxOSWVZvWDtySvvLldkpre6cebXmvoznPhN8NPHP/BSCz0r9oP8AaT1qC3+Gks5ufCHwu0S/LwXPlyMon1KZcec4ZSPKGApGCF+dW+t9M0zTdF06DR9H0+C0tLWFYra1tohHHDGowqKqgBVAAAA4ArlP2fvgl4T/AGcvg5oXwV8ES3Emm6FatHFNdMDJM7yPLLI2OAWkkdsDgbsDgV2Vd+XYN4agpVNaskueV7tu2qv2TvZKyS2XV+nlOAeDwynW1rTSdSTd25W1V/5U7qKSUUtl1ZRRRXoHqhRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAV4z+wf/yRDXP+yzfEf/1Ndbr2avGf2D/+SIa5/wBlm+I//qa63QB7NRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAeM+B/+UhfxQ/7Iz4D/wDTt4vr2avMfib+yD8Fviz8SJfi54km8a6f4guNDtNIu77wj8UfEGgC5s7aa6mt45YtMvreOUxyXt0Vd1LDzmGcYAx/+GD/AII/9Dx8Zv8AxI7xr/8ALegD2aivGf8Ahg/4I/8AQ8fGb/xI7xr/APLeuR/aA/YC0bUvgP42074EfEv4w2Xji48I6lH4MvJ/2jvGWyDVWtZBaSN5mqsmFnMZO5WXA5BGRQB9KUV4z/wwf8Ef+h4+M3/iR3jX/wCW9H/DB/wR/wCh4+M3/iR3jX/5b0AezUV4z/wwf8Ef+h4+M3/iR3jX/wCW9H/DB/wR/wCh4+M3/iR3jX/5b0AezUV4z/wwf8Ef+h4+M3/iR3jX/wCW9H/DB/wR/wCh4+M3/iR3jX/5b0AezUV4z/wwf8Ef+h4+M3/iR3jX/wCW9H/DB/wR/wCh4+M3/iR3jX/5b0AezUV4z/wwf8Ef+h4+M3/iR3jX/wCW9cjrP7AWjSfHjw3qOj/Ev4wp4Hi8I63H4isz+0d4y3y6q91pR06QZ1XfhYE1QHawXMi7gx2FQD6Uorxn/hg/4I/9Dx8Zv/EjvGv/AMt6P+GD/gj/ANDx8Zv/ABI7xr/8t6APZqK8Z/4YP+CP/Q8fGb/xI7xr/wDLej/hg/4I/wDQ8fGb/wASO8a//LegD2aivGf+GD/gj/0PHxm/8SO8a/8Ay3o/4YP+CP8A0PHxm/8AEjvGv/y3oA9morxn/hg/4I/9Dx8Zv/EjvGv/AMt6P+GD/gj/ANDx8Zv/ABI7xr/8t6APZqK8Z/4YP+CP/Q8fGb/xI7xr/wDLeuR+Cf7AWjWHg29g+MvxL+MN3q7eLvEElnLD+0d4ywulPrF4+lx/u9VUZTT2tEORuyp3FmyxAPpSivGf+GD/AII/9Dx8Zv8AxI7xr/8ALej/AIYP+CP/AEPHxm/8SO8a/wDy3oA9morxn/hg/wCCP/Q8fGb/AMSO8a//AC3o/wCGD/gj/wBDx8Zv/EjvGv8A8t6APZqK8Z/4YP8Agj/0PHxm/wDEjvGv/wAt6P8Ahg/4I/8AQ8fGb/xI7xr/APLegD2aivGf+GD/AII/9Dx8Zv8AxI7xr/8ALej/AIYP+CP/AEPHxm/8SO8a/wDy3oA9mor5r+JH7AWjXXjL4fz/AA7+Jfxhg0i28XTSePIpP2jvGWbnSjo+pJHGu7VScjUH05/kKtiM87dyt13/AAwf8Ef+h4+M3/iR3jX/AOW9AHs1FeM/8MH/AAR/6Hj4zf8AiR3jX/5b0f8ADB/wR/6Hj4zf+JHeNf8A5b0AezUV4z/wwf8ABH/oePjN/wCJHeNf/lvR/wAMH/BH/oePjN/4kd41/wDlvQB7NRXjP/DB/wAEf+h4+M3/AIkd41/+W9H/AAwf8Ef+h4+M3/iR3jX/AOW9AHs1FeM/8MH/AAR/6Hj4zf8AiR3jX/5b0f8ADB/wR/6Hj4zf+JHeNf8A5b0AezUV81/Df9gLRrXxl8QJ/iJ8S/jDPpFz4uhk8BxR/tHeMs22lDR9NSSNtuqg5OoJqL/OWbEg527VXrv+GD/gj/0PHxm/8SO8a/8Ay3oA9morxn/hg/4I/wDQ8fGb/wASO8a//Lej/hg/4I/9Dx8Zv/EjvGv/AMt6APZqK8Z/4YP+CP8A0PHxm/8AEjvGv/y3o/4YP+CP/Q8fGb/xI7xr/wDLegD2aivGf+GD/gj/ANDx8Zv/ABI7xr/8t6P+GD/gj/0PHxm/8SO8a/8Ay3oA9morxn/hg/4I/wDQ8fGb/wASO8a//LeuR/aA/YC0bUvgP42074EfEv4w2Xji48I6lH4MvJ/2jvGWyDVWtZBaSN5mqsmFnMZO5WXA5BGRQB9KUV4z/wAMH/BH/oePjN/4kd41/wDlvR/wwf8ABH/oePjN/wCJHeNf/lvQB7NRXjP/AAwf8Ef+h4+M3/iR3jX/AOW9H/DB/wAEf+h4+M3/AIkd41/+W9AHs1FeM/8ADB/wR/6Hj4zf+JHeNf8A5b0f8MH/AAR/6Hj4zf8AiR3jX/5b0AezUV4z/wAMH/BH/oePjN/4kd41/wDlvR/wwf8ABH/oePjN/wCJHeNf/lvQB7NRXjP/AAwf8Ef+h4+M3/iR3jX/AOW9cjo37AWjR/HjxJqOsfEv4wv4Hl8I6JH4dsx+0d4y3xaql1qp1GQ41XfhoH0sDcxXMbbQp3lgD6Uorxn/AIYP+CP/AEPHxm/8SO8a/wDy3o/4YP8Agj/0PHxm/wDEjvGv/wAt6APZqK8Z/wCGD/gj/wBDx8Zv/EjvGv8A8t6P+GD/AII/9Dx8Zv8AxI7xr/8ALegD2aivGf8Ahg/4I/8AQ8fGb/xI7xr/APLej/hg/wCCP/Q8fGb/AMSO8a//AC3oA9morxn/AIYP+CP/AEPHxm/8SO8a/wDy3o/4YP8Agj/0PHxm/wDEjvGv/wAt6APZqK8Z/wCGD/gj/wBDx8Zv/EjvGv8A8t65H9n/APYC0bTfgP4J0747/Ev4w3vji38I6bH4zvIP2jvGWyfVVtYxdyL5eqqmGnEhG1VXB4AGBQB9KUV4z/wwf8Ef+h4+M3/iR3jX/wCW9H/DB/wR/wCh4+M3/iR3jX/5b0AezUV4z/wwf8Ef+h4+M3/iR3jX/wCW9H/DB/wR/wCh4+M3/iR3jX/5b0AezV4z+wf/AMkQ1z/ss3xH/wDU11uj/hg/4I/9Dx8Zv/EjvGv/AMt6774N/BvwB8A/AEHwy+GVhf2+k29/fXoGqa5ealcy3N5eTXt1NLdXsss8zyXFxNIWkdjl8DAAAAOoooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACvy0i/Zk+Gv7cXwj/bD/bB+OAvbj4m+D/ih440D4XeM49VnhvPAVr4cjNvpx0xkcCzPn27XchQDzmnbzN6nFfqXXxx8YP+CWfxM8U638V/CfwO/bNv/h98Mvjrqk2o/FHwVB4Kgv71rq6to7XUpdK1F50OnG8hiUSb4bnbIzyR+WzcAHu37D/xb8T/AB//AGLPhB8d/GqqNZ8bfC7w/r2rhIwgF1eadBcS4UcKN8jcdq+I/wDgoF+x9+yp8EPHfw4+HX7Dfw2k0j9qfxv8SNL1fwt4p0bWLubWLTS7fU4Z9a1TVrmSV5JNLFp9pgeKctHI9xHFGhbAX7msPgr458G+Ovh5bfCT4sxeGvhn4J8L3ej6l8NYfDUFwmr/ALq3i0+Rb52860FokMgEaAiXzvnI2DPzF8FP+Can7fHwM+Onj39oLRP+Chfw71zxN8RddF1r2v8Air9nm5u9STTo2/0bSIJ08RRpBaQISscccSruZpGDOxNAHV/8FNf2cf2YfE1lF8c/il/wTG8Q/tGeJV0ptLtbXwxHZS3emW8QlmRlF5fW/kZeVwJLVZLjcw+U7Vx8tfDnUdd+Of7E37Bn7HXxA+PF5448L/Fzxtqdv8SNattUvlfVtO0fTdX1EeHrma4WK5dI57W3spxKsckn2F1dRudT92/Hr4Lftz+M/Htzrf7Pf7ceheBfD13YRwtoOtfCCHXJrOZQQ09tc/brbazZB2zRzqCOBg4rz64/4JO+BPDn7I/w5/Z1+D/xn8QeH/FPwn8ZN4x8FfE2+tIL++XxBNPdzXt1dwERx3MN0b+9Sa3BjUpPtUoUQgA5r9jLwJ4W/ZD/AOCn/wAW/wBiX4G6Z/ZHwx1H4ReGfH+ieELWVzYeHNSn1DVNNvI7OIki3juFs7eZolwgdWZQNzZ+168I/ZK/Y38VfAz4leO/2iPjn8bv+FjfE74iJp1prXiO38Npo9jZaZYJKLPT7KyE05giVri4lYtNI8kkzMzcKB7vQAUUUUAfMH/BZn4r/EP4Nf8ABNj4keLPhT4ru9B16/8A7H8P2eu6fJsuNNXVtYsdLluonHMckcV5I6uOVZQwIIzXkUv7NPwY/wCCcn/BSX9mjwp+x94R/wCEP0L4u2vivwx8RNCsb2Z7fXPsOjNqlnqVykjsJL2KW0kQ3R/eut26uzAgV9e/tT/s3/Dz9r39njxd+zT8VRdroXjDR5LG8uNPm8u5tWJDxXMLkELNFKscqMQQHjUkEcV5F8Ef2D/jRpv7Q/hj9pX9sH9rgfFjXPh94bvtH+HlvY+BIdAttN+2iJLzULlI7mc3d9LFBHF5gMUSI0gSFTISAD2X9oD9nP4O/tSeAR8Lfjr4UfXfDrX8V3caQdRuLeG6ePOxJhBIhmiycmJyY2wNykDFfH//AATO8DfDKz/bk+N+rfsM6AdC/Zr07w9pnhxbDS7iQaBqvja2ubr+0rvR4ixSOKG3a2tZ5IAscs8ZxvMTNXrX7SX7Gf7Yn7QX7Ivjb9m2D/goPNoeu+L/ABffXEXjm1+HMKS6d4anuWdNBSG1vLdjsgK2xvRKkzoGb5WbK7H7Iv7L37Uv7OXgYfCLxV+0X8OLvwdpPhb+yfBeh/D34KSeHToUqhVimDT6xfJOqKG/dtGNzHcznkMAfGXxw+Bn7Pn7Lv7ePwI8K/s3fsX+Iv2fXi+NOn2Wp/Hmd0j0jxlZvBKG0AyWd1czXcmoOyQodTS3AdCVcybFe/8AtjfsJ+JtE/bY+Pn7bnxd/wCCVHw1/aM8C61pfh650t/EHimzj1zTbTTNJ8u++w2VxZTJO7tkiN57cuYABu3LX0dqv/BPr9qD44eL/A7/ALaP7dNn468I+AfGen+K9N8LeFfhXB4efVdUsJRNYyahc/bbozRxTBZTFBHbq7Iu75RtO9+0d+yj+3b8bdV8WeFPBn/BRKx8H/D/AMWwtayaLa/CC2uda0qzkgWKeGz1Nr1I0Zv3jLLLayvGZOD8q4APY/2cfij8L/jf+z94I+MXwSwPB/ifwpp+p+F0FuIfLsJrdJIEMY/1ZWNlUp/CQR2rtK5T4FfBjwH+zl8FfCfwB+F2nyWvhvwV4cs9E0O3ml8yRLW2hWGPe/8AG+1AWY8sST3rq6ACiiigD4d/aQ+FXgH9tb/grnpv7Jv7Svh2PxR8NPAv7PS+M7TwRqUjHTdR1vUNbnsBd3MAIW5a3t7FliEgZY2u3YAMQa6j/gj9qut6P8PfjP8As73Gv6hqOhfBv9oXxD4N8Ey6pfSXU9voiQWV/a2hmlLSSrbjUGtkLsWEcCLn5a7n9p39i/x/8Tvjv4a/aw/Zq/aAi+GnxL8P+Grzw1d6rqPhJdd03WdEuJo7g2l1Zm4tmLRXESywyxzIyM0gYOrlap/C39hn4jfAD9lq++DXwF/amv8ARfH/AIh8ct4t8ZfFfVfCVnqNxrWpXWpR3eps1i5WCJbiFXtIwp/0eIxldzRgkA47/gpZ+zf/AMEyfDvgfxV+2J+2/wDBuDxLqA06HTdMknvbu41Ke7K+TZ2GiwrL+4vppCFj+yqkjSNuZsKWHLeD/i3+19+zB/wTP+Bf7OHxA8R/2l+1D8RvD9p4Y0OTXLgXkmnXxgMt1ql+5P79NMs8yzuSRNNEke4tcKT0v7U3/BO39qn47ftt+H/2vvA37Z3hHS7DwVo/2bwD4D8bfBybX7Lw/fyLtudViaLWbISXki5jWWSNjFGSqEZZm9T8b/sLfBz9qD4beFfD3/BQz4Z/Dv4z+I/DK3Ri1u/8Ara2aSTuu97aznuLprbckcCsPOfcYg2RkKAD8+P2edf1X/gnZ/wSX/b8u/2f/FOoy6v8OfjJ4yh8Pa/qF6bm/N3/AGPpES6lLI2TJP5rm4ZjwXycY4r2Dxp+yT8Hv+CZPx9/ZN+IP7LWm3Glan44+JS/D34oXMepTyv44tb3QdRujf6kXdvtV1Fd2EVwtw2XBd13bGK16f8Asz/8ER/2Nv2dfAfx5+Gtp8PfDk+k/HXV9Xiv10TwzHpk2k+Hb61hhXQ4pEkctFC0csqSDYA82RGpXJ1fgr/wTj+MWh/Fr4a/ED9qb9sy6+KemfBa0uU+GGif8IPBpDxXcto1iNR1OdLiX+0btLR5YkdEt0BmeTyy5BAB9ZUUUUAFeX/tu/FvxN8Af2L/AIvfHfwWqtrPgr4X6/r2kq8YcG5s9OnuIsqeGG+NeD1r1Csvxt4M8M/EbwZq/wAPfGukx3+ja9pdxp2rWE2dlzbTxtFLG2OcMjMp+tAH5jv+zL8Nv2IPg/8AseftifBH7bb/ABP8YfFDwNoPxR8aSarPNeePLbxGgt9S/tNnci8/fXC3cZcHyWgXy9ijFfpT8XPhR4I+Ofw31b4S/EmwurvQdcthb6pa2ep3FnJNFuDFPOt3SVA23B2sCQSOhNfLfwg/4JY/EvwrrXwo8IfG/wDbNv8A4gfDD4FapDqPwv8ABM/gqCxvRc2ttJa6bJquopO/9omzhlby9kNtukVJJPMZefXfiZ8CP2s/GXhH4x+HPCP7bDeH7nx0kEXww1GP4f2sr/DyMWkUM+zbNG2pPJKs06yTMhiaUKMqgyAfMH7O3wW+Bfw4/wCCutv4H/4JueBYfCngb4feANVsP2jV8MzSR6Be6zcvaPo+nmLcYpNWgC3U8sqjzI4p1SR8yBK8f/bt8ZXv7Z/x6+B/7YsfiGRfhn4H/a/8FeEfg/ZR3W2HW511jZrHiJ1BxJE00AsrRjkCK3uJl+W6Uj67/wCCfX7Cn7Uv7Dvh3w/8I739qP4ca/8AD3R4bhr/AEXRPgpd6VqurXsqsz31xqU2vXZkuJJ286WR4XaUkjK5BHG/tHf8G/X/AATb+NMPhH/hAP2XPhn4Hn0D4i6T4i1240/4fW0za9p9rOZLnSZdrx7YrlTsdzvAHJjfpQByv/BRX9gT4l/Hb/goFpf7UQ/4J+/DH9oXwbpfwSXw7H4a+InjC30zyNT/ALWluzNaiayuleQQkIN4iQ+cf3owa+nP+CdHxi+BPxy/Y58HeNf2cPhY3gTwtbw3Wkw+BJLCK1fw5d2V1LaXenNFESiGG4hlT5flYAMOGFUfjN+zx+2bf65bWP7Jn7aHhv4Y+ELbw/baZa+FdR+DkGt/2eYQyia0n+3W3lnYY1EcqTRr5QwuCQer/Y0/ZS8EfsVfs7aH+zz4E17VNYg0uW7u9R17XJVe91fULy6lu7y9nZFVd8txPK+AAFDBRwooA9RooooAK+Mf+Cj+gad+0B+2t+zF+xD8SxNefDbxxN4w8R+OPDguXit/EB0WwtPsdjdbCDNbefqHntASUkNqm4MBivs6vEv2xf2P9S/aT1LwH8T/AIZ/FubwB8Sfhfr0+qeB/GC6KmpwQi5tntbyzurN5Ixc2s8D4dFkicNHG6yKU5APHv8AgnD4f039n79tj9pz9iL4ZLNZ/DbwRJ4P8SeB/DZuXlt/D51qxu/tlja7yTDbedp/nrApCRtdPtCg4r079uT9mT/gn54+8OXf7SX7fPgfw/qvh/wJ4eme4vvGV7M+maZahjI832Uv5JmJwFk8szE7UQ5IBzvg5+wz8VfhB8O/jB4isv2qZbv44/GNmudW+L7eCrcQaVdw2Is9N+y6Q8rxfZbNFVkt5ZZDIzSmSRvMOOS/bf8A+Cdf7TP7X3ij4TavaftneHbHSPhqsWoap4R8W/CRtY0rxP4giUCLVrqC31WyB8pgZIrZi8SSHfhiq7QD598P/sfftR/tRf8ABBnxh+zvo/gfUZp/G/js6r8JfBHxK1p0vNM8FjxTa3+nadqE9x5joU06EnY5kdI2SIgsuwd7+yF4y+Cn7HHxY+JvwJg/4Jg+BP2fPijb/Ce58b6enw91G21PSvGGjWUjRNsvIbS0l8yC5ljV4JYUYC4V1LKc19NH4S/tx33wDuPBuqftmeFbb4inWlubLx1onwfEOnpZqUP2SXS7jU7gybsOGlW5jbDjbtK5blv2ff2EfiD4X/aO1f8Aa7/a1/aNi+Knjy98Et4P0ZdO8Fx6Doui6LJcpc3EEFl9ouXeSeaOJpJpZ3JWJEUKowQD4XsPgd4R+Av/AAS2+Av/AAVw8KXd7N8fdV1z4feLPG3xCbUpm1DxYviPVtPg1LSrxt+JrQw6pJGlvjZCIIzGEKZr9eq+KPh9/wAEivGHhXTfAfwD8V/tg3+v/AL4X+MbXxD4J+F03g2GK/DWVwbnTbC+1b7QxvLK0m8tkiFvG7CCJZJHCnP2vQAUUUUAFflpF+zJ8Nf24vhH+2H+2D8cBe3HxN8H/FDxxoHwu8Zx6rPDeeArXw5GbfTjpjI4FmfPt2u5CgHnNO3mb1OK/Uuvjj4wf8Es/iZ4p1v4r+E/gd+2bf8Aw++GXx11SbUfij4Kg8FQX9611dW0drqUulai86HTjeQxKJN8NztkZ5I/LZuAD3b9h/4t+J/j/wDsWfCD47+NVUaz42+F3h/XtXCRhALq806C4lwo4Ub5G47V8R/8FAv2Pv2VPgh47+HHw6/Yb+G0mkftT+N/iRper+FvFOjaxdzaxaaXb6nDPrWqatcySvJJpYtPtMDxTlo5HuI4o0LYC/c1h8FfHPg3x18PLb4SfFmLw18M/BPhe70fUvhrD4aguE1f91bxafIt87edaC0SGQCNARL53zkbBn5i+Cn/AATU/b4+Bnx08e/tBaJ/wUL+HeueJviLroute1/xV+zzc3epJp0bf6NpEE6eIo0gtIEJWOOOJV3M0jBnYmgDlP8Agoh+wB8TPjX/AMFDov2qZf8Agnf8Mf2h/B1j8DrTw3B4d+IXjG20yS21OPV727kktFnsrpHk8mWNB5nkofNx5owaofHr4T+FP+Cov/BMn4AXn7Ev7Knhq98G+HfixpOq6j8HPG1zDo1haWOjvf2d/o1yFhnSMJcI1sQkUoP3grLX1V+0H8Ev27PHXjq61f8AZ1/br0L4f+H7zTY7dtE1f4PQa7PZzDcHuba5N9b7XYFTtmjnQFfu4JFYHgf9hf4pfs0/sn+CP2Zv2I/2oj4MuPCd9c3WqeI/GfguHxI3iOW6luLm7ku4hPasskt3cPcFoZY9p+UDbxQByP8AwS38RfAvwT4v+J/7JvhP9gzw3+zt4/8ABdzpmp+MvB3hG4tbrTNWtb6KUWWp2t5bwwfao2FvNG2+GOSNoirKMivsGvAv2Qf2KvEf7P8A8S/H37RXxs+O1z8Svif8SV0628Q+Jf8AhH4tIsbTT9PSVbOwsbGOSX7PChuJ3YtLK8jyFmY4GPfaACiiigD5g/4LM/Ff4h/Br/gmx8SPFnwp8V3eg69f/wBj+H7PXdPk2XGmrq2sWOly3UTjmOSOK8kdXHKsoYEEZryKX9mn4Mf8E5P+Ckv7NHhT9j7wj/wh+hfF218V+GPiJoVjezPb659h0ZtUs9SuUkdhJexS2kiG6P711u3V2YECvr39qf8AZv8Ah5+17+zx4u/Zp+Kou10Lxho8ljeXGnzeXc2rEh4rmFyCFmilWOVGIIDxqSCOK8i+CP7B/wAaNN/aH8MftK/tg/tcD4sa58PvDd9o/wAPLex8CQ6Bbab9tESXmoXKR3M5u76WKCOLzAYokRpAkKmQkAHsv7QH7Ofwd/ak8Aj4W/HXwo+u+HWv4ru40g6jcW8N08ediTCCRDNFk5MTkxtgblIGK+I/2Gk+HPwn/ac/aP8Ai7+wf4RbTP2cPB3gK306HRtLuJBoOt+ONPe9l1G40eIkxxxR2/2a0nkhCxyzxnG8xM1e7ftJfsZ/tiftBfsi+Nv2bYP+Cg82h674v8X31xF45tfhzCkuneGp7lnTQUhtby3Y7ICtsb0SpM6Bm+Vmyu9+xp+y/wDtFfs4+Frf4R/E/wCNfwx8Q/D3SPDiaT4b8HeBvgvN4bTT1Uqo3SS6xfLLH5YdTH5almfcXPIYA/N79hP4j+Frb4JfBf8A4KZ/tqf8E7v+EgPjrxZpE2tftLa14/W58R6drOoagtvb3Y0wR/6HoqXkkVrDFDc8W4jZrbDEH6M8Ffsk/B7/AIKcftB/tY+PP2ptNuNV1HwP8ST8PfhhcS6lPE/ge1s9B066+36aUdfst1Ld38tw1wuHJjRd2xQtdj4T/wCCO3jLQ/BfhX9lbXf2yr/VP2c/BPjG017w/wDCt/BMEepPFZ341Cx0q61n7QxuLGC5SJggtkmZIURpiBmuy+NX/BOX4x638W/iV8Q/2WP2zLn4V6b8aLO2j+J+i/8ACDw6u8t1DaCx/tHTJnuIf7Ou3tEiid3S4QmGOTyw4JIB1f8AwSY+O3j79pr/AIJp/BH46fFPUJLzxJ4h+HenTa5fzD5726SMRSXLf7UrIZDjjLnHFfQ1cr8Dfgz4B/Z0+DHhT4B/CzS2svDfgzw9Z6Lodq8m90tbaFYo97fxuVQFmPLMSTya6qgAooooA+A4/wBmr4Mf8FG/+Ck/7S3hP9sHwh/wmGg/CKz8KeGPh5oN/ezJb6J9v0ddUvNStkjdRHeyS3UcYuh+9RbRFRlANeuf8EZvit8Q/jJ/wTa+HPir4q+LLvX9d09tZ8P3mu6hJvuNSXSdZvtLiupXPMkkkVnG7OeWZixyTUvxv/YQ+NGpftD+Jv2lv2Pf2tx8J9e+IHhux0b4h2994Eh1+21L7EJUs9Qt0kuYDa30UU8kQkJlidBGHhYxgnqPhh+xxrv7OHwT+D37PH7LHxvu/CPhX4aapbt4kg1HQLfVbnxhpqw3H2i1mmlKm1mnuplunuYhu3oyhQrnAB8w/wDBX/8AZP8A2H/h58HfFvxM0P4O3WoftI/FK8m074L6romt3Z8UT+LZkP2OTTpzNvs7e2cJcTeWY7eKCFy4wcNzv/BRvxt8efG37WH7NX/BPDxh8Ipvi2mufDXVvEfjjwhD4qOg6N4r1myS0gRtUu1jZl02EteXBhWKUSzPaq0LAceveJ/+Cb/7a0n7cfi39t/wT+3j4EOq6xYrpPg3T/G3wIuNYbwbow5awsZItftUXzXAeabylkmYKGO1VUemftK/sR/EL44eIvhd8evAn7Qlt4L+M/wus7u1sPHEHg1b3TNTgvreKLUbW50uS5VmtpnhilRFuRJC0a7ZW+bcAfKWvfBrQv2wf+CWX7Qn/BPP9lT9jbRPhH8RfDvjax0jxd8JG8QxSaRb3zT6XqAube7VFjazuLARyqywxkkODCG+96d/wTzj+BP7OX7XGufspah/wTG8B/s6fEjX/A58RaVf/DrU7XU9L8VaNbXccEyreRWdpIs0E08Ja3lhHyyh1Zhk16X8KP2C/jR8FPhd8QL/AMBftfyf8Ln+J/jODxL4x+K2p+A7a4triaGK3torOPSvOVYrNLS2jt0jE5lUFn84seLv7PX7DXxQ8J/tO3P7ZP7V37TSfE7x9B4Ok8LeGF0fwZH4f0fQNLmuY7m5EFoLm6keeaWGEvPJOx2xKihVyKAPpCiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigDzP9sX9rT4O/sMfs0+Lf2qvjzq81p4Y8Iab9pvRaxh57qRnWOG2hUkBpZZXjiQEgbnG4qMkfLnw9+Mv/BwB+0L4Ls/jf4C+An7NXwu0PW7Vb3QvAHxP1PX9Q19LZxujF7cWPlwWsrIVJQRSNHnDqGBUc1/wdBaBrd5/wAExIvHEGk3F/oPgv4reGNf8aWdvEZDLpEN55c25B95Q8sTHsAuTwM1+gnhPxX4a8eeFtN8b+DNdtdU0fWLCG+0rUrGYSQ3dtKgkjljYcMjIysCOCCKAPiD9tv/AIKRftsfsif8E5/Df7TPjz9m7wl4P+J938T9L8LeIPCOrapLrWmJb3Govatd209tJbs6ywqk8W45TzArqxU1931+dn/BzPdWt3/wTp0Q2tzHJ5fxz8IJJ5bhtrDUBlTjoR6V+idAHyr+xZ+3H8Wf2jf2+P2q/wBlnxv4e8O2vh/4Ga94ZsvCV5pVpOl5dx6jp81zObt5JnSRleNQnlpEApOQx5Hy3+wx+3d/wXy/b2/ZBg/bN+DHhb9lC40661DVYLHwVqWi+I7LUb02N1LbtEtz/aEsEckhiOxmGzLDcVGSO/8A+CVv/KYz/gol/wBjh4C/9Mt1Xy3/AMEH/AP/AAWC+IP/AASt0Twv+yT8e/gT4F8B6j4h8SQadrmv+DNW1HxPprtqlys0yFbtbN2Ehdow0WANobJyaAP0y/4Jf/t8eGv+Clf7GXhf9q/QfBVx4ZudVkurHXvDV1cec+l6jazNBPCJNq+Ym5d6NtUlHXKq2VHG/wDBRr9v74xfs5fF34Q/scfsk/CXQfF3xk+ON/qkfhRfGOqy2eiaPZabbC5vL69eFWlkVYz8sUeGfa+DlVR+/wD+Cbv7B/w+/wCCbX7IHhf9kv4d+Jb3XYdC+0XGqeIdSiEc+q39xM01xcsgJEYZ3IVMttRUUsxBY8//AMFE/wDgmL8I/wDgohZeD/EOv/Ejxl8PvH3w41G4vvh78Svh9q/2PVdEmnVFmRWIIeKQRx70OCQgAZctkAzfgHq3/BZ/RfjT4e0j9q7wr+zjr3gDUWuE8Qa18MbrW7DU9HZbaV4XW31BpY7lGmWKI7ZFYCQttwpr3f4x/tB/AT9nbQYfFX7QPxv8IeBdLuJTFBqXjHxLa6ZbyOBkqslzIiscHoDmvze1j4q/8FTP+CRf7X/wH+Fv7SH7aen/ALR3wf8Ajj8RbbwNBJr3g630nxF4ev7oqsE6y2zN9pjVmDO8jP8AKrDbGWVq2f2SPgr8H/22P+C0n7X3jr9sjwHo3jjX/hFqHhvw18NPDHjCwjvrTw5olxYPcG5trWcMivcyDzDNtLAlgpAcggH6LfDL4ufCj41+E4/Hvwa+J3h7xboUsjRxa14Y1qC/tHdQCyiaB2QkZGRnjIrl/A37ZX7IHxP+Is3wg+Gn7Vnw28ReLbdnW48L6F450+71GIpneGtopmlXbg5yvGDmvi3/AILzeDPCH7EP/BGX4wWX7HngLRvhfYeLvEWkxeL7rwNo8WnRww399Y2F9dmO3VVDy2yR27sBllbnnmuR/wCC0v8AwT4/YK/Zf/4I3+Ivid+z38IPCXw/8QfB/TNI1j4XfEHwvp9vaataajDeWyW8i30SiWd7gsFdmZvMaQOcuFYAH6ReMvjb8GPhz4r0nwJ8Qvi74Y0HXNetL260LRtZ1+2tbvUYLOLzruWCGV1eZIIj5krICI1+ZiBzWb4E/af/AGafij8PdV+Lfwy/aH8DeIvCmhXUttrnifQvFtneafp08SJJLFPcxStHC6JJGzK7AqsikgBhn81/+CgHwj8Pftq/8FOv+Cb/AIP/AGmvCkd7ZeI/BXjPWPGPhy4jKwXk8WiafetaTx9HhNxGqyQsCroGRgQxFVP+C13w2/4RX9rP9kb9ib4AfsZeD/E/w68b+K/E/iXxF8HbTV7XwlovjTWNM061NnFe3CW7xMIU/e+VJG4n8qOIjhSoB+mPwY/al/Zk/aQN8P2eP2jPAnj3+zCBqX/CF+L7LVPshJwBL9mlfy8kH72Old3X5P2/7IH7evib9uj4CftJfCT/AIJDfDL9m9/AnjFLfx74m8B/F7TLoa14VuU8m9sLiytNPtBcBVKyxli5Ro8KoJBH6wUAfNPgz9sz4kfGj/gpd41/Y++Duj6CfA/wh8D2lz8T/Et/aTTXZ8Ral+807TbQpMkaLHapJPOzLIxLxxgRnLHE/wCCSn7ePxZ/bS+G/wARPB/7Tnhjw7oPxc+D/wAUNV8HeP8AR/C1tPBYs0Eha1vLeO4mmkWGaE8M0jbmikZcKQB5X/wQfaXU/H37bfiPxPk+JJv21/F9pemT/WCwt4rNbFOeTGqNIEPp0rnPjH4h0H/gmj/wXq0r48eJdVh0T4XftZ/DmfSvF2oXD+Xa2XivQIfOtrqZhwvmWP7lRjLPJI2Tg0Ae6eNv28Pi/rP/AAV/8H/8E5fgX4c8N3nhzSPhpe+M/jZr2p2dxNd6bDI4g0y0tHjnjjhneYo7iVJd0MoKhdpJzfh78VP+Cq/7Qn7Jfgb4m/s+fGD9kPVvF95qesR+Mda0r+2dd8LXMEV48VoumzWd6r+aiIVuPMdwJQyqF2kV5v8A8EAfDGvfHHwz8ZP+CsfxH0qaDXv2mfiPcah4djvE/fWXhPTWex0m2OeQQqTZIwHURNjoav8A/BsH/wAoYvhr/wBjB4q/9SLUaAPPPgj+2h/wXn+OP7bHxv8A2ItE1b9kWy1r4GweHJdb1m68F+KDa6iNYsDewiALqhceWg2tvA56ZFfoj8Aofj/b/CPR4f2pNS8HXfjxUm/4SC48AWV3b6Q7edJ5X2eO7kkmUeT5Qbe7ZcORgEAfEP8AwT5/5WAf+ChH/YP+Fn/qNtXvVh+1h+31c/tHt8K73/glN4itvAY8WyaavxSb4u+HGtzpi3DRpqv2AXH2vY0QE3kbPNAbaV3AigDL/Zb/AG4/iz8bv+CoP7Uv7FHivw94dt/CvwQtfBcnhTUNPtJ01C7Or6Sby5+1u8zRyBZBiPy448Lw28819U1+eH/BPn/lYB/4KEf9g/4Wf+o21fQn/BWj9qDVf2Pv+CdvxT+N3hR5T4lh8NtpXg2K25ml1vUHWxsBGo5dhc3ET4HOEbpjIAPOP2e/26f22f2s/wBlz4xftE/s1fBTwL4muNP+L2peG/gTpV/qU+mW2u6JYX0NjPql7dvJIGzIt9IqxJHlbdUwWbNVP+CT/wC3R+3B+0z+0F+0V+zX+3T4L+F+j+JPgnrXh+yg/wCFXR6gbWX+0bS4umEkt7M7TFFSFdyxxDdv4YbTX0B+wL+zBpf7F37Fnwx/ZZ0tIs+CfBtlp+oTQ/duL4Rh7ucf9dLhppPq9fKf/BLH/lL5/wAFDf8AsdvAv/pknoA+2P2g/j18Lf2Xfgl4n/aF+NfiaPSPC3hDSJdR1m/k5KxIOEReryOxVEQcu7qoyWAr48/4I7f8FLv2wf27Pj3+0H8Jv2tvgb4Y+H8nwxk8K3nhjw/pEF0NRtbHXLO8v4YNSkmnkSS6jt0tFfy44QshmBXoF8+/4Kt/HH4ia7/wUI+G/wAGPi9+xP8AH/x38AfhzY2/jbUl+E3wmvvEFt4v8UiVhp9ndvEFiFpZBTctEXYyTGIOhVQa80/4JLft36b44/4La/tevH+yb8dtK/4WzrXgRIBrnwvubY+E/sWhXaE67ub/AIlYn6wGTPmryKAPu34V/tmfEJf+CkfxE/YA+O2iaHZyJ4QsvG3wf1nR7aaE6zoLv9lvYLkSyyKby2vFwTHtDwyo3lptJb6Tr8+v+CgrzaT/AMF3P2BdQ8J5GqalY/Eyy11Yv+W2mJolvKolx0RZcsueC9foLQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAGf4t8JeFvH3hbUvA3jjw7ZaxousWMtlq2lalarPb3ltKhSSGWNwVdGVipUgggkGvjDSP+CE/wAFfh5aTeEv2df23f2oPhR4Kkmd4Ph38P8A4xyQaPZB2LOlstzBPPbKSScRTL14Ir7fooA+TvjP/wAEa/2S/i/+wnpv/BPaz17x34U8FaV4li8QW+reHvE/m60+pLdyXj3Ml5qEd0XkkuJZJHYrnLfLtAAHN+GP+CM+ueGfEuneJH/4K/8A7aupDT76G5Onap8YbGW2uvLcN5UyDTAXjbG1lBGVJGRX2rRQB4z8AP2HPhN+zl+0r8Z/2pvBHiHxFdeIPjnqWkXvi2z1W7geztJNOtZLaAWiRwo8askjF/MeUlgMFRwT9gf9hz4Tf8E6v2atL/ZZ+CfiHxFqnh/SdSv722vPFN3BPeNJd3UlzIGeCGFCoeRguEBCgZJPJ9mooAK8H/bF/wCCfPwx/bK8Q+GvHmufF74oeAPFXhGC6t9B8WfCrx5caJfQwXLRNNC+wNFOjGCP5ZI2HBx1OfeKKAPkf4Jf8Ebf2ffhl+0DoP7Ufxd+Ofxi+N3jfwisv/CF6t8afHf9rR+HXkG2SWztoYYII5CP4zGxBAYEMoYbv7Vn/BKf4A/tQ/G20/ae0b4lfEn4T/E+30kaVdfEL4O+Lv7G1HUtPB3La3YaKWC6jU4x5kTMNqjdhVA+m6KAPCvhj/wT4+DXg79mjxb+yr8VPGnjr4veHPHlzczeL7z4v+LJdav9RE8EMDR+cQnkxqkEflpCsYjYF02sS1eI+F/+CBf7Kthd+F9C+Jv7Qfx2+JPgHwVqMF74U+EXxF+Jbah4Y0+S3/49l+yiBJJ44RgRxzyyIFG0gqSp+46KAPH/AIs/sU/Cv4x/tdfCT9tDxPr/AIgg8U/Bmz1628L2FhdQLp90mr2qWtybpHhaRyqIDH5ckeGyW3jipf2yP2Iv2e/27fhna/DH9oDw3eTx6VqsWq+G9d0TU5bDVdB1GLPlXtldwkSW8y5PIOCDhgw4r1uigD5U+CP/AASl8PfCP4p6D8VfF/7d37TPxLl8NXf2rRtD+I/xbe70yOYIyLJLbW0Futyyhjjz/M555NfVdFFAHyZ8F/2WvjH+zL/wVQ+KHxc+Hng4ah8Ifj54ZsdZ8UXkOoW8Z8NeLtNUW2TbySLLJDfWrhi8SyFZrc7wisGPX/8ABSr/AIJpfs8f8FUf2fbf9nT9o6/8Rafplj4gt9a03V/Cd5Bb6hZXcSSRho5J4JkCtHNKjAoch+MEAj6EooA5j4J/CDwN+z78HfCvwK+GWmGz8O+DvD1nouiWzEFo7W2hWGMMQBubagJbAyST3rhv2Ef2KfhX/wAE9f2ZND/ZS+C+v+INT8O6Beahc2d74ouoJr13vL2a8lDvBDDGQJJ3C4QYUKDk5J9gooA8Z+Dv7Dnwm+CP7YHxj/bX8KeIfEVx4q+N8OgR+K9P1C7gfT7QaRZGztvsiJCskZaM5k8ySTLcrsHFezUUUAfFfxq/4Ik/DX4rftb/ABC/bO8D/tz/ALSHwr8VfE9dKXxbafCnx7Y6VY3I06xisrYbG0+WQ7Y4y3zyN88shG0NtHPan/wRa8anx98NIdZ/4KAfGP4neCPDPxV0rxx4r0X43eLI9anluNIgvDp1vYGC1gWGN7q6WW4Em8SC1gwAU5+9aKAON/aB+EE/x8+D2ufCK2+LXjLwK+tQRxL4s+H2rpYaxp22VJN9tO8cqxsdmwko2Udh3yPjP4S/8G/Xw8+Cvxf1j45eBv8Agpr+13D4h8T6tY6h4xun+KOnD/hI5LQbYFvimlq1wgjzHgtnYzAEZr7+ooAK8b+Bn7EPwo/Z/wD2pfjR+1x4N8QeIbnxJ8dLjQpvFtlqd3A9jaNpNnJaWws0SFJIw0cjGTzJJcsAV2Dg+yUUAfJnw/8A2WfjH8S/+CtPjD9uf46+Dho/hjwB4Cg8DfBGxl1C3uH1Bblxd6rrbJDI5ty7lLSNJNshjidmRMrn6zoooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/9k=" + } + } + ] + } + }, + "considerations": { + "users": [ + "Who are the intended users of the model?" + ], + "useCases": [ + "Who are the intended users of the model?" + ], + "technicalLimitations": [ + "What are the known technical limitations of the model? E.g. What kind(s) of data should the model be expected not to perform well on? What are the factors that might degrade model performance?" + ], + "performanceTradeoffs": [ + "What are the known tradeoffs in accuracy/performance of the model?" + ], + "ethicalConsiderations": [ + { + "name": "The name of the risk", + "mitigationStrategy": "Strategy used to address this risk" + } + ], + "fairnessAssessments": [ + { + "groupAtRisk": "The groups or individuals at risk of being systematically disadvantaged by the model", + "benefits": "Expected benefits to the identified groups", + "harms": "Expected harms to the identified groups", + "mitigationStrategy": "With respect to the benefits and harms outlined, please describe any mitigation strategy implemented." + } + ] + } + } + } + ] +} \ No newline at end of file diff --git a/src/test/resources/1.5/valid-machine-learning-1.5.textproto b/src/test/resources/1.5/valid-machine-learning-1.5.textproto new file mode 100644 index 000000000..0bb04b765 --- /dev/null +++ b/src/test/resources/1.5/valid-machine-learning-1.5.textproto @@ -0,0 +1,63 @@ +spec_version: "1.5" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +components { + type: CLASSIFICATION_MACHINE_LEARNING_MODEL + bom_ref: "component-a" + group: "CompVis" + name: "stable-diffusion" + version: "1.4" + modelCard: { + modelParameters: { + approach: { + type: MODEL_PARAMETER_APPROACH_TYPE_SUPERVISED + } + task: "task goes here" + architectureFamily: "the architecture family goes here" + modelArchitecture: "The architecture of the model." + datasets: { + dataset: { + type: COMPONENT_DATA_TYPE_DATASET + name: "Training Data" + contents: { + url: "https://example.com/path/to/dataset" + } + classification: "public" + } + } + inputs: { + format: "string" + } + outputs: { + format: "string" + } + } + quantitativeAnalysis: { + performanceMetrics: { + type: "The type of performance metric" + value: "The value of the performance metric" + slice: "The name of the slice this metric was computed on. By default, assume this metric is not sliced" + confidenceInterval: { + lowerBound: "The lower bound of the confidence interval" + upperBound: "The upper bound of the confidence interval" + } + } + } + considerations: { + users: "Who are the intended users of the model?" + useCases: "Who are the intended users of the model?" + technicalLimitations: "What are the known technical limitations of the model? E.g. What kind(s) of data should the model be expected not to perform well on? What are the factors that might degrade model performance?" + performanceTradeoffs: "What are the known tradeoffs in accuracy/performance of the model?" + ethicalConsiderations: { + name: "The name of the risk" + mitigationStrategy: "Strategy used to address this risk" + } + fairnessAssessments: { + groupAtRisk: "The groups or individuals at risk of being systematically disadvantaged by the model" + benefits: "Expected benefits to the identified groups" + harms: "Expected harms to the identified groups" + mitigationStrategy: "With respect to the benefits and harms outlined, please describe any mitigation strategy implemented." + } + } + } +} diff --git a/src/test/resources/1.5/valid-machine-learning-1.5.xml b/src/test/resources/1.5/valid-machine-learning-1.5.xml new file mode 100644 index 000000000..7c541ecb8 --- /dev/null +++ b/src/test/resources/1.5/valid-machine-learning-1.5.xml @@ -0,0 +1,92 @@ + + + + + Acme Inc + CompVis + stable-diffusion + 1.4 + Stable Diffusion is a latent text-to-image diffusion model capable of generating photo-realistic images given any text input. For more information about how Stable Diffusion functions, please have a look at 🤗's Stable Diffusion with 🧨Diffusers blog. + + + + supervised + + task goes here + the architecture family goes here + The architecture of the model. + + + dataset + Training Data + + https://example.com/path/to/dataset + + public + + + + + string + + + + + string + + + + + + + The type of performance metric + The value of the performance metric + The name of the slice this metric was computed on. By default, assume this metric is not sliced + + The lower bound of the confidence interval + The upper bound of the confidence interval + + + + + Performance images + + + FID vs CLIP Scores on 512x512 samples for different v1-versions + /9j/4AAQSkZJRgABAQEASABIAAD/2wBDAAIBAQEBAQIBAQECAgICAgQDAgICAgUEBAMEBgUGBgYFBgYGBwkIBgcJBwYGCAsICQoKCgoKBggLDAsKDAkKCgr/2wBDAQICAgICAgUDAwUKBwYHCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgr/wAARCAH4AxgDASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwD9/KKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAPDv2yv+CkH7G3/AAT/ALrwpYftYfFe68N3PjiW8i8K2tl4S1XV5dQe1WJrgKmnWs7LsWeI/OFyG4ztbGN+y9/wVb/YY/bK+Jp+D/7PHxO8Qav4gXTZb82mpfDPxDpMfkRlA7efqFhBDkF1+XfuOeAcHHyZ/wAFx/ird/BH/gpn+wN8U7D4UeLfHE2j+KfHUieFPAmnRXerahu0qyj2W8U0sSOw37yGkX5UY5JGD9i/smftw69+1R4r1Twvq37DPx4+FKaZp4uk1T4teE7HT7S9JkCeTA9tfXDNKM7iCqjaCc9qANj4f/t7fsnfFH4O/Ef4/eBPit9u8JfCTWNa0v4hat/YV/F/ZV3pMIm1CPypIFln8qMht0KSK/RC54rwnSf+DiL/AII+6xY22sJ+1feWenXao1vq+r/DHxLY2LK33W+03GnJCFOR8xcDnrXyt+wD/wAodv8Ago7/ANlg+NH/AKaEr7a/4IwWNlqf/BIL9njTdSs4ri2uPg3osdxbzxh0lRrNAysp4YEEgg8EGgD6G+F3xW+GPxu8B6d8Ufg58QtF8VeG9Xh83S9e8P6lFeWl0mSCUliZlbBBBweCCDgit+vzQ/4Je+GNH/ZN/wCC1X7Xn7C/wZtE0z4YXGjeHfH2h+FLQbLPQNSvLeNb1LeMfLCkzyBtigKqQxKoAQV9Zf8ABUXVP2qfDP7A/wATPHX7FPjt/D/xL8MeHX1zw5crpFrf/avsbLcT2fkXUUiOZ4I5oVwAweRSGBFAHvtFfB37Zv8AwVc1Sw/4I0eH/wBt39lSaMeP/jNpOiaJ8JdOjiiuHj8TauywJbqkqtHLLav9pYo6sjNaFWDAkHgv2/v2yv2sP2eP2i/gZ+w744/4KA+GvgRo+v8Awqk1Txd+0j4s8Eafdp4j8RWskVvLptulysenWLuC10xdAoWRFUL8quAfpdRXhH7BugftAaX4C1PWPjJ+3l4f/aD0nVLmKbwl4x0Pwhp+lGKEKwlikOnSvb3PzbSsiBMcgg9a8O/4ORPj78R/2dv+CPvxT8U/CjXZ9J1nWxpvh5dXtpSj2Vvf30NvcuGHKloHljDAgqZAQcgUAdj8TP8Aguz/AMEnfhN451P4d+KP2w9KvNT0SYxayfC/h/VNbtrBwSGWe6061ngiKkEMGcbSCDgg16F4w/4KZ/sI+CP2Qbn9vbVP2ktEvPhFZywRXXjTQIbjVIIpZbiO2SIxWUcswk86WNGTZuQt84UAkdh+yh+y58G/2Mv2fvDP7N/wI8IWWj+HfDOlxWsEdpbrG11IqASXUxUZkmlYF3kbLMzEkmvhf/g5o+Fvw2+FP/BC3426b8MvAek+H7bVfEug6nqNro1hHbRXF5Lr2nebcMkYCmR9oLNjLHJOSSSAfpbXnfgb9q74BfEn9ofx1+yn4K8e/bfH3w1s9NuvGug/2XdR/wBnQ38PnWjefJEsM3mR/NiJ3K9GCnivRK/PD9hr/lYa/bm/7E/4b/8ApnoA7zUf+Dhr/gkNpGo6pp2o/tS6jENF1SfTtWvT8LfE5s7S5hkMcqPdDTfJXawILb9vfOOa+svhR8Wvhj8dvh1pHxd+DXjzSvE/hjXrQXOj67ol6lxbXcRJG5HQkHDAqR1VlKkAgivx4/4Iz/8ABVf9ib9kL9lL4q/BL44ah4u1TxRJ8dfGV0nhDw18Lta1l9ShmugqQpLb2j2jPJtZdjzLjPzbQc19af8ABuV+zf8AG39mz/gnjcaX8b/hlf8AgWXxb8Sdd8UeGfAWqxmO58N6PdyR/ZrKSI8wsPLeTyyAyiYbgrblAB9c/tH/ALT37Pv7IXwtu/jV+0z8XNF8F+F7KVYpdX1u7EaPK2dsMajLzSsFYiOMM5CnAODXi3wH/wCC0/8AwTL/AGlfilo3wU+Ef7TsNz4q8RSFNA0bWfCmr6RLqTBSxFub+0hWY4BPyE5A4ry//gtj+yx+1P8AFXxd+z5+1l+y78F9M+K118BPiFc+INa+Eep6vFZf8JDBNBGizQSTgxC5tzGWj3AkNJuUOV2NF8Dv+C437PPxa/aC8Ifsr/tmfsffFL4CfEXxDqiJ4Hs/jB4NWPTtT1HIVI7C/BKvMWbYrlIwWdUVizhSAffNFfBPxj/aW/bl/bK/4KM+Pv8Agn3+wx8bdF+D/hv4J+HtHvvir8T7vwhBr2qXGparC1xZabY2t0fsyJ9nVneaQOQykADbhus+N3x4/ac/4JOf8E8/i9+1B+2D+0XY/HS88G2iXfhK+XwTb+HZ5ZJ3htLazu0tHaJgbuaPM0aoQjn5MqMgH2VRX5gfGnX/APgul+yR+xhP/wAFI/Hn7aXg7xrqPhnQIfFXjz9n5/hXY2OkQ6ZtWW8s7TVInN6JreEuRLIzhzEflPAboP8Agob/AMFC/wBsC68d/sQyf8E7/GOlaZaftJ3F7Nc2PirRYLq0msrjSbS6tbi5+UzKtqty9yY7eWJpTF5ZfDZAB+j9Ffmz+3B+19+2B/wS4+GXgv4M/Ev9vbwb43+JPx1+IZ0vwp8Sfin4S0zwx4f8BaVBbI+oXk6WsiJcLFuQxJNJuZ51VncKEfz3SP8AgqB8Sf2Rf2j/AIQaXr//AAWa+C/7XHgz4o/EKw8F+KPDnhqz8PWGu+F7i/LJbarapo9w5ls0mCpMJlYqrqAxZwVAP1oor8uvjt+3V+0d8Sv+ClvxW/ZD13/gqT4N/ZE0f4frpEfgLStf8D6TeXvjuK7tBNJqC3WtMIGjWUtEsVv8/wApDYZCW/Qb9mDw98Z/C3wQ0XRPj/8AHPS/iV4njE73PjjRvDselQatA8zvbSi1ikkjjbyGiVtjFWZSwwGwADv6K+P/APgrB+2p8f8A9n2/+Dv7LH7H9tokXxZ+P/jl/D/hrXvEtqbix8PWNvEJtQ1N4Aw+0PDEyFIidpLEndt2N5R46+Of/BRr/gl7+058ENI/az/a4034+fCf43fEG18AX2qXnw5sPDuq+FtfvEY2EkP2AiO4tpXSQOsilkVCdxOMgH6L0V+b/jP49/8ABTb49/8ABZH4y/sE/s7ftMaN4B+H/hf4deHdc/4SPUPA9lq11oEk8f7yOyidU8+e5kbJe6klihjgk2xFnXHoH/BN/wDaX/bB0r9tn42/8E2/21fi3pfxK1r4b6RoviTwf8SrDwxBo1xq+lagjh4ru0tv3EcsMqqoaMAMCxPYUAfbGrarYaHpVzreqz+Va2du89zLtLbI0UsxwAScAHgDNfFuif8ABxP/AMEifE2lw654c/aO8S6hZXAJt7yx+Cvi+WKUAkEq66SQ3II4PUV9h/EDSb7X/Aet6FpkQe5vdIuYLdCwUM7xMqjJ4HJHNflZ+zFr/wDwWR/4Inf8E4vCmifF39jb4U/ED4ZfCbQLm48XW/gf4jXf/CUWenG4mu7q88ue0W0l8hJXYxxyMSsR+YDLAA/TL43ftJ/Ar9m34OXn7QXx5+Jum+FPBthFBJea/rLtFDEJnVIgQRu3O7ooXG4lgMZrhf2KP+Ckv7FP/BRSx8S6p+xp8bY/Glt4QvILXxDPDoOoWSW0syyNEAby3i80MI3O6PcvHJGRntvh34x+CP7Y/wAAPC/xX0bSNO8UeCvGuiafr+ixa1psc0csEqJcW7vDKGCyLlTgjKOvYivi7/gkVaWtj/wU4/4KA2VjbRwwxfFPwykUMSBVRRpEgAAHAA9KAPpf9rP/AIKZ/sLfsN+JdM8EftQftC6b4b1/WbL7ZpXhyDT7vUdSurfe6CZLSyhmnMZaORQ+zBMbAHINbX7JH7eP7In7dvhnUfFn7J/xz0nxhb6NdLb61a2yTW17psrZ2rc2lykdxb7trbfMjXdsbGdpx6Nc+FfAmneJrj4oXfhzSYNZGlLZ3XiKSziW5FjG7yrC9wRv8lXkkcIW2guzYBJNfnP/AME8b/Sf20v+C1/xq/4KWfs3aCLP4L6b8MIPhpF4rt4fKtviF4gg1CO4uNTgwMXEVtHF9lFxyGCx7GILAAH6XVy/xr+M3w1/Z1+EfiP47fGPxJ/Y/hXwlo8+qeIdV+xzXH2S0hQvJJ5UCPJJhQTtRWY9ga/P79pz/gqN+0d/wSK/aK8eeB/217bXvix4E+IdrNq/7M2uaF4bt4r2XV8pGfBl0tjAil/MkjaC5dGdoixZpX+SP0jX/wBmb/gor+0B/wAEa/ij8GP2qPiHp/in44fFfwPrHk6FBZ2OnaZ4ZlvoSLbRYZII08yO3DKjTzPLIz7z5jrtoA6H4df8F4/+CXXxY8U6F4N8AfHXxNf33iXULWy0Qf8ACnPFkUNzNcOqQ/vpNLWJEZnX947KgByWAya9y/at/bO/Zc/Yd+HcHxX/AGsfjRpHgjQLq/FlaX+rM5+03JjeQQxJGrPI+yN22qpOFJr4XH7av/BSv/gkF+zv8Pb/APb6/ZL+Gur/AAQ8I6TofhbxL44+Efji9vNT8MQKkFjDf3lpeWkQuEaTywywHgyDBJwG/RzXvB3w7+JVppuoeJ/Cmja/BaTrfaRNqFhFdLBIUIWeEurbG2OQHXBwx5waAOD/AGOv23P2YP2/fhG/x2/ZI+Jw8W+FI9Xn0t9VGjXtji7hVGkj8u8hikOBIh3bdp3cE4OOE/aY/wCCvH/BOf8AZA+J1z8Ffj5+0zYab4vsreOfUPDGk6HqOsX9nE8ayI88GnW87who3RwXC5Vw3Qg14N/wbfgL+yx8Z1UYA/ap8c4A/wCvmGvuDxTd/Bj4GaP4q+Oni1fDvhazFp/afjTxVcww2okitoAgnu58AuI4Y1QM5O1EVRwAKAMj9mb9q39nP9sn4XwfGf8AZf8AjBovjTw1PO0H9p6NcFvJnUAtDNGwEkEoDKTHIquAykjBBPoNfnJ/wQp8Nav8Vfjx+1N/wUh8GfD+68H/AAm+P3jrSrj4V6Dd2RtW1G1022nt7jXvIIHlLfyy+cCQGYhycjYx+zf21PjF8Rf2ev2RPiX8dPhF8Pz4q8UeEfBGpatoHh4RO4vrqC3eSOMpH87ruUEonzMAQvJFAHp1FfmT/wAE6fjP+1h+2Na+AvjD4L/4L9/Dfx3qGof2fq/jX4M6Z8KtBj+y2zGOW80xRHMmpWrpGZIlnl3HcocpjIr1X/gq3+0ZrvwF8b6FJrH/AAWT8C/sweHbvQw0Oj3vw+0/Xdd1i7E0okuI1vHfZbKnlJ8lu3zh8uMgUAfcNFfnp/wRN/4KheKv2yvip8Yv2W/HH7R3hX40N8MG0q/8L/GLwl4cbR4/EumX0cm5bmy+5Bc280Rjby8I4cYHylm8p/4J3/ET/gtr/wAFK/2U/E3xi0L/AIKDeH/hxN4e8eeIdG8Jzn4T6Vqdx4ka1u3Ef21nRIbW1T5LZRBCZj5csryMSqUAfrDRX5YfsiftE/8ABYr/AIKufsEWf7a/wl/af8JfAm6stKu7XRvCumfDq11tPFep6fuiurm8nvmY2NvNdRSwpDApeJULmWQkIHftP/8ABXr9pnX/APg3P8K/8FQ/gTeW/hX4ja2+hx3iafptvcwm5/ttNOv4oYryOZFjlaOYJuVmRZBhiy7qAP1Nrz/x3+1J8Cfhn8fPAX7MHjfx19i8c/E631SfwPof9mXUn9pR6dAs94fOjiaGHy4mVsSuhbOE3Hivg39s34nf8Fkv+CdXwCH/AAUh+KH7WfhH4g6D4au7C9+KXwDsPhtZ2FhY6bc3EUNxHpeqLI15JLbGYBZJ3ZZApkKjHlN0n7YniXR/Gf8AwXJ/4J9eMPD1z51hq3hH4l3ljNtx5kMugWzo2O2VYGgD9DqK/LX48/8ABUjxv8ff25fip+zH4B/4KmfB79kvwR8GdRt9Fu/EPjQaJeeIPF+stHvuhbW+sTpDBZ25/dGQI7M4ODhsR7P7H3/BW347eJPhf+1V8JZfiL4A/aK+IX7Ovg//AISLwL4++GBhbTfiDZ3Gnz3FskkFjLLHHdRTwGGeKBsEuFQbhuYA/TGivy//AOCdPxy/a3/bV0fwJ8Y/Bv8AwX5+G3izW9USw1fxj8EtO+FOgoLGFtkt3pYVZk1OBo0MkQnkydyBymOK/UCgD59/au/4KnfsG/sSeP7D4UftIfHhdI8Ualpn9o2vhzSfDWp6zf8A2PeUFw8Gm21xJFGWVlDuFBKnBODXvtjeW+o2UOoWjlop4lkiZkKkqwyDggEcHoea/H/4C/sxftveIP8Agvj+0To2gf8ABTLXtI1jRvAvhS91TxAnws8P3Emq6XO8ksOlGKWAx28cKjYJogJZM7nJYZr3Hwt8dv8Agon/AMFNv2tfjh4I/ZI/ay034C/Cr4FeNpPAya1afDyw8Rat4o8Q26A35kF+TFbW0LsiqqLvcMDuBJ2gH6KUV+ef7N3/AAUO/ay139m79r/4G/tE6lokXx1/ZY0fUkm8ZeG9LSKy1qCbSLm+0fVhaS+YkUrrAXeAhowVHGGKCf8A4JK6l/wVU/bC/Z++DH7bX7Sn7b+maToes6Db3mo/DLQvhlprf8JFaeS8a3d7qDAPBPcPi52WkcMcSlI9rfMSAfoLWX448Z+Gvhx4L1j4h+M9S+xaPoOl3Go6teeS8nkW0EbSyybIwzttRWO1QWOMAE8VyP7Wn7Q/hv8AZJ/Zh+IH7Tvi3Tpb3T/AXhC/1y4sIHCvd/ZoHkWBWIIVpGVUBPALAmvzm8Rr/wAFqfij/wAEvPFP7ffj79rzwdfL4x+EWoeJrj9nmL4ZWsGmWug3enSTfZINWWT7aL1bOTzFeQyJ5wEbIy5egD7v1z/gop+xx4b/AGZPCP7Y+tfGHyfhv47vNNtfCniP/hH9Rb7dNfyeVaL9nW3M8XmOcZkjUL1YqOa1P2t/25P2U/2FPB+m+Ov2qvjBZ+FLHWtRFhosbWNze3Wo3O3cYre1tIpZ5iBydiNtyM4yM/nHpP7S3xp/ZV/4NyP2UfiL8CPF0Wi6xfan4E0a6u5tItL0PZXd4Ip4vLuopEBZCRvCh16qynmtD/grN8B/2p/G/wDwXM/Y2svh/wDtz6v4STxcfiA/gFYPAGj3y+BpLLw1atePCLmJhqBvOQftW/yN2YdpoA+1viD/AMFa/wDgn18KfgL4O/aV+I3x+Oj+FPiDc3EHgtr3wpqy6lq8kEjRzLDpn2X7cdjL8xMAADIejoT7L8FfjN8O/wBob4V6L8afhNq9zf8AhzxDafatJvLzSbqwlli3Fctb3ccc0Ryp+WRFPfGCK/J39s39lr9uiX/gtb+yh4Guf+CoOvy+I9Q8A+LX8M+MX+FHh7zPD0ltpNrHfyR2v2fyJzfMrO/mqfJ37YtqgCvV/wBsv/go18Xvh9+1n4W/4Jg6H/wUZ+GPwX1Hwp8LLDXviz+0R8VbPSIbrV759sMVrpunXUsNkLmfa11KMNHGkoCKNm1wD9NKK/OP/gnX/wAFJvHepf8ABQK+/wCCeXxK/bw+GP7Tek638P5fFfgb4t/DwaZDdW01vcLFdaRqdvpcslssgRhNHIgTKKcglgE47/gm/wDFD/gsD/wUh0D4l+Lb39vXTPht4X8BfHHxD4b0O/sfhVpOqapr0NrdAiCXzUSC3tYYmjhUrE1xI5mZ5RtQUAfqbRX5KTf8FU/H37afxz+KH/CJ/wDBZX4Jfsj+A/h746vvCfhTRfEUHh7UPEXimSyISfVbmPWblBb2bykiFYkDMqsGYFdzdR8Kv+CuXx5+LP8AwSn/AGsPHdl8XfBWrfFv9nK01rTrL4ofDhbW+0PxCIrM3Gna1bRv50H7xd2+E+ZGHibgBtigH6h1z/jv4s/Cv4Wz6Ha/E34l+H/DkvibXIdF8Nx69rMFm2ralMGMNlbCV1M9w4VtsSbnbacA4NfmP42+J/8AwW80D/gmLpv/AAVVb9uHwhY6honwtsfG+o/BU/Cmxl03VNNSzjuZlu9RyLpbuW33Tv8AZxDEkjGKNFUCSsP/AILTXvxi/ay8NfsB/tF/CT9ovUvAekfEX45eBZ9B0KHwxp9//YurajaT3dtrIluIy00tvG5jFs/+jvncyE4oA/XSivNP2VvhP8ffg58OLjwr+0b+1ZqPxh16XV5bmDxTqfhDTdFkhtWjiVLQQadHHEyqySP5hG8+aQThVx4F+3h+1V8fP2PP2/P2a/EF948x8Cfiprt38PvGuiTaXa7NP8R3UZl0a+W5MXnqZZFkgZDKIgqbthY5oA+yK+W/2kv+C1X/AAS9/ZH+Mb/s+fH79rbR9G8axXsFpc+G7TR9Q1G5tpplR4kmWyt5fJLLIjDeVGHB71znx0/aq+PfjP8A4LCfCP8AYK/Z28ef2R4c8O+BtT8ffHiSHS7W5N1pzMLTS9OEk8Tm3eS63SP5ZSUxEEMAMnyb/g5b8A+BNB/4Jwap4w0PwVpNlq+rfFjwe2q6paabFHc3rLqluoMsqqGkIVVUbicBQOwoA/SCiqHijxV4Y8EeH7rxZ408R2GkaVYxebfanql4lvb26dNzySEKg5HJIFfLn/BRP9pjx94p/YH+KfxH/wCCZX7Tvha9+JXgDQV8RWv/AAjl1pmuCW3tXE9xaSwMJgPPtoriNCAr79u1gQaAPrKivhH9u3/gqZrmmf8ABIrwr+1x+xzexr8QvjrD4f0H4M2jQw3Lx+INZZESIpKrRvLbL9pYo6Mpe22spBIrk/8Agob/AMFFfi7+zh8bfg7/AME1tC/bT+G3wv8AGfiH4eDxF8TP2hPizHp0FtZWUB+yCSzspnt7Sa+vLuKdhEdscaI5WMjlAD9GqK/Mn9j3/gpf4+8Cf8FFfAX7DXjn/gpb8Kv2sPC/xf0LV5vDXjbwNHo1tq/hfVtNt/tT2moQaPM9ubae3EhikKo7SRsvIQ5pfsv/ABa/4K3/ALfP7Tv7Unwf8Eftv6Z8L/A/wl+OGpaF4a8UQ/DHS9Y1V4gAIdMijnRIFggRfMeaZZp5WuUUOoQkgH6h15/+1H+1H8Cf2LvgTrv7S/7S/jn/AIRrwT4a+y/23rf9mXV59m+0XUVrD+5tYpZn3TTxJ8qHG7JwoJH54fFv9t/9qDx5/wAFFPiX+xt42/4KveDf2UrL4cWmiW/g2DxB4A0e4vviH9psVmn1RZ9YYW4j8/fGsFr8wwVJBQlvTP8Agqx8dP20P2Fv+CEvj744W/7UGjeLfiv4ZGkPY/E3TfA1hDa38F14ksoEl/s6YXNqGNlceW3DqWzIm07doB+gdFfFX/BSH9r39qWw/aw+Dn/BNf8AYd8SaJ4V8efFi01TWvEXxG1/RV1KPwnoNggLzwWbsqXNzLJujQSEoCmGHz74+R8E/tE/t5/sHf8ABRT4U/sZftpftF6Z8bPAfx80/V4fBHj5vBFnoGq6FrenW4uJLO5hscQTW8sTKEcIr73A4CMWAP0Dor8y/hL8ZP8Agqz+2n/wUC/ar/Zg+FX7Y2lfDPwB8J/Gul22ieKG+HOm6xqlqLiwEi6daxTIkJj3LJNLPc+fJzEkYQFmHXfsc/t8/tq6b8Fv2uPhD8erHTPin8Yv2WLi+XRtV0DQ/wCz18bwvpUl/pnmWcBIhuJTGUdIePnVVBYFmAP0Gor8tf8AgnT8fv2vf24vDfgf4yeEP+C+3w11zxNrENlq3i34Gaf8J9CA0xW2S3Wk7POTU4mjXzIhcOSSyb9pHB/UqgAooooAKKKKACiiigAooooAKKKKAPjP9v39lH4+/Gz/AIKU/sZfH/4Y+Av7T8I/CfxJ4uuvH+rf2paw/wBlQ3umW8Fs3lSyrLPvkRlxCjlcZYKCDX2ZRRQB+b/7IH7BP7WPwu/4JsftrfAHx38KfsPi34t/Ej4nap8PdJ/t2wl/tW01bTlh0+TzY52ig82QFdszxsnVwg5qp+xB8Vv+Cx/7LH7Fnw1/ZOsf+CMNxda14F8E2Gg/8JHr3x/8N2+nTSwQrH9oZLWS4nCZG7YqliOMjqP0rooA+Qf+CYf/AAT++Mv7N3jv4r/tiftj/EHQ/E/xz+OesWl54xm8LRSrpGh2FnEYbHSrEzASPHFGdpkcAvtjBBMe9/r10SRSjqGVhggjIIpaKAPyK/Y8/wCCSP7avw3/AOCiPhb4NfFbwFaQfsm/s/8AxM8WfEL4LamuvWco1G81QQNp2nNaJM1xF/Z8s97MkjxIpcS8kMm77W/bq8b/ALYWm+K4PAvw4/4JkeF/2iPhnqehRPqltqHj/S9Nu7XUhNOHje01WM29xAYvIKuJFYM0gIIxXb+P/j1+0X/w0XrPwF+BHwL8Fa+nh/wVouv6nq/i74k3ejEnUbvVbeOCKG30e+3hP7KdmdnTPnKAvykl3/Ccf8FC/wDo1/4M/wDh+NW/+ZegD5w/4I2/sH/HX9lz4w/Hv9oH4ifArwx8EvC3xc1rR7nwj8A/B/iCPUrPwybO2khuLt5LdEtUmumZXKW42KFAJIVAPpv9uv8AY9+HH7fX7JPjj9kT4rXM9to3jXSPsrX9qgaWxuY5EntrpFPDNFPFFKFPDbMHgmqf/Ccf8FC/+jX/AIM/+H41b/5l6P8AhOP+Chf/AEa/8Gf/AA/Grf8AzL0AfNPwb+NH/Bcb9ln4caZ+z/8AFH/gnT4f+PN/4ZsY9O034reDPjPpmiQa5bxKEhnvbPU0We3uCiqZWjEqs5YquMZwf+Co/wCzH/wU0/b2/wCCKfxH+B3jb4N+Dbj4y+LfEWmXeieA/A/iWP7JYadBq9jOtu99qDQRy3CQwyvJJlUZsiMY2ivrT/hOP+Chf/Rr/wAGf/D8at/8y9H/AAnH/BQv/o1/4M/+H41b/wCZegDwW1/b8/4LEy3McVz/AMECNbijaQCSU/tLeE22KTy2A+TjritT9lP9lH4+/Db/AILKftW/tWeNfAX2LwD8SvDfgm18Fa9/alrJ/aM1hpvk3a+RHK00PlyfLmVEDdVLDmvZv+E4/wCChf8A0a/8Gf8Aw/Grf/MvR/wnH/BQv/o1/wCDP/h+NW/+ZegDxn/gh3+yj8ff2Pv2W/Gvw5/aL8Bf8I7rOr/GzxPr+n2f9qWt35unXdwj282+1lkRd6gnYxDr/Eor7Mrxn/hOP+Chf/Rr/wAGf/D8at/8y9H/AAnH/BQv/o1/4M/+H41b/wCZegCt+2T8Sf27/ha3hjxL+xj+zR4S+KtiJbtPGnhnW/G39g6iVIh+zSWNzLG9ucHz/MSUDP7vaw+avj39pL4Cf8FLP+CtXxa+DHgz4/8A7EOjfs/fDT4V/FnTPHuu69rXxM0/xBrerzWAkEdjYxaaGS3WTzWDySOP4WAzHsk+y/8AhOP+Chf/AEa/8Gf/AA/Grf8AzL0f8Jx/wUL/AOjX/gz/AOH41b/5l6APm74x/s1/tzfsZ/8ABRrx9/wUD/YZ+B+jfGHw18bfD2j2PxU+GN14wt9B1S21PSoWtrLUrG6ux9meP7OzI8MjIxZiQTuyvW/HD4DftN/8FY/+Cefxd/Zf/bA/Z1sfgXeeMrRLTwlYr42t/EU8UkDw3dteXb2iLEoF3DHmKNnJRD8+WGPZP+E4/wCChf8A0a/8Gf8Aw/Grf/MvR/wnH/BQv/o1/wCDP/h+NW/+ZegD4n+NWg/8F0f2uP2MLj/gm747/Yq8H+CtR8TeH4fCvjz9oCT4q2N/o82m7VivL200uJBema4hDgRSKgQyn5hwV9V/aD/YA+KOk/tO/sFQ/ADwRLqnw+/Z1m1fTvE2rT6pawvpmnDQIdPsnaOWRJJy7RBSIUcg8kAc19B/8Jx/wUL/AOjX/gz/AOH41b/5l6P+E4/4KF/9Gv8AwZ/8Pxq3/wAy9AHkP/BXH/gn58Qf2wrH4WfHP4EaP4O1n4i/BHxfLrfh/wAK/EK283RPEtlcQiG+0u5Ox/KMsaRmOUqwR4xkDdvThfgjoX7UXiz4s+FtO1//AIN8/hF8LNPg1y1l1/xxqvj7w3fnTrdJVaSaxg060aeacAZiL+SAwBbGK+mP+E4/4KF/9Gv/AAZ/8Pxq3/zL0f8ACcf8FC/+jX/gz/4fjVv/AJl6APBP2zNa/bM+IXjPxF8KPHf/AAQ78BftB+Borp18Ia/qHxO0GGOa3dF/4+bTVoC9rIGyC8JkzgEAEV1//BFf9iz41/sFfsMad8B/jxrGmnWH8T6rrFr4c0PUZryw8L2d3cGWHSbaeYBpY4QSS2Mb5HwWADt6Z/wnH/BQv/o1/wCDP/h+NW/+Zej/AITj/goX/wBGv/Bn/wAPxq3/AMy9AHkv/BV/9iz4/ftBah8Hf2qP2QLjRJfix8APHL+IPDWg+JLs29j4hsbiIQ6hpjzhT9neaJUCSkFVKkHbu3r5R47+Bv8AwUZ/4Kh/tN/BDVv2sv2RtN+Afwn+CPxBtfH99pd58RrDxFqvinX7NWFhFD/Z4MdvbRO8hdpGDOrkBQcY+sf+E4/4KF/9Gv8AwZ/8Pxq3/wAy9H/Ccf8ABQv/AKNf+DP/AIfjVv8A5l6APJfgB+y38dvBP/BZn9oL9q/xP4F+y+APHHw38KaX4X1/+07V/tt3ZpILmPyElM8ewsPmkRVbPyk0fBn9lv47eFP+C1fxo/a31/wL9n+Hviz4P+HNE8P+IP7TtX+1X9rM7Tw+QspnTaCDueNVPYmvWv8AhOP+Chf/AEa/8Gf/AA/Grf8AzL0f8Jx/wUL/AOjX/gz/AOH41b/5l6APSfijqHxB0n4Z+ItV+Evh6w1fxXbaFdy+GdJ1S8Nva3uoLC5toJpQCYo3lCKzgHarE9q+Cf2mfin/AMFuP2w/gF4n/ZN8Kf8ABLbw78KLvx/oV14f1r4k+KvjnpWr6Zo9ldxNBczw21jH9qnk8p32ZjXaxUkNjbX1b/wnH/BQv/o1/wCDP/h+NW/+Zej/AITj/goX/wBGv/Bn/wAPxq3/AMy9AGT4J+F3xA/4J6f8E8vC/wAFv2YPg/efF/xB8MvBmlaLofhgeILTRZvEDw+TBNMbm7byLYlTLcEMcfKUXkrXw7+wcP8AgsH+zz+2x8dfjr44/wCCOOpJov7QHj/RNTuZF+PPhdj4Xtre3NrK7hJ2a7wrmXCKjELtAJINffH/AAnH/BQv/o1/4M/+H41b/wCZej/hOP8AgoX/ANGv/Bn/AMPxq3/zL0AfJX/BcXwD/wAFSP2kvF/hH9lf9mP9lnXvFfwB1SwjvvjNqvg34j6LoeseIB50ynw/HJqF1E9tbskcTzTIj+alx5YICSK/u/7AfxK/aZtG039njxj/AMEmb/8AZ8+HfhjwwYvDt+PiX4e1a0iaJ4kisUttNneVSyNI/msNuY23Hc4z33/Ccf8ABQv/AKNf+DP/AIfjVv8A5l6P+E4/4KF/9Gv/AAZ/8Pxq3/zL0AfHPxR/4JRfGP8A4K1fGz4mfGv/AIKU6NrHw/0PRbK58M/s0+CtK8SW8934WXdHKfFk0ljPJCb+aaOIpF5hEccZjcNhGr3b9nL4g/8ABVrwX+wXqOm/Gv8AZn0TxR8efAeox6RpwufG1laaX8RrKG6iT+1ormFpWsJJrQyuUuIkYTpkxqr7V9Q/4Tj/AIKF/wDRr/wZ/wDD8at/8y9H/Ccf8FC/+jX/AIM/+H41b/5l6APjP9tXwR/wV0/4K0/BWb9hXxl+wVo/7PPgLxfqNiPiN8QvEfxY0zxDdLptvdxXLwadaacCWmdoUAebYuMqQu7ev2p+0x4/+P37N/wS0ib9kT9kG7+Mmr2d7a6Yng+18c6foL21gsEgN0brUCI3CGOJPLHzt5u4cK1V/wDhOP8AgoX/ANGv/Bn/AMPxq3/zL0f8Jx/wUL/6Nf8Agz/4fjVv/mXoA+JP+CLHh7/gqj+yHNrXwA+P3/BLG/0Pwz4++Mmv+LtV+IA+M3h26j0C31FhKsTWVtPJNclGjVCUwTvztABqn/wVh+EX/BUH9rj9tbS/hXqf/BPzW/iV+yd4Kaz1I+GfC/xV8P6MfiJqwihnX+0/tt3HMljbTM8YtfLAleDzCzB49n3P/wAJx/wUL/6Nf+DP/h+NW/8AmXo/4Tj/AIKF/wDRr/wZ/wDD8at/8y9AFP8AYw+NX7UHxRtNW8P/ALQP/BPbUfgPp+g2lnD4ahu/HuiazFqKESK8USaXK4tlhWOIYcKCJQF+6cekfG/WPi94f+E2va38A/Bmk+IvGNrYNL4f0LXNUaytL+4BBEMk6qxhDDI37SAcEgiuD/4Tj/goX/0a/wDBn/w/Grf/ADL0f8Jx/wAFC/8Ao1/4M/8Ah+NW/wDmXoA/Pz9qn9i79tn/AIKL+P8AwHLF/wAEhvA37N/jLQfiJpXiHVf2hB8TNF1DVLCC1nEs0dp/ZUS3V3JKMhRceXHkDcFJDp6x8e/2av22v2dP+CtXij/gof8AAb9jPQv2g9B8ffDrS/D0OnzeN9P0TWPBVxZsd5t31EeU1tPkO4jYOXJJA2DzPqv/AITj/goX/wBGv/Bn/wAPxq3/AMy9H/Ccf8FC/wDo1/4M/wDh+NW/+ZegD5f/AOCbn7Ln/BQfwr/wVI/aC/bU/bV+GehaDYfFLwX4ch8PReG/EUF/aacbUOn9mBtyzyyQRCPzZ3hijkleQx5TBr0b/gh/+y38dv2QP2IpvhB+0V4F/wCEd8RN8SPE2qLp39p2t3m0u9Slmt5PMtZZI/njZW27ty5wwB4r1r/hOP8AgoX/ANGv/Bn/AMPxq3/zL0f8Jx/wUL/6Nf8Agz/4fjVv/mXoA8Z/4Iifso/H39kL/glV4V/Zt/aJ8Bf8I9410288SPe6L/alrd+Wt1q99cQHzraWSI7opo24c43YbBBA+DP2u/2VPjz+yl/waUeFf2Vv2gfDLeEfHeh+KNKttWsF1C2vTYSXHjJp4XEtrLJFJ+7mif5JDjOCQQQP1Z/4Tj/goX/0a/8ABn/w/Grf/MvXn/7TXwU/aV/bG+E1x8Df2jv2Jfgz4j8LXeoWd9caX/w0X4gs989rOlxA/mWvhuOQbZY0bAbBxgggkUAfOf7Z3wz/AOCyX/BRb4A/8O3vid+yV4S+HuheJruwsvij8fLH4lWd/YXum21xFNcS6XpaxreRy3JhBWOdFWMOYyxz5q+x/tE/sbfF/Wf+Cpv7G/xv+FHw88/4bfBvwx430zxVq39q2yf2St5o8Fpp6eTJKs0+94ymYkfbjL7RzXtP/Ccf8FC/+jX/AIM/+H41b/5l6P8AhOP+Chf/AEa/8Gf/AA/Grf8AzL0AfG3xN/YB/aB/ZI/bW+K/7RnwK/4J9fDf9pzwB8a9ag8Qan4X8Q6rpemeIPCmtCIR3T29xqkTW9zaTkCTZvR1c4AAXMnuv7MNn+1x4d+GHxK+Iejf8EtPhN8FfFi6Vbr8P/CGm+MbGefX7hBM0iald6daJDbR7vJEewzYLSM3QA+qf8Jx/wAFC/8Ao1/4M/8Ah+NW/wDmXo/4Tj/goX/0a/8ABn/w/Grf/MvQB+fH7YX7GP7cH/BSXX/CWmL/AMEgPAv7O3jnTPHel65fftFn4naLqGpaRHa3KzTfYzpcS3l1JIAQon8tM4LBTh0/W2vGf+E4/wCChf8A0a/8Gf8Aw/Grf/MvR/wnH/BQv/o1/wCDP/h+NW/+ZegDyX4Afst/HbwT/wAFmf2gv2r/ABP4F+y+APHHw38KaX4X1/8AtO1f7bd2aSC5j8hJTPHsLD5pEVWz8pNeV+FvgV/wUT/4Jk/tafHDxt+yT+yZpvx7+FXx18bSeOY9GtPiJYeHdW8L+IbhAL8SnUAIrm2mdUZWjbegUDaSDu+rv+E4/wCChf8A0a/8Gf8Aw/Grf/MvR/wnH/BQv/o1/wCDP/h+NW/+ZegD5Z/Zu/4J4/tY6F+zf+1/8c/2iNL0ST46ftT6PqTy+DfDeqJLZaLBDpFzY6PpIu5fLSWVFnKPOSsZLDnClz9Kf8Evfgz8Sv2df+CdfwV+BPxj8N/2P4q8JfDfStL8Q6V9shuPsl3DbokkfmwO8cmGBG5GZT2JrS/4Tj/goX/0a/8ABn/w/Grf/MvR/wAJx/wUL/6Nf+DP/h+NW/8AmXoA6P8Aa1/Z48Oftb/swfED9mHxZqUllp/j3whf6HcX8MYd7T7TA8azqpIDNGzK4BOCVANfn3pXhD/gubbf8E8NR/4Jg3n7Fvg9dW0z4bXHgey+PUPxTsX0zUdLjsmtI7iDTCq3YvZLYLEqzeVEJmEryIuVH3D/AMJx/wAFC/8Ao1/4M/8Ah+NW/wDmXo/4Tj/goX/0a/8ABn/w/Grf/MvQB8RfFT/gnX+2P4k/4IW/s6fscaL8HvO+JHgTxJ4KuvFfhz/hINOX7DDYXolu2+0NcCCXy0GcRyMW6KGPFfQn7Zf7Lnx2+K//AAVi/Yv/AGl/AHgb7f4J+E3/AAsX/hYGt/2naxf2V/amhQWtj+5klWafzZkZP3KSbMZfauDXrP8AwnH/AAUL/wCjX/gz/wCH41b/AOZej/hOP+Chf/Rr/wAGf/D8at/8y9AHkv7TP7Lfx2+IP/BYf9mP9qfwh4F+1+A/h54P8aWPjDXf7TtY/wCz57+zijtE8h5RNLvdWGY0cLjLFRzXnP7dH/BP742+G/2+h/wUg/Zs/ZX+Hnx4i8ReBYPC3xF+EXj27tLK4lNtN5lrqmmXl5FJBHOqHyZI5dqsijBJbKfUH/Ccf8FC/wDo1/4M/wDh+NW/+Zej/hOP+Chf/Rr/AMGf/D8at/8AMvQB5T+wtoHx11P403Pij4k/8Eg/hr+zvoNn4fnWz1yw8VaNqevXl88sIWFV0q3EcNv5Xnl2M7MWEYC4yaj/AOCLn7Lfx2/ZM/Z6+Ifgb9oHwL/YGqa78ePFniLSrX+07W78/Tb27WS2n3W0sirvUE7GIdf4lBr1r/hOP+Chf/Rr/wAGf/D8at/8y9H/AAnH/BQv/o1/4M/+H41b/wCZegD4b8N/sBftIf8ABPj4wfErRPhV/wAEvPhj+1F8MvH/AI+1Dxd4Y1C91zRdJ8ReFpb5lkn0y4OrRGO6tUkBMLxybwrNuBJ2r618R/2dv2nPjr/wSp/aF+Elv/wT7+H/AMHfHXj7wlqul+EPh34G8SadcPfh7ERwG9vI4bW1WdpnlUDcURNuZOTX0V/wnH/BQv8A6Nf+DP8A4fjVv/mXo/4Tj/goX/0a/wDBn/w/Grf/ADL0AeY/F79mX43+KP8Agh5rP7H2heCfP+It1+zGfCdv4d/tK2XdrH9gi0+zfaGkEA/f/J5hk8vvu28147+1P+wb+134o/4JvfsdaR8I/hlp2sfFD9mnxR8PfFmsfD7UfEdvZjVpNH0z7NeabHe5e3SXe5CyljHiNiC2Vz9Yf8Jx/wAFC/8Ao1/4M/8Ah+NW/wDmXo/4Tj/goX/0a/8ABn/w/Grf/MvQBufsr/Fj4+fGP4cXHir9o39lPUfg9r0WrS20PhbU/F2m61JNbLHGy3QuNOkeIKzPIgQkOPKJIAZc+df8Fav2NtU/bv8A2APiF+z94O/d+LptMXVvAF2s6wvba/YyLdWLJKxAh3TRLE0mRtSV+2a6n/hOP+Chf/Rr/wAGf/D8at/8y9H/AAnH/BQv/o1/4M/+H41b/wCZegD5+/4Ix/sr/tf+B9W+Mf7bP/BRfwBZ+HPjb8Z/FVmuo6LZ6raX0el6HplnHbWFuktrLLENxM8jBG5zGWAYEDzP/gvD4O/4KcfthfDvV/2N/wBmT/gmje+KvDFr4q8Pa3pvxPHxc8P2MV/9klgu5oRYXc0c8REgeDcxwSm8AqRX2b/wnH/BQv8A6Nf+DP8A4fjVv/mXo/4Tj/goX/0a/wDBn/w/Grf/ADL0AZv7PXir41ftjfB7xP4T/b//AOCd9n8NrK6uhYt4H8V+LtH8W2mvWRRXaSUWgeEJv+XypASSucYxXZfBT9jz9kj9muTVJv2c/wBlr4c+AH1yGOHWn8FeCLDSjqEabtiTm1hTzVXe+A2QN7Y6muf/AOE4/wCChf8A0a/8Gf8Aw/Grf/MvR/wnH/BQv/o1/wCDP/h+NW/+ZegD88v2GP8Agkr+2z8Lv+CgnhL4TfG3wLaw/ss/s3+NvGHi/wCA+pjX7Oc6pcatJCbCzltUmaeM2PnXkqyyRoPMDYyGXP0J/wAFK/8Agn58X/Gv7YfgH/go9+zb8DPAPxa8ReFfBl14O8Z/CX4jSwQW/iHRJLk3UL2V1cRSw2t7BcPIwaVdrJIRuXBD/RP/AAnH/BQv/o1/4M/+H41b/wCZej/hOP8AgoX/ANGv/Bn/AMPxq3/zL0AeJfsd6F+0Hr3x80jW/G3/AARP+GHwC0HTba5lu/GB8YaDqWsiZoWSOOzi0m2IQMzEPI8y/u2YBcnFaf8AwSy/Zb+O37OPxY/ar8TfGfwL/Y1j8Sf2kNX8U+Cp/wC07W4/tHSZoLdIrnEErmHcyMPLlCSDHKjIr1r/AITj/goX/wBGv/Bn/wAPxq3/AMy9H/Ccf8FC/wDo1/4M/wDh+NW/+ZegDwT9szWv2zPiF4z8RfCjx3/wQ78BftB+Borp18Ia/qHxO0GGOa3dF/4+bTVoC9rIGyC8JkzgEAEV83/EL/gkT+3D4b/4Nt/iL/wTw0Dw7pviX4neKPE9vrHhrwFofiWMWGgWb+JbDUP7JtrzUJIkaO3ghmkLOyguzqpclS/6F/8ACcf8FC/+jX/gz/4fjVv/AJl66T9l/wCMvif48fCT/hPPGngew8OavbeKPEGhanpGl64+pW0U+laze6W7xXMlvbNKkjWZkG6GMgSbSDjJAPmz/gpB+yF+1LfftYfBv/gpT+w94a0XxV48+E9pqmi+Ivhzr+tLpkfizQb9AHggvHVktrmKTdIhkAQl8sfk2Scj4J/Z2/by/bx/4KKfCn9s39tH9nPTfgl4E+Aen6vN4J8At43s9f1bXtb1GBbeS8uZrHMENvFEqlEDs+9AeQ7Bf0DooA+P/wDgnn+y38dvgZ+27+198X/in4F/svw78UfiRo+qeBdR/tO1n/tO0g03yZZPLhleSHbJ8u2VUY9QCOa5z9mf9m39sX9n39rf9uX9ojQPg/plxN8StY0DUvg9HrXiK3jtPEM1lozwOkzQPJLZp5+2MtLGpwdyqwGa+46KAPyP/bZ/Y0/bo/4KYroXhX/hz14E/Z98fweMdM1af9pBvihouoajoK210k8stk2mwre3UjqhVVmEaZYE4IDr+uFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRX5wf8Fev2Rv2N/ht8MdZ8TfCH4TXMv7U3xb8RSwfBbXND1y7Pid/EssomF1b3LTGS0sLQHz5wClrFBGUKgMikA/R+ivib/gpD+zT+z5P4NtvjT8aP8AgmL4i/aU8ey+GPsF5f8AgyK1+0ae1vDkSRm4vYZbQPI7lXsYpZwQTsJC59R/4JLatrOt/wDBNb4L6l4i+O8XxMv38CWi3vjaKWd/7RlUFWDNcok7PEQYWaZElLQsZFV9wAB0Xgf/AJSF/FD/ALIz4D/9O3i+vZq+ePgF8TvDfxR/b9+L+oeGtN8Q20enfCvwPY3C+IvCOo6O7ypqvi4lokv4IWni+YYmjDRMchXJU4+h6ACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAor5w/bY/bY8Vfs2eKtJ8D+B/Cmn3l7eaeL66utVWRoliMjxqiLG6HdmNiSTgDHBzx6/8A/itH8b/AIQ6J8UY9JaxOq27tLaM27y5EkeJwD3XchIPoRXzeB4tyLMeIMRktCo3iKCvNcrS6XtLZtc0b22ut9bfRY3hXO8vyHD5zXppYeu7QfMm+trx3V+WVu9ntpfsKKKK+kPnQooooAKKKKACiiigAooooAK8Z/YP/wCSIa5/2Wb4j/8Aqa63Xs1eM/sH/wDJENc/7LN8R/8A1NdboA9mooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAr4lm/wCCbn7cWjfto+Pf20vBX7fXgGfXfFYOneHF8a/AO41abwloCuXi0eylj8QW0aRZw8siwo9xKN8mcKq/bVFAHz98WvgN/wAFBvFniSa8+E3/AAUD8PeEtIvdMt4LrTrr4KQalPZ3Kwqk1xZTtqEYi8yQNKEuI7kIW25ZQBXc/sh/sv8AgD9jD9m/wp+zJ8ML/UrzR/Cti8MV/rFwJbu9mlmkuLi5mZVVTJLPLLK21VUFyAAABXpFFAHjPgf/AJSF/FD/ALIz4D/9O3i+vZq8Z8D/APKQv4of9kZ8B/8Ap28X17NQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFc58Vvi38N/gd4FvfiX8WPF1roeh6eoN1f3ZOAScKqqoLOxPAVQWPYGrhTnVmoQTbeiS1bfkiKlSnSg5zaSWrb0SXds6OiuJ+BH7RvwT/aa8IP47+BnxAtfEGmRXBgnmgikikhkAztkilVJIzggjcoyORkV21OrSq0Kjp1YuMlumrNeqYqNajiKSqUpKUXqmmmn6NaBRRRWZofP37XHw+8G/FD48fCHwH4v0GK8t9SvtWN2hZkeSCG2SUpvQhgu7BwDXu2haFo3hjRrbw94e0yGzsbOFYrW1t4wqRIBgKAK8j+I3/Ez/AG3PhxY9f7L8M6xeY9PMVYc/pXs9fI8PYbDPO81xigueVZQ5rLmahRpaXte3NJu199dz6vP8TiFk2WYRzfJGi58t3ZOdarra9r8qSvbbTYKKKK+uPlAooooAKKKKACiiigAooooAK8Z/YP8A+SIa5/2Wb4j/APqa63Xs1eM/sH/8kQ1z/ss3xH/9TXW6APZqKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigDxnwP8A8pC/ih/2RnwH/wCnbxfXs1eM+B/+UhfxQ/7Iz4D/APTt4vr2agAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKK+cf+Cp/j74+fDf9ky+8R/s+S39vqA1WCPWtR0tT9psdOKSmSaNl+ZCJBCpccqrscjGR5j/AMEVP2gvjb8avAHjXQ/i/wCO7vxBFoF/Zf2Re6tfG4vR56zGVJHcmRkHlxlS2eWcA4GB49TOaNPOYZc4S5pR5lL7Ozdu/Tfo9DwKvEGHo8QwymVOXPOPMpacuzdu70Tu1onZH25RRRXsHvhRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAV8m/8Fq/h1ofjv8AYN1zWda16WxfwtrFjq1gsabhdXBc2iwMPRhdN06MFPQGvrKvl/8A4KR/8V/rvwV/Zph+f/hN/irZ3OqQdfN0zTlNzdLj8YzntivZ4flOnnVCpF25JczflFSlL8E18zxOI4wqZHXpSV+ePKl5ycYx/wDJmn8il/wSo/YF8WfsP/DvxBd/EPxXa3+v+MJbOa9stOLm3sY4Fl8tAzqrNITO+87QOFAzjJ+raKK48wx+JzTGTxWId5y30t5Ky8krHbluXYXKsDDCYdWhBWV3d922+7bbCiiiuI7jxc/8TT/goEB1TS/hTn6SSah/8TXtFeMfDz/iZ/tu/EW+6/2X4X0izz6eYGmx+lez18xwt79HF1f58TXf3TjD/wBsPpeJ/drYSl/LhqC++Mp/+3hRRRX0580FFFFABRRRQAUUUUAFFFFABXjP7B//ACRDXP8Ass3xH/8AU11uvZq8Z/YP/wCSIa5/2Wb4j/8Aqa63QB7NRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABXzv4x/4Kt/sC/D74iah8MvGnx5Om3mka+dE1jV7rwrqq6Lp2oiXyTa3GrfZfsFvIJDsKyTrhuDzX0RXxV/wU68e3/wC1pa61/wAEhP2bLK11Txj8QtCWP4p6/JAJbD4d+GLlsTX112a/uE8xLO1yHdz57FI49zAHrvx3/wCCmH7Fn7Nfj7Ufhn8X/ivfWWr6JaRXWvx6Z4M1jU4NHgkj8xJb24srSaGyQoQ+6d0G05zjmvaPCfizwv488Lab448EeIrLV9G1iwivdJ1XTbpZ7e8tpUDxzRSISro6MGVgSCCCK+dP21v2nZP2b/BWgfsifs0+EofGnxq8faQ+mfDvwdeSeZFBbxxLBLrerPg+Tp1su1pZGGZmCwxhnf5fSP2IP2Y9O/Yv/ZD+HP7Kml+JZtZj8B+ErPSH1adNrXksUYEkoXJ2KzliqZO1SFycZoAzPA//ACkL+KH/AGRnwH/6dvF9ezV88fALUvivqf7fvxfk+LPgvw9olzH8K/A6aZF4d8Tz6olxZjVfF2yaV5rK0MMpO4GJVkVQARI2SB9D0AFFFeR/teftrfBH9ifwbY+MPjFdahK2q3LQaVpOjWyTXd4yAGQoruiBUDLuZmAG5RySBW+Gw2IxleNGhFynLZLdmGJxWHwVCVevNRhHVt6JHrlFcD+zV+0r8K/2sfhXa/F/4QapPPpk87288F5CI7izuEALwSoCQrgMp4JBDKQSCDXfVNajVw9WVKrFxlF2ae6fYqhXo4mjGrSkpRkrprVNPqgooorI1CiiigAooooAKKKKACiiigAooooAKKKKACiiigAr5i/bB8L+IP2cPinp37fnws0ma5i0+BNN+K2iWi86noxIAuwvea3ODn+4oyQqNn6dqK/sLHVbGfS9Ts4ri2uYWiuLeZAySowIZWB4IIJBB6g1yY3CrF0ORO0lrF/yyWz/AEa6ptdThzDBLHYZwT5ZJqUZdYyWqf6NdYuSe5V8K+KfD/jfwzp/jHwnq0N/pmqWcd1p97btlJoZFDI4PoQQav18sfs5399+xf8AtB3H7Fvi68lPgrxTJPqvwg1O5clYCW33OkMx/iRmLpnkhuSTIqj6npYHFPFUbzVpxdpLtJb/ACe8X1TXmTluNeNw95rlqRfLOP8ALJb/ACekovrFp9wooorsPQCiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACvl/Uv+Lrf8FaNNs/9ZYfCj4VzXW7r5Op6nP5W32zajOfavqCvl/8A4J8f8XE+LXx+/aTl+dfEnxNbQ9NnPPm2Okwi3hdf9lt7fitevln7rDYrEdocq9aklH/0lSPGzT99isLh/wCapzP0pxcv/SnA+oKKKK8g9kKKKy/G/im18DeC9X8a3trJPDo+l3F9NDD9+RYo2kKr7kLgVnVq06FKVWo7Rim2+ySbb+STfyNKVKpXqxpwV5SaSXdtpJfNtL5nln7Pf/Ex/aR+NPiHr5ms6VZhv+uFmVx/49Xs9fFv7CP7V2oeLP2gPEHgzWPCsMY8eavdarFcW8jFrSVIWfymzwyeXGQDgHd7Hj7Sr4jw5znLs84ceIwk+Ze1rc2jVpSqzqde8Zwfz7po+08Qcnx+S8Qqhi48r9lR5dU7qNKEOn96El8uzQUUUV92fDhRRRQAUUUUAFFFFABRRRQAV4z+wf8A8kQ1z/ss3xH/APU11uvZq8Z/YP8A+SIa5/2Wb4j/APqa63QB7NRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABXzFq3/AAR5/YM1X4keLfi3b+C/H2k6/wCO9fm1vxbd+Gfjn4v0mPUr+U5ed4bLVYogcYUBUCqoCqAoAH07RQB83fEX/gkt+w58Uvi/d/H3xR4L8bQeMb/QrLRr/wAQaB8Z/FWkz3NjaRiO3hk+w6nCHChcksCWcs7FnZmPuPws+GXhT4N/D/S/hj4HOqHSdHgMNkda8QXmq3W0sW/eXd7LLcTHLH5pJGOMDOAAOgooA8Z8D/8AKQv4of8AZGfAf/p28X17NXjPgf8A5SF/FD/sjPgP/wBO3i+vZqACvn3/AIKB/wDBPzwb+3t4N0TRtZ8a3PhzWPDlzNJo+sQWQukRJhGJo3hLpvDeVGQQ6kFB2JB+gqK6sHjMTl+JjiMPLlnHZ/h102OXG4LC5jhZYbEx5oS3X49Ndz45/wCCVOkaV+zC3jT9gjxrYix8aeHNdm1xbsuRF4k064EccWoQBidoVY4o3QE7CFyS28D7Gr5//bs/Z68aeOdJ0b9or9n9Fg+Kfw1ma/8ADbKP+Qta4/0jTJcY3pKm4KD0Y4BUOxr0L9mb9obwV+1F8GdI+MXgdmjhv4il/p8zfvtOvE4mtZRwQ6NkdBuBVhwwr0s2bzGP9px1c3aov5alt/8ADNK8ezUo9EeXlCWWy/suWigr03/NTvt/ig3yy7pxl1Z31FFFeGe8FFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQB5j+1t+znYftL/AAiuPB9vqJ0zxBp1wmp+ENejJWTTNTh+aGZWHIGflbHO1iRyARn/ALGn7Rl9+0B8M5rXxzpw0zx14TvW0fx3ojAK1tfx5UyKv/POUAupHH3lBO0mvXq+X/2uPDuufswfF+w/b5+GmlTT6fHDHpfxc0WzTJv9KJCx36qOs1udvPUoACVUOT5ONTwVdY2Hw7VF3j0l6wvr3g2uiPDzFPL8Ssxgvdso1V3h0n60769XByX2UfUFFUvDfiLQ/F/h+x8V+GNUhvtN1K0jurC8t33RzwyKGR1PcFSD+NXa9VNSV1se3GSkk07phRRRTGFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQBynx1+I1v8H/AIK+LfircsoXw54bvdRAbozQwO6r7ksoAHcmvNf+CaPw5uPhj+w58PNH1BW+26lov9s30kn33lvpGuyX77gJlXn+7iue/wCCr2sahcfsqJ8INCuTFqfxL8Y6P4U09k+9uuLpXcAd8xwup9mr6N0XSNP8P6PaaDpNuIbWxto7e2iXokaKFVfwAAr15fuMiiutWo38qcVFf+TTf3HjQ/f5/J9KVNL51JOT/wDJYL7yzRRRXkHshXP/ABX8V2fgb4Y+IfGN/HG8WmaLc3LRSqCsmyJiEIPXcQBjvmugrxn9ua9ub74PWXwx02Zku/G/ifT9EhKfeVZJg7t9NsZBPo1eNxFjp5ZkOJxUNZRhLlXeTXLBfOc4I9jh/AwzLPMNhp6RlOPM+0U+ab+UIyZV/Yl/Z0+H/wAMfhR4f8fxeFIU8Uazokc+o6nIztIVm/ehAGJWPCsikIFzt5ya9wqKys7bTrOHT7KERwwRLHDGvRVUYAH0AqWryLJ8HkOU0cDhoKMYRSdkleSSUpO27k0229XfVkZ3m+LzzNauNxM3KU5N6tuybbjFX2UU0kloraIKKKK9Y8oKKKKACiiigAooooAKKKKACvGf2D/+SIa5/wBlm+I//qa63Xs1eM/sH/8AJENc/wCyzfEf/wBTXW6APZqKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigDxnwP/ykL+KH/ZGfAf8A6dvF9ezV4z4H/wCUhfxQ/wCyM+A//Tt4vr2agAooooAK+Q/ipFL/AME8v2oD+0RpEbRfCL4o6nFa/Ea0jH7rw/rLnbDqwA+5FKTtlPqSTkmNR9eVi/EX4e+EPix4E1b4bePtGi1DRtbsZLTUbOUcSRuMHB6qw6hhypAIwQK9DLsZHCVmqq5qc1yzXePdf3ov3ovo12bPOzLBSxlFOk+WrB80Jdpdn/dkrxkuqfdI2IZoriJZ4JVdHUMjo2QwPIII6inV8t/sSfELxf8AAr4h6l/wTy+Oesy3eqeGrQ3nw08Q3ZwfEHh/JCJnoZ7cAoyj+FDgERlj9SVnjsHLA4h02+aLs4yW0ovVSXqt10aaeqNMvxscfhlUS5ZK6lF7xktJRfo9n1TTWjCiiiuM7QooooAKKKKACiiigAooooAKKKKACiiigAooooAKg1TS9N1zTLnRdYsYrq0vIHguraeMMk0bqVZGU8EEEgg9QanopNJqzE0mrM+Wf2ZdU1L9jv49XX7D3ja/lfwnrpn1b4O6tdyE/udxe40lnPV4mJZM8lSSfvoo+pq8s/a9/Zyg/aS+E0nh3SdT/svxRo10mq+C9fjO2TTtTh+aJww5CsRtbrw2cZUVB+xz+0bP+0R8LWuPFmmf2V408N3j6R450Jxtey1GL5XIXtHJjep5HJXJKmvJwbeBxH1KXwu7pvy6w9YX07wa/lPDwDeW4r+z5/A7ypP+79qn6wvePem1/IetUUUV657oUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH5Gf8ABWn4aftXfFX/AIKLr4Q+Glnr3iOS30HTtT8H6b4e8yVtGtztikmfy+LY/a45GMrFQA8eW+7j9UfhDp3jnSPhP4X0n4n6kl54ltfDtlD4ivI2BWe+WBFnkBGMhpA5z718/fsHf8Xh+P3xx/a3uP3ltrHi9fC3heU8r/Z2loI2kjP9yWRtx/2kNfUdfU8RZlOrh8PlrhFewjFNpauTinJP0ur95Xb1PkuGssp0sRiczjOT+sSk0m7pRUmotebs7do2S0Ciiivlj60K8V+Jv/Fd/tmfD/wOp32/hXRL7xFfRjoWkxbQE+6uCR9a9qrxX9n3/it/2ifiv8VW+eC11S28N6a/ZBaR5nUH3kZTXy/Ev+01cDgP+ftaLf8Agop1pfK8aa+Z9Nw5/s9LG47/AJ9UZJf46zVGPztKo/ke1UUUV9QfMhRRRQAUUUUAFFFFABRRRQAUUUUAFeM/sH/8kQ1z/ss3xH/9TXW69mrxn9g//kiGuf8AZZviP/6mut0AezUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFYnxMl+I0Hw38QT/B+z0e48Wpod23ha38RTSx6fLqIhf7Mt08IMiwGXYHKAsELFQTgUAbdFfA2rf8Edfjx+1JcP4i/4KH/8FS/jB4k1KdRLJ4I+D+rr4P8AC9grZIiW2hWSe6CEMqzzS+YwBLDOQILf/gh9f/s6qvi39h//AIKkftA/C3WIpo0tbTxT4vj8UeHZ5XcIi3GmX6BZizMqLiRW+bA5IoA/QCvk79pr9vn9rL9lrRfGfxu8df8ABPiSf4Q+A7m5m1zxTZ/FGzbW5dJgciXVbfSRbmN4RGGm8uS7jm2D/Vhvlr3n9nCL9oq3+C+i2v7WF14SuPH8AuItfu/AyXCaXdbbiVYJ4Uuf3kZktxC7xksEkd1VmVQx/O/9uf8A4KRfsZ/tkftO+I/+CdnxZ/bA8DfDT4NfD7WUtvjhe+JPFUGnal431CCUMfDVlHI6yR2KOgF7dYBlwbeI4MklAH01+2x/wUT+M/7KWt+CfEvgr9jg+Nvhj4r1zw1pl58SZPiHaabHZTazqUdjEsViYZrm4aMTQynKxIVkAD5DY+rq/On/AILuftn/ALIPw6/Zz+H3ws8R/H/wjpWsaj8TPh74p0fRZdTjSSfQYPElnK9/Eg62yRW8zbxwFib0r7u+DPxq+E37RPwz0v4y/Az4g6X4q8K60kraTr+i3QmtbsRyvC5Rxw22SN0PupHagDgfA/8AykL+KH/ZGfAf/p28X17NXzx8AvBfiTwT+378X7XxL8XPEPi+S8+Ffge5t7nxFbadE9jE2q+LgLWIWFpbKYlwSDIry5Y7pGGAPoegAooooAKKKKAPEv24f2Z9b+PPgGw8YfCrUV0r4leBb3+1/AOtAhStyuC9rITwYZ1UIwPy52kggEHc/ZD/AGmNE/an+Ddr4/t9ObS9bs5307xb4emBE2kapD8s9u6nkAH5lzyVZc4OQPUa+Sf2mNJ1T9hz9oWP9ufwHp80ngbxRJBpvxp0WzjLCEFtlvrSIOrxs22THJDdMyMw9vBNZlhvqM/jV3Sfm9ZU/SW8e01b7Z4WOTyzFf2hD+HKyqryWkanrDaXeDv9g+tqKr6Rq2l6/pVrruiahDd2V7bpPZ3dvIHjmidQyOrDhlIIII6g1YrxWmnZnuJpq6CiiikMKKKKACiiigAooooAKKKKACiiigAooooAKKKKACvlz9q3QtY/ZR+NVl+3l8PNNmm0S5SHSvjBo1nGWNzYFgsOpKg6ywHAJ6lMD5RvNfUdVta0bSfEej3fh/XtOhvLG+tnt7y0uIw0c0TqVdGB4KlSQR6GuTG4X63Q5U7STvF9pLZ+nRrqm0cGY4L69h+WL5ZxalCX8sls/TpJdYtoboWuaP4n0Sz8SeHtShvLDULWO5sru3cNHPE6hkdSOoKkEH3q3Xy5+yzrOrfskfG+8/YS8fajNL4e1BZtV+DusXkhYzWe4vPpbOessBJZR1K5PAKLX1HSwWK+t0OaStJO0l2kt16dU+qaYZdjfr2H5pLlnFuM4/yyW69OsX1i0+4UUUV2HeFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFeZftmfGhf2ev2WvHPxejuRFdaToE39mOT/wAvsuIbYf8Af6SOvTa+XP8AgoH/AMXd+L3wT/ZCtv3kPinxt/b/AImhXkHStLTz3jk9FkcgA/3o8V6OUUKeIzGnGp8CfNL/AAwTlL71G3zPMzjEVMNltSVP42uWP+KbUI/c5X+R6b+w98F2/Z9/ZN8C/Cu5tjFe2OgxTasjDkXs+Z7gH1xLK457AV6tRRXJia9TFYidafxSbb9W2/1OzDYenhMNChT+GCUV6JJfoFFFFYm5neLvEdl4P8Kan4t1I4t9L0+a7n5x8kaF2/RTXm37EPhy90T9nLRdX1cZ1DxDJPrV/JjHmPcytIrfjH5dcF/wU2+LvjP4e/CnT/BvhizC2nit7i11XUDHnyokVD5I7AyBm567UbHqOv8A2Cfih4o+Kn7O+n6j4q0mO2k0m5bS7SWGHYlzBDHGEkC9BjcUOOMxnp0r87XEOXYzxOWVe97Shh5Ne6+XmqShKWvlTUUns22k7pn6A8gx+D8Nnmnu+zr14p+8ublhGcY6edRybW6STas0e0UUUV+iH5+FFFFABRRRQAUUUUAFFFfCX7d//BWv4hfsv/tIzfBH4efDLRr+00OK1fXbrWjN5l0ZoY59luY3URgRyKN7B/mz8uBz5+ZZng8pw6rYl2i2lom9X5I8vN85y/I8KsRjJNRbUdE27vyXo36H3bRWH8MvHNl8T/ht4e+JWmWU1tbeIdDtNTt7a4x5kSTwpKqNj+IBwD7ityu6EozgpR2eq9Hr+p6UJxqQU4u6aTXo0mvwaCvGf2D/APkiGuf9lm+I/wD6mut17NXjP7B//JENc/7LN8R//U11uqKPZqKKKACiiigAooooAKKKKACiiigAooooAKKKKACmyyxQRNPPIqIilnd2wFA6knsKdWD8VPhn4F+NPww8SfBz4oaEuqeGfFug3mjeItMeeSIXdjdQPBcQl42V0Dxu67lZWGcgg4NAHyR/wUO0b48/s/8Axi0r/gp3+x/rs/i698L+GYtB+Lnwah1JGTxh4WguLi6WawQnCarZvdXUsXeZJHizyEk8y+A/jv4k/wDBbX9oDwn+1Hq+p6x4B/Za+G3iqz1r4XeFbqf7Fq3xN8QWU6y2+r30YbdFpttcRq0Fuf8AXSRiR8gBV+Rvij4F/wCDSPwT491T4cfC/wDYa8a/F3UNDu2tdZn+EFt4q1qztZlPzJ9qW/SGXH96J3Xnr1r2H/gm78Af+DYX49ftMaBp/wCzF+zXe+CvjR4N1S28R+HfCXj688SaVq8NxZyrcxXMMF5dmG6MbxeYY1MmFjYumwE0Afr1RRRQAUUUUAeM+B/+UhfxQ/7Iz4D/APTt4vr2avGfA/8AykL+KH/ZGfAf/p28X17NQAUUUUAFFFFABVLxJ4c0Lxh4evvCfijSYL/TdTtJLXULK5TdHPDIpV0YHqCpIP1q7RTTcWmt0JpSTTV0z5O/ZK8R69+x78cLn/gn58UdVnuNAvUm1P4K6/fSEm6sMlptKdz1mtySVHUpn7oMa19Y15L+2X+zHbftP/CQ6Do+rf2P4t0K8TVvA3iSI7ZdL1OE7onDAZCMRtcc8HOMquK37FH7Tlz+0j8MJ4/GukjR/HnhO9bR/H/h5wFey1CPKs6rn/VS7S6EZH3lBOwmvaxyWY4b6/Be+rKqv7z2n6T69pp/zI8PASeW4n+zpv3Hd0n/AHVvT9YX93vTa/kZ7HRRRXiHuhRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAeUfth/s5N+0Z8Kv7N8N6n/ZXjDw/eJq3gjXkO17DUofmjO7sj42N1GCGwSop37H37Ry/tH/ChdZ17TP7K8WaFdvpPjbQJBtk0/UoflkXaeQjEb168HbklTXqtfLf7UOkap+yH8dLT9ujwJYTSeGtWEGk/GLSLSMtvtdwS31VUHWSEkK3cqQONztXkYxPA4j67H4dFUX93pP1hfXvBv8AlPCzBPLcUsxh8DtGqv7v2anrC/vd6bf8qPqSiq+kavpev6Ta67omoQ3dle26T2l1byBo5onUMrqw4KkEEEdQasV6yaauj3E01dBRRRTGFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAV8ufAH/i+P/BRv4tfHGX97pnw70ez8B+HpTypuCftV+R2DpLhCeu1se1fQXxb+Iuj/CD4W+I/ip4gI+xeHNEutRuVLY3rDE0m0e524HqSK8e/4Jh/DrWPA37H+geJfFoLeIPHVzc+LfEE7LgzXF/IZlcjqD5Pkg57ivYwf+z5ZiMR1lamv+3ven/5LFL/ALePFxv+05rhsP0jzVZf9u+7D/yeTf8A26fQVFFFeOe0FFFFAHh/7R2m6d8Tf2gvhf8ABrVtPgvdOW6vdd1qzuYhJE8cEJSEOjAhlZ2dSCMc17RpWk6VoWnQ6PoemW9naW6BLe1tIVjjiUdFVVACj2FeO/Df/iuP20vH3jJvng8KeH7Dw/Zydi0pNzMB7qw2n617VXynDVOnicTjsyaXNVrTinZX5KPLSir2vbmjUdr2u726n1HEdSph8PgsuTfLTowk1d256vNVbte1+WVNXte2l+gUUUV9WfLhRRRQAUUUUAFFFFABXx5qnwC+D37X/wDwUk8eX/xT8C2utaR8NfCOjaYlvI8kccuozs92sknlsvnFIy0ZR9y4IBXgY+wmZUUu7AADJJPAFfNv/BNBW8Y/D/x1+0RcAs3xI+JWq6pYzEcmwjl+z26e4Xy5APrXkZlTp4rFYfDTScXJzaaurQjp/wCTSX3HhZtRpY3GYXCVIqUXKU5Jq6tTjpdP+/OP3H0hbW1vZ28dnZ26RRRIEiijQKqKBgKAOAAOMU+iivXPd2CvGf2D/wDkiGuf9lm+I/8A6mut17NXjP7B/wDyRDXP+yzfEf8A9TXW6APZqKKKACiiigAooooAKKKKACiiigAooooAKKKKACvPP2uvhx44+MX7KHxP+EXwx1gad4l8VfDzWtH8Pag0xjFrfXNhNDBLuHK7ZHRs9sZr0OoNU1TTND0y41rWtRgs7Ozgee7u7qZY4oIkUszuzEBVABJJOAASaAPzA/YO/wCC3P8AwTC/Yr/Zf8D/ALGv7ULap+zp4/8Ah34Xs9G8T/DzxZ4C1GDZewRLHcXUU1tbyQ3Ec8qvMJt++XzN7AliaqfGj9uH9mj/AILE/ta/s8eAv+Ccfh3WvH2pfCv41aX4w8Y/GSDwjeafpfhbRLNZGvdPN7dxRPJJeqyQi3QFJPvEnyxj9BfE3xp/Y48aW8dr4x+LPwz1aKJt0Uep69p86ofUB3IFeVftUf8ABRz4JfsrWvwj8N/CFvB/jCT4jfG3w18PxpGg+K7aI6TBqtw0LX6xwLJ5ghIB8vCBiwG9aAPqGiiigAooooA8Z8D/APKQv4of9kZ8B/8Ap28X17NXjPgf/lIX8UP+yM+A/wD07eL69moAKKKKACiiigAooooAK+VP2yfB3ib9l/4uWf8AwUP+DujTXUFnbx6f8YfD1kvOraMCAL5V7z23B3d0UZKqr5+q6ivbKz1Kzm07UbSOe3uImjngmQMkiMMMrKeCCCQQeua7cBjHgsRztc0WmpR6Si91+qfSSTWxw5hgljsPyJ8sk1KMusZLZ/o11i2nuUfBvjHwz8QvCem+OvBesw6jpOr2Ud3p19btlJ4ZFDKw+oPQ8joa06+RvgJe3v7A37SZ/Y+8VXcn/Cs/Ht3Pf/CDU7mQlNMvGbfcaK7HoCzb4snksBlmkO365qswwawdZcj5qclzQl3i+/mneMl0kn0aJy3GvG0H7RctSD5Zx7SXbvFq0ovrFrqnYooorgPQCiiigAooooAKKKKACiiigAorxn9vHwl8WfGn7P11ovwgju5rz7fE+p2dgx866swrh40A5Y7zGSo5IUjnofM/+CY9/wCNfCv/AAlfwh+JE2oadeWi2l7pfh3WIJIZ4Yn8wSyokgBCEmLOOAef4ufisXxhPB8aUMhqYWfJVjdVtoc1pNQWlm/da+JS5rWi1dn2WE4ShjODq2eQxUOelKzo7z5bxTm9bpe8n8Lja95J2R9ZUUUV9qfGhRRRQAVU8QaBovirQr3wx4j0yG90/UbWS2vrO4TdHPC6lXRgeoKkgj3q3RSaUlZiaUk09mfL37Juv61+yv8AGW+/YK+I+pzT6TJHLqvwg1q8fJvNNLFpdOZj1ltzkgdSmThV2A/UNeR/tk/s5XX7Qvwwj/4Q3UhpfjfwveLq/gXXEIV7PUIvmVC3/POTARgcjlWIO0Crf7Iv7Rtr+0p8JIfFGoaadL8S6VcvpfjLQZAVk03U4TtmjKnkKT8y5/hYA8g48rBN4Ku8FP4d6b/u9Y+sL6d4Nfys8TL28uxLy6fw2cqT7x6w9ad9O8HF/ZZ6jRRRXrHuBRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAfMf8AwVI1O/8AFfwl8Kfsu+Hrp49R+LnjrT9BkMJw8Ngsqz3c/wDuqsaBvZzX0rpemWGi6Zb6NpVqkFraQJDbQRjCxxqoVVHsAAK+VNE8U+GP2mv+CqCXfh3xHYarofwU8BSiGSyu0mRda1GTy5dpUkHbbrsbHKum04PFfWVezmUZYbB4fCtWai5y9aj0+6EY/eeJlco4rG4nFp3TkqcX/dpqz++cpfcFFFFeMe2FNmmit4XuJ5AiIpZ3Y4CgckmnV57+1f41Pw//AGcvGHiWOXZKNFktrZweRLPiBCPcNID+FcWZY2nluXVsZU+GnCU36Ri5fpb5nZl2CqZjmFHCU/iqTjBespKP63+RzP7DkMus/DDWfivdxsJvG/i/UdXBcfMIjMYo1+gEZx9a9orl/gn4LHw6+EPhrwOYtkmmaJbQTjGMyiMeYfxfcfxrqK4eGsFUy7h/C4er8ahFy/xyXPP/AMnnI7uI8bTzDPsTiKfwOcuX/BH3If8AkkIhRRRXtnihRRRQAUUUUAFFFFAHmP7aPxK/4VD+yj4/+IEdx5U9n4YuY7KTONtzMvkQn/v7IlWf2Rvhr/wqD9mLwJ8OZLfyp9N8MWi3qYxi5eMST/8AkV3NeY/8FI/+K30H4a/s5w/P/wALB+Jum2upQf3tOtmNxctjvt2RHFfSdeXS/fZvVn0hGMfnJub/AAUTxqH7/Pa0+lOEIL1k3Ul+Cggooor1D2Qrxn9g/wD5Ihrn/ZZviP8A+prrdezV4z+wf/yRDXP+yzfEf/1NdboA9mooooAKKKKACiiigAooooAKKKKACiiigAooooAK4D9q74Nf8NF/st/Er9nz7QsX/Cd+ANZ8O+azFQn22xmttxI6Y83Oa7+sP4m+G/E/jL4b+IfCHgnx5c+Fda1XQ7uz0jxPZ2cVxNpF1LC6RXiRTAxyvE7LIEcFWKAMCCaAPz7/AGJP+Dc//gnj4f8A2Svh94e/bC/YR8DXnxO07wzb2njW/stVvJ47y+iXy3uA6TKrGQKJDhQNzkYFWfj/AP8ABvR+x7oXjf4K/FT9gv8AZr8D+BPFHw/+PvhXxZ4j1ebUb5Hn0HT7z7ReW0OTMHmfbEUVgoJXl177+r/tO/8ABdH9kqQ+Gfiz+wD4P/aS0i3Oy1+IPwf8axeH76eIcK93pGoByJ2xlhbyGJSeOOKZpn7cP/Bbf9o6QeGPgL/wSW0T4RpMdr+O/jt8S4Z7Wz9T/Zmmp9qmbHIwyrnAJAyaAPvuvhv/AIKN65+3T+xv8CPiX+3Pof8AwUFtvsvhCSXVPDPwr1H4aaWui6jAbhVtdGlnCtqEt1PuS3WeK4jzLIpEQHy19Wfs3+BPjF8Nfgvovg74/wDxr/4WJ4xtxcSa74vGgw6Yl7LLcSzBY7WElIYokkWBFyzbIVLMzFmPxD8ZtM/b2+Lv7fV38UP2g/8Agmn4+8c/C34Va7v+BvhTwt498IJpl/fx7l/4SjUUvtYgllusE/ZYHiVbVWL4MzFlAPQdZ+Kv7Zf7Z/7X3xC/Z9+AX7Q0/wADtG+EHgzw7Prc9r4Q07Wb/VfEWsWst6ttP9vjkjSztrdIA6RLHLI87YlQKK9i/wCCbX7UPi79sT9jLwh8c/iPodjpvim4fUdI8W2Wmbvs0eraZqFzpt40IYlliee0kkRSSQjqCSRk+QeIvBf7ZX7Ln7ZHxH/as+AX7I1z8T9F+OXhDw9JrXhi38baVpWoeF/EWl20tqone7mWGa0lt5IFeSB5ZEe2bbHIrAn17/gmz+y94v8A2O/2MfCHwM+I+t2Oo+KYH1HV/Ft7pm77M+ranqFzqV4sJYBmiSe7kjRiASiKSATgAF7wP/ykL+KH/ZGfAf8A6dvF9ezV88fAL4R/Cj4Qft+/F/TfhN8MfD3he21T4V+B9Q1O38O6LBZJeXkmq+Lg9xKsKKJJWCqDI2WIUZPAr6HoAKKKKACiiigAooooAKKKKAPN/wBq39m7wt+1T8GNR+FfiK5eyumZbvQNagyJtK1GLJguoyCCCrcHBBKsy5Gc1yP7DH7SPin4u+E9V+EnxttksPil8O7tdK8baecD7SQP3OoRdN0U6AOCABuzgBSufdq+Yv25vhb41+GXi7Sf2/P2f9Ha58VeCbUweMtDt/l/4STw8TunhYDrLEAZEPJG3oxRFr2cvnDGUXl9V2u702/sz7N9Iz0T6KXLLueJmVOeCrrMaKvZWqJfah3S6yp6yXVx5o9j6dornvhP8UvBPxs+G+jfFf4dawl9ouu2KXVjcL12nqjD+F1YFWU8qykHkV0NeROE6U3Cas07NPdNbo9inUhVgpwd01dNbNPVMKKKKksKKKKACiiigAooooAK8r/aV+D/AIi8Uw6f8XPhO62/jrwkxn0iToNQg582yl/vI4Jxnox6jcTXqlFefmmW4bN8DPC172lazWkoyTvGcX0lGSUovo11TafflmY4nKcbDE0bXV7p6xlFq0oyXWMotxkuz6NJrkvgl8YPDvxv+H9p450BGgdyYdR0+b/W2N0nEkDjggqfUDIIPeutrwX4t6ZqP7MHxQk/aR8H2MsvhXXJUh+IukWyE+SxOE1KNR/EpOHA65J6sWX3PS9U07W9Mt9Z0i9iubS7gWa2uIXDJLGwBVlI6gggg152RZlia/tMBjrLE0bKVtFOL+CrFfyzS1X2KinB7Rv6Gd5dhqHJjsFd4atdxvq4SXx0pP8Amg3o/twcJreVp6KKK+hPACiiigAr5Z/aU03UP2Nvj9bftt+DLGVvB/iJoNK+MOlWsZIRCwS21dUHV42YI+OSDgDLsw+pqo+JvDWg+M/Dl/4R8U6VDfabqdpJa39ncLuSeGRSrow9CCRXHjsK8VRtF2nF3i+0lt8ns11i2uxwZjgnjcPaD5akXzQl/LJbP0esZLrFtdixpupafrGnW+r6TexXNrdQpNbXMEgZJY2AZXVhwQQQQR1BqavmD9kPxLr37M/xa1D9gT4n6rNcWltBJqfwl1u7bJ1HSCSXsmY9Zrc5GOpQEgBVXP0/TwWKWLoczVpLSS/lkt1+qfVNPqPLsasdhudrlmm4yj/LJbr9U+sXF9QooorrO4KKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAK5X466LN4k+CHjLw7beKv7Ckv/AArqNtHrmSP7OZ7aRRcZXkeXnfxz8tdVXzz/AMFQfiBrXhP9krVPAvg98+IfiLqVp4P8PwhsGWe/k8t145/1Am6d8V25bQnicwpUoOzco69tU2/RJNvyWpw5nXp4XLq1WaulGWnfRpJebbSVtbvTU+Kf+CLP7D/7ROm/Gnw/+15rkA0XwSdJvGs3e/RpNcWWOW3VPKRi6IsmJcyhcmJCoOQR+rlYXwv+H+i/Cj4baB8MPDibbDw9o1tp1p8uCY4YljBPuQuT7k1u13cQ51Wz3MpYmaSS92Nlb3U3a/d66/5Hn8OZHR4fyuOFpttv3pNu/vNK9uyutPvd2wooorxD3grxX9sT/iqrz4d/BuP5v+Em8cW0l7F132VqDNMMf98H8K9qrxW//wCK6/bvsLbG+18C+B5bjd/zzvLyTy8e2YRn8K+X4u/fZXDBLfEVaVL/ALdlNSn/AOU6cr+T8z6bhT9zmc8Y/wDmHp1an/byg4w/8nqRt6eR7VRRRX1B8yFFFFABRRRQAUUUUAFFFVNf13R/C2hXvibxDqMVnp+nWkl1fXc7YSCGNS7ux7AKCT7Ck2krsTaim3sj538Xf8XR/wCConhPQB+8s/hh8OL3WHbqsd9qEotQh/2vJAcewr6Tr4f/AOCff7XHwV+Nn7afxf1i21q5TXPG17aDwpFeWxRbnS9Pt2jAQ5+WQrmVkIBwM8kMB9wV4+SV6OLoVMRTkpc9Sb08mopf+AxT9GeBw7icPjsNWxVKal7SrN6O+zUYr/wGKfpJBRRRXsn0AV4z+wf/AMkQ1z/ss3xH/wDU11uvZq8Z/YP/AOSIa5/2Wb4j/wDqa63QB7NRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFfA37cvhn4jftw/wDBTnw1/wAE2dT/AGjPG3w3+GWl/A+X4ieJovhzrZ0vVPFl2+rnTYrF7xQXjtYFTzZET75nQN/CyfPn7Mnxy+LvhH/glD/wTm+KGjfGLxOniDxB8evD3h/XIR4guT/wkem6jc6nbXkF5HvxdokWJx5gbyzbBhgigD9fKKKKACiiigDxnwP/AMpC/ih/2RnwH/6dvF9ezV4z4H/5SF/FD/sjPgP/ANO3i+vZqACiiigAooooAKKKKACiiigApGVWUqwBBGCD3paKAPkLwgx/4J0ftTj4Z3beR8GPi7q7S+F5mOIfC/iF+Xss9I4LjGUHADAAABZGP17XFftDfAfwL+0t8H9a+DPxEtC+n6xbFFnjA820nX5oriMno6OAw7HGDkEg+V/sJfHjx1qg1v8AZM/aIux/ws34bFLe9unJxr+lnAttTiJ5cMpUOeSGILYL7R7mJ/4VMH9bX8Wmkqn96O0anrtGfnyye7Z4OF/4Scb9Tf8ACqNun/dlq5U/TeVPy5or4Uj6Jooorwz3gooooAKKKKACiiigAooooAh1LTrDWNPn0nVbOK4tbqForm3mQMkqMCGVgeCCCQRXhXwq1G//AGWvinH+zt4rvJJPB/iCeSb4earcOT9mkJy+myMe4JyhPXIHJbC+91ynxq+EXhv43fD+88B+I90Xm4lsb6IfvbK5XmOeM9Qyn3GQSOhNfPZ7lmJxHs8dgbLE0buF9FOL+OlJ/wAs0tHryTUJraV/fyTMsPQ58FjbvDVrKVtXCS+CrFfzQb1X24OcHvG3V0V5T+zV8XvEniIaj8Gvi3th8c+EyItS7LqVtwIr6P8AvK4I3Y6MRkDcAPVq9HK8zw2b4GGKoXSd009JRknaUJLpKMk4yXddU035+Z5biMpxssNWtdWaa1jKLV4yi+sZRacX2fRppFFFFegcAUUUUAeP/tnfs56l8fPhtb6l4A1EaZ498IXo1jwJrSkK0F9Hg+SzH/llKFCMD8v3WIO3B0/2S/2i9N/aY+EFt42bTjpuu2M76d4s0KQFZNL1OH5ZoWU8gZ+Zc87WGecgem18r/tDWV5+xX+0PB+2V4VtJP8AhBvFssGl/F3TbZCVtXLbLbV1Ud1ZgkmByG6FpCR5GLX1DEfXI/A7KovLaM/+3b2l/cf908LHp5Zi/wC0I/A7Rqry2jU9YXtLvB3+wfVFFRWV7Z6lZQ6jp13HPb3ESyQTwuGSRGGVZSOCCCCCOualr19z3U01dBRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABXy38Yv+L7f8FMfhv8ACWM+dpHwq8NXfjHW0HKNf3BFtZRt6On+uX2Y19RsyqpZmAAGSSelfLv/AATdB+LGu/Fn9su7HmD4jeOpbXw9Oed+i6aDa2rA9skSggcZQda9jK/3FDEYv+WPLH/FU938I87PFzX/AGjEYfBr7c+aX+Gn734y5EfUdFFFeOe0FFFFABXiv7KP/FXePvip8YnG4ax4yOmWch/jtrCMRIw9juP5V1P7TXx60f8AZ0+Fdz4+1OykuZ5ZxZ6Xax8ebdOjsgYn7qgIzE88L0JNecf8E1/if4X8Y/Ar/hB9Ktp4tT8OXLHWGnO7z3uZZZVmDd84ZcHkbO/Br4XM84yytx3gMplVXtYQq1eXq5OChBbWvyurNK+ybPt8tynMqPBGOzSNJ+znKlS5uiipuc3ve3MqUHpu0j6Iooor7o+ICiiigAooooAKKKKACvLv22fGnhvwB+yP8RvEfi2FZbE+Eb20e3Zyone4iNvHFkcjfJKi5HPzV6jXzR+3b/xd74r/AAh/ZFtv3kHiXxX/AG94oiHI/srTV85o5PRZZCFB/vR15+aVZUsBU5fikuVesvdX/pV/RM8vOq8qGWVeTWUlyR85T9xfjK78kzgP+Cd//BK7Sf2dvE/h/wDaR8d+O7nUvEZ0FJrTRF04W8ek3FzbbJld/MYzsqyPGDhByTgnGPtaiiqy7LcJleGVDDxtHd+b0u362/yKynKcDkuDWGwkOWO73u3ZXbv1dv0WgUUUV3HpBXjP7B//ACRDXP8Ass3xH/8AU11uvZq8Z/YP/wCSIa5/2Wb4j/8Aqa63QB7NRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAfDP7dXwS+E37b37f8A4b/Zcj13x78Lvit4E+EsvjrwL8dPh74iSyvra2uNSOnXWk+UyMLqAlIpJUf5QJYwCvmMWqf8E+/+CD/ww/Yq8VeCfGnxI/ah+IXxfuPhbZXNr8KdE8W3EUGi+ERcBhNcWljECv2lld1852YgNwAVVgn/AAVr/wCCfvhf44/FTwp+2n8Q/wDgqd4l/Zw074daL/Z2k6ppmpWGmW9pcTSzNPN9uuHjdTcI0MTwb/LkW1iyrEVxH7En7Pmq/Gr4o6N47+Bv/ByJ40+NOn+ENdsdS8ReENI1fRL6K9tYrhHe1u1tyZYoZgpiLYBIc4OaAP0pooooAKKKKAPGfA//ACkL+KH/AGRnwH/6dvF9ezV4z4H/AOUhfxQ/7Iz4D/8ATt4vr2agAooooAKKKKACiiigAooooAKKKKACvnX9u74E+Or46J+1x+ztZ5+Jnw23z2tpGDjxBpRybnTJQvL7lLNGOSGLBcM4YfRVFdWCxdTA4mNaGtt09mno4vyaun9+6RyY7B0sfhpUZ6X1TW8WtYyXnF2a+7Zs4v8AZ7+O3gX9pT4QaL8Zvh3eGTTtYtQ5hkI820mHyy28gHR0cFT24yMggntK+QfFIP8AwTn/AGqD8QrUGD4L/F7WFj8RxLxB4X8RPwl5jpHb3GMOeApBJICIp+vgQwDKcg9CK6MxwlOhONWhrSqK8X1XeL/vQej7q0tpHPlmMq4iEqVfStTdppbPtJf3ZrVdnzR3iFFFFeaemFFFFABRRRQAUUUUAFFFFAHk/wC0t8JPE2tnTvjX8IVWLxx4TzJYLj5dUteTLYyY+8GGdvoxOCN24dd8GPi54a+Nvw/svHvhksiTgx3llKf3tncLxJBIOzKfzBBHBFdVXgfxRsL79lb4qyftBeF7OR/BniO4SH4g6XboSLOYnampRqPc4kA65zyWyvx+ZRlw5mEs2pr/AGepb6xFfZeijiEv7qtGtbeHLU3pu/1uXNcQ4COV1H+/p39hJ/aWrlQb/vO8qN9p80Nqit75RUOn6hY6rYQappl3HcW1zEstvPC4ZJEYZVlI4IIIINTV9fGSkk07pnybTi2mrNBRRRTEFZ3i7wn4d8d+F9Q8F+LtJhv9L1WzktdQsp1yk0LqVZT9QT71o0UpRUotNXTFKMZxcZK6Z8x/sdeLPEX7O/xO1H9gL4r6tNc/2VbtqHws1u7bnVdEJJ+zFu81vypUfwqcAKgJ+nK8b/bS/Z11n44/D6z8TfDS+GnfELwVe/2v4F1YEApdJgtbOTwYplUIwPy52k5CkHc/ZT/aJ0X9pv4PWXxCtLE6fqsEr2PibRJQRLpepRYWe3dTyMN8y55KspODkDysDJ4Os8DN6JXpvvHrH1ht5xcX0Z4mXSlgMQ8uqPRK9JvrDrG/endLu4OL6M9Iooor1j3AooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAPFf+Ch/wAYLz4J/seeNfFGiO/9r3+m/wBj6FHD/rXvbxhbRlB3ZfMMgH/TM12P7M3wfs/gD+z94P8Ag3aIgPh7QLe1uXj6SXAQGeT/AIFKXb/gVeK/tcf8Xu/bY+CP7MEP72w0O8n+IHiqHqFiswYrHcO6tcM6kHjkda+o69jFf7NlNCh1m3Ufp8EPwUn8zxcJ/tOcV6/Smo0l6/HP8XBfIKKKK8c9oKKKKAPCv25NMsviPpXgv4ALAr3vi/xZDiQKDJa2tupe5nTIOGVGx9Gau4+AX7OPw2/Zw8PXPh/4ewXbm+mEt9fahMsk9wVBChiqquFBOAFA5PcmuP8AA/8Axdb9svxP44b95pvgDR4tC0w/wm9n/e3Lr/tKP3R9iK9tr4nI8twGZ55is/qUoupzulSm1qqdJezk0/79T2mu9opJpaP7PO8xx2W5Lhsip1ZKnyKrVino6lV+0imv7kPZ6bXk203qiiiivtj4wKKKKACiiigAooooAK+aP2bv+L2/tx/Fv9oaX97pvhFIPAXhmXqA0JE9/jtkTlcEdmr2X9ob4sWPwL+Bvir4u35TGgaJPdQxydJZwpEMf/A5Ci/8CrjP2APhNffB/wDZO8J6Jr4dta1WzbWtflmH7yS8vGNw+/1ZQ6xn/rnXl4n/AGjMqNHpC9R/L3Yfi5P5Hi4z/as3w+H6QTqy9V7kP/JpSl/26ey0UUV6h7QUUUUAFeM/sH/8kQ1z/ss3xH/9TXW69mrxn9g//kiGuf8AZZviP/6mut0AezUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH5qf8FB/D37J3xH/AOC1/wAJvh5/wUpm0Gb4VRfBC9vvhVo/j+5SPw5qPjP+1xHeJMsxEE9wtj9l2RTZU+YcAsUB5f8AbR+GP/BOT4L/ALdX7Kus/wDBO3w98OPDPx21D436XY6jo3wfjs7WW+8GSRT/ANtvqNrYYjNutsCwllXduQBCQr4+sv2nbr9lf9sD9rG1/wCCX37Rv7L2j/EGzPwwf4hahqHiGKKS30mL+0P7Ot1hBXzVuJX+0YkjZCqROMndg8UP2e/+Cdn/AARn8W/DjxF+zr+xB4f0KX4tfE7Tfh9deKtIYvf6XLqIl+zM01yZJmt3nhjjaNJFG6SNiG28AH2tX59f8FtP2UvgJqeq/B39rrUvAz3HxC079ob4a6Rp+uz6vdutrZnxLbbkitjL9njZhI4aRYw7A4LEAY/QWvlX/go3+wp+1L+25feGNF+F/wC2P4a+HnhTw14h0LxJHoupfCRtcup9b0vUTewXBuhqtqFgYpbo0HlE/u3PmfPhQDxr/gpRP+zLd/8ABSX4e6B/wU71vSLT9nqf4QanJ4Si8c6gbbwvceNF1GLzheszLA1yun7TbLcHHM5j/eV0P/BAX45p8Xf2fPi74L8MaxrWoeBvhv8AtCeIvDXwqu9fe4e4HhcR2l7p0W+5/fPGkV7tiMhLCDyR2AHuPjz4Fft7+J/hr4W8O+Hv23fBOneI7C2uY/GOs3nwOF5Za1I8qtBNb2baqrWTxINozNOrE7ivAA6z9kT9lnwt+yN8KJvh7ovinU/Eeraxr994h8ZeLtbEYvfEGtXsplu76ZYlWNCzYVY0UJHHHHGowgoA4n4BfE7w38Uf2/fi/qHhrTfENtHp3wr8D2NwviLwjqOju8qar4uJaJL+CFp4vmGJow0THIVyVOPoevGfA/8AykL+KH/ZGfAf/p28X17NQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQBzvxb+FXgn43/DbWfhP8RtIW+0XXbF7W+t24O08h1P8LqwDKw5VlBHSvBv2Gfip42+HHivVv2Bv2gtXa48WeB7VZvCOuXHH/CS+HidsFwpP3pYgBHIMkjaOWKu1fTdeEftz/s3+Kvi14W0n4wfBC4Sw+KXw6u21TwXf4x9rwP32ny8jdFOgK4JA3YyQpbPr5bXpVISwWIdoTd039ieyl6P4Z/3WnvE8fM6FalUjj8Or1IKzivtw3cf8S+KH95NbSPd6K85/ZU/aQ8K/tUfBfTfit4bt3s7iQta67o0+RNpWoRYE9rICAQVbkZAJVlbAzXo1ebXoVcNWlSqq0otprs1/X69T0sPXo4qhGtSd4ySafdP+vzW6CiiisjYKKKKACiiigAooooAKr6tpOm69pdzoms2MV1Z3kDw3VtOgZJY2BDKwPUEEirFFTKMZxcZK6ejXdMcZShJSi7Napng3wf1bUv2Zfien7NPjO+ll8MazJJP8OdYuXJ2c5fTZGP8AEpOUz1BA/iVR7zXI/G/4PeH/AI4fD+68E65I9vKWE+l6lDxLYXacxzoRggg9cEZBIzzXNfs1fGHxB4uttQ+FPxVjW28deE3FvrUPQX0X/LO9i6bkkGCcdCegDKK+SyuUuHcwjlFV/uJ3eHk+ltZUG+8FeVK796neGrpa/WZnGPEGAlm1Jfv4WWIiut9I10u03aNW3w1LS0VTT1Oiiivrz5IKKKKACvlb4721z+xD+0fF+1v4dt3X4e+ObiDTPixYwISmn3RbZbauFHTltkhHXcThmkBH1TWX418GeGfiJ4R1LwJ4z0iK/wBK1eyktNQs5h8ssTqVYe3B4I5BwRyK4sdhXiqK5HacXzRfaS/R6qS6pvsjz8ywUsZQXs3y1IPmhLtJd/7rV4yXWLfVI0bW6tr22jvLO4SaGZA8UsThldSMhgRwQRzmn18zfsZeMvE3wI+Iep/sB/F7V5bm68P2xvvhrrd0cHWdBJO2LPQzW+ChUfwqcDbHk/TNXgsUsXQU7Wa0kusZLdfJ7Pqmn1Ly/Gxx+GVS3LJNqUesZLSUX6PZ9U01owooorqO0KKKKACiiigAooooAKKKKACiiigAooooAKKK8B/4KUfteap+xf8Asz3HxL8N6Et/rOq6pHo2ieaxEVtczQzSCeTHJVFhc7RjLbRkAk104PCV8fi4Yairzm0l6v8Ap/ccuNxlDL8HUxNd2hBNv0X9JfM5n9iX/i9P7Unxx/axuP3tm3iGPwV4UlPRbLTlH2h4z3SWdlfPqpr6kr4f/wCCFP7Qtj8Tv2atS+DCeEvsF34AvUNzqCSFl1IX0tzMJWLc+aGSQNyRjZjHQfcFenxJRq4bOatCatycsUv7sYpRfzXvesmeVwxWpYrJKWIg7+05pt/3pSk5L5P3fSKCiiivDPfCsb4ieNNN+HPgPWPHmrkfZ9I02a7kUnG/YhYKPckAD3IrZrxT9sqebxla+EP2d9OlYTeOvEkUeoKjYYabbET3LDHphPrzXjcQ5jUyvJa2IpK9RK0F3qTahTXznOPyTPXyDL6eZ5xRw9V2pt3m+0Ipzm/lCMvm0a/7GngvUvCnwI07WfEIJ1jxRcS6/rEjDBee6bzAT6ER+WCPUGvVKbBBDawJbW8SpHGgWNEGAqgYAA7CnV05Tl1PKcro4Km7qnGMb92lq35yk5SfnJmGa5hUzXM62MmrOpJyt2TeiXlGKjFeUUFFFFegeeFFFFABRRRQAUUUUAfNH/BQZj8VfEvws/Y/syZF8feMkvfEUK850bTgLm4VvTcwj2k8EoRzX0sqqqhVUAAYAA6V+XvwT/4KSz/F3/gpzovxD8QfDkf2ZrUCeDPDdqJW8/TIbi7UpcsD8rSM7fvMAYRiATt+b9Q6+fyPHYXNKuIxNGV/eUfSMV7v33lI+X4czLBZzXxeMoS5vfUNmrRhH3d/5m5y+avqFFFFfQH1AUUUUAFeM/sH/wDJENc/7LN8R/8A1Ndbr2avGf2D/wDkiGuf9lm+I/8A6mut0AezUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFeW/tyfE7xJ8Ev2KfjB8Z/BkjprHhH4W+INa0po1ywubXTbieIgdzvjWgDwT9vv8AZe/bY8PftVeE/wDgo3/wTph8J69470TwTP4L8b/DjxxfPaWfinQHu/tkK290vFtdwXJkdWfCsJSCcApJ574c+Cv/AAVb/wCCif7Q/wAL/F37f3wI8DfA74U/CLxva+NbbwVoHjJNf1nxNr9mr/YGluYAIYbSGRzKV+8zKAQ2Q8eX+2V+1/8AHL9j/wD4N4PCXxe+H3xZ1XxF8WfGfw88KaP4c8XajeG4vb/W9aS2827SR8kyKk1zNF12mOMdFrzm7/4J+ePf+CNHxT/Zv/aF+FH7aPxa8bar49+MmgfD7416J458WvqGl+JV1oSQPfxwOoMUsFyFkjJZ2CdXOH3gH600UUUAFFFFAHjPgf8A5SF/FD/sjPgP/wBO3i+vZq8Z8D/8pC/ih/2RnwH/AOnbxfXs1ABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQB8i/Hazu/2A/2lh+134XtZB8MPiBeQ2Hxc023QlNKvmbZb60qjoCzbJcDksT8zSLt+trO8tNRtItQ0+6jngnjWSCeFwySIwyGUjgggggjrVDxr4M8MfETwjqXgPxro0Oo6RrFlJaajY3C5SaGRSrKfwPUcjqOa+Z/2MvGfif9mT4s3v8AwTu+MmszXUen2z6h8IPEN43Or6ICSbNm6Ge2wRtH8CnACopb3J/8KuB5/wDl9RWvedNaJ+cqeifeFn9lngw/4SMf7P8A5c1np2hUerj5RqatdFO6+2j6rooorwz3gooooAKKKKACiiigAooooAK8k/aV+FHie9udP+PPwdhC+NvCiloYAPl1ey6y2UgH3sjJT0YkDBII9borzs1yzD5vgZYatdXs1JaShJO8ZxfSUZJNP1TunJP0MrzLEZTjY4mlZ2unF6xlFq0oSXWMo3TXo1ZpNcx8H/iv4X+NXw/sfiB4UmPkXabZ7aQ/vLWdeJIZB2ZTx7jBHBBrp68C+Itnd/smfFeT45eHraRvAnim7SLx1p0CEjTbpjtTUUUdFJOJAOpPcldvvNneWmoWkV/YXMc0E8ayQzROGWRGGQwI4IIIINcGRZniMUqmDxtliaNlNLRST+CrBfyVEr215JqcHrFX7s7y3D4ZwxmCu8NWu4X1cWvipSf89Nu19OaDhNaSdpKKKK+gPBCiiigDxb9tf9nnxB8ZfAth46+FF0th8RvAl5/a/gjUhgFplAMlm5PWKdV2FScZ25+UEHpf2W/2hvD/AO038HdP+Jmj2rWV7ua01/R5ciXS9Riws9s4PIKtyMgEqynAzivRK+VPjRDN+wx+0vH+1FosTR/DX4h3kOn/ABQtIl/d6VqLHbb6uFH3VYnZKfViTuZ1x5GK/wCE/E/XF8ErKp5dIz/7d2l/daf2Twsb/wAJeM+vx/hytGqu3SNT/t2/LP8AuNN/AfVdFNhmhuYUuLeVZI5FDI6NkMDyCCOop1eue6FFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFfG/iLwh4f/wCCmP7WGq+H/F1i2pfBf4QyTadLbLcSRw+IfEkkZSYh42ViltG2AVIIcgglZDXpn7fnx98X/DP4faZ8Hfgq3m/Ev4m350PwbAjYa13AfaL9sfdSCNt27naxUkEBq9C/Zq+AfhD9mT4J6D8FvBa77bR7QLcXjriS9uWO6a4f/aeQs3sCAOAK9zCSlleCeMTtVqXjT7pbTmuz+xF93JrY8HGRjm2OWCavSp2lU7Se8Kb7r7c12UE9yT4Efs5fBP8AZl8IP4E+Bnw/tfD+mS3BnnhglklkmkIxukllZ5JDgADcxwOBgV21FFePVq1a9R1KsnKT3bd2/Vs9qjRo4ekqdKKjFaJJJJeiWgUUUVmaBXiXw9/4ur+2J4t+IL/vNN8C6XF4d0puqm7kPm3Tj0Zf9WfYivUfiX440/4a/D7WvH+qYMGkabNdMhON5RSVQe7HCj3NcV+xz4I1Dwb8BdKvdfy2r+IpJNc1mVhhpLi6bzMsPUIY1PutfLZt/wAKHEGCwC+GnzYif/bnuUk/WpOUv+4fkfT5X/sGQ4zHP4qlqEP+3/fqtelOEY/9v+Z6jRRRX1J8wFFFFABRRRQAUUUUAFcl8ePirpnwP+DHif4uavtMPh/RZ7xY3OBNIqHy4vq77UHuwrra+aP+Cgzv8V/EPww/Y5sXLj4geLkvPEkSnP8AxJdPxc3Ct/d3MI9pPBKEc1xZjiJ4bBTnD4to/wCKT5Y/i19zPOzbFTweX1KlP47Wj/ik1GP/AJNJP0TKP7AH7Cvwh+HPw48IfHzxt8PYLr4mappp1TU9cvJpWeGW7Zptqwl/KidEkWMsqBuDzya+paRESNBHGgVVGFUDAA9KWqwWCw+Aw0aNGKSVr2Vruyu33b3bLy7LsLleEjh6EUkkr2SV3ZJyfdvdt66hRRRXWdwUUUUAFeM/sH/8kQ1z/ss3xH/9TXW69mrxn9g//kiGuf8AZZviP/6mut0AezUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFUvEvhvQfGXhzUPCHirSYL/S9VspbPUrG5TdHc28qFJI3B6qysQR3Bq7RQB+eHwo/4N5Phj4A+LfgHUvGv7aXxf8AHPwo+E3iaPxB8L/gn4r1lLjSNEvoSxtdz433EVuWIiQgFV+Usys6v9UftS/sc6X+1T8UPg5418WfEG+sdG+EfxAHjFPDVtZo0es6nDbSw2Tyyk7o1gaaWQBQdzEZxtBrw39qH/g4M/4Jm/sr/GDUvgBrnxP13xj4y0SZote0L4c+FbnWH0yRTh45pYlEIdTlXQOXRgVYKeK9I/YQ/wCCtH7CX/BR641TQf2X/jGL3xFoUXm634P1zTJ9N1ayj3BTI1vcKpkjDMqtJGXRWZVZgSBQB9I0UV4X8d/+ClX7E37M/wAc/Dv7Nfxp+NqaT438VXum2mi6FB4f1G9aSW/ufstmJZLW3kjt1lmyivMyLkckDmgD3SivLf2k/wBtH9mv9kh9Ds/jv8Q5NO1DxNLPH4d0LSdBvtX1PUzCoaZoLHT4J7mVI1ZS7rGVTeu4jcM7v7P/AO0Z8E/2pvhvB8W/gD8QrPxJoE91Nam8tUkje3uYXKTW88MqrLbzIww0UqK6nqozQBx3gf8A5SF/FD/sjPgP/wBO3i+vZq8Z8D/8pC/ih/2RnwH/AOnbxfXs1ABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAV41+2x+zHd/tHfDK3uvAuqjR/H/hG9GsfD/xAhCtZ6hHgiNm/wCeUu0I4OR91iG2AV7LRW+FxNbB4iNak7Si7/8AAa6pq6a6ptHPisLRxuGlQqq8ZKz/AEafRp2ae6aTPJv2Nf2nLT9qD4Rr4j1XSTo/ivRLt9J8ceHJQVl0vVIflljKnkIxG5DzwcE7lYD1mvk79rHw7rn7HPxzt/8AgoD8MNKnn8O6gsOmfGvQLGMsbixyFh1ZEHWaAkBj1KY+6DI1fUnhzxFoXi7w/Y+KvDGqwX+m6laR3Vhe20gaOeGRQyOpHUFSCD7125lhqK5cVh1+6qXsv5ZL4oP0vePeDT6M4csxVaTlhMS71adrv+eL+Ga9bWkuk1JbNF2iiivLPWCiiigAooooAKKKKACiiigCrrei6T4k0e68P69p8V3ZXtu8F3bTLlJY2BDKR6EGvEvgtrerfs4fEpf2XvHeoSzaDqJef4b61dNnfFnL6fIx/wCWkefl9QQOMote71xvx1+DeifHDwDP4Q1O4e0u45FudG1WHiXT7xOY5kI5GDwQCMgkZHUfO57luKqunmGAS+s0b8qvZVIPWdKT7TteLfwVFGW3Pf6DJMxw1JTwGOf+zVrcz3dOa0hViu8b2kl8dNyjvy27KivMP2a/jJrnjrTr/wCHHxOt0svHPhSQWviC06C5X/lneR9N0cgwcjgE9ACufT69PLMywubYGGKw7fLLo1ZxadpRkukoyTjJPZrtZvzcyy7E5VjZ4Wuvej1WqkmrxlF9Yyi1KLW6fqkUUUV3nCFZHj3wL4W+JvgvVPh7430iO/0nWbKS01C0lHEkbjB56gjqCOQQCORWvRUyjGcXGSumTOEakHGSuno13T3Pmn9izx14q+DfjbVf2CPjLq0lzqvhS2+1+ANbuuDrnh8kiLB7ywY8tlHZcDIjLH6WrxL9tr9n3xN8VvB2m/E/4OzLZ/En4f3Z1XwZfAYM7AfvrF+m6OdBsKkgbtuTtLZ639mP9oLwx+018HdM+KnhyFrWWcNb6xpUp/e6bfR/LPbSA4IKt0yASpVsDdXl4GUsJVeBqPZXg31h29YbPvHlfc8bLZzwNd5dVd+VXpt/ah/LfrKnpF9XHkl3PQKKKK9Y9sKKKKACiiigAooooAKKKKACqmv69o3hbQr3xN4i1KGy0/TrSS5vry4fbHBDGpZ3YnooUEk+gq3Xyp+29r2s/tMfF3w//wAE7vh1qc0Nvq8aa18WdUtHIbT9CjcFbXcPuy3LhVA6hdpIKua7cvwf13EqDfLFXcpfyxWsn92iXVtLqcOY436jhXUiuabajGP80npFffq30ipPoH7EWg6z+0z8XvEH/BRD4iabNDbatHJonwl0u7TDafoUbkNd7T92W5cM2eoXcASjivquqmgaDo3hXQrLwx4c0yGy0/TrSO1sbO3TbHBDGoVEUdgFAAHoKt0ZhjPruJc0uWKtGMf5YrSK+7VvrJt9Qy7BfUcKqcnzTbcpS/mk9ZP79EukVFdAoooriO4KKKKAPE/2xZZPHD+DP2c7F2L+NvEcZ1RUPI021xPcHjp0THrg17VFFHBEsMMaoiKFRVGAAOgFeKfDP/i6n7XvjP4lSfvNO8FWEXhnR26qblj5t2w9GVv3ZPowr22vluHf9uxmNzR7VKns4f8AXuhemreUqntZeejPp+IP9iwmDyxb04e0n/18rWm7+cafso+WoUUUV9SfMBRRRQAUUUUAFFFFABXzP+z/AP8AF9P28vij8fJT52k+A7SHwJ4ZkPK+eh8/UGHYMspVMjkq+K9l/aJ+Len/AAH+Bnir4v6iUK6Bos91BHIeJZwuIY/+BylE/wCBVxv7Afwk1D4O/sp+FtG8Qh21zV7Ztb8QzTD95Je3jGd9/qyh1jP/AFzry8T/ALRmNGh0heo/l7sP/JnJ/I8XGf7Vm1DD9IXqy+XuU1/4E5S/7dPZaKKK9Q9oKKKKACiiigArxn9g/wD5Ihrn/ZZviP8A+prrdezV4z+wf/yRDXP+yzfEf/1NdboA9mooooAKKKKACiiigAooooAKKKKACiiigAooooAK8r/bo+K+v/Af9iT4x/HHwpceVqngz4V+Idd02UDOy4tNNuLiNvwaMGvVK4P9qX4ffC/4tfsx/Eb4VfG/xX/YPgvxN4D1fSfF+uf2jFZ/2dpdzZSw3Vz58wMcHlwvI/mSAom3cwIBoA8i/wCCQH7Lfwr/AGU/+CePwr8KfDjwxa2t9rngjS9c8XawsI+1a3q93ax3F1d3Mv35naWV9pcsVQKgO1QK8s/4Kx/DLwV8L/2mP2Vf25/BGg2umfEGx/aK8PeBtT16zhWOfVNA13ztPubK4ZQDOitJFJHv3eWVfbjeTXzRpX/BO/8A4I0aFpdtomif8HE3xZs7Kzt0gs7O1/bK0aOKCJFCpGiKgCqqgAADAAAFdH8I/wDgnb/wR5vPjv8ADnxFYf8ABcL4g/EnXfDPxD0XXfCPg7xL+1No+tW2o6zaXsU1lF9j8stOzTKqBI8SNvKqQWoA/WCvj3/gtP8A8kB+FP8A2dF8NP8A1JbOvsKvBf2sf+CZ37HX7b/i3TfG37S3gfxLrd7pFvaxadHpvxN8QaRawm2uJLiCYW2nX8EBnSWRnWcoZRhBvwiBQDwv9tS2+LnjL/grV8J/Cn7HPiPQPDPxZ0T4K+IdS13xJ49sZNQ0OXwtPqVhC1mLCF4p7i7N7FBIskVzbiKON95lEioN/wD4IvSX+leEPjx4B+IKxXHxK0T9ojXD8V9c025V9L1nW7i0sbgXVggjQ21v9kktI/sz7pInicPJKxMj+qeM/wDgmR+xZ8QvAfg74f8AjD4YatexeAI7mPwfrrePdbTXtMjuGLTomsJeDUGSQn5la4ZSFUEYRQPQ/wBnr9mz4G/sp/DpPhR+z78ObLw1oQvZr2a1tXkkkuruZt0tzcTSs8txO5A3Syu7tgZY4FAHmHwC1L4r6n+378X5Piz4L8PaJcx/CvwOmmReHfE8+qJcWY1XxdsmleaytDDKTuBiVZFUAESNkgfQ9eM+B/8AlIX8UP8AsjPgP/07eL69moAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigCtrGj6V4h0i60DXdOhvLG+tnt7y0uYw8c8TqVdGU8MpUkEHqDXyn+zHrGq/sQftBSfsKePtQmk8E+JHn1P4K63eSFhGm7fcaM7nq8bNujzyQ3XLoo+ta8t/a/8A2ZtG/an+Dlz4Ek1JtL12xuE1Lwh4hhJWbSNUh+aC4Rl5Az8rY5KscYOCPUy3E0Yc2GxD/dVLJv8AlkvhmvOLeq6xcl2PKzPC1p8uKwy/fU7tLbmi/ig/KSWj6TUX3PUqK8T/AGH/ANpnWfj58Pr7wr8UdNXSviT4Gvf7H8f6IwCmO7TIW6QDgwzqpdSPlzuAJCgn2yuPFYWtg8RKjVXvR+59mn1TVmn1TTOzCYqjjcNGvSfuyXzXRpro00010aaCiiiuc6QooooAKKKKACiiigAooooA8h/aU+F3ilNRsP2hvg3bD/hMvC8Z8yzXga1p+cy2bgfeOMlO4PTkqR3fwm+KPhb4y+ArD4heELkvaX0WWif/AFlvKOHicdmVsg/mMgg10deA+Oba4/ZF+LUnxe0WB/8AhX3i69RPGVjEpK6RfOdqX6KOiOTh8dz3JQD4/ME+GsxlmcP92qte3XSEtIxrpdto1v7vLV3hNn12Aa4jy+OWz/3mkn7B/wA8dXKg/PeVH+9zU9pxR79RTLa5t7y3ju7SdJYpUDxSxsGV1IyCCOCCO9Pr69NNXR8k007MKKKKYgr5U+K0cn7CX7TqftEaWjRfC/4mX8Vl8RbZB+60XVmOINUwOFSQkrKeBkljuZkA+q6xfiN8PvCXxX8Cat8N/HekpfaRrVi9rf2z/wASMMZB/hYHDKw5VgCORXFjsLLE0k6btUi+aL7Nd/KSvGS7PukedmWCnjKCdJ8tWD5oPtJdH/dkrxkuqfdI2Y5I5Y1licMrAFWU5BB7ilr5s/Ym+IXi34XeK9X/AGEPjXqr3HiDwZbC48Gazc8HXvD5O2CQeskPEbgdAAOdjNX0nV4PFRxlBVErPZp7xktGn6P71ZrRmmAxsMfhlVSs9VKL3jJaSi/NP71ZrRoKKKK6jtCiiigAooooAKKKKAOF/aU+PnhD9mT4Ka98afGrbrXR7Qtb2aNiS9uWO2G3T/aeQqvsCSeAa89/YD+Afi/4a/D/AFT4yfGpPN+JfxOvxrnjKZ0w1puH+j2C5+6kEZ27f4WZgCQFrhdS/wCM8f23U0Nf9J+FnwJ1MS33eDXPFePlj9HS0UnPo+QQVkFfW1e1if8AhOwCwq/iVLSn5R3hD/2+S7uCex4WF/4U8weLf8OleNPzltOf4ezi+ym1uFFFFeKe6FFFFABWB8U/Hdh8MPhxrfxB1LaYtI0yW52MceY6qdifVm2qPc1v18Z/8FRfjv4r0bU9P+A2jGGLTL7TYdS1Z9oZ7gidxHCc/dUNCHP97I7DB+T444lo8JcMYjMZ35kuWFlf95O6h8k9X5R8z6rgvhyrxVxJQy+FuVvmnd29yNnP5taLzfke/fsfeA7/AMCfATRzru5tW1zfrOsyuMO9xdHzTu/2gpRT/u16dXDfs1fETxB8V/gX4c+IHinR0sb/AFGyZri3jjKIdkjxh1U9FdVDgejiu5r0uHIYOnw/hI4Rt0vZQ5W1ZtOKd2nqm7uTv1k/V+bxDPF1M+xcsUkqntJ8yTuk1Jqya0aVklbol6Iooor2jxwooooAKKKKACiiigD5n/b5J+L3j74VfsdWhMkPjLxWNW8UxLyP7H04CeVH9BI+0KT/ABR4r6YAAGAMAdAK+Z/2bP8Ai+X7b3xY/aMm/faX4RWHwF4WlPK7oCJr9h2z55UBh1ViK+mK8vLf3062Kf25WX+GF4r73zs8XKf9oqV8a/8Al5K0f8FO8F98ueXzCiiivUPaCiiigAooooAK8Z/YP/5Ihrn/AGWb4j/+prrdezV4z+wf/wAkQ1z/ALLN8R//AFNdboA9mooooAKKKKACiiigAooooAKKKKACiiigAooooAK83/bJ8cfDT4ZfshfFX4k/GfwKPFHg7w98N9c1PxZ4ZMMcg1fTINPnlurPZIQj+bCjx7WIU78HjNekV5F/wUD+Ffjn46/sF/G74I/DDSF1DxL4y+EXiXQ/D1g9zHCLm+u9LubeCIySMqRhpJEXc7BRnJIAJoA+Wfif+xr/AMEMfgv+xzpn7bnxJ/4Js/Da08J6lp3h+6+zWnw8sp7uH+17mztbVCgABIlvYQ5DYADEZxz7x4I/4JFf8Ev/AIa+NNI+I3w//YJ+Feja9oGqW+paJq+neDrWK4sbuCRZYZ4nVMo6SKrKw5BUGvz3/aM0X/gv9+0L/wAE/NP/AGCrz/gkD4a0u00+w8LWw8SxfHvRZZHGi3+n3it5BkUDzTYBCN/yiUn5tuD9UfCL9sf/AILpeKPix4X8NfF3/gjb4X8L+E9R8RWVr4n8TW/x90q8k0jTpJ0S5u1t0+adooi8gjX5nKbRyaAPuuiiigAooooA8Z8D/wDKQv4of9kZ8B/+nbxfXs1eM+B/+UhfxQ/7Iz4D/wDTt4vr2agAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD5a/bZ8AeLvgJ8RtO/wCCh3wO0WW71Dw7aCy+J3h60GDr/h/ILyY6Ge3ADqx/hQZO2Pafoz4efEDwj8VfA2lfEjwFrMWoaNrdjHd6deQniSJxkZHVSOhU8ggg4INa80MNxC9vcRLJHIpV0dchgeCCD1FfIvwmmm/4J6ftPj9m/WpWj+EfxP1KW7+Gt5I37rQNYc7ptJJP3Y5Sd0Q9SANzGRh7lP8A4VcD7J/xqS93vOmtXHzlDWUe8OaP2UeDU/4SMf7VfwazXN2hUeil5RnpGXafLL7TPryiiivDPeCiiigAooooAKKKKACiiigAqn4g8P6N4r0O78NeItOivLC/t3gu7WZcrLGwwyn8DVyipnCFSDhNXTVmnqmno011TTsyoTnTmpwdmndNaNNapp90zwr4G+INZ/Z9+Ig/ZW+IWoyz6Xcq8/w41u5b/j4tgctYu3TzYs/L6r6AoK91rivj18F9J+OHgOTwzc3bWOpWsq3eg6vDkS6feJzHKpHOM8EDqCehwRkfs2/GfV/iLo994H+Itoth438LTC08S6fwBIcfJdR+scg+YEcAnjgqT8llM55Bj1k1d3pSu8PJ9lrKg2/tU1rTu7ypaaypO/1WaQhnuBeb0VarGyxEV3eirJL7NR6VLaRq66RqK3plFFFfXnyYUUUUAeG/tu/ALxZ8R/DGlfGT4KsLb4l/Du6bU/Cdwo/4/VA/f6fJ03RzICu0kfNgZAZs9v8As1/H3wn+0v8AB7Sfiz4TVoReRmPUdOlP73T7xPlmtpBwQyNnqBlSrYwwru6+A/2qf2mNJ/4Jjfti6hrfgDw//bmkfEvQ11nxN4L+2G0S0vxM8S38MvluoMuyXem35mUkkfJjw8wr0snr/XZu1OVoz9dozS6v7MratWf2T5vNMTQyDEf2jUdqM2o1PJ7Qml1enJJLVx5Xryn35RXG/s/fG7wn+0d8HNC+NXgiK4j03XbVpIobpQJIXSR4pY2xwSskbrkcHbkcGuyr2aVSnWpxqQd4tJp909UfQUa1LEUY1abvGSTTXVNXT+4KKKKs0CiiigArwv8Ab1/aG8T/AAZ+F9l4D+EUX2r4kfEPUBoPgSyQ/MlxJgSXjddscCNvLEFQxTdwSa9t1XVNN0PS7nW9Zv4rWzs7d57u6nkCRwxIpZnZjwFABJJ6AV8sfsa6VqX7WPx313/goT43sJU0ZUm0D4OaddIVNtpUbss+obT92S4fcAeGC715Uqa9bK6NKLljK6vTpWdn9qb+CHo2ry/uxfc8jNa9WShgqDtUq3V19mC+Ofqk+WP9+S7M9s/Za/Z68MfsufA7Q/g54Zl+0HT4DJqmpOP3moXsh3T3Lk8ku5JGScKFXOFFehUUV51etVxNaVWo7yk22+7Z6VChSw1CNGkrRikkuyWiCiiisjUKKKKAML4mfEPw58KPAeqfEPxZc+XY6XatNLgjdIeixrnqzMQoHqwry39n34EWXjDQ7/4yftB+CtM1bxL4zukv5LLV7CO4TS7UDFtbIsqnYVQgngHJAPK5qp4p/wCMpP2ho/AEP73wP8OrtLnxAw5j1PV+fKtfRki5LD1ypHKmveq+Nw9KlxNm8sVWipYbDuUKaaTjOp8NWpZppqGtKndNX9rJdGfX16tXhvKY4WlJxxNdRnUabUoU/ip07pppz0qzs07eyi+qGwww20KW9vCsccahY40UBVUDAAA6CnUUV9kkkrI+Qbbd2FFFFABRRRQAUUUUAFfPP/BTf9pj4lfsq/syv8QPhRaw/wBsX+uW+lxX88AlXT1kjlc3GxgVYgxBAGBXMgJBxg/Q1fLHxSsbL9s39tfT/gfeWcWofD/4QRx6x4yt5oxJb6lrcyEWlm6nKuscZZ2ByDmRGHSvLzipWWCdKjLlqVPdi1um+vpFJtvt52PFz6rXWXSoYeTjVqtQg1upPd+kYqUm+iWmrRw//BDj4u+LfHfwQ8U+BNf8Polr4d1xZ7XXFRg2oS3hmlmWRjw8iFFJbrtlQEcAn7frL8H+CPBfw80OPwx4A8IaXoemxMzRado+nx20CEnJIjjUKCT14rUrTKsHVy/LqeGqT53FWvt1f5ba69zXJMBWyvKqWEq1OeUFbmta+r/K9tde+oUUUV6B6oUUUUAFFFFABXjP7B//ACRDXP8Ass3xH/8AU11uvZq8Z/YP/wCSIa5/2Wb4j/8Aqa63QB7NRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRXy1+3D+3z8e/2PPip4I0jTf2LH8T/D3xV428N+GdQ+I8/xEtLBbC81fUksVWKwEM1xcNEZEkbcIkYNgSZBIAPqWivJf2hviF+2l4O8QWFn+zF+y94F8eaZNZl9SvvFfxbuPDsttPvIEaRRaPfCVduDvLocnG3jJ5n/AIJpftoeNf2+f2aD+0X4v+Clh4IguvFWraXodtpXi5tattVs7G5a0/tCG4eztG8qWaKcIDECURXz8+1QDa8D/wDKQv4of9kZ8B/+nbxfXqviG+vbZbSx02RY5r67ECTMm4RgI8jNjudqHHuRXlXgf/lIX8UP+yM+A/8A07eL69S8Qf8AIW0P/sKv/wCklxQAg8P6vjnxzqmfaG0/+MUv/CP6t/0POq/9+bT/AOMVqUUAZf8Awj+rf9Dzqv8A35tP/jFH/CP6t/0POq/9+bT/AOMVqUUAZf8Awj+rf9Dzqv8A35tP/jFH/CP6t/0POq/9+bT/AOMVqUUAZf8Awj+rf9Dzqv8A35tP/jFH/CP6t/0POq/9+bT/AOMVqVz3xa+Kfgf4G/C7xF8Z/ibqs1h4c8KaLc6tr1/b6fPdvbWdvE0s0oht0eWTaisxVEZsA4BoAu/8I/q3/Q86r/35tP8A4xR/wj+rf9Dzqv8A35tP/jFcve/tO/AbTv2aH/bEvPiRZp8NU8Gf8JYfFYilMJ0c2v2oXQQJ5hBhwwQJvOQoXccV8of8FLP26/8AgoD8HP2Xrv8Abg/YE8H/AAa1j4S6X8LIfGV3rnxRGuRarfCQPKsFtpsKQMgNubd83EsTBpGVkBTBAPtf/hH9W/6HnVf+/Np/8Yo/4R/Vv+h51X/vzaf/ABisr4G+N9W+JvwT8HfEjXre3hvvEPhbT9SvYrRGWJJZ7aOV1QMzEKGcgAknGMk9ap/tE6n+0DpHwb1m/wD2WfCvhfWvHqrAvh/TvGmqT2elyM08aytcTQRySKqQmVwEUlmRV43ZAB0P/CP6t/0POq/9+bT/AOMUh0DWQMx+ONSLDoJILUr+IEIP6ivlH/glh+2X+2H+0n8R/j58FP20dA+Gln4m+Dfjqy0GOb4X22oJY3Cz2K3TEvfSvJKRvChtkWcH5K+w6AKPhzUbnVNJS5vFUTJLLDNsGFLxyNGxA7AlSfxq9WX4P/5BM3/YVvv/AErlrUoAKKKKACuA/ab/AGePBf7UfwZ1b4PeNg0Ud9GJNO1KFf32nXicw3UR4IdG54I3KWU8Ma7+itaNarh60atN2lFpp9mjKvQpYmjKlVV4yTTT6pngH7Cn7Q/jPx9o2s/s9/H7bbfFP4bTrp/ieNj/AMhW3x/o+pxZxvSZNpJH8RyQodRXv9fnh/wXP0P4pfDW98C/tM/Aka3oOpQWt/o3ijxf4ZvZrW4itnMD2sEskLAiMt9oIJ4BwM8rWn/wTz/4KWzeDvgro/g79vfWfE+ialfXjnwp428U6FcJZavYFU8vdeFSHlVxMDI+FKBCXJzX1WL4eq4/LY5tgkmpvWnH4oyV+blV9Y3XMklzRjLZpJnyOE4jpZfmksnxzadNaVZaRlF25eZtaSs+Vyb5ZSjum2j78oqh4a8U+GfGmiQeJfB3iKx1bTbpN9rqGm3aTwTL6q6Eqw+hq/XyLjKLs1Zn2UZRkk07phRRRSGFFFFABRRRQAUUUUAFePftJfDTxVpmsWP7SXwas9/izw1CVv8ATo+Brmm5zLauB95gMsh5ORgAnbj2GivNzfK6GcYGWHqNxejjJfFCcXeM4vpKL1XRq8XeMmn6OVZnXynGxxFNKS1Uov4ZwkrShJdYyWj6p2krOKa5/wCFvxL8LfF/wJp/xC8HXnm2OoQ7lVsb4XHDxOOzq2QR7cZGDXQV4B4shl/Y++Lb/EnTImX4ceMr9U8T2sYymiai5wt6oH3YpDgPjof+ALXvsM0NxClxbyrJG6hkdGyGB5BBHUVxZFmlfGQnhcYlHE0Wo1Etnf4akP7lRLmW/LLng9Ya9md5ZQwk4YnCNyw1a7pt7q3xU5f36bdn/MuWa0lo6iiivfPCCvEf2tP+Cf8A8Af2yr/S9b+KUer2Wp6REYLfVNBvI4Z5ICxbyH8yORWQMWYfLkFmwRk59uorDE4XDYyi6VeClF9Hsc2MwWEzDDuhiYKcHumrrTY+Urj9lT42fsVSnxl+wvqs+u+GEAfXPhH4j1FnjucAb5rC4fJgnbGSp+ViT97Cx16/+zh+1p8KP2mNMuYvCV1c6Z4g0tvL8QeENbh+z6lpcoOGWWFuSoPG9cr2JByo9Orx39o/9jPwF8eNTtviLoGsXng34g6UM6J478Pny7uEgYEcwBAuYuxR/wCEkAqCc+f9Tr5f72C1h1pt6f8Abjfwv+6/cf8Ad3PK+oYnK/ey7WHWk3Zf9w278j/uu8H/AHHqexUV8z+A/wBsf4g/A7xZZ/BT9vjQ7XQb+6l8jQPiTpykaFrpHTzHwBaTkclWwvU/INufpaKWKeJZoZFdHUMjqchgehB7iu3C4yhi4vk0a3i9JRfZrp5PVPdNo9HBZhhsfFum2pR0lFq0ovtKL1Xk9U902h1FFeJfte/tdL8BINM+GXww8N/8JZ8UvFxMHg3whbtksxyDd3JBHlW0eCzMSN21gCAHdPSwuFr4yuqNJXk/kkurb2SS1beiRpi8XQwVB1qztFfNtvRJJatt6JLVv8PFv2x/2pvh3+1b8TNB/wCCc/wM+LFp9p8Va89p8R9ZtZSi2OnW6+bPZQysAs0820x4jLgbWRvvHH2N4U8LeH/A/hjTvBnhPSorHS9JsorPTrKBcJBBGgREUegUAfhX5vfsrf8ABDj4yfCb9pHwp8Xfib8XvDs+j+GtUtNYMOjPcNeXF5CySiEiSJUWPzVwX3kso+6pbj9Ma9/iJZVhoUMJl1b2lOKbk7bzb1b0V9Eklb3Vpd3bPnuGnm+JnXxmZ0PZVJNRir7QS0S1dlzNtu/vN3srJBRRRXzB9UFFFFABXmv7T3xd1f4aeCYNB8Cwi58X+KboaZ4WsxjPnvw059EiU7iTwDtB4NeiajqNhpGnz6tql3Hb21rC01xPK21I41BLMxPQAAkn2rxH9njTr/46fEvUf2sfFVpIlgVk0z4e2NwuDBYqxWS72no8zZ56hdw5BWvmuIcZiZKnleDly18Rdcy3p01b2lX1SfLDvUnH+Vn0eQYTDxdTM8ZHmo0LPle1So7+zp+ja5p9qcJfzI9F+BXwi0n4I/DSw8B6bMbiaIGbU79877y7fmWZieSS3TOSFCjtXX0UV7mDweGy/CU8Nh48sIJRil0SVl/wXu223q2eJjMXiMfip4nES5pzblJvq27v/htkkktEgooorpOcKKKKACiiigAooooA89/am+POk/s1/ArX/i3qMIuLiwtfL0iw5Jvb6Q7LeAAcndIVzjkKGPasH9iD4C6t8BvgZa2njeZrnxh4lu5de8bX8uDJPqdyd8isR12DbHxwShI+9Xn3jD/jLr9uzT/h7H+/8DfBBo9W17vFfeI5VP2WA9m8hMucdG3qw5FfUNeThv8AbMfPEP4YXhD1+3L77QXlGR4mE/4UMzni38FO9OHm/wDl5L70oJ9oy7hRRRXrHthRRRQAUUUUAFFFFABXjP7B/wDyRDXP+yzfEf8A9TXW69mrxn9g/wD5Ihrn/ZZviP8A+prrdAHs1FFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFfnp/wAF7v2xf2Wvg/4O+FvwZ+KHx58NaF4ri+OXw98VyaBqWpLHdLolv4khafUCh58hBbXBZ+g8l/Sv0LooA+P/APgox+25oF//AME0dQ+Jn7GvxD0zxPrfxkntvAnwd1jRLwSQ32s6vcnTopoZF4JgzcXBPQC0b0r6I/Zo+Angv9lr9nrwT+zh8O4NmieB/C9lounEoFaVLeFY/NfHV3Kl2PUsxJ613FFAHzx8AvBfiTwT+378X7XxL8XPEPi+S8+Ffge5t7nxFbadE9jE2q+LgLWIWFpbKYlwSDIry5Y7pGGAPc/EH/IW0P8A7Cr/APpJcV5b4H/5SF/FD/sjPgP/ANO3i+vUvEH/ACFtD/7Cr/8ApJcUAcN+0b+zP/w0V/Y3/GQPxO8C/wBj/aP+Sc+K/wCy/t3m+V/x8fu383Z5XydNvmSdd3HmP/Ds/wD6yBftN/8Ah1v/ALmr6bor0aGbZjhqSp0qlorpywf5wb/E83EZPluKrOrVp3k93zTXlsqkV+CPmT/h2f8A9ZAv2m//AA63/wBzUf8ADs//AKyBftN/+HW/+5q+m6K2/t3Nv+fv/ktP/wCVGH+r+T/8+v8Ayap/8tPmT/h2f/1kC/ab/wDDrf8A3NXT/Bz9hv8A4U98SNO+I3/DYPx08U/2d53/ABIfGXxB+3abdeZC8X76DyV37d+9eRh0Vu2K90oqKmdZnVpuE6l01Z+7DZ+lNP7mvU0p5HlVGopwp2ad171TdetRr70/QKra1o2k+I9Hu/D2vadDeWN/bSW97aXEYaOeJ1KujKeCpUkEdwas0V5Z6p+GGn634s1b4aaZ/wAGwt/qd9Jr1l+0g/h7Up3kb7RJ8I7cr4jS8aX+F3tmis1GcEDZk5wfvr/gvL8TPg78P/8Agk/8cPhZrPxB8NaJq2pfCq+i8P8Ahy61a3trm6QKEVbe3Zg0gGNoCKemO1fVEfwD+BUPxhk/aHi+C3hJfiBLpn9my+OV8OWo1h7Pj/Rje+X55i4H7vft4HHFYXxu/Yy/Y+/aZ1qz8SftIfso/DX4g6jp1qbbT7/xv4F0/Vp7WAsXMUb3ULsibiW2qQMknFAGF+w58Zvg/wCPf2TfBE/gT4q+G9bTQPAGjJrraPrlvdf2cwsI8rP5bt5R+R+Gwflb0Ndt4W/aF+A/jf4P2/7QnhL4zeF9Q8B3Vu1xb+MrbXYG0uSJZDE0gud/lbRIpTO7G4EdaofBn9k79lj9nHStW0L9nn9mn4f+A7HXtn9u2fgzwbY6XFqOxWVPPS2iQTbVdwN4OA7AdTVqL9mn9nKD4KH9mqH4AeCU+HJtTbHwAvhWzGieSZTKYvsPl+RsMhLldmNx3YzzQB8J/wDBJv8AaH+AFz/wUL/bUs7f45eDpJvFXxs0c+GIk8TWhbWB/Y8CZtQJM3Hz/L+73fNx1r9Iq8T8E/8ABNT/AIJzfDXxdpvxA+HP7AXwT0DXtGvI7vSNb0T4VaRaXdjcIdyTQzRW6vE6kAhlIIIyDXtlAGX4P/5BM3/YVvv/AErlrUrL8H/8gmb/ALCt9/6Vy1qUAFFFFABRRRQAVR8R+GfDfjHRbjw34u8P2WqaddJsurDUbRJ4Zl9GRwVYexFXqKabi7p2YnGMlZq6PmXxN/wTM8C+FdbuPHX7H3xW8SfBvX5n8yWPw3cm40i6ft5+nzExuOmFUqo/u1R/4aJ/b2/ZoP2f9pj9nSD4keHYPv8Ajb4TZe7RB/HPpsuHLY5YxlUXHevqiivWWcVqq5cZBVl/e+NelRWl9/MvI8eWS0KTc8FN0X/d+B+tN3h9yg/M8t+Af7aP7M/7S6fZ/hJ8VtPvNSUH7RoN4xtdRgZfvBraYLJ8pyCwBXI6mvUq8o+Pn7Ef7Mf7Sj/2j8UPhbZSawhDW/iPTM2epQuv3WFzCVdtp5AcsvtXlv8Awof/AIKC/szfvv2ePj/a/FTw5B93wd8VDt1FEH8MOpR4Lv0A83ai46Gn9VyvF/7vV9nL+Wpt8qkVb/wKMfUn63m2D/3mj7SP81Lf505O/wD4BKXofVNFfNHhP/gpr8M9E16DwF+1l8OfEfwa8RzNsjj8XWpfTLl+/kahGPKkQf32CLx1r6M0LX9C8UaRBr/hnWrTUbC6jD2t7YXKzQzKf4ldCVYe4NceLy/GYJr20Gk9nvF+kleL+TO7CZjgsen7Com1utpL1i7SXzXzLdFFFcZ2hRRRQAUUUUAUfE3hrQvGXh698K+JtNjvNP1C2aC7tpRlZEYYI9vqOQeRXjXwG8S658CvH5/ZR+JOpST2pief4d63cn/j+shybNm/56xDgDuo6AbM+51w/wAf/gtp/wAbvAraGt82n6xYTreeHdZiyJLC9TlJARztJ4YdwfUAj5zPcuxUpwzLAL/aaKdleyq03rOlJ/3rc1Nv4Kii9pTPockzDDRhPLsc/wDZ61rvd05rSNWK8r8s0vjpuS3jA7iivNv2b/jTqHxP0C88L+O7Ead408MTiy8UaYcDEo+7cIO8UgG4EcdQMjBPpNerluY4XNsDDF4d3hJddGmtHGS3UotOMovVSTXr5eY5ficrxs8LiFaUX01TT1UovZxkmpRa0aafoUUUV3HEFFFFAGP488AeCfih4UvPA3xD8L2Ws6Rfx7LvT7+ASRyDscHoQeQwwQQCCCM180y/Dj9pH9gKRtV+BcepfEv4SxMXuvAV3OZdY8PxdS2nytzcRL/zxbngAclpK+rq8b/a7/a40v8AZv0bTvCvhLw7J4p+IviuU2vgnwVZHM19OePOlx/q7dOrucDAIBHJXF5RLNcTGNC6q/ZkrJpbu99HBbyUvdtd6bnjZvh8EqX1upN05wWk4/Er7Rt9tN2XI07t6Weq4j4kf8FN/hDc/DPSLn9mc/8ACd+PvF87WPhPwRbgpdR3YHztexkhraKLO52bAYD5W25deo/ZB/ZFu/gtPqfxm+M/iNfFfxZ8XASeKvFEi5W3U4K2NoCB5VtHhQAAN+0EgAIq+S+C/wDgmd8V9AsG/aHtf2gbnSvj7qN9Nqmq69aQqdHkeYKW01rYLhrYbQu/G4nL7ThVHpnwU/bZuJPG8P7P37Wfg5fh98RG+WyWaXOleIBnAlsbgnadxx+6Y7gSFBZgQN55xLLaby6pZOTs60b8lXXSKbScF/cl8cveUpLlivHwVfEyxtOtnMeSWnsv+fabVrvV8tZ9pO0U+WnJvmb+gaKKKR9iFFFFABRRXKfGz4s6H8E/htqXxC1xfNFpHts7NT893ctxFCvfLNjpnAyegrnxeLw+Aws8TiJKMIJyk3skldv+t9EtWjowmFxGOxUMPQi5Tm1GKW7bdkv6829Ezzn9pHVtT+M3j7TP2SvB17JFFfRrqHjy/t2wbPTFYEQZHR5mwMehGQVY17TpGkaZoGk22haLZR21nZW6QWtvEuFijRQqqB2AAArzj9l34T654C8JXfjT4hsJvGXi+6/tLxLcMOY3Yfu7YeiRKdoHQEtjjFen14PD2ExFR1M1xkXGtiLWi96dJX9nT8nZ89TvUm19hHuZ/isPTVPK8JJSo0L3ktqlV29pU81dclP/AKdwT+2wooor6Y+bCiiigAooooAKKKKACvOP2sfj5Yfs1fAfXfipLbi5v7eAW2g6ftLNe6hKdlvCFHLZcgkDnarHtXo9fL2u5/a7/bxtfDC/v/AvwLZL7Uu8V/4mlU+TH6N9mQFuOVkDKRhq8/Ma9SlQUKX8Sb5Y+Te8vSKvJ+iXU8vNsTVoYZU6D/e1HyQ8m95ekI3k/RLqej/sU/AO/wD2fPgRY6B4ruDdeKtbuJda8aag7BnutUuTvmLMPvbfljB7iPPc161RRXVh6FPC0I0ae0VZf13erfm2dmFw1LB4aFCkvdikl8u/m9W31bbCiiitjoCiiigAooooAKKKKACvGf2D/wDkiGuf9lm+I/8A6mut17NXjP7B/wDyRDXP+yzfEf8A9TXW6APZqKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigDxnwP/AMpC/ih/2RnwH/6dvF9epeIP+Qtof/YVf/0kuK8t8D/8pC/ih/2RnwH/AOnbxfXqXiD/AJC2h/8AYVf/ANJLigDUorjPi7+0J8IPgP8A2f8A8LW8Xf2V/avm/YP+JfcT+b5Wzf8A6mN9uPMTrjOeM4NcX/w8I/ZB/wCiu/8AlA1D/wCR68LGcUcM5diZYfF42lTqRteMqkIyV1dXTaaunf0PbwfDPEeYYeOIwuDq1KctpRpylF2dnZpNOzVvU9norxj/AIeEfsg/9Fd/8oGof/I9H/Dwj9kH/orv/lA1D/5Hrl/124N/6GVD/wAG0/8A5I6v9TeL/wDoX1//AAVP/wCRPZ6K8Y/4eEfsg/8ARXf/ACgah/8AI9bXw9/bG/Zw+KvjCz8BeAviN9v1a/8AM+yWn9kXkW/ZG0jfNJCqjCIx5I6Y64Fa0OL+E8TWjRo4+jKcmkkqsG23okkndtvRIyrcJ8U4ajKrVwNaMIptt05pJLVttqySW7PTaKK5X46Xvxd034LeLdS+ANlo9z45tvDl7N4PtfEEEktjcaksDtbRXCxSxOYmlCK211IDEg8V9EfPnVUV8Oal/wAFgrRf+CI8H/BUTR/CtjN4svvBsUFj4QMMpifxlJcDTf7M8oOJmjXU8oUDCTykJyD8w8w/4Lm/sJ/Db46f8EwfHH7XX7XXhL+0vjF4J+BKqBoXiXVLXQtN1WJGmmmttPF20L4nmlCvP5z7FjBY7QaAP0yorz39kj/k1L4Y/wDZPdF/9IYaT9p39l/4V/te/DA/Bv40jW5fDc+ow3Wo6fofiO70tr9YskW801pJHK0LE5aMOA20A8cUAeh0V+Vmrfs1fAL9jj/gtL8AfgX/AMEr9CvPCmr3Wm6xqf7R3hDw5rV3NoqeF/soWzudTglleOK6a5YCBgBIzMpbKlCf1ToAy/B//IJm/wCwrff+lctalZfg/wD5BM3/AGFb7/0rlrUoAKKKKACiiigAooooAKKKKACiiigDN8WeDvCPj3QZ/C3jnwvp2s6ZdLtudO1WyS4glHoySAqfxFfOmu/8E0fD3gLV5/Gf7Fvxp8TfB/WJpDLLp+lXBvtEupPWawuCUPoNpCqOi19O0V24XMcbgk1Rm0nut4v1i7xfzXzOHF5bgcc060E5LaSupL0kmpL5O3kfK/8Aw1B+2/8As1/6L+1d+zMPGmgwcP48+EZa5ZUH8c+nSkSrxy7qQg5wDXr3wF/a/wD2bv2mLTzfg18WdL1W6VS0+kPIYL6DHXfbShZVAORu27eOCa9KryD49fsJfsv/ALRl5/b/AI++Glvba+jB7fxVoMhsNThkH3XE8OGcjsJN4HpXZ9ZyrGfx6TpS/mp6x+dOT/8ASJL0OP6rm+C/3eqqsf5amkvlUiv/AEuD9T1+ivlb/hT/APwUW/Zj/e/BD40af8ZPDUH3fC3xIYW2sJGP4IdRTCyuePmmwo7LWt4J/wCCm/wdg8Qw/D39prwf4g+DniiU7VsfHNmY7G4bu0F8o8mSMf322A9qmWTYipFzwklWj/c+JesHaa+SkvMcc7w1OShjIujJ/wA/wv0qK8H83F+R9J0VX0rVtK13TYdZ0PU7e8s7mMSW91aTLJHKh6MrKSGB9RVivJaadmewmmroKKKKQzxv9pD4c+KfDmv2f7TnwcsTJ4l8PQGPWdLj4GuaZ1kgYDrIoG5DyeMYJCgej/DT4jeFviz4H074geDb8XGn6lAJIicbo26NG47OrAqR6g1u18C/tEfG74ofsk/tJ+JfCfwSvX0bQ7+7ttTl0q4s45ra5mkhRpXiDoTGjMWUhCOUIyMAD834nzrC+HmIeb1FJ4XESUakIq7jVa92rFaL31Hlqq6u1CavLmUv0PhrJ8Vx9h1lVNpYmhFypzk7KVJP3qUnq/dcuam7OycoO0bNffVFeG6H+2s/9i2d54z/AGbfibp801rHJPNB4UaW13FQTscPkrnplQcYyKtD9vj9nS0OPEmq65ox7jVPDV2mPrtjavfhxtwnKClLGQhez9/mp766+0pw79/meHPgzimMnGOElO2nucs9u3JOf5fI9oory7Sv21P2WdYx9k+NOkpnp9q8yD/0ai4rnP2iv29fg98HPhwfEHw/1mx8c+I9QmFn4c8NeHdQjuJLq7fhPNaMnyIR1aR8ADgZJAPrYDOskzStGlhcXSnKTsrVaf61F9/RHk4/J85yyjKrisLVhGKu70qn6QfyXVmp+1z+1toX7NHh6w0bQ9Bl8T+PfE8xs/BHgqwObjUrk8b2xzHAhOXkPAHA5rE/ZE/ZJ134aazqP7Q/7Q+vQ+J/i74qiH9t6wBmDSLc8rp1kD/q4U4BIwXIyeMVR/Y1/ZmvfDmv3/7TX7QHjDT/ABb8W/E8AGo6haTrLa6DanldOsQCQkag4Zhy5zyRkt9E19VXxeGwuHeFwU1JS+Oovt/3Yv8A59p/ObV37vLE+Vw+DxOLxKxeOg48v8Om/sf3pLrUa+UE+Ve9zSCuR+NfwJ+FP7Q/gif4ffF3wfbavp0vzReaNsttJjAlhkHzROP7ykdwcgkHrqK8WpTp1qbhUScXunqmerVpUq9J06sVKL0aaumvNM+UF8T/ALS//BPpha/EB9W+KnwegOIfEcUfm6/4Zh7C6Qf8fcCj/loOVAJO0BUP0j8Nfif8P/jF4OtPiB8MfFtlrWj3ybre+sZdyk91YdUcdCjAMp4IBrdZVZSrAEEYIPevm74lfsYeMPhh4yu/jv8AsJ+JLXwl4iuX83XPBV4p/sHxFjkh4lwLaU84kTAyf4NzPXl+yxeW60b1KX8t7zj/AIW/iX92Tuvsyex4vscdlGtC9Wj/ACN3nBf3G376X8knzL7MnpE+kqK8W/Z1/bR8IfGPX5vhL8QvDl34E+JOnLjVPBOvMFlfAyZbWThbqIgEhl5wM424Y+016GHxNDF0vaUpXX5Pqmt011TSaPVwmMw2Oo+1oS5l+KfVNOzTXVNJrsFeC6Vj9qb9opvET/vvAvw0vTFpw6xaprYHzS+jJAMAH+9ggkMRXRftUfEvxHoujad8HfhjNnxj43nax0tkPNjb4/f3jY5UImcHrk5GdpFdt8KPhp4c+D/w90v4c+FYdtpplsIxIRhppDy8rf7TMSx9z6V8xjv+F/Oll61oYdxnW7SqfFSpeajpVqLypRe7R9pgf+EHJnj3pXrqUKXeNP4atXyctaVN+dWS2TOiooor64+UCiiigAooooAKKKKACiiqmv67o/hbQr3xN4h1GKz0/TrSS6vrudsJBDGpd3Y9gFBJ9hSbSV2JtRTb2R59+158foP2bPgNrPxJgt/tWrFFsfDWnBdzXupTnZbxKo5b5juIHO1GxVb9jH4A3H7OnwG0zwfr9z9q8SajLJq3jDUXfc93qlyd87s38W04jDd1jB6mvmnwB+1h8Hf+Cg37f3hHw/puq3Nt4V8Aaddar4b0vVrfy313W1OBOEBYbIYQZYwxDgox2gFgPuuvGwFejmmLnjKclKELwhb5Ocvm7RX91dmfPZXicPnOOqY+lJSpwvThbXs6kvm7RX92Lez1KKKK9o+iCiiigAooooAKKKKACiiigArxn9g//kiGuf8AZZviP/6mut17NXjP7B//ACRDXP8Ass3xH/8AU11ugD2aiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiivkL/got+1J+3h+yl8RPh74y+FGh/CO4+FXiD4leEfCevf8JDFqlx4hkl1bV47KdrdIZIbaFY45VZHdpSWzmPAGQD69or5U/b8/4KB6l+zl8UvCv7N/wy8YfDTwz4n8Q+Hr7xLr3jj4waybPw74T0K1nt7Y3VwFlha5mnurqGCGBZogSJGaRQgDexfsm+NfiX8Rfgrp/jX4ofE/4beNLrUJpZdO8U/CZZl0XUbPOI5YhNcXJDZDBts0i5HDdQADC8D/APKQv4of9kZ8B/8Ap28X16l4g/5C2h/9hV//AEkuK8t8D/8AKQv4of8AZGfAf/p28X16l4g/5C2h/wDYVf8A9JLigDUooooAKKKKACiiigAooooA/KrR/wDglj+2Ha/8FN4vhLc+ArQfsgab8fJ/jrYat/blp5jeIpNOXZpAsxL56QR6o0l0B5Xkle4bFe+/8FsrL9t74yfsr+N/2PP2Tf2FdT+JcPxI8B3enXPjC1+IWiaTBolzIxRY5LfULiKSf5QH3J8vzYzkV9sUUAfOP/BPr4g/td6j+zzH4I/aP/Ye1P4V6v4I8M6bpmh2upePtH1ceInhtDG7o2nzSLbAPEgxKQf3oIztNc78f/jp/wAFVLv/AIJuJ8SfgB+w7pth+0drkX2U/Di98eaXd23hlnmlQ3jXkk0Vre+XCscqxhwC8qg5COD9YUUAfnb/AMEuPCH7WP7Jj2vw78Vf8Eo/iJb614815L/4wfHfxj8XfCeoahrF++fM1C7jtb+Sdoo8sIrWEMIkO1QWLs36JUUUAZfg/wD5BM3/AGFb7/0rlrUrL8H/APIJm/7Ct9/6Vy1qUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABWT428BeB/iV4em8JfEPwfpmu6XcDE+n6vYx3EL+5SQEZ9+1a1FVGUoSUouzXVaEyhGcXGSun0eq+5ny/qv8AwTZh+GOpTeK/2H/jz4l+E+oSSGWTQopjqWg3L9T5llcEhSem4NhQflWq/wDw1t+2N+zd/on7YX7LsniDRYOJPiB8JC17AEH/AC0nsZMTQgDlnyF67VNfVFFess4qVly42CrLu9J/KcbS/wDAudHjvJadB82BqSovtHWHzpyvH/wHkZ578Cv2rv2d/wBpbTP7R+CfxZ0nXHWPfPYRT+XeQD1kt5AssY7ZZQD2Jr0KvGfjr+wH+y7+0Bqf/CVeKPh8ukeJUk8238XeFZzp2pwy9pPOhx5jDt5gcD0rzz/hXH/BST9mEeb8LPifpXxw8MQfd8PeOWGn67HGP4Ir9f3c7erzevC0/qeW4v8A3WtyS/lqWX3VF7r/AO3lD1F9dzTB6Yqjzx/npXf30376/wC3XP0PqmsnxB4B8C+LNQtdW8U+C9J1O6sW3WVzqGmxTSW5znKM6koc88YrwjwB/wAFNfgXfeI4vh1+0BomufCHxY/H9j/ECxNrBMehaG8/1MkeSMOxTd2FfRFhf2OqWUWpaZexXNvPGHguIJA6SKRkMrDgg+orzMfldailTxlHR6rmSlF21TTtKLtumm7b6M9PL81oYhupg62q0fK3GSvo01eMo32aaV9tSWggMNrDIPUGivK/2r/2rfBf7K/geDV9U0+41vxJrVx9i8H+ENMG691q9bAWKNQCQgLLvfBCgjgsyqxh8PWxdaNGlG8paJf106tvRK7bSQ8TiaGEoSrVpcsY6t/1u3skrttpJNsxP2yPjj8Ff2d/B1tceIPhpp/ivxZ4huPsXg3wbb6bFNea1eNgKiqVYrGCyl5MEKCAMsyqeN/ZY/4J/wCk6PpGp/E39qnQ9I1zxr4slFzf6LZW6xaT4fjP3bO0gjwgKjAaXlmI+8eWfa/ZN/ZS8aaR4yuv2sf2r9Qt9b+LGv2+yOKM7rPwrZHO3T7MZIUgEh5ASWJYAnLvJ9D1WZ5dkCoPCLD0qrfxzlTpyu19mDlBtQT3as5vXSNk88sx+fSrrGTr1aSX8Omqk48qf2pqM0nNraLuoLTWTk15DqP7Bv7KGov5zfCWG3kByslnqd3CVPsElA/Sqv8Awwx8KrP/AJFnxv450TH3f7K8Wzpt+m/dXtFFfIy4M4SlLmWBpJ94wUH98HB/ifXR4w4qjHl+u1Wu0puS+6amvwPF/wDhkzxlpn/IsftcfEuHH3RqerR3gH/faDNH/Cj/ANrHSjnQv2y3nQdINV8EWkmfq4bdXtFFL/U/I4/wlUh/gr14/wDuaRX+tudS/iunP/HQoS/9xI8X/wCEb/b10n/kH/Er4davjp/auj3Vvu+vknij/hKv28dJ/wCQh8Kvh/q+Ov8AZWuXFvn6ecOK9ooo/wBWHD+DjsTH/uNzL7p05fmH+sin/FwWGl/3C5X98KkfyPlD9orwb8Tv2h9Ah0z4w/sN3yahpzeZonirwt46tBqOlzA5ElvIF3rggHacqSASMgEcL4b/AG6f2rv2SvB97o37WvwP8S67pFpH5WgeP5NN8klzhYotR2bkBJIHmq25sDh2JYfdNUfEnhrw/wCMdAvPCvivRrbUdN1C3aC9sbyESRTRsMFWU8EVyS4ZzalVnXoZlU53Fr3oUXd2aXM4whez2bi2vNaHiZhLKsXWjicNgqdCunFuUJVXGaTXu1KcptTi1pdShON/cmtj5K/YE+PR/aL/AGhPFPj/AMcadDca9c+HYm0i8smJtLKxjkVHgiUliu55EfO45w3TJz9h18m6j+xv8SP2NfFd78Y/2BrO2vdNu0U+JPhZrdyWjvo1yc2V1IS8EvJIRmKknuAqV7D+zf8Atb/Cr9paxurPw1NdaT4l0k+X4h8G67D9n1LS5QcMJIm5ZQeN65HIBwcqM+C8Fjcgy7+zszq8+Ic6k+dq3tOeXNfm2lJL4tpaJcvKla8/4twnEGdpvDfVZckIRp83NTfJGz9jJ293qoO043fMpNuT9Rooor7Y4gooooAKKKKACiivOf2jf2o/hV+zH4Zh1nx9qM1xqWoSeToPhvS4vP1DVpyQFighHLZJALHCgkAnJAOVatSw9J1KslGK3b/r+uiZjiMRQwtGVWtJRit29v67LVt6JN6HbeK/FnhjwJ4cvPF/jPX7TS9L0+AzXuoX86xRQoOrMzHA/wAivlnXfHHxq/4KPx3ngb4Mi98E/Be6WS01zxxe2m3UPFEByksFhDIP3cDDKtKw5Bx2aM6XhT9mj4w/te+I7P4uftywrp3h61nFz4Y+DllcFrW2/uTak4x9pmx/yz+6OQQAzR19QWdnaadaRafp9rHBBBGscEEKBUjRRgKoHAAAAAHSvMcMTmq99OnRfTac159YRfb4mt3FOx4zhi86X7xOlh39nadRf3usIP8Al+OS+JwTsfJX7H//AAST+H37KHxx/wCF3H4p3/iO5sI508PWc2mLbCyEqNEzSMsjee/lOyghUHzE7emPrmiiuzA5fg8to+yw0OWN27a7v1ud+W5Xl+UYf2GDpqEbt2V9311bf/A0Ciiiuw9AKKKKACiiigAooooAKKKKACvGf2D/APkiGuf9lm+I/wD6mut17NXjP7B//JENc/7LN8R//U11ugD2aiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACvgz/gt18XNXj8O/Dj4L+Df2dfjF4z1XTPi74G8a3954B+Ems65YQaXYa/HPdBrqyt5IluEitpH+zlvMKtGduJFz950UAfnL+034Q0Hxd+3t8Cv+CtWufshfEfxv4CtvhprfhPVPDsnwtvZ/EPhS/a8E1lqcuhyxfbSrL9thJSFnjE0b42uGHr//AASJ+Enjn4feFPjL8QtW+DuqfDfwl8SfjZqfif4dfD7W7BbO70nSpbSzgaWW0B/0Frm5gubn7MQCgmBYBnYD67ooA+ePgF8MfDfwu/b9+L+n+GtS8Q3Meo/CvwPfXDeIvF2o6w6Svqvi4FYnv55mgi+UYhjKxKclUBY59z8Qf8hbQ/8AsKv/AOklxXlvgf8A5SF/FD/sjPgP/wBO3i+vUvEH/IW0P/sKv/6SXFAGpRXnH7QX/DXf/Eo/4ZW/4Vv/AMvH9vf8LB+3/wDTPyPs/wBj/wC22/f/ALGO9eb/APG3b/q3D/yv1w1sd7Go4eyqSt1jC6+T5l+R5uIzL6vWdP2FWVusYXT9Hzr8tz6Por5w/wCNu3/VuH/lfo/427f9W4f+V+sv7T/6cVf/AAD/AO3MP7Y/6hq3/gv/AO6H0fRXzh/xt2/6tw/8r9dJ8I/+HjH/AAsLT/8AhfH/AApT/hFP3v8Aav8AwiP9r/2j/qn8ryvtH7v/AFvl7t38G7HOKqGY881H2NRX6uFkvV870NKea+0qKH1esru13Tsl5t87su7sz2uiiuV+Onwc8FftD/Bbxb8BviPYfadA8Z+HL3RdYhAGWtrmB4ZNuejBXJB7EA9q9E9U6qvlz/goH/wVe+En/BOqacfEr9nP41+M7aw8MjX9Z1b4bfD1tR07SrDzZYjJdX0ssNtAwMLko8gbaVOPmXPwXN+1h8ZvEv8AwRW03/gl/L4iZPj9f/Fb/hmLUZVyXiWGbyp9UK53tb/2EokM2cFpN249/sf/AIK8/DDwd8Ev+CFfxk+DXw70sWWgeE/gjLo+iWa/8sbS2tkhiT3wiKKAPrf4deN9J+Jvw+0L4kaDb3ENj4h0a11Kyiu0VZUiniWVFcKzAMFcAgEjOcE9axP2gvjTbfs+fCjUvitdfDPxn4xXT5IEXw78P/Dsmq6tdtLMkSiG2QgsAXDMxIVEVnYhVJqj+yR/yal8Mf8Asnui/wDpDDXoLBipCtg44OOlAHyv8Jf+CtXwh8cfHTwz+zr8Yv2c/jN8F/E3jh5ovAyfF3wTHYWniCeKMySW1tdWtzcw+eIxu8qR0Y5AALMAfqmvyx/ac+GH7VH7PH7df7LPxh/4KVftQ2Hxu8B3XxitfC/w+07wf4Og8J/8I/4x1K2njsdRurQPdPqUIEcicXUXkMwfZICyn9TqAMvwf/yCZv8AsK33/pXLWpWX4P8A+QTN/wBhW+/9K5a1KACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigDE+IHw1+HvxX8OS+EPib4I0rX9Lm/1lhq9hHcRE/3grggMOzDkdjXzvff8E4tV+EN7L4k/YV/aH8R/DGdpDK3ha7lOq6BcMTkg2twSYi3ILqzFQflUV9R0V3YXMsbg4uNKfuveLtKL9YyvF/cn5nBi8swOOkp1Ye8tpK8ZL0lFqS9LteR+f37Wf8AwUw/bp/Yk8L2HhT41/s6+CZfEerSyDQ/F+maxNPpGoRw7PO/0TKTxuPMj4aRAd+QMDFdN/wSjktv2um8Qft9fGmaTWfH7a9caFpyzW+yx8PWkcUUgh0+Ms2wMtxhpCd5ywzku0n1L8d/2cvgn+014QTwJ8c/h/a+INMiuBPBDPLJFJDIBjdHLEySRnBIO1hkcHIrT+FPwk+G/wADvAtl8NPhP4RtdD0PT1ItbC0BwCTlmZmJZ2J5LMSx7k17dbOsreSOjh8P7PETdpSjonG92ldtpPS8VZabtPlPCo5Hmqz1V8Rifa4aCvCEtZKdrJu0Um462k7vXZNcx0dFFFfLH1gUUUUAFFFFABRRRQAUUUUAFeQftIfsbfD74/X9r490rVLzwj4+0kZ0Lx34ebyr22YDhJcEC4i7GN+xYAruOfX6KxxGHoYqk6dWN0/6uuqa6NNNdGc+KwmGxtF0q8VKL/Po09010aaa6M+ZfA/7YXxH+Animz+DH7fWi2ujXN1KIPD/AMTtNQjRNbPYTHAFnORyVbCdThF27vpiGaG5hS4t5lkjkUNHIjAqykZBBHUVl+OPAng34l+FbzwR8QPDNlrGkahF5d5p9/AJI5F9wehB5BHIIBBBFfNE/wAL/wBo/wDYGnfWf2fI9R+JHwpRi958O725MmraDHnLNp0rZM8Y/wCeDZPGBks0g87nxeW/xL1KX8284/4kvjX95LmXVS3PJ9pjso0q3rUf5t6kF/eS+OK/miudfajLc+raK4f4C/tF/CL9pXwaPGvwl8VR38KMI7+ykHl3VhL3inhPzRuMHrwcZUkc13FenSq0q9NVKck4vZrVM9mjXo4mkqtKSlF6pp3T+YUVT8Q+ItA8I6Hd+J/FOtWunadYwNNe317OsUMEajJd3YgKB6mvl3U/jD8dv2+NRn8G/sv3194J+FyTNBrXxSuLdo73WFB2vDpcbYKKeQZzgjnG0rtfnxeNp4VqFnKcvhit3/kl1k7Jeb0fJjsxo4Jxgk51JfDCPxPz7KK6ylaK7t2T6747/tmapb+OJf2dP2TvCkXjj4kMNt6BIf7L8OLnBmv5l4BU/wDLIHcSMHBKq2j+zl+xnpfwv8TTfG34y+K5fHnxQ1KP/iYeLNTjGyyUg/6PYxfdt4gCVG0BiCfug7B3XwI/Z8+FH7N3gaLwB8JfDEen2gPmXdwx33F9NjmaeU/NI59TwOgAAAHa1hRwVSrVVfGNSktYxXww9P5pf33/ANuqK35sPl1atWWJx7UprWMV8EPS/wAUu85K/wDKorcooor0z2QooooAKKKKACiiigAooooAKKKKACiiigArxn9g/wD5Ihrn/ZZviP8A+prrdezV4z+wf/yRDXP+yzfEf/1NdboA9mooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAPGfA/wDykL+KH/ZGfAf/AKdvF9epeIP+Qtof/YVf/wBJLivLfA//ACkL+KH/AGRnwH/6dvF9eoeKWNrJpurOjGGy1DzLgqpJVGhlj3YHYGQE+gyaANaisoeOfBJGf+Ew0sfW/jH/ALNS/wDCc+Cf+hw0r/wYR/8AxVAGpRWX/wAJz4J/6HDSv/BhH/8AFUf8Jz4J/wChw0r/AMGEf/xVAGpRWX/wnPgn/ocNK/8ABhH/APFUf8Jz4J/6HDSv/BhH/wDFUAalFZf/AAnPgn/ocNK/8GEf/wAVR/wnPgn/AKHDSv8AwYR//FUAfOVn/wAEjv2VrH/gpRN/wVJhv/FJ8fS2bougtqcH9hRXj2Cae+pJbeR5gu2tEEJk83aQSduTmrf/AAUD/wCCZ3hv/golo7+D/iF+1v8AGrwR4YvNBk0nXPCPw48TWFnpuswu5ZmuormxuDI+DtyGUbQBjvX0F/wnPgn/AKHDSv8AwYR//FUf8Jz4J/6HDSv/AAYR/wDxVAHj37H/AOwyv7IPw61n4Y237Wvxk+Imn6nY29np0nxL8S2d7NoUEMLxLHYtbWduIQVYZ3B+Y0xjBzVX/gn54f8A+GPfD37H7/tT/G4p4ZuVuLD4lx/EN4vFssyzSyh59QjiUTD980ZRoyjRqqspxXtf/Cc+Cf8AocNK/wDBhH/8VR/wnPgn/ocNK/8ABhH/APFUAfMfwq/4JC/Bfwf8cvDX7RPxs/aI+M3xt8S+CJnuPA7fGHxvHqFn4funXYbq2tLW3toBPt4EsiO4wrAhlVh9YVl/8Jz4J/6HDSv/AAYR/wDxVIfHXgsD5fFumueyx3qMx+gByfwoAXwf/wAgmb/sK33/AKVy1qVmeEIpo9DEk8LRme6uLhUdcMFkneRcg9DhhxWnQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAeD/Hr9iex8XeMj8ef2d/F8nw8+JkKk/27p0Q+yauOvk39vjbOjYAL4LDgnftArzTX/wDgq1a/s3xv8O/20Pgn4g0Tx1ZqhMHheGG6sdVgbcFvbaSWZNsTMjAqSSp4ySGC/YdfMn7eH/BNDwd+234m0bx2/wARrrwxrelWIsJbtNNF5Fc2gkeRYzGZI9rK8khDBv4yCDxjwMzweOw9KVfKtKresdOWV93Z2Sku6av1voz5fOcBmeEozxOSWVZvWDtySvvLldkpre6cebXmvoznPhN8NPHP/BSCz0r9oP8AaT1qC3+Gks5ufCHwu0S/LwXPlyMon1KZcec4ZSPKGApGCF+dW+t9M0zTdF06DR9H0+C0tLWFYra1tohHHDGowqKqgBVAAAA4ArlP2fvgl4T/AGcvg5oXwV8ES3Emm6FatHFNdMDJM7yPLLI2OAWkkdsDgbsDgV2Vd+XYN4agpVNaskueV7tu2qv2TvZKyS2XV+nlOAeDwynW1rTSdSTd25W1V/5U7qKSUUtl1ZRRRXoHqhRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAV4z+wf/yRDXP+yzfEf/1Ndbr2avGf2D/+SIa5/wBlm+I//qa63QB7NRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAeM+B/+UhfxQ/7Iz4D/wDTt4vr2avMfib+yD8Fviz8SJfi54km8a6f4guNDtNIu77wj8UfEGgC5s7aa6mt45YtMvreOUxyXt0Vd1LDzmGcYAx/+GD/AII/9Dx8Zv8AxI7xr/8ALegD2aivGf8Ahg/4I/8AQ8fGb/xI7xr/APLeuR/aA/YC0bUvgP42074EfEv4w2Xji48I6lH4MvJ/2jvGWyDVWtZBaSN5mqsmFnMZO5WXA5BGRQB9KUV4z/wwf8Ef+h4+M3/iR3jX/wCW9H/DB/wR/wCh4+M3/iR3jX/5b0AezUV4z/wwf8Ef+h4+M3/iR3jX/wCW9H/DB/wR/wCh4+M3/iR3jX/5b0AezUV4z/wwf8Ef+h4+M3/iR3jX/wCW9H/DB/wR/wCh4+M3/iR3jX/5b0AezUV4z/wwf8Ef+h4+M3/iR3jX/wCW9H/DB/wR/wCh4+M3/iR3jX/5b0AezUV4z/wwf8Ef+h4+M3/iR3jX/wCW9cjrP7AWjSfHjw3qOj/Ev4wp4Hi8I63H4isz+0d4y3y6q91pR06QZ1XfhYE1QHawXMi7gx2FQD6Uorxn/hg/4I/9Dx8Zv/EjvGv/AMt6P+GD/gj/ANDx8Zv/ABI7xr/8t6APZqK8Z/4YP+CP/Q8fGb/xI7xr/wDLej/hg/4I/wDQ8fGb/wASO8a//LegD2aivGf+GD/gj/0PHxm/8SO8a/8Ay3o/4YP+CP8A0PHxm/8AEjvGv/y3oA9morxn/hg/4I/9Dx8Zv/EjvGv/AMt6P+GD/gj/ANDx8Zv/ABI7xr/8t6APZqK8Z/4YP+CP/Q8fGb/xI7xr/wDLeuR+Cf7AWjWHg29g+MvxL+MN3q7eLvEElnLD+0d4ywulPrF4+lx/u9VUZTT2tEORuyp3FmyxAPpSivGf+GD/AII/9Dx8Zv8AxI7xr/8ALej/AIYP+CP/AEPHxm/8SO8a/wDy3oA9morxn/hg/wCCP/Q8fGb/AMSO8a//AC3o/wCGD/gj/wBDx8Zv/EjvGv8A8t6APZqK8Z/4YP8Agj/0PHxm/wDEjvGv/wAt6P8Ahg/4I/8AQ8fGb/xI7xr/APLegD2aivGf+GD/AII/9Dx8Zv8AxI7xr/8ALej/AIYP+CP/AEPHxm/8SO8a/wDy3oA9mor5r+JH7AWjXXjL4fz/AA7+Jfxhg0i28XTSePIpP2jvGWbnSjo+pJHGu7VScjUH05/kKtiM87dyt13/AAwf8Ef+h4+M3/iR3jX/AOW9AHs1FeM/8MH/AAR/6Hj4zf8AiR3jX/5b0f8ADB/wR/6Hj4zf+JHeNf8A5b0AezUV4z/wwf8ABH/oePjN/wCJHeNf/lvR/wAMH/BH/oePjN/4kd41/wDlvQB7NRXjP/DB/wAEf+h4+M3/AIkd41/+W9H/AAwf8Ef+h4+M3/iR3jX/AOW9AHs1FeM/8MH/AAR/6Hj4zf8AiR3jX/5b0f8ADB/wR/6Hj4zf+JHeNf8A5b0AezUV81/Df9gLRrXxl8QJ/iJ8S/jDPpFz4uhk8BxR/tHeMs22lDR9NSSNtuqg5OoJqL/OWbEg527VXrv+GD/gj/0PHxm/8SO8a/8Ay3oA9morxn/hg/4I/wDQ8fGb/wASO8a//Lej/hg/4I/9Dx8Zv/EjvGv/AMt6APZqK8Z/4YP+CP8A0PHxm/8AEjvGv/y3o/4YP+CP/Q8fGb/xI7xr/wDLegD2aivGf+GD/gj/ANDx8Zv/ABI7xr/8t6P+GD/gj/0PHxm/8SO8a/8Ay3oA9morxn/hg/4I/wDQ8fGb/wASO8a//LeuR/aA/YC0bUvgP42074EfEv4w2Xji48I6lH4MvJ/2jvGWyDVWtZBaSN5mqsmFnMZO5WXA5BGRQB9KUV4z/wAMH/BH/oePjN/4kd41/wDlvR/wwf8ABH/oePjN/wCJHeNf/lvQB7NRXjP/AAwf8Ef+h4+M3/iR3jX/AOW9H/DB/wAEf+h4+M3/AIkd41/+W9AHs1FeM/8ADB/wR/6Hj4zf+JHeNf8A5b0f8MH/AAR/6Hj4zf8AiR3jX/5b0AezUV4z/wAMH/BH/oePjN/4kd41/wDlvR/wwf8ABH/oePjN/wCJHeNf/lvQB7NRXjP/AAwf8Ef+h4+M3/iR3jX/AOW9cjo37AWjR/HjxJqOsfEv4wv4Hl8I6JH4dsx+0d4y3xaql1qp1GQ41XfhoH0sDcxXMbbQp3lgD6Uorxn/AIYP+CP/AEPHxm/8SO8a/wDy3o/4YP8Agj/0PHxm/wDEjvGv/wAt6APZqK8Z/wCGD/gj/wBDx8Zv/EjvGv8A8t6P+GD/AII/9Dx8Zv8AxI7xr/8ALegD2aivGf8Ahg/4I/8AQ8fGb/xI7xr/APLej/hg/wCCP/Q8fGb/AMSO8a//AC3oA9morxn/AIYP+CP/AEPHxm/8SO8a/wDy3o/4YP8Agj/0PHxm/wDEjvGv/wAt6APZqK8Z/wCGD/gj/wBDx8Zv/EjvGv8A8t65H9n/APYC0bTfgP4J0747/Ev4w3vji38I6bH4zvIP2jvGWyfVVtYxdyL5eqqmGnEhG1VXB4AGBQB9KUV4z/wwf8Ef+h4+M3/iR3jX/wCW9H/DB/wR/wCh4+M3/iR3jX/5b0AezUV4z/wwf8Ef+h4+M3/iR3jX/wCW9H/DB/wR/wCh4+M3/iR3jX/5b0AezV4z+wf/AMkQ1z/ss3xH/wDU11uj/hg/4I/9Dx8Zv/EjvGv/AMt6774N/BvwB8A/AEHwy+GVhf2+k29/fXoGqa5ealcy3N5eTXt1NLdXsss8zyXFxNIWkdjl8DAAAAOoooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACvy0i/Zk+Gv7cXwj/bD/bB+OAvbj4m+D/ih440D4XeM49VnhvPAVr4cjNvpx0xkcCzPn27XchQDzmnbzN6nFfqXXxx8YP+CWfxM8U638V/CfwO/bNv/h98Mvjrqk2o/FHwVB4Kgv71rq6to7XUpdK1F50OnG8hiUSb4bnbIzyR+WzcAHu37D/xb8T/AB//AGLPhB8d/GqqNZ8bfC7w/r2rhIwgF1eadBcS4UcKN8jcdq+I/wDgoF+x9+yp8EPHfw4+HX7Dfw2k0j9qfxv8SNL1fwt4p0bWLubWLTS7fU4Z9a1TVrmSV5JNLFp9pgeKctHI9xHFGhbAX7msPgr458G+Ovh5bfCT4sxeGvhn4J8L3ej6l8NYfDUFwmr/ALq3i0+Rb52860FokMgEaAiXzvnI2DPzF8FP+Can7fHwM+Onj39oLRP+Chfw71zxN8RddF1r2v8Air9nm5u9STTo2/0bSIJ08RRpBaQISscccSruZpGDOxNAHV/8FNf2cf2YfE1lF8c/il/wTG8Q/tGeJV0ptLtbXwxHZS3emW8QlmRlF5fW/kZeVwJLVZLjcw+U7Vx8tfDnUdd+Of7E37Bn7HXxA+PF5448L/Fzxtqdv8SNattUvlfVtO0fTdX1EeHrma4WK5dI57W3spxKsckn2F1dRudT92/Hr4Lftz+M/Htzrf7Pf7ceheBfD13YRwtoOtfCCHXJrOZQQ09tc/brbazZB2zRzqCOBg4rz64/4JO+BPDn7I/w5/Z1+D/xn8QeH/FPwn8ZN4x8FfE2+tIL++XxBNPdzXt1dwERx3MN0b+9Sa3BjUpPtUoUQgA5r9jLwJ4W/ZD/AOCn/wAW/wBiX4G6Z/ZHwx1H4ReGfH+ieELWVzYeHNSn1DVNNvI7OIki3juFs7eZolwgdWZQNzZ+168I/ZK/Y38VfAz4leO/2iPjn8bv+FjfE74iJp1prXiO38Npo9jZaZYJKLPT7KyE05giVri4lYtNI8kkzMzcKB7vQAUUUUAfMH/BZn4r/EP4Nf8ABNj4keLPhT4ru9B16/8A7H8P2eu6fJsuNNXVtYsdLluonHMckcV5I6uOVZQwIIzXkUv7NPwY/wCCcn/BSX9mjwp+x94R/wCEP0L4u2vivwx8RNCsb2Z7fXPsOjNqlnqVykjsJL2KW0kQ3R/eut26uzAgV9e/tT/s3/Dz9r39njxd+zT8VRdroXjDR5LG8uNPm8u5tWJDxXMLkELNFKscqMQQHjUkEcV5F8Ef2D/jRpv7Q/hj9pX9sH9rgfFjXPh94bvtH+HlvY+BIdAttN+2iJLzULlI7mc3d9LFBHF5gMUSI0gSFTISAD2X9oD9nP4O/tSeAR8Lfjr4UfXfDrX8V3caQdRuLeG6ePOxJhBIhmiycmJyY2wNykDFfH//AATO8DfDKz/bk+N+rfsM6AdC/Zr07w9pnhxbDS7iQaBqvja2ubr+0rvR4ixSOKG3a2tZ5IAscs8ZxvMTNXrX7SX7Gf7Yn7QX7Ivjb9m2D/goPNoeu+L/ABffXEXjm1+HMKS6d4anuWdNBSG1vLdjsgK2xvRKkzoGb5WbK7H7Iv7L37Uv7OXgYfCLxV+0X8OLvwdpPhb+yfBeh/D34KSeHToUqhVimDT6xfJOqKG/dtGNzHcznkMAfGXxw+Bn7Pn7Lv7ePwI8K/s3fsX+Iv2fXi+NOn2Wp/Hmd0j0jxlZvBKG0AyWd1czXcmoOyQodTS3AdCVcybFe/8AtjfsJ+JtE/bY+Pn7bnxd/wCCVHw1/aM8C61pfh650t/EHimzj1zTbTTNJ8u++w2VxZTJO7tkiN57cuYABu3LX0dqv/BPr9qD44eL/A7/ALaP7dNn468I+AfGen+K9N8LeFfhXB4efVdUsJRNYyahc/bbozRxTBZTFBHbq7Iu75RtO9+0d+yj+3b8bdV8WeFPBn/BRKx8H/D/AMWwtayaLa/CC2uda0qzkgWKeGz1Nr1I0Zv3jLLLayvGZOD8q4APY/2cfij8L/jf+z94I+MXwSwPB/ifwpp+p+F0FuIfLsJrdJIEMY/1ZWNlUp/CQR2rtK5T4FfBjwH+zl8FfCfwB+F2nyWvhvwV4cs9E0O3ml8yRLW2hWGPe/8AG+1AWY8sST3rq6ACiiigD4d/aQ+FXgH9tb/grnpv7Jv7Svh2PxR8NPAv7PS+M7TwRqUjHTdR1vUNbnsBd3MAIW5a3t7FliEgZY2u3YAMQa6j/gj9qut6P8PfjP8As73Gv6hqOhfBv9oXxD4N8Ey6pfSXU9voiQWV/a2hmlLSSrbjUGtkLsWEcCLn5a7n9p39i/x/8Tvjv4a/aw/Zq/aAi+GnxL8P+Grzw1d6rqPhJdd03WdEuJo7g2l1Zm4tmLRXESywyxzIyM0gYOrlap/C39hn4jfAD9lq++DXwF/amv8ARfH/AIh8ct4t8ZfFfVfCVnqNxrWpXWpR3eps1i5WCJbiFXtIwp/0eIxldzRgkA47/gpZ+zf/AMEyfDvgfxV+2J+2/wDBuDxLqA06HTdMknvbu41Ke7K+TZ2GiwrL+4vppCFj+yqkjSNuZsKWHLeD/i3+19+zB/wTP+Bf7OHxA8R/2l+1D8RvD9p4Y0OTXLgXkmnXxgMt1ql+5P79NMs8yzuSRNNEke4tcKT0v7U3/BO39qn47ftt+H/2vvA37Z3hHS7DwVo/2bwD4D8bfBybX7Lw/fyLtudViaLWbISXki5jWWSNjFGSqEZZm9T8b/sLfBz9qD4beFfD3/BQz4Z/Dv4z+I/DK3Ri1u/8Ara2aSTuu97aznuLprbckcCsPOfcYg2RkKAD8+P2edf1X/gnZ/wSX/b8u/2f/FOoy6v8OfjJ4yh8Pa/qF6bm/N3/AGPpES6lLI2TJP5rm4ZjwXycY4r2Dxp+yT8Hv+CZPx9/ZN+IP7LWm3Glan44+JS/D34oXMepTyv44tb3QdRujf6kXdvtV1Fd2EVwtw2XBd13bGK16f8Asz/8ER/2Nv2dfAfx5+Gtp8PfDk+k/HXV9Xiv10TwzHpk2k+Hb61hhXQ4pEkctFC0csqSDYA82RGpXJ1fgr/wTj+MWh/Fr4a/ED9qb9sy6+KemfBa0uU+GGif8IPBpDxXcto1iNR1OdLiX+0btLR5YkdEt0BmeTyy5BAB9ZUUUUAFeX/tu/FvxN8Af2L/AIvfHfwWqtrPgr4X6/r2kq8YcG5s9OnuIsqeGG+NeD1r1Csvxt4M8M/EbwZq/wAPfGukx3+ja9pdxp2rWE2dlzbTxtFLG2OcMjMp+tAH5jv+zL8Nv2IPg/8AseftifBH7bb/ABP8YfFDwNoPxR8aSarPNeePLbxGgt9S/tNnci8/fXC3cZcHyWgXy9ijFfpT8XPhR4I+Ofw31b4S/EmwurvQdcthb6pa2ep3FnJNFuDFPOt3SVA23B2sCQSOhNfLfwg/4JY/EvwrrXwo8IfG/wDbNv8A4gfDD4FapDqPwv8ABM/gqCxvRc2ttJa6bJquopO/9omzhlby9kNtukVJJPMZefXfiZ8CP2s/GXhH4x+HPCP7bDeH7nx0kEXww1GP4f2sr/DyMWkUM+zbNG2pPJKs06yTMhiaUKMqgyAfMH7O3wW+Bfw4/wCCutv4H/4JueBYfCngb4feANVsP2jV8MzSR6Be6zcvaPo+nmLcYpNWgC3U8sqjzI4p1SR8yBK8f/bt8ZXv7Z/x6+B/7YsfiGRfhn4H/a/8FeEfg/ZR3W2HW511jZrHiJ1BxJE00AsrRjkCK3uJl+W6Uj67/wCCfX7Cn7Uv7Dvh3w/8I739qP4ca/8AD3R4bhr/AEXRPgpd6VqurXsqsz31xqU2vXZkuJJ286WR4XaUkjK5BHG/tHf8G/X/AATb+NMPhH/hAP2XPhn4Hn0D4i6T4i1240/4fW0za9p9rOZLnSZdrx7YrlTsdzvAHJjfpQByv/BRX9gT4l/Hb/goFpf7UQ/4J+/DH9oXwbpfwSXw7H4a+InjC30zyNT/ALWluzNaiayuleQQkIN4iQ+cf3owa+nP+CdHxi+BPxy/Y58HeNf2cPhY3gTwtbw3Wkw+BJLCK1fw5d2V1LaXenNFESiGG4hlT5flYAMOGFUfjN+zx+2bf65bWP7Jn7aHhv4Y+ELbw/baZa+FdR+DkGt/2eYQyia0n+3W3lnYY1EcqTRr5QwuCQer/Y0/ZS8EfsVfs7aH+zz4E17VNYg0uW7u9R17XJVe91fULy6lu7y9nZFVd8txPK+AAFDBRwooA9RooooAK+Mf+Cj+gad+0B+2t+zF+xD8SxNefDbxxN4w8R+OPDguXit/EB0WwtPsdjdbCDNbefqHntASUkNqm4MBivs6vEv2xf2P9S/aT1LwH8T/AIZ/FubwB8Sfhfr0+qeB/GC6KmpwQi5tntbyzurN5Ixc2s8D4dFkicNHG6yKU5APHv8AgnD4f039n79tj9pz9iL4ZLNZ/DbwRJ4P8SeB/DZuXlt/D51qxu/tlja7yTDbedp/nrApCRtdPtCg4r079uT9mT/gn54+8OXf7SX7fPgfw/qvh/wJ4eme4vvGV7M+maZahjI832Uv5JmJwFk8szE7UQ5IBzvg5+wz8VfhB8O/jB4isv2qZbv44/GNmudW+L7eCrcQaVdw2Is9N+y6Q8rxfZbNFVkt5ZZDIzSmSRvMOOS/bf8A+Cdf7TP7X3ij4TavaftneHbHSPhqsWoap4R8W/CRtY0rxP4giUCLVrqC31WyB8pgZIrZi8SSHfhiq7QD598P/sfftR/tRf8ABBnxh+zvo/gfUZp/G/js6r8JfBHxK1p0vNM8FjxTa3+nadqE9x5joU06EnY5kdI2SIgsuwd7+yF4y+Cn7HHxY+JvwJg/4Jg+BP2fPijb/Ce58b6enw91G21PSvGGjWUjRNsvIbS0l8yC5ljV4JYUYC4V1LKc19NH4S/tx33wDuPBuqftmeFbb4inWlubLx1onwfEOnpZqUP2SXS7jU7gybsOGlW5jbDjbtK5blv2ff2EfiD4X/aO1f8Aa7/a1/aNi+Knjy98Et4P0ZdO8Fx6Doui6LJcpc3EEFl9ouXeSeaOJpJpZ3JWJEUKowQD4XsPgd4R+Av/AAS2+Av/AAVw8KXd7N8fdV1z4feLPG3xCbUpm1DxYviPVtPg1LSrxt+JrQw6pJGlvjZCIIzGEKZr9eq+KPh9/wAEivGHhXTfAfwD8V/tg3+v/AL4X+MbXxD4J+F03g2GK/DWVwbnTbC+1b7QxvLK0m8tkiFvG7CCJZJHCnP2vQAUUUUAFflpF+zJ8Nf24vhH+2H+2D8cBe3HxN8H/FDxxoHwu8Zx6rPDeeArXw5GbfTjpjI4FmfPt2u5CgHnNO3mb1OK/Uuvjj4wf8Es/iZ4p1v4r+E/gd+2bf8Aw++GXx11SbUfij4Kg8FQX9611dW0drqUulai86HTjeQxKJN8NztkZ5I/LZuAD3b9h/4t+J/j/wDsWfCD47+NVUaz42+F3h/XtXCRhALq806C4lwo4Ub5G47V8R/8FAv2Pv2VPgh47+HHw6/Yb+G0mkftT+N/iRper+FvFOjaxdzaxaaXb6nDPrWqatcySvJJpYtPtMDxTlo5HuI4o0LYC/c1h8FfHPg3x18PLb4SfFmLw18M/BPhe70fUvhrD4aguE1f91bxafIt87edaC0SGQCNARL53zkbBn5i+Cn/AATU/b4+Bnx08e/tBaJ/wUL+HeueJviLroute1/xV+zzc3epJp0bf6NpEE6eIo0gtIEJWOOOJV3M0jBnYmgDlP8Agoh+wB8TPjX/AMFDov2qZf8Agnf8Mf2h/B1j8DrTw3B4d+IXjG20yS21OPV727kktFnsrpHk8mWNB5nkofNx5owaofHr4T+FP+Cov/BMn4AXn7Ev7Knhq98G+HfixpOq6j8HPG1zDo1haWOjvf2d/o1yFhnSMJcI1sQkUoP3grLX1V+0H8Ev27PHXjq61f8AZ1/br0L4f+H7zTY7dtE1f4PQa7PZzDcHuba5N9b7XYFTtmjnQFfu4JFYHgf9hf4pfs0/sn+CP2Zv2I/2oj4MuPCd9c3WqeI/GfguHxI3iOW6luLm7ku4hPasskt3cPcFoZY9p+UDbxQByP8AwS38RfAvwT4v+J/7JvhP9gzw3+zt4/8ABdzpmp+MvB3hG4tbrTNWtb6KUWWp2t5bwwfao2FvNG2+GOSNoirKMivsGvAv2Qf2KvEf7P8A8S/H37RXxs+O1z8Svif8SV0628Q+Jf8AhH4tIsbTT9PSVbOwsbGOSX7PChuJ3YtLK8jyFmY4GPfaACiiigD5g/4LM/Ff4h/Br/gmx8SPFnwp8V3eg69f/wBj+H7PXdPk2XGmrq2sWOly3UTjmOSOK8kdXHKsoYEEZryKX9mn4Mf8E5P+Ckv7NHhT9j7wj/wh+hfF218V+GPiJoVjezPb659h0ZtUs9SuUkdhJexS2kiG6P711u3V2YECvr39qf8AZv8Ah5+17+zx4u/Zp+Kou10Lxho8ljeXGnzeXc2rEh4rmFyCFmilWOVGIIDxqSCOK8i+CP7B/wAaNN/aH8MftK/tg/tcD4sa58PvDd9o/wAPLex8CQ6Bbab9tESXmoXKR3M5u76WKCOLzAYokRpAkKmQkAHsv7QH7Ofwd/ak8Aj4W/HXwo+u+HWv4ru40g6jcW8N08ediTCCRDNFk5MTkxtgblIGK+I/2Gk+HPwn/ac/aP8Ai7+wf4RbTP2cPB3gK306HRtLuJBoOt+ONPe9l1G40eIkxxxR2/2a0nkhCxyzxnG8xM1e7ftJfsZ/tiftBfsi+Nv2bYP+Cg82h674v8X31xF45tfhzCkuneGp7lnTQUhtby3Y7ICtsb0SpM6Bm+Vmyu9+xp+y/wDtFfs4+Frf4R/E/wCNfwx8Q/D3SPDiaT4b8HeBvgvN4bTT1Uqo3SS6xfLLH5YdTH5almfcXPIYA/N79hP4j+Frb4JfBf8A4KZ/tqf8E7v+EgPjrxZpE2tftLa14/W58R6drOoagtvb3Y0wR/6HoqXkkVrDFDc8W4jZrbDEH6M8Ffsk/B7/AIKcftB/tY+PP2ptNuNV1HwP8ST8PfhhcS6lPE/ge1s9B066+36aUdfst1Ld38tw1wuHJjRd2xQtdj4T/wCCO3jLQ/BfhX9lbXf2yr/VP2c/BPjG017w/wDCt/BMEepPFZ341Cx0q61n7QxuLGC5SJggtkmZIURpiBmuy+NX/BOX4x638W/iV8Q/2WP2zLn4V6b8aLO2j+J+i/8ACDw6u8t1DaCx/tHTJnuIf7Ou3tEiid3S4QmGOTyw4JIB1f8AwSY+O3j79pr/AIJp/BH46fFPUJLzxJ4h+HenTa5fzD5726SMRSXLf7UrIZDjjLnHFfQ1cr8Dfgz4B/Z0+DHhT4B/CzS2svDfgzw9Z6Lodq8m90tbaFYo97fxuVQFmPLMSTya6qgAooooA+A4/wBmr4Mf8FG/+Ck/7S3hP9sHwh/wmGg/CKz8KeGPh5oN/ezJb6J9v0ddUvNStkjdRHeyS3UcYuh+9RbRFRlANeuf8EZvit8Q/jJ/wTa+HPir4q+LLvX9d09tZ8P3mu6hJvuNSXSdZvtLiupXPMkkkVnG7OeWZixyTUvxv/YQ+NGpftD+Jv2lv2Pf2tx8J9e+IHhux0b4h2994Eh1+21L7EJUs9Qt0kuYDa30UU8kQkJlidBGHhYxgnqPhh+xxrv7OHwT+D37PH7LHxvu/CPhX4aapbt4kg1HQLfVbnxhpqw3H2i1mmlKm1mnuplunuYhu3oyhQrnAB8w/wDBX/8AZP8A2H/h58HfFvxM0P4O3WoftI/FK8m074L6romt3Z8UT+LZkP2OTTpzNvs7e2cJcTeWY7eKCFy4wcNzv/BRvxt8efG37WH7NX/BPDxh8Ipvi2mufDXVvEfjjwhD4qOg6N4r1myS0gRtUu1jZl02EteXBhWKUSzPaq0LAceveJ/+Cb/7a0n7cfi39t/wT+3j4EOq6xYrpPg3T/G3wIuNYbwbow5awsZItftUXzXAeabylkmYKGO1VUemftK/sR/EL44eIvhd8evAn7Qlt4L+M/wus7u1sPHEHg1b3TNTgvreKLUbW50uS5VmtpnhilRFuRJC0a7ZW+bcAfKWvfBrQv2wf+CWX7Qn/BPP9lT9jbRPhH8RfDvjax0jxd8JG8QxSaRb3zT6XqAube7VFjazuLARyqywxkkODCG+96d/wTzj+BP7OX7XGufspah/wTG8B/s6fEjX/A58RaVf/DrU7XU9L8VaNbXccEyreRWdpIs0E08Ja3lhHyyh1Zhk16X8KP2C/jR8FPhd8QL/AMBftfyf8Ln+J/jODxL4x+K2p+A7a4triaGK3torOPSvOVYrNLS2jt0jE5lUFn84seLv7PX7DXxQ8J/tO3P7ZP7V37TSfE7x9B4Ok8LeGF0fwZH4f0fQNLmuY7m5EFoLm6keeaWGEvPJOx2xKihVyKAPpCiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigDzP9sX9rT4O/sMfs0+Lf2qvjzq81p4Y8Iab9pvRaxh57qRnWOG2hUkBpZZXjiQEgbnG4qMkfLnw9+Mv/BwB+0L4Ls/jf4C+An7NXwu0PW7Vb3QvAHxP1PX9Q19LZxujF7cWPlwWsrIVJQRSNHnDqGBUc1/wdBaBrd5/wAExIvHEGk3F/oPgv4reGNf8aWdvEZDLpEN55c25B95Q8sTHsAuTwM1+gnhPxX4a8eeFtN8b+DNdtdU0fWLCG+0rUrGYSQ3dtKgkjljYcMjIysCOCCKAPiD9tv/AIKRftsfsif8E5/Df7TPjz9m7wl4P+J938T9L8LeIPCOrapLrWmJb3Govatd209tJbs6ywqk8W45TzArqxU1931+dn/BzPdWt3/wTp0Q2tzHJ5fxz8IJJ5bhtrDUBlTjoR6V+idAHyr+xZ+3H8Wf2jf2+P2q/wBlnxv4e8O2vh/4Ga94ZsvCV5pVpOl5dx6jp81zObt5JnSRleNQnlpEApOQx5Hy3+wx+3d/wXy/b2/ZBg/bN+DHhb9lC40661DVYLHwVqWi+I7LUb02N1LbtEtz/aEsEckhiOxmGzLDcVGSO/8A+CVv/KYz/gol/wBjh4C/9Mt1Xy3/AMEH/AP/AAWC+IP/AASt0Twv+yT8e/gT4F8B6j4h8SQadrmv+DNW1HxPprtqlys0yFbtbN2Ehdow0WANobJyaAP0y/4Jf/t8eGv+Clf7GXhf9q/QfBVx4ZudVkurHXvDV1cec+l6jazNBPCJNq+Ym5d6NtUlHXKq2VHG/wDBRr9v74xfs5fF34Q/scfsk/CXQfF3xk+ON/qkfhRfGOqy2eiaPZabbC5vL69eFWlkVYz8sUeGfa+DlVR+/wD+Cbv7B/w+/wCCbX7IHhf9kv4d+Jb3XYdC+0XGqeIdSiEc+q39xM01xcsgJEYZ3IVMttRUUsxBY8//AMFE/wDgmL8I/wDgohZeD/EOv/Ejxl8PvH3w41G4vvh78Svh9q/2PVdEmnVFmRWIIeKQRx70OCQgAZctkAzfgHq3/BZ/RfjT4e0j9q7wr+zjr3gDUWuE8Qa18MbrW7DU9HZbaV4XW31BpY7lGmWKI7ZFYCQttwpr3f4x/tB/AT9nbQYfFX7QPxv8IeBdLuJTFBqXjHxLa6ZbyOBkqslzIiscHoDmvze1j4q/8FTP+CRf7X/wH+Fv7SH7aen/ALR3wf8Ajj8RbbwNBJr3g630nxF4ev7oqsE6y2zN9pjVmDO8jP8AKrDbGWVq2f2SPgr8H/22P+C0n7X3jr9sjwHo3jjX/hFqHhvw18NPDHjCwjvrTw5olxYPcG5trWcMivcyDzDNtLAlgpAcggH6LfDL4ufCj41+E4/Hvwa+J3h7xboUsjRxa14Y1qC/tHdQCyiaB2QkZGRnjIrl/A37ZX7IHxP+Is3wg+Gn7Vnw28ReLbdnW48L6F450+71GIpneGtopmlXbg5yvGDmvi3/AILzeDPCH7EP/BGX4wWX7HngLRvhfYeLvEWkxeL7rwNo8WnRww399Y2F9dmO3VVDy2yR27sBllbnnmuR/wCC0v8AwT4/YK/Zf/4I3+Ivid+z38IPCXw/8QfB/TNI1j4XfEHwvp9vaataajDeWyW8i30SiWd7gsFdmZvMaQOcuFYAH6ReMvjb8GPhz4r0nwJ8Qvi74Y0HXNetL260LRtZ1+2tbvUYLOLzruWCGV1eZIIj5krICI1+ZiBzWb4E/af/AGafij8PdV+Lfwy/aH8DeIvCmhXUttrnifQvFtneafp08SJJLFPcxStHC6JJGzK7AqsikgBhn81/+CgHwj8Pftq/8FOv+Cb/AIP/AGmvCkd7ZeI/BXjPWPGPhy4jKwXk8WiafetaTx9HhNxGqyQsCroGRgQxFVP+C13w2/4RX9rP9kb9ib4AfsZeD/E/w68b+K/E/iXxF8HbTV7XwlovjTWNM061NnFe3CW7xMIU/e+VJG4n8qOIjhSoB+mPwY/al/Zk/aQN8P2eP2jPAnj3+zCBqX/CF+L7LVPshJwBL9mlfy8kH72Old3X5P2/7IH7evib9uj4CftJfCT/AIJDfDL9m9/AnjFLfx74m8B/F7TLoa14VuU8m9sLiytNPtBcBVKyxli5Ro8KoJBH6wUAfNPgz9sz4kfGj/gpd41/Y++Duj6CfA/wh8D2lz8T/Et/aTTXZ8Ral+807TbQpMkaLHapJPOzLIxLxxgRnLHE/wCCSn7ePxZ/bS+G/wARPB/7Tnhjw7oPxc+D/wAUNV8HeP8AR/C1tPBYs0Eha1vLeO4mmkWGaE8M0jbmikZcKQB5X/wQfaXU/H37bfiPxPk+JJv21/F9pemT/WCwt4rNbFOeTGqNIEPp0rnPjH4h0H/gmj/wXq0r48eJdVh0T4XftZ/DmfSvF2oXD+Xa2XivQIfOtrqZhwvmWP7lRjLPJI2Tg0Ae6eNv28Pi/rP/AAV/8H/8E5fgX4c8N3nhzSPhpe+M/jZr2p2dxNd6bDI4g0y0tHjnjjhneYo7iVJd0MoKhdpJzfh78VP+Cq/7Qn7Jfgb4m/s+fGD9kPVvF95qesR+Mda0r+2dd8LXMEV48VoumzWd6r+aiIVuPMdwJQyqF2kV5v8A8EAfDGvfHHwz8ZP+CsfxH0qaDXv2mfiPcah4djvE/fWXhPTWex0m2OeQQqTZIwHURNjoav8A/BsH/wAoYvhr/wBjB4q/9SLUaAPPPgj+2h/wXn+OP7bHxv8A2ItE1b9kWy1r4GweHJdb1m68F+KDa6iNYsDewiALqhceWg2tvA56ZFfoj8Aofj/b/CPR4f2pNS8HXfjxUm/4SC48AWV3b6Q7edJ5X2eO7kkmUeT5Qbe7ZcORgEAfEP8AwT5/5WAf+ChH/YP+Fn/qNtXvVh+1h+31c/tHt8K73/glN4itvAY8WyaavxSb4u+HGtzpi3DRpqv2AXH2vY0QE3kbPNAbaV3AigDL/Zb/AG4/iz8bv+CoP7Uv7FHivw94dt/CvwQtfBcnhTUNPtJ01C7Or6Sby5+1u8zRyBZBiPy448Lw28819U1+eH/BPn/lYB/4KEf9g/4Wf+o21fQn/BWj9qDVf2Pv+CdvxT+N3hR5T4lh8NtpXg2K25ml1vUHWxsBGo5dhc3ET4HOEbpjIAPOP2e/26f22f2s/wBlz4xftE/s1fBTwL4muNP+L2peG/gTpV/qU+mW2u6JYX0NjPql7dvJIGzIt9IqxJHlbdUwWbNVP+CT/wC3R+3B+0z+0F+0V+zX+3T4L+F+j+JPgnrXh+yg/wCFXR6gbWX+0bS4umEkt7M7TFFSFdyxxDdv4YbTX0B+wL+zBpf7F37Fnwx/ZZ0tIs+CfBtlp+oTQ/duL4Rh7ucf9dLhppPq9fKf/BLH/lL5/wAFDf8AsdvAv/pknoA+2P2g/j18Lf2Xfgl4n/aF+NfiaPSPC3hDSJdR1m/k5KxIOEReryOxVEQcu7qoyWAr48/4I7f8FLv2wf27Pj3+0H8Jv2tvgb4Y+H8nwxk8K3nhjw/pEF0NRtbHXLO8v4YNSkmnkSS6jt0tFfy44QshmBXoF8+/4Kt/HH4ia7/wUI+G/wAGPi9+xP8AH/x38AfhzY2/jbUl+E3wmvvEFt4v8UiVhp9ndvEFiFpZBTctEXYyTGIOhVQa80/4JLft36b44/4La/tevH+yb8dtK/4WzrXgRIBrnwvubY+E/sWhXaE67ub/AIlYn6wGTPmryKAPu34V/tmfEJf+CkfxE/YA+O2iaHZyJ4QsvG3wf1nR7aaE6zoLv9lvYLkSyyKby2vFwTHtDwyo3lptJb6Tr8+v+CgrzaT/AMF3P2BdQ8J5GqalY/Eyy11Yv+W2mJolvKolx0RZcsueC9foLQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAGf4t8JeFvH3hbUvA3jjw7ZaxousWMtlq2lalarPb3ltKhSSGWNwVdGVipUgggkGvjDSP+CE/wAFfh5aTeEv2df23f2oPhR4Kkmd4Ph38P8A4xyQaPZB2LOlstzBPPbKSScRTL14Ir7fooA+TvjP/wAEa/2S/i/+wnpv/BPaz17x34U8FaV4li8QW+reHvE/m60+pLdyXj3Ml5qEd0XkkuJZJHYrnLfLtAAHN+GP+CM+ueGfEuneJH/4K/8A7aupDT76G5Onap8YbGW2uvLcN5UyDTAXjbG1lBGVJGRX2rRQB4z8AP2HPhN+zl+0r8Z/2pvBHiHxFdeIPjnqWkXvi2z1W7geztJNOtZLaAWiRwo8askjF/MeUlgMFRwT9gf9hz4Tf8E6v2atL/ZZ+CfiHxFqnh/SdSv722vPFN3BPeNJd3UlzIGeCGFCoeRguEBCgZJPJ9mooAK8H/bF/wCCfPwx/bK8Q+GvHmufF74oeAPFXhGC6t9B8WfCrx5caJfQwXLRNNC+wNFOjGCP5ZI2HBx1OfeKKAPkf4Jf8Ebf2ffhl+0DoP7Ufxd+Ofxi+N3jfwisv/CF6t8afHf9rR+HXkG2SWztoYYII5CP4zGxBAYEMoYbv7Vn/BKf4A/tQ/G20/ae0b4lfEn4T/E+30kaVdfEL4O+Lv7G1HUtPB3La3YaKWC6jU4x5kTMNqjdhVA+m6KAPCvhj/wT4+DXg79mjxb+yr8VPGnjr4veHPHlzczeL7z4v+LJdav9RE8EMDR+cQnkxqkEflpCsYjYF02sS1eI+F/+CBf7Kthd+F9C+Jv7Qfx2+JPgHwVqMF74U+EXxF+Jbah4Y0+S3/49l+yiBJJ44RgRxzyyIFG0gqSp+46KAPH/AIs/sU/Cv4x/tdfCT9tDxPr/AIgg8U/Bmz1628L2FhdQLp90mr2qWtybpHhaRyqIDH5ckeGyW3jipf2yP2Iv2e/27fhna/DH9oDw3eTx6VqsWq+G9d0TU5bDVdB1GLPlXtldwkSW8y5PIOCDhgw4r1uigD5U+CP/AASl8PfCP4p6D8VfF/7d37TPxLl8NXf2rRtD+I/xbe70yOYIyLJLbW0Futyyhjjz/M555NfVdFFAHyZ8F/2WvjH+zL/wVQ+KHxc+Hng4ah8Ifj54ZsdZ8UXkOoW8Z8NeLtNUW2TbySLLJDfWrhi8SyFZrc7wisGPX/8ABSr/AIJpfs8f8FUf2fbf9nT9o6/8Rafplj4gt9a03V/Cd5Bb6hZXcSSRho5J4JkCtHNKjAoch+MEAj6EooA5j4J/CDwN+z78HfCvwK+GWmGz8O+DvD1nouiWzEFo7W2hWGMMQBubagJbAyST3rhv2Ef2KfhX/wAE9f2ZND/ZS+C+v+INT8O6Beahc2d74ouoJr13vL2a8lDvBDDGQJJ3C4QYUKDk5J9gooA8Z+Dv7Dnwm+CP7YHxj/bX8KeIfEVx4q+N8OgR+K9P1C7gfT7QaRZGztvsiJCskZaM5k8ySTLcrsHFezUUUAfFfxq/4Ik/DX4rftb/ABC/bO8D/tz/ALSHwr8VfE9dKXxbafCnx7Y6VY3I06xisrYbG0+WQ7Y4y3zyN88shG0NtHPan/wRa8anx98NIdZ/4KAfGP4neCPDPxV0rxx4r0X43eLI9anluNIgvDp1vYGC1gWGN7q6WW4Em8SC1gwAU5+9aKAON/aB+EE/x8+D2ufCK2+LXjLwK+tQRxL4s+H2rpYaxp22VJN9tO8cqxsdmwko2Udh3yPjP4S/8G/Xw8+Cvxf1j45eBv8Agpr+13D4h8T6tY6h4xun+KOnD/hI5LQbYFvimlq1wgjzHgtnYzAEZr7+ooAK8b+Bn7EPwo/Z/wD2pfjR+1x4N8QeIbnxJ8dLjQpvFtlqd3A9jaNpNnJaWws0SFJIw0cjGTzJJcsAV2Dg+yUUAfJnw/8A2WfjH8S/+CtPjD9uf46+Dho/hjwB4Cg8DfBGxl1C3uH1Bblxd6rrbJDI5ty7lLSNJNshjidmRMrn6zoooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/9k= + + + + + + + Who are the intended users of the model? + + + Who are the intended users of the model? + + + What are the known technical limitations of the model? + + + What are the known tradeoffs in accuracy/performance of the model? + + + + The name of the risk + Strategy used to address this risk + + + + + The groups or individuals at risk of being systematically disadvantaged by the model + Expected benefits to the identified groups + Expected harms to the identified groups + With respect to the benefits and harms outlined, please describe any mitigation strategy implemented. + + + + + + + diff --git a/src/test/resources/1.5/valid-metadata-lifecycle-1.5.json b/src/test/resources/1.5/valid-metadata-lifecycle-1.5.json index c08a076d0..1bfb21b45 100644 --- a/src/test/resources/1.5/valid-metadata-lifecycle-1.5.json +++ b/src/test/resources/1.5/valid-metadata-lifecycle-1.5.json @@ -18,4 +18,4 @@ ] }, "components": [] -} \ No newline at end of file +} diff --git a/src/test/resources/1.5/valid-metadata-lifecycle-1.5.textproto b/src/test/resources/1.5/valid-metadata-lifecycle-1.5.textproto new file mode 100644 index 000000000..48b7aaea1 --- /dev/null +++ b/src/test/resources/1.5/valid-metadata-lifecycle-1.5.textproto @@ -0,0 +1,17 @@ +spec_version: "1.5" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +metadata { + lifecycles [ + { + phase: LIFECYCLE_PHASE_BUILD + }, + { + phase: LIFECYCLE_PHASE_POST_BUILD + }, + { + name: "platform-integration-testing" + description: "Integration testing specific to the runtime platform" + } + ] +} diff --git a/src/test/resources/1.5/valid-metadata-manufacture-1.5.json b/src/test/resources/1.5/valid-metadata-manufacture-1.5.json index 6323f0004..c01cd7ccb 100644 --- a/src/test/resources/1.5/valid-metadata-manufacture-1.5.json +++ b/src/test/resources/1.5/valid-metadata-manufacture-1.5.json @@ -5,12 +5,14 @@ "version": 1, "metadata": { "manufacture": { + "bom-ref": "manufacturer-1", "name": "Acme, Inc.", "url": [ "https://example.com" ], "contact": [ { + "bom-ref": "contact-1", "name": "Acme Professional Services", "email": "professional.services@example.com" } diff --git a/src/test/resources/1.5/valid-metadata-manufacture-1.5.textproto b/src/test/resources/1.5/valid-metadata-manufacture-1.5.textproto index 9482b2199..55bcc6dcd 100644 --- a/src/test/resources/1.5/valid-metadata-manufacture-1.5.textproto +++ b/src/test/resources/1.5/valid-metadata-manufacture-1.5.textproto @@ -8,6 +8,8 @@ metadata { contact { name: "Acme Professional Services" email: "professional.services@example.com" + bom_ref: "contact-1" } + bom_ref: "manufacturer-1" } } diff --git a/src/test/resources/1.5/valid-metadata-manufacture-1.5.xml b/src/test/resources/1.5/valid-metadata-manufacture-1.5.xml index 794939158..1a76f2db6 100644 --- a/src/test/resources/1.5/valid-metadata-manufacture-1.5.xml +++ b/src/test/resources/1.5/valid-metadata-manufacture-1.5.xml @@ -1,10 +1,10 @@ - + Acme, Inc. https://example.com - + Acme Professional Services professional.services@example.com diff --git a/src/test/resources/1.5/valid-metadata-supplier-1.5.json b/src/test/resources/1.5/valid-metadata-supplier-1.5.json index e445641fc..47c4f007a 100644 --- a/src/test/resources/1.5/valid-metadata-supplier-1.5.json +++ b/src/test/resources/1.5/valid-metadata-supplier-1.5.json @@ -5,12 +5,14 @@ "version": 1, "metadata": { "supplier": { + "bom-ref": "supplier-1", "name": "Acme, Inc.", "url": [ "https://example.com" ], "contact": [ { + "bom-ref": "contact-1", "name": "Acme Distribution", "email": "distribution@example.com" } diff --git a/src/test/resources/1.5/valid-metadata-supplier-1.5.textproto b/src/test/resources/1.5/valid-metadata-supplier-1.5.textproto index c980f3127..6986b7f62 100644 --- a/src/test/resources/1.5/valid-metadata-supplier-1.5.textproto +++ b/src/test/resources/1.5/valid-metadata-supplier-1.5.textproto @@ -8,6 +8,8 @@ metadata { contact { name: "Acme Distribution" email: "distribution@example.com" + bom_ref: "contact-1" } + bom_ref: "supplier-1" } } diff --git a/src/test/resources/1.5/valid-metadata-supplier-1.5.xml b/src/test/resources/1.5/valid-metadata-supplier-1.5.xml index 2ed3c913d..677258c3e 100644 --- a/src/test/resources/1.5/valid-metadata-supplier-1.5.xml +++ b/src/test/resources/1.5/valid-metadata-supplier-1.5.xml @@ -1,10 +1,10 @@ - + Acme, Inc. https://example.com - + Acme Distribution distribution@example.com diff --git a/src/test/resources/1.5/valid-metadata-tool-1.5.json b/src/test/resources/1.5/valid-metadata-tool-1.5.json index 81e908a98..5331c2cc8 100644 --- a/src/test/resources/1.5/valid-metadata-tool-1.5.json +++ b/src/test/resources/1.5/valid-metadata-tool-1.5.json @@ -4,23 +4,44 @@ "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { - "tools": [ - { - "vendor": "Awesome Vendor", - "name": "Awesome Tool", - "version": "9.1.2", - "hashes": [ - { - "alg": "SHA-1", - "content": "25ed8e31b995bb927966616df2a42b979a2717f0" + "tools": { + "components": [ + { + "type": "application", + "group": "Awesome Vendor", + "name": "Awesome Tool", + "version": "9.1.2", + "hashes": [ + { + "alg": "SHA-1", + "content": "25ed8e31b995bb927966616df2a42b979a2717f0" + }, + { + "alg": "SHA-256", + "content": "a74f733635a19aefb1f73e5947cef59cd7440c6952ef0f03d09d974274cbd6df" + } + ] + } + ], + "services": [ + { + "provider": { + "name": "Acme Org", + "url": [ + "https://example.com" + ] }, - { - "alg": "SHA-256", - "content": "a74f733635a19aefb1f73e5947cef59cd7440c6952ef0f03d09d974274cbd6df" - } - ] - } - ] + "group": "com.example", + "name": "Acme Signing Server", + "description": "Signs artifacts", + "endpoints": [ + "https://example.com/sign", + "https://example.com/verify", + "https://example.com/tsa" + ] + } + ] + } }, "components": [] } diff --git a/src/test/resources/1.5/valid-metadata-tool-1.5.textproto b/src/test/resources/1.5/valid-metadata-tool-1.5.textproto index 7c3d0cb08..a8b428201 100644 --- a/src/test/resources/1.5/valid-metadata-tool-1.5.textproto +++ b/src/test/resources/1.5/valid-metadata-tool-1.5.textproto @@ -3,16 +3,35 @@ version: 1 serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" metadata { tools { - vendor: "Awesome Vendor" - name: "Awesome Tool" - version: "9.1.2" - hashes { - alg: HASH_ALG_SHA_1 - value: "25ed8e31b995bb927966616df2a42b979a2717f0" + components { + type: CLASSIFICATION_APPLICATION + group: "Awesome Vendor" + name: "Awesome Tool" + version: "9.1.2" + hashes { + alg: HASH_ALG_SHA_1 + value: "25ed8e31b995bb927966616df2a42b979a2717f0" + } + hashes { + alg: HASH_ALG_SHA_256 + value: "a74f733635a19aefb1f73e5947cef59cd7440c6952ef0f03d09d974274cbd6df" + } } - hashes { - alg: HASH_ALG_SHA_256 - value: "a74f733635a19aefb1f73e5947cef59cd7440c6952ef0f03d09d974274cbd6df" + services { + provider: { + name: "Acme Org", + url: [ + "https://example.com" + ] + }, + group: "com.example", + name: "Acme Signing Server", + description: "Signs artifacts", + endpoints: [ + "https://example.com/sign", + "https://example.com/verify", + "https://example.com/tsa" + ] } } } diff --git a/src/test/resources/1.5/valid-metadata-tool-1.5.xml b/src/test/resources/1.5/valid-metadata-tool-1.5.xml index caf273f6c..65a2a8a4b 100644 --- a/src/test/resources/1.5/valid-metadata-tool-1.5.xml +++ b/src/test/resources/1.5/valid-metadata-tool-1.5.xml @@ -2,15 +2,33 @@ - - Awesome Vendor - Awesome Tool - 9.1.2 - - 25ed8e31b995bb927966616df2a42b979a2717f0 - a74f733635a19aefb1f73e5947cef59cd7440c6952ef0f03d09d974274cbd6df - - + + + Awesome Vendor + Awesome Tool + 9.1.2 + + 25ed8e31b995bb927966616df2a42b979a2717f0 + a74f733635a19aefb1f73e5947cef59cd7440c6952ef0f03d09d974274cbd6df + + + + + + + Acme Org + https://example.com + + com.example + Acme Signing Server + Signs artifacts + + https://example.com/sign + https://example.com/verify + https://example.com/tsa + + + diff --git a/src/test/resources/1.5/valid-metadata-tool-deprecated-1.5.json b/src/test/resources/1.5/valid-metadata-tool-deprecated-1.5.json new file mode 100644 index 000000000..81e908a98 --- /dev/null +++ b/src/test/resources/1.5/valid-metadata-tool-deprecated-1.5.json @@ -0,0 +1,26 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "metadata": { + "tools": [ + { + "vendor": "Awesome Vendor", + "name": "Awesome Tool", + "version": "9.1.2", + "hashes": [ + { + "alg": "SHA-1", + "content": "25ed8e31b995bb927966616df2a42b979a2717f0" + }, + { + "alg": "SHA-256", + "content": "a74f733635a19aefb1f73e5947cef59cd7440c6952ef0f03d09d974274cbd6df" + } + ] + } + ] + }, + "components": [] +} diff --git a/src/test/resources/1.5/valid-metadata-tool-deprecated-1.5.textproto b/src/test/resources/1.5/valid-metadata-tool-deprecated-1.5.textproto new file mode 100644 index 000000000..7c3d0cb08 --- /dev/null +++ b/src/test/resources/1.5/valid-metadata-tool-deprecated-1.5.textproto @@ -0,0 +1,18 @@ +spec_version: "1.5" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +metadata { + tools { + vendor: "Awesome Vendor" + name: "Awesome Tool" + version: "9.1.2" + hashes { + alg: HASH_ALG_SHA_1 + value: "25ed8e31b995bb927966616df2a42b979a2717f0" + } + hashes { + alg: HASH_ALG_SHA_256 + value: "a74f733635a19aefb1f73e5947cef59cd7440c6952ef0f03d09d974274cbd6df" + } + } +} diff --git a/src/test/resources/1.5/valid-metadata-tool-deprecated-1.5.xml b/src/test/resources/1.5/valid-metadata-tool-deprecated-1.5.xml new file mode 100644 index 000000000..caf273f6c --- /dev/null +++ b/src/test/resources/1.5/valid-metadata-tool-deprecated-1.5.xml @@ -0,0 +1,17 @@ + + + + + + Awesome Vendor + Awesome Tool + 9.1.2 + + 25ed8e31b995bb927966616df2a42b979a2717f0 + a74f733635a19aefb1f73e5947cef59cd7440c6952ef0f03d09d974274cbd6df + + + + + + diff --git a/src/test/resources/1.5/valid-properties-1.5.json b/src/test/resources/1.5/valid-properties-1.5.json index 3a33ccfa9..24ce5de12 100644 --- a/src/test/resources/1.5/valid-properties-1.5.json +++ b/src/test/resources/1.5/valid-properties-1.5.json @@ -28,6 +28,31 @@ "type": "library", "name": "acme-library", "version": "1.0.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "properties": [ + { + "name": "Foo", + "value": "Bar" + }, + { + "name": "Foo", + "value": "You" + }, + { + "name": "Foo", + "value": "Two" + }, + { + "name": "Bar", + "value": "Foo" + } + ] + } + } + ], "properties": [ { "name": "Foo", diff --git a/src/test/resources/1.5/valid-properties-1.5.textproto b/src/test/resources/1.5/valid-properties-1.5.textproto index 94f4e2b42..63d878b59 100644 --- a/src/test/resources/1.5/valid-properties-1.5.textproto +++ b/src/test/resources/1.5/valid-properties-1.5.textproto @@ -23,6 +23,27 @@ components { type: CLASSIFICATION_LIBRARY name: "acme-library" version: "1.0.0" + licenses { + license { + id: "Apache-2.0" + properties { + name: "Foo" + value: "Bar" + } + properties { + name: "Foo" + value: "You" + } + properties { + name: "Foo" + value: "Two" + } + properties { + name: "Bar" + value: "Foo" + } + } + } properties { name: "Foo" value: "Bar" diff --git a/src/test/resources/1.5/valid-properties-1.5.xml b/src/test/resources/1.5/valid-properties-1.5.xml index 85abf9e9f..91a1916f0 100644 --- a/src/test/resources/1.5/valid-properties-1.5.xml +++ b/src/test/resources/1.5/valid-properties-1.5.xml @@ -12,6 +12,17 @@ acme-library 1.0.0 + + + Apache-2.0 + + Bar + You + Two + Foo + + + Bar Foo diff --git a/src/test/resources/1.5/valid-release-notes-1.5.json b/src/test/resources/1.5/valid-release-notes-1.5.json index 7b583cd8f..17d5fc73b 100644 --- a/src/test/resources/1.5/valid-release-notes-1.5.json +++ b/src/test/resources/1.5/valid-release-notes-1.5.json @@ -80,7 +80,7 @@ "contact": [ { "name": "Support", - "email": "support@partner", + "email": "support@partner.org", "phone": "800-555-1212" } ] diff --git a/src/test/resources/1.5/valid-saasbom-1.5.json b/src/test/resources/1.5/valid-saasbom-1.5.json new file mode 100644 index 000000000..6060a4400 --- /dev/null +++ b/src/test/resources/1.5/valid-saasbom-1.5.json @@ -0,0 +1,303 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", + "version": 1, + "metadata": { + "timestamp": "2021-01-10T12:00:00Z", + "component": { + "bom-ref": "acme-stock-application", + "type": "application", + "name": "Acme SaaSBOM Example", + "version": "2022-1" + } + }, + "services": [ + { + "bom-ref": "stock-ticker-service", + "provider": { + "name": "Acme Inc", + "url": [ "https://example.com" ] + }, + "group": "com.example", + "name": "Stock Ticker Service", + "version": "2022-1", + "endpoints": [ + "https://example.com/", + "https://example.com/app" + ], + "authenticated": true, + "trustZone": "Acme Public Zone", + "data": [ + { + "name": "Consumer to Stock Service", + "description": "Traffic to/from consumer to service", + "classification": "Customer", + "flow": "bi-directional", + "source": [ + "https://0.0.0.0" + ], + "destination": [ + "https://0.0.0.0" + ] + }, + { + "name": "Stock Service to MS-1", + "description": "Traffic to/from stock service to microservice-1", + "classification": "PII", + "flow": "bi-directional", + "source": [ + "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1.example.com" + ], + "destination": [ + "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1.example.com" + ] + }, + { + "name": "Stock Service to MS-2", + "description": "Traffic to/from stock service to microservice-2", + "classification": "PIFI", + "flow": "bi-directional", + "source": [ + "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-2.example.com" + ], + "destination": [ + "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-2.example.com" + ] + }, + { + "name": "Stock Service to MS-3", + "description": "Traffic to/from stock service to microservice-3", + "classification": "Public", + "flow": "bi-directional", + "source": [ + "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-3.example.com" + ], + "destination": [ + "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-3.example.com" + ] + } + ], + "externalReferences": [ + { + "type": "documentation", + "url": "https://example.com/app/swagger" + } + ], + "services": [ + { + "bom-ref": "ms-1.example.com", + "provider": { + "name": "Acme Inc", + "url": [ "https://example.com" ] + }, + "group": "com.example", + "name": "Microservice 1", + "version": "2022-1", + "description": "Example Microservice", + "endpoints": [ + "https://ms-1.example.com" + ], + "authenticated": true, + "trustZone": "Acme Private Zone", + "data": [ + { + "name": "Stock Service to MS-1", + "description": "Traffic to/from stock service to microservice-1", + "classification": "PII", + "flow": "bi-directional", + "governance": { + "owners": [ + { + "organization": { + "name": "Customer Name" + } + } + ] + }, + "source": [ + "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service" + ], + "destination": [ + "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service" + ] + }, + { + "name": "MS-1 to Database", + "description": "Traffic to/from microservice-1 to database", + "classification": "PII", + "flow": "bi-directional", + "source": [ + "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1-pgsql.example.com" + ], + "destination": [ + "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1-pgsql.example.com" + ] + } + ], + "externalReferences": [ + { + "type": "documentation", + "url": "https://ms-1.example.com/swagger" + } + ] + }, + { + "bom-ref": "ms-2.example.com", + "provider": { + "name": "Acme Inc", + "url": [ "https://example.com" ] + }, + "group": "com.example", + "name": "Microservice 2", + "version": "2022-1", + "description": "Example Microservice", + "endpoints": [ + "https://ms-2.example.com" + ], + "authenticated": true, + "trustZone": "Acme Private Zone", + "data": [ + { + "name": "Stock Service to MS-2", + "description": "Traffic to/from stock service to microservice-2", + "classification": "PIFI", + "flow": "bi-directional", + "source": [ + "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service" + ], + "destination": [ + "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service" + ] + } + ], + "externalReferences": [ + { + "type": "documentation", + "url": "https://ms-2.example.com/swagger" + } + ] + }, + { + "bom-ref": "ms-3.example.com", + "provider": { + "name": "Acme Inc", + "url": [ "https://example.com" ] + }, + "group": "com.example", + "name": "Microservice 3", + "version": "2022-1", + "description": "Example Microservice", + "endpoints": [ + "https://ms-3.example.com" + ], + "authenticated": true, + "trustZone": "Acme Private Zone", + "data": [ + { + "name": "Stock Service to MS-3", + "description": "Traffic to/from stock service to microservice-3", + "classification": "Public", + "flow": "bi-directional", + "source": [ + "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service" + ], + "destination": [ + "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service" + ] + }, + { + "name": "MS-3 to S3", + "description": "Data pushed from microservice-3 to S3 bucket", + "classification": "Public", + "flow": "outbound", + "destination": [ + "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#s3-example.amazon.com" + ] + } + ], + "externalReferences": [ + { + "type": "documentation", + "url": "https://ms-3.example.com/swagger" + } + ] + }, + { + "bom-ref": "ms-1-pgsql.example.com", + "group": "org.postgresql", + "name": "Postgres", + "version": "14.1", + "description": "Postgres database for Microservice #1", + "endpoints": [ + "https://ms-1-pgsql.example.com:5432" + ], + "authenticated": true, + "trustZone": "Acme Private Zone", + "data": [ + { + "name": "MS-1 to Database", + "description": "Traffic to/from microservice-1 to database", + "classification": "PII", + "flow": "bi-directional", + "source": [ + "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1.example.com" + ], + "destination": [ + "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1.example.com" + ] + } + ] + }, + { + "bom-ref": "s3-example.amazon.com", + "group": "com.amazon", + "name": "S3", + "description": "S3 bucket", + "endpoints": [ + "https://s3-example.amazon.com" + ], + "authenticated": true, + "trustZone": "Public Internet", + "data": [ + { + "name": "MS-3 to S3", + "description": "Data pushed from microservice-3 to S3 bucket", + "classification": "Public", + "flow": "inbound", + "source": [ + "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-3.example.com" + ] + } + ] + } + ] + } + ], + "dependencies": [ + { + "ref": "acme-stock-application", + "dependsOn": [ "stock-ticker-service" ] + }, + { + "ref": "stock-ticker-service", + "dependsOn": [ + "ms-1.example.com", + "ms-2.example.com", + "ms-3.example.com" + ] + }, + { + "ref": "ms-1.example.com", + "dependsOn": [ "ms-1-pgsql.example.com" ] + }, + { + "ref": "ms-2.example.com", + "dependsOn": [ ] + }, + { + "ref": "ms-3.example.com", + "dependsOn": [ "s3-example.amazon.com" ] + } + ] +} \ No newline at end of file diff --git a/src/test/resources/1.5/valid-saasbom-1.5.textproto b/src/test/resources/1.5/valid-saasbom-1.5.textproto new file mode 100644 index 000000000..cf6fcb970 --- /dev/null +++ b/src/test/resources/1.5/valid-saasbom-1.5.textproto @@ -0,0 +1,204 @@ +spec_version: "1.5" +version: 1 +serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" +metadata { + timestamp { + seconds: 3173618478 + nanos: 3 + } + component { + type: CLASSIFICATION_APPLICATION + bom_ref: "acme-stock-application" + name: "Acme SaaSBOM Example" + version: "2022-1" + } +} +services { + bom_ref: "stock-ticker-service" + provider { + name: "Acme Inc" + url: "https://example.com" + } + group: "com.example" + name: "Stock Ticker Service" + version:"2022-1" + endpoints: "https://example.com/" + endpoints: "https://example.com/app" + authenticated: true + trustZone: "Acme Public Zone" + data { + flow: DATA_FLOW_BI_DIRECTIONAL + value: "Customer" + name: "Consumer to Stock Service", + description: "Traffic to/from consumer to service" + governance: { + owners: [ + { + organization: { + name: "Customer Name" + } + } + ] + }, + source: "https://0.0.0.0" + destination: "https://0.0.0.0" + } + data { + flow: DATA_FLOW_BI_DIRECTIONAL + value: "PII" + name: "Stock Service to MS-1" + description: "Traffic to/from stock service to microservice-1" + source: "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1.example.com" + destination: "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1.example.com" + } + data { + flow: DATA_FLOW_BI_DIRECTIONAL + value: "PIFI" + name: "Stock Service to MS-2" + description: "Traffic to/from stock service to microservice-2" + source: "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-2.example.com" + destination: "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-2.example.com" + } + data { + flow: DATA_FLOW_BI_DIRECTIONAL + value: "Public" + name: "Stock Service to MS-3" + description: "Traffic to/from stock service to microservice-3" + source: "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-3.example.com" + destination: "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-3.example.com" + } + external_references { + type: EXTERNAL_REFERENCE_TYPE_DOCUMENTATION + url: "https://example.com/app/swagger" + } + services { + bom_ref: "ms-1.example.com" + provider { + name: "Acme Inc" + url: "https://example.com" + } + group: "com.example" + name: "Microservice 1" + version:"2022-1" + endpoints: "https://ms-1.example.com" + authenticated: true + trustZone: "Acme Private Zone" + data { + flow: DATA_FLOW_BI_DIRECTIONAL + value: "PII" + name: "Stock Service to MS-1" + description: "Traffic to/from stock service to microservice-1" + source: "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service" + destination: "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service" + } + data { + flow: DATA_FLOW_BI_DIRECTIONAL + value: "PII" + name: "MS-1 to Database" + description: "Traffic to/from microservice-1 to database" + source: "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1-pgsql.example.com" + destination: "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1-pgsql.example.com" + } + external_references { + type: EXTERNAL_REFERENCE_TYPE_DOCUMENTATION + url: "https://ms-1.example.com/swagger" + } + } + services { + bom_ref: "ms-2.example.com" + provider { + name: "Acme Inc" + url: "https://example.com" + } + group: "com.example" + name: "Microservice 2" + version:"2022-1" + endpoints: "https://ms-2.example.com" + authenticated: true + trustZone: "Acme Private Zone" + data { + flow: DATA_FLOW_BI_DIRECTIONAL + value: "PIFI" + name: "Stock Service to MS-2" + description: "Traffic to/from stock service to microservice-2" + source: "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service" + destination: "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service" + } + external_references { + type: EXTERNAL_REFERENCE_TYPE_DOCUMENTATION + url: "https://ms-2.example.com/swagger" + } + } + services { + bom_ref: "ms-3.example.com" + provider { + name: "Acme Inc" + url: "https://example.com" + } + group: "com.example" + name: "Microservice 3" + version:"2022-1" + endpoints: "https://ms-3.example.com" + authenticated: true + trustZone: "Acme Private Zone" + data { + flow: DATA_FLOW_BI_DIRECTIONAL + value: "Public" + name: "Stock Service to MS-3" + description: "Traffic to/from stock service to microservice-3" + source: "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service" + destination: "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service" + } + data { + flow: DATA_FLOW_OUTBOUND + value: "Public" + name: "MS-3 to S3" + description: "Data pushed from microservice-3 to S3 bucket" + destination: "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#s3-example.amazon.com" + } + external_references { + type: EXTERNAL_REFERENCE_TYPE_DOCUMENTATION + url: "https://ms-3.example.com/swagger" + } + } + services { + bom_ref: "ms-1-pgsql.example.com" + group: "org.postgresql" + name: "Postgres" + version:"14.1" + description: "Postgres database for Microservice #1" + endpoints: "https://ms-1-pgsql.example.com:5432" + authenticated: true + trustZone: "Acme Private Zone" + data { + flow: DATA_FLOW_BI_DIRECTIONAL + value: "PII" + name: "MS-1 to Database" + description: "Traffic to/from microservice-1 to database" + source: "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1.example.com" + destination: "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1.example.com" + } + } + services { + bom_ref: "s3-example.amazon.com" + group: "com.amazon" + name: "S3" + description: "S3 bucket" + endpoints: "https://s3-example.amazon.com" + authenticated: true + trustZone: "Public Internet" + data { + flow: DATA_FLOW_INBOUND + value: "PII" + name: "MS-3 to S3" + description: "Data pushed from microservice-3 to S3 bucket" + source: "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-3.example.com" + } + } +} +dependencies { + ref: "pkg:maven/com.acme/stock-java-client@1.0.12" + dependencies { + ref: "b2a46a4b-8367-4bae-9820-95557cfe03a8" + } +} diff --git a/src/test/resources/1.5/valid-saasbom-1.5.xml b/src/test/resources/1.5/valid-saasbom-1.5.xml new file mode 100644 index 000000000..131f7375b --- /dev/null +++ b/src/test/resources/1.5/valid-saasbom-1.5.xml @@ -0,0 +1,239 @@ + + + + 2021-01-10T12:00:00Z + + Acme SaaSBOM Example + 2022-1 + + + + + + Acme Inc + https://example.com + + com.example + Stock ticker Service + + https://example.com/ + https://example.com/app + + true + Acme Public Zone + + + Customer + + + + + Customer Name + + + + + + https://0.0.0.0 + + + https://0.0.0.0 + + + + PII + + urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1.example.com + + + urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1.example.com + + + + PIFI + + urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-2.example.com + + + urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-2.example.com + + + + Public + + urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-3.example.com + + + urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-3.example.com + + + + + + https://example.com/app/swagger + + + + + + Acme Inc + https://example.com + + com.example + Microservice 1 + + https://ms-1.example.com + + true + Acme Private Zone + + + PII + + urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service + + + urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service + + + + PII + + urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1-pgsql.example.com + + + urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1-pgsql.example.com + + + + + + https://ms-1.example.com/swagger + + + + + + Acme Inc + https://example.com + + com.example + Microservice 2 + + https://ms-2.example.com + + true + Acme Private Zone + + + PII + + urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service + + + urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service + + + + + + https://ms-2.example.com/swagger + + + + + + Acme Inc + https://example.com + + com.example + Microservice 3 + + https://ms-3.example.com + + true + Acme Private Zone + + + PII + + urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service + + + urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service + + + + Public + + urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#s3-example.amazon.com + + + + + + https://ms-3.example.com/swagger + + + + + org.postgresql + Postgres + 14.1 + Postgres database for Microservice #1 + + https://ms-1-pgsql.example.com:5432 + + true + Acme Private Zone + + + PII + + urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1.example.com + + + urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1.example.com + + + + + + com.amazon + S3 + S3 bucket + + https://s3-example.amazon.com + + true + Public Internet + + + Public + + urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-3.example.com + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/src/test/resources/1.5/valid-service-1.5.json b/src/test/resources/1.5/valid-service-1.5.json index 11dd19a7a..c799e9c0e 100644 --- a/src/test/resources/1.5/valid-service-1.5.json +++ b/src/test/resources/1.5/valid-service-1.5.json @@ -38,7 +38,7 @@ "contact": [ { "name": "Support", - "email": "support@partner", + "email": "support@partner.org", "phone": "800-555-1212" } ] diff --git a/src/test/resources/1.5/valid-vulnerability-1.5.json b/src/test/resources/1.5/valid-vulnerability-1.5.json index 112a08399..faebf7462 100644 --- a/src/test/resources/1.5/valid-vulnerability-1.5.json +++ b/src/test/resources/1.5/valid-vulnerability-1.5.json @@ -50,6 +50,18 @@ "description": "FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath.", "detail": "", "recommendation": "Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.6.7.5, 2.8.11.1, 2.9.5 or higher.", + "workaround": "Describe the workarounds here", + "proofOfConcept": { + "reproductionSteps": "Precise steps to reproduce go here", + "environment": "Describe the environment", + "supportingMaterial": [ + { + "contentType": "image/jpeg", + "encoding": "base64", + "content": "/9j/4AAQSkZJRgABAQAASABIAAD/4QBYRXhpZgAATU0AKgAAAAgAAgESAAMAAAABAAEAAIdpAAQAAAABAAAAJgAAAAAAA6ABAAMAAAABAAEAAKACAAQAAAABAAABQKADAAQAAAABAAABQAAAAAD/wAARCAFAAUADASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9sAQwACAgICAgIDAgIDBQMDAwUGBQUFBQYIBgYGBgYICggICAgICAoKCgoKCgoKDAwMDAwMDg4ODg4PDw8PDw8PDw8P/9sAQwECAgIEBAQHBAQHEAsJCxAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQ/90ABAAU/9oADAMBAAIRAxEAPwD9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9D9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9H9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9L9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9P9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9T9xKKKKACiiigAooooAKKKKACiiigAooooAKKzdY1jSfD2lXWua7eRafp9jG0s9xO4SONF6szHgCvyK+P/APwUJ1zV7i68MfAxTpmnKTG2sTJ/pU3Ym3jbIiU9mYFz1AWmkB+qvjL4ieA/h5Z/bvHPiCy0OEjK/a51jZv91CdzfgDXy3r/APwUA/Zw0WVobPUr/WWXvZ2T7D9GmMQNfitofhT4ofGXX5ptHsdR8V6rK2Zrht85BPeSaQ7V/wCBMK+nvDv7Afxk1WJZtcvtL0PdzskmeeQfUQqVz/wI185nXF+VZc+XG4mMH2b1+5Xf4HTRwlWprCLZ9xW//BSD4DSy7JtO12Bf77WsBH5LOT+leweEP2yv2cfGc0drZeL4tNuJOBHqUclmST23yKI//H6/Om4/4J2eOli3Wvi/TJJP7rwzoPzAb+VeL+NP2NPjx4Ohku00aPXrWPJL6ZKJ2x/1yYLIfwU15WX+JeQYqfs6OMhfzfL/AOlJGk8trxV3Bn9Ctpd2t/bR3thPHc28w3JLEweNwe6spII+lWK/me+G3xr+LfwN1hj4P1e50zyXxcadcBmtnI6rLbScA+4CsOxr9mP2bv2x/Bfxz8rwzrUaeHfGIX/jzd8wXeBy1q7ck9zG3zDtuGTX2+6ujiPsmiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD//1f3EooooAKKKKACiiigAooooAKKKKACop54LWCS6upFhhhVnkdyFVEUZZmJ4AAGSalr88P8AgoV8aJ/BXgCz+F+hXBi1PxeGa7ZDho9OiOGX285/k91DChAfDv7Xn7Uuo/GzxHN4V8LXL2/gbSZSIUUlft8qHH2mUd1z/qlPAHzH5jx1P7NH7HM/j21tfHvxQWWy8Py4ktbBSY571ezu3WOE9sfMw5GBgnhP2PfgTB8WfGsviHxJb+b4Z8NsjzIw+W6uTzFAfVRjc49MD+Kv2w/dxR/wxxxr7Kqqo/IAD8q/nbxl8VauAm8pyyVqlvfkt432S/vNat9Fa2r0+hyjK1Ne1qbdEZWgeHtB8K6VDofhrT4NL0+3GI4LeMRoPfA6n1J5Pc1sV8+X/wC1V+z9pustoV14ytTOjbGeNJZIFYcYMyIU/EEj3r3iw1Cw1Wyg1LS7mO8tLpBJFNC4eORG5DKy5BB9q/lbM8px1C1XG0px59U5Jrm+bWp9NTqwlpBrTsW6KKK8k1PD/jD+z78OvjRp8ieI7IWurBcQanbKFuoz23HpInqr59sHmvxc+K/wl8c/AbxlHpWtFo3VvP0/UbYsiTqjZWSJxyrqcblzuU+2Cf6E68r+Mnwn0H4yeBb3wfraqkrAyWVzjL2t0o+SRT1x2cd1JHpX7D4ZeKuJyevHDYqTlhno09eTzj6dY7P1PJzLLI1k5RVpfmef/sZftQn41aA/gvxnMo8Z6JEGaQ4X+0LZcL54H/PRTgSgeoYdSB9yV/MPoWs+M/gP8U4dTgU2XiDwnfFZIySFYxNtkjb1jkXI91Oa/pQ8E+LtI8feENG8a6C++w1u1iuovVRIuSp91OVPuDX9ywqRnFTg7p6pnxTTTszqKKKKoQUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH//W/cSiiigAooooAKKKKACiiigD8fP2q/21fiZo/wAStW+Hnwsvl0LTvD0xtZ7pYkkuLm4T/WYaQMERW+UBRk4yTg4r5Z/4bJ/aZ/6Hu6/79W//AMbr6u/a+/Yz8cX3jLWfi18L7U63Zau5u77Tov8Aj7gnI/ePEn/LVHI3bV+YEkYIr8z9Ovrnw9qhe4soppYGKS295CHGQeVZGAKkfgRTe2iNKUYuSU3Zd9z6C/4bJ/aZ/wCh7uv+/Vv/APG68Z8e/EXxr8T9dHiXx7qsusaksKQCaUKCIoySqgIFAAJJ6d6+gPBPiT4Q+KvLs9Q0Gx0rUWwPLliTy3P+xIQB+BwfrWR8efDHh3Q9E0u40bTYLGWS5ZGaGMIWXYTg468ivIp5x+/VCdNxbPv8TwBbLp5lh8VCpCO9r33StqtHrsz9EP2G9X8J33wOt9M8PKY7/TbqZdUV8bmuZTvWTjqjR7QvptI7VN+3B4o1vw18C7iHRZHg/tm+gsbmRCQRburu65HQOUCn1BI714P/AME5Wbb48TJ2/wDEvOO2f33NfoJ8QvAXh74m+D9R8E+KImksNRQAlDiSN1O5JEJzhkYAj8jwTX8Y8WTw+VcaTr105041Izd9X7yUn62b0XkkcOFUquDSjo7W/Q/m/wCnAr9XP+CePifWr/wx4q8KXkjy6bpM9tPa7iSImuQ/mIvoCUDY9cnvXll//wAE8PiAmsmDTPFGmS6UW4nmWZJwnvEqspbHo+K/Qz4KfBrw58EfBq+FdBka7mmk8+8u5AFe4nIA3YGdqqBhVycDuSSa/UfF/wASMlx2SywmEqqpUm4tWT92zTbd0rO11bfXseblOXVoVueaskev0UUV/JR9SFFFFAH5F/8ABQLwFDovj7RvH1lGEj8R2zQ3GBgG5tMAMfdo2X/vmvrj/gnD43l174Qat4NupN8vhfUT5QJ5FveL5qj6CQSfnXHf8FBNPiuPg/o+oMP3llrEQU9wssMqsPxwPyrzP/gmNqEqeNvHWlZ/dTabazkf7UU5Qfo5r+9vBfNJ4rh2h7R3cLw+Sen3JpfI+Hziko4iVuup+xNFFFfqR5YUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH//1/3EooooAKKKKACiiigAooooAK+cPjd+yz8KfjnBJda9Y/2Zr+3Eeq2QVLgHt5o+7Mvs/Powr6Pr57/aW+PFp+z78PB4s+wjU9SvrhbOxtmYpG8zKzlpGHIRFUk45JwBjOQ0B+MHxz/ZJ+KvwOabVL+1GueGkPy6rZKWjRScD7RHy0J+uVz0Y18+XvibXdS0i30LULt7mztH8yFZDuKHG3AY84x26V6f8Wf2iPi18abpm8ba3I1gG3R6fbfuLKP0xEp+Yj+85Y+9eJU3BOza2NqWIqQUowk0no7dV2fc/Tr/AIJy/wDM+f8AcP8A/a1fp1X5mf8ABOa2mFt47vCP3RewjB/2gJmI/Kv0zr+CPGlp8S4q39z/ANIifZ5P/u8fn+YUUUV+WHphRRRQAUUUUAfAv/BQrWIbX4X+H9DLfvtQ1YSgf7FvC+4/m61xv/BMXSJX8SePNf2nyobOztM9t0sryY/KOvDP26PiNB4x+LMfhXTpRJZeEYDbMQcqbuUh5/8AvnCofdTX6Ff8E+/AE3hD4EJ4hvY/LuvF15JfjIwfs0YEMH4EKzD2av798H8nnguH8PCorSneb/7ed1/5LY+Fzasp15NdND7looor9LPNCiiigAooooAKK5rxf4x8MeAfD134r8Y6lFpWlWK7pZ5jhRngKAMlmY8KqgknoK+KW/4KOfAVdW+wCy1prPdt+2C1j8vH97yzL5mP+A59qLAffdFcp4K8ceE/iL4ctfFngrU4tV0q7zsmiJ4ZfvIynDK691YAiuroAKKKKACiiigAooooAKKKKAP/0P3EooooAKKKKACiiigAooooAK8J/aH+Bej/ALQHw/bwdqN42m3dtOt3Y3arv8mdVK/MmRuRlYqwBB7jkV7tRQB+MDf8EzPiiCQvi/RiOx2XIz+Gyuf8V/8ABOn4seGfC+q+IrbXNN1ibTLd7hbK1Sfz5xHyyx7lA3bckDuRgcmv2/r5b/ay+P8AqX7Pnw+ste0Cwiv9Y1i8Fnai43GCLCNI8jhSC2AMBQRknk4FVcD8Xv2cvjbefA/x/HrMwebQ9RAttTt16tDnIkUf89IjyPUZXvX7xaLrWk+I9JtNe0K7jvtOv41mgniO5JEbkEH+Y6g8Hmv5yPG3iqXxv4p1HxZc6faaZcapIZpobFGit/Nb77IjM23efmIBxknAFe2fAH9prxh8Drv+z1U6x4ZuH3z6fI+0ox6yW7nOxz3GNrdxnkfhni54UvOF9fwFlXirNbKaW2vSS6N6NaPZHt5Vmnsv3c/h/I/d6iuY8F+LtG8e+FNL8ZeH3Z9P1eBZ4t42uA3BVhzhlIIPuK6ev4tr0J0pypVFaUW00+jW6PsIyTV0FFFRT3EFpBJdXUqQwxKWeSRgqKo6lmOAAPU1mlfRDJa+bP2lvj5pnwS8GyCzlSXxTqqNHp1v1KE8G4kHZI+2fvNgDvjzP40/tt+A/A9vcaN8Onj8U69gqJUJ+wQN6tIMeaR/dTg92FflvHH8S/j78RViQT+IvE+uSYHoAP8Ax2KKMfRVFfv3hj4NYnG1oY3NabhRWqi9JT+W6j3vutFvdeFmWbxgnCk7v8ja+Cnws8Q/Hv4qWPhOB5Jft0xutTuzljFbBt08zMf4jnC56uwr+k3SdK07QdKstD0iEW1jp8MdvBEvRIolCoo+gFfP/wCzL+zpo37P/go6bEVv/EWqBJNUvlXh3UfLDFnkRR5OP7xyx64H0kUcdVI/Cv7J0WiPkBtFGCKKACilCk9Bmql/e2WlWz3uq3EVlbxjc8k7rEij1LMQAKALVVb6+stMs59R1K4jtLS2QySzTOI440XkszNgAD1NfGHxa/bw+C/w7jmsPDFyfGespkCKwbFqrf8ATS6IK4/65hz9K/Jf40/tMfFb473f2fxPf/ZdI35h0qy3R2qnPy7lyWlf3cn2A6U0gPbP25P2idC+MfijS/C3gPUHvPDPh5ZGeUApDdXrnBkTPLIiDarEDqxHBzXgi/AbxF/wol/jxJewx6cLsW62jKwmeMy+T5ob7uN/AHoCc9q92+Af7FninxzNbeJvidHLoHh7IkW1YbL27XqBtPMKHuzfMR0HevsD9suw0rw1+zLd6Bo1tHZWMFzp1tbwRDakcaSghVH0WvxziLxToLNcJlOWTUpyqRU2rNKLdnFPu+62t329jD5ZL2U6tRWSTsfPH/BNjxlrNl8TNe8BrKX0nVdOe9aIn5UuLV0VZFHqyOVPrgegr9oa/D3/AIJvW5l+OuqTgcQaHck/8CmhFfuFX7HI8cKKKKQBRRRQAUUUUAFFFFAH/9H9xKKKKACiiigAooooAKKKKACiiigAr83P+CmUBf4WeEbgDiLW2B/4FbSf4V+kdfBX/BRjS2vfgBb36jJ07WrOQ+yyJLGf1YU0B+ef7JXwK8DfHG58UWPjGW8hfSYrWS3a0lWMjzWdW3BkcH7ox0r6suv+Cd/w5kmV7PxTq0MWRuRkgcle4DbVwfcg14p/wTw1IQfEbxRpRODeaUkoHqYJ1H8pK/XCv5D8WeOs6yzPq1DCYmUYWi0tGtYq9k0+tz6zK8FRqUFKcbvU5zwh4U0bwN4Y0zwh4eiMOm6TAsEKsdzbV7se7Mckn1NdHRRX871q06k5VKjvJu7b3be7PfSSVkFfOX7VXgLxn8R/g5qPhvwKTJqHnwTvbBwhuoYiS8QJIGScMATglcelfRtFd2TZrUwOLpYykk5QkpK+qunfUitSU4uD6n88t78BPjZp2ftfgXWEx/ds5H/9ABrmZvAvxE0d/Mn8PatYuv8AEbS4jI/HYDX9IOSOhpwkkHRiPxr+gaP0ksYv4mEi/STX5pngvh6HSbP5u49e+I+lf6rUtZstvpPcxY/UVpQ/GD4s2J2weNdahI7DULgf+z1/RbIkcv8ArkWT/eAP86oy6RpE4xPYW8g/2oUb+Yr06f0lV9vA/dU/+0M3w72n+H/BP59ov2g/jlBxF8Q9dUf9hKf/AOLqz/w0d8eiMf8ACxddx/2EJv8A4qv3tk8HeEJuZtB09/8AetIT/Nag/wCEE8DZz/wjemZ/68oP/iK6l9JSh1wT/wDA1/8AIk/6uv8An/A/Am6+PHxpvVK3fj/XJQeobUrj/wCLrnmHxF8eTrC/9r+I5nPyq32i8JPsDur+iS38L+F7QhrXRrGEjulrEv8AJa11MFmm1NsK+igKPyFc1f6Sd1ajgdfOf6KBcOHO8/w/4J+Kvw1/Yk+MHjZ4rrxHAnhHTGwS9781yV/2LdTuz/vlK/ST4SfsufCn4RGLUNNsTq+tx4P9o34WSVW9Ykxsi/4CN3+0a96l1KMcRLuPqeBVq2nFxHvxgg4Ir8s4w8T89zSDjWn7Ok/sw0Xzd+Z+jdvI9fD5NTormtd92WCSTk18M/8ABQDUha/BjTdPzhr/AFiAY9RFFK5/XFfc1fmL/wAFF9eGPBPhZG5/0y+df++IkP8A6HXF4RYJ1+I8JFdG5f8AgMW/0JzWfLh5srf8EytMM3xC8aaxji10qCDPvPOG/wDaVfsnX5h/8EyfD7W/g3xt4odcfbb+2tEb1FtEXb9ZRX6eV/oDI+DCiiikAUUUUAFFFFABRRRQB//S/cSiiigAooooAKKKKACiiigAooooAK+aP2w/DreJv2bfG9nGm+SztUvkHvZypMT+Cqa+l6yte0a08R6FqXh6/GbbVLaa1kB/uToUP6GgD+fv9i3xEugftBaHFK22PWIbmwPpuljLp+boB+NfuTX841jNq3wn+JcMsylNQ8I6qN69DvspsMPx2kfQ1/RZpuo2esadaavp7iS1voY54mHIaOVQ6n8jX8ifSNylwx+HxqWk4uPzi7/lJfcfWcP1b05Q7P8AMu0UUV/OR9AFFFFAGHNfXAlYKdoBxjFMGoXI/iB/Ctp4IZDudASe9Rmztj/yzH617EMbh7JOH5HUqsLaozBqVx/sn8KX+05v7q/rV/7Ban+D9TSf2fa/3T+dV9awv8g/aU+xS/tOb+4v60h1Oc9FUfnV3+z7b0P50o0+1H8JP40fWMJ/KHPS7GU95cvwXwPbiokimmPyqW966BLW3j+6gz781PQ80hFWpQB4hL4UczNA8BAkxkjPFa2mjEBPq1Z19J5lw2Oi8flWxaJ5dug7kZP41rj6reHjzbsqtJ8iuWa/ED9tjxcvij486pZQvvt/D0EGnLg8B0HmS/8Aj7kH6V+zni/xRp/grwrq/i/VWC2mj2st1JnuI1JCj3Y4A9zX88+l2GvfFv4kW2nrmbV/F2phSev728lyx+i7ifoK/cfo55E6mNr5jJaQjyr1lq/uS/8AJj5HiCvaEaffU/df9iDwi3hL9m/w0Zo/LuNba41OTPXFxIRH/wCQ1SvrSsvRNGsfDui6f4f0xAlnplvFawqO0cKBF/QVqV/XDPlAooooAKKKKACiiigAooooA//T/cSiiigAooooAKKKKACiiigAooooAKKKKAPwj/4KAfDGTwT8bH8XWkOzTPGcIu1YD5RdxAR3C/U/K/8AwKvrz9h/4oR+NfhSvg++m3ar4RYWxUn5ms3y0D/ReY/+Aj1r6M/at+Cg+OHwkv8AQtPjDa9pRN/pbdzcRqd0OfSZMp/vbT2r8Mvgn8U9Y+CPxJs/FMcUhhiZrXUbQ/K0luxxKhB6OhG5c9GUe9fn3ifwe86ymeHpr95H3oeq6fNXXrZ9D0Mtxfsaqk9noz+hGisfw94g0fxXodj4k8PXS3um6lEs0EyHhkYcfQjoR1ByDWxX+fdSnKEnCas1o0+jPu076oKKKKgYUUUUAFFFFABRRR70AFVrq4FvGT/Efuio576KLIT529un51jM0tzLk/MzdK9TB5e5PmqaI6aVBvV7C28RnmC9up+ldLVW1thbpg8s3U15p8ZPi14f+DPgi78X64wkmAMdla5w91ckfJGvsOrn+Fcn0rZ0quOxMMNho80m7RS6tmWKxEVeTeiPjP8Ab6+LkdlpFh8HtHn/ANJvyl7qe0/cgQ5gib/fYbyPRV9a4r/gnP8ACZ/EXxA1H4ranDnT/C8Zt7RmHD31yuCR/wBcoiSfQutfEUj+NvjZ8Scqrap4l8VXoCqvQySnAA/uxov4Ki+1f0Y/Bf4WaR8Gfhto3w/0giT7BHuuZwMG4upPmmlP+83T0UAdq/0A4E4UhkuWU8DHWW8n3k936dF5JH51jsU61Rz+49Sooor645AooooAKKKKACiiigAooooA/9T9xKKKKACiiigAooooAKKKKACiiigAooooAK/Ij9u79ly4sr28+Ofw/szJZ3B8zXLSJeYpO94ij+Bv+WuOjfP0Jx+u9MkjjmjeGZBJHICrKwBVlIwQQeCCOoppgfz5/syftO6n8FdQ/wCEe8QCTUPB99JulhX5pLSRus0APUH+NP4uo+br+0fhvxN4f8Y6Ja+I/C9/Fqem3i7op4W3KfUHuGHQqcEHgivz4/ah/YPvLa4vPH/wLtPtFtIWlutDT/WRE8s1n/eX/pl1H8GR8o+Bvhr8XviT8FNcluPCd9JYsJNt3YXCkwSsvBWaFsYYdMjDD1r8Q8SvBujm8pY3AtQr9b/DP17Pz69V1Pay7N3S9yesfyP6HKQ5wcda+Ffhl+3j8N/E8cVh8QraTwrqJwGmAa4smb1DqN6fRlIH96vs/wAP+J/DfiyzXUPC+q2ur2zDIktZkmX8dhOPxr+SM+4RzLK58mOoSh5291+klo/kz6qhiqdRXg7ldp7lJCWdlbvzUq6hcr1Ib6it1kR+HUH6ioGs7Zv+WYH0rlWYUZL34Hp+3g90Zo1Kfuqn86Dqc3ZV/Wrx0+29D+dH9n23ofzp/WMJ/KPnpdjObULk9CB9BVZ5ZpjhmLe1bq2Vsv8ABn6mrCRonEagfQUf2hRh8EA9vBfCjCisZ5OWGwep/wAK2ILaO3GEGSepPWuS8Y/EbwH8PrVrzxrr1npCAZCzygSt/uxjLsfopr4H+LH7f9jDHNpPwe0xriY5X+0tQTbGv+1Fb5y3sZCB/smvoci4SznO5KODovk/m2ivWT0forvyPOxmaQgvfl8j7X+LXxk8D/Bnw82ueL7sCaQH7LZREG5unH8Ma9hnq5+Ve57V+Hnxf+L/AIx+OHjD+3/EBIUHybCxhy0dvGx+WONerOxxubGWP4AYLv8AEb40eNVU/bfFXiXVX2qoBllb2AHCIv4Ko9BX7Dfsr/sVaX8J5Lbx98SRDqvi9QHt7dcSW2nE91PSSYf3/ur/AA5PzV/XPhz4VYXIY+3qP2ldrWXReUf1e78lofGZhmkq/urSJJ+xT+yzJ8JdI/4WP48tgvi/V4dsEDjJ061cZKn0mk/j/uj5eu6vvyiiv1Q8sKKKKACiiigAooooAKKKKACiiigD/9X9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACvnL40fssfCP44LJe+I9OOna4y4XVLHEVzkdPM4KSgf7YJ9CK+jaKAPwv+Jv8AwT3+Mvg55rzwS8HjLTkyVFuRBehf9qCQ4Y/7jtn0r45v9L8e/DXVtmo2upeFtSjPV1ms5c+x+Un8DX9S1UdT0vS9atWsdasoNQtm4MVxEsyEf7rgiiSUk4yV0xp2P5zPD/7Vf7QHhxUSz8ZXV1EvRLxY7sfnKrN+terad+3x8crQBb2HSb8Du9q0bH8Y5FH6V+sniP8AZO/Z08UO8upeBNPhlfkvaB7Rs+v7hkH6V5Fqf/BPP9nS+YtZwarp2f8AnjfFgPoJVevlMbwHkmId62Dpt9+VJ/ekmdUMdWjtN/efEEP/AAUP+JiDE3hfR5D6g3C/+1KfL/wUQ+JLLiLwto6H1LXDf+1BX1fP/wAE1vgw7E2/iDXYh6NLbP8A+0RUcP8AwTU+DitmfxFrkg9A9uv6+Sa8n/iFHDl7/U4/fL/M1/tXEfznxVqf7fPxwvAVsINJ04Hulq0jD8ZJGH6V474m/ae+PPipHi1TxleQQv1jtClomD2/cqhx+NfrLpf/AATw/Z2sGDXseraljtPfbAfqIUjr2Xwz+yp+zx4SdJtJ8CadJMnIku0a8fPrm4aQfpXr4DgTJMM+ahg6afflTf3u7MZ46tL4pv7z+fPw34J+IfxN1Qx+F9G1HxJfTH5nhikuDk93lOQPqzV93fCr/gnH49154dS+K+qReGrE4ZrO1K3N6w9Cw/dR/XLn2r9l7Ozs9OtlstOt47S3ThYoUWNAPZVAA/KrNfVrRWRynlXwr+Cnw1+DGknSvh/o0di0gAnun/eXdxjvLM3zH/dGFHYCvVaKKQBRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH/1v3EooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/1/3EooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/0P3EooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/0f3EooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/0v3Eoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQBRoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQBRoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQBRoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQBRoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQB//9k=" + } + ] + }, "advisories": [ { "title": "GitHub Commit", @@ -63,6 +75,7 @@ "created": "2021-01-01T00:00:00.000Z", "published": "2021-01-01T00:00:00.000Z", "updated": "2021-01-01T00:00:00.000Z", + "rejected": "2022-01-01T00:00:00.000Z", "credits": { "organizations": [ { @@ -79,24 +92,40 @@ } ] }, - "tools": [ - { - "vendor": "Snyk", - "name": "Snyk CLI (Linux)", - "version": "1.729.0", - "hashes": [ - { - "alg": "SHA-256", - "content": "2eaf8c62831a1658c95d41fdc683cd177c147733c64a93e59cb2362829e45b7d" - } - ] - } - ], + "tools": { + "components": [ + { + "type": "application", + "group": "Snyk", + "name": "Snyk CLI (Linux)", + "version": "1.729.0", + "hashes": [ + { + "alg": "SHA-256", + "content": "2eaf8c62831a1658c95d41fdc683cd177c147733c64a93e59cb2362829e45b7d" + } + ] + } + ], + "services": [ + { + "provider": { + "name": "Acme Inc" + }, + "name": "Acme BOM Analyzer", + "endpoints": [ + "https://example.com/analyze" + ] + } + ] + }, "analysis": { "state": "not_affected", "justification": "code_not_reachable", "response": ["will_not_fix", "update"], - "detail": "An optional explanation of why the application is not affected by the vulnerable component." + "detail": "An optional explanation of why the application is not affected by the vulnerable component.", + "firstIssued": "2022-01-01T00:00:00.000Z", + "lastUpdated": "2022-02-01T00:00:00.000Z" }, "affects": [ { diff --git a/src/test/resources/1.5/valid-vulnerability-1.5.textproto b/src/test/resources/1.5/valid-vulnerability-1.5.textproto index 4cecc1285..3f50d5692 100644 --- a/src/test/resources/1.5/valid-vulnerability-1.5.textproto +++ b/src/test/resources/1.5/valid-vulnerability-1.5.textproto @@ -39,6 +39,17 @@ vulnerabilities { description: "FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath." detail: "" recommendation: "Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.6.7.5, 2.8.11.1, 2.9.5 or higher." + proofOfConcept: { + reproductionSteps: "Precise steps to reproduce go here" + environment: "Describe the environment" + supportingMaterial: [ + { + content_type: "image/jpeg" + encoding: "base64" + value: "/9j/4AAQSkZJRgABAQAASABIAAD/4QBYRXhpZgAATU0AKgAAAAgAAgESAAMAAAABAAEAAIdpAAQAAAABAAAAJgAAAAAAA6ABAAMAAAABAAEAAKACAAQAAAABAAABQKADAAQAAAABAAABQAAAAAD/wAARCAFAAUADASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9sAQwACAgICAgIDAgIDBQMDAwUGBQUFBQYIBgYGBgYICggICAgICAoKCgoKCgoKDAwMDAwMDg4ODg4PDw8PDw8PDw8P/9sAQwECAgIEBAQHBAQHEAsJCxAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQ/90ABAAU/9oADAMBAAIRAxEAPwD9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9D9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9H9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9L9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9P9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9T9xKKKKACiiigAooooAKKKKACiiigAooooAKKzdY1jSfD2lXWua7eRafp9jG0s9xO4SONF6szHgCvyK+P/APwUJ1zV7i68MfAxTpmnKTG2sTJ/pU3Ym3jbIiU9mYFz1AWmkB+qvjL4ieA/h5Z/bvHPiCy0OEjK/a51jZv91CdzfgDXy3r/APwUA/Zw0WVobPUr/WWXvZ2T7D9GmMQNfitofhT4ofGXX5ptHsdR8V6rK2Zrht85BPeSaQ7V/wCBMK+nvDv7Afxk1WJZtcvtL0PdzskmeeQfUQqVz/wI185nXF+VZc+XG4mMH2b1+5Xf4HTRwlWprCLZ9xW//BSD4DSy7JtO12Bf77WsBH5LOT+leweEP2yv2cfGc0drZeL4tNuJOBHqUclmST23yKI//H6/Om4/4J2eOli3Wvi/TJJP7rwzoPzAb+VeL+NP2NPjx4Ohku00aPXrWPJL6ZKJ2x/1yYLIfwU15WX+JeQYqfs6OMhfzfL/AOlJGk8trxV3Bn9Ctpd2t/bR3thPHc28w3JLEweNwe6spII+lWK/me+G3xr+LfwN1hj4P1e50zyXxcadcBmtnI6rLbScA+4CsOxr9mP2bv2x/Bfxz8rwzrUaeHfGIX/jzd8wXeBy1q7ck9zG3zDtuGTX2+6ujiPsmiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD//1f3EooooAKKKKACiiigAooooAKKKKACop54LWCS6upFhhhVnkdyFVEUZZmJ4AAGSalr88P8AgoV8aJ/BXgCz+F+hXBi1PxeGa7ZDho9OiOGX285/k91DChAfDv7Xn7Uuo/GzxHN4V8LXL2/gbSZSIUUlft8qHH2mUd1z/qlPAHzH5jx1P7NH7HM/j21tfHvxQWWy8Py4ktbBSY571ezu3WOE9sfMw5GBgnhP2PfgTB8WfGsviHxJb+b4Z8NsjzIw+W6uTzFAfVRjc49MD+Kv2w/dxR/wxxxr7Kqqo/IAD8q/nbxl8VauAm8pyyVqlvfkt432S/vNat9Fa2r0+hyjK1Ne1qbdEZWgeHtB8K6VDofhrT4NL0+3GI4LeMRoPfA6n1J5Pc1sV8+X/wC1V+z9pustoV14ytTOjbGeNJZIFYcYMyIU/EEj3r3iw1Cw1Wyg1LS7mO8tLpBJFNC4eORG5DKy5BB9q/lbM8px1C1XG0px59U5Jrm+bWp9NTqwlpBrTsW6KKK8k1PD/jD+z78OvjRp8ieI7IWurBcQanbKFuoz23HpInqr59sHmvxc+K/wl8c/AbxlHpWtFo3VvP0/UbYsiTqjZWSJxyrqcblzuU+2Cf6E68r+Mnwn0H4yeBb3wfraqkrAyWVzjL2t0o+SRT1x2cd1JHpX7D4ZeKuJyevHDYqTlhno09eTzj6dY7P1PJzLLI1k5RVpfmef/sZftQn41aA/gvxnMo8Z6JEGaQ4X+0LZcL54H/PRTgSgeoYdSB9yV/MPoWs+M/gP8U4dTgU2XiDwnfFZIySFYxNtkjb1jkXI91Oa/pQ8E+LtI8feENG8a6C++w1u1iuovVRIuSp91OVPuDX9ywqRnFTg7p6pnxTTTszqKKKKoQUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH//W/cSiiigAooooAKKKKACiiigD8fP2q/21fiZo/wAStW+Hnwsvl0LTvD0xtZ7pYkkuLm4T/WYaQMERW+UBRk4yTg4r5Z/4bJ/aZ/6Hu6/79W//AMbr6u/a+/Yz8cX3jLWfi18L7U63Zau5u77Tov8Aj7gnI/ePEn/LVHI3bV+YEkYIr8z9Ovrnw9qhe4soppYGKS295CHGQeVZGAKkfgRTe2iNKUYuSU3Zd9z6C/4bJ/aZ/wCh7uv+/Vv/APG68Z8e/EXxr8T9dHiXx7qsusaksKQCaUKCIoySqgIFAAJJ6d6+gPBPiT4Q+KvLs9Q0Gx0rUWwPLliTy3P+xIQB+BwfrWR8efDHh3Q9E0u40bTYLGWS5ZGaGMIWXYTg468ivIp5x+/VCdNxbPv8TwBbLp5lh8VCpCO9r33StqtHrsz9EP2G9X8J33wOt9M8PKY7/TbqZdUV8bmuZTvWTjqjR7QvptI7VN+3B4o1vw18C7iHRZHg/tm+gsbmRCQRburu65HQOUCn1BI714P/AME5Wbb48TJ2/wDEvOO2f33NfoJ8QvAXh74m+D9R8E+KImksNRQAlDiSN1O5JEJzhkYAj8jwTX8Y8WTw+VcaTr105041Izd9X7yUn62b0XkkcOFUquDSjo7W/Q/m/wCnAr9XP+CePifWr/wx4q8KXkjy6bpM9tPa7iSImuQ/mIvoCUDY9cnvXll//wAE8PiAmsmDTPFGmS6UW4nmWZJwnvEqspbHo+K/Qz4KfBrw58EfBq+FdBka7mmk8+8u5AFe4nIA3YGdqqBhVycDuSSa/UfF/wASMlx2SywmEqqpUm4tWT92zTbd0rO11bfXseblOXVoVueaskev0UUV/JR9SFFFFAH5F/8ABQLwFDovj7RvH1lGEj8R2zQ3GBgG5tMAMfdo2X/vmvrj/gnD43l174Qat4NupN8vhfUT5QJ5FveL5qj6CQSfnXHf8FBNPiuPg/o+oMP3llrEQU9wssMqsPxwPyrzP/gmNqEqeNvHWlZ/dTabazkf7UU5Qfo5r+9vBfNJ4rh2h7R3cLw+Sen3JpfI+Hziko4iVuup+xNFFFfqR5YUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH//1/3EooooAKKKKACiiigAooooAK+cPjd+yz8KfjnBJda9Y/2Zr+3Eeq2QVLgHt5o+7Mvs/Powr6Pr57/aW+PFp+z78PB4s+wjU9SvrhbOxtmYpG8zKzlpGHIRFUk45JwBjOQ0B+MHxz/ZJ+KvwOabVL+1GueGkPy6rZKWjRScD7RHy0J+uVz0Y18+XvibXdS0i30LULt7mztH8yFZDuKHG3AY84x26V6f8Wf2iPi18abpm8ba3I1gG3R6fbfuLKP0xEp+Yj+85Y+9eJU3BOza2NqWIqQUowk0no7dV2fc/Tr/AIJy/wDM+f8AcP8A/a1fp1X5mf8ABOa2mFt47vCP3RewjB/2gJmI/Kv0zr+CPGlp8S4q39z/ANIifZ5P/u8fn+YUUUV+WHphRRRQAUUUUAfAv/BQrWIbX4X+H9DLfvtQ1YSgf7FvC+4/m61xv/BMXSJX8SePNf2nyobOztM9t0sryY/KOvDP26PiNB4x+LMfhXTpRJZeEYDbMQcqbuUh5/8AvnCofdTX6Ff8E+/AE3hD4EJ4hvY/LuvF15JfjIwfs0YEMH4EKzD2av798H8nnguH8PCorSneb/7ed1/5LY+Fzasp15NdND7looor9LPNCiiigAooooAKK5rxf4x8MeAfD134r8Y6lFpWlWK7pZ5jhRngKAMlmY8KqgknoK+KW/4KOfAVdW+wCy1prPdt+2C1j8vH97yzL5mP+A59qLAffdFcp4K8ceE/iL4ctfFngrU4tV0q7zsmiJ4ZfvIynDK691YAiuroAKKKKACiiigAooooAKKKKAP/0P3EooooAKKKKACiiigAooooAK8J/aH+Bej/ALQHw/bwdqN42m3dtOt3Y3arv8mdVK/MmRuRlYqwBB7jkV7tRQB+MDf8EzPiiCQvi/RiOx2XIz+Gyuf8V/8ABOn4seGfC+q+IrbXNN1ibTLd7hbK1Sfz5xHyyx7lA3bckDuRgcmv2/r5b/ay+P8AqX7Pnw+ste0Cwiv9Y1i8Fnai43GCLCNI8jhSC2AMBQRknk4FVcD8Xv2cvjbefA/x/HrMwebQ9RAttTt16tDnIkUf89IjyPUZXvX7xaLrWk+I9JtNe0K7jvtOv41mgniO5JEbkEH+Y6g8Hmv5yPG3iqXxv4p1HxZc6faaZcapIZpobFGit/Nb77IjM23efmIBxknAFe2fAH9prxh8Drv+z1U6x4ZuH3z6fI+0ox6yW7nOxz3GNrdxnkfhni54UvOF9fwFlXirNbKaW2vSS6N6NaPZHt5Vmnsv3c/h/I/d6iuY8F+LtG8e+FNL8ZeH3Z9P1eBZ4t42uA3BVhzhlIIPuK6ev4tr0J0pypVFaUW00+jW6PsIyTV0FFFRT3EFpBJdXUqQwxKWeSRgqKo6lmOAAPU1mlfRDJa+bP2lvj5pnwS8GyCzlSXxTqqNHp1v1KE8G4kHZI+2fvNgDvjzP40/tt+A/A9vcaN8Onj8U69gqJUJ+wQN6tIMeaR/dTg92FflvHH8S/j78RViQT+IvE+uSYHoAP8Ax2KKMfRVFfv3hj4NYnG1oY3NabhRWqi9JT+W6j3vutFvdeFmWbxgnCk7v8ja+Cnws8Q/Hv4qWPhOB5Jft0xutTuzljFbBt08zMf4jnC56uwr+k3SdK07QdKstD0iEW1jp8MdvBEvRIolCoo+gFfP/wCzL+zpo37P/go6bEVv/EWqBJNUvlXh3UfLDFnkRR5OP7xyx64H0kUcdVI/Cv7J0WiPkBtFGCKKACilCk9Bmql/e2WlWz3uq3EVlbxjc8k7rEij1LMQAKALVVb6+stMs59R1K4jtLS2QySzTOI440XkszNgAD1NfGHxa/bw+C/w7jmsPDFyfGespkCKwbFqrf8ATS6IK4/65hz9K/Jf40/tMfFb473f2fxPf/ZdI35h0qy3R2qnPy7lyWlf3cn2A6U0gPbP25P2idC+MfijS/C3gPUHvPDPh5ZGeUApDdXrnBkTPLIiDarEDqxHBzXgi/AbxF/wol/jxJewx6cLsW62jKwmeMy+T5ob7uN/AHoCc9q92+Af7FninxzNbeJvidHLoHh7IkW1YbL27XqBtPMKHuzfMR0HevsD9suw0rw1+zLd6Bo1tHZWMFzp1tbwRDakcaSghVH0WvxziLxToLNcJlOWTUpyqRU2rNKLdnFPu+62t329jD5ZL2U6tRWSTsfPH/BNjxlrNl8TNe8BrKX0nVdOe9aIn5UuLV0VZFHqyOVPrgegr9oa/D3/AIJvW5l+OuqTgcQaHck/8CmhFfuFX7HI8cKKKKQBRRRQAUUUUAFFFFAH/9H9xKKKKACiiigAooooAKKKKACiiigAr83P+CmUBf4WeEbgDiLW2B/4FbSf4V+kdfBX/BRjS2vfgBb36jJ07WrOQ+yyJLGf1YU0B+ef7JXwK8DfHG58UWPjGW8hfSYrWS3a0lWMjzWdW3BkcH7ox0r6suv+Cd/w5kmV7PxTq0MWRuRkgcle4DbVwfcg14p/wTw1IQfEbxRpRODeaUkoHqYJ1H8pK/XCv5D8WeOs6yzPq1DCYmUYWi0tGtYq9k0+tz6zK8FRqUFKcbvU5zwh4U0bwN4Y0zwh4eiMOm6TAsEKsdzbV7se7Mckn1NdHRRX871q06k5VKjvJu7b3be7PfSSVkFfOX7VXgLxn8R/g5qPhvwKTJqHnwTvbBwhuoYiS8QJIGScMATglcelfRtFd2TZrUwOLpYykk5QkpK+qunfUitSU4uD6n88t78BPjZp2ftfgXWEx/ds5H/9ABrmZvAvxE0d/Mn8PatYuv8AEbS4jI/HYDX9IOSOhpwkkHRiPxr+gaP0ksYv4mEi/STX5pngvh6HSbP5u49e+I+lf6rUtZstvpPcxY/UVpQ/GD4s2J2weNdahI7DULgf+z1/RbIkcv8ArkWT/eAP86oy6RpE4xPYW8g/2oUb+Yr06f0lV9vA/dU/+0M3w72n+H/BP59ov2g/jlBxF8Q9dUf9hKf/AOLqz/w0d8eiMf8ACxddx/2EJv8A4qv3tk8HeEJuZtB09/8AetIT/Nag/wCEE8DZz/wjemZ/68oP/iK6l9JSh1wT/wDA1/8AIk/6uv8An/A/Am6+PHxpvVK3fj/XJQeobUrj/wCLrnmHxF8eTrC/9r+I5nPyq32i8JPsDur+iS38L+F7QhrXRrGEjulrEv8AJa11MFmm1NsK+igKPyFc1f6Sd1ajgdfOf6KBcOHO8/w/4J+Kvw1/Yk+MHjZ4rrxHAnhHTGwS9781yV/2LdTuz/vlK/ST4SfsufCn4RGLUNNsTq+tx4P9o34WSVW9Ykxsi/4CN3+0a96l1KMcRLuPqeBVq2nFxHvxgg4Ir8s4w8T89zSDjWn7Ok/sw0Xzd+Z+jdvI9fD5NTormtd92WCSTk18M/8ABQDUha/BjTdPzhr/AFiAY9RFFK5/XFfc1fmL/wAFF9eGPBPhZG5/0y+df++IkP8A6HXF4RYJ1+I8JFdG5f8AgMW/0JzWfLh5srf8EytMM3xC8aaxji10qCDPvPOG/wDaVfsnX5h/8EyfD7W/g3xt4odcfbb+2tEb1FtEXb9ZRX6eV/oDI+DCiiikAUUUUAFFFFABRRRQB//S/cSiiigAooooAKKKKACiiigAooooAK+aP2w/DreJv2bfG9nGm+SztUvkHvZypMT+Cqa+l6yte0a08R6FqXh6/GbbVLaa1kB/uToUP6GgD+fv9i3xEugftBaHFK22PWIbmwPpuljLp+boB+NfuTX841jNq3wn+JcMsylNQ8I6qN69DvspsMPx2kfQ1/RZpuo2esadaavp7iS1voY54mHIaOVQ6n8jX8ifSNylwx+HxqWk4uPzi7/lJfcfWcP1b05Q7P8AMu0UUV/OR9AFFFFAGHNfXAlYKdoBxjFMGoXI/iB/Ctp4IZDudASe9Rmztj/yzH617EMbh7JOH5HUqsLaozBqVx/sn8KX+05v7q/rV/7Ban+D9TSf2fa/3T+dV9awv8g/aU+xS/tOb+4v60h1Oc9FUfnV3+z7b0P50o0+1H8JP40fWMJ/KHPS7GU95cvwXwPbiokimmPyqW966BLW3j+6gz781PQ80hFWpQB4hL4UczNA8BAkxkjPFa2mjEBPq1Z19J5lw2Oi8flWxaJ5dug7kZP41rj6reHjzbsqtJ8iuWa/ED9tjxcvij486pZQvvt/D0EGnLg8B0HmS/8Aj7kH6V+zni/xRp/grwrq/i/VWC2mj2st1JnuI1JCj3Y4A9zX88+l2GvfFv4kW2nrmbV/F2phSev728lyx+i7ifoK/cfo55E6mNr5jJaQjyr1lq/uS/8AJj5HiCvaEaffU/df9iDwi3hL9m/w0Zo/LuNba41OTPXFxIRH/wCQ1SvrSsvRNGsfDui6f4f0xAlnplvFawqO0cKBF/QVqV/XDPlAooooAKKKKACiiigAooooA//T/cSiiigAooooAKKKKACiiigAooooAKKKKAPwj/4KAfDGTwT8bH8XWkOzTPGcIu1YD5RdxAR3C/U/K/8AwKvrz9h/4oR+NfhSvg++m3ar4RYWxUn5ms3y0D/ReY/+Aj1r6M/at+Cg+OHwkv8AQtPjDa9pRN/pbdzcRqd0OfSZMp/vbT2r8Mvgn8U9Y+CPxJs/FMcUhhiZrXUbQ/K0luxxKhB6OhG5c9GUe9fn3ifwe86ymeHpr95H3oeq6fNXXrZ9D0Mtxfsaqk9noz+hGisfw94g0fxXodj4k8PXS3um6lEs0EyHhkYcfQjoR1ByDWxX+fdSnKEnCas1o0+jPu076oKKKKgYUUUUAFFFFABRRR70AFVrq4FvGT/Efuio576KLIT529un51jM0tzLk/MzdK9TB5e5PmqaI6aVBvV7C28RnmC9up+ldLVW1thbpg8s3U15p8ZPi14f+DPgi78X64wkmAMdla5w91ckfJGvsOrn+Fcn0rZ0quOxMMNho80m7RS6tmWKxEVeTeiPjP8Ab6+LkdlpFh8HtHn/ANJvyl7qe0/cgQ5gib/fYbyPRV9a4r/gnP8ACZ/EXxA1H4ranDnT/C8Zt7RmHD31yuCR/wBcoiSfQutfEUj+NvjZ8Scqrap4l8VXoCqvQySnAA/uxov4Ki+1f0Y/Bf4WaR8Gfhto3w/0giT7BHuuZwMG4upPmmlP+83T0UAdq/0A4E4UhkuWU8DHWW8n3k936dF5JH51jsU61Rz+49Sooor645AooooAKKKKACiiigAooooA/9T9xKKKKACiiigAooooAKKKKACiiigAooooAK/Ij9u79ly4sr28+Ofw/szJZ3B8zXLSJeYpO94ij+Bv+WuOjfP0Jx+u9MkjjmjeGZBJHICrKwBVlIwQQeCCOoppgfz5/syftO6n8FdQ/wCEe8QCTUPB99JulhX5pLSRus0APUH+NP4uo+br+0fhvxN4f8Y6Ja+I/C9/Fqem3i7op4W3KfUHuGHQqcEHgivz4/ah/YPvLa4vPH/wLtPtFtIWlutDT/WRE8s1n/eX/pl1H8GR8o+Bvhr8XviT8FNcluPCd9JYsJNt3YXCkwSsvBWaFsYYdMjDD1r8Q8SvBujm8pY3AtQr9b/DP17Pz69V1Pay7N3S9yesfyP6HKQ5wcda+Ffhl+3j8N/E8cVh8QraTwrqJwGmAa4smb1DqN6fRlIH96vs/wAP+J/DfiyzXUPC+q2ur2zDIktZkmX8dhOPxr+SM+4RzLK58mOoSh5291+klo/kz6qhiqdRXg7ldp7lJCWdlbvzUq6hcr1Ib6it1kR+HUH6ioGs7Zv+WYH0rlWYUZL34Hp+3g90Zo1Kfuqn86Dqc3ZV/Wrx0+29D+dH9n23ofzp/WMJ/KPnpdjObULk9CB9BVZ5ZpjhmLe1bq2Vsv8ABn6mrCRonEagfQUf2hRh8EA9vBfCjCisZ5OWGwep/wAK2ILaO3GEGSepPWuS8Y/EbwH8PrVrzxrr1npCAZCzygSt/uxjLsfopr4H+LH7f9jDHNpPwe0xriY5X+0tQTbGv+1Fb5y3sZCB/smvoci4SznO5KODovk/m2ivWT0forvyPOxmaQgvfl8j7X+LXxk8D/Bnw82ueL7sCaQH7LZREG5unH8Ma9hnq5+Ve57V+Hnxf+L/AIx+OHjD+3/EBIUHybCxhy0dvGx+WONerOxxubGWP4AYLv8AEb40eNVU/bfFXiXVX2qoBllb2AHCIv4Ko9BX7Dfsr/sVaX8J5Lbx98SRDqvi9QHt7dcSW2nE91PSSYf3/ur/AA5PzV/XPhz4VYXIY+3qP2ldrWXReUf1e78lofGZhmkq/urSJJ+xT+yzJ8JdI/4WP48tgvi/V4dsEDjJ061cZKn0mk/j/uj5eu6vvyiiv1Q8sKKKKACiiigAooooAKKKKACiiigD/9X9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACvnL40fssfCP44LJe+I9OOna4y4XVLHEVzkdPM4KSgf7YJ9CK+jaKAPwv+Jv8AwT3+Mvg55rzwS8HjLTkyVFuRBehf9qCQ4Y/7jtn0r45v9L8e/DXVtmo2upeFtSjPV1ms5c+x+Un8DX9S1UdT0vS9atWsdasoNQtm4MVxEsyEf7rgiiSUk4yV0xp2P5zPD/7Vf7QHhxUSz8ZXV1EvRLxY7sfnKrN+terad+3x8crQBb2HSb8Du9q0bH8Y5FH6V+sniP8AZO/Z08UO8upeBNPhlfkvaB7Rs+v7hkH6V5Fqf/BPP9nS+YtZwarp2f8AnjfFgPoJVevlMbwHkmId62Dpt9+VJ/ekmdUMdWjtN/efEEP/AAUP+JiDE3hfR5D6g3C/+1KfL/wUQ+JLLiLwto6H1LXDf+1BX1fP/wAE1vgw7E2/iDXYh6NLbP8A+0RUcP8AwTU+DitmfxFrkg9A9uv6+Sa8n/iFHDl7/U4/fL/M1/tXEfznxVqf7fPxwvAVsINJ04Hulq0jD8ZJGH6V474m/ae+PPipHi1TxleQQv1jtClomD2/cqhx+NfrLpf/AATw/Z2sGDXseraljtPfbAfqIUjr2Xwz+yp+zx4SdJtJ8CadJMnIku0a8fPrm4aQfpXr4DgTJMM+ahg6afflTf3u7MZ46tL4pv7z+fPw34J+IfxN1Qx+F9G1HxJfTH5nhikuDk93lOQPqzV93fCr/gnH49154dS+K+qReGrE4ZrO1K3N6w9Cw/dR/XLn2r9l7Ozs9OtlstOt47S3ThYoUWNAPZVAA/KrNfVrRWRynlXwr+Cnw1+DGknSvh/o0di0gAnun/eXdxjvLM3zH/dGFHYCvVaKKQBRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH/1v3EooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/1/3EooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/0P3EooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/0f3EooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/0v3Eoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQBRoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQBRoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQBRoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQBRoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQB//9k=" + } + ] + } advisories: { title: "GitHub Commit" url: "https://github.com/FasterXML/jackson-databind/commit/6799f8f10cc78e9af6d443ed6982d00a13f2e7d2" @@ -59,6 +70,10 @@ vulnerabilities { seconds: 3173618478 nanos: 3 } + rejected: { + seconds: 3173618478 + nanos: 3 + } credits: { organizations: { name: "Acme, Inc." @@ -70,13 +85,31 @@ vulnerabilities { } } tools: { - vendor: "Snyk" - name: "Snyk CLI (Linux)" - version: "1.729.0" - hashes: { - alg: HASH_ALG_SHA_256 - value: "2eaf8c62831a1658c95d41fdc683cd177c147733c64a93e59cb2362829e45b7d" - } + components: [ + { + type: CLASSIFICATION_APPLICATION, + group: "Snyk", + name: "Snyk CLI (Linux)", + version: "1.729.0", + hashes: [ + { + alg: HASH_ALG_SHA_256 + value: "2eaf8c62831a1658c95d41fdc683cd177c147733c64a93e59cb2362829e45b7d" + } + ] + } + ] + services: [ + { + provider: { + name: "Acme Inc" + }, + name: "Acme BOM Analyzer", + endpoints: [ + "https://example.com/analyze" + ] + } + ] } analysis: { state: IMPACT_ANALYSIS_STATE_NOT_AFFECTED @@ -84,6 +117,14 @@ vulnerabilities { response: VULNERABILITY_RESPONSE_WILL_NOT_FIX response: VULNERABILITY_RESPONSE_UPDATE detail: "An optional explanation of why the application is not affected by the vulnerable component." + firstIssued: { + seconds: 1641042000 + nanos: 3 + } + lastUpdated: { + seconds: 1643720400 + nanos: 3 + } } affects: { ref: "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4" @@ -116,4 +157,5 @@ vulnerabilities { name: "Bar" value: "Foo" } + workaround: "Describe the workarounds here" } diff --git a/src/test/resources/1.5/valid-vulnerability-1.5.xml b/src/test/resources/1.5/valid-vulnerability-1.5.xml index 332890004..4a2ffdc72 100644 --- a/src/test/resources/1.5/valid-vulnerability-1.5.xml +++ b/src/test/resources/1.5/valid-vulnerability-1.5.xml @@ -51,6 +51,14 @@ FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath. Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.6.7.5, 2.8.11.1, 2.9.5 or higher. + Describe the workarounds here + + Precise steps to reproduce go here + Describe the environment + + /9j/4AAQSkZJRgABAQAASABIAAD/4QBYRXhpZgAATU0AKgAAAAgAAgESAAMAAAABAAEAAIdpAAQAAAABAAAAJgAAAAAAA6ABAAMAAAABAAEAAKACAAQAAAABAAABQKADAAQAAAABAAABQAAAAAD/wAARCAFAAUADASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9sAQwACAgICAgIDAgIDBQMDAwUGBQUFBQYIBgYGBgYICggICAgICAoKCgoKCgoKDAwMDAwMDg4ODg4PDw8PDw8PDw8P/9sAQwECAgIEBAQHBAQHEAsJCxAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQ/90ABAAU/9oADAMBAAIRAxEAPwD9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9D9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9H9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9L9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9P9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9T9xKKKKACiiigAooooAKKKKACiiigAooooAKKzdY1jSfD2lXWua7eRafp9jG0s9xO4SONF6szHgCvyK+P/APwUJ1zV7i68MfAxTpmnKTG2sTJ/pU3Ym3jbIiU9mYFz1AWmkB+qvjL4ieA/h5Z/bvHPiCy0OEjK/a51jZv91CdzfgDXy3r/APwUA/Zw0WVobPUr/WWXvZ2T7D9GmMQNfitofhT4ofGXX5ptHsdR8V6rK2Zrht85BPeSaQ7V/wCBMK+nvDv7Afxk1WJZtcvtL0PdzskmeeQfUQqVz/wI185nXF+VZc+XG4mMH2b1+5Xf4HTRwlWprCLZ9xW//BSD4DSy7JtO12Bf77WsBH5LOT+leweEP2yv2cfGc0drZeL4tNuJOBHqUclmST23yKI//H6/Om4/4J2eOli3Wvi/TJJP7rwzoPzAb+VeL+NP2NPjx4Ohku00aPXrWPJL6ZKJ2x/1yYLIfwU15WX+JeQYqfs6OMhfzfL/AOlJGk8trxV3Bn9Ctpd2t/bR3thPHc28w3JLEweNwe6spII+lWK/me+G3xr+LfwN1hj4P1e50zyXxcadcBmtnI6rLbScA+4CsOxr9mP2bv2x/Bfxz8rwzrUaeHfGIX/jzd8wXeBy1q7ck9zG3zDtuGTX2+6ujiPsmiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD//1f3EooooAKKKKACiiigAooooAKKKKACop54LWCS6upFhhhVnkdyFVEUZZmJ4AAGSalr88P8AgoV8aJ/BXgCz+F+hXBi1PxeGa7ZDho9OiOGX285/k91DChAfDv7Xn7Uuo/GzxHN4V8LXL2/gbSZSIUUlft8qHH2mUd1z/qlPAHzH5jx1P7NH7HM/j21tfHvxQWWy8Py4ktbBSY571ezu3WOE9sfMw5GBgnhP2PfgTB8WfGsviHxJb+b4Z8NsjzIw+W6uTzFAfVRjc49MD+Kv2w/dxR/wxxxr7Kqqo/IAD8q/nbxl8VauAm8pyyVqlvfkt432S/vNat9Fa2r0+hyjK1Ne1qbdEZWgeHtB8K6VDofhrT4NL0+3GI4LeMRoPfA6n1J5Pc1sV8+X/wC1V+z9pustoV14ytTOjbGeNJZIFYcYMyIU/EEj3r3iw1Cw1Wyg1LS7mO8tLpBJFNC4eORG5DKy5BB9q/lbM8px1C1XG0px59U5Jrm+bWp9NTqwlpBrTsW6KKK8k1PD/jD+z78OvjRp8ieI7IWurBcQanbKFuoz23HpInqr59sHmvxc+K/wl8c/AbxlHpWtFo3VvP0/UbYsiTqjZWSJxyrqcblzuU+2Cf6E68r+Mnwn0H4yeBb3wfraqkrAyWVzjL2t0o+SRT1x2cd1JHpX7D4ZeKuJyevHDYqTlhno09eTzj6dY7P1PJzLLI1k5RVpfmef/sZftQn41aA/gvxnMo8Z6JEGaQ4X+0LZcL54H/PRTgSgeoYdSB9yV/MPoWs+M/gP8U4dTgU2XiDwnfFZIySFYxNtkjb1jkXI91Oa/pQ8E+LtI8feENG8a6C++w1u1iuovVRIuSp91OVPuDX9ywqRnFTg7p6pnxTTTszqKKKKoQUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH//W/cSiiigAooooAKKKKACiiigD8fP2q/21fiZo/wAStW+Hnwsvl0LTvD0xtZ7pYkkuLm4T/WYaQMERW+UBRk4yTg4r5Z/4bJ/aZ/6Hu6/79W//AMbr6u/a+/Yz8cX3jLWfi18L7U63Zau5u77Tov8Aj7gnI/ePEn/LVHI3bV+YEkYIr8z9Ovrnw9qhe4soppYGKS295CHGQeVZGAKkfgRTe2iNKUYuSU3Zd9z6C/4bJ/aZ/wCh7uv+/Vv/APG68Z8e/EXxr8T9dHiXx7qsusaksKQCaUKCIoySqgIFAAJJ6d6+gPBPiT4Q+KvLs9Q0Gx0rUWwPLliTy3P+xIQB+BwfrWR8efDHh3Q9E0u40bTYLGWS5ZGaGMIWXYTg468ivIp5x+/VCdNxbPv8TwBbLp5lh8VCpCO9r33StqtHrsz9EP2G9X8J33wOt9M8PKY7/TbqZdUV8bmuZTvWTjqjR7QvptI7VN+3B4o1vw18C7iHRZHg/tm+gsbmRCQRburu65HQOUCn1BI714P/AME5Wbb48TJ2/wDEvOO2f33NfoJ8QvAXh74m+D9R8E+KImksNRQAlDiSN1O5JEJzhkYAj8jwTX8Y8WTw+VcaTr105041Izd9X7yUn62b0XkkcOFUquDSjo7W/Q/m/wCnAr9XP+CePifWr/wx4q8KXkjy6bpM9tPa7iSImuQ/mIvoCUDY9cnvXll//wAE8PiAmsmDTPFGmS6UW4nmWZJwnvEqspbHo+K/Qz4KfBrw58EfBq+FdBka7mmk8+8u5AFe4nIA3YGdqqBhVycDuSSa/UfF/wASMlx2SywmEqqpUm4tWT92zTbd0rO11bfXseblOXVoVueaskev0UUV/JR9SFFFFAH5F/8ABQLwFDovj7RvH1lGEj8R2zQ3GBgG5tMAMfdo2X/vmvrj/gnD43l174Qat4NupN8vhfUT5QJ5FveL5qj6CQSfnXHf8FBNPiuPg/o+oMP3llrEQU9wssMqsPxwPyrzP/gmNqEqeNvHWlZ/dTabazkf7UU5Qfo5r+9vBfNJ4rh2h7R3cLw+Sen3JpfI+Hziko4iVuup+xNFFFfqR5YUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH//1/3EooooAKKKKACiiigAooooAK+cPjd+yz8KfjnBJda9Y/2Zr+3Eeq2QVLgHt5o+7Mvs/Powr6Pr57/aW+PFp+z78PB4s+wjU9SvrhbOxtmYpG8zKzlpGHIRFUk45JwBjOQ0B+MHxz/ZJ+KvwOabVL+1GueGkPy6rZKWjRScD7RHy0J+uVz0Y18+XvibXdS0i30LULt7mztH8yFZDuKHG3AY84x26V6f8Wf2iPi18abpm8ba3I1gG3R6fbfuLKP0xEp+Yj+85Y+9eJU3BOza2NqWIqQUowk0no7dV2fc/Tr/AIJy/wDM+f8AcP8A/a1fp1X5mf8ABOa2mFt47vCP3RewjB/2gJmI/Kv0zr+CPGlp8S4q39z/ANIifZ5P/u8fn+YUUUV+WHphRRRQAUUUUAfAv/BQrWIbX4X+H9DLfvtQ1YSgf7FvC+4/m61xv/BMXSJX8SePNf2nyobOztM9t0sryY/KOvDP26PiNB4x+LMfhXTpRJZeEYDbMQcqbuUh5/8AvnCofdTX6Ff8E+/AE3hD4EJ4hvY/LuvF15JfjIwfs0YEMH4EKzD2av798H8nnguH8PCorSneb/7ed1/5LY+Fzasp15NdND7looor9LPNCiiigAooooAKK5rxf4x8MeAfD134r8Y6lFpWlWK7pZ5jhRngKAMlmY8KqgknoK+KW/4KOfAVdW+wCy1prPdt+2C1j8vH97yzL5mP+A59qLAffdFcp4K8ceE/iL4ctfFngrU4tV0q7zsmiJ4ZfvIynDK691YAiuroAKKKKACiiigAooooAKKKKAP/0P3EooooAKKKKACiiigAooooAK8J/aH+Bej/ALQHw/bwdqN42m3dtOt3Y3arv8mdVK/MmRuRlYqwBB7jkV7tRQB+MDf8EzPiiCQvi/RiOx2XIz+Gyuf8V/8ABOn4seGfC+q+IrbXNN1ibTLd7hbK1Sfz5xHyyx7lA3bckDuRgcmv2/r5b/ay+P8AqX7Pnw+ste0Cwiv9Y1i8Fnai43GCLCNI8jhSC2AMBQRknk4FVcD8Xv2cvjbefA/x/HrMwebQ9RAttTt16tDnIkUf89IjyPUZXvX7xaLrWk+I9JtNe0K7jvtOv41mgniO5JEbkEH+Y6g8Hmv5yPG3iqXxv4p1HxZc6faaZcapIZpobFGit/Nb77IjM23efmIBxknAFe2fAH9prxh8Drv+z1U6x4ZuH3z6fI+0ox6yW7nOxz3GNrdxnkfhni54UvOF9fwFlXirNbKaW2vSS6N6NaPZHt5Vmnsv3c/h/I/d6iuY8F+LtG8e+FNL8ZeH3Z9P1eBZ4t42uA3BVhzhlIIPuK6ev4tr0J0pypVFaUW00+jW6PsIyTV0FFFRT3EFpBJdXUqQwxKWeSRgqKo6lmOAAPU1mlfRDJa+bP2lvj5pnwS8GyCzlSXxTqqNHp1v1KE8G4kHZI+2fvNgDvjzP40/tt+A/A9vcaN8Onj8U69gqJUJ+wQN6tIMeaR/dTg92FflvHH8S/j78RViQT+IvE+uSYHoAP8Ax2KKMfRVFfv3hj4NYnG1oY3NabhRWqi9JT+W6j3vutFvdeFmWbxgnCk7v8ja+Cnws8Q/Hv4qWPhOB5Jft0xutTuzljFbBt08zMf4jnC56uwr+k3SdK07QdKstD0iEW1jp8MdvBEvRIolCoo+gFfP/wCzL+zpo37P/go6bEVv/EWqBJNUvlXh3UfLDFnkRR5OP7xyx64H0kUcdVI/Cv7J0WiPkBtFGCKKACilCk9Bmql/e2WlWz3uq3EVlbxjc8k7rEij1LMQAKALVVb6+stMs59R1K4jtLS2QySzTOI440XkszNgAD1NfGHxa/bw+C/w7jmsPDFyfGespkCKwbFqrf8ATS6IK4/65hz9K/Jf40/tMfFb473f2fxPf/ZdI35h0qy3R2qnPy7lyWlf3cn2A6U0gPbP25P2idC+MfijS/C3gPUHvPDPh5ZGeUApDdXrnBkTPLIiDarEDqxHBzXgi/AbxF/wol/jxJewx6cLsW62jKwmeMy+T5ob7uN/AHoCc9q92+Af7FninxzNbeJvidHLoHh7IkW1YbL27XqBtPMKHuzfMR0HevsD9suw0rw1+zLd6Bo1tHZWMFzp1tbwRDakcaSghVH0WvxziLxToLNcJlOWTUpyqRU2rNKLdnFPu+62t329jD5ZL2U6tRWSTsfPH/BNjxlrNl8TNe8BrKX0nVdOe9aIn5UuLV0VZFHqyOVPrgegr9oa/D3/AIJvW5l+OuqTgcQaHck/8CmhFfuFX7HI8cKKKKQBRRRQAUUUUAFFFFAH/9H9xKKKKACiiigAooooAKKKKACiiigAr83P+CmUBf4WeEbgDiLW2B/4FbSf4V+kdfBX/BRjS2vfgBb36jJ07WrOQ+yyJLGf1YU0B+ef7JXwK8DfHG58UWPjGW8hfSYrWS3a0lWMjzWdW3BkcH7ox0r6suv+Cd/w5kmV7PxTq0MWRuRkgcle4DbVwfcg14p/wTw1IQfEbxRpRODeaUkoHqYJ1H8pK/XCv5D8WeOs6yzPq1DCYmUYWi0tGtYq9k0+tz6zK8FRqUFKcbvU5zwh4U0bwN4Y0zwh4eiMOm6TAsEKsdzbV7se7Mckn1NdHRRX871q06k5VKjvJu7b3be7PfSSVkFfOX7VXgLxn8R/g5qPhvwKTJqHnwTvbBwhuoYiS8QJIGScMATglcelfRtFd2TZrUwOLpYykk5QkpK+qunfUitSU4uD6n88t78BPjZp2ftfgXWEx/ds5H/9ABrmZvAvxE0d/Mn8PatYuv8AEbS4jI/HYDX9IOSOhpwkkHRiPxr+gaP0ksYv4mEi/STX5pngvh6HSbP5u49e+I+lf6rUtZstvpPcxY/UVpQ/GD4s2J2weNdahI7DULgf+z1/RbIkcv8ArkWT/eAP86oy6RpE4xPYW8g/2oUb+Yr06f0lV9vA/dU/+0M3w72n+H/BP59ov2g/jlBxF8Q9dUf9hKf/AOLqz/w0d8eiMf8ACxddx/2EJv8A4qv3tk8HeEJuZtB09/8AetIT/Nag/wCEE8DZz/wjemZ/68oP/iK6l9JSh1wT/wDA1/8AIk/6uv8An/A/Am6+PHxpvVK3fj/XJQeobUrj/wCLrnmHxF8eTrC/9r+I5nPyq32i8JPsDur+iS38L+F7QhrXRrGEjulrEv8AJa11MFmm1NsK+igKPyFc1f6Sd1ajgdfOf6KBcOHO8/w/4J+Kvw1/Yk+MHjZ4rrxHAnhHTGwS9781yV/2LdTuz/vlK/ST4SfsufCn4RGLUNNsTq+tx4P9o34WSVW9Ykxsi/4CN3+0a96l1KMcRLuPqeBVq2nFxHvxgg4Ir8s4w8T89zSDjWn7Ok/sw0Xzd+Z+jdvI9fD5NTormtd92WCSTk18M/8ABQDUha/BjTdPzhr/AFiAY9RFFK5/XFfc1fmL/wAFF9eGPBPhZG5/0y+df++IkP8A6HXF4RYJ1+I8JFdG5f8AgMW/0JzWfLh5srf8EytMM3xC8aaxji10qCDPvPOG/wDaVfsnX5h/8EyfD7W/g3xt4odcfbb+2tEb1FtEXb9ZRX6eV/oDI+DCiiikAUUUUAFFFFABRRRQB//S/cSiiigAooooAKKKKACiiigAooooAK+aP2w/DreJv2bfG9nGm+SztUvkHvZypMT+Cqa+l6yte0a08R6FqXh6/GbbVLaa1kB/uToUP6GgD+fv9i3xEugftBaHFK22PWIbmwPpuljLp+boB+NfuTX841jNq3wn+JcMsylNQ8I6qN69DvspsMPx2kfQ1/RZpuo2esadaavp7iS1voY54mHIaOVQ6n8jX8ifSNylwx+HxqWk4uPzi7/lJfcfWcP1b05Q7P8AMu0UUV/OR9AFFFFAGHNfXAlYKdoBxjFMGoXI/iB/Ctp4IZDudASe9Rmztj/yzH617EMbh7JOH5HUqsLaozBqVx/sn8KX+05v7q/rV/7Ban+D9TSf2fa/3T+dV9awv8g/aU+xS/tOb+4v60h1Oc9FUfnV3+z7b0P50o0+1H8JP40fWMJ/KHPS7GU95cvwXwPbiokimmPyqW966BLW3j+6gz781PQ80hFWpQB4hL4UczNA8BAkxkjPFa2mjEBPq1Z19J5lw2Oi8flWxaJ5dug7kZP41rj6reHjzbsqtJ8iuWa/ED9tjxcvij486pZQvvt/D0EGnLg8B0HmS/8Aj7kH6V+zni/xRp/grwrq/i/VWC2mj2st1JnuI1JCj3Y4A9zX88+l2GvfFv4kW2nrmbV/F2phSev728lyx+i7ifoK/cfo55E6mNr5jJaQjyr1lq/uS/8AJj5HiCvaEaffU/df9iDwi3hL9m/w0Zo/LuNba41OTPXFxIRH/wCQ1SvrSsvRNGsfDui6f4f0xAlnplvFawqO0cKBF/QVqV/XDPlAooooAKKKKACiiigAooooA//T/cSiiigAooooAKKKKACiiigAooooAKKKKAPwj/4KAfDGTwT8bH8XWkOzTPGcIu1YD5RdxAR3C/U/K/8AwKvrz9h/4oR+NfhSvg++m3ar4RYWxUn5ms3y0D/ReY/+Aj1r6M/at+Cg+OHwkv8AQtPjDa9pRN/pbdzcRqd0OfSZMp/vbT2r8Mvgn8U9Y+CPxJs/FMcUhhiZrXUbQ/K0luxxKhB6OhG5c9GUe9fn3ifwe86ymeHpr95H3oeq6fNXXrZ9D0Mtxfsaqk9noz+hGisfw94g0fxXodj4k8PXS3um6lEs0EyHhkYcfQjoR1ByDWxX+fdSnKEnCas1o0+jPu076oKKKKgYUUUUAFFFFABRRR70AFVrq4FvGT/Efuio576KLIT529un51jM0tzLk/MzdK9TB5e5PmqaI6aVBvV7C28RnmC9up+ldLVW1thbpg8s3U15p8ZPi14f+DPgi78X64wkmAMdla5w91ckfJGvsOrn+Fcn0rZ0quOxMMNho80m7RS6tmWKxEVeTeiPjP8Ab6+LkdlpFh8HtHn/ANJvyl7qe0/cgQ5gib/fYbyPRV9a4r/gnP8ACZ/EXxA1H4ranDnT/C8Zt7RmHD31yuCR/wBcoiSfQutfEUj+NvjZ8Scqrap4l8VXoCqvQySnAA/uxov4Ki+1f0Y/Bf4WaR8Gfhto3w/0giT7BHuuZwMG4upPmmlP+83T0UAdq/0A4E4UhkuWU8DHWW8n3k936dF5JH51jsU61Rz+49Sooor645AooooAKKKKACiiigAooooA/9T9xKKKKACiiigAooooAKKKKACiiigAooooAK/Ij9u79ly4sr28+Ofw/szJZ3B8zXLSJeYpO94ij+Bv+WuOjfP0Jx+u9MkjjmjeGZBJHICrKwBVlIwQQeCCOoppgfz5/syftO6n8FdQ/wCEe8QCTUPB99JulhX5pLSRus0APUH+NP4uo+br+0fhvxN4f8Y6Ja+I/C9/Fqem3i7op4W3KfUHuGHQqcEHgivz4/ah/YPvLa4vPH/wLtPtFtIWlutDT/WRE8s1n/eX/pl1H8GR8o+Bvhr8XviT8FNcluPCd9JYsJNt3YXCkwSsvBWaFsYYdMjDD1r8Q8SvBujm8pY3AtQr9b/DP17Pz69V1Pay7N3S9yesfyP6HKQ5wcda+Ffhl+3j8N/E8cVh8QraTwrqJwGmAa4smb1DqN6fRlIH96vs/wAP+J/DfiyzXUPC+q2ur2zDIktZkmX8dhOPxr+SM+4RzLK58mOoSh5291+klo/kz6qhiqdRXg7ldp7lJCWdlbvzUq6hcr1Ib6it1kR+HUH6ioGs7Zv+WYH0rlWYUZL34Hp+3g90Zo1Kfuqn86Dqc3ZV/Wrx0+29D+dH9n23ofzp/WMJ/KPnpdjObULk9CB9BVZ5ZpjhmLe1bq2Vsv8ABn6mrCRonEagfQUf2hRh8EA9vBfCjCisZ5OWGwep/wAK2ILaO3GEGSepPWuS8Y/EbwH8PrVrzxrr1npCAZCzygSt/uxjLsfopr4H+LH7f9jDHNpPwe0xriY5X+0tQTbGv+1Fb5y3sZCB/smvoci4SznO5KODovk/m2ivWT0forvyPOxmaQgvfl8j7X+LXxk8D/Bnw82ueL7sCaQH7LZREG5unH8Ma9hnq5+Ve57V+Hnxf+L/AIx+OHjD+3/EBIUHybCxhy0dvGx+WONerOxxubGWP4AYLv8AEb40eNVU/bfFXiXVX2qoBllb2AHCIv4Ko9BX7Dfsr/sVaX8J5Lbx98SRDqvi9QHt7dcSW2nE91PSSYf3/ur/AA5PzV/XPhz4VYXIY+3qP2ldrWXReUf1e78lofGZhmkq/urSJJ+xT+yzJ8JdI/4WP48tgvi/V4dsEDjJ061cZKn0mk/j/uj5eu6vvyiiv1Q8sKKKKACiiigAooooAKKKKACiiigD/9X9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACvnL40fssfCP44LJe+I9OOna4y4XVLHEVzkdPM4KSgf7YJ9CK+jaKAPwv+Jv8AwT3+Mvg55rzwS8HjLTkyVFuRBehf9qCQ4Y/7jtn0r45v9L8e/DXVtmo2upeFtSjPV1ms5c+x+Un8DX9S1UdT0vS9atWsdasoNQtm4MVxEsyEf7rgiiSUk4yV0xp2P5zPD/7Vf7QHhxUSz8ZXV1EvRLxY7sfnKrN+terad+3x8crQBb2HSb8Du9q0bH8Y5FH6V+sniP8AZO/Z08UO8upeBNPhlfkvaB7Rs+v7hkH6V5Fqf/BPP9nS+YtZwarp2f8AnjfFgPoJVevlMbwHkmId62Dpt9+VJ/ekmdUMdWjtN/efEEP/AAUP+JiDE3hfR5D6g3C/+1KfL/wUQ+JLLiLwto6H1LXDf+1BX1fP/wAE1vgw7E2/iDXYh6NLbP8A+0RUcP8AwTU+DitmfxFrkg9A9uv6+Sa8n/iFHDl7/U4/fL/M1/tXEfznxVqf7fPxwvAVsINJ04Hulq0jD8ZJGH6V474m/ae+PPipHi1TxleQQv1jtClomD2/cqhx+NfrLpf/AATw/Z2sGDXseraljtPfbAfqIUjr2Xwz+yp+zx4SdJtJ8CadJMnIku0a8fPrm4aQfpXr4DgTJMM+ahg6afflTf3u7MZ46tL4pv7z+fPw34J+IfxN1Qx+F9G1HxJfTH5nhikuDk93lOQPqzV93fCr/gnH49154dS+K+qReGrE4ZrO1K3N6w9Cw/dR/XLn2r9l7Ozs9OtlstOt47S3ThYoUWNAPZVAA/KrNfVrRWRynlXwr+Cnw1+DGknSvh/o0di0gAnun/eXdxjvLM3zH/dGFHYCvVaKKQBRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH/1v3EooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/1/3EooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/0P3EooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/0f3EooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/0v3Eoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQBRoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQBRoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQBRoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQBRoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQB//9k= + + GitHub Commit @@ -64,6 +72,7 @@ 2021-01-01T00:00:00.000Z 2021-01-01T00:00:00.000Z 2021-01-01T00:00:00.000Z + 2022-01-01T00:00:00.000Z @@ -79,14 +88,27 @@ - - Snyk - Snyk CLI (Linux) - 1.729.0 - - 2eaf8c62831a1658c95d41fdc683cd177c147733c64a93e59cb2362829e45b7d - - + + + Snyk + Snyk CLI (Linux) + 1.729.0 + + 2eaf8c62831a1658c95d41fdc683cd177c147733c64a93e59cb2362829e45b7d + + + + + + + Acme Inf + + Acme BOM Analyzer + + https://example.com/analyze + + + not_affected @@ -96,6 +118,8 @@ update An optional explanation of why the application is not affected by the vulnerable component. + 2022-01-01T00:00:00.000Z + 2022-02-01T00:00:00.000Z From 54eedb0dd0355ab0fa260ef47fba449519d5db41 Mon Sep 17 00:00:00 2001 From: Alex Alzate Date: Wed, 28 Jun 2023 22:13:11 -0500 Subject: [PATCH 27/40] Update schema definition and examples with info from spec --- src/main/resources/bom-1.5.proto | 20 +++---- src/main/resources/bom-1.5.schema.json | 6 +- src/main/resources/bom-1.5.xsd | 36 +++++------ .../1.5/invalid-component-ref-1.5.json | 6 -- .../1.5/invalid-component-ref-1.5.xml | 6 -- .../resources/1.5/invalid-dependency-1.5.json | 6 -- .../resources/1.5/invalid-dependency-1.5.xml | 12 +--- src/test/resources/1.5/valid-bom-1.5.json | 8 +-- .../resources/1.5/valid-compositions-1.5.json | 16 ----- .../1.5/valid-compositions-1.5.textproto | 12 ---- .../resources/1.5/valid-compositions-1.5.xml | 16 +---- .../resources/1.5/valid-evidence-1.5.json | 57 ------------------ .../1.5/valid-evidence-1.5.textproto | 60 ------------------- src/test/resources/1.5/valid-evidence-1.5.xml | 57 ------------------ .../1.5/valid-license-expression-1.5.json | 3 +- .../1.5/valid-license-expression-1.5.xml | 4 +- .../resources/1.5/valid-license-id-1.5.json | 3 +- .../resources/1.5/valid-license-id-1.5.xml | 2 +- .../resources/1.5/valid-license-name-1.5.json | 3 +- .../resources/1.5/valid-license-name-1.5.xml | 2 +- .../1.5/valid-metadata-manufacture-1.5.json | 2 - .../valid-metadata-manufacture-1.5.textproto | 2 - .../1.5/valid-metadata-manufacture-1.5.xml | 4 +- .../1.5/valid-metadata-supplier-1.5.json | 2 - .../1.5/valid-metadata-supplier-1.5.textproto | 2 - .../1.5/valid-metadata-supplier-1.5.xml | 4 +- .../1.5/valid-metadata-tool-1.5.json | 53 +++++----------- .../1.5/valid-metadata-tool-1.5.textproto | 37 +++--------- .../resources/1.5/valid-metadata-tool-1.5.xml | 36 +++-------- .../resources/1.5/valid-properties-1.5.json | 25 -------- .../1.5/valid-properties-1.5.textproto | 21 ------- .../resources/1.5/valid-properties-1.5.xml | 11 ---- .../1.5/valid-release-notes-1.5.json | 2 +- src/test/resources/1.5/valid-service-1.5.json | 2 +- .../1.5/valid-vulnerability-1.5.json | 57 +++++------------- .../1.5/valid-vulnerability-1.5.textproto | 56 +++-------------- .../resources/1.5/valid-vulnerability-1.5.xml | 40 +++---------- 37 files changed, 113 insertions(+), 578 deletions(-) diff --git a/src/main/resources/bom-1.5.proto b/src/main/resources/bom-1.5.proto index 1f493d141..498fb15d8 100644 --- a/src/main/resources/bom-1.5.proto +++ b/src/main/resources/bom-1.5.proto @@ -253,7 +253,7 @@ enum ExternalReferenceType { EXTERNAL_REFERENCE_TYPE_CODIFIED_INFRASTRUCTURE = 31; // A model card describes the intended uses of a machine learning model, potential limitations, biases, ethical considerations, training parameters, datasets used to train the model, performance metrics, and other relevant data useful for ML transparency. EXTERNAL_REFERENCE_TYPE_MODEL_CARD = 32; - // Plans of Action and Milestones (POAM) compliment an "attestation" external reference. POAM is defined by NIST as a "document that identifies tasks needing to be accomplished. It details resources required to accomplish the elements of the plan, any milestones in meeting the tasks and scheduled completion dates for the milestones". + // Plans of Action and Milestones (POAM) compliment an "attestation" external reference. POAM is defined by NIST as a "document that identifies tasks needing to be accomplished. It details resources required to accomplish the elements of the plan, any milestones in meeting the tasks and scheduled completion dates for the milestones". EXTERNAL_REFERENCE_TYPE_POAM = 33; // A record of events that occurred in a computer system or application, such as problems, errors, or information on current operations. EXTERNAL_REFERENCE_TYPE_LOG = 34; @@ -352,7 +352,7 @@ message License { // Licensing details describing the licensor/licensee, license type, renewal and expiration dates, and other important metadata optional Licensing licensing = 6; // Specifies optional, custom, properties - repeated Property properties = 7; + repeated Property properties = 7; } message Licensing { @@ -439,13 +439,13 @@ message Metadata { } message Lifecycles { - oneof choice { - // A pre-defined phase in the product lifecycle. - LifecyclePhase phase = 1; - // The name of the lifecycle phase - string name = 2; - } - // The description of the lifecycle phase + oneof choice { + // A pre-defined phase in the product lifecycle. + LifecyclePhase phase = 1; + // The name of the lifecycle phase + string name = 2; + } + // The description of the lifecycle phase optional string description = 3; } @@ -1484,4 +1484,4 @@ message EnvironmentVars { Property property = 1; string value = 2; } -} +} \ No newline at end of file diff --git a/src/main/resources/bom-1.5.schema.json b/src/main/resources/bom-1.5.schema.json index 3ecc1dcdb..b4b4c3ca1 100644 --- a/src/main/resources/bom-1.5.schema.json +++ b/src/main/resources/bom-1.5.schema.json @@ -216,7 +216,7 @@ } ] } - }, + }, "tools": { "oneOf": [ { @@ -581,7 +581,7 @@ "title": "Release notes", "description": "Specifies optional release notes." }, - "modelCard": { + "modelCard": { "$ref": "#/definitions/modelCard", "title": "Machine Learning Model Card" }, @@ -3796,4 +3796,4 @@ "description": "Enveloped signature in [JSON Signature Format (JSF)](https://cyberphone.github.io/doc/security/jsf.html)." } } -} +} \ No newline at end of file diff --git a/src/main/resources/bom-1.5.xsd b/src/main/resources/bom-1.5.xsd index 94c238712..5b69a2b92 100644 --- a/src/main/resources/bom-1.5.xsd +++ b/src/main/resources/bom-1.5.xsd @@ -796,8 +796,8 @@ limitations under the License. of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. Formal registration is OPTIONAL. - - + + @@ -2495,9 +2495,9 @@ limitations under the License. * minor = A minor release, also known as an update, may contain a smaller number of changes than major releases. * patch = Patch releases are typically unplanned and may resolve defects or important security issues. * pre-release = A pre-release may include alpha, beta, or release candidates and typically have - limited support. They provide the ability to preview a release prior to its general availability. + limited support. They provide the ability to preview a release prior to its general availability. * internal = Internal releases are not for public consumption and are intended to be used exclusively - by the project or manufacturer that produced it. + by the project or manufacturer that produced it. @@ -2532,7 +2532,7 @@ limitations under the License. One or more alternate names the release may be referred to. This may - include unofficial terms used by development and marketing teams (e.g. code names). + include unofficial terms used by development and marketing teams (e.g. code names). @@ -2565,7 +2565,7 @@ limitations under the License. Zero or more release notes containing the locale and content. Multiple - note elements may be specified to support release notes in a wide variety of languages. + note elements may be specified to support release notes in a wide variety of languages. @@ -2612,12 +2612,12 @@ limitations under the License. - + @@ -3438,9 +3438,9 @@ limitations under the License. - - Precise steps to reproduce the vulnerability. - + + Precise steps to reproduce the vulnerability. + @@ -3700,7 +3700,7 @@ limitations under the License. The url of the vulnerability documentation as provided by the source. - For example: https://nvd.nist.gov/vuln/detail/CVE-2021-39182 + For example: https://nvd.nist.gov/vuln/detail/CVE-2021-39182 @@ -3799,7 +3799,7 @@ limitations under the License. - + @@ -5461,4 +5461,4 @@ limitations under the License. - + \ No newline at end of file diff --git a/src/test/resources/1.5/invalid-component-ref-1.5.json b/src/test/resources/1.5/invalid-component-ref-1.5.json index ed13f526b..c00f57d1b 100644 --- a/src/test/resources/1.5/invalid-component-ref-1.5.json +++ b/src/test/resources/1.5/invalid-component-ref-1.5.json @@ -15,12 +15,6 @@ "bom-ref": "123", "name": "acme-library", "version": "1.0.0" - }, - { - "type": "library", - "bom-ref": "", - "name": "acme-library", - "version": "1.0.0" } ] } diff --git a/src/test/resources/1.5/invalid-component-ref-1.5.xml b/src/test/resources/1.5/invalid-component-ref-1.5.xml index 5c42a883c..cb83d8fce 100644 --- a/src/test/resources/1.5/invalid-component-ref-1.5.xml +++ b/src/test/resources/1.5/invalid-component-ref-1.5.xml @@ -6,12 +6,6 @@ 1.0.0 - - acme-library - 1.0.0 - - - acme-library 1.0.0 diff --git a/src/test/resources/1.5/invalid-dependency-1.5.json b/src/test/resources/1.5/invalid-dependency-1.5.json index f4f524527..8b46f0d0a 100644 --- a/src/test/resources/1.5/invalid-dependency-1.5.json +++ b/src/test/resources/1.5/invalid-dependency-1.5.json @@ -27,12 +27,6 @@ { "dependsOn": [] }, - { - "ref": "", - "dependsOn": [ - "library-a" - ] - }, { "ref": "library-b", "dependsOn": [ diff --git a/src/test/resources/1.5/invalid-dependency-1.5.xml b/src/test/resources/1.5/invalid-dependency-1.5.xml index f36722e59..363956aac 100644 --- a/src/test/resources/1.5/invalid-dependency-1.5.xml +++ b/src/test/resources/1.5/invalid-dependency-1.5.xml @@ -15,17 +15,9 @@ - - - - - - - + - - - + diff --git a/src/test/resources/1.5/valid-bom-1.5.json b/src/test/resources/1.5/valid-bom-1.5.json index 3bdbeaa13..c0f3b17ef 100644 --- a/src/test/resources/1.5/valid-bom-1.5.json +++ b/src/test/resources/1.5/valid-bom-1.5.json @@ -129,12 +129,12 @@ ], "commits": [ { - "uid": "7638417db6d59f3c431d3e1f261cc637155684cd", - "url": "https://location/to/7638417db6d59f3c431d3e1f261cc637155684cd", + "uid": "123", + "url": "", "author": { "timestamp": "2018-11-13T20:20:39+00:00", - "name": "me", - "email": "me@acme.org" + "name": "", + "email": "" } } ] diff --git a/src/test/resources/1.5/valid-compositions-1.5.json b/src/test/resources/1.5/valid-compositions-1.5.json index 11c8a0012..551834e03 100644 --- a/src/test/resources/1.5/valid-compositions-1.5.json +++ b/src/test/resources/1.5/valid-compositions-1.5.json @@ -44,18 +44,8 @@ ] } ], - "vulnerabilities": [ - { - "bom-ref": "vulnerability-1", - "id": "ACME-12345", - "source": { - "name": "Acme Inc" - } - } - ], "compositions": [ { - "bom-ref": "composition-1", "aggregate": "complete", "assemblies": [ "pkg:maven/partner/shaded-library@1.0" @@ -69,12 +59,6 @@ "assemblies": [ "pkg:maven/acme/library@3.0" ] - }, - { - "aggregate": "incomplete_first_party_only", - "vulnerabilities": [ - "vulnerability-1" - ] } ] } diff --git a/src/test/resources/1.5/valid-compositions-1.5.textproto b/src/test/resources/1.5/valid-compositions-1.5.textproto index bc542cf41..d29b94fe5 100644 --- a/src/test/resources/1.5/valid-compositions-1.5.textproto +++ b/src/test/resources/1.5/valid-compositions-1.5.textproto @@ -39,7 +39,6 @@ dependencies { } } compositions { - bom_ref: "composition-1" aggregate: AGGREGATE_COMPLETE assemblies: "pkg:maven/partner/shaded-library@1.0" dependencies: "acme-application-1.0" @@ -48,14 +47,3 @@ compositions { aggregate: AGGREGATE_UNKNOWN assemblies: "pkg:maven/acme/library@3.0" } -compositions { - aggregate: AGGREGATE_INCOMPLETE_FIRST_PARTY_ONLY, - vulnerabilities: "vulnerability-1" -} -vulnerabilities { - bom_ref: "vulnerability-1" - id: "ACME-12345" - source: { - name: "Acme Inc" - } -} diff --git a/src/test/resources/1.5/valid-compositions-1.5.xml b/src/test/resources/1.5/valid-compositions-1.5.xml index 992048784..82c16c553 100644 --- a/src/test/resources/1.5/valid-compositions-1.5.xml +++ b/src/test/resources/1.5/valid-compositions-1.5.xml @@ -32,7 +32,7 @@ - + complete @@ -47,19 +47,5 @@ - - incomplete_first_party_only - - - - - - - ACME-12345 - - Acme Inc - - - diff --git a/src/test/resources/1.5/valid-evidence-1.5.json b/src/test/resources/1.5/valid-evidence-1.5.json index 92740237c..8c44a9af4 100644 --- a/src/test/resources/1.5/valid-evidence-1.5.json +++ b/src/test/resources/1.5/valid-evidence-1.5.json @@ -19,63 +19,6 @@ ], "purl": "pkg:maven/com.google.code.findbugs/findbugs-project@3.0.0", "evidence": { - "identity": { - "field": "purl", - "confidence": 1, - "methods": [ - { - "technique": "filename", - "confidence": 0.1, - "value": "findbugs-project-3.0.0.jar" - }, - { - "technique": "ast-fingerprint", - "confidence": 0.9, - "value": "61e4bc08251761c3a73b606b9110a65899cb7d44f3b14c81ebc1e67c98e1d9ab" - }, - { - "technique": "hash-comparison", - "confidence": 0.7, - "value": "7c547a9d67cc7bc315c93b6e2ff8e4b6b41ae5be454ac249655ecb5ca2a85abf" - } - ], - "tools": [ - "bom-ref-of-tool-that-performed-analysis" - ] - }, - "occurrences": [ - { - "bom-ref": "d6bf237e-4e11-4713-9f62-56d18d5e2079", - "location": "/path/to/component" - }, - { - "bom-ref": "b574d5d1-e3cf-4dcd-9ba5-f3507eb1b175", - "location": "/another/path/to/component" - } - ], - "callstack": { - "frames": [ - { - - "package": "com.apache.logging.log4j.core", - "module": "Logger.class", - "function": "logMessage", - "parameters": [ - "com.acme.HelloWorld", "Level.INFO", "null", "Hello World" - ], - "line": 150, - "column": 17, - "fullFilename": "/path/to/log4j-core-2.14.0.jar!/org/apache/logging/log4j/core/Logger.class" - }, - { - "module": "HelloWorld.class", - "function": "main", - "line": 20, - "column": 12, - "fullFilename": "/path/to/HelloWorld.class" - } - ] - }, "licenses": [ { "license": { diff --git a/src/test/resources/1.5/valid-evidence-1.5.textproto b/src/test/resources/1.5/valid-evidence-1.5.textproto index 663f66df5..c83ad8960 100644 --- a/src/test/resources/1.5/valid-evidence-1.5.textproto +++ b/src/test/resources/1.5/valid-evidence-1.5.textproto @@ -1,6 +1,3 @@ -# proto-file: bom-1.5.proto -# proto-message: Bom - spec_version: "1.5" version: 1 serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" @@ -17,63 +14,6 @@ components { } purl: "pkg:maven/com.google.code.findbugs/findbugs-project@3.0.0" evidence { - identity: { - field: EVIDENCE_FIELD_PURL, - confidence: 1, - methods: [ - { - technique: EVIDENCE_TECHNIQUE_FILENAME, - confidence: 0.1, - value: "findbugs-project-3.0.0.jar" - }, - { - technique: EVIDENCE_TECHNIQUE_AST_FINGERPRINT - confidence: 0.9, - value: "61e4bc08251761c3a73b606b9110a65899cb7d44f3b14c81ebc1e67c98e1d9ab" - }, - { - technique: EVIDENCE_TECHNIQUE_HASH_COMPARISON - confidence: 0.7, - value: "7c547a9d67cc7bc315c93b6e2ff8e4b6b41ae5be454ac249655ecb5ca2a85abf" - } - ], - tools: [ - "bom-ref-of-tool-that-performed-analysis", - "bom-ref-of-tool-that-performed-analysis" - ] - }, - occurrences: [ - { - bom_ref: "d6bf237e-4e11-4713-9f62-56d18d5e2079" - location: "/path/to/component" - }, - { - bom_ref: "b574d5d1-e3cf-4dcd-9ba5-f3507eb1b175" - location: "/another/path/to/component" - } - ], - callstack: { - frames: [ - { - package: "com.apache.logging.log4j.core" - module: "Logger.class" - function: "logMessage" - parameters: [ - "com.acme.HelloWorld", "Level.INFO", "null", "Hello World" - ], - line: 150 - column: 17 - fullFilename: "/path/to/log4j-core-2.14.0.jar!/org/apache/logging/log4j/core/Logger.class" - }, - { - module: "HelloWorld.class" - function: "main" - line: 20 - column: 12 - fullFilename: "/path/to/HelloWorld.class" - } - ] - }, licenses { license { id: "Apache-2.0" diff --git a/src/test/resources/1.5/valid-evidence-1.5.xml b/src/test/resources/1.5/valid-evidence-1.5.xml index 9dd512769..e51286b8e 100644 --- a/src/test/resources/1.5/valid-evidence-1.5.xml +++ b/src/test/resources/1.5/valid-evidence-1.5.xml @@ -13,63 +13,6 @@ pkg:maven/com.google.code.findbugs/findbugs-project@3.0.0 - - purl - 1 - - - filename - 0.1 - findbugs-project-3.0.0.jar - - - ast-fingerprint - 0.9 - 61e4bc08251761c3a73b606b9110a65899cb7d44f3b14c81ebc1e67c98e1d9ab - - - hash-comparison - 0.7 - 7c547a9d67cc7bc315c93b6e2ff8e4b6b41ae5be454ac249655ecb5ca2a85abf - - - - - - - - - /path/to/component - - - /another/path/to/component - - - - - - com.apache.logging.log4j.core - Logger.class - logMessage - - com.acme.HelloWorld - Level.INFO - null - Hello World - - 150 - 17 - /path/to/log4j-core-2.14.0.jar!/org/apache/logging/log4j/core/Logger.class - - - HelloWorld.class - main - 20 - 12 - /path/to/HelloWorld.class - - - Apache-2.0 diff --git a/src/test/resources/1.5/valid-license-expression-1.5.json b/src/test/resources/1.5/valid-license-expression-1.5.json index 95d7dbbdd..98b34e948 100644 --- a/src/test/resources/1.5/valid-license-expression-1.5.json +++ b/src/test/resources/1.5/valid-license-expression-1.5.json @@ -12,8 +12,7 @@ "version": "9.0.14", "licenses": [ { - "expression": "EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0", - "bom-ref": "my-license" + "expression": "EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0" } ] } diff --git a/src/test/resources/1.5/valid-license-expression-1.5.xml b/src/test/resources/1.5/valid-license-expression-1.5.xml index 0308af4e4..6b146205e 100644 --- a/src/test/resources/1.5/valid-license-expression-1.5.xml +++ b/src/test/resources/1.5/valid-license-expression-1.5.xml @@ -15,9 +15,7 @@ e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 - - EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 - + EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar diff --git a/src/test/resources/1.5/valid-license-id-1.5.json b/src/test/resources/1.5/valid-license-id-1.5.json index 08986cfdc..5f13e0117 100644 --- a/src/test/resources/1.5/valid-license-id-1.5.json +++ b/src/test/resources/1.5/valid-license-id-1.5.json @@ -13,8 +13,7 @@ "licenses": [ { "license": { - "id": "Apache-2.0", - "bom-ref": "my-license" + "id": "Apache-2.0" } } ] diff --git a/src/test/resources/1.5/valid-license-id-1.5.xml b/src/test/resources/1.5/valid-license-id-1.5.xml index 42b12edda..242a0a938 100644 --- a/src/test/resources/1.5/valid-license-id-1.5.xml +++ b/src/test/resources/1.5/valid-license-id-1.5.xml @@ -15,7 +15,7 @@ e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 - + Apache-2.0 diff --git a/src/test/resources/1.5/valid-license-name-1.5.json b/src/test/resources/1.5/valid-license-name-1.5.json index 7a198054b..b856f70d1 100644 --- a/src/test/resources/1.5/valid-license-name-1.5.json +++ b/src/test/resources/1.5/valid-license-name-1.5.json @@ -13,8 +13,7 @@ "licenses": [ { "license": { - "name": "Apache License 2.0", - "bom-ref": "my-license" + "name": "Apache License 2.0" } } ] diff --git a/src/test/resources/1.5/valid-license-name-1.5.xml b/src/test/resources/1.5/valid-license-name-1.5.xml index f35283c0c..fee242f1f 100644 --- a/src/test/resources/1.5/valid-license-name-1.5.xml +++ b/src/test/resources/1.5/valid-license-name-1.5.xml @@ -15,7 +15,7 @@ e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 - + Apache License 2.0 diff --git a/src/test/resources/1.5/valid-metadata-manufacture-1.5.json b/src/test/resources/1.5/valid-metadata-manufacture-1.5.json index c01cd7ccb..6323f0004 100644 --- a/src/test/resources/1.5/valid-metadata-manufacture-1.5.json +++ b/src/test/resources/1.5/valid-metadata-manufacture-1.5.json @@ -5,14 +5,12 @@ "version": 1, "metadata": { "manufacture": { - "bom-ref": "manufacturer-1", "name": "Acme, Inc.", "url": [ "https://example.com" ], "contact": [ { - "bom-ref": "contact-1", "name": "Acme Professional Services", "email": "professional.services@example.com" } diff --git a/src/test/resources/1.5/valid-metadata-manufacture-1.5.textproto b/src/test/resources/1.5/valid-metadata-manufacture-1.5.textproto index 55bcc6dcd..9482b2199 100644 --- a/src/test/resources/1.5/valid-metadata-manufacture-1.5.textproto +++ b/src/test/resources/1.5/valid-metadata-manufacture-1.5.textproto @@ -8,8 +8,6 @@ metadata { contact { name: "Acme Professional Services" email: "professional.services@example.com" - bom_ref: "contact-1" } - bom_ref: "manufacturer-1" } } diff --git a/src/test/resources/1.5/valid-metadata-manufacture-1.5.xml b/src/test/resources/1.5/valid-metadata-manufacture-1.5.xml index 1a76f2db6..794939158 100644 --- a/src/test/resources/1.5/valid-metadata-manufacture-1.5.xml +++ b/src/test/resources/1.5/valid-metadata-manufacture-1.5.xml @@ -1,10 +1,10 @@ - + Acme, Inc. https://example.com - + Acme Professional Services professional.services@example.com diff --git a/src/test/resources/1.5/valid-metadata-supplier-1.5.json b/src/test/resources/1.5/valid-metadata-supplier-1.5.json index 47c4f007a..e445641fc 100644 --- a/src/test/resources/1.5/valid-metadata-supplier-1.5.json +++ b/src/test/resources/1.5/valid-metadata-supplier-1.5.json @@ -5,14 +5,12 @@ "version": 1, "metadata": { "supplier": { - "bom-ref": "supplier-1", "name": "Acme, Inc.", "url": [ "https://example.com" ], "contact": [ { - "bom-ref": "contact-1", "name": "Acme Distribution", "email": "distribution@example.com" } diff --git a/src/test/resources/1.5/valid-metadata-supplier-1.5.textproto b/src/test/resources/1.5/valid-metadata-supplier-1.5.textproto index 6986b7f62..c980f3127 100644 --- a/src/test/resources/1.5/valid-metadata-supplier-1.5.textproto +++ b/src/test/resources/1.5/valid-metadata-supplier-1.5.textproto @@ -8,8 +8,6 @@ metadata { contact { name: "Acme Distribution" email: "distribution@example.com" - bom_ref: "contact-1" } - bom_ref: "supplier-1" } } diff --git a/src/test/resources/1.5/valid-metadata-supplier-1.5.xml b/src/test/resources/1.5/valid-metadata-supplier-1.5.xml index 677258c3e..2ed3c913d 100644 --- a/src/test/resources/1.5/valid-metadata-supplier-1.5.xml +++ b/src/test/resources/1.5/valid-metadata-supplier-1.5.xml @@ -1,10 +1,10 @@ - + Acme, Inc. https://example.com - + Acme Distribution distribution@example.com diff --git a/src/test/resources/1.5/valid-metadata-tool-1.5.json b/src/test/resources/1.5/valid-metadata-tool-1.5.json index 5331c2cc8..81e908a98 100644 --- a/src/test/resources/1.5/valid-metadata-tool-1.5.json +++ b/src/test/resources/1.5/valid-metadata-tool-1.5.json @@ -4,44 +4,23 @@ "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { - "tools": { - "components": [ - { - "type": "application", - "group": "Awesome Vendor", - "name": "Awesome Tool", - "version": "9.1.2", - "hashes": [ - { - "alg": "SHA-1", - "content": "25ed8e31b995bb927966616df2a42b979a2717f0" - }, - { - "alg": "SHA-256", - "content": "a74f733635a19aefb1f73e5947cef59cd7440c6952ef0f03d09d974274cbd6df" - } - ] - } - ], - "services": [ - { - "provider": { - "name": "Acme Org", - "url": [ - "https://example.com" - ] + "tools": [ + { + "vendor": "Awesome Vendor", + "name": "Awesome Tool", + "version": "9.1.2", + "hashes": [ + { + "alg": "SHA-1", + "content": "25ed8e31b995bb927966616df2a42b979a2717f0" }, - "group": "com.example", - "name": "Acme Signing Server", - "description": "Signs artifacts", - "endpoints": [ - "https://example.com/sign", - "https://example.com/verify", - "https://example.com/tsa" - ] - } - ] - } + { + "alg": "SHA-256", + "content": "a74f733635a19aefb1f73e5947cef59cd7440c6952ef0f03d09d974274cbd6df" + } + ] + } + ] }, "components": [] } diff --git a/src/test/resources/1.5/valid-metadata-tool-1.5.textproto b/src/test/resources/1.5/valid-metadata-tool-1.5.textproto index a8b428201..7c3d0cb08 100644 --- a/src/test/resources/1.5/valid-metadata-tool-1.5.textproto +++ b/src/test/resources/1.5/valid-metadata-tool-1.5.textproto @@ -3,35 +3,16 @@ version: 1 serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" metadata { tools { - components { - type: CLASSIFICATION_APPLICATION - group: "Awesome Vendor" - name: "Awesome Tool" - version: "9.1.2" - hashes { - alg: HASH_ALG_SHA_1 - value: "25ed8e31b995bb927966616df2a42b979a2717f0" - } - hashes { - alg: HASH_ALG_SHA_256 - value: "a74f733635a19aefb1f73e5947cef59cd7440c6952ef0f03d09d974274cbd6df" - } + vendor: "Awesome Vendor" + name: "Awesome Tool" + version: "9.1.2" + hashes { + alg: HASH_ALG_SHA_1 + value: "25ed8e31b995bb927966616df2a42b979a2717f0" } - services { - provider: { - name: "Acme Org", - url: [ - "https://example.com" - ] - }, - group: "com.example", - name: "Acme Signing Server", - description: "Signs artifacts", - endpoints: [ - "https://example.com/sign", - "https://example.com/verify", - "https://example.com/tsa" - ] + hashes { + alg: HASH_ALG_SHA_256 + value: "a74f733635a19aefb1f73e5947cef59cd7440c6952ef0f03d09d974274cbd6df" } } } diff --git a/src/test/resources/1.5/valid-metadata-tool-1.5.xml b/src/test/resources/1.5/valid-metadata-tool-1.5.xml index 65a2a8a4b..caf273f6c 100644 --- a/src/test/resources/1.5/valid-metadata-tool-1.5.xml +++ b/src/test/resources/1.5/valid-metadata-tool-1.5.xml @@ -2,33 +2,15 @@ - - - Awesome Vendor - Awesome Tool - 9.1.2 - - 25ed8e31b995bb927966616df2a42b979a2717f0 - a74f733635a19aefb1f73e5947cef59cd7440c6952ef0f03d09d974274cbd6df - - - - - - - Acme Org - https://example.com - - com.example - Acme Signing Server - Signs artifacts - - https://example.com/sign - https://example.com/verify - https://example.com/tsa - - - + + Awesome Vendor + Awesome Tool + 9.1.2 + + 25ed8e31b995bb927966616df2a42b979a2717f0 + a74f733635a19aefb1f73e5947cef59cd7440c6952ef0f03d09d974274cbd6df + + diff --git a/src/test/resources/1.5/valid-properties-1.5.json b/src/test/resources/1.5/valid-properties-1.5.json index 24ce5de12..3a33ccfa9 100644 --- a/src/test/resources/1.5/valid-properties-1.5.json +++ b/src/test/resources/1.5/valid-properties-1.5.json @@ -28,31 +28,6 @@ "type": "library", "name": "acme-library", "version": "1.0.0", - "licenses": [ - { - "license": { - "id": "Apache-2.0", - "properties": [ - { - "name": "Foo", - "value": "Bar" - }, - { - "name": "Foo", - "value": "You" - }, - { - "name": "Foo", - "value": "Two" - }, - { - "name": "Bar", - "value": "Foo" - } - ] - } - } - ], "properties": [ { "name": "Foo", diff --git a/src/test/resources/1.5/valid-properties-1.5.textproto b/src/test/resources/1.5/valid-properties-1.5.textproto index 63d878b59..94f4e2b42 100644 --- a/src/test/resources/1.5/valid-properties-1.5.textproto +++ b/src/test/resources/1.5/valid-properties-1.5.textproto @@ -23,27 +23,6 @@ components { type: CLASSIFICATION_LIBRARY name: "acme-library" version: "1.0.0" - licenses { - license { - id: "Apache-2.0" - properties { - name: "Foo" - value: "Bar" - } - properties { - name: "Foo" - value: "You" - } - properties { - name: "Foo" - value: "Two" - } - properties { - name: "Bar" - value: "Foo" - } - } - } properties { name: "Foo" value: "Bar" diff --git a/src/test/resources/1.5/valid-properties-1.5.xml b/src/test/resources/1.5/valid-properties-1.5.xml index 91a1916f0..85abf9e9f 100644 --- a/src/test/resources/1.5/valid-properties-1.5.xml +++ b/src/test/resources/1.5/valid-properties-1.5.xml @@ -12,17 +12,6 @@ acme-library 1.0.0 - - - Apache-2.0 - - Bar - You - Two - Foo - - - Bar Foo diff --git a/src/test/resources/1.5/valid-release-notes-1.5.json b/src/test/resources/1.5/valid-release-notes-1.5.json index 17d5fc73b..7b583cd8f 100644 --- a/src/test/resources/1.5/valid-release-notes-1.5.json +++ b/src/test/resources/1.5/valid-release-notes-1.5.json @@ -80,7 +80,7 @@ "contact": [ { "name": "Support", - "email": "support@partner.org", + "email": "support@partner", "phone": "800-555-1212" } ] diff --git a/src/test/resources/1.5/valid-service-1.5.json b/src/test/resources/1.5/valid-service-1.5.json index c799e9c0e..11dd19a7a 100644 --- a/src/test/resources/1.5/valid-service-1.5.json +++ b/src/test/resources/1.5/valid-service-1.5.json @@ -38,7 +38,7 @@ "contact": [ { "name": "Support", - "email": "support@partner.org", + "email": "support@partner", "phone": "800-555-1212" } ] diff --git a/src/test/resources/1.5/valid-vulnerability-1.5.json b/src/test/resources/1.5/valid-vulnerability-1.5.json index faebf7462..112a08399 100644 --- a/src/test/resources/1.5/valid-vulnerability-1.5.json +++ b/src/test/resources/1.5/valid-vulnerability-1.5.json @@ -50,18 +50,6 @@ "description": "FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath.", "detail": "", "recommendation": "Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.6.7.5, 2.8.11.1, 2.9.5 or higher.", - "workaround": "Describe the workarounds here", - "proofOfConcept": { - "reproductionSteps": "Precise steps to reproduce go here", - "environment": "Describe the environment", - "supportingMaterial": [ - { - "contentType": "image/jpeg", - "encoding": "base64", - "content": "/9j/4AAQSkZJRgABAQAASABIAAD/4QBYRXhpZgAATU0AKgAAAAgAAgESAAMAAAABAAEAAIdpAAQAAAABAAAAJgAAAAAAA6ABAAMAAAABAAEAAKACAAQAAAABAAABQKADAAQAAAABAAABQAAAAAD/wAARCAFAAUADASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9sAQwACAgICAgIDAgIDBQMDAwUGBQUFBQYIBgYGBgYICggICAgICAoKCgoKCgoKDAwMDAwMDg4ODg4PDw8PDw8PDw8P/9sAQwECAgIEBAQHBAQHEAsJCxAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQ/90ABAAU/9oADAMBAAIRAxEAPwD9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9D9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9H9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9L9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9P9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9T9xKKKKACiiigAooooAKKKKACiiigAooooAKKzdY1jSfD2lXWua7eRafp9jG0s9xO4SONF6szHgCvyK+P/APwUJ1zV7i68MfAxTpmnKTG2sTJ/pU3Ym3jbIiU9mYFz1AWmkB+qvjL4ieA/h5Z/bvHPiCy0OEjK/a51jZv91CdzfgDXy3r/APwUA/Zw0WVobPUr/WWXvZ2T7D9GmMQNfitofhT4ofGXX5ptHsdR8V6rK2Zrht85BPeSaQ7V/wCBMK+nvDv7Afxk1WJZtcvtL0PdzskmeeQfUQqVz/wI185nXF+VZc+XG4mMH2b1+5Xf4HTRwlWprCLZ9xW//BSD4DSy7JtO12Bf77WsBH5LOT+leweEP2yv2cfGc0drZeL4tNuJOBHqUclmST23yKI//H6/Om4/4J2eOli3Wvi/TJJP7rwzoPzAb+VeL+NP2NPjx4Ohku00aPXrWPJL6ZKJ2x/1yYLIfwU15WX+JeQYqfs6OMhfzfL/AOlJGk8trxV3Bn9Ctpd2t/bR3thPHc28w3JLEweNwe6spII+lWK/me+G3xr+LfwN1hj4P1e50zyXxcadcBmtnI6rLbScA+4CsOxr9mP2bv2x/Bfxz8rwzrUaeHfGIX/jzd8wXeBy1q7ck9zG3zDtuGTX2+6ujiPsmiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD//1f3EooooAKKKKACiiigAooooAKKKKACop54LWCS6upFhhhVnkdyFVEUZZmJ4AAGSalr88P8AgoV8aJ/BXgCz+F+hXBi1PxeGa7ZDho9OiOGX285/k91DChAfDv7Xn7Uuo/GzxHN4V8LXL2/gbSZSIUUlft8qHH2mUd1z/qlPAHzH5jx1P7NH7HM/j21tfHvxQWWy8Py4ktbBSY571ezu3WOE9sfMw5GBgnhP2PfgTB8WfGsviHxJb+b4Z8NsjzIw+W6uTzFAfVRjc49MD+Kv2w/dxR/wxxxr7Kqqo/IAD8q/nbxl8VauAm8pyyVqlvfkt432S/vNat9Fa2r0+hyjK1Ne1qbdEZWgeHtB8K6VDofhrT4NL0+3GI4LeMRoPfA6n1J5Pc1sV8+X/wC1V+z9pustoV14ytTOjbGeNJZIFYcYMyIU/EEj3r3iw1Cw1Wyg1LS7mO8tLpBJFNC4eORG5DKy5BB9q/lbM8px1C1XG0px59U5Jrm+bWp9NTqwlpBrTsW6KKK8k1PD/jD+z78OvjRp8ieI7IWurBcQanbKFuoz23HpInqr59sHmvxc+K/wl8c/AbxlHpWtFo3VvP0/UbYsiTqjZWSJxyrqcblzuU+2Cf6E68r+Mnwn0H4yeBb3wfraqkrAyWVzjL2t0o+SRT1x2cd1JHpX7D4ZeKuJyevHDYqTlhno09eTzj6dY7P1PJzLLI1k5RVpfmef/sZftQn41aA/gvxnMo8Z6JEGaQ4X+0LZcL54H/PRTgSgeoYdSB9yV/MPoWs+M/gP8U4dTgU2XiDwnfFZIySFYxNtkjb1jkXI91Oa/pQ8E+LtI8feENG8a6C++w1u1iuovVRIuSp91OVPuDX9ywqRnFTg7p6pnxTTTszqKKKKoQUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH//W/cSiiigAooooAKKKKACiiigD8fP2q/21fiZo/wAStW+Hnwsvl0LTvD0xtZ7pYkkuLm4T/WYaQMERW+UBRk4yTg4r5Z/4bJ/aZ/6Hu6/79W//AMbr6u/a+/Yz8cX3jLWfi18L7U63Zau5u77Tov8Aj7gnI/ePEn/LVHI3bV+YEkYIr8z9Ovrnw9qhe4soppYGKS295CHGQeVZGAKkfgRTe2iNKUYuSU3Zd9z6C/4bJ/aZ/wCh7uv+/Vv/APG68Z8e/EXxr8T9dHiXx7qsusaksKQCaUKCIoySqgIFAAJJ6d6+gPBPiT4Q+KvLs9Q0Gx0rUWwPLliTy3P+xIQB+BwfrWR8efDHh3Q9E0u40bTYLGWS5ZGaGMIWXYTg468ivIp5x+/VCdNxbPv8TwBbLp5lh8VCpCO9r33StqtHrsz9EP2G9X8J33wOt9M8PKY7/TbqZdUV8bmuZTvWTjqjR7QvptI7VN+3B4o1vw18C7iHRZHg/tm+gsbmRCQRburu65HQOUCn1BI714P/AME5Wbb48TJ2/wDEvOO2f33NfoJ8QvAXh74m+D9R8E+KImksNRQAlDiSN1O5JEJzhkYAj8jwTX8Y8WTw+VcaTr105041Izd9X7yUn62b0XkkcOFUquDSjo7W/Q/m/wCnAr9XP+CePifWr/wx4q8KXkjy6bpM9tPa7iSImuQ/mIvoCUDY9cnvXll//wAE8PiAmsmDTPFGmS6UW4nmWZJwnvEqspbHo+K/Qz4KfBrw58EfBq+FdBka7mmk8+8u5AFe4nIA3YGdqqBhVycDuSSa/UfF/wASMlx2SywmEqqpUm4tWT92zTbd0rO11bfXseblOXVoVueaskev0UUV/JR9SFFFFAH5F/8ABQLwFDovj7RvH1lGEj8R2zQ3GBgG5tMAMfdo2X/vmvrj/gnD43l174Qat4NupN8vhfUT5QJ5FveL5qj6CQSfnXHf8FBNPiuPg/o+oMP3llrEQU9wssMqsPxwPyrzP/gmNqEqeNvHWlZ/dTabazkf7UU5Qfo5r+9vBfNJ4rh2h7R3cLw+Sen3JpfI+Hziko4iVuup+xNFFFfqR5YUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH//1/3EooooAKKKKACiiigAooooAK+cPjd+yz8KfjnBJda9Y/2Zr+3Eeq2QVLgHt5o+7Mvs/Powr6Pr57/aW+PFp+z78PB4s+wjU9SvrhbOxtmYpG8zKzlpGHIRFUk45JwBjOQ0B+MHxz/ZJ+KvwOabVL+1GueGkPy6rZKWjRScD7RHy0J+uVz0Y18+XvibXdS0i30LULt7mztH8yFZDuKHG3AY84x26V6f8Wf2iPi18abpm8ba3I1gG3R6fbfuLKP0xEp+Yj+85Y+9eJU3BOza2NqWIqQUowk0no7dV2fc/Tr/AIJy/wDM+f8AcP8A/a1fp1X5mf8ABOa2mFt47vCP3RewjB/2gJmI/Kv0zr+CPGlp8S4q39z/ANIifZ5P/u8fn+YUUUV+WHphRRRQAUUUUAfAv/BQrWIbX4X+H9DLfvtQ1YSgf7FvC+4/m61xv/BMXSJX8SePNf2nyobOztM9t0sryY/KOvDP26PiNB4x+LMfhXTpRJZeEYDbMQcqbuUh5/8AvnCofdTX6Ff8E+/AE3hD4EJ4hvY/LuvF15JfjIwfs0YEMH4EKzD2av798H8nnguH8PCorSneb/7ed1/5LY+Fzasp15NdND7looor9LPNCiiigAooooAKK5rxf4x8MeAfD134r8Y6lFpWlWK7pZ5jhRngKAMlmY8KqgknoK+KW/4KOfAVdW+wCy1prPdt+2C1j8vH97yzL5mP+A59qLAffdFcp4K8ceE/iL4ctfFngrU4tV0q7zsmiJ4ZfvIynDK691YAiuroAKKKKACiiigAooooAKKKKAP/0P3EooooAKKKKACiiigAooooAK8J/aH+Bej/ALQHw/bwdqN42m3dtOt3Y3arv8mdVK/MmRuRlYqwBB7jkV7tRQB+MDf8EzPiiCQvi/RiOx2XIz+Gyuf8V/8ABOn4seGfC+q+IrbXNN1ibTLd7hbK1Sfz5xHyyx7lA3bckDuRgcmv2/r5b/ay+P8AqX7Pnw+ste0Cwiv9Y1i8Fnai43GCLCNI8jhSC2AMBQRknk4FVcD8Xv2cvjbefA/x/HrMwebQ9RAttTt16tDnIkUf89IjyPUZXvX7xaLrWk+I9JtNe0K7jvtOv41mgniO5JEbkEH+Y6g8Hmv5yPG3iqXxv4p1HxZc6faaZcapIZpobFGit/Nb77IjM23efmIBxknAFe2fAH9prxh8Drv+z1U6x4ZuH3z6fI+0ox6yW7nOxz3GNrdxnkfhni54UvOF9fwFlXirNbKaW2vSS6N6NaPZHt5Vmnsv3c/h/I/d6iuY8F+LtG8e+FNL8ZeH3Z9P1eBZ4t42uA3BVhzhlIIPuK6ev4tr0J0pypVFaUW00+jW6PsIyTV0FFFRT3EFpBJdXUqQwxKWeSRgqKo6lmOAAPU1mlfRDJa+bP2lvj5pnwS8GyCzlSXxTqqNHp1v1KE8G4kHZI+2fvNgDvjzP40/tt+A/A9vcaN8Onj8U69gqJUJ+wQN6tIMeaR/dTg92FflvHH8S/j78RViQT+IvE+uSYHoAP8Ax2KKMfRVFfv3hj4NYnG1oY3NabhRWqi9JT+W6j3vutFvdeFmWbxgnCk7v8ja+Cnws8Q/Hv4qWPhOB5Jft0xutTuzljFbBt08zMf4jnC56uwr+k3SdK07QdKstD0iEW1jp8MdvBEvRIolCoo+gFfP/wCzL+zpo37P/go6bEVv/EWqBJNUvlXh3UfLDFnkRR5OP7xyx64H0kUcdVI/Cv7J0WiPkBtFGCKKACilCk9Bmql/e2WlWz3uq3EVlbxjc8k7rEij1LMQAKALVVb6+stMs59R1K4jtLS2QySzTOI440XkszNgAD1NfGHxa/bw+C/w7jmsPDFyfGespkCKwbFqrf8ATS6IK4/65hz9K/Jf40/tMfFb473f2fxPf/ZdI35h0qy3R2qnPy7lyWlf3cn2A6U0gPbP25P2idC+MfijS/C3gPUHvPDPh5ZGeUApDdXrnBkTPLIiDarEDqxHBzXgi/AbxF/wol/jxJewx6cLsW62jKwmeMy+T5ob7uN/AHoCc9q92+Af7FninxzNbeJvidHLoHh7IkW1YbL27XqBtPMKHuzfMR0HevsD9suw0rw1+zLd6Bo1tHZWMFzp1tbwRDakcaSghVH0WvxziLxToLNcJlOWTUpyqRU2rNKLdnFPu+62t329jD5ZL2U6tRWSTsfPH/BNjxlrNl8TNe8BrKX0nVdOe9aIn5UuLV0VZFHqyOVPrgegr9oa/D3/AIJvW5l+OuqTgcQaHck/8CmhFfuFX7HI8cKKKKQBRRRQAUUUUAFFFFAH/9H9xKKKKACiiigAooooAKKKKACiiigAr83P+CmUBf4WeEbgDiLW2B/4FbSf4V+kdfBX/BRjS2vfgBb36jJ07WrOQ+yyJLGf1YU0B+ef7JXwK8DfHG58UWPjGW8hfSYrWS3a0lWMjzWdW3BkcH7ox0r6suv+Cd/w5kmV7PxTq0MWRuRkgcle4DbVwfcg14p/wTw1IQfEbxRpRODeaUkoHqYJ1H8pK/XCv5D8WeOs6yzPq1DCYmUYWi0tGtYq9k0+tz6zK8FRqUFKcbvU5zwh4U0bwN4Y0zwh4eiMOm6TAsEKsdzbV7se7Mckn1NdHRRX871q06k5VKjvJu7b3be7PfSSVkFfOX7VXgLxn8R/g5qPhvwKTJqHnwTvbBwhuoYiS8QJIGScMATglcelfRtFd2TZrUwOLpYykk5QkpK+qunfUitSU4uD6n88t78BPjZp2ftfgXWEx/ds5H/9ABrmZvAvxE0d/Mn8PatYuv8AEbS4jI/HYDX9IOSOhpwkkHRiPxr+gaP0ksYv4mEi/STX5pngvh6HSbP5u49e+I+lf6rUtZstvpPcxY/UVpQ/GD4s2J2weNdahI7DULgf+z1/RbIkcv8ArkWT/eAP86oy6RpE4xPYW8g/2oUb+Yr06f0lV9vA/dU/+0M3w72n+H/BP59ov2g/jlBxF8Q9dUf9hKf/AOLqz/w0d8eiMf8ACxddx/2EJv8A4qv3tk8HeEJuZtB09/8AetIT/Nag/wCEE8DZz/wjemZ/68oP/iK6l9JSh1wT/wDA1/8AIk/6uv8An/A/Am6+PHxpvVK3fj/XJQeobUrj/wCLrnmHxF8eTrC/9r+I5nPyq32i8JPsDur+iS38L+F7QhrXRrGEjulrEv8AJa11MFmm1NsK+igKPyFc1f6Sd1ajgdfOf6KBcOHO8/w/4J+Kvw1/Yk+MHjZ4rrxHAnhHTGwS9781yV/2LdTuz/vlK/ST4SfsufCn4RGLUNNsTq+tx4P9o34WSVW9Ykxsi/4CN3+0a96l1KMcRLuPqeBVq2nFxHvxgg4Ir8s4w8T89zSDjWn7Ok/sw0Xzd+Z+jdvI9fD5NTormtd92WCSTk18M/8ABQDUha/BjTdPzhr/AFiAY9RFFK5/XFfc1fmL/wAFF9eGPBPhZG5/0y+df++IkP8A6HXF4RYJ1+I8JFdG5f8AgMW/0JzWfLh5srf8EytMM3xC8aaxji10qCDPvPOG/wDaVfsnX5h/8EyfD7W/g3xt4odcfbb+2tEb1FtEXb9ZRX6eV/oDI+DCiiikAUUUUAFFFFABRRRQB//S/cSiiigAooooAKKKKACiiigAooooAK+aP2w/DreJv2bfG9nGm+SztUvkHvZypMT+Cqa+l6yte0a08R6FqXh6/GbbVLaa1kB/uToUP6GgD+fv9i3xEugftBaHFK22PWIbmwPpuljLp+boB+NfuTX841jNq3wn+JcMsylNQ8I6qN69DvspsMPx2kfQ1/RZpuo2esadaavp7iS1voY54mHIaOVQ6n8jX8ifSNylwx+HxqWk4uPzi7/lJfcfWcP1b05Q7P8AMu0UUV/OR9AFFFFAGHNfXAlYKdoBxjFMGoXI/iB/Ctp4IZDudASe9Rmztj/yzH617EMbh7JOH5HUqsLaozBqVx/sn8KX+05v7q/rV/7Ban+D9TSf2fa/3T+dV9awv8g/aU+xS/tOb+4v60h1Oc9FUfnV3+z7b0P50o0+1H8JP40fWMJ/KHPS7GU95cvwXwPbiokimmPyqW966BLW3j+6gz781PQ80hFWpQB4hL4UczNA8BAkxkjPFa2mjEBPq1Z19J5lw2Oi8flWxaJ5dug7kZP41rj6reHjzbsqtJ8iuWa/ED9tjxcvij486pZQvvt/D0EGnLg8B0HmS/8Aj7kH6V+zni/xRp/grwrq/i/VWC2mj2st1JnuI1JCj3Y4A9zX88+l2GvfFv4kW2nrmbV/F2phSev728lyx+i7ifoK/cfo55E6mNr5jJaQjyr1lq/uS/8AJj5HiCvaEaffU/df9iDwi3hL9m/w0Zo/LuNba41OTPXFxIRH/wCQ1SvrSsvRNGsfDui6f4f0xAlnplvFawqO0cKBF/QVqV/XDPlAooooAKKKKACiiigAooooA//T/cSiiigAooooAKKKKACiiigAooooAKKKKAPwj/4KAfDGTwT8bH8XWkOzTPGcIu1YD5RdxAR3C/U/K/8AwKvrz9h/4oR+NfhSvg++m3ar4RYWxUn5ms3y0D/ReY/+Aj1r6M/at+Cg+OHwkv8AQtPjDa9pRN/pbdzcRqd0OfSZMp/vbT2r8Mvgn8U9Y+CPxJs/FMcUhhiZrXUbQ/K0luxxKhB6OhG5c9GUe9fn3ifwe86ymeHpr95H3oeq6fNXXrZ9D0Mtxfsaqk9noz+hGisfw94g0fxXodj4k8PXS3um6lEs0EyHhkYcfQjoR1ByDWxX+fdSnKEnCas1o0+jPu076oKKKKgYUUUUAFFFFABRRR70AFVrq4FvGT/Efuio576KLIT529un51jM0tzLk/MzdK9TB5e5PmqaI6aVBvV7C28RnmC9up+ldLVW1thbpg8s3U15p8ZPi14f+DPgi78X64wkmAMdla5w91ckfJGvsOrn+Fcn0rZ0quOxMMNho80m7RS6tmWKxEVeTeiPjP8Ab6+LkdlpFh8HtHn/ANJvyl7qe0/cgQ5gib/fYbyPRV9a4r/gnP8ACZ/EXxA1H4ranDnT/C8Zt7RmHD31yuCR/wBcoiSfQutfEUj+NvjZ8Scqrap4l8VXoCqvQySnAA/uxov4Ki+1f0Y/Bf4WaR8Gfhto3w/0giT7BHuuZwMG4upPmmlP+83T0UAdq/0A4E4UhkuWU8DHWW8n3k936dF5JH51jsU61Rz+49Sooor645AooooAKKKKACiiigAooooA/9T9xKKKKACiiigAooooAKKKKACiiigAooooAK/Ij9u79ly4sr28+Ofw/szJZ3B8zXLSJeYpO94ij+Bv+WuOjfP0Jx+u9MkjjmjeGZBJHICrKwBVlIwQQeCCOoppgfz5/syftO6n8FdQ/wCEe8QCTUPB99JulhX5pLSRus0APUH+NP4uo+br+0fhvxN4f8Y6Ja+I/C9/Fqem3i7op4W3KfUHuGHQqcEHgivz4/ah/YPvLa4vPH/wLtPtFtIWlutDT/WRE8s1n/eX/pl1H8GR8o+Bvhr8XviT8FNcluPCd9JYsJNt3YXCkwSsvBWaFsYYdMjDD1r8Q8SvBujm8pY3AtQr9b/DP17Pz69V1Pay7N3S9yesfyP6HKQ5wcda+Ffhl+3j8N/E8cVh8QraTwrqJwGmAa4smb1DqN6fRlIH96vs/wAP+J/DfiyzXUPC+q2ur2zDIktZkmX8dhOPxr+SM+4RzLK58mOoSh5291+klo/kz6qhiqdRXg7ldp7lJCWdlbvzUq6hcr1Ib6it1kR+HUH6ioGs7Zv+WYH0rlWYUZL34Hp+3g90Zo1Kfuqn86Dqc3ZV/Wrx0+29D+dH9n23ofzp/WMJ/KPnpdjObULk9CB9BVZ5ZpjhmLe1bq2Vsv8ABn6mrCRonEagfQUf2hRh8EA9vBfCjCisZ5OWGwep/wAK2ILaO3GEGSepPWuS8Y/EbwH8PrVrzxrr1npCAZCzygSt/uxjLsfopr4H+LH7f9jDHNpPwe0xriY5X+0tQTbGv+1Fb5y3sZCB/smvoci4SznO5KODovk/m2ivWT0forvyPOxmaQgvfl8j7X+LXxk8D/Bnw82ueL7sCaQH7LZREG5unH8Ma9hnq5+Ve57V+Hnxf+L/AIx+OHjD+3/EBIUHybCxhy0dvGx+WONerOxxubGWP4AYLv8AEb40eNVU/bfFXiXVX2qoBllb2AHCIv4Ko9BX7Dfsr/sVaX8J5Lbx98SRDqvi9QHt7dcSW2nE91PSSYf3/ur/AA5PzV/XPhz4VYXIY+3qP2ldrWXReUf1e78lofGZhmkq/urSJJ+xT+yzJ8JdI/4WP48tgvi/V4dsEDjJ061cZKn0mk/j/uj5eu6vvyiiv1Q8sKKKKACiiigAooooAKKKKACiiigD/9X9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACvnL40fssfCP44LJe+I9OOna4y4XVLHEVzkdPM4KSgf7YJ9CK+jaKAPwv+Jv8AwT3+Mvg55rzwS8HjLTkyVFuRBehf9qCQ4Y/7jtn0r45v9L8e/DXVtmo2upeFtSjPV1ms5c+x+Un8DX9S1UdT0vS9atWsdasoNQtm4MVxEsyEf7rgiiSUk4yV0xp2P5zPD/7Vf7QHhxUSz8ZXV1EvRLxY7sfnKrN+terad+3x8crQBb2HSb8Du9q0bH8Y5FH6V+sniP8AZO/Z08UO8upeBNPhlfkvaB7Rs+v7hkH6V5Fqf/BPP9nS+YtZwarp2f8AnjfFgPoJVevlMbwHkmId62Dpt9+VJ/ekmdUMdWjtN/efEEP/AAUP+JiDE3hfR5D6g3C/+1KfL/wUQ+JLLiLwto6H1LXDf+1BX1fP/wAE1vgw7E2/iDXYh6NLbP8A+0RUcP8AwTU+DitmfxFrkg9A9uv6+Sa8n/iFHDl7/U4/fL/M1/tXEfznxVqf7fPxwvAVsINJ04Hulq0jD8ZJGH6V474m/ae+PPipHi1TxleQQv1jtClomD2/cqhx+NfrLpf/AATw/Z2sGDXseraljtPfbAfqIUjr2Xwz+yp+zx4SdJtJ8CadJMnIku0a8fPrm4aQfpXr4DgTJMM+ahg6afflTf3u7MZ46tL4pv7z+fPw34J+IfxN1Qx+F9G1HxJfTH5nhikuDk93lOQPqzV93fCr/gnH49154dS+K+qReGrE4ZrO1K3N6w9Cw/dR/XLn2r9l7Ozs9OtlstOt47S3ThYoUWNAPZVAA/KrNfVrRWRynlXwr+Cnw1+DGknSvh/o0di0gAnun/eXdxjvLM3zH/dGFHYCvVaKKQBRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH/1v3EooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/1/3EooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/0P3EooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/0f3EooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/0v3Eoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQBRoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQBRoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQBRoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQBRoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQB//9k=" - } - ] - }, "advisories": [ { "title": "GitHub Commit", @@ -75,7 +63,6 @@ "created": "2021-01-01T00:00:00.000Z", "published": "2021-01-01T00:00:00.000Z", "updated": "2021-01-01T00:00:00.000Z", - "rejected": "2022-01-01T00:00:00.000Z", "credits": { "organizations": [ { @@ -92,40 +79,24 @@ } ] }, - "tools": { - "components": [ - { - "type": "application", - "group": "Snyk", - "name": "Snyk CLI (Linux)", - "version": "1.729.0", - "hashes": [ - { - "alg": "SHA-256", - "content": "2eaf8c62831a1658c95d41fdc683cd177c147733c64a93e59cb2362829e45b7d" - } - ] - } - ], - "services": [ - { - "provider": { - "name": "Acme Inc" - }, - "name": "Acme BOM Analyzer", - "endpoints": [ - "https://example.com/analyze" - ] - } - ] - }, + "tools": [ + { + "vendor": "Snyk", + "name": "Snyk CLI (Linux)", + "version": "1.729.0", + "hashes": [ + { + "alg": "SHA-256", + "content": "2eaf8c62831a1658c95d41fdc683cd177c147733c64a93e59cb2362829e45b7d" + } + ] + } + ], "analysis": { "state": "not_affected", "justification": "code_not_reachable", "response": ["will_not_fix", "update"], - "detail": "An optional explanation of why the application is not affected by the vulnerable component.", - "firstIssued": "2022-01-01T00:00:00.000Z", - "lastUpdated": "2022-02-01T00:00:00.000Z" + "detail": "An optional explanation of why the application is not affected by the vulnerable component." }, "affects": [ { diff --git a/src/test/resources/1.5/valid-vulnerability-1.5.textproto b/src/test/resources/1.5/valid-vulnerability-1.5.textproto index 3f50d5692..4cecc1285 100644 --- a/src/test/resources/1.5/valid-vulnerability-1.5.textproto +++ b/src/test/resources/1.5/valid-vulnerability-1.5.textproto @@ -39,17 +39,6 @@ vulnerabilities { description: "FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath." detail: "" recommendation: "Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.6.7.5, 2.8.11.1, 2.9.5 or higher." - proofOfConcept: { - reproductionSteps: "Precise steps to reproduce go here" - environment: "Describe the environment" - supportingMaterial: [ - { - content_type: "image/jpeg" - encoding: "base64" - value: "/9j/4AAQSkZJRgABAQAASABIAAD/4QBYRXhpZgAATU0AKgAAAAgAAgESAAMAAAABAAEAAIdpAAQAAAABAAAAJgAAAAAAA6ABAAMAAAABAAEAAKACAAQAAAABAAABQKADAAQAAAABAAABQAAAAAD/wAARCAFAAUADASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9sAQwACAgICAgIDAgIDBQMDAwUGBQUFBQYIBgYGBgYICggICAgICAoKCgoKCgoKDAwMDAwMDg4ODg4PDw8PDw8PDw8P/9sAQwECAgIEBAQHBAQHEAsJCxAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQ/90ABAAU/9oADAMBAAIRAxEAPwD9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9D9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9H9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9L9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9P9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9T9xKKKKACiiigAooooAKKKKACiiigAooooAKKzdY1jSfD2lXWua7eRafp9jG0s9xO4SONF6szHgCvyK+P/APwUJ1zV7i68MfAxTpmnKTG2sTJ/pU3Ym3jbIiU9mYFz1AWmkB+qvjL4ieA/h5Z/bvHPiCy0OEjK/a51jZv91CdzfgDXy3r/APwUA/Zw0WVobPUr/WWXvZ2T7D9GmMQNfitofhT4ofGXX5ptHsdR8V6rK2Zrht85BPeSaQ7V/wCBMK+nvDv7Afxk1WJZtcvtL0PdzskmeeQfUQqVz/wI185nXF+VZc+XG4mMH2b1+5Xf4HTRwlWprCLZ9xW//BSD4DSy7JtO12Bf77WsBH5LOT+leweEP2yv2cfGc0drZeL4tNuJOBHqUclmST23yKI//H6/Om4/4J2eOli3Wvi/TJJP7rwzoPzAb+VeL+NP2NPjx4Ohku00aPXrWPJL6ZKJ2x/1yYLIfwU15WX+JeQYqfs6OMhfzfL/AOlJGk8trxV3Bn9Ctpd2t/bR3thPHc28w3JLEweNwe6spII+lWK/me+G3xr+LfwN1hj4P1e50zyXxcadcBmtnI6rLbScA+4CsOxr9mP2bv2x/Bfxz8rwzrUaeHfGIX/jzd8wXeBy1q7ck9zG3zDtuGTX2+6ujiPsmiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD//1f3EooooAKKKKACiiigAooooAKKKKACop54LWCS6upFhhhVnkdyFVEUZZmJ4AAGSalr88P8AgoV8aJ/BXgCz+F+hXBi1PxeGa7ZDho9OiOGX285/k91DChAfDv7Xn7Uuo/GzxHN4V8LXL2/gbSZSIUUlft8qHH2mUd1z/qlPAHzH5jx1P7NH7HM/j21tfHvxQWWy8Py4ktbBSY571ezu3WOE9sfMw5GBgnhP2PfgTB8WfGsviHxJb+b4Z8NsjzIw+W6uTzFAfVRjc49MD+Kv2w/dxR/wxxxr7Kqqo/IAD8q/nbxl8VauAm8pyyVqlvfkt432S/vNat9Fa2r0+hyjK1Ne1qbdEZWgeHtB8K6VDofhrT4NL0+3GI4LeMRoPfA6n1J5Pc1sV8+X/wC1V+z9pustoV14ytTOjbGeNJZIFYcYMyIU/EEj3r3iw1Cw1Wyg1LS7mO8tLpBJFNC4eORG5DKy5BB9q/lbM8px1C1XG0px59U5Jrm+bWp9NTqwlpBrTsW6KKK8k1PD/jD+z78OvjRp8ieI7IWurBcQanbKFuoz23HpInqr59sHmvxc+K/wl8c/AbxlHpWtFo3VvP0/UbYsiTqjZWSJxyrqcblzuU+2Cf6E68r+Mnwn0H4yeBb3wfraqkrAyWVzjL2t0o+SRT1x2cd1JHpX7D4ZeKuJyevHDYqTlhno09eTzj6dY7P1PJzLLI1k5RVpfmef/sZftQn41aA/gvxnMo8Z6JEGaQ4X+0LZcL54H/PRTgSgeoYdSB9yV/MPoWs+M/gP8U4dTgU2XiDwnfFZIySFYxNtkjb1jkXI91Oa/pQ8E+LtI8feENG8a6C++w1u1iuovVRIuSp91OVPuDX9ywqRnFTg7p6pnxTTTszqKKKKoQUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH//W/cSiiigAooooAKKKKACiiigD8fP2q/21fiZo/wAStW+Hnwsvl0LTvD0xtZ7pYkkuLm4T/WYaQMERW+UBRk4yTg4r5Z/4bJ/aZ/6Hu6/79W//AMbr6u/a+/Yz8cX3jLWfi18L7U63Zau5u77Tov8Aj7gnI/ePEn/LVHI3bV+YEkYIr8z9Ovrnw9qhe4soppYGKS295CHGQeVZGAKkfgRTe2iNKUYuSU3Zd9z6C/4bJ/aZ/wCh7uv+/Vv/APG68Z8e/EXxr8T9dHiXx7qsusaksKQCaUKCIoySqgIFAAJJ6d6+gPBPiT4Q+KvLs9Q0Gx0rUWwPLliTy3P+xIQB+BwfrWR8efDHh3Q9E0u40bTYLGWS5ZGaGMIWXYTg468ivIp5x+/VCdNxbPv8TwBbLp5lh8VCpCO9r33StqtHrsz9EP2G9X8J33wOt9M8PKY7/TbqZdUV8bmuZTvWTjqjR7QvptI7VN+3B4o1vw18C7iHRZHg/tm+gsbmRCQRburu65HQOUCn1BI714P/AME5Wbb48TJ2/wDEvOO2f33NfoJ8QvAXh74m+D9R8E+KImksNRQAlDiSN1O5JEJzhkYAj8jwTX8Y8WTw+VcaTr105041Izd9X7yUn62b0XkkcOFUquDSjo7W/Q/m/wCnAr9XP+CePifWr/wx4q8KXkjy6bpM9tPa7iSImuQ/mIvoCUDY9cnvXll//wAE8PiAmsmDTPFGmS6UW4nmWZJwnvEqspbHo+K/Qz4KfBrw58EfBq+FdBka7mmk8+8u5AFe4nIA3YGdqqBhVycDuSSa/UfF/wASMlx2SywmEqqpUm4tWT92zTbd0rO11bfXseblOXVoVueaskev0UUV/JR9SFFFFAH5F/8ABQLwFDovj7RvH1lGEj8R2zQ3GBgG5tMAMfdo2X/vmvrj/gnD43l174Qat4NupN8vhfUT5QJ5FveL5qj6CQSfnXHf8FBNPiuPg/o+oMP3llrEQU9wssMqsPxwPyrzP/gmNqEqeNvHWlZ/dTabazkf7UU5Qfo5r+9vBfNJ4rh2h7R3cLw+Sen3JpfI+Hziko4iVuup+xNFFFfqR5YUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH//1/3EooooAKKKKACiiigAooooAK+cPjd+yz8KfjnBJda9Y/2Zr+3Eeq2QVLgHt5o+7Mvs/Powr6Pr57/aW+PFp+z78PB4s+wjU9SvrhbOxtmYpG8zKzlpGHIRFUk45JwBjOQ0B+MHxz/ZJ+KvwOabVL+1GueGkPy6rZKWjRScD7RHy0J+uVz0Y18+XvibXdS0i30LULt7mztH8yFZDuKHG3AY84x26V6f8Wf2iPi18abpm8ba3I1gG3R6fbfuLKP0xEp+Yj+85Y+9eJU3BOza2NqWIqQUowk0no7dV2fc/Tr/AIJy/wDM+f8AcP8A/a1fp1X5mf8ABOa2mFt47vCP3RewjB/2gJmI/Kv0zr+CPGlp8S4q39z/ANIifZ5P/u8fn+YUUUV+WHphRRRQAUUUUAfAv/BQrWIbX4X+H9DLfvtQ1YSgf7FvC+4/m61xv/BMXSJX8SePNf2nyobOztM9t0sryY/KOvDP26PiNB4x+LMfhXTpRJZeEYDbMQcqbuUh5/8AvnCofdTX6Ff8E+/AE3hD4EJ4hvY/LuvF15JfjIwfs0YEMH4EKzD2av798H8nnguH8PCorSneb/7ed1/5LY+Fzasp15NdND7looor9LPNCiiigAooooAKK5rxf4x8MeAfD134r8Y6lFpWlWK7pZ5jhRngKAMlmY8KqgknoK+KW/4KOfAVdW+wCy1prPdt+2C1j8vH97yzL5mP+A59qLAffdFcp4K8ceE/iL4ctfFngrU4tV0q7zsmiJ4ZfvIynDK691YAiuroAKKKKACiiigAooooAKKKKAP/0P3EooooAKKKKACiiigAooooAK8J/aH+Bej/ALQHw/bwdqN42m3dtOt3Y3arv8mdVK/MmRuRlYqwBB7jkV7tRQB+MDf8EzPiiCQvi/RiOx2XIz+Gyuf8V/8ABOn4seGfC+q+IrbXNN1ibTLd7hbK1Sfz5xHyyx7lA3bckDuRgcmv2/r5b/ay+P8AqX7Pnw+ste0Cwiv9Y1i8Fnai43GCLCNI8jhSC2AMBQRknk4FVcD8Xv2cvjbefA/x/HrMwebQ9RAttTt16tDnIkUf89IjyPUZXvX7xaLrWk+I9JtNe0K7jvtOv41mgniO5JEbkEH+Y6g8Hmv5yPG3iqXxv4p1HxZc6faaZcapIZpobFGit/Nb77IjM23efmIBxknAFe2fAH9prxh8Drv+z1U6x4ZuH3z6fI+0ox6yW7nOxz3GNrdxnkfhni54UvOF9fwFlXirNbKaW2vSS6N6NaPZHt5Vmnsv3c/h/I/d6iuY8F+LtG8e+FNL8ZeH3Z9P1eBZ4t42uA3BVhzhlIIPuK6ev4tr0J0pypVFaUW00+jW6PsIyTV0FFFRT3EFpBJdXUqQwxKWeSRgqKo6lmOAAPU1mlfRDJa+bP2lvj5pnwS8GyCzlSXxTqqNHp1v1KE8G4kHZI+2fvNgDvjzP40/tt+A/A9vcaN8Onj8U69gqJUJ+wQN6tIMeaR/dTg92FflvHH8S/j78RViQT+IvE+uSYHoAP8Ax2KKMfRVFfv3hj4NYnG1oY3NabhRWqi9JT+W6j3vutFvdeFmWbxgnCk7v8ja+Cnws8Q/Hv4qWPhOB5Jft0xutTuzljFbBt08zMf4jnC56uwr+k3SdK07QdKstD0iEW1jp8MdvBEvRIolCoo+gFfP/wCzL+zpo37P/go6bEVv/EWqBJNUvlXh3UfLDFnkRR5OP7xyx64H0kUcdVI/Cv7J0WiPkBtFGCKKACilCk9Bmql/e2WlWz3uq3EVlbxjc8k7rEij1LMQAKALVVb6+stMs59R1K4jtLS2QySzTOI440XkszNgAD1NfGHxa/bw+C/w7jmsPDFyfGespkCKwbFqrf8ATS6IK4/65hz9K/Jf40/tMfFb473f2fxPf/ZdI35h0qy3R2qnPy7lyWlf3cn2A6U0gPbP25P2idC+MfijS/C3gPUHvPDPh5ZGeUApDdXrnBkTPLIiDarEDqxHBzXgi/AbxF/wol/jxJewx6cLsW62jKwmeMy+T5ob7uN/AHoCc9q92+Af7FninxzNbeJvidHLoHh7IkW1YbL27XqBtPMKHuzfMR0HevsD9suw0rw1+zLd6Bo1tHZWMFzp1tbwRDakcaSghVH0WvxziLxToLNcJlOWTUpyqRU2rNKLdnFPu+62t329jD5ZL2U6tRWSTsfPH/BNjxlrNl8TNe8BrKX0nVdOe9aIn5UuLV0VZFHqyOVPrgegr9oa/D3/AIJvW5l+OuqTgcQaHck/8CmhFfuFX7HI8cKKKKQBRRRQAUUUUAFFFFAH/9H9xKKKKACiiigAooooAKKKKACiiigAr83P+CmUBf4WeEbgDiLW2B/4FbSf4V+kdfBX/BRjS2vfgBb36jJ07WrOQ+yyJLGf1YU0B+ef7JXwK8DfHG58UWPjGW8hfSYrWS3a0lWMjzWdW3BkcH7ox0r6suv+Cd/w5kmV7PxTq0MWRuRkgcle4DbVwfcg14p/wTw1IQfEbxRpRODeaUkoHqYJ1H8pK/XCv5D8WeOs6yzPq1DCYmUYWi0tGtYq9k0+tz6zK8FRqUFKcbvU5zwh4U0bwN4Y0zwh4eiMOm6TAsEKsdzbV7se7Mckn1NdHRRX871q06k5VKjvJu7b3be7PfSSVkFfOX7VXgLxn8R/g5qPhvwKTJqHnwTvbBwhuoYiS8QJIGScMATglcelfRtFd2TZrUwOLpYykk5QkpK+qunfUitSU4uD6n88t78BPjZp2ftfgXWEx/ds5H/9ABrmZvAvxE0d/Mn8PatYuv8AEbS4jI/HYDX9IOSOhpwkkHRiPxr+gaP0ksYv4mEi/STX5pngvh6HSbP5u49e+I+lf6rUtZstvpPcxY/UVpQ/GD4s2J2weNdahI7DULgf+z1/RbIkcv8ArkWT/eAP86oy6RpE4xPYW8g/2oUb+Yr06f0lV9vA/dU/+0M3w72n+H/BP59ov2g/jlBxF8Q9dUf9hKf/AOLqz/w0d8eiMf8ACxddx/2EJv8A4qv3tk8HeEJuZtB09/8AetIT/Nag/wCEE8DZz/wjemZ/68oP/iK6l9JSh1wT/wDA1/8AIk/6uv8An/A/Am6+PHxpvVK3fj/XJQeobUrj/wCLrnmHxF8eTrC/9r+I5nPyq32i8JPsDur+iS38L+F7QhrXRrGEjulrEv8AJa11MFmm1NsK+igKPyFc1f6Sd1ajgdfOf6KBcOHO8/w/4J+Kvw1/Yk+MHjZ4rrxHAnhHTGwS9781yV/2LdTuz/vlK/ST4SfsufCn4RGLUNNsTq+tx4P9o34WSVW9Ykxsi/4CN3+0a96l1KMcRLuPqeBVq2nFxHvxgg4Ir8s4w8T89zSDjWn7Ok/sw0Xzd+Z+jdvI9fD5NTormtd92WCSTk18M/8ABQDUha/BjTdPzhr/AFiAY9RFFK5/XFfc1fmL/wAFF9eGPBPhZG5/0y+df++IkP8A6HXF4RYJ1+I8JFdG5f8AgMW/0JzWfLh5srf8EytMM3xC8aaxji10qCDPvPOG/wDaVfsnX5h/8EyfD7W/g3xt4odcfbb+2tEb1FtEXb9ZRX6eV/oDI+DCiiikAUUUUAFFFFABRRRQB//S/cSiiigAooooAKKKKACiiigAooooAK+aP2w/DreJv2bfG9nGm+SztUvkHvZypMT+Cqa+l6yte0a08R6FqXh6/GbbVLaa1kB/uToUP6GgD+fv9i3xEugftBaHFK22PWIbmwPpuljLp+boB+NfuTX841jNq3wn+JcMsylNQ8I6qN69DvspsMPx2kfQ1/RZpuo2esadaavp7iS1voY54mHIaOVQ6n8jX8ifSNylwx+HxqWk4uPzi7/lJfcfWcP1b05Q7P8AMu0UUV/OR9AFFFFAGHNfXAlYKdoBxjFMGoXI/iB/Ctp4IZDudASe9Rmztj/yzH617EMbh7JOH5HUqsLaozBqVx/sn8KX+05v7q/rV/7Ban+D9TSf2fa/3T+dV9awv8g/aU+xS/tOb+4v60h1Oc9FUfnV3+z7b0P50o0+1H8JP40fWMJ/KHPS7GU95cvwXwPbiokimmPyqW966BLW3j+6gz781PQ80hFWpQB4hL4UczNA8BAkxkjPFa2mjEBPq1Z19J5lw2Oi8flWxaJ5dug7kZP41rj6reHjzbsqtJ8iuWa/ED9tjxcvij486pZQvvt/D0EGnLg8B0HmS/8Aj7kH6V+zni/xRp/grwrq/i/VWC2mj2st1JnuI1JCj3Y4A9zX88+l2GvfFv4kW2nrmbV/F2phSev728lyx+i7ifoK/cfo55E6mNr5jJaQjyr1lq/uS/8AJj5HiCvaEaffU/df9iDwi3hL9m/w0Zo/LuNba41OTPXFxIRH/wCQ1SvrSsvRNGsfDui6f4f0xAlnplvFawqO0cKBF/QVqV/XDPlAooooAKKKKACiiigAooooA//T/cSiiigAooooAKKKKACiiigAooooAKKKKAPwj/4KAfDGTwT8bH8XWkOzTPGcIu1YD5RdxAR3C/U/K/8AwKvrz9h/4oR+NfhSvg++m3ar4RYWxUn5ms3y0D/ReY/+Aj1r6M/at+Cg+OHwkv8AQtPjDa9pRN/pbdzcRqd0OfSZMp/vbT2r8Mvgn8U9Y+CPxJs/FMcUhhiZrXUbQ/K0luxxKhB6OhG5c9GUe9fn3ifwe86ymeHpr95H3oeq6fNXXrZ9D0Mtxfsaqk9noz+hGisfw94g0fxXodj4k8PXS3um6lEs0EyHhkYcfQjoR1ByDWxX+fdSnKEnCas1o0+jPu076oKKKKgYUUUUAFFFFABRRR70AFVrq4FvGT/Efuio576KLIT529un51jM0tzLk/MzdK9TB5e5PmqaI6aVBvV7C28RnmC9up+ldLVW1thbpg8s3U15p8ZPi14f+DPgi78X64wkmAMdla5w91ckfJGvsOrn+Fcn0rZ0quOxMMNho80m7RS6tmWKxEVeTeiPjP8Ab6+LkdlpFh8HtHn/ANJvyl7qe0/cgQ5gib/fYbyPRV9a4r/gnP8ACZ/EXxA1H4ranDnT/C8Zt7RmHD31yuCR/wBcoiSfQutfEUj+NvjZ8Scqrap4l8VXoCqvQySnAA/uxov4Ki+1f0Y/Bf4WaR8Gfhto3w/0giT7BHuuZwMG4upPmmlP+83T0UAdq/0A4E4UhkuWU8DHWW8n3k936dF5JH51jsU61Rz+49Sooor645AooooAKKKKACiiigAooooA/9T9xKKKKACiiigAooooAKKKKACiiigAooooAK/Ij9u79ly4sr28+Ofw/szJZ3B8zXLSJeYpO94ij+Bv+WuOjfP0Jx+u9MkjjmjeGZBJHICrKwBVlIwQQeCCOoppgfz5/syftO6n8FdQ/wCEe8QCTUPB99JulhX5pLSRus0APUH+NP4uo+br+0fhvxN4f8Y6Ja+I/C9/Fqem3i7op4W3KfUHuGHQqcEHgivz4/ah/YPvLa4vPH/wLtPtFtIWlutDT/WRE8s1n/eX/pl1H8GR8o+Bvhr8XviT8FNcluPCd9JYsJNt3YXCkwSsvBWaFsYYdMjDD1r8Q8SvBujm8pY3AtQr9b/DP17Pz69V1Pay7N3S9yesfyP6HKQ5wcda+Ffhl+3j8N/E8cVh8QraTwrqJwGmAa4smb1DqN6fRlIH96vs/wAP+J/DfiyzXUPC+q2ur2zDIktZkmX8dhOPxr+SM+4RzLK58mOoSh5291+klo/kz6qhiqdRXg7ldp7lJCWdlbvzUq6hcr1Ib6it1kR+HUH6ioGs7Zv+WYH0rlWYUZL34Hp+3g90Zo1Kfuqn86Dqc3ZV/Wrx0+29D+dH9n23ofzp/WMJ/KPnpdjObULk9CB9BVZ5ZpjhmLe1bq2Vsv8ABn6mrCRonEagfQUf2hRh8EA9vBfCjCisZ5OWGwep/wAK2ILaO3GEGSepPWuS8Y/EbwH8PrVrzxrr1npCAZCzygSt/uxjLsfopr4H+LH7f9jDHNpPwe0xriY5X+0tQTbGv+1Fb5y3sZCB/smvoci4SznO5KODovk/m2ivWT0forvyPOxmaQgvfl8j7X+LXxk8D/Bnw82ueL7sCaQH7LZREG5unH8Ma9hnq5+Ve57V+Hnxf+L/AIx+OHjD+3/EBIUHybCxhy0dvGx+WONerOxxubGWP4AYLv8AEb40eNVU/bfFXiXVX2qoBllb2AHCIv4Ko9BX7Dfsr/sVaX8J5Lbx98SRDqvi9QHt7dcSW2nE91PSSYf3/ur/AA5PzV/XPhz4VYXIY+3qP2ldrWXReUf1e78lofGZhmkq/urSJJ+xT+yzJ8JdI/4WP48tgvi/V4dsEDjJ061cZKn0mk/j/uj5eu6vvyiiv1Q8sKKKKACiiigAooooAKKKKACiiigD/9X9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACvnL40fssfCP44LJe+I9OOna4y4XVLHEVzkdPM4KSgf7YJ9CK+jaKAPwv+Jv8AwT3+Mvg55rzwS8HjLTkyVFuRBehf9qCQ4Y/7jtn0r45v9L8e/DXVtmo2upeFtSjPV1ms5c+x+Un8DX9S1UdT0vS9atWsdasoNQtm4MVxEsyEf7rgiiSUk4yV0xp2P5zPD/7Vf7QHhxUSz8ZXV1EvRLxY7sfnKrN+terad+3x8crQBb2HSb8Du9q0bH8Y5FH6V+sniP8AZO/Z08UO8upeBNPhlfkvaB7Rs+v7hkH6V5Fqf/BPP9nS+YtZwarp2f8AnjfFgPoJVevlMbwHkmId62Dpt9+VJ/ekmdUMdWjtN/efEEP/AAUP+JiDE3hfR5D6g3C/+1KfL/wUQ+JLLiLwto6H1LXDf+1BX1fP/wAE1vgw7E2/iDXYh6NLbP8A+0RUcP8AwTU+DitmfxFrkg9A9uv6+Sa8n/iFHDl7/U4/fL/M1/tXEfznxVqf7fPxwvAVsINJ04Hulq0jD8ZJGH6V474m/ae+PPipHi1TxleQQv1jtClomD2/cqhx+NfrLpf/AATw/Z2sGDXseraljtPfbAfqIUjr2Xwz+yp+zx4SdJtJ8CadJMnIku0a8fPrm4aQfpXr4DgTJMM+ahg6afflTf3u7MZ46tL4pv7z+fPw34J+IfxN1Qx+F9G1HxJfTH5nhikuDk93lOQPqzV93fCr/gnH49154dS+K+qReGrE4ZrO1K3N6w9Cw/dR/XLn2r9l7Ozs9OtlstOt47S3ThYoUWNAPZVAA/KrNfVrRWRynlXwr+Cnw1+DGknSvh/o0di0gAnun/eXdxjvLM3zH/dGFHYCvVaKKQBRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH/1v3EooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/1/3EooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/0P3EooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/0f3EooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/0v3Eoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQBRoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQBRoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQBRoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQBRoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQB//9k=" - } - ] - } advisories: { title: "GitHub Commit" url: "https://github.com/FasterXML/jackson-databind/commit/6799f8f10cc78e9af6d443ed6982d00a13f2e7d2" @@ -70,10 +59,6 @@ vulnerabilities { seconds: 3173618478 nanos: 3 } - rejected: { - seconds: 3173618478 - nanos: 3 - } credits: { organizations: { name: "Acme, Inc." @@ -85,31 +70,13 @@ vulnerabilities { } } tools: { - components: [ - { - type: CLASSIFICATION_APPLICATION, - group: "Snyk", - name: "Snyk CLI (Linux)", - version: "1.729.0", - hashes: [ - { - alg: HASH_ALG_SHA_256 - value: "2eaf8c62831a1658c95d41fdc683cd177c147733c64a93e59cb2362829e45b7d" - } - ] - } - ] - services: [ - { - provider: { - name: "Acme Inc" - }, - name: "Acme BOM Analyzer", - endpoints: [ - "https://example.com/analyze" - ] - } - ] + vendor: "Snyk" + name: "Snyk CLI (Linux)" + version: "1.729.0" + hashes: { + alg: HASH_ALG_SHA_256 + value: "2eaf8c62831a1658c95d41fdc683cd177c147733c64a93e59cb2362829e45b7d" + } } analysis: { state: IMPACT_ANALYSIS_STATE_NOT_AFFECTED @@ -117,14 +84,6 @@ vulnerabilities { response: VULNERABILITY_RESPONSE_WILL_NOT_FIX response: VULNERABILITY_RESPONSE_UPDATE detail: "An optional explanation of why the application is not affected by the vulnerable component." - firstIssued: { - seconds: 1641042000 - nanos: 3 - } - lastUpdated: { - seconds: 1643720400 - nanos: 3 - } } affects: { ref: "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4" @@ -157,5 +116,4 @@ vulnerabilities { name: "Bar" value: "Foo" } - workaround: "Describe the workarounds here" } diff --git a/src/test/resources/1.5/valid-vulnerability-1.5.xml b/src/test/resources/1.5/valid-vulnerability-1.5.xml index 4a2ffdc72..332890004 100644 --- a/src/test/resources/1.5/valid-vulnerability-1.5.xml +++ b/src/test/resources/1.5/valid-vulnerability-1.5.xml @@ -51,14 +51,6 @@ FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath. Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.6.7.5, 2.8.11.1, 2.9.5 or higher. - Describe the workarounds here - - Precise steps to reproduce go here - Describe the environment - - /9j/4AAQSkZJRgABAQAASABIAAD/4QBYRXhpZgAATU0AKgAAAAgAAgESAAMAAAABAAEAAIdpAAQAAAABAAAAJgAAAAAAA6ABAAMAAAABAAEAAKACAAQAAAABAAABQKADAAQAAAABAAABQAAAAAD/wAARCAFAAUADASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9sAQwACAgICAgIDAgIDBQMDAwUGBQUFBQYIBgYGBgYICggICAgICAoKCgoKCgoKDAwMDAwMDg4ODg4PDw8PDw8PDw8P/9sAQwECAgIEBAQHBAQHEAsJCxAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQ/90ABAAU/9oADAMBAAIRAxEAPwD9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9D9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9H9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9L9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9P9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD/9T9xKKKKACiiigAooooAKKKKACiiigAooooAKKzdY1jSfD2lXWua7eRafp9jG0s9xO4SONF6szHgCvyK+P/APwUJ1zV7i68MfAxTpmnKTG2sTJ/pU3Ym3jbIiU9mYFz1AWmkB+qvjL4ieA/h5Z/bvHPiCy0OEjK/a51jZv91CdzfgDXy3r/APwUA/Zw0WVobPUr/WWXvZ2T7D9GmMQNfitofhT4ofGXX5ptHsdR8V6rK2Zrht85BPeSaQ7V/wCBMK+nvDv7Afxk1WJZtcvtL0PdzskmeeQfUQqVz/wI185nXF+VZc+XG4mMH2b1+5Xf4HTRwlWprCLZ9xW//BSD4DSy7JtO12Bf77WsBH5LOT+leweEP2yv2cfGc0drZeL4tNuJOBHqUclmST23yKI//H6/Om4/4J2eOli3Wvi/TJJP7rwzoPzAb+VeL+NP2NPjx4Ohku00aPXrWPJL6ZKJ2x/1yYLIfwU15WX+JeQYqfs6OMhfzfL/AOlJGk8trxV3Bn9Ctpd2t/bR3thPHc28w3JLEweNwe6spII+lWK/me+G3xr+LfwN1hj4P1e50zyXxcadcBmtnI6rLbScA+4CsOxr9mP2bv2x/Bfxz8rwzrUaeHfGIX/jzd8wXeBy1q7ck9zG3zDtuGTX2+6ujiPsmiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD//1f3EooooAKKKKACiiigAooooAKKKKACop54LWCS6upFhhhVnkdyFVEUZZmJ4AAGSalr88P8AgoV8aJ/BXgCz+F+hXBi1PxeGa7ZDho9OiOGX285/k91DChAfDv7Xn7Uuo/GzxHN4V8LXL2/gbSZSIUUlft8qHH2mUd1z/qlPAHzH5jx1P7NH7HM/j21tfHvxQWWy8Py4ktbBSY571ezu3WOE9sfMw5GBgnhP2PfgTB8WfGsviHxJb+b4Z8NsjzIw+W6uTzFAfVRjc49MD+Kv2w/dxR/wxxxr7Kqqo/IAD8q/nbxl8VauAm8pyyVqlvfkt432S/vNat9Fa2r0+hyjK1Ne1qbdEZWgeHtB8K6VDofhrT4NL0+3GI4LeMRoPfA6n1J5Pc1sV8+X/wC1V+z9pustoV14ytTOjbGeNJZIFYcYMyIU/EEj3r3iw1Cw1Wyg1LS7mO8tLpBJFNC4eORG5DKy5BB9q/lbM8px1C1XG0px59U5Jrm+bWp9NTqwlpBrTsW6KKK8k1PD/jD+z78OvjRp8ieI7IWurBcQanbKFuoz23HpInqr59sHmvxc+K/wl8c/AbxlHpWtFo3VvP0/UbYsiTqjZWSJxyrqcblzuU+2Cf6E68r+Mnwn0H4yeBb3wfraqkrAyWVzjL2t0o+SRT1x2cd1JHpX7D4ZeKuJyevHDYqTlhno09eTzj6dY7P1PJzLLI1k5RVpfmef/sZftQn41aA/gvxnMo8Z6JEGaQ4X+0LZcL54H/PRTgSgeoYdSB9yV/MPoWs+M/gP8U4dTgU2XiDwnfFZIySFYxNtkjb1jkXI91Oa/pQ8E+LtI8feENG8a6C++w1u1iuovVRIuSp91OVPuDX9ywqRnFTg7p6pnxTTTszqKKKKoQUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH//W/cSiiigAooooAKKKKACiiigD8fP2q/21fiZo/wAStW+Hnwsvl0LTvD0xtZ7pYkkuLm4T/WYaQMERW+UBRk4yTg4r5Z/4bJ/aZ/6Hu6/79W//AMbr6u/a+/Yz8cX3jLWfi18L7U63Zau5u77Tov8Aj7gnI/ePEn/LVHI3bV+YEkYIr8z9Ovrnw9qhe4soppYGKS295CHGQeVZGAKkfgRTe2iNKUYuSU3Zd9z6C/4bJ/aZ/wCh7uv+/Vv/APG68Z8e/EXxr8T9dHiXx7qsusaksKQCaUKCIoySqgIFAAJJ6d6+gPBPiT4Q+KvLs9Q0Gx0rUWwPLliTy3P+xIQB+BwfrWR8efDHh3Q9E0u40bTYLGWS5ZGaGMIWXYTg468ivIp5x+/VCdNxbPv8TwBbLp5lh8VCpCO9r33StqtHrsz9EP2G9X8J33wOt9M8PKY7/TbqZdUV8bmuZTvWTjqjR7QvptI7VN+3B4o1vw18C7iHRZHg/tm+gsbmRCQRburu65HQOUCn1BI714P/AME5Wbb48TJ2/wDEvOO2f33NfoJ8QvAXh74m+D9R8E+KImksNRQAlDiSN1O5JEJzhkYAj8jwTX8Y8WTw+VcaTr105041Izd9X7yUn62b0XkkcOFUquDSjo7W/Q/m/wCnAr9XP+CePifWr/wx4q8KXkjy6bpM9tPa7iSImuQ/mIvoCUDY9cnvXll//wAE8PiAmsmDTPFGmS6UW4nmWZJwnvEqspbHo+K/Qz4KfBrw58EfBq+FdBka7mmk8+8u5AFe4nIA3YGdqqBhVycDuSSa/UfF/wASMlx2SywmEqqpUm4tWT92zTbd0rO11bfXseblOXVoVueaskev0UUV/JR9SFFFFAH5F/8ABQLwFDovj7RvH1lGEj8R2zQ3GBgG5tMAMfdo2X/vmvrj/gnD43l174Qat4NupN8vhfUT5QJ5FveL5qj6CQSfnXHf8FBNPiuPg/o+oMP3llrEQU9wssMqsPxwPyrzP/gmNqEqeNvHWlZ/dTabazkf7UU5Qfo5r+9vBfNJ4rh2h7R3cLw+Sen3JpfI+Hziko4iVuup+xNFFFfqR5YUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH//1/3EooooAKKKKACiiigAooooAK+cPjd+yz8KfjnBJda9Y/2Zr+3Eeq2QVLgHt5o+7Mvs/Powr6Pr57/aW+PFp+z78PB4s+wjU9SvrhbOxtmYpG8zKzlpGHIRFUk45JwBjOQ0B+MHxz/ZJ+KvwOabVL+1GueGkPy6rZKWjRScD7RHy0J+uVz0Y18+XvibXdS0i30LULt7mztH8yFZDuKHG3AY84x26V6f8Wf2iPi18abpm8ba3I1gG3R6fbfuLKP0xEp+Yj+85Y+9eJU3BOza2NqWIqQUowk0no7dV2fc/Tr/AIJy/wDM+f8AcP8A/a1fp1X5mf8ABOa2mFt47vCP3RewjB/2gJmI/Kv0zr+CPGlp8S4q39z/ANIifZ5P/u8fn+YUUUV+WHphRRRQAUUUUAfAv/BQrWIbX4X+H9DLfvtQ1YSgf7FvC+4/m61xv/BMXSJX8SePNf2nyobOztM9t0sryY/KOvDP26PiNB4x+LMfhXTpRJZeEYDbMQcqbuUh5/8AvnCofdTX6Ff8E+/AE3hD4EJ4hvY/LuvF15JfjIwfs0YEMH4EKzD2av798H8nnguH8PCorSneb/7ed1/5LY+Fzasp15NdND7looor9LPNCiiigAooooAKK5rxf4x8MeAfD134r8Y6lFpWlWK7pZ5jhRngKAMlmY8KqgknoK+KW/4KOfAVdW+wCy1prPdt+2C1j8vH97yzL5mP+A59qLAffdFcp4K8ceE/iL4ctfFngrU4tV0q7zsmiJ4ZfvIynDK691YAiuroAKKKKACiiigAooooAKKKKAP/0P3EooooAKKKKACiiigAooooAK8J/aH+Bej/ALQHw/bwdqN42m3dtOt3Y3arv8mdVK/MmRuRlYqwBB7jkV7tRQB+MDf8EzPiiCQvi/RiOx2XIz+Gyuf8V/8ABOn4seGfC+q+IrbXNN1ibTLd7hbK1Sfz5xHyyx7lA3bckDuRgcmv2/r5b/ay+P8AqX7Pnw+ste0Cwiv9Y1i8Fnai43GCLCNI8jhSC2AMBQRknk4FVcD8Xv2cvjbefA/x/HrMwebQ9RAttTt16tDnIkUf89IjyPUZXvX7xaLrWk+I9JtNe0K7jvtOv41mgniO5JEbkEH+Y6g8Hmv5yPG3iqXxv4p1HxZc6faaZcapIZpobFGit/Nb77IjM23efmIBxknAFe2fAH9prxh8Drv+z1U6x4ZuH3z6fI+0ox6yW7nOxz3GNrdxnkfhni54UvOF9fwFlXirNbKaW2vSS6N6NaPZHt5Vmnsv3c/h/I/d6iuY8F+LtG8e+FNL8ZeH3Z9P1eBZ4t42uA3BVhzhlIIPuK6ev4tr0J0pypVFaUW00+jW6PsIyTV0FFFRT3EFpBJdXUqQwxKWeSRgqKo6lmOAAPU1mlfRDJa+bP2lvj5pnwS8GyCzlSXxTqqNHp1v1KE8G4kHZI+2fvNgDvjzP40/tt+A/A9vcaN8Onj8U69gqJUJ+wQN6tIMeaR/dTg92FflvHH8S/j78RViQT+IvE+uSYHoAP8Ax2KKMfRVFfv3hj4NYnG1oY3NabhRWqi9JT+W6j3vutFvdeFmWbxgnCk7v8ja+Cnws8Q/Hv4qWPhOB5Jft0xutTuzljFbBt08zMf4jnC56uwr+k3SdK07QdKstD0iEW1jp8MdvBEvRIolCoo+gFfP/wCzL+zpo37P/go6bEVv/EWqBJNUvlXh3UfLDFnkRR5OP7xyx64H0kUcdVI/Cv7J0WiPkBtFGCKKACilCk9Bmql/e2WlWz3uq3EVlbxjc8k7rEij1LMQAKALVVb6+stMs59R1K4jtLS2QySzTOI440XkszNgAD1NfGHxa/bw+C/w7jmsPDFyfGespkCKwbFqrf8ATS6IK4/65hz9K/Jf40/tMfFb473f2fxPf/ZdI35h0qy3R2qnPy7lyWlf3cn2A6U0gPbP25P2idC+MfijS/C3gPUHvPDPh5ZGeUApDdXrnBkTPLIiDarEDqxHBzXgi/AbxF/wol/jxJewx6cLsW62jKwmeMy+T5ob7uN/AHoCc9q92+Af7FninxzNbeJvidHLoHh7IkW1YbL27XqBtPMKHuzfMR0HevsD9suw0rw1+zLd6Bo1tHZWMFzp1tbwRDakcaSghVH0WvxziLxToLNcJlOWTUpyqRU2rNKLdnFPu+62t329jD5ZL2U6tRWSTsfPH/BNjxlrNl8TNe8BrKX0nVdOe9aIn5UuLV0VZFHqyOVPrgegr9oa/D3/AIJvW5l+OuqTgcQaHck/8CmhFfuFX7HI8cKKKKQBRRRQAUUUUAFFFFAH/9H9xKKKKACiiigAooooAKKKKACiiigAr83P+CmUBf4WeEbgDiLW2B/4FbSf4V+kdfBX/BRjS2vfgBb36jJ07WrOQ+yyJLGf1YU0B+ef7JXwK8DfHG58UWPjGW8hfSYrWS3a0lWMjzWdW3BkcH7ox0r6suv+Cd/w5kmV7PxTq0MWRuRkgcle4DbVwfcg14p/wTw1IQfEbxRpRODeaUkoHqYJ1H8pK/XCv5D8WeOs6yzPq1DCYmUYWi0tGtYq9k0+tz6zK8FRqUFKcbvU5zwh4U0bwN4Y0zwh4eiMOm6TAsEKsdzbV7se7Mckn1NdHRRX871q06k5VKjvJu7b3be7PfSSVkFfOX7VXgLxn8R/g5qPhvwKTJqHnwTvbBwhuoYiS8QJIGScMATglcelfRtFd2TZrUwOLpYykk5QkpK+qunfUitSU4uD6n88t78BPjZp2ftfgXWEx/ds5H/9ABrmZvAvxE0d/Mn8PatYuv8AEbS4jI/HYDX9IOSOhpwkkHRiPxr+gaP0ksYv4mEi/STX5pngvh6HSbP5u49e+I+lf6rUtZstvpPcxY/UVpQ/GD4s2J2weNdahI7DULgf+z1/RbIkcv8ArkWT/eAP86oy6RpE4xPYW8g/2oUb+Yr06f0lV9vA/dU/+0M3w72n+H/BP59ov2g/jlBxF8Q9dUf9hKf/AOLqz/w0d8eiMf8ACxddx/2EJv8A4qv3tk8HeEJuZtB09/8AetIT/Nag/wCEE8DZz/wjemZ/68oP/iK6l9JSh1wT/wDA1/8AIk/6uv8An/A/Am6+PHxpvVK3fj/XJQeobUrj/wCLrnmHxF8eTrC/9r+I5nPyq32i8JPsDur+iS38L+F7QhrXRrGEjulrEv8AJa11MFmm1NsK+igKPyFc1f6Sd1ajgdfOf6KBcOHO8/w/4J+Kvw1/Yk+MHjZ4rrxHAnhHTGwS9781yV/2LdTuz/vlK/ST4SfsufCn4RGLUNNsTq+tx4P9o34WSVW9Ykxsi/4CN3+0a96l1KMcRLuPqeBVq2nFxHvxgg4Ir8s4w8T89zSDjWn7Ok/sw0Xzd+Z+jdvI9fD5NTormtd92WCSTk18M/8ABQDUha/BjTdPzhr/AFiAY9RFFK5/XFfc1fmL/wAFF9eGPBPhZG5/0y+df++IkP8A6HXF4RYJ1+I8JFdG5f8AgMW/0JzWfLh5srf8EytMM3xC8aaxji10qCDPvPOG/wDaVfsnX5h/8EyfD7W/g3xt4odcfbb+2tEb1FtEXb9ZRX6eV/oDI+DCiiikAUUUUAFFFFABRRRQB//S/cSiiigAooooAKKKKACiiigAooooAK+aP2w/DreJv2bfG9nGm+SztUvkHvZypMT+Cqa+l6yte0a08R6FqXh6/GbbVLaa1kB/uToUP6GgD+fv9i3xEugftBaHFK22PWIbmwPpuljLp+boB+NfuTX841jNq3wn+JcMsylNQ8I6qN69DvspsMPx2kfQ1/RZpuo2esadaavp7iS1voY54mHIaOVQ6n8jX8ifSNylwx+HxqWk4uPzi7/lJfcfWcP1b05Q7P8AMu0UUV/OR9AFFFFAGHNfXAlYKdoBxjFMGoXI/iB/Ctp4IZDudASe9Rmztj/yzH617EMbh7JOH5HUqsLaozBqVx/sn8KX+05v7q/rV/7Ban+D9TSf2fa/3T+dV9awv8g/aU+xS/tOb+4v60h1Oc9FUfnV3+z7b0P50o0+1H8JP40fWMJ/KHPS7GU95cvwXwPbiokimmPyqW966BLW3j+6gz781PQ80hFWpQB4hL4UczNA8BAkxkjPFa2mjEBPq1Z19J5lw2Oi8flWxaJ5dug7kZP41rj6reHjzbsqtJ8iuWa/ED9tjxcvij486pZQvvt/D0EGnLg8B0HmS/8Aj7kH6V+zni/xRp/grwrq/i/VWC2mj2st1JnuI1JCj3Y4A9zX88+l2GvfFv4kW2nrmbV/F2phSev728lyx+i7ifoK/cfo55E6mNr5jJaQjyr1lq/uS/8AJj5HiCvaEaffU/df9iDwi3hL9m/w0Zo/LuNba41OTPXFxIRH/wCQ1SvrSsvRNGsfDui6f4f0xAlnplvFawqO0cKBF/QVqV/XDPlAooooAKKKKACiiigAooooA//T/cSiiigAooooAKKKKACiiigAooooAKKKKAPwj/4KAfDGTwT8bH8XWkOzTPGcIu1YD5RdxAR3C/U/K/8AwKvrz9h/4oR+NfhSvg++m3ar4RYWxUn5ms3y0D/ReY/+Aj1r6M/at+Cg+OHwkv8AQtPjDa9pRN/pbdzcRqd0OfSZMp/vbT2r8Mvgn8U9Y+CPxJs/FMcUhhiZrXUbQ/K0luxxKhB6OhG5c9GUe9fn3ifwe86ymeHpr95H3oeq6fNXXrZ9D0Mtxfsaqk9noz+hGisfw94g0fxXodj4k8PXS3um6lEs0EyHhkYcfQjoR1ByDWxX+fdSnKEnCas1o0+jPu076oKKKKgYUUUUAFFFFABRRR70AFVrq4FvGT/Efuio576KLIT529un51jM0tzLk/MzdK9TB5e5PmqaI6aVBvV7C28RnmC9up+ldLVW1thbpg8s3U15p8ZPi14f+DPgi78X64wkmAMdla5w91ckfJGvsOrn+Fcn0rZ0quOxMMNho80m7RS6tmWKxEVeTeiPjP8Ab6+LkdlpFh8HtHn/ANJvyl7qe0/cgQ5gib/fYbyPRV9a4r/gnP8ACZ/EXxA1H4ranDnT/C8Zt7RmHD31yuCR/wBcoiSfQutfEUj+NvjZ8Scqrap4l8VXoCqvQySnAA/uxov4Ki+1f0Y/Bf4WaR8Gfhto3w/0giT7BHuuZwMG4upPmmlP+83T0UAdq/0A4E4UhkuWU8DHWW8n3k936dF5JH51jsU61Rz+49Sooor645AooooAKKKKACiiigAooooA/9T9xKKKKACiiigAooooAKKKKACiiigAooooAK/Ij9u79ly4sr28+Ofw/szJZ3B8zXLSJeYpO94ij+Bv+WuOjfP0Jx+u9MkjjmjeGZBJHICrKwBVlIwQQeCCOoppgfz5/syftO6n8FdQ/wCEe8QCTUPB99JulhX5pLSRus0APUH+NP4uo+br+0fhvxN4f8Y6Ja+I/C9/Fqem3i7op4W3KfUHuGHQqcEHgivz4/ah/YPvLa4vPH/wLtPtFtIWlutDT/WRE8s1n/eX/pl1H8GR8o+Bvhr8XviT8FNcluPCd9JYsJNt3YXCkwSsvBWaFsYYdMjDD1r8Q8SvBujm8pY3AtQr9b/DP17Pz69V1Pay7N3S9yesfyP6HKQ5wcda+Ffhl+3j8N/E8cVh8QraTwrqJwGmAa4smb1DqN6fRlIH96vs/wAP+J/DfiyzXUPC+q2ur2zDIktZkmX8dhOPxr+SM+4RzLK58mOoSh5291+klo/kz6qhiqdRXg7ldp7lJCWdlbvzUq6hcr1Ib6it1kR+HUH6ioGs7Zv+WYH0rlWYUZL34Hp+3g90Zo1Kfuqn86Dqc3ZV/Wrx0+29D+dH9n23ofzp/WMJ/KPnpdjObULk9CB9BVZ5ZpjhmLe1bq2Vsv8ABn6mrCRonEagfQUf2hRh8EA9vBfCjCisZ5OWGwep/wAK2ILaO3GEGSepPWuS8Y/EbwH8PrVrzxrr1npCAZCzygSt/uxjLsfopr4H+LH7f9jDHNpPwe0xriY5X+0tQTbGv+1Fb5y3sZCB/smvoci4SznO5KODovk/m2ivWT0forvyPOxmaQgvfl8j7X+LXxk8D/Bnw82ueL7sCaQH7LZREG5unH8Ma9hnq5+Ve57V+Hnxf+L/AIx+OHjD+3/EBIUHybCxhy0dvGx+WONerOxxubGWP4AYLv8AEb40eNVU/bfFXiXVX2qoBllb2AHCIv4Ko9BX7Dfsr/sVaX8J5Lbx98SRDqvi9QHt7dcSW2nE91PSSYf3/ur/AA5PzV/XPhz4VYXIY+3qP2ldrWXReUf1e78lofGZhmkq/urSJJ+xT+yzJ8JdI/4WP48tgvi/V4dsEDjJ061cZKn0mk/j/uj5eu6vvyiiv1Q8sKKKKACiiigAooooAKKKKACiiigD/9X9xKKKKACiiigAooooAKKKKACiiigAooooAKKKKACvnL40fssfCP44LJe+I9OOna4y4XVLHEVzkdPM4KSgf7YJ9CK+jaKAPwv+Jv8AwT3+Mvg55rzwS8HjLTkyVFuRBehf9qCQ4Y/7jtn0r45v9L8e/DXVtmo2upeFtSjPV1ms5c+x+Un8DX9S1UdT0vS9atWsdasoNQtm4MVxEsyEf7rgiiSUk4yV0xp2P5zPD/7Vf7QHhxUSz8ZXV1EvRLxY7sfnKrN+terad+3x8crQBb2HSb8Du9q0bH8Y5FH6V+sniP8AZO/Z08UO8upeBNPhlfkvaB7Rs+v7hkH6V5Fqf/BPP9nS+YtZwarp2f8AnjfFgPoJVevlMbwHkmId62Dpt9+VJ/ekmdUMdWjtN/efEEP/AAUP+JiDE3hfR5D6g3C/+1KfL/wUQ+JLLiLwto6H1LXDf+1BX1fP/wAE1vgw7E2/iDXYh6NLbP8A+0RUcP8AwTU+DitmfxFrkg9A9uv6+Sa8n/iFHDl7/U4/fL/M1/tXEfznxVqf7fPxwvAVsINJ04Hulq0jD8ZJGH6V474m/ae+PPipHi1TxleQQv1jtClomD2/cqhx+NfrLpf/AATw/Z2sGDXseraljtPfbAfqIUjr2Xwz+yp+zx4SdJtJ8CadJMnIku0a8fPrm4aQfpXr4DgTJMM+ahg6afflTf3u7MZ46tL4pv7z+fPw34J+IfxN1Qx+F9G1HxJfTH5nhikuDk93lOQPqzV93fCr/gnH49154dS+K+qReGrE4ZrO1K3N6w9Cw/dR/XLn2r9l7Ozs9OtlstOt47S3ThYoUWNAPZVAA/KrNfVrRWRynlXwr+Cnw1+DGknSvh/o0di0gAnun/eXdxjvLM3zH/dGFHYCvVaKKQBRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH/1v3EooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/1/3EooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/0P3EooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/0f3EooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/0v3Eoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQBRoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQBRoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQBRoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQBRoq9/Z15/zz/UUf2def8APP8AUUAUaKvf2def88/1FH9nXn/PP9RQBRoq9/Z15/zz/UUf2def88/1FAFGir39nXn/ADz/AFFH9nXn/PP9RQB//9k= - - GitHub Commit @@ -72,7 +64,6 @@ 2021-01-01T00:00:00.000Z 2021-01-01T00:00:00.000Z 2021-01-01T00:00:00.000Z - 2022-01-01T00:00:00.000Z @@ -88,27 +79,14 @@ - - - Snyk - Snyk CLI (Linux) - 1.729.0 - - 2eaf8c62831a1658c95d41fdc683cd177c147733c64a93e59cb2362829e45b7d - - - - - - - Acme Inf - - Acme BOM Analyzer - - https://example.com/analyze - - - + + Snyk + Snyk CLI (Linux) + 1.729.0 + + 2eaf8c62831a1658c95d41fdc683cd177c147733c64a93e59cb2362829e45b7d + + not_affected @@ -118,8 +96,6 @@ update An optional explanation of why the application is not affected by the vulnerable component. - 2022-01-01T00:00:00.000Z - 2022-02-01T00:00:00.000Z From 581c92effa2260d8402ec0b43e92d91fb9f1af02 Mon Sep 17 00:00:00 2001 From: Alex Alzate Date: Thu, 29 Jun 2023 21:16:24 -0500 Subject: [PATCH 28/40] Add additional External References --- .../cyclonedx/model/ExternalReference.java | 28 +++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/src/main/java/org/cyclonedx/model/ExternalReference.java b/src/main/java/org/cyclonedx/model/ExternalReference.java index ef112158a..b5a846d8b 100644 --- a/src/main/java/org/cyclonedx/model/ExternalReference.java +++ b/src/main/java/org/cyclonedx/model/ExternalReference.java @@ -60,6 +60,8 @@ public enum Type { SUPPORT("support"), @JsonProperty("distribution") DISTRIBUTION("distribution"), + @JsonProperty("distribution-intake") + DISTRIBUTION_INTAKE("distribution-intake"), @JsonProperty("license") LICENSE("license"), @JsonProperty("build-meta") @@ -70,6 +72,32 @@ public enum Type { RELEASE_NOTES("release-notes"), @JsonProperty("security-contact") SECURITY_CONTACT("security-contact"), + @JsonProperty("attestation") + ATTESTATION("attestation"), + @JsonProperty("threat-model") + THREAT_MODEL("threat-model"), + @JsonProperty("vulnerability-assertion") + VULNERABILITY_ASSERTION("vulnerability-assertion"), + @JsonProperty("exploitability-statement") + EXPLOITABILITY_STATEMENT("exploitability-statement"), + @JsonProperty("pentest-report") + PENTEST_REPORT("pentest-report"), + @JsonProperty("static-analysis-report") + STATIC_ANALYSIS_REPORT("static-analysis-report"), + @JsonProperty("dynamic-analysis-report") + DYNAMIC_ANALYSIS_REPORT("dynamic-analysis-report"), + @JsonProperty("runtime-analysis-report") + RUNTIME_ANALYSIS_REPORT("runtime-analysis-report"), + @JsonProperty("component-analysis-report") + COMPONENT_ANALYSIS_REPORT("component-analysis-report"), + @JsonProperty("maturity-report") + MATURITY_REPORT("maturity-report"), + @JsonProperty("certification-report") + CERTIFICATION_REPORT("certification-report"), + @JsonProperty("codified-infrastructure") + CODIFIED_INFRASTRUCTURE("codified-infrastructure"), + @JsonProperty("quality-metrics") + QUALITY_METRICS("quality-metrics"), @JsonProperty("other") OTHER("other"); From 3a3389cbec1c01c746fb7ea5e405eaa4d344861b Mon Sep 17 00:00:00 2001 From: Alex Alzate Date: Thu, 29 Jun 2023 22:18:40 -0500 Subject: [PATCH 29/40] Adding External Reference Support for Adversary model and risk assessment --- src/main/java/org/cyclonedx/model/ExternalReference.java | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/main/java/org/cyclonedx/model/ExternalReference.java b/src/main/java/org/cyclonedx/model/ExternalReference.java index b5a846d8b..5c20e3fc0 100644 --- a/src/main/java/org/cyclonedx/model/ExternalReference.java +++ b/src/main/java/org/cyclonedx/model/ExternalReference.java @@ -76,6 +76,10 @@ public enum Type { ATTESTATION("attestation"), @JsonProperty("threat-model") THREAT_MODEL("threat-model"), + @JsonProperty("adversary-model") + ADVERSARY_MODEL("adversary-model"), + @JsonProperty("risk-assessment") + RISK_ASSESSMENT("risk-assessment"), @JsonProperty("vulnerability-assertion") VULNERABILITY_ASSERTION("vulnerability-assertion"), @JsonProperty("exploitability-statement") From 81496643d66bdada7feabcb01878e1cb21d3a9b6 Mon Sep 17 00:00:00 2001 From: Alexander Alzate Date: Thu, 6 Jul 2023 12:15:10 -0500 Subject: [PATCH 30/40] Add support for ML (#315) --- .../java/org/cyclonedx/model/Component.java | 34 ++++- .../cyclonedx/model/ExternalReference.java | 2 + .../cyclonedx/model/component/ModelCard.java | 73 ++++++++++ .../component/modelCard/ComponentData.java | 132 ++++++++++++++++++ .../component/modelCard/Considerations.java | 89 ++++++++++++ .../component/modelCard/DatasetChoice.java | 33 +++++ .../modelCard/InputOutputParameter.java | 20 +++ .../component/modelCard/ModelParameters.java | 128 +++++++++++++++++ .../modelCard/PerformanceMetric.java | 77 ++++++++++ .../modelCard/QuantitativeAnalysis.java | 38 +++++ .../consideration/FairnessAssessment.java | 50 +++++++ .../modelCard/consideration/Risk.java | 33 +++++ .../component/modelCard/data/Content.java | 47 +++++++ .../component/modelCard/data/Governance.java | 66 +++++++++ .../component/modelCard/data/Graphics.java | 58 ++++++++ .../DatasetsChoiceDeserializer.java | 34 +++++ .../util/deserializer/RiskDeserializer.java | 24 ++++ src/test/resources/1.5/valid-bom-1.5.json | 2 +- src/test/resources/bom-1.5.json | 76 ++++++++++ src/test/resources/bom-1.5.xml | 80 +++++++++++ 20 files changed, 1094 insertions(+), 2 deletions(-) create mode 100644 src/main/java/org/cyclonedx/model/component/ModelCard.java create mode 100644 src/main/java/org/cyclonedx/model/component/modelCard/ComponentData.java create mode 100644 src/main/java/org/cyclonedx/model/component/modelCard/Considerations.java create mode 100644 src/main/java/org/cyclonedx/model/component/modelCard/DatasetChoice.java create mode 100644 src/main/java/org/cyclonedx/model/component/modelCard/InputOutputParameter.java create mode 100644 src/main/java/org/cyclonedx/model/component/modelCard/ModelParameters.java create mode 100644 src/main/java/org/cyclonedx/model/component/modelCard/PerformanceMetric.java create mode 100644 src/main/java/org/cyclonedx/model/component/modelCard/QuantitativeAnalysis.java create mode 100644 src/main/java/org/cyclonedx/model/component/modelCard/consideration/FairnessAssessment.java create mode 100644 src/main/java/org/cyclonedx/model/component/modelCard/consideration/Risk.java create mode 100644 src/main/java/org/cyclonedx/model/component/modelCard/data/Content.java create mode 100644 src/main/java/org/cyclonedx/model/component/modelCard/data/Governance.java create mode 100644 src/main/java/org/cyclonedx/model/component/modelCard/data/Graphics.java create mode 100644 src/main/java/org/cyclonedx/util/deserializer/DatasetsChoiceDeserializer.java create mode 100644 src/main/java/org/cyclonedx/util/deserializer/RiskDeserializer.java diff --git a/src/main/java/org/cyclonedx/model/Component.java b/src/main/java/org/cyclonedx/model/Component.java index 18adf3ebc..e00563d6a 100644 --- a/src/main/java/org/cyclonedx/model/Component.java +++ b/src/main/java/org/cyclonedx/model/Component.java @@ -22,6 +22,8 @@ import java.util.List; import java.util.Objects; +import org.cyclonedx.model.component.ModelCard; +import org.cyclonedx.model.component.modelCard.ComponentData; import org.cyclonedx.util.deserializer.LicenseDeserializer; import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonInclude; @@ -59,6 +61,8 @@ "components", "evidence", "releaseNotes", + "modelCard", + "data", "signature" }) public class Component extends ExtensibleElement { @@ -157,6 +161,15 @@ public String getScopeName() { private Type type; @VersionFilter(versions = {"1.0", "1.1", "1.2", "1.3"}) private ReleaseNotes releaseNotes; + + @VersionFilter(versions = {"1.0", "1.1", "1.2", "1.3", "1.4"}) + @JsonProperty("modelCard") + private ModelCard modelCard; + + @VersionFilter(versions = {"1.0", "1.1", "1.2", "1.3", "1.4"}) + @JsonProperty("data") + private ComponentData data; + @JsonOnly @VersionFilter(versions = {"1.0", "1.1", "1.2", "1.3"}) private Signature signature; @@ -405,9 +418,26 @@ public void setType(Type type) { public void setSignature(Signature signature) { this.signature = signature; } + public ModelCard getModelCard() { + return modelCard; + } + + public void setModelCard(final ModelCard modelCard) { + this.modelCard = modelCard; + } + + public ComponentData getData() { + return data; + } + + public void setData(final ComponentData data) { + this.data = data; + } + @Override public int hashCode() { - return Objects.hash(author, publisher, group, name, version, description, scope, hashes, license, copyright, cpe, purl, swid, modified, components, evidence, releaseNotes, type); + return Objects.hash(author, publisher, group, name, version, description, scope, hashes, license, copyright, + cpe, purl, swid, modified, components, evidence, releaseNotes, type, modelCard, data); } @Override @@ -434,6 +464,8 @@ public boolean equals(Object o) { Objects.equals(evidence, component.evidence) && Objects.equals(mimeType, component.mimeType) && Objects.equals(releaseNotes, component.releaseNotes) && + Objects.equals(data, component.data) && + Objects.equals(modelCard, component.modelCard) && Objects.equals(type, component.type); } } diff --git a/src/main/java/org/cyclonedx/model/ExternalReference.java b/src/main/java/org/cyclonedx/model/ExternalReference.java index 5c20e3fc0..073bd2a43 100644 --- a/src/main/java/org/cyclonedx/model/ExternalReference.java +++ b/src/main/java/org/cyclonedx/model/ExternalReference.java @@ -72,6 +72,8 @@ public enum Type { RELEASE_NOTES("release-notes"), @JsonProperty("security-contact") SECURITY_CONTACT("security-contact"), + @JsonProperty("model_card") + MODEL_CARD("model_card"), @JsonProperty("attestation") ATTESTATION("attestation"), @JsonProperty("threat-model") diff --git a/src/main/java/org/cyclonedx/model/component/ModelCard.java b/src/main/java/org/cyclonedx/model/component/ModelCard.java new file mode 100644 index 000000000..64ac3bd8d --- /dev/null +++ b/src/main/java/org/cyclonedx/model/component/ModelCard.java @@ -0,0 +1,73 @@ +package org.cyclonedx.model.component; + +import java.util.List; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; +import org.cyclonedx.model.ExtensibleElement; +import org.cyclonedx.model.Property; +import org.cyclonedx.model.component.modelCard.Considerations; +import org.cyclonedx.model.component.modelCard.ModelParameters; +import org.cyclonedx.model.component.modelCard.QuantitativeAnalysis; + +@JsonIgnoreProperties(ignoreUnknown = true) +@JsonInclude(JsonInclude.Include.NON_EMPTY) +public class ModelCard extends ExtensibleElement +{ + @JacksonXmlProperty(isAttribute = true, localName = "bom-ref") + @JsonProperty("bom-ref") + private String bomRef; + + private ModelParameters modelParameters; + + private QuantitativeAnalysis quantitativeAnalysis; + + private Considerations considerations; + + private List properties; + + public String getBomRef() { + return bomRef; + } + + public void setBomRef(final String bomRef) { + this.bomRef = bomRef; + } + + public ModelParameters getModelParameters() { + return modelParameters; + } + + public void setModelParameters(final ModelParameters modelParameters) { + this.modelParameters = modelParameters; + } + + public QuantitativeAnalysis getQuantitativeAnalysis() { + return quantitativeAnalysis; + } + + public void setQuantitativeAnalysis(final QuantitativeAnalysis quantitativeAnalysis) { + this.quantitativeAnalysis = quantitativeAnalysis; + } + + public Considerations getConsiderations() { + return considerations; + } + + public void setConsiderations(final Considerations considerations) { + this.considerations = considerations; + } + + @JacksonXmlElementWrapper(localName = "properties") + @JacksonXmlProperty(localName = "property") + public List getProperties() { + return properties; + } + + public void setProperties(final List properties) { + this.properties = properties; + } +} diff --git a/src/main/java/org/cyclonedx/model/component/modelCard/ComponentData.java b/src/main/java/org/cyclonedx/model/component/modelCard/ComponentData.java new file mode 100644 index 000000000..1d3c845dc --- /dev/null +++ b/src/main/java/org/cyclonedx/model/component/modelCard/ComponentData.java @@ -0,0 +1,132 @@ +package org.cyclonedx.model.component.modelCard; + +import java.util.List; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; +import org.cyclonedx.model.ExtensibleElement; +import org.cyclonedx.model.component.modelCard.data.Content; +import org.cyclonedx.model.component.modelCard.data.Governance; +import org.cyclonedx.model.component.modelCard.data.Graphics; + +@JsonIgnoreProperties(ignoreUnknown = true) +@JsonInclude(JsonInclude.Include.NON_EMPTY) +public class ComponentData extends ExtensibleElement +{ + @JacksonXmlProperty(isAttribute = true, localName = "bom-ref") + @JsonProperty("bom-ref") + private String bomRef; + + private ComponentDataType type; + + private String name; + + private Content contents; + + private String classification; + + private List sensitiveData; + + private Graphics graphics; + + private String description; + + private Governance governance; + + + public enum ComponentDataType{ + @JsonProperty("source-code") + SOURCE_CODE("source-code"), + @JsonProperty("configuration") + CONFIGURATION("configuration"), + @JsonProperty("dataset") + DATASET("dataset"), + @JsonProperty("other") + OTHER("other"); + + private final String name; + + public String getTypeName() { + return this.name; + } + + ComponentDataType(String name) { + this.name = name; + } + } + + + public String getBomRef() { + return bomRef; + } + + public void setBomRef(final String bomRef) { + this.bomRef = bomRef; + } + + public ComponentDataType getType() { + return type; + } + + public void setType(final ComponentDataType type) { + this.type = type; + } + + public Content getContents() { + return contents; + } + + public void setContents(final Content contents) { + this.contents = contents; + } + + public List getSensitiveData() { + return sensitiveData; + } + + public void setSensitiveData(final List sensitiveData) { + this.sensitiveData = sensitiveData; + } + + public Graphics getGraphics() { + return graphics; + } + + public void setGraphics(final Graphics graphics) { + this.graphics = graphics; + } + + public String getDescription() { + return description; + } + + public void setDescription(final String description) { + this.description = description; + } + + public void setClassification(final String classification) { + this.classification = classification; + } + + public Governance getGovernance() { + return governance; + } + + public void setGovernance(final Governance governance) { + this.governance = governance; + } + + public String getClassification() { + return classification; + } + + public String getName() { + return name; + } + + public void setName(final String name) { + this.name = name; + } +} diff --git a/src/main/java/org/cyclonedx/model/component/modelCard/Considerations.java b/src/main/java/org/cyclonedx/model/component/modelCard/Considerations.java new file mode 100644 index 000000000..e8f02bc7f --- /dev/null +++ b/src/main/java/org/cyclonedx/model/component/modelCard/Considerations.java @@ -0,0 +1,89 @@ +package org.cyclonedx.model.component.modelCard; + +import java.util.List; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; +import org.cyclonedx.model.ExtensibleElement; +import org.cyclonedx.model.component.modelCard.consideration.FairnessAssessment; +import org.cyclonedx.model.component.modelCard.consideration.Risk; + +@JsonIgnoreProperties(ignoreUnknown = true) +@JsonInclude(JsonInclude.Include.NON_EMPTY) +public class Considerations extends ExtensibleElement +{ + private List users; + + private List useCases; + + private List technicalLimitations; + + private List performanceTradeoffs; + + private List ethicalConsiderations; + + + private List fairnessAssessments; + + @JacksonXmlElementWrapper(localName = "users") + @JacksonXmlProperty(localName = "user") + public List getUsers() { + return users; + } + + public void setUsers(final List users) { + this.users = users; + } + + @JacksonXmlElementWrapper(localName = "useCases") + @JacksonXmlProperty(localName = "useCase") + public List getUseCases() { + return useCases; + } + + public void setUseCases(final List useCases) { + this.useCases = useCases; + } + + @JacksonXmlElementWrapper(localName = "technicalLimitations") + @JacksonXmlProperty(localName = "technicalLimitation") + public List getTechnicalLimitations() { + return technicalLimitations; + } + + public void setTechnicalLimitations(final List technicalLimitations) { + this.technicalLimitations = technicalLimitations; + } + + @JacksonXmlElementWrapper(localName = "performanceTradeoffs") + @JacksonXmlProperty(localName = "performanceTradeoff") + public List getPerformanceTradeoffs() { + return performanceTradeoffs; + } + + public void setPerformanceTradeoffs(final List performanceTradeoffs) { + this.performanceTradeoffs = performanceTradeoffs; + } + + @JacksonXmlElementWrapper(localName = "ethicalConsiderations") + @JacksonXmlProperty(localName = "ethicalConsideration") + public List getEthicalConsiderations() { + return ethicalConsiderations; + } + + public void setEthicalConsiderations(final List ethicalConsiderations) { + this.ethicalConsiderations = ethicalConsiderations; + } + + @JacksonXmlElementWrapper(localName = "fairnessAssessments") + @JacksonXmlProperty(localName = "fairnessAssessment") + public List getFairnessAssessments() { + return fairnessAssessments; + } + + public void setFairnessAssessments(final List fairnessAssessments) { + this.fairnessAssessments = fairnessAssessments; + } +} diff --git a/src/main/java/org/cyclonedx/model/component/modelCard/DatasetChoice.java b/src/main/java/org/cyclonedx/model/component/modelCard/DatasetChoice.java new file mode 100644 index 000000000..cd6e255dc --- /dev/null +++ b/src/main/java/org/cyclonedx/model/component/modelCard/DatasetChoice.java @@ -0,0 +1,33 @@ +package org.cyclonedx.model.component.modelCard; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonUnwrapped; +import com.fasterxml.jackson.databind.annotation.JsonDeserialize; +import org.cyclonedx.util.deserializer.DatasetsChoiceDeserializer; + +@JsonIgnoreProperties(ignoreUnknown = true) +@JsonInclude(JsonInclude.Include.NON_EMPTY) +@JsonDeserialize(using = DatasetsChoiceDeserializer.class) +public class DatasetChoice +{ + private String ref; + @JsonUnwrapped + private ComponentData componentData; + + public String getRef() { + return ref; + } + + public void setRef(final String ref) { + this.ref = ref; + } + + public ComponentData getComponentData() { + return componentData; + } + + public void setComponentData(final ComponentData componentData) { + this.componentData = componentData; + } +} diff --git a/src/main/java/org/cyclonedx/model/component/modelCard/InputOutputParameter.java b/src/main/java/org/cyclonedx/model/component/modelCard/InputOutputParameter.java new file mode 100644 index 000000000..effba19e9 --- /dev/null +++ b/src/main/java/org/cyclonedx/model/component/modelCard/InputOutputParameter.java @@ -0,0 +1,20 @@ +package org.cyclonedx.model.component.modelCard; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; +import org.cyclonedx.model.ExtensibleElement; + +@JsonIgnoreProperties(ignoreUnknown = true) +@JsonInclude(JsonInclude.Include.NON_EMPTY) +public class InputOutputParameter extends ExtensibleElement +{ + private String format; + + public String getFormat() { + return format; + } + + public void setFormat(final String format) { + this.format = format; + } +} diff --git a/src/main/java/org/cyclonedx/model/component/modelCard/ModelParameters.java b/src/main/java/org/cyclonedx/model/component/modelCard/ModelParameters.java new file mode 100644 index 000000000..6e4667080 --- /dev/null +++ b/src/main/java/org/cyclonedx/model/component/modelCard/ModelParameters.java @@ -0,0 +1,128 @@ +package org.cyclonedx.model.component.modelCard; + +import java.util.List; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; +import org.cyclonedx.model.ExtensibleElement; + +@JsonIgnoreProperties(ignoreUnknown = true) +@JsonInclude(JsonInclude.Include.NON_EMPTY) +public class ModelParameters extends ExtensibleElement +{ + private Approach approach; + + private String task; + + private String architectureFamily; + + private String modelArchitecture; + + private List datasets; + + private List inputs; + + private List outputs; + + public static class Approach + { + private ApproachType type; + + public enum ApproachType + { + @JsonProperty("supervised") + SUPERVISED("supervised"), + @JsonProperty("unsupervised") + UNSUPERVISED("unsupervised"), + @JsonProperty("reinforcement-learning") + REINFORCEMENT_LEARNING("reinforcement-learning"), + @JsonProperty("semi-supervised") + SEMI_SUPERVISED("semi-supervised"), + @JsonProperty("self-supervised") + SELF_SUPERVISED("self-supervised"); + + private final String typeName; + + public String getTypeName() { + return this.typeName; + } + + ApproachType(String name) { + this.typeName = name; + } + } + + public ApproachType getType() { + return type; + } + + public void setType(final ApproachType type) { + this.type = type; + } + } + + public Approach getApproach() { + return approach; + } + + public void setApproach(final Approach approach) { + this.approach = approach; + } + + public String getTask() { + return task; + } + + public void setTask(final String task) { + this.task = task; + } + + public String getArchitectureFamily() { + return architectureFamily; + } + + public void setArchitectureFamily(final String architectureFamily) { + this.architectureFamily = architectureFamily; + } + + public String getModelArchitecture() { + return modelArchitecture; + } + + public void setModelArchitecture(final String modelArchitecture) { + this.modelArchitecture = modelArchitecture; + } + + @JacksonXmlElementWrapper(localName = "datasets") + @JacksonXmlProperty(localName = "dataset") + public List getDatasets() { + return datasets; + } + + public void setDatasets(final List datasets) { + this.datasets = datasets; + } + + @JacksonXmlElementWrapper(localName = "inputs") + @JacksonXmlProperty(localName = "input") + public List getInputs() { + return inputs; + } + + public void setInputs(final List inputs) { + this.inputs = inputs; + } + + @JacksonXmlElementWrapper(localName = "outputs") + @JacksonXmlProperty(localName = "output") + public List getOutputs() { + return outputs; + } + + public void setOutputs(final List outputs) { + this.outputs = outputs; + } +} diff --git a/src/main/java/org/cyclonedx/model/component/modelCard/PerformanceMetric.java b/src/main/java/org/cyclonedx/model/component/modelCard/PerformanceMetric.java new file mode 100644 index 000000000..8efe3c060 --- /dev/null +++ b/src/main/java/org/cyclonedx/model/component/modelCard/PerformanceMetric.java @@ -0,0 +1,77 @@ +package org.cyclonedx.model.component.modelCard; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonProperty; +import org.cyclonedx.model.ExtensibleElement;; + +@JsonIgnoreProperties(ignoreUnknown = true) +@JsonInclude(JsonInclude.Include.NON_EMPTY) +public class PerformanceMetric extends ExtensibleElement +{ + private String type; + private String value; + + private String slice; + + private ConfidenceInterval confidenceInterval; + + @JsonIgnoreProperties(ignoreUnknown = true) + @JsonInclude(JsonInclude.Include.NON_EMPTY) + public static class ConfidenceInterval + { + @JsonProperty("lowerBound") + private String lowerBound; + + @JsonProperty("upperBound") + private String upperBound; + + public String getLowerBound() { + return lowerBound; + } + + public void setLowerBound(final String lowerBound) { + this.lowerBound = lowerBound; + } + + public String getUpperBound() { + return upperBound; + } + + public void setUpperBound(final String upperBound) { + this.upperBound = upperBound; + } + } + + public String getType() { + return type; + } + + public void setType(final String type) { + this.type = type; + } + + public String getValue() { + return value; + } + + public void setValue(final String value) { + this.value = value; + } + + public String getSlice() { + return slice; + } + + public void setSlice(final String slice) { + this.slice = slice; + } + + public ConfidenceInterval getConfidenceInterval() { + return confidenceInterval; + } + + public void setConfidenceInterval(final ConfidenceInterval confidenceInterval) { + this.confidenceInterval = confidenceInterval; + } +} diff --git a/src/main/java/org/cyclonedx/model/component/modelCard/QuantitativeAnalysis.java b/src/main/java/org/cyclonedx/model/component/modelCard/QuantitativeAnalysis.java new file mode 100644 index 000000000..23378c66d --- /dev/null +++ b/src/main/java/org/cyclonedx/model/component/modelCard/QuantitativeAnalysis.java @@ -0,0 +1,38 @@ +package org.cyclonedx.model.component.modelCard; + +import java.util.List; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonPropertyOrder; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; +import org.cyclonedx.model.ExtensibleElement; +import org.cyclonedx.model.component.modelCard.data.Graphics; +@JsonIgnoreProperties(ignoreUnknown = true) +@JsonInclude(JsonInclude.Include.NON_EMPTY) +@JsonPropertyOrder({"performanceMetrics", "graphics"}) +public class QuantitativeAnalysis + extends ExtensibleElement +{ + private List performanceMetrics; + private Graphics graphics; + + @JacksonXmlElementWrapper(localName = "performanceMetrics") + @JacksonXmlProperty(localName = "performanceMetric") + public List getPerformanceMetrics() { + return performanceMetrics; + } + + public void setPerformanceMetrics(final List performanceMetrics) { + this.performanceMetrics = performanceMetrics; + } + + public Graphics getGraphics() { + return graphics; + } + + public void setGraphics(final Graphics graphics) { + this.graphics = graphics; + } +} diff --git a/src/main/java/org/cyclonedx/model/component/modelCard/consideration/FairnessAssessment.java b/src/main/java/org/cyclonedx/model/component/modelCard/consideration/FairnessAssessment.java new file mode 100644 index 000000000..6bff1a767 --- /dev/null +++ b/src/main/java/org/cyclonedx/model/component/modelCard/consideration/FairnessAssessment.java @@ -0,0 +1,50 @@ +package org.cyclonedx.model.component.modelCard.consideration; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; +import org.cyclonedx.model.ExtensibleElement; + +@JsonIgnoreProperties(ignoreUnknown = true) +@JsonInclude(JsonInclude.Include.NON_EMPTY) +public class FairnessAssessment extends ExtensibleElement +{ + private String groupAtRisk; + + private String benefits; + + private String harms; + + private String mitigationStrategy; + + public String getGroupAtRisk() { + return groupAtRisk; + } + + public void setGroupAtRisk(final String groupAtRisk) { + this.groupAtRisk = groupAtRisk; + } + + public String getBenefits() { + return benefits; + } + + public void setBenefits(final String benefits) { + this.benefits = benefits; + } + + public String getHarms() { + return harms; + } + + public void setHarms(final String harms) { + this.harms = harms; + } + + public String getMitigationStrategy() { + return mitigationStrategy; + } + + public void setMitigationStrategy(final String mitigationStrategy) { + this.mitigationStrategy = mitigationStrategy; + } +} diff --git a/src/main/java/org/cyclonedx/model/component/modelCard/consideration/Risk.java b/src/main/java/org/cyclonedx/model/component/modelCard/consideration/Risk.java new file mode 100644 index 000000000..98ee68479 --- /dev/null +++ b/src/main/java/org/cyclonedx/model/component/modelCard/consideration/Risk.java @@ -0,0 +1,33 @@ +package org.cyclonedx.model.component.modelCard.consideration; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.databind.annotation.JsonDeserialize; +import org.cyclonedx.model.ExtensibleElement; +import org.cyclonedx.util.deserializer.RiskDeserializer; + +@JsonIgnoreProperties(ignoreUnknown = true) +@JsonInclude(JsonInclude.Include.NON_EMPTY) +@JsonDeserialize(using = RiskDeserializer.class) +public class Risk +{ + private String name; + + private String mitigationStrategy; + + public String getName() { + return name; + } + + public void setName(final String name) { + this.name = name; + } + + public String getMitigationStrategy() { + return mitigationStrategy; + } + + public void setMitigationStrategy(final String mitigationStrategy) { + this.mitigationStrategy = mitigationStrategy; + } +} diff --git a/src/main/java/org/cyclonedx/model/component/modelCard/data/Content.java b/src/main/java/org/cyclonedx/model/component/modelCard/data/Content.java new file mode 100644 index 000000000..63d38ed26 --- /dev/null +++ b/src/main/java/org/cyclonedx/model/component/modelCard/data/Content.java @@ -0,0 +1,47 @@ +package org.cyclonedx.model.component.modelCard.data; + +import java.util.List; +import java.util.Properties; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; +import org.cyclonedx.model.AttachmentText; + +@JsonIgnoreProperties(ignoreUnknown = true) +@JsonInclude(JsonInclude.Include.NON_EMPTY) +public class Content +{ + private AttachmentText attachment; + + private String url; + + private List properties; + + public AttachmentText getAttachment() { + return attachment; + } + + public void setAttachment(final AttachmentText attachment) { + this.attachment = attachment; + } + + public String getUrl() { + return url; + } + + public void setUrl(final String url) { + this.url = url; + } + + @JacksonXmlElementWrapper(localName = "properties") + @JacksonXmlProperty(localName = "property") + public List getProperties() { + return properties; + } + + public void setProperties(final List properties) { + this.properties = properties; + } +} diff --git a/src/main/java/org/cyclonedx/model/component/modelCard/data/Governance.java b/src/main/java/org/cyclonedx/model/component/modelCard/data/Governance.java new file mode 100644 index 000000000..87738880f --- /dev/null +++ b/src/main/java/org/cyclonedx/model/component/modelCard/data/Governance.java @@ -0,0 +1,66 @@ +package org.cyclonedx.model.component.modelCard.data; + +import java.util.List; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; +import org.cyclonedx.model.OrganizationalContact; +import org.cyclonedx.model.OrganizationalEntity; + +@JsonIgnoreProperties(ignoreUnknown = true) +@JsonInclude(JsonInclude.Include.NON_EMPTY) +public class Governance +{ + private List custodians; + + private List stewards; + + private List owners; + + + public static class DataGovernanceResponsibleParty { + private OrganizationalEntity organization; + + private OrganizationalContact contact; + + public OrganizationalEntity getOrganization() { + return organization; + } + + public void setOrganization(final OrganizationalEntity organization) { + this.organization = organization; + } + + public OrganizationalContact getContact() { + return contact; + } + + public void setContact(final OrganizationalContact contact) { + this.contact = contact; + } + } + + public List getCustodians() { + return custodians; + } + + public void setCustodians(final List custodians) { + this.custodians = custodians; + } + + public List getStewards() { + return stewards; + } + + public void setStewards(final List stewards) { + this.stewards = stewards; + } + + public List getOwners() { + return owners; + } + + public void setOwners(final List owners) { + this.owners = owners; + } +} diff --git a/src/main/java/org/cyclonedx/model/component/modelCard/data/Graphics.java b/src/main/java/org/cyclonedx/model/component/modelCard/data/Graphics.java new file mode 100644 index 000000000..41254da11 --- /dev/null +++ b/src/main/java/org/cyclonedx/model/component/modelCard/data/Graphics.java @@ -0,0 +1,58 @@ +package org.cyclonedx.model.component.modelCard.data; + +import java.util.List; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; +import org.cyclonedx.model.AttachmentText; + +@JsonIgnoreProperties(ignoreUnknown = true) +@JsonInclude(JsonInclude.Include.NON_EMPTY) +public class Graphics +{ + private String description; + + private List collection; + + public static class Graphic { + private String name; + + private AttachmentText image; + + public String getName() { + return name; + } + + public void setName(final String name) { + this.name = name; + } + + public AttachmentText getImage() { + return image; + } + + public void setImage(final AttachmentText image) { + this.image = image; + } + } + + public String getDescription() { + return description; + } + + public void setDescription(final String description) { + this.description = description; + } + + @JacksonXmlElementWrapper(localName = "collection") + @JacksonXmlProperty(localName = "graphic") + public List getCollection() { + return collection; + } + + public void setCollection(final List collection) { + this.collection = collection; + } +} diff --git a/src/main/java/org/cyclonedx/util/deserializer/DatasetsChoiceDeserializer.java b/src/main/java/org/cyclonedx/util/deserializer/DatasetsChoiceDeserializer.java new file mode 100644 index 000000000..a23166701 --- /dev/null +++ b/src/main/java/org/cyclonedx/util/deserializer/DatasetsChoiceDeserializer.java @@ -0,0 +1,34 @@ +package org.cyclonedx.util.deserializer; + + +import com.fasterxml.jackson.core.JsonParser; +import com.fasterxml.jackson.databind.DeserializationContext; +import com.fasterxml.jackson.databind.JsonDeserializer; +import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.ObjectMapper; +import org.cyclonedx.model.component.modelCard.ComponentData; +import org.cyclonedx.model.component.modelCard.DatasetChoice; + +import java.io.IOException; + +public class DatasetsChoiceDeserializer + extends JsonDeserializer +{ + private final ObjectMapper objectMapper = new ObjectMapper(); + + @Override + public DatasetChoice deserialize(JsonParser jsonParser, DeserializationContext deserializationContext) throws IOException { + JsonNode node = jsonParser.getCodec().readTree(jsonParser); + DatasetChoice datasetChoice = new DatasetChoice(); + + if (node.has("ref")) { + String ref = node.get("ref").asText(); + datasetChoice.setRef(ref); + } else { + ComponentData componentData = objectMapper.treeToValue(node, ComponentData.class); + datasetChoice.setComponentData(componentData); + } + + return datasetChoice; + } +} diff --git a/src/main/java/org/cyclonedx/util/deserializer/RiskDeserializer.java b/src/main/java/org/cyclonedx/util/deserializer/RiskDeserializer.java new file mode 100644 index 000000000..13483f3d2 --- /dev/null +++ b/src/main/java/org/cyclonedx/util/deserializer/RiskDeserializer.java @@ -0,0 +1,24 @@ +package org.cyclonedx.util.deserializer; + +import java.io.IOException; + +import com.fasterxml.jackson.core.JsonParser; +import com.fasterxml.jackson.databind.DeserializationContext; +import com.fasterxml.jackson.databind.JsonDeserializer; +import com.fasterxml.jackson.databind.JsonNode; +import org.cyclonedx.model.component.modelCard.consideration.Risk; + +public class RiskDeserializer extends JsonDeserializer { + @Override + public Risk deserialize(JsonParser p, DeserializationContext ctxt) throws IOException { + JsonNode node = p.getCodec().readTree(p); + String name = node.get("name").asText(); + String mitigationStrategy = node.get("mitigationStrategy").asText(); + + Risk risk = new Risk(); + risk.setName(name); + risk.setMitigationStrategy(mitigationStrategy); + + return risk; + } +} diff --git a/src/test/resources/1.5/valid-bom-1.5.json b/src/test/resources/1.5/valid-bom-1.5.json index c0f3b17ef..35ba6a8c8 100644 --- a/src/test/resources/1.5/valid-bom-1.5.json +++ b/src/test/resources/1.5/valid-bom-1.5.json @@ -134,7 +134,7 @@ "author": { "timestamp": "2018-11-13T20:20:39+00:00", "name": "", - "email": "" + "email": "mail@test.com" } } ] diff --git a/src/test/resources/bom-1.5.json b/src/test/resources/bom-1.5.json index eb78f9996..554961e26 100644 --- a/src/test/resources/bom-1.5.json +++ b/src/test/resources/bom-1.5.json @@ -256,6 +256,82 @@ "text": "Copyright 2012 Google Inc. All Rights Reserved." } ] + }, + "modelCard": { + "modelParameters": { + "approach": { + "type": "supervised" + }, + "task": "task goes here", + "architectureFamily": "the architecture family goes here", + "modelArchitecture": "The architecture of the model.", + "datasets": [ + { + "type": "dataset", + "name": "Training Data", + "contents": { + "url": "https://example.com/path/to/dataset" + }, + "classification": "public" + } + ], + "inputs": [ { "format": "string" } ], + "outputs": [ { "format": "byte[]" } ] + }, + "quantitativeAnalysis": { + "performanceMetrics": [ + { + "type": "The type of performance metric", + "value": "The value of the performance metric", + "slice": "The name of the slice this metric was computed on. By default, assume this metric is not sliced", + "confidenceInterval": { + "lowerBound": "The lower bound of the confidence interval", + "upperBound": "The upper bound of the confidence interval" + } + } + ], + "graphics": { + "description": "Performance images", + "collection": [ + { + "name": "FID vs CLIP Scores on 512x512 samples for different v1-versions", + "image": { + "contentType": "image/jpeg", + "encoding": "base64", + "content": "/9j/4AAQSkZJRgABAQEASABIAAD/2wBDAAIBAQEBAQIBAQECAgICAgQDAgICAgUEBAMEBgUGBgYFBgYGBwkIBgcJBwYGCAsICQoKCgoKBggLDAsKDAkKCgr/2wBDAQICAgICAgUDAwUKBwYHCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgr/wAARCAH4AxgDASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwD9/KKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAPDv2yv+CkH7G3/AAT/ALrwpYftYfFe68N3PjiW8i8K2tl4S1XV5dQe1WJrgKmnWs7LsWeI/OFyG4ztbGN+y9/wVb/YY/bK+Jp+D/7PHxO8Qav4gXTZb82mpfDPxDpMfkRlA7efqFhBDkF1+XfuOeAcHHyZ/wAFx/ird/BH/gpn+wN8U7D4UeLfHE2j+KfHUieFPAmnRXerahu0qyj2W8U0sSOw37yGkX5UY5JGD9i/smftw69+1R4r1Twvq37DPx4+FKaZp4uk1T4teE7HT7S9JkCeTA9tfXDNKM7iCqjaCc9qANj4f/t7fsnfFH4O/Ef4/eBPit9u8JfCTWNa0v4hat/YV/F/ZV3pMIm1CPypIFln8qMht0KSK/RC54rwnSf+DiL/AII+6xY22sJ+1feWenXao1vq+r/DHxLY2LK33W+03GnJCFOR8xcDnrXyt+wD/wAodv8Ago7/ANlg+NH/AKaEr7a/4IwWNlqf/BIL9njTdSs4ri2uPg3osdxbzxh0lRrNAysp4YEEgg8EGgD6G+F3xW+GPxu8B6d8Ufg58QtF8VeG9Xh83S9e8P6lFeWl0mSCUliZlbBBBweCCDgit+vzQ/4Je+GNH/ZN/wCC1X7Xn7C/wZtE0z4YXGjeHfH2h+FLQbLPQNSvLeNb1LeMfLCkzyBtigKqQxKoAQV9Zf8ABUXVP2qfDP7A/wATPHX7FPjt/D/xL8MeHX1zw5crpFrf/avsbLcT2fkXUUiOZ4I5oVwAweRSGBFAHvtFfB37Zv8AwVc1Sw/4I0eH/wBt39lSaMeP/jNpOiaJ8JdOjiiuHj8TauywJbqkqtHLLav9pYo6sjNaFWDAkHgv2/v2yv2sP2eP2i/gZ+w744/4KA+GvgRo+v8Awqk1Txd+0j4s8Eafdp4j8RWskVvLptulysenWLuC10xdAoWRFUL8quAfpdRXhH7BugftAaX4C1PWPjJ+3l4f/aD0nVLmKbwl4x0Pwhp+lGKEKwlikOnSvb3PzbSsiBMcgg9a8O/4ORPj78R/2dv+CPvxT8U/CjXZ9J1nWxpvh5dXtpSj2Vvf30NvcuGHKloHljDAgqZAQcgUAdj8TP8Aguz/AMEnfhN451P4d+KP2w9KvNT0SYxayfC/h/VNbtrBwSGWe6061ngiKkEMGcbSCDgg16F4w/4KZ/sI+CP2Qbn9vbVP2ktEvPhFZywRXXjTQIbjVIIpZbiO2SIxWUcswk86WNGTZuQt84UAkdh+yh+y58G/2Mv2fvDP7N/wI8IWWj+HfDOlxWsEdpbrG11IqASXUxUZkmlYF3kbLMzEkmvhf/g5o+Fvw2+FP/BC3426b8MvAek+H7bVfEug6nqNro1hHbRXF5Lr2nebcMkYCmR9oLNjLHJOSSSAfpbXnfgb9q74BfEn9ofx1+yn4K8e/bfH3w1s9NuvGug/2XdR/wBnQ38PnWjefJEsM3mR/NiJ3K9GCnivRK/PD9hr/lYa/bm/7E/4b/8ApnoA7zUf+Dhr/gkNpGo6pp2o/tS6jENF1SfTtWvT8LfE5s7S5hkMcqPdDTfJXawILb9vfOOa+svhR8Wvhj8dvh1pHxd+DXjzSvE/hjXrQXOj67ol6lxbXcRJG5HQkHDAqR1VlKkAgivx4/4Iz/8ABVf9ib9kL9lL4q/BL44ah4u1TxRJ8dfGV0nhDw18Lta1l9ShmugqQpLb2j2jPJtZdjzLjPzbQc19af8ABuV+zf8AG39mz/gnjcaX8b/hlf8AgWXxb8Sdd8UeGfAWqxmO58N6PdyR/ZrKSI8wsPLeTyyAyiYbgrblAB9c/tH/ALT37Pv7IXwtu/jV+0z8XNF8F+F7KVYpdX1u7EaPK2dsMajLzSsFYiOMM5CnAODXi3wH/wCC0/8AwTL/AGlfilo3wU+Ef7TsNz4q8RSFNA0bWfCmr6RLqTBSxFub+0hWY4BPyE5A4ry//gtj+yx+1P8AFXxd+z5+1l+y78F9M+K118BPiFc+INa+Eep6vFZf8JDBNBGizQSTgxC5tzGWj3AkNJuUOV2NF8Dv+C437PPxa/aC8Ifsr/tmfsffFL4CfEXxDqiJ4Hs/jB4NWPTtT1HIVI7C/BKvMWbYrlIwWdUVizhSAffNFfBPxj/aW/bl/bK/4KM+Pv8Agn3+wx8bdF+D/hv4J+HtHvvir8T7vwhBr2qXGparC1xZabY2t0fsyJ9nVneaQOQykADbhus+N3x4/ac/4JOf8E8/i9+1B+2D+0XY/HS88G2iXfhK+XwTb+HZ5ZJ3htLazu0tHaJgbuaPM0aoQjn5MqMgH2VRX5gfGnX/APgul+yR+xhP/wAFI/Hn7aXg7xrqPhnQIfFXjz9n5/hXY2OkQ6ZtWW8s7TVInN6JreEuRLIzhzEflPAboP8Agob/AMFC/wBsC68d/sQyf8E7/GOlaZaftJ3F7Nc2PirRYLq0msrjSbS6tbi5+UzKtqty9yY7eWJpTF5ZfDZAB+j9Ffmz+3B+19+2B/wS4+GXgv4M/Ev9vbwb43+JPx1+IZ0vwp8Sfin4S0zwx4f8BaVBbI+oXk6WsiJcLFuQxJNJuZ51VncKEfz3SP8AgqB8Sf2Rf2j/AIQaXr//AAWa+C/7XHgz4o/EKw8F+KPDnhqz8PWGu+F7i/LJbarapo9w5ls0mCpMJlYqrqAxZwVAP1oor8uvjt+3V+0d8Sv+ClvxW/ZD13/gqT4N/ZE0f4frpEfgLStf8D6TeXvjuK7tBNJqC3WtMIGjWUtEsVv8/wApDYZCW/Qb9mDw98Z/C3wQ0XRPj/8AHPS/iV4njE73PjjRvDselQatA8zvbSi1ikkjjbyGiVtjFWZSwwGwADv6K+P/APgrB+2p8f8A9n2/+Dv7LH7H9tokXxZ+P/jl/D/hrXvEtqbix8PWNvEJtQ1N4Aw+0PDEyFIidpLEndt2N5R46+Of/BRr/gl7+058ENI/az/a4034+fCf43fEG18AX2qXnw5sPDuq+FtfvEY2EkP2AiO4tpXSQOsilkVCdxOMgH6L0V+b/jP49/8ABTb49/8ABZH4y/sE/s7ftMaN4B+H/hf4deHdc/4SPUPA9lq11oEk8f7yOyidU8+e5kbJe6klihjgk2xFnXHoH/BN/wDaX/bB0r9tn42/8E2/21fi3pfxK1r4b6RoviTwf8SrDwxBo1xq+lagjh4ru0tv3EcsMqqoaMAMCxPYUAfbGrarYaHpVzreqz+Va2du89zLtLbI0UsxwAScAHgDNfFuif8ABxP/AMEifE2lw654c/aO8S6hZXAJt7yx+Cvi+WKUAkEq66SQ3II4PUV9h/EDSb7X/Aet6FpkQe5vdIuYLdCwUM7xMqjJ4HJHNflZ+zFr/wDwWR/4Inf8E4vCmifF39jb4U/ED4ZfCbQLm48XW/gf4jXf/CUWenG4mu7q88ue0W0l8hJXYxxyMSsR+YDLAA/TL43ftJ/Ar9m34OXn7QXx5+Jum+FPBthFBJea/rLtFDEJnVIgQRu3O7ooXG4lgMZrhf2KP+Ckv7FP/BRSx8S6p+xp8bY/Glt4QvILXxDPDoOoWSW0syyNEAby3i80MI3O6PcvHJGRntvh34x+CP7Y/wAAPC/xX0bSNO8UeCvGuiafr+ixa1psc0csEqJcW7vDKGCyLlTgjKOvYivi7/gkVaWtj/wU4/4KA2VjbRwwxfFPwykUMSBVRRpEgAAHAA9KAPpf9rP/AIKZ/sLfsN+JdM8EftQftC6b4b1/WbL7ZpXhyDT7vUdSurfe6CZLSyhmnMZaORQ+zBMbAHINbX7JH7eP7In7dvhnUfFn7J/xz0nxhb6NdLb61a2yTW17psrZ2rc2lykdxb7trbfMjXdsbGdpx6Nc+FfAmneJrj4oXfhzSYNZGlLZ3XiKSziW5FjG7yrC9wRv8lXkkcIW2guzYBJNfnP/AME8b/Sf20v+C1/xq/4KWfs3aCLP4L6b8MIPhpF4rt4fKtviF4gg1CO4uNTgwMXEVtHF9lFxyGCx7GILAAH6XVy/xr+M3w1/Z1+EfiP47fGPxJ/Y/hXwlo8+qeIdV+xzXH2S0hQvJJ5UCPJJhQTtRWY9ga/P79pz/gqN+0d/wSK/aK8eeB/217bXvix4E+IdrNq/7M2uaF4bt4r2XV8pGfBl0tjAil/MkjaC5dGdoixZpX+SP0jX/wBmb/gor+0B/wAEa/ij8GP2qPiHp/in44fFfwPrHk6FBZ2OnaZ4ZlvoSLbRYZII08yO3DKjTzPLIz7z5jrtoA6H4df8F4/+CXXxY8U6F4N8AfHXxNf33iXULWy0Qf8ACnPFkUNzNcOqQ/vpNLWJEZnX947KgByWAya9y/at/bO/Zc/Yd+HcHxX/AGsfjRpHgjQLq/FlaX+rM5+03JjeQQxJGrPI+yN22qpOFJr4XH7av/BSv/gkF+zv8Pb/APb6/ZL+Gur/AAQ8I6TofhbxL44+Efji9vNT8MQKkFjDf3lpeWkQuEaTywywHgyDBJwG/RzXvB3w7+JVppuoeJ/Cmja/BaTrfaRNqFhFdLBIUIWeEurbG2OQHXBwx5waAOD/AGOv23P2YP2/fhG/x2/ZI+Jw8W+FI9Xn0t9VGjXtji7hVGkj8u8hikOBIh3bdp3cE4OOE/aY/wCCvH/BOf8AZA+J1z8Ffj5+0zYab4vsreOfUPDGk6HqOsX9nE8ayI88GnW87who3RwXC5Vw3Qg14N/wbfgL+yx8Z1UYA/ap8c4A/wCvmGvuDxTd/Bj4GaP4q+Oni1fDvhazFp/afjTxVcww2okitoAgnu58AuI4Y1QM5O1EVRwAKAMj9mb9q39nP9sn4XwfGf8AZf8AjBovjTw1PO0H9p6NcFvJnUAtDNGwEkEoDKTHIquAykjBBPoNfnJ/wQp8Nav8Vfjx+1N/wUh8GfD+68H/AAm+P3jrSrj4V6Dd2RtW1G1022nt7jXvIIHlLfyy+cCQGYhycjYx+zf21PjF8Rf2ev2RPiX8dPhF8Pz4q8UeEfBGpatoHh4RO4vrqC3eSOMpH87ruUEonzMAQvJFAHp1FfmT/wAE6fjP+1h+2Na+AvjD4L/4L9/Dfx3qGof2fq/jX4M6Z8KtBj+y2zGOW80xRHMmpWrpGZIlnl3HcocpjIr1X/gq3+0ZrvwF8b6FJrH/AAWT8C/sweHbvQw0Oj3vw+0/Xdd1i7E0okuI1vHfZbKnlJ8lu3zh8uMgUAfcNFfnp/wRN/4KheKv2yvip8Yv2W/HH7R3hX40N8MG0q/8L/GLwl4cbR4/EumX0cm5bmy+5Bc280Rjby8I4cYHylm8p/4J3/ET/gtr/wAFK/2U/E3xi0L/AIKDeH/hxN4e8eeIdG8Jzn4T6Vqdx4ka1u3Ef21nRIbW1T5LZRBCZj5csryMSqUAfrDRX5YfsiftE/8ABYr/AIKufsEWf7a/wl/af8JfAm6stKu7XRvCumfDq11tPFep6fuiurm8nvmY2NvNdRSwpDApeJULmWQkIHftP/8ABXr9pnX/APg3P8K/8FQ/gTeW/hX4ja2+hx3iafptvcwm5/ttNOv4oYryOZFjlaOYJuVmRZBhiy7qAP1Nrz/x3+1J8Cfhn8fPAX7MHjfx19i8c/E631SfwPof9mXUn9pR6dAs94fOjiaGHy4mVsSuhbOE3Hivg39s34nf8Fkv+CdXwCH/AAUh+KH7WfhH4g6D4au7C9+KXwDsPhtZ2FhY6bc3EUNxHpeqLI15JLbGYBZJ3ZZApkKjHlN0n7YniXR/Gf8AwXJ/4J9eMPD1z51hq3hH4l3ljNtx5kMugWzo2O2VYGgD9DqK/LX48/8ABUjxv8ff25fip+zH4B/4KmfB79kvwR8GdRt9Fu/EPjQaJeeIPF+stHvuhbW+sTpDBZ25/dGQI7M4ODhsR7P7H3/BW347eJPhf+1V8JZfiL4A/aK+IX7Ovg//AISLwL4++GBhbTfiDZ3Gnz3FskkFjLLHHdRTwGGeKBsEuFQbhuYA/TGivy//AOCdPxy/a3/bV0fwJ8Y/Bv8AwX5+G3izW9USw1fxj8EtO+FOgoLGFtkt3pYVZk1OBo0MkQnkydyBymOK/UCgD59/au/4KnfsG/sSeP7D4UftIfHhdI8Ualpn9o2vhzSfDWp6zf8A2PeUFw8Gm21xJFGWVlDuFBKnBODXvtjeW+o2UOoWjlop4lkiZkKkqwyDggEcHoea/H/4C/sxftveIP8Agvj+0To2gf8ABTLXtI1jRvAvhS91TxAnws8P3Emq6XO8ksOlGKWAx28cKjYJogJZM7nJYZr3Hwt8dv8Agon/AMFNv2tfjh4I/ZI/ay034C/Cr4FeNpPAya1afDyw8Rat4o8Q26A35kF+TFbW0LsiqqLvcMDuBJ2gH6KUV+ef7N3/AAUO/ay139m79r/4G/tE6lokXx1/ZY0fUkm8ZeG9LSKy1qCbSLm+0fVhaS+YkUrrAXeAhowVHGGKCf8A4JK6l/wVU/bC/Z++DH7bX7Sn7b+maToes6Db3mo/DLQvhlprf8JFaeS8a3d7qDAPBPcPi52WkcMcSlI9rfMSAfoLWX448Z+Gvhx4L1j4h+M9S+xaPoOl3Go6teeS8nkW0EbSyybIwzttRWO1QWOMAE8VyP7Wn7Q/hv8AZJ/Zh+IH7Tvi3Tpb3T/AXhC/1y4sIHCvd/ZoHkWBWIIVpGVUBPALAmvzm8Rr/wAFqfij/wAEvPFP7ffj79rzwdfL4x+EWoeJrj9nmL4ZWsGmWug3enSTfZINWWT7aL1bOTzFeQyJ5wEbIy5egD7v1z/gop+xx4b/AGZPCP7Y+tfGHyfhv47vNNtfCniP/hH9Rb7dNfyeVaL9nW3M8XmOcZkjUL1YqOa1P2t/25P2U/2FPB+m+Ov2qvjBZ+FLHWtRFhosbWNze3Wo3O3cYre1tIpZ5iBydiNtyM4yM/nHpP7S3xp/ZV/4NyP2UfiL8CPF0Wi6xfan4E0a6u5tItL0PZXd4Ip4vLuopEBZCRvCh16qynmtD/grN8B/2p/G/wDwXM/Y2svh/wDtz6v4STxcfiA/gFYPAGj3y+BpLLw1atePCLmJhqBvOQftW/yN2YdpoA+1viD/AMFa/wDgn18KfgL4O/aV+I3x+Oj+FPiDc3EHgtr3wpqy6lq8kEjRzLDpn2X7cdjL8xMAADIejoT7L8FfjN8O/wBob4V6L8afhNq9zf8AhzxDafatJvLzSbqwlli3Fctb3ccc0Ryp+WRFPfGCK/J39s39lr9uiX/gtb+yh4Guf+CoOvy+I9Q8A+LX8M+MX+FHh7zPD0ltpNrHfyR2v2fyJzfMrO/mqfJ37YtqgCvV/wBsv/go18Xvh9+1n4W/4Jg6H/wUZ+GPwX1Hwp8LLDXviz+0R8VbPSIbrV759sMVrpunXUsNkLmfa11KMNHGkoCKNm1wD9NKK/OP/gnX/wAFJvHepf8ABQK+/wCCeXxK/bw+GP7Tek638P5fFfgb4t/DwaZDdW01vcLFdaRqdvpcslssgRhNHIgTKKcglgE47/gm/wDFD/gsD/wUh0D4l+Lb39vXTPht4X8BfHHxD4b0O/sfhVpOqapr0NrdAiCXzUSC3tYYmjhUrE1xI5mZ5RtQUAfqbRX5KTf8FU/H37afxz+KH/CJ/wDBZX4Jfsj+A/h746vvCfhTRfEUHh7UPEXimSyISfVbmPWblBb2bykiFYkDMqsGYFdzdR8Kv+CuXx5+LP8AwSn/AGsPHdl8XfBWrfFv9nK01rTrL4ofDhbW+0PxCIrM3Gna1bRv50H7xd2+E+ZGHibgBtigH6h1z/jv4s/Cv4Wz6Ha/E34l+H/DkvibXIdF8Nx69rMFm2ralMGMNlbCV1M9w4VtsSbnbacA4NfmP42+J/8AwW80D/gmLpv/AAVVb9uHwhY6honwtsfG+o/BU/Cmxl03VNNSzjuZlu9RyLpbuW33Tv8AZxDEkjGKNFUCSsP/AILTXvxi/ay8NfsB/tF/CT9ovUvAekfEX45eBZ9B0KHwxp9//YurajaT3dtrIluIy00tvG5jFs/+jvncyE4oA/XSivNP2VvhP8ffg58OLjwr+0b+1ZqPxh16XV5bmDxTqfhDTdFkhtWjiVLQQadHHEyqySP5hG8+aQThVx4F+3h+1V8fP2PP2/P2a/EF948x8Cfiprt38PvGuiTaXa7NP8R3UZl0a+W5MXnqZZFkgZDKIgqbthY5oA+yK+W/2kv+C1X/AAS9/ZH+Mb/s+fH79rbR9G8axXsFpc+G7TR9Q1G5tpplR4kmWyt5fJLLIjDeVGHB71znx0/aq+PfjP8A4LCfCP8AYK/Z28ef2R4c8O+BtT8ffHiSHS7W5N1pzMLTS9OEk8Tm3eS63SP5ZSUxEEMAMnyb/g5b8A+BNB/4Jwap4w0PwVpNlq+rfFjwe2q6paabFHc3rLqluoMsqqGkIVVUbicBQOwoA/SCiqHijxV4Y8EeH7rxZ408R2GkaVYxebfanql4lvb26dNzySEKg5HJIFfLn/BRP9pjx94p/YH+KfxH/wCCZX7Tvha9+JXgDQV8RWv/AAjl1pmuCW3tXE9xaSwMJgPPtoriNCAr79u1gQaAPrKivhH9u3/gqZrmmf8ABIrwr+1x+xzexr8QvjrD4f0H4M2jQw3Lx+INZZESIpKrRvLbL9pYo6Mpe22spBIrk/8Agob/AMFFfi7+zh8bfg7/AME1tC/bT+G3wv8AGfiH4eDxF8TP2hPizHp0FtZWUB+yCSzspnt7Sa+vLuKdhEdscaI5WMjlAD9GqK/Mn9j3/gpf4+8Cf8FFfAX7DXjn/gpb8Kv2sPC/xf0LV5vDXjbwNHo1tq/hfVtNt/tT2moQaPM9ubae3EhikKo7SRsvIQ5pfsv/ABa/4K3/ALfP7Tv7Unwf8Eftv6Z8L/A/wl+OGpaF4a8UQ/DHS9Y1V4gAIdMijnRIFggRfMeaZZp5WuUUOoQkgH6h15/+1H+1H8Cf2LvgTrv7S/7S/jn/AIRrwT4a+y/23rf9mXV59m+0XUVrD+5tYpZn3TTxJ8qHG7JwoJH54fFv9t/9qDx5/wAFFPiX+xt42/4KveDf2UrL4cWmiW/g2DxB4A0e4vviH9psVmn1RZ9YYW4j8/fGsFr8wwVJBQlvTP8Agqx8dP20P2Fv+CEvj744W/7UGjeLfiv4ZGkPY/E3TfA1hDa38F14ksoEl/s6YXNqGNlceW3DqWzIm07doB+gdFfFX/BSH9r39qWw/aw+Dn/BNf8AYd8SaJ4V8efFi01TWvEXxG1/RV1KPwnoNggLzwWbsqXNzLJujQSEoCmGHz74+R8E/tE/t5/sHf8ABRT4U/sZftpftF6Z8bPAfx80/V4fBHj5vBFnoGq6FrenW4uJLO5hscQTW8sTKEcIr73A4CMWAP0Dor8y/hL8ZP8Agqz+2n/wUC/ar/Zg+FX7Y2lfDPwB8J/Gul22ieKG+HOm6xqlqLiwEi6daxTIkJj3LJNLPc+fJzEkYQFmHXfsc/t8/tq6b8Fv2uPhD8erHTPin8Yv2WLi+XRtV0DQ/wCz18bwvpUl/pnmWcBIhuJTGUdIePnVVBYFmAP0Gor8tf8AgnT8fv2vf24vDfgf4yeEP+C+3w11zxNrENlq3i34Gaf8J9CA0xW2S3Wk7POTU4mjXzIhcOSSyb9pHB/UqgAooooAKKKKACiiigAooooAKKKKAPjP9v39lH4+/Gz/AIKU/sZfH/4Y+Av7T8I/CfxJ4uuvH+rf2paw/wBlQ3umW8Fs3lSyrLPvkRlxCjlcZYKCDX2ZRRQB+b/7IH7BP7WPwu/4JsftrfAHx38KfsPi34t/Ej4nap8PdJ/t2wl/tW01bTlh0+TzY52ig82QFdszxsnVwg5qp+xB8Vv+Cx/7LH7Fnw1/ZOsf+CMNxda14F8E2Gg/8JHr3x/8N2+nTSwQrH9oZLWS4nCZG7YqliOMjqP0rooA+Qf+CYf/AAT++Mv7N3jv4r/tiftj/EHQ/E/xz+OesWl54xm8LRSrpGh2FnEYbHSrEzASPHFGdpkcAvtjBBMe9/r10SRSjqGVhggjIIpaKAPyK/Y8/wCCSP7avw3/AOCiPhb4NfFbwFaQfsm/s/8AxM8WfEL4LamuvWco1G81QQNp2nNaJM1xF/Z8s97MkjxIpcS8kMm77W/bq8b/ALYWm+K4PAvw4/4JkeF/2iPhnqehRPqltqHj/S9Nu7XUhNOHje01WM29xAYvIKuJFYM0gIIxXb+P/j1+0X/w0XrPwF+BHwL8Fa+nh/wVouv6nq/i74k3ejEnUbvVbeOCKG30e+3hP7KdmdnTPnKAvykl3/Ccf8FC/wDo1/4M/wDh+NW/+ZegD5w/4I2/sH/HX9lz4w/Hv9oH4ifArwx8EvC3xc1rR7nwj8A/B/iCPUrPwybO2khuLt5LdEtUmumZXKW42KFAJIVAPpv9uv8AY9+HH7fX7JPjj9kT4rXM9to3jXSPsrX9qgaWxuY5EntrpFPDNFPFFKFPDbMHgmqf/Ccf8FC/+jX/AIM/+H41b/5l6P8AhOP+Chf/AEa/8Gf/AA/Grf8AzL0AfNPwb+NH/Bcb9ln4caZ+z/8AFH/gnT4f+PN/4ZsY9O034reDPjPpmiQa5bxKEhnvbPU0We3uCiqZWjEqs5YquMZwf+Co/wCzH/wU0/b2/wCCKfxH+B3jb4N+Dbj4y+LfEWmXeieA/A/iWP7JYadBq9jOtu99qDQRy3CQwyvJJlUZsiMY2ivrT/hOP+Chf/Rr/wAGf/D8at/8y9H/AAnH/BQv/o1/4M/+H41b/wCZegDwW1/b8/4LEy3McVz/AMECNbijaQCSU/tLeE22KTy2A+TjritT9lP9lH4+/Db/AILKftW/tWeNfAX2LwD8SvDfgm18Fa9/alrJ/aM1hpvk3a+RHK00PlyfLmVEDdVLDmvZv+E4/wCChf8A0a/8Gf8Aw/Grf/MvR/wnH/BQv/o1/wCDP/h+NW/+ZegDxn/gh3+yj8ff2Pv2W/Gvw5/aL8Bf8I7rOr/GzxPr+n2f9qWt35unXdwj282+1lkRd6gnYxDr/Eor7Mrxn/hOP+Chf/Rr/wAGf/D8at/8y9H/AAnH/BQv/o1/4M/+H41b/wCZegCt+2T8Sf27/ha3hjxL+xj+zR4S+KtiJbtPGnhnW/G39g6iVIh+zSWNzLG9ucHz/MSUDP7vaw+avj39pL4Cf8FLP+CtXxa+DHgz4/8A7EOjfs/fDT4V/FnTPHuu69rXxM0/xBrerzWAkEdjYxaaGS3WTzWDySOP4WAzHsk+y/8AhOP+Chf/AEa/8Gf/AA/Grf8AzL0f8Jx/wUL/AOjX/gz/AOH41b/5l6APm74x/s1/tzfsZ/8ABRrx9/wUD/YZ+B+jfGHw18bfD2j2PxU+GN14wt9B1S21PSoWtrLUrG6ux9meP7OzI8MjIxZiQTuyvW/HD4DftN/8FY/+Cefxd/Zf/bA/Z1sfgXeeMrRLTwlYr42t/EU8UkDw3dteXb2iLEoF3DHmKNnJRD8+WGPZP+E4/wCChf8A0a/8Gf8Aw/Grf/MvR/wnH/BQv/o1/wCDP/h+NW/+ZegD4n+NWg/8F0f2uP2MLj/gm747/Yq8H+CtR8TeH4fCvjz9oCT4q2N/o82m7VivL200uJBema4hDgRSKgQyn5hwV9V/aD/YA+KOk/tO/sFQ/ADwRLqnw+/Z1m1fTvE2rT6pawvpmnDQIdPsnaOWRJJy7RBSIUcg8kAc19B/8Jx/wUL/AOjX/gz/AOH41b/5l6P+E4/4KF/9Gv8AwZ/8Pxq3/wAy9AHkP/BXH/gn58Qf2wrH4WfHP4EaP4O1n4i/BHxfLrfh/wAK/EK283RPEtlcQiG+0u5Ox/KMsaRmOUqwR4xkDdvThfgjoX7UXiz4s+FtO1//AIN8/hF8LNPg1y1l1/xxqvj7w3fnTrdJVaSaxg060aeacAZiL+SAwBbGK+mP+E4/4KF/9Gv/AAZ/8Pxq3/zL0f8ACcf8FC/+jX/gz/4fjVv/AJl6APBP2zNa/bM+IXjPxF8KPHf/AAQ78BftB+Borp18Ia/qHxO0GGOa3dF/4+bTVoC9rIGyC8JkzgEAEV1//BFf9iz41/sFfsMad8B/jxrGmnWH8T6rrFr4c0PUZryw8L2d3cGWHSbaeYBpY4QSS2Mb5HwWADt6Z/wnH/BQv/o1/wCDP/h+NW/+Zej/AITj/goX/wBGv/Bn/wAPxq3/AMy9AHkv/BV/9iz4/ftBah8Hf2qP2QLjRJfix8APHL+IPDWg+JLs29j4hsbiIQ6hpjzhT9neaJUCSkFVKkHbu3r5R47+Bv8AwUZ/4Kh/tN/BDVv2sv2RtN+Afwn+CPxBtfH99pd58RrDxFqvinX7NWFhFD/Z4MdvbRO8hdpGDOrkBQcY+sf+E4/4KF/9Gv8AwZ/8Pxq3/wAy9H/Ccf8ABQv/AKNf+DP/AIfjVv8A5l6APJfgB+y38dvBP/BZn9oL9q/xP4F+y+APHHw38KaX4X1/+07V/tt3ZpILmPyElM8ewsPmkRVbPyk0fBn9lv47eFP+C1fxo/a31/wL9n+Hviz4P+HNE8P+IP7TtX+1X9rM7Tw+QspnTaCDueNVPYmvWv8AhOP+Chf/AEa/8Gf/AA/Grf8AzL0f8Jx/wUL/AOjX/gz/AOH41b/5l6APSfijqHxB0n4Z+ItV+Evh6w1fxXbaFdy+GdJ1S8Nva3uoLC5toJpQCYo3lCKzgHarE9q+Cf2mfin/AMFuP2w/gF4n/ZN8Kf8ABLbw78KLvx/oV14f1r4k+KvjnpWr6Zo9ldxNBczw21jH9qnk8p32ZjXaxUkNjbX1b/wnH/BQv/o1/wCDP/h+NW/+Zej/AITj/goX/wBGv/Bn/wAPxq3/AMy9AGT4J+F3xA/4J6f8E8vC/wAFv2YPg/efF/xB8MvBmlaLofhgeILTRZvEDw+TBNMbm7byLYlTLcEMcfKUXkrXw7+wcP8AgsH+zz+2x8dfjr44/wCCOOpJov7QHj/RNTuZF+PPhdj4Xtre3NrK7hJ2a7wrmXCKjELtAJINffH/AAnH/BQv/o1/4M/+H41b/wCZej/hOP8AgoX/ANGv/Bn/AMPxq3/zL0AfJX/BcXwD/wAFSP2kvF/hH9lf9mP9lnXvFfwB1SwjvvjNqvg34j6LoeseIB50ynw/HJqF1E9tbskcTzTIj+alx5YICSK/u/7AfxK/aZtG039njxj/AMEmb/8AZ8+HfhjwwYvDt+PiX4e1a0iaJ4kisUttNneVSyNI/msNuY23Hc4z33/Ccf8ABQv/AKNf+DP/AIfjVv8A5l6P+E4/4KF/9Gv/AAZ/8Pxq3/zL0AfHPxR/4JRfGP8A4K1fGz4mfGv/AIKU6NrHw/0PRbK58M/s0+CtK8SW8934WXdHKfFk0ljPJCb+aaOIpF5hEccZjcNhGr3b9nL4g/8ABVrwX+wXqOm/Gv8AZn0TxR8efAeox6RpwufG1laaX8RrKG6iT+1ormFpWsJJrQyuUuIkYTpkxqr7V9Q/4Tj/AIKF/wDRr/wZ/wDD8at/8y9H/Ccf8FC/+jX/AIM/+H41b/5l6APjP9tXwR/wV0/4K0/BWb9hXxl+wVo/7PPgLxfqNiPiN8QvEfxY0zxDdLptvdxXLwadaacCWmdoUAebYuMqQu7ev2p+0x4/+P37N/wS0ib9kT9kG7+Mmr2d7a6Yng+18c6foL21gsEgN0brUCI3CGOJPLHzt5u4cK1V/wDhOP8AgoX/ANGv/Bn/AMPxq3/zL0f8Jx/wUL/6Nf8Agz/4fjVv/mXoA+JP+CLHh7/gqj+yHNrXwA+P3/BLG/0Pwz4++Mmv+LtV+IA+M3h26j0C31FhKsTWVtPJNclGjVCUwTvztABqn/wVh+EX/BUH9rj9tbS/hXqf/BPzW/iV+yd4Kaz1I+GfC/xV8P6MfiJqwihnX+0/tt3HMljbTM8YtfLAleDzCzB49n3P/wAJx/wUL/6Nf+DP/h+NW/8AmXo/4Tj/AIKF/wDRr/wZ/wDD8at/8y9AFP8AYw+NX7UHxRtNW8P/ALQP/BPbUfgPp+g2lnD4ahu/HuiazFqKESK8USaXK4tlhWOIYcKCJQF+6cekfG/WPi94f+E2va38A/Bmk+IvGNrYNL4f0LXNUaytL+4BBEMk6qxhDDI37SAcEgiuD/4Tj/goX/0a/wDBn/w/Grf/ADL0f8Jx/wAFC/8Ao1/4M/8Ah+NW/wDmXoA/Pz9qn9i79tn/AIKL+P8AwHLF/wAEhvA37N/jLQfiJpXiHVf2hB8TNF1DVLCC1nEs0dp/ZUS3V3JKMhRceXHkDcFJDp6x8e/2av22v2dP+CtXij/gof8AAb9jPQv2g9B8ffDrS/D0OnzeN9P0TWPBVxZsd5t31EeU1tPkO4jYOXJJA2DzPqv/AITj/goX/wBGv/Bn/wAPxq3/AMy9H/Ccf8FC/wDo1/4M/wDh+NW/+ZegD5f/AOCbn7Ln/BQfwr/wVI/aC/bU/bV+GehaDYfFLwX4ch8PReG/EUF/aacbUOn9mBtyzyyQRCPzZ3hijkleQx5TBr0b/gh/+y38dv2QP2IpvhB+0V4F/wCEd8RN8SPE2qLp39p2t3m0u9Slmt5PMtZZI/njZW27ty5wwB4r1r/hOP8AgoX/ANGv/Bn/AMPxq3/zL0f8Jx/wUL/6Nf8Agz/4fjVv/mXoA8Z/4Iifso/H39kL/glV4V/Zt/aJ8Bf8I9410288SPe6L/alrd+Wt1q99cQHzraWSI7opo24c43YbBBA+DP2u/2VPjz+yl/waUeFf2Vv2gfDLeEfHeh+KNKttWsF1C2vTYSXHjJp4XEtrLJFJ+7mif5JDjOCQQQP1Z/4Tj/goX/0a/8ABn/w/Grf/MvXn/7TXwU/aV/bG+E1x8Df2jv2Jfgz4j8LXeoWd9caX/w0X4gs989rOlxA/mWvhuOQbZY0bAbBxgggkUAfOf7Z3wz/AOCyX/BRb4A/8O3vid+yV4S+HuheJruwsvij8fLH4lWd/YXum21xFNcS6XpaxreRy3JhBWOdFWMOYyxz5q+x/tE/sbfF/Wf+Cpv7G/xv+FHw88/4bfBvwx430zxVq39q2yf2St5o8Fpp6eTJKs0+94ymYkfbjL7RzXtP/Ccf8FC/+jX/AIM/+H41b/5l6P8AhOP+Chf/AEa/8Gf/AA/Grf8AzL0AfG3xN/YB/aB/ZI/bW+K/7RnwK/4J9fDf9pzwB8a9ag8Qan4X8Q6rpemeIPCmtCIR3T29xqkTW9zaTkCTZvR1c4AAXMnuv7MNn+1x4d+GHxK+Iejf8EtPhN8FfFi6Vbr8P/CGm+MbGefX7hBM0iald6daJDbR7vJEewzYLSM3QA+qf8Jx/wAFC/8Ao1/4M/8Ah+NW/wDmXo/4Tj/goX/0a/8ABn/w/Grf/MvQB+fH7YX7GP7cH/BSXX/CWmL/AMEgPAv7O3jnTPHel65fftFn4naLqGpaRHa3KzTfYzpcS3l1JIAQon8tM4LBTh0/W2vGf+E4/wCChf8A0a/8Gf8Aw/Grf/MvR/wnH/BQv/o1/wCDP/h+NW/+ZegDyX4Afst/HbwT/wAFmf2gv2r/ABP4F+y+APHHw38KaX4X1/8AtO1f7bd2aSC5j8hJTPHsLD5pEVWz8pNeV+FvgV/wUT/4Jk/tafHDxt+yT+yZpvx7+FXx18bSeOY9GtPiJYeHdW8L+IbhAL8SnUAIrm2mdUZWjbegUDaSDu+rv+E4/wCChf8A0a/8Gf8Aw/Grf/MvR/wnH/BQv/o1/wCDP/h+NW/+ZegD5Z/Zu/4J4/tY6F+zf+1/8c/2iNL0ST46ftT6PqTy+DfDeqJLZaLBDpFzY6PpIu5fLSWVFnKPOSsZLDnClz9Kf8Evfgz8Sv2df+CdfwV+BPxj8N/2P4q8JfDfStL8Q6V9shuPsl3DbokkfmwO8cmGBG5GZT2JrS/4Tj/goX/0a/8ABn/w/Grf/MvR/wAJx/wUL/6Nf+DP/h+NW/8AmXoA6P8Aa1/Z48Oftb/swfED9mHxZqUllp/j3whf6HcX8MYd7T7TA8azqpIDNGzK4BOCVANfn3pXhD/gubbf8E8NR/4Jg3n7Fvg9dW0z4bXHgey+PUPxTsX0zUdLjsmtI7iDTCq3YvZLYLEqzeVEJmEryIuVH3D/AMJx/wAFC/8Ao1/4M/8Ah+NW/wDmXo/4Tj/goX/0a/8ABn/w/Grf/MvQB8RfFT/gnX+2P4k/4IW/s6fscaL8HvO+JHgTxJ4KuvFfhz/hINOX7DDYXolu2+0NcCCXy0GcRyMW6KGPFfQn7Zf7Lnx2+K//AAVi/Yv/AGl/AHgb7f4J+E3/AAsX/hYGt/2naxf2V/amhQWtj+5klWafzZkZP3KSbMZfauDXrP8AwnH/AAUL/wCjX/gz/wCH41b/AOZej/hOP+Chf/Rr/wAGf/D8at/8y9AHkv7TP7Lfx2+IP/BYf9mP9qfwh4F+1+A/h54P8aWPjDXf7TtY/wCz57+zijtE8h5RNLvdWGY0cLjLFRzXnP7dH/BP742+G/2+h/wUg/Zs/ZX+Hnx4i8ReBYPC3xF+EXj27tLK4lNtN5lrqmmXl5FJBHOqHyZI5dqsijBJbKfUH/Ccf8FC/wDo1/4M/wDh+NW/+Zej/hOP+Chf/Rr/AMGf/D8at/8AMvQB5T+wtoHx11P403Pij4k/8Eg/hr+zvoNn4fnWz1yw8VaNqevXl88sIWFV0q3EcNv5Xnl2M7MWEYC4yaj/AOCLn7Lfx2/ZM/Z6+Ifgb9oHwL/YGqa78ePFniLSrX+07W78/Tb27WS2n3W0sirvUE7GIdf4lBr1r/hOP+Chf/Rr/wAGf/D8at/8y9H/AAnH/BQv/o1/4M/+H41b/wCZegD4b8N/sBftIf8ABPj4wfErRPhV/wAEvPhj+1F8MvH/AI+1Dxd4Y1C91zRdJ8ReFpb5lkn0y4OrRGO6tUkBMLxybwrNuBJ2r618R/2dv2nPjr/wSp/aF+Elv/wT7+H/AMHfHXj7wlqul+EPh34G8SadcPfh7ERwG9vI4bW1WdpnlUDcURNuZOTX0V/wnH/BQv8A6Nf+DP8A4fjVv/mXo/4Tj/goX/0a/wDBn/w/Grf/ADL0AeY/F79mX43+KP8Agh5rP7H2heCfP+It1+zGfCdv4d/tK2XdrH9gi0+zfaGkEA/f/J5hk8vvu28147+1P+wb+134o/4JvfsdaR8I/hlp2sfFD9mnxR8PfFmsfD7UfEdvZjVpNH0z7NeabHe5e3SXe5CyljHiNiC2Vz9Yf8Jx/wAFC/8Ao1/4M/8Ah+NW/wDmXo/4Tj/goX/0a/8ABn/w/Grf/MvQBufsr/Fj4+fGP4cXHir9o39lPUfg9r0WrS20PhbU/F2m61JNbLHGy3QuNOkeIKzPIgQkOPKJIAZc+df8Fav2NtU/bv8A2APiF+z94O/d+LptMXVvAF2s6wvba/YyLdWLJKxAh3TRLE0mRtSV+2a6n/hOP+Chf/Rr/wAGf/D8at/8y9H/AAnH/BQv/o1/4M/+H41b/wCZegD5+/4Ix/sr/tf+B9W+Mf7bP/BRfwBZ+HPjb8Z/FVmuo6LZ6raX0el6HplnHbWFuktrLLENxM8jBG5zGWAYEDzP/gvD4O/4KcfthfDvV/2N/wBmT/gmje+KvDFr4q8Pa3pvxPHxc8P2MV/9klgu5oRYXc0c8REgeDcxwSm8AqRX2b/wnH/BQv8A6Nf+DP8A4fjVv/mXo/4Tj/goX/0a/wDBn/w/Grf/ADL0AZv7PXir41ftjfB7xP4T/b//AOCd9n8NrK6uhYt4H8V+LtH8W2mvWRRXaSUWgeEJv+XypASSucYxXZfBT9jz9kj9muTVJv2c/wBlr4c+AH1yGOHWn8FeCLDSjqEabtiTm1hTzVXe+A2QN7Y6muf/AOE4/wCChf8A0a/8Gf8Aw/Grf/MvR/wnH/BQv/o1/wCDP/h+NW/+ZegD88v2GP8Agkr+2z8Lv+CgnhL4TfG3wLaw/ss/s3+NvGHi/wCA+pjX7Oc6pcatJCbCzltUmaeM2PnXkqyyRoPMDYyGXP0J/wAFK/8Agn58X/Gv7YfgH/go9+zb8DPAPxa8ReFfBl14O8Z/CX4jSwQW/iHRJLk3UL2V1cRSw2t7BcPIwaVdrJIRuXBD/RP/AAnH/BQv/o1/4M/+H41b/wCZej/hOP8AgoX/ANGv/Bn/AMPxq3/zL0AeJfsd6F+0Hr3x80jW/G3/AARP+GHwC0HTba5lu/GB8YaDqWsiZoWSOOzi0m2IQMzEPI8y/u2YBcnFaf8AwSy/Zb+O37OPxY/ar8TfGfwL/Y1j8Sf2kNX8U+Cp/wC07W4/tHSZoLdIrnEErmHcyMPLlCSDHKjIr1r/AITj/goX/wBGv/Bn/wAPxq3/AMy9H/Ccf8FC/wDo1/4M/wDh+NW/+ZegDwT9szWv2zPiF4z8RfCjx3/wQ78BftB+Borp18Ia/qHxO0GGOa3dF/4+bTVoC9rIGyC8JkzgEAEV83/EL/gkT+3D4b/4Nt/iL/wTw0Dw7pviX4neKPE9vrHhrwFofiWMWGgWb+JbDUP7JtrzUJIkaO3ghmkLOyguzqpclS/6F/8ACcf8FC/+jX/gz/4fjVv/AJl66T9l/wCMvif48fCT/hPPGngew8OavbeKPEGhanpGl64+pW0U+laze6W7xXMlvbNKkjWZkG6GMgSbSDjJAPmz/gpB+yF+1LfftYfBv/gpT+w94a0XxV48+E9pqmi+Ivhzr+tLpkfizQb9AHggvHVktrmKTdIhkAQl8sfk2Scj4J/Z2/by/bx/4KKfCn9s39tH9nPTfgl4E+Aen6vN4J8At43s9f1bXtb1GBbeS8uZrHMENvFEqlEDs+9AeQ7Bf0DooA+P/wDgnn+y38dvgZ+27+198X/in4F/svw78UfiRo+qeBdR/tO1n/tO0g03yZZPLhleSHbJ8u2VUY9QCOa5z9mf9m39sX9n39rf9uX9ojQPg/plxN8StY0DUvg9HrXiK3jtPEM1lozwOkzQPJLZp5+2MtLGpwdyqwGa+46KAPyP/bZ/Y0/bo/4KYroXhX/hz14E/Z98fweMdM1af9pBvihouoajoK210k8stk2mwre3UjqhVVmEaZYE4IDr+uFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRX5wf8Fev2Rv2N/ht8MdZ8TfCH4TXMv7U3xb8RSwfBbXND1y7Pid/EssomF1b3LTGS0sLQHz5wClrFBGUKgMikA/R+ivib/gpD+zT+z5P4NtvjT8aP8AgmL4i/aU8ey+GPsF5f8AgyK1+0ae1vDkSRm4vYZbQPI7lXsYpZwQTsJC59R/4JLatrOt/wDBNb4L6l4i+O8XxMv38CWi3vjaKWd/7RlUFWDNcok7PEQYWaZElLQsZFV9wAB0Xgf/AJSF/FD/ALIz4D/9O3i+vZq+ePgF8TvDfxR/b9+L+oeGtN8Q20enfCvwPY3C+IvCOo6O7ypqvi4lokv4IWni+YYmjDRMchXJU4+h6ACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAor5w/bY/bY8Vfs2eKtJ8D+B/Cmn3l7eaeL66utVWRoliMjxqiLG6HdmNiSTgDHBzx6/8A/itH8b/AIQ6J8UY9JaxOq27tLaM27y5EkeJwD3XchIPoRXzeB4tyLMeIMRktCo3iKCvNcrS6XtLZtc0b22ut9bfRY3hXO8vyHD5zXppYeu7QfMm+trx3V+WVu9ntpfsKKKK+kPnQooooAKKKKACiiigAooooAK8Z/YP/wCSIa5/2Wb4j/8Aqa63Xs1eM/sH/wDJENc/7LN8R/8A1NdboA9mooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAr4lm/wCCbn7cWjfto+Pf20vBX7fXgGfXfFYOneHF8a/AO41abwloCuXi0eylj8QW0aRZw8siwo9xKN8mcKq/bVFAHz98WvgN/wAFBvFniSa8+E3/AAUD8PeEtIvdMt4LrTrr4KQalPZ3Kwqk1xZTtqEYi8yQNKEuI7kIW25ZQBXc/sh/sv8AgD9jD9m/wp+zJ8ML/UrzR/Cti8MV/rFwJbu9mlmkuLi5mZVVTJLPLLK21VUFyAAABXpFFAHjPgf/AJSF/FD/ALIz4D/9O3i+vZq8Z8D/APKQv4of9kZ8B/8Ap28X17NQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFc58Vvi38N/gd4FvfiX8WPF1roeh6eoN1f3ZOAScKqqoLOxPAVQWPYGrhTnVmoQTbeiS1bfkiKlSnSg5zaSWrb0SXds6OiuJ+BH7RvwT/aa8IP47+BnxAtfEGmRXBgnmgikikhkAztkilVJIzggjcoyORkV21OrSq0Kjp1YuMlumrNeqYqNajiKSqUpKUXqmmmn6NaBRRRWZofP37XHw+8G/FD48fCHwH4v0GK8t9SvtWN2hZkeSCG2SUpvQhgu7BwDXu2haFo3hjRrbw94e0yGzsbOFYrW1t4wqRIBgKAK8j+I3/Ez/AG3PhxY9f7L8M6xeY9PMVYc/pXs9fI8PYbDPO81xigueVZQ5rLmahRpaXte3NJu199dz6vP8TiFk2WYRzfJGi58t3ZOdarra9r8qSvbbTYKKKK+uPlAooooAKKKKACiiigAooooAK8Z/YP8A+SIa5/2Wb4j/APqa63Xs1eM/sH/8kQ1z/ss3xH/9TXW6APZqKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigDxnwP8A8pC/ih/2RnwH/wCnbxfXs1eM+B/+UhfxQ/7Iz4D/APTt4vr2agAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKK+cf+Cp/j74+fDf9ky+8R/s+S39vqA1WCPWtR0tT9psdOKSmSaNl+ZCJBCpccqrscjGR5j/AMEVP2gvjb8avAHjXQ/i/wCO7vxBFoF/Zf2Re6tfG4vR56zGVJHcmRkHlxlS2eWcA4GB49TOaNPOYZc4S5pR5lL7Ozdu/Tfo9DwKvEGHo8QwymVOXPOPMpacuzdu70Tu1onZH25RRRXsHvhRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAV8m/8Fq/h1ofjv8AYN1zWda16WxfwtrFjq1gsabhdXBc2iwMPRhdN06MFPQGvrKvl/8A4KR/8V/rvwV/Zph+f/hN/irZ3OqQdfN0zTlNzdLj8YzntivZ4flOnnVCpF25JczflFSlL8E18zxOI4wqZHXpSV+ePKl5ycYx/wDJmn8il/wSo/YF8WfsP/DvxBd/EPxXa3+v+MJbOa9stOLm3sY4Fl8tAzqrNITO+87QOFAzjJ+raKK48wx+JzTGTxWId5y30t5Ky8krHbluXYXKsDDCYdWhBWV3d922+7bbCiiiuI7jxc/8TT/goEB1TS/hTn6SSah/8TXtFeMfDz/iZ/tu/EW+6/2X4X0izz6eYGmx+lez18xwt79HF1f58TXf3TjD/wBsPpeJ/drYSl/LhqC++Mp/+3hRRRX0580FFFFABRRRQAUUUUAFFFFABXjP7B//ACRDXP8Ass3xH/8AU11uvZq8Z/YP/wCSIa5/2Wb4j/8Aqa63QB7NRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABXzv4x/4Kt/sC/D74iah8MvGnx5Om3mka+dE1jV7rwrqq6Lp2oiXyTa3GrfZfsFvIJDsKyTrhuDzX0RXxV/wU68e3/wC1pa61/wAEhP2bLK11Txj8QtCWP4p6/JAJbD4d+GLlsTX112a/uE8xLO1yHdz57FI49zAHrvx3/wCCmH7Fn7Nfj7Ufhn8X/ivfWWr6JaRXWvx6Z4M1jU4NHgkj8xJb24srSaGyQoQ+6d0G05zjmvaPCfizwv488Lab448EeIrLV9G1iwivdJ1XTbpZ7e8tpUDxzRSISro6MGVgSCCCK+dP21v2nZP2b/BWgfsifs0+EofGnxq8faQ+mfDvwdeSeZFBbxxLBLrerPg+Tp1su1pZGGZmCwxhnf5fSP2IP2Y9O/Yv/ZD+HP7Kml+JZtZj8B+ErPSH1adNrXksUYEkoXJ2KzliqZO1SFycZoAzPA//ACkL+KH/AGRnwH/6dvF9ezV88fALUvivqf7fvxfk+LPgvw9olzH8K/A6aZF4d8Tz6olxZjVfF2yaV5rK0MMpO4GJVkVQARI2SB9D0AFFFeR/teftrfBH9ifwbY+MPjFdahK2q3LQaVpOjWyTXd4yAGQoruiBUDLuZmAG5RySBW+Gw2IxleNGhFynLZLdmGJxWHwVCVevNRhHVt6JHrlFcD+zV+0r8K/2sfhXa/F/4QapPPpk87288F5CI7izuEALwSoCQrgMp4JBDKQSCDXfVNajVw9WVKrFxlF2ae6fYqhXo4mjGrSkpRkrprVNPqgooorI1CiiigAooooAKKKKACiiigAooooAKKKKACiiigAr5i/bB8L+IP2cPinp37fnws0ma5i0+BNN+K2iWi86noxIAuwvea3ODn+4oyQqNn6dqK/sLHVbGfS9Ts4ri2uYWiuLeZAySowIZWB4IIJBB6g1yY3CrF0ORO0lrF/yyWz/AEa6ptdThzDBLHYZwT5ZJqUZdYyWqf6NdYuSe5V8K+KfD/jfwzp/jHwnq0N/pmqWcd1p97btlJoZFDI4PoQQav18sfs5399+xf8AtB3H7Fvi68lPgrxTJPqvwg1O5clYCW33OkMx/iRmLpnkhuSTIqj6npYHFPFUbzVpxdpLtJb/ACe8X1TXmTluNeNw95rlqRfLOP8ALJb/ACekovrFp9wooorsPQCiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACvl/Uv+Lrf8FaNNs/9ZYfCj4VzXW7r5Op6nP5W32zajOfavqCvl/8A4J8f8XE+LXx+/aTl+dfEnxNbQ9NnPPm2Okwi3hdf9lt7fitevln7rDYrEdocq9aklH/0lSPGzT99isLh/wCapzP0pxcv/SnA+oKKKK8g9kKKKy/G/im18DeC9X8a3trJPDo+l3F9NDD9+RYo2kKr7kLgVnVq06FKVWo7Rim2+ySbb+STfyNKVKpXqxpwV5SaSXdtpJfNtL5nln7Pf/Ex/aR+NPiHr5ms6VZhv+uFmVx/49Xs9fFv7CP7V2oeLP2gPEHgzWPCsMY8eavdarFcW8jFrSVIWfymzwyeXGQDgHd7Hj7Sr4jw5znLs84ceIwk+Ze1rc2jVpSqzqde8Zwfz7po+08Qcnx+S8Qqhi48r9lR5dU7qNKEOn96El8uzQUUUV92fDhRRRQAUUUUAFFFFABRRRQAV4z+wf8A8kQ1z/ss3xH/APU11uvZq8Z/YP8A+SIa5/2Wb4j/APqa63QB7NRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABXzFq3/AAR5/YM1X4keLfi3b+C/H2k6/wCO9fm1vxbd+Gfjn4v0mPUr+U5ed4bLVYogcYUBUCqoCqAoAH07RQB83fEX/gkt+w58Uvi/d/H3xR4L8bQeMb/QrLRr/wAQaB8Z/FWkz3NjaRiO3hk+w6nCHChcksCWcs7FnZmPuPws+GXhT4N/D/S/hj4HOqHSdHgMNkda8QXmq3W0sW/eXd7LLcTHLH5pJGOMDOAAOgooA8Z8D/8AKQv4of8AZGfAf/p28X17NXjPgf8A5SF/FD/sjPgP/wBO3i+vZqACvn3/AIKB/wDBPzwb+3t4N0TRtZ8a3PhzWPDlzNJo+sQWQukRJhGJo3hLpvDeVGQQ6kFB2JB+gqK6sHjMTl+JjiMPLlnHZ/h102OXG4LC5jhZYbEx5oS3X49Ndz45/wCCVOkaV+zC3jT9gjxrYix8aeHNdm1xbsuRF4k064EccWoQBidoVY4o3QE7CFyS28D7Gr5//bs/Z68aeOdJ0b9or9n9Fg+Kfw1ma/8ADbKP+Qta4/0jTJcY3pKm4KD0Y4BUOxr0L9mb9obwV+1F8GdI+MXgdmjhv4il/p8zfvtOvE4mtZRwQ6NkdBuBVhwwr0s2bzGP9px1c3aov5alt/8ADNK8ezUo9EeXlCWWy/suWigr03/NTvt/ig3yy7pxl1Z31FFFeGe8FFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQB5j+1t+znYftL/AAiuPB9vqJ0zxBp1wmp+ENejJWTTNTh+aGZWHIGflbHO1iRyARn/ALGn7Rl9+0B8M5rXxzpw0zx14TvW0fx3ojAK1tfx5UyKv/POUAupHH3lBO0mvXq+X/2uPDuufswfF+w/b5+GmlTT6fHDHpfxc0WzTJv9KJCx36qOs1udvPUoACVUOT5ONTwVdY2Hw7VF3j0l6wvr3g2uiPDzFPL8Ssxgvdso1V3h0n60769XByX2UfUFFUvDfiLQ/F/h+x8V+GNUhvtN1K0jurC8t33RzwyKGR1PcFSD+NXa9VNSV1se3GSkk07phRRRTGFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQBynx1+I1v8H/AIK+LfircsoXw54bvdRAbozQwO6r7ksoAHcmvNf+CaPw5uPhj+w58PNH1BW+26lov9s30kn33lvpGuyX77gJlXn+7iue/wCCr2sahcfsqJ8INCuTFqfxL8Y6P4U09k+9uuLpXcAd8xwup9mr6N0XSNP8P6PaaDpNuIbWxto7e2iXokaKFVfwAAr15fuMiiutWo38qcVFf+TTf3HjQ/f5/J9KVNL51JOT/wDJYL7yzRRRXkHshXP/ABX8V2fgb4Y+IfGN/HG8WmaLc3LRSqCsmyJiEIPXcQBjvmugrxn9ua9ub74PWXwx02Zku/G/ifT9EhKfeVZJg7t9NsZBPo1eNxFjp5ZkOJxUNZRhLlXeTXLBfOc4I9jh/AwzLPMNhp6RlOPM+0U+ab+UIyZV/Yl/Z0+H/wAMfhR4f8fxeFIU8Uazokc+o6nIztIVm/ehAGJWPCsikIFzt5ya9wqKys7bTrOHT7KERwwRLHDGvRVUYAH0AqWryLJ8HkOU0cDhoKMYRSdkleSSUpO27k0229XfVkZ3m+LzzNauNxM3KU5N6tuybbjFX2UU0kloraIKKKK9Y8oKKKKACiiigAooooAKKKKACvGf2D/+SIa5/wBlm+I//qa63Xs1eM/sH/8AJENc/wCyzfEf/wBTXW6APZqKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigDxnwP/ykL+KH/ZGfAf8A6dvF9ezV4z4H/wCUhfxQ/wCyM+A//Tt4vr2agAooooAK+Q/ipFL/AME8v2oD+0RpEbRfCL4o6nFa/Ea0jH7rw/rLnbDqwA+5FKTtlPqSTkmNR9eVi/EX4e+EPix4E1b4bePtGi1DRtbsZLTUbOUcSRuMHB6qw6hhypAIwQK9DLsZHCVmqq5qc1yzXePdf3ov3ovo12bPOzLBSxlFOk+WrB80Jdpdn/dkrxkuqfdI2IZoriJZ4JVdHUMjo2QwPIII6inV8t/sSfELxf8AAr4h6l/wTy+Oesy3eqeGrQ3nw08Q3ZwfEHh/JCJnoZ7cAoyj+FDgERlj9SVnjsHLA4h02+aLs4yW0ovVSXqt10aaeqNMvxscfhlUS5ZK6lF7xktJRfo9n1TTWjCiiiuM7QooooAKKKKACiiigAooooAKKKKACiiigAooooAKg1TS9N1zTLnRdYsYrq0vIHguraeMMk0bqVZGU8EEEgg9QanopNJqzE0mrM+Wf2ZdU1L9jv49XX7D3ja/lfwnrpn1b4O6tdyE/udxe40lnPV4mJZM8lSSfvoo+pq8s/a9/Zyg/aS+E0nh3SdT/svxRo10mq+C9fjO2TTtTh+aJww5CsRtbrw2cZUVB+xz+0bP+0R8LWuPFmmf2V408N3j6R450Jxtey1GL5XIXtHJjep5HJXJKmvJwbeBxH1KXwu7pvy6w9YX07wa/lPDwDeW4r+z5/A7ypP+79qn6wvePem1/IetUUUV657oUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH5Gf8ABWn4aftXfFX/AIKLr4Q+Glnr3iOS30HTtT8H6b4e8yVtGtztikmfy+LY/a45GMrFQA8eW+7j9UfhDp3jnSPhP4X0n4n6kl54ltfDtlD4ivI2BWe+WBFnkBGMhpA5z718/fsHf8Xh+P3xx/a3uP3ltrHi9fC3heU8r/Z2loI2kjP9yWRtx/2kNfUdfU8RZlOrh8PlrhFewjFNpauTinJP0ur95Xb1PkuGssp0sRiczjOT+sSk0m7pRUmotebs7do2S0Ciiivlj60K8V+Jv/Fd/tmfD/wOp32/hXRL7xFfRjoWkxbQE+6uCR9a9qrxX9n3/it/2ifiv8VW+eC11S28N6a/ZBaR5nUH3kZTXy/Ev+01cDgP+ftaLf8Agop1pfK8aa+Z9Nw5/s9LG47/AJ9UZJf46zVGPztKo/ke1UUUV9QfMhRRRQAUUUUAFFFFABRRRQAUUUUAFeM/sH/8kQ1z/ss3xH/9TXW69mrxn9g//kiGuf8AZZviP/6mut0AezUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFYnxMl+I0Hw38QT/B+z0e48Wpod23ha38RTSx6fLqIhf7Mt08IMiwGXYHKAsELFQTgUAbdFfA2rf8Edfjx+1JcP4i/4KH/8FS/jB4k1KdRLJ4I+D+rr4P8AC9grZIiW2hWSe6CEMqzzS+YwBLDOQILf/gh9f/s6qvi39h//AIKkftA/C3WIpo0tbTxT4vj8UeHZ5XcIi3GmX6BZizMqLiRW+bA5IoA/QCvk79pr9vn9rL9lrRfGfxu8df8ABPiSf4Q+A7m5m1zxTZ/FGzbW5dJgciXVbfSRbmN4RGGm8uS7jm2D/Vhvlr3n9nCL9oq3+C+i2v7WF14SuPH8AuItfu/AyXCaXdbbiVYJ4Uuf3kZktxC7xksEkd1VmVQx/O/9uf8A4KRfsZ/tkftO+I/+CdnxZ/bA8DfDT4NfD7WUtvjhe+JPFUGnal431CCUMfDVlHI6yR2KOgF7dYBlwbeI4MklAH01+2x/wUT+M/7KWt+CfEvgr9jg+Nvhj4r1zw1pl58SZPiHaabHZTazqUdjEsViYZrm4aMTQynKxIVkAD5DY+rq/On/AILuftn/ALIPw6/Zz+H3ws8R/H/wjpWsaj8TPh74p0fRZdTjSSfQYPElnK9/Eg62yRW8zbxwFib0r7u+DPxq+E37RPwz0v4y/Az4g6X4q8K60kraTr+i3QmtbsRyvC5Rxw22SN0PupHagDgfA/8AykL+KH/ZGfAf/p28X17NXzx8AvBfiTwT+378X7XxL8XPEPi+S8+Ffge5t7nxFbadE9jE2q+LgLWIWFpbKYlwSDIry5Y7pGGAPoegAooooAKKKKAPEv24f2Z9b+PPgGw8YfCrUV0r4leBb3+1/AOtAhStyuC9rITwYZ1UIwPy52kggEHc/ZD/AGmNE/an+Ddr4/t9ObS9bs5307xb4emBE2kapD8s9u6nkAH5lzyVZc4OQPUa+Sf2mNJ1T9hz9oWP9ufwHp80ngbxRJBpvxp0WzjLCEFtlvrSIOrxs22THJDdMyMw9vBNZlhvqM/jV3Sfm9ZU/SW8e01b7Z4WOTyzFf2hD+HKyqryWkanrDaXeDv9g+tqKr6Rq2l6/pVrruiahDd2V7bpPZ3dvIHjmidQyOrDhlIIII6g1YrxWmnZnuJpq6CiiikMKKKKACiiigAooooAKKKKACiiigAooooAKKKKACvlz9q3QtY/ZR+NVl+3l8PNNmm0S5SHSvjBo1nGWNzYFgsOpKg6ywHAJ6lMD5RvNfUdVta0bSfEej3fh/XtOhvLG+tnt7y0uIw0c0TqVdGB4KlSQR6GuTG4X63Q5U7STvF9pLZ+nRrqm0cGY4L69h+WL5ZxalCX8sls/TpJdYtoboWuaP4n0Sz8SeHtShvLDULWO5sru3cNHPE6hkdSOoKkEH3q3Xy5+yzrOrfskfG+8/YS8fajNL4e1BZtV+DusXkhYzWe4vPpbOessBJZR1K5PAKLX1HSwWK+t0OaStJO0l2kt16dU+qaYZdjfr2H5pLlnFuM4/yyW69OsX1i0+4UUUV2HeFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFeZftmfGhf2ev2WvHPxejuRFdaToE39mOT/wAvsuIbYf8Af6SOvTa+XP8AgoH/AMXd+L3wT/ZCtv3kPinxt/b/AImhXkHStLTz3jk9FkcgA/3o8V6OUUKeIzGnGp8CfNL/AAwTlL71G3zPMzjEVMNltSVP42uWP+KbUI/c5X+R6b+w98F2/Z9/ZN8C/Cu5tjFe2OgxTasjDkXs+Z7gH1xLK457AV6tRRXJia9TFYidafxSbb9W2/1OzDYenhMNChT+GCUV6JJfoFFFFYm5neLvEdl4P8Kan4t1I4t9L0+a7n5x8kaF2/RTXm37EPhy90T9nLRdX1cZ1DxDJPrV/JjHmPcytIrfjH5dcF/wU2+LvjP4e/CnT/BvhizC2nit7i11XUDHnyokVD5I7AyBm567UbHqOv8A2Cfih4o+Kn7O+n6j4q0mO2k0m5bS7SWGHYlzBDHGEkC9BjcUOOMxnp0r87XEOXYzxOWVe97Shh5Ne6+XmqShKWvlTUUns22k7pn6A8gx+D8Nnmnu+zr14p+8ublhGcY6edRybW6STas0e0UUUV+iH5+FFFFABRRRQAUUUUAFFFfCX7d//BWv4hfsv/tIzfBH4efDLRr+00OK1fXbrWjN5l0ZoY59luY3URgRyKN7B/mz8uBz5+ZZng8pw6rYl2i2lom9X5I8vN85y/I8KsRjJNRbUdE27vyXo36H3bRWH8MvHNl8T/ht4e+JWmWU1tbeIdDtNTt7a4x5kSTwpKqNj+IBwD7ityu6EozgpR2eq9Hr+p6UJxqQU4u6aTXo0mvwaCvGf2D/APkiGuf9lm+I/wD6mut17NXjP7B//JENc/7LN8R//U11uqKPZqKKKACiiigAooooAKKKKACiiigAooooAKKKKACmyyxQRNPPIqIilnd2wFA6knsKdWD8VPhn4F+NPww8SfBz4oaEuqeGfFug3mjeItMeeSIXdjdQPBcQl42V0Dxu67lZWGcgg4NAHyR/wUO0b48/s/8Axi0r/gp3+x/rs/i698L+GYtB+Lnwah1JGTxh4WguLi6WawQnCarZvdXUsXeZJHizyEk8y+A/jv4k/wDBbX9oDwn+1Hq+p6x4B/Za+G3iqz1r4XeFbqf7Fq3xN8QWU6y2+r30YbdFpttcRq0Fuf8AXSRiR8gBV+Rvij4F/wCDSPwT491T4cfC/wDYa8a/F3UNDu2tdZn+EFt4q1qztZlPzJ9qW/SGXH96J3Xnr1r2H/gm78Af+DYX49ftMaBp/wCzF+zXe+CvjR4N1S28R+HfCXj688SaVq8NxZyrcxXMMF5dmG6MbxeYY1MmFjYumwE0Afr1RRRQAUUUUAeM+B/+UhfxQ/7Iz4D/APTt4vr2avGfA/8AykL+KH/ZGfAf/p28X17NQAUUUUAFFFFABVLxJ4c0Lxh4evvCfijSYL/TdTtJLXULK5TdHPDIpV0YHqCpIP1q7RTTcWmt0JpSTTV0z5O/ZK8R69+x78cLn/gn58UdVnuNAvUm1P4K6/fSEm6sMlptKdz1mtySVHUpn7oMa19Y15L+2X+zHbftP/CQ6Do+rf2P4t0K8TVvA3iSI7ZdL1OE7onDAZCMRtcc8HOMquK37FH7Tlz+0j8MJ4/GukjR/HnhO9bR/H/h5wFey1CPKs6rn/VS7S6EZH3lBOwmvaxyWY4b6/Be+rKqv7z2n6T69pp/zI8PASeW4n+zpv3Hd0n/AHVvT9YX93vTa/kZ7HRRRXiHuhRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAeUfth/s5N+0Z8Kv7N8N6n/ZXjDw/eJq3gjXkO17DUofmjO7sj42N1GCGwSop37H37Ry/tH/ChdZ17TP7K8WaFdvpPjbQJBtk0/UoflkXaeQjEb168HbklTXqtfLf7UOkap+yH8dLT9ujwJYTSeGtWEGk/GLSLSMtvtdwS31VUHWSEkK3cqQONztXkYxPA4j67H4dFUX93pP1hfXvBv8AlPCzBPLcUsxh8DtGqv7v2anrC/vd6bf8qPqSiq+kavpev6Ta67omoQ3dle26T2l1byBo5onUMrqw4KkEEEdQasV6yaauj3E01dBRRRTGFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAV8ufAH/i+P/BRv4tfHGX97pnw70ez8B+HpTypuCftV+R2DpLhCeu1se1fQXxb+Iuj/CD4W+I/ip4gI+xeHNEutRuVLY3rDE0m0e524HqSK8e/4Jh/DrWPA37H+geJfFoLeIPHVzc+LfEE7LgzXF/IZlcjqD5Pkg57ivYwf+z5ZiMR1lamv+3ven/5LFL/ALePFxv+05rhsP0jzVZf9u+7D/yeTf8A26fQVFFFeOe0FFFFAHh/7R2m6d8Tf2gvhf8ABrVtPgvdOW6vdd1qzuYhJE8cEJSEOjAhlZ2dSCMc17RpWk6VoWnQ6PoemW9naW6BLe1tIVjjiUdFVVACj2FeO/Df/iuP20vH3jJvng8KeH7Dw/Zydi0pNzMB7qw2n617VXynDVOnicTjsyaXNVrTinZX5KPLSir2vbmjUdr2u726n1HEdSph8PgsuTfLTowk1d256vNVbte1+WVNXte2l+gUUUV9WfLhRRRQAUUUUAFFFFABXx5qnwC+D37X/wDwUk8eX/xT8C2utaR8NfCOjaYlvI8kccuozs92sknlsvnFIy0ZR9y4IBXgY+wmZUUu7AADJJPAFfNv/BNBW8Y/D/x1+0RcAs3xI+JWq6pYzEcmwjl+z26e4Xy5APrXkZlTp4rFYfDTScXJzaaurQjp/wCTSX3HhZtRpY3GYXCVIqUXKU5Jq6tTjpdP+/OP3H0hbW1vZ28dnZ26RRRIEiijQKqKBgKAOAAOMU+iivXPd2CvGf2D/wDkiGuf9lm+I/8A6mut17NXjP7B/wDyRDXP+yzfEf8A9TXW6APZqKKKACiiigAooooAKKKKACiiigAooooAKKKKACvPP2uvhx44+MX7KHxP+EXwx1gad4l8VfDzWtH8Pag0xjFrfXNhNDBLuHK7ZHRs9sZr0OoNU1TTND0y41rWtRgs7Ozgee7u7qZY4oIkUszuzEBVABJJOAASaAPzA/YO/wCC3P8AwTC/Yr/Zf8D/ALGv7ULap+zp4/8Ah34Xs9G8T/DzxZ4C1GDZewRLHcXUU1tbyQ3Ec8qvMJt++XzN7AliaqfGj9uH9mj/AILE/ta/s8eAv+Ccfh3WvH2pfCv41aX4w8Y/GSDwjeafpfhbRLNZGvdPN7dxRPJJeqyQi3QFJPvEnyxj9BfE3xp/Y48aW8dr4x+LPwz1aKJt0Uep69p86ofUB3IFeVftUf8ABRz4JfsrWvwj8N/CFvB/jCT4jfG3w18PxpGg+K7aI6TBqtw0LX6xwLJ5ghIB8vCBiwG9aAPqGiiigAooooA8Z8D/APKQv4of9kZ8B/8Ap28X17NXjPgf/lIX8UP+yM+A/wD07eL69moAKKKKACiiigAooooAK+VP2yfB3ib9l/4uWf8AwUP+DujTXUFnbx6f8YfD1kvOraMCAL5V7z23B3d0UZKqr5+q6ivbKz1Kzm07UbSOe3uImjngmQMkiMMMrKeCCCQQeua7cBjHgsRztc0WmpR6Si91+qfSSTWxw5hgljsPyJ8sk1KMusZLZ/o11i2nuUfBvjHwz8QvCem+OvBesw6jpOr2Ud3p19btlJ4ZFDKw+oPQ8joa06+RvgJe3v7A37SZ/Y+8VXcn/Cs/Ht3Pf/CDU7mQlNMvGbfcaK7HoCzb4snksBlmkO365qswwawdZcj5qclzQl3i+/mneMl0kn0aJy3GvG0H7RctSD5Zx7SXbvFq0ovrFrqnYooorgPQCiiigAooooAKKKKACiiigAorxn9vHwl8WfGn7P11ovwgju5rz7fE+p2dgx866swrh40A5Y7zGSo5IUjnofM/+CY9/wCNfCv/AAlfwh+JE2oadeWi2l7pfh3WIJIZ4Yn8wSyokgBCEmLOOAef4ufisXxhPB8aUMhqYWfJVjdVtoc1pNQWlm/da+JS5rWi1dn2WE4ShjODq2eQxUOelKzo7z5bxTm9bpe8n8Lja95J2R9ZUUUV9qfGhRRRQAVU8QaBovirQr3wx4j0yG90/UbWS2vrO4TdHPC6lXRgeoKkgj3q3RSaUlZiaUk09mfL37Juv61+yv8AGW+/YK+I+pzT6TJHLqvwg1q8fJvNNLFpdOZj1ltzkgdSmThV2A/UNeR/tk/s5XX7Qvwwj/4Q3UhpfjfwveLq/gXXEIV7PUIvmVC3/POTARgcjlWIO0Crf7Iv7Rtr+0p8JIfFGoaadL8S6VcvpfjLQZAVk03U4TtmjKnkKT8y5/hYA8g48rBN4Ku8FP4d6b/u9Y+sL6d4Nfys8TL28uxLy6fw2cqT7x6w9ad9O8HF/ZZ6jRRRXrHuBRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAfMf8AwVI1O/8AFfwl8Kfsu+Hrp49R+LnjrT9BkMJw8Ngsqz3c/wDuqsaBvZzX0rpemWGi6Zb6NpVqkFraQJDbQRjCxxqoVVHsAAK+VNE8U+GP2mv+CqCXfh3xHYarofwU8BSiGSyu0mRda1GTy5dpUkHbbrsbHKum04PFfWVezmUZYbB4fCtWai5y9aj0+6EY/eeJlco4rG4nFp3TkqcX/dpqz++cpfcFFFFeMe2FNmmit4XuJ5AiIpZ3Y4CgckmnV57+1f41Pw//AGcvGHiWOXZKNFktrZweRLPiBCPcNID+FcWZY2nluXVsZU+GnCU36Ri5fpb5nZl2CqZjmFHCU/iqTjBespKP63+RzP7DkMus/DDWfivdxsJvG/i/UdXBcfMIjMYo1+gEZx9a9orl/gn4LHw6+EPhrwOYtkmmaJbQTjGMyiMeYfxfcfxrqK4eGsFUy7h/C4er8ahFy/xyXPP/AMnnI7uI8bTzDPsTiKfwOcuX/BH3If8AkkIhRRRXtnihRRRQAUUUUAFFFFAHmP7aPxK/4VD+yj4/+IEdx5U9n4YuY7KTONtzMvkQn/v7IlWf2Rvhr/wqD9mLwJ8OZLfyp9N8MWi3qYxi5eMST/8AkV3NeY/8FI/+K30H4a/s5w/P/wALB+Jum2upQf3tOtmNxctjvt2RHFfSdeXS/fZvVn0hGMfnJub/AAUTxqH7/Pa0+lOEIL1k3Ul+Cggooor1D2Qrxn9g/wD5Ihrn/ZZviP8A+prrdezV4z+wf/yRDXP+yzfEf/1NdboA9mooooAKKKKACiiigAooooAKKKKACiiigAooooAK4D9q74Nf8NF/st/Er9nz7QsX/Cd+ANZ8O+azFQn22xmttxI6Y83Oa7+sP4m+G/E/jL4b+IfCHgnx5c+Fda1XQ7uz0jxPZ2cVxNpF1LC6RXiRTAxyvE7LIEcFWKAMCCaAPz7/AGJP+Dc//gnj4f8A2Svh94e/bC/YR8DXnxO07wzb2njW/stVvJ47y+iXy3uA6TKrGQKJDhQNzkYFWfj/AP8ABvR+x7oXjf4K/FT9gv8AZr8D+BPFHw/+PvhXxZ4j1ebUb5Hn0HT7z7ReW0OTMHmfbEUVgoJXl177+r/tO/8ABdH9kqQ+Gfiz+wD4P/aS0i3Oy1+IPwf8axeH76eIcK93pGoByJ2xlhbyGJSeOOKZpn7cP/Bbf9o6QeGPgL/wSW0T4RpMdr+O/jt8S4Z7Wz9T/Zmmp9qmbHIwyrnAJAyaAPvuvhv/AIKN65+3T+xv8CPiX+3Pof8AwUFtvsvhCSXVPDPwr1H4aaWui6jAbhVtdGlnCtqEt1PuS3WeK4jzLIpEQHy19Wfs3+BPjF8Nfgvovg74/wDxr/4WJ4xtxcSa74vGgw6Yl7LLcSzBY7WElIYokkWBFyzbIVLMzFmPxD8ZtM/b2+Lv7fV38UP2g/8Agmn4+8c/C34Va7v+BvhTwt498IJpl/fx7l/4SjUUvtYgllusE/ZYHiVbVWL4MzFlAPQdZ+Kv7Zf7Z/7X3xC/Z9+AX7Q0/wADtG+EHgzw7Prc9r4Q07Wb/VfEWsWst6ttP9vjkjSztrdIA6RLHLI87YlQKK9i/wCCbX7UPi79sT9jLwh8c/iPodjpvim4fUdI8W2Wmbvs0eraZqFzpt40IYlliee0kkRSSQjqCSRk+QeIvBf7ZX7Ln7ZHxH/as+AX7I1z8T9F+OXhDw9JrXhi38baVpWoeF/EWl20tqone7mWGa0lt5IFeSB5ZEe2bbHIrAn17/gmz+y94v8A2O/2MfCHwM+I+t2Oo+KYH1HV/Ft7pm77M+ranqFzqV4sJYBmiSe7kjRiASiKSATgAF7wP/ykL+KH/ZGfAf8A6dvF9ezV88fAL4R/Cj4Qft+/F/TfhN8MfD3he21T4V+B9Q1O38O6LBZJeXkmq+Lg9xKsKKJJWCqDI2WIUZPAr6HoAKKKKACiiigAooooAKKKKAPN/wBq39m7wt+1T8GNR+FfiK5eyumZbvQNagyJtK1GLJguoyCCCrcHBBKsy5Gc1yP7DH7SPin4u+E9V+EnxttksPil8O7tdK8baecD7SQP3OoRdN0U6AOCABuzgBSufdq+Yv25vhb41+GXi7Sf2/P2f9Ha58VeCbUweMtDt/l/4STw8TunhYDrLEAZEPJG3oxRFr2cvnDGUXl9V2u702/sz7N9Iz0T6KXLLueJmVOeCrrMaKvZWqJfah3S6yp6yXVx5o9j6dornvhP8UvBPxs+G+jfFf4dawl9ouu2KXVjcL12nqjD+F1YFWU8qykHkV0NeROE6U3Cas07NPdNbo9inUhVgpwd01dNbNPVMKKKKksKKKKACiiigAooooAK8r/aV+D/AIi8Uw6f8XPhO62/jrwkxn0iToNQg582yl/vI4Jxnox6jcTXqlFefmmW4bN8DPC172lazWkoyTvGcX0lGSUovo11TafflmY4nKcbDE0bXV7p6xlFq0oyXWMotxkuz6NJrkvgl8YPDvxv+H9p450BGgdyYdR0+b/W2N0nEkDjggqfUDIIPeutrwX4t6ZqP7MHxQk/aR8H2MsvhXXJUh+IukWyE+SxOE1KNR/EpOHA65J6sWX3PS9U07W9Mt9Z0i9iubS7gWa2uIXDJLGwBVlI6gggg152RZlia/tMBjrLE0bKVtFOL+CrFfyzS1X2KinB7Rv6Gd5dhqHJjsFd4atdxvq4SXx0pP8Amg3o/twcJreVp6KKK+hPACiiigAr5Z/aU03UP2Nvj9bftt+DLGVvB/iJoNK+MOlWsZIRCwS21dUHV42YI+OSDgDLsw+pqo+JvDWg+M/Dl/4R8U6VDfabqdpJa39ncLuSeGRSrow9CCRXHjsK8VRtF2nF3i+0lt8ns11i2uxwZjgnjcPaD5akXzQl/LJbP0esZLrFtdixpupafrGnW+r6TexXNrdQpNbXMEgZJY2AZXVhwQQQQR1BqavmD9kPxLr37M/xa1D9gT4n6rNcWltBJqfwl1u7bJ1HSCSXsmY9Zrc5GOpQEgBVXP0/TwWKWLoczVpLSS/lkt1+qfVNPqPLsasdhudrlmm4yj/LJbr9U+sXF9QooorrO4KKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAK5X466LN4k+CHjLw7beKv7Ckv/AArqNtHrmSP7OZ7aRRcZXkeXnfxz8tdVXzz/AMFQfiBrXhP9krVPAvg98+IfiLqVp4P8PwhsGWe/k8t145/1Am6d8V25bQnicwpUoOzco69tU2/RJNvyWpw5nXp4XLq1WaulGWnfRpJebbSVtbvTU+Kf+CLP7D/7ROm/Gnw/+15rkA0XwSdJvGs3e/RpNcWWOW3VPKRi6IsmJcyhcmJCoOQR+rlYXwv+H+i/Cj4baB8MPDibbDw9o1tp1p8uCY4YljBPuQuT7k1u13cQ51Wz3MpYmaSS92Nlb3U3a/d66/5Hn8OZHR4fyuOFpttv3pNu/vNK9uyutPvd2wooorxD3grxX9sT/iqrz4d/BuP5v+Em8cW0l7F132VqDNMMf98H8K9qrxW//wCK6/bvsLbG+18C+B5bjd/zzvLyTy8e2YRn8K+X4u/fZXDBLfEVaVL/ALdlNSn/AOU6cr+T8z6bhT9zmc8Y/wDmHp1an/byg4w/8nqRt6eR7VRRRX1B8yFFFFABRRRQAUUUUAFFFVNf13R/C2hXvibxDqMVnp+nWkl1fXc7YSCGNS7ux7AKCT7Ck2krsTaim3sj538Xf8XR/wCConhPQB+8s/hh8OL3WHbqsd9qEotQh/2vJAcewr6Tr4f/AOCff7XHwV+Nn7afxf1i21q5TXPG17aDwpFeWxRbnS9Pt2jAQ5+WQrmVkIBwM8kMB9wV4+SV6OLoVMRTkpc9Sb08mopf+AxT9GeBw7icPjsNWxVKal7SrN6O+zUYr/wGKfpJBRRRXsn0AV4z+wf/AMkQ1z/ss3xH/wDU11uvZq8Z/YP/AOSIa5/2Wb4j/wDqa63QB7NRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFfA37cvhn4jftw/wDBTnw1/wAE2dT/AGjPG3w3+GWl/A+X4ieJovhzrZ0vVPFl2+rnTYrF7xQXjtYFTzZET75nQN/CyfPn7Mnxy+LvhH/glD/wTm+KGjfGLxOniDxB8evD3h/XIR4guT/wkem6jc6nbXkF5HvxdokWJx5gbyzbBhgigD9fKKKKACiiigDxnwP/AMpC/ih/2RnwH/6dvF9ezV4z4H/5SF/FD/sjPgP/ANO3i+vZqACiiigAooooAKKKKACiiigApGVWUqwBBGCD3paKAPkLwgx/4J0ftTj4Z3beR8GPi7q7S+F5mOIfC/iF+Xss9I4LjGUHADAAABZGP17XFftDfAfwL+0t8H9a+DPxEtC+n6xbFFnjA820nX5oriMno6OAw7HGDkEg+V/sJfHjx1qg1v8AZM/aIux/ws34bFLe9unJxr+lnAttTiJ5cMpUOeSGILYL7R7mJ/4VMH9bX8Wmkqn96O0anrtGfnyye7Z4OF/4Scb9Tf8ACqNun/dlq5U/TeVPy5or4Uj6Jooorwz3gooooAKKKKACiiigAooooAh1LTrDWNPn0nVbOK4tbqForm3mQMkqMCGVgeCCCQRXhXwq1G//AGWvinH+zt4rvJJPB/iCeSb4earcOT9mkJy+myMe4JyhPXIHJbC+91ynxq+EXhv43fD+88B+I90Xm4lsb6IfvbK5XmOeM9Qyn3GQSOhNfPZ7lmJxHs8dgbLE0buF9FOL+OlJ/wAs0tHryTUJraV/fyTMsPQ58FjbvDVrKVtXCS+CrFfzQb1X24OcHvG3V0V5T+zV8XvEniIaj8Gvi3th8c+EyItS7LqVtwIr6P8AvK4I3Y6MRkDcAPVq9HK8zw2b4GGKoXSd009JRknaUJLpKMk4yXddU035+Z5biMpxssNWtdWaa1jKLV4yi+sZRacX2fRppFFFFegcAUUUUAeP/tnfs56l8fPhtb6l4A1EaZ498IXo1jwJrSkK0F9Hg+SzH/llKFCMD8v3WIO3B0/2S/2i9N/aY+EFt42bTjpuu2M76d4s0KQFZNL1OH5ZoWU8gZ+Zc87WGecgem18r/tDWV5+xX+0PB+2V4VtJP8AhBvFssGl/F3TbZCVtXLbLbV1Ud1ZgkmByG6FpCR5GLX1DEfXI/A7KovLaM/+3b2l/cf908LHp5Zi/wC0I/A7Rqry2jU9YXtLvB3+wfVFFRWV7Z6lZQ6jp13HPb3ESyQTwuGSRGGVZSOCCCCCOualr19z3U01dBRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABXy38Yv+L7f8FMfhv8ACWM+dpHwq8NXfjHW0HKNf3BFtZRt6On+uX2Y19RsyqpZmAAGSSelfLv/AATdB+LGu/Fn9su7HmD4jeOpbXw9Oed+i6aDa2rA9skSggcZQda9jK/3FDEYv+WPLH/FU938I87PFzX/AGjEYfBr7c+aX+Gn734y5EfUdFFFeOe0FFFFABXiv7KP/FXePvip8YnG4ax4yOmWch/jtrCMRIw9juP5V1P7TXx60f8AZ0+Fdz4+1OykuZ5ZxZ6Xax8ebdOjsgYn7qgIzE88L0JNecf8E1/if4X8Y/Ar/hB9Ktp4tT8OXLHWGnO7z3uZZZVmDd84ZcHkbO/Br4XM84yytx3gMplVXtYQq1eXq5OChBbWvyurNK+ybPt8tynMqPBGOzSNJ+znKlS5uiipuc3ve3MqUHpu0j6Iooor7o+ICiiigAooooAKKKKACvLv22fGnhvwB+yP8RvEfi2FZbE+Eb20e3Zyone4iNvHFkcjfJKi5HPzV6jXzR+3b/xd74r/AAh/ZFtv3kHiXxX/AG94oiHI/srTV85o5PRZZCFB/vR15+aVZUsBU5fikuVesvdX/pV/RM8vOq8qGWVeTWUlyR85T9xfjK78kzgP+Cd//BK7Sf2dvE/h/wDaR8d+O7nUvEZ0FJrTRF04W8ek3FzbbJld/MYzsqyPGDhByTgnGPtaiiqy7LcJleGVDDxtHd+b0u362/yKynKcDkuDWGwkOWO73u3ZXbv1dv0WgUUUV3HpBXjP7B//ACRDXP8Ass3xH/8AU11uvZq8Z/YP/wCSIa5/2Wb4j/8Aqa63QB7NRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAfDP7dXwS+E37b37f8A4b/Zcj13x78Lvit4E+EsvjrwL8dPh74iSyvra2uNSOnXWk+UyMLqAlIpJUf5QJYwCvmMWqf8E+/+CD/ww/Yq8VeCfGnxI/ah+IXxfuPhbZXNr8KdE8W3EUGi+ERcBhNcWljECv2lld1852YgNwAVVgn/AAVr/wCCfvhf44/FTwp+2n8Q/wDgqd4l/Zw074daL/Z2k6ppmpWGmW9pcTSzNPN9uuHjdTcI0MTwb/LkW1iyrEVxH7En7Pmq/Gr4o6N47+Bv/ByJ40+NOn+ENdsdS8ReENI1fRL6K9tYrhHe1u1tyZYoZgpiLYBIc4OaAP0pooooAKKKKAPGfA//ACkL+KH/AGRnwH/6dvF9ezV4z4H/AOUhfxQ/7Iz4D/8ATt4vr2agAooooAKKKKACiiigAooooAKKKKACvnX9u74E+Or46J+1x+ztZ5+Jnw23z2tpGDjxBpRybnTJQvL7lLNGOSGLBcM4YfRVFdWCxdTA4mNaGtt09mno4vyaun9+6RyY7B0sfhpUZ6X1TW8WtYyXnF2a+7Zs4v8AZ7+O3gX9pT4QaL8Zvh3eGTTtYtQ5hkI820mHyy28gHR0cFT24yMggntK+QfFIP8AwTn/AGqD8QrUGD4L/F7WFj8RxLxB4X8RPwl5jpHb3GMOeApBJICIp+vgQwDKcg9CK6MxwlOhONWhrSqK8X1XeL/vQej7q0tpHPlmMq4iEqVfStTdppbPtJf3ZrVdnzR3iFFFFeaemFFFFABRRRQAUUUUAFFFFAHk/wC0t8JPE2tnTvjX8IVWLxx4TzJYLj5dUteTLYyY+8GGdvoxOCN24dd8GPi54a+Nvw/svHvhksiTgx3llKf3tncLxJBIOzKfzBBHBFdVXgfxRsL79lb4qyftBeF7OR/BniO4SH4g6XboSLOYnampRqPc4kA65zyWyvx+ZRlw5mEs2pr/AGepb6xFfZeijiEv7qtGtbeHLU3pu/1uXNcQ4COV1H+/p39hJ/aWrlQb/vO8qN9p80Nqit75RUOn6hY6rYQappl3HcW1zEstvPC4ZJEYZVlI4IIIINTV9fGSkk07pnybTi2mrNBRRRTEFZ3i7wn4d8d+F9Q8F+LtJhv9L1WzktdQsp1yk0LqVZT9QT71o0UpRUotNXTFKMZxcZK6Z8x/sdeLPEX7O/xO1H9gL4r6tNc/2VbtqHws1u7bnVdEJJ+zFu81vypUfwqcAKgJ+nK8b/bS/Z11n44/D6z8TfDS+GnfELwVe/2v4F1YEApdJgtbOTwYplUIwPy52k5CkHc/ZT/aJ0X9pv4PWXxCtLE6fqsEr2PibRJQRLpepRYWe3dTyMN8y55KspODkDysDJ4Os8DN6JXpvvHrH1ht5xcX0Z4mXSlgMQ8uqPRK9JvrDrG/endLu4OL6M9Iooor1j3AooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAPFf+Ch/wAYLz4J/seeNfFGiO/9r3+m/wBj6FHD/rXvbxhbRlB3ZfMMgH/TM12P7M3wfs/gD+z94P8Ag3aIgPh7QLe1uXj6SXAQGeT/AIFKXb/gVeK/tcf8Xu/bY+CP7MEP72w0O8n+IHiqHqFiswYrHcO6tcM6kHjkda+o69jFf7NlNCh1m3Ufp8EPwUn8zxcJ/tOcV6/Smo0l6/HP8XBfIKKKK8c9oKKKKAPCv25NMsviPpXgv4ALAr3vi/xZDiQKDJa2tupe5nTIOGVGx9Gau4+AX7OPw2/Zw8PXPh/4ewXbm+mEt9fahMsk9wVBChiqquFBOAFA5PcmuP8AA/8Axdb9svxP44b95pvgDR4tC0w/wm9n/e3Lr/tKP3R9iK9tr4nI8twGZ55is/qUoupzulSm1qqdJezk0/79T2mu9opJpaP7PO8xx2W5Lhsip1ZKnyKrVino6lV+0imv7kPZ6bXk203qiiiivtj4wKKKKACiiigAooooAK+aP2bv+L2/tx/Fv9oaX97pvhFIPAXhmXqA0JE9/jtkTlcEdmr2X9ob4sWPwL+Bvir4u35TGgaJPdQxydJZwpEMf/A5Ci/8CrjP2APhNffB/wDZO8J6Jr4dta1WzbWtflmH7yS8vGNw+/1ZQ6xn/rnXl4n/AGjMqNHpC9R/L3Yfi5P5Hi4z/as3w+H6QTqy9V7kP/JpSl/26ey0UUV6h7QUUUUAFeM/sH/8kQ1z/ss3xH/9TXW69mrxn9g//kiGuf8AZZviP/6mut0AezUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH5qf8FB/D37J3xH/AOC1/wAJvh5/wUpm0Gb4VRfBC9vvhVo/j+5SPw5qPjP+1xHeJMsxEE9wtj9l2RTZU+YcAsUB5f8AbR+GP/BOT4L/ALdX7Kus/wDBO3w98OPDPx21D436XY6jo3wfjs7WW+8GSRT/ANtvqNrYYjNutsCwllXduQBCQr4+sv2nbr9lf9sD9rG1/wCCX37Rv7L2j/EGzPwwf4hahqHiGKKS30mL+0P7Ot1hBXzVuJX+0YkjZCqROMndg8UP2e/+Cdn/AARn8W/DjxF+zr+xB4f0KX4tfE7Tfh9deKtIYvf6XLqIl+zM01yZJmt3nhjjaNJFG6SNiG28AH2tX59f8FtP2UvgJqeq/B39rrUvAz3HxC079ob4a6Rp+uz6vdutrZnxLbbkitjL9njZhI4aRYw7A4LEAY/QWvlX/go3+wp+1L+25feGNF+F/wC2P4a+HnhTw14h0LxJHoupfCRtcup9b0vUTewXBuhqtqFgYpbo0HlE/u3PmfPhQDxr/gpRP+zLd/8ABSX4e6B/wU71vSLT9nqf4QanJ4Si8c6gbbwvceNF1GLzheszLA1yun7TbLcHHM5j/eV0P/BAX45p8Xf2fPi74L8MaxrWoeBvhv8AtCeIvDXwqu9fe4e4HhcR2l7p0W+5/fPGkV7tiMhLCDyR2AHuPjz4Fft7+J/hr4W8O+Hv23fBOneI7C2uY/GOs3nwOF5Za1I8qtBNb2baqrWTxINozNOrE7ivAA6z9kT9lnwt+yN8KJvh7ovinU/Eeraxr994h8ZeLtbEYvfEGtXsplu76ZYlWNCzYVY0UJHHHHGowgoA4n4BfE7w38Uf2/fi/qHhrTfENtHp3wr8D2NwviLwjqOju8qar4uJaJL+CFp4vmGJow0THIVyVOPoevGfA/8AykL+KH/ZGfAf/p28X17NQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQBzvxb+FXgn43/DbWfhP8RtIW+0XXbF7W+t24O08h1P8LqwDKw5VlBHSvBv2Gfip42+HHivVv2Bv2gtXa48WeB7VZvCOuXHH/CS+HidsFwpP3pYgBHIMkjaOWKu1fTdeEftz/s3+Kvi14W0n4wfBC4Sw+KXw6u21TwXf4x9rwP32ny8jdFOgK4JA3YyQpbPr5bXpVISwWIdoTd039ieyl6P4Z/3WnvE8fM6FalUjj8Or1IKzivtw3cf8S+KH95NbSPd6K85/ZU/aQ8K/tUfBfTfit4bt3s7iQta67o0+RNpWoRYE9rICAQVbkZAJVlbAzXo1ebXoVcNWlSqq0otprs1/X69T0sPXo4qhGtSd4ySafdP+vzW6CiiisjYKKKKACiiigAooooAKr6tpOm69pdzoms2MV1Z3kDw3VtOgZJY2BDKwPUEEirFFTKMZxcZK6ejXdMcZShJSi7Napng3wf1bUv2Zfien7NPjO+ll8MazJJP8OdYuXJ2c5fTZGP8AEpOUz1BA/iVR7zXI/G/4PeH/AI4fD+68E65I9vKWE+l6lDxLYXacxzoRggg9cEZBIzzXNfs1fGHxB4uttQ+FPxVjW28deE3FvrUPQX0X/LO9i6bkkGCcdCegDKK+SyuUuHcwjlFV/uJ3eHk+ltZUG+8FeVK796neGrpa/WZnGPEGAlm1Jfv4WWIiut9I10u03aNW3w1LS0VTT1Oiiivrz5IKKKKACvlb4721z+xD+0fF+1v4dt3X4e+ObiDTPixYwISmn3RbZbauFHTltkhHXcThmkBH1TWX418GeGfiJ4R1LwJ4z0iK/wBK1eyktNQs5h8ssTqVYe3B4I5BwRyK4sdhXiqK5HacXzRfaS/R6qS6pvsjz8ywUsZQXs3y1IPmhLtJd/7rV4yXWLfVI0bW6tr22jvLO4SaGZA8UsThldSMhgRwQRzmn18zfsZeMvE3wI+Iep/sB/F7V5bm68P2xvvhrrd0cHWdBJO2LPQzW+ChUfwqcDbHk/TNXgsUsXQU7Wa0kusZLdfJ7Pqmn1Ly/Gxx+GVS3LJNqUesZLSUX6PZ9U01owooorqO0KKKKACiiigAooooAKKKKACiiigAooooAKKK8B/4KUfteap+xf8Asz3HxL8N6Et/rOq6pHo2ieaxEVtczQzSCeTHJVFhc7RjLbRkAk104PCV8fi4Yairzm0l6v8Ap/ccuNxlDL8HUxNd2hBNv0X9JfM5n9iX/i9P7Unxx/axuP3tm3iGPwV4UlPRbLTlH2h4z3SWdlfPqpr6kr4f/wCCFP7Qtj8Tv2atS+DCeEvsF34AvUNzqCSFl1IX0tzMJWLc+aGSQNyRjZjHQfcFenxJRq4bOatCatycsUv7sYpRfzXvesmeVwxWpYrJKWIg7+05pt/3pSk5L5P3fSKCiiivDPfCsb4ieNNN+HPgPWPHmrkfZ9I02a7kUnG/YhYKPckAD3IrZrxT9sqebxla+EP2d9OlYTeOvEkUeoKjYYabbET3LDHphPrzXjcQ5jUyvJa2IpK9RK0F3qTahTXznOPyTPXyDL6eZ5xRw9V2pt3m+0Ipzm/lCMvm0a/7GngvUvCnwI07WfEIJ1jxRcS6/rEjDBee6bzAT6ER+WCPUGvVKbBBDawJbW8SpHGgWNEGAqgYAA7CnV05Tl1PKcro4Km7qnGMb92lq35yk5SfnJmGa5hUzXM62MmrOpJyt2TeiXlGKjFeUUFFFFegeeFFFFABRRRQAUUUUAfNH/BQZj8VfEvws/Y/syZF8feMkvfEUK850bTgLm4VvTcwj2k8EoRzX0sqqqhVUAAYAA6V+XvwT/4KSz/F3/gpzovxD8QfDkf2ZrUCeDPDdqJW8/TIbi7UpcsD8rSM7fvMAYRiATt+b9Q6+fyPHYXNKuIxNGV/eUfSMV7v33lI+X4czLBZzXxeMoS5vfUNmrRhH3d/5m5y+avqFFFFfQH1AUUUUAFeM/sH/wDJENc/7LN8R/8A1Ndbr2avGf2D/wDkiGuf9lm+I/8A6mut0AezUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFeW/tyfE7xJ8Ev2KfjB8Z/BkjprHhH4W+INa0po1ywubXTbieIgdzvjWgDwT9vv8AZe/bY8PftVeE/wDgo3/wTph8J69470TwTP4L8b/DjxxfPaWfinQHu/tkK290vFtdwXJkdWfCsJSCcApJ574c+Cv/AAVb/wCCif7Q/wAL/F37f3wI8DfA74U/CLxva+NbbwVoHjJNf1nxNr9mr/YGluYAIYbSGRzKV+8zKAQ2Q8eX+2V+1/8AHL9j/wD4N4PCXxe+H3xZ1XxF8WfGfw88KaP4c8XajeG4vb/W9aS2827SR8kyKk1zNF12mOMdFrzm7/4J+ePf+CNHxT/Zv/aF+FH7aPxa8bar49+MmgfD7416J458WvqGl+JV1oSQPfxwOoMUsFyFkjJZ2CdXOH3gH600UUUAFFFFAHjPgf8A5SF/FD/sjPgP/wBO3i+vZq8Z8D/8pC/ih/2RnwH/AOnbxfXs1ABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQB8i/Hazu/2A/2lh+134XtZB8MPiBeQ2Hxc023QlNKvmbZb60qjoCzbJcDksT8zSLt+trO8tNRtItQ0+6jngnjWSCeFwySIwyGUjgggggjrVDxr4M8MfETwjqXgPxro0Oo6RrFlJaajY3C5SaGRSrKfwPUcjqOa+Z/2MvGfif9mT4s3v8AwTu+MmszXUen2z6h8IPEN43Or6ICSbNm6Ge2wRtH8CnACopb3J/8KuB5/wDl9RWvedNaJ+cqeifeFn9lngw/4SMf7P8A5c1np2hUerj5RqatdFO6+2j6rooorwz3gooooAKKKKACiiigAooooAK8k/aV+FHie9udP+PPwdhC+NvCiloYAPl1ey6y2UgH3sjJT0YkDBII9borzs1yzD5vgZYatdXs1JaShJO8ZxfSUZJNP1TunJP0MrzLEZTjY4mlZ2unF6xlFq0oSXWMo3TXo1ZpNcx8H/iv4X+NXw/sfiB4UmPkXabZ7aQ/vLWdeJIZB2ZTx7jBHBBrp68C+Itnd/smfFeT45eHraRvAnim7SLx1p0CEjTbpjtTUUUdFJOJAOpPcldvvNneWmoWkV/YXMc0E8ayQzROGWRGGQwI4IIIINcGRZniMUqmDxtliaNlNLRST+CrBfyVEr215JqcHrFX7s7y3D4ZwxmCu8NWu4X1cWvipSf89Nu19OaDhNaSdpKKKK+gPBCiiigDxb9tf9nnxB8ZfAth46+FF0th8RvAl5/a/gjUhgFplAMlm5PWKdV2FScZ25+UEHpf2W/2hvD/AO038HdP+Jmj2rWV7ua01/R5ciXS9Riws9s4PIKtyMgEqynAzivRK+VPjRDN+wx+0vH+1FosTR/DX4h3kOn/ABQtIl/d6VqLHbb6uFH3VYnZKfViTuZ1x5GK/wCE/E/XF8ErKp5dIz/7d2l/daf2Twsb/wAJeM+vx/hytGqu3SNT/t2/LP8AuNN/AfVdFNhmhuYUuLeVZI5FDI6NkMDyCCOop1eue6FFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFfG/iLwh4f/wCCmP7WGq+H/F1i2pfBf4QyTadLbLcSRw+IfEkkZSYh42ViltG2AVIIcgglZDXpn7fnx98X/DP4faZ8Hfgq3m/Ev4m350PwbAjYa13AfaL9sfdSCNt27naxUkEBq9C/Zq+AfhD9mT4J6D8FvBa77bR7QLcXjriS9uWO6a4f/aeQs3sCAOAK9zCSlleCeMTtVqXjT7pbTmuz+xF93JrY8HGRjm2OWCavSp2lU7Se8Kb7r7c12UE9yT4Efs5fBP8AZl8IP4E+Bnw/tfD+mS3BnnhglklkmkIxukllZ5JDgADcxwOBgV21FFePVq1a9R1KsnKT3bd2/Vs9qjRo4ekqdKKjFaJJJJeiWgUUUVmaBXiXw9/4ur+2J4t+IL/vNN8C6XF4d0puqm7kPm3Tj0Zf9WfYivUfiX440/4a/D7WvH+qYMGkabNdMhON5RSVQe7HCj3NcV+xz4I1Dwb8BdKvdfy2r+IpJNc1mVhhpLi6bzMsPUIY1PutfLZt/wAKHEGCwC+GnzYif/bnuUk/WpOUv+4fkfT5X/sGQ4zHP4qlqEP+3/fqtelOEY/9v+Z6jRRRX1J8wFFFFABRRRQAUUUUAFcl8ePirpnwP+DHif4uavtMPh/RZ7xY3OBNIqHy4vq77UHuwrra+aP+Cgzv8V/EPww/Y5sXLj4geLkvPEkSnP8AxJdPxc3Ct/d3MI9pPBKEc1xZjiJ4bBTnD4to/wCKT5Y/i19zPOzbFTweX1KlP47Wj/ik1GP/AJNJP0TKP7AH7Cvwh+HPw48IfHzxt8PYLr4mappp1TU9cvJpWeGW7Zptqwl/KidEkWMsqBuDzya+paRESNBHGgVVGFUDAA9KWqwWCw+Aw0aNGKSVr2Vruyu33b3bLy7LsLleEjh6EUkkr2SV3ZJyfdvdt66hRRRXWdwUUUUAFeM/sH/8kQ1z/ss3xH/9TXW69mrxn9g//kiGuf8AZZviP/6mut0AezUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFUvEvhvQfGXhzUPCHirSYL/S9VspbPUrG5TdHc28qFJI3B6qysQR3Bq7RQB+eHwo/4N5Phj4A+LfgHUvGv7aXxf8AHPwo+E3iaPxB8L/gn4r1lLjSNEvoSxtdz433EVuWIiQgFV+Usys6v9UftS/sc6X+1T8UPg5418WfEG+sdG+EfxAHjFPDVtZo0es6nDbSw2Tyyk7o1gaaWQBQdzEZxtBrw39qH/g4M/4Jm/sr/GDUvgBrnxP13xj4y0SZote0L4c+FbnWH0yRTh45pYlEIdTlXQOXRgVYKeK9I/YQ/wCCtH7CX/BR641TQf2X/jGL3xFoUXm634P1zTJ9N1ayj3BTI1vcKpkjDMqtJGXRWZVZgSBQB9I0UV4X8d/+ClX7E37M/wAc/Dv7Nfxp+NqaT438VXum2mi6FB4f1G9aSW/ufstmJZLW3kjt1lmyivMyLkckDmgD3SivLf2k/wBtH9mv9kh9Ds/jv8Q5NO1DxNLPH4d0LSdBvtX1PUzCoaZoLHT4J7mVI1ZS7rGVTeu4jcM7v7P/AO0Z8E/2pvhvB8W/gD8QrPxJoE91Nam8tUkje3uYXKTW88MqrLbzIww0UqK6nqozQBx3gf8A5SF/FD/sjPgP/wBO3i+vZq8Z8D/8pC/ih/2RnwH/AOnbxfXs1ABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAV41+2x+zHd/tHfDK3uvAuqjR/H/hG9GsfD/xAhCtZ6hHgiNm/wCeUu0I4OR91iG2AV7LRW+FxNbB4iNak7Si7/8AAa6pq6a6ptHPisLRxuGlQqq8ZKz/AEafRp2ae6aTPJv2Nf2nLT9qD4Rr4j1XSTo/ivRLt9J8ceHJQVl0vVIflljKnkIxG5DzwcE7lYD1mvk79rHw7rn7HPxzt/8AgoD8MNKnn8O6gsOmfGvQLGMsbixyFh1ZEHWaAkBj1KY+6DI1fUnhzxFoXi7w/Y+KvDGqwX+m6laR3Vhe20gaOeGRQyOpHUFSCD7125lhqK5cVh1+6qXsv5ZL4oP0vePeDT6M4csxVaTlhMS71adrv+eL+Ga9bWkuk1JbNF2iiivLPWCiiigAooooAKKKKACiiigCrrei6T4k0e68P69p8V3ZXtu8F3bTLlJY2BDKR6EGvEvgtrerfs4fEpf2XvHeoSzaDqJef4b61dNnfFnL6fIx/wCWkefl9QQOMote71xvx1+DeifHDwDP4Q1O4e0u45FudG1WHiXT7xOY5kI5GDwQCMgkZHUfO57luKqunmGAS+s0b8qvZVIPWdKT7TteLfwVFGW3Pf6DJMxw1JTwGOf+zVrcz3dOa0hViu8b2kl8dNyjvy27KivMP2a/jJrnjrTr/wCHHxOt0svHPhSQWviC06C5X/lneR9N0cgwcjgE9ACufT69PLMywubYGGKw7fLLo1ZxadpRkukoyTjJPZrtZvzcyy7E5VjZ4Wuvej1WqkmrxlF9Yyi1KLW6fqkUUUV3nCFZHj3wL4W+JvgvVPh7430iO/0nWbKS01C0lHEkbjB56gjqCOQQCORWvRUyjGcXGSumTOEakHGSuno13T3Pmn9izx14q+DfjbVf2CPjLq0lzqvhS2+1+ANbuuDrnh8kiLB7ywY8tlHZcDIjLH6WrxL9tr9n3xN8VvB2m/E/4OzLZ/En4f3Z1XwZfAYM7AfvrF+m6OdBsKkgbtuTtLZ639mP9oLwx+018HdM+KnhyFrWWcNb6xpUp/e6bfR/LPbSA4IKt0yASpVsDdXl4GUsJVeBqPZXg31h29YbPvHlfc8bLZzwNd5dVd+VXpt/ah/LfrKnpF9XHkl3PQKKKK9Y9sKKKKACiiigAooooAKKKKACqmv69o3hbQr3xN4i1KGy0/TrSS5vry4fbHBDGpZ3YnooUEk+gq3Xyp+29r2s/tMfF3w//wAE7vh1qc0Nvq8aa18WdUtHIbT9CjcFbXcPuy3LhVA6hdpIKua7cvwf13EqDfLFXcpfyxWsn92iXVtLqcOY436jhXUiuabajGP80npFffq30ipPoH7EWg6z+0z8XvEH/BRD4iabNDbatHJonwl0u7TDafoUbkNd7T92W5cM2eoXcASjivquqmgaDo3hXQrLwx4c0yGy0/TrSO1sbO3TbHBDGoVEUdgFAAHoKt0ZhjPruJc0uWKtGMf5YrSK+7VvrJt9Qy7BfUcKqcnzTbcpS/mk9ZP79EukVFdAoooriO4KKKKAPE/2xZZPHD+DP2c7F2L+NvEcZ1RUPI021xPcHjp0THrg17VFFHBEsMMaoiKFRVGAAOgFeKfDP/i6n7XvjP4lSfvNO8FWEXhnR26qblj5t2w9GVv3ZPowr22vluHf9uxmNzR7VKns4f8AXuhemreUqntZeejPp+IP9iwmDyxb04e0n/18rWm7+cafso+WoUUUV9SfMBRRRQAUUUUAFFFFABXzP+z/AP8AF9P28vij8fJT52k+A7SHwJ4ZkPK+eh8/UGHYMspVMjkq+K9l/aJ+Len/AAH+Bnir4v6iUK6Bos91BHIeJZwuIY/+BylE/wCBVxv7Afwk1D4O/sp+FtG8Qh21zV7Ztb8QzTD95Je3jGd9/qyh1jP/AFzry8T/ALRmNGh0heo/l7sP/JnJ/I8XGf7Vm1DD9IXqy+XuU1/4E5S/7dPZaKKK9Q9oKKKKACiiigArxn9g/wD5Ihrn/ZZviP8A+prrdezV4z+wf/yRDXP+yzfEf/1NdboA9mooooAKKKKACiiigAooooAKKKKACiiigAooooAK8r/bo+K+v/Af9iT4x/HHwpceVqngz4V+Idd02UDOy4tNNuLiNvwaMGvVK4P9qX4ffC/4tfsx/Eb4VfG/xX/YPgvxN4D1fSfF+uf2jFZ/2dpdzZSw3Vz58wMcHlwvI/mSAom3cwIBoA8i/wCCQH7Lfwr/AGU/+CePwr8KfDjwxa2t9rngjS9c8XawsI+1a3q93ax3F1d3Mv35naWV9pcsVQKgO1QK8s/4Kx/DLwV8L/2mP2Vf25/BGg2umfEGx/aK8PeBtT16zhWOfVNA13ztPubK4ZQDOitJFJHv3eWVfbjeTXzRpX/BO/8A4I0aFpdtomif8HE3xZs7Kzt0gs7O1/bK0aOKCJFCpGiKgCqqgAADAAAFdH8I/wDgnb/wR5vPjv8ADnxFYf8ABcL4g/EnXfDPxD0XXfCPg7xL+1No+tW2o6zaXsU1lF9j8stOzTKqBI8SNvKqQWoA/WCvj3/gtP8A8kB+FP8A2dF8NP8A1JbOvsKvBf2sf+CZ37HX7b/i3TfG37S3gfxLrd7pFvaxadHpvxN8QaRawm2uJLiCYW2nX8EBnSWRnWcoZRhBvwiBQDwv9tS2+LnjL/grV8J/Cn7HPiPQPDPxZ0T4K+IdS13xJ49sZNQ0OXwtPqVhC1mLCF4p7i7N7FBIskVzbiKON95lEioN/wD4IvSX+leEPjx4B+IKxXHxK0T9ojXD8V9c025V9L1nW7i0sbgXVggjQ21v9kktI/sz7pInicPJKxMj+qeM/wDgmR+xZ8QvAfg74f8AjD4YatexeAI7mPwfrrePdbTXtMjuGLTomsJeDUGSQn5la4ZSFUEYRQPQ/wBnr9mz4G/sp/DpPhR+z78ObLw1oQvZr2a1tXkkkuruZt0tzcTSs8txO5A3Syu7tgZY4FAHmHwC1L4r6n+378X5Piz4L8PaJcx/CvwOmmReHfE8+qJcWY1XxdsmleaytDDKTuBiVZFUAESNkgfQ9eM+B/8AlIX8UP8AsjPgP/07eL69moAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigCtrGj6V4h0i60DXdOhvLG+tnt7y0uYw8c8TqVdGU8MpUkEHqDXyn+zHrGq/sQftBSfsKePtQmk8E+JHn1P4K63eSFhGm7fcaM7nq8bNujzyQ3XLoo+ta8t/a/8A2ZtG/an+Dlz4Ek1JtL12xuE1Lwh4hhJWbSNUh+aC4Rl5Az8rY5KscYOCPUy3E0Yc2GxD/dVLJv8AlkvhmvOLeq6xcl2PKzPC1p8uKwy/fU7tLbmi/ig/KSWj6TUX3PUqK8T/AGH/ANpnWfj58Pr7wr8UdNXSviT4Gvf7H8f6IwCmO7TIW6QDgwzqpdSPlzuAJCgn2yuPFYWtg8RKjVXvR+59mn1TVmn1TTOzCYqjjcNGvSfuyXzXRpro00010aaCiiiuc6QooooAKKKKACiiigAooooA8h/aU+F3ilNRsP2hvg3bD/hMvC8Z8yzXga1p+cy2bgfeOMlO4PTkqR3fwm+KPhb4y+ArD4heELkvaX0WWif/AFlvKOHicdmVsg/mMgg10deA+Oba4/ZF+LUnxe0WB/8AhX3i69RPGVjEpK6RfOdqX6KOiOTh8dz3JQD4/ME+GsxlmcP92qte3XSEtIxrpdto1v7vLV3hNn12Aa4jy+OWz/3mkn7B/wA8dXKg/PeVH+9zU9pxR79RTLa5t7y3ju7SdJYpUDxSxsGV1IyCCOCCO9Pr69NNXR8k007MKKKKYgr5U+K0cn7CX7TqftEaWjRfC/4mX8Vl8RbZB+60XVmOINUwOFSQkrKeBkljuZkA+q6xfiN8PvCXxX8Cat8N/HekpfaRrVi9rf2z/wASMMZB/hYHDKw5VgCORXFjsLLE0k6btUi+aL7Nd/KSvGS7PukedmWCnjKCdJ8tWD5oPtJdH/dkrxkuqfdI2Y5I5Y1licMrAFWU5BB7ilr5s/Ym+IXi34XeK9X/AGEPjXqr3HiDwZbC48Gazc8HXvD5O2CQeskPEbgdAAOdjNX0nV4PFRxlBVErPZp7xktGn6P71ZrRmmAxsMfhlVSs9VKL3jJaSi/NP71ZrRoKKKK6jtCiiigAooooAKKKKAOF/aU+PnhD9mT4Ka98afGrbrXR7Qtb2aNiS9uWO2G3T/aeQqvsCSeAa89/YD+Afi/4a/D/AFT4yfGpPN+JfxOvxrnjKZ0w1puH+j2C5+6kEZ27f4WZgCQFrhdS/wCM8f23U0Nf9J+FnwJ1MS33eDXPFePlj9HS0UnPo+QQVkFfW1e1if8AhOwCwq/iVLSn5R3hD/2+S7uCex4WF/4U8weLf8OleNPzltOf4ezi+ym1uFFFFeKe6FFFFABWB8U/Hdh8MPhxrfxB1LaYtI0yW52MceY6qdifVm2qPc1v18Z/8FRfjv4r0bU9P+A2jGGLTL7TYdS1Z9oZ7gidxHCc/dUNCHP97I7DB+T444lo8JcMYjMZ35kuWFlf95O6h8k9X5R8z6rgvhyrxVxJQy+FuVvmnd29yNnP5taLzfke/fsfeA7/AMCfATRzru5tW1zfrOsyuMO9xdHzTu/2gpRT/u16dXDfs1fETxB8V/gX4c+IHinR0sb/AFGyZri3jjKIdkjxh1U9FdVDgejiu5r0uHIYOnw/hI4Rt0vZQ5W1ZtOKd2nqm7uTv1k/V+bxDPF1M+xcsUkqntJ8yTuk1Jqya0aVklbol6Iooor2jxwooooAKKKKACiiigD5n/b5J+L3j74VfsdWhMkPjLxWNW8UxLyP7H04CeVH9BI+0KT/ABR4r6YAAGAMAdAK+Z/2bP8Ai+X7b3xY/aMm/faX4RWHwF4WlPK7oCJr9h2z55UBh1ViK+mK8vLf3062Kf25WX+GF4r73zs8XKf9oqV8a/8Al5K0f8FO8F98ueXzCiiivUPaCiiigAooooAK8Z/YP/5Ihrn/AGWb4j/+prrdezV4z+wf/wAkQ1z/ALLN8R//AFNdboA9mooooAKKKKACiiigAooooAKKKKACiiigAooooAK83/bJ8cfDT4ZfshfFX4k/GfwKPFHg7w98N9c1PxZ4ZMMcg1fTINPnlurPZIQj+bCjx7WIU78HjNekV5F/wUD+Ffjn46/sF/G74I/DDSF1DxL4y+EXiXQ/D1g9zHCLm+u9LubeCIySMqRhpJEXc7BRnJIAJoA+Wfif+xr/AMEMfgv+xzpn7bnxJ/4Js/Da08J6lp3h+6+zWnw8sp7uH+17mztbVCgABIlvYQ5DYADEZxz7x4I/4JFf8Ev/AIa+NNI+I3w//YJ+Feja9oGqW+paJq+neDrWK4sbuCRZYZ4nVMo6SKrKw5BUGvz3/aM0X/gv9+0L/wAE/NP/AGCrz/gkD4a0u00+w8LWw8SxfHvRZZHGi3+n3it5BkUDzTYBCN/yiUn5tuD9UfCL9sf/AILpeKPix4X8NfF3/gjb4X8L+E9R8RWVr4n8TW/x90q8k0jTpJ0S5u1t0+adooi8gjX5nKbRyaAPuuiiigAooooA8Z8D/wDKQv4of9kZ8B/+nbxfXs1eM+B/+UhfxQ/7Iz4D/wDTt4vr2agAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD5a/bZ8AeLvgJ8RtO/wCCh3wO0WW71Dw7aCy+J3h60GDr/h/ILyY6Ge3ADqx/hQZO2Pafoz4efEDwj8VfA2lfEjwFrMWoaNrdjHd6deQniSJxkZHVSOhU8ggg4INa80MNxC9vcRLJHIpV0dchgeCCD1FfIvwmmm/4J6ftPj9m/WpWj+EfxP1KW7+Gt5I37rQNYc7ptJJP3Y5Sd0Q9SANzGRh7lP8A4VcD7J/xqS93vOmtXHzlDWUe8OaP2UeDU/4SMf7VfwazXN2hUeil5RnpGXafLL7TPryiiivDPeCiiigAooooAKKKKACiiigAqn4g8P6N4r0O78NeItOivLC/t3gu7WZcrLGwwyn8DVyipnCFSDhNXTVmnqmno011TTsyoTnTmpwdmndNaNNapp90zwr4G+INZ/Z9+Ig/ZW+IWoyz6Xcq8/w41u5b/j4tgctYu3TzYs/L6r6AoK91rivj18F9J+OHgOTwzc3bWOpWsq3eg6vDkS6feJzHKpHOM8EDqCehwRkfs2/GfV/iLo994H+Itoth438LTC08S6fwBIcfJdR+scg+YEcAnjgqT8llM55Bj1k1d3pSu8PJ9lrKg2/tU1rTu7ypaaypO/1WaQhnuBeb0VarGyxEV3eirJL7NR6VLaRq66RqK3plFFFfXnyYUUUUAeG/tu/ALxZ8R/DGlfGT4KsLb4l/Du6bU/Cdwo/4/VA/f6fJ03RzICu0kfNgZAZs9v8As1/H3wn+0v8AB7Sfiz4TVoReRmPUdOlP73T7xPlmtpBwQyNnqBlSrYwwru6+A/2qf2mNJ/4Jjfti6hrfgDw//bmkfEvQ11nxN4L+2G0S0vxM8S38MvluoMuyXem35mUkkfJjw8wr0snr/XZu1OVoz9dozS6v7MratWf2T5vNMTQyDEf2jUdqM2o1PJ7Qml1enJJLVx5Xryn35RXG/s/fG7wn+0d8HNC+NXgiK4j03XbVpIobpQJIXSR4pY2xwSskbrkcHbkcGuyr2aVSnWpxqQd4tJp909UfQUa1LEUY1abvGSTTXVNXT+4KKKKs0CiiigArwv8Ab1/aG8T/AAZ+F9l4D+EUX2r4kfEPUBoPgSyQ/MlxJgSXjddscCNvLEFQxTdwSa9t1XVNN0PS7nW9Zv4rWzs7d57u6nkCRwxIpZnZjwFABJJ6AV8sfsa6VqX7WPx313/goT43sJU0ZUm0D4OaddIVNtpUbss+obT92S4fcAeGC715Uqa9bK6NKLljK6vTpWdn9qb+CHo2ry/uxfc8jNa9WShgqDtUq3V19mC+Ofqk+WP9+S7M9s/Za/Z68MfsufA7Q/g54Zl+0HT4DJqmpOP3moXsh3T3Lk8ku5JGScKFXOFFehUUV51etVxNaVWo7yk22+7Z6VChSw1CNGkrRikkuyWiCiiisjUKKKKAML4mfEPw58KPAeqfEPxZc+XY6XatNLgjdIeixrnqzMQoHqwry39n34EWXjDQ7/4yftB+CtM1bxL4zukv5LLV7CO4TS7UDFtbIsqnYVQgngHJAPK5qp4p/wCMpP2ho/AEP73wP8OrtLnxAw5j1PV+fKtfRki5LD1ypHKmveq+Nw9KlxNm8sVWipYbDuUKaaTjOp8NWpZppqGtKndNX9rJdGfX16tXhvKY4WlJxxNdRnUabUoU/ip07pppz0qzs07eyi+qGwww20KW9vCsccahY40UBVUDAAA6CnUUV9kkkrI+Qbbd2FFFFABRRRQAUUUUAFfPP/BTf9pj4lfsq/syv8QPhRaw/wBsX+uW+lxX88AlXT1kjlc3GxgVYgxBAGBXMgJBxg/Q1fLHxSsbL9s39tfT/gfeWcWofD/4QRx6x4yt5oxJb6lrcyEWlm6nKuscZZ2ByDmRGHSvLzipWWCdKjLlqVPdi1um+vpFJtvt52PFz6rXWXSoYeTjVqtQg1upPd+kYqUm+iWmrRw//BDj4u+LfHfwQ8U+BNf8Polr4d1xZ7XXFRg2oS3hmlmWRjw8iFFJbrtlQEcAn7frL8H+CPBfw80OPwx4A8IaXoemxMzRado+nx20CEnJIjjUKCT14rUrTKsHVy/LqeGqT53FWvt1f5ba69zXJMBWyvKqWEq1OeUFbmta+r/K9tde+oUUUV6B6oUUUUAFFFFABXjP7B//ACRDXP8Ass3xH/8AU11uvZq8Z/YP/wCSIa5/2Wb4j/8Aqa63QB7NRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRXy1+3D+3z8e/2PPip4I0jTf2LH8T/D3xV428N+GdQ+I8/xEtLBbC81fUksVWKwEM1xcNEZEkbcIkYNgSZBIAPqWivJf2hviF+2l4O8QWFn+zF+y94F8eaZNZl9SvvFfxbuPDsttPvIEaRRaPfCVduDvLocnG3jJ5n/AIJpftoeNf2+f2aD+0X4v+Clh4IguvFWraXodtpXi5tattVs7G5a0/tCG4eztG8qWaKcIDECURXz8+1QDa8D/wDKQv4of9kZ8B/+nbxfXqviG+vbZbSx02RY5r67ECTMm4RgI8jNjudqHHuRXlXgf/lIX8UP+yM+A/8A07eL69S8Qf8AIW0P/sKv/wCklxQAg8P6vjnxzqmfaG0/+MUv/CP6t/0POq/9+bT/AOMVqUUAZf8Awj+rf9Dzqv8A35tP/jFH/CP6t/0POq/9+bT/AOMVqUUAZf8Awj+rf9Dzqv8A35tP/jFH/CP6t/0POq/9+bT/AOMVqUUAZf8Awj+rf9Dzqv8A35tP/jFH/CP6t/0POq/9+bT/AOMVqVz3xa+Kfgf4G/C7xF8Z/ibqs1h4c8KaLc6tr1/b6fPdvbWdvE0s0oht0eWTaisxVEZsA4BoAu/8I/q3/Q86r/35tP8A4xR/wj+rf9Dzqv8A35tP/jFcve/tO/AbTv2aH/bEvPiRZp8NU8Gf8JYfFYilMJ0c2v2oXQQJ5hBhwwQJvOQoXccV8of8FLP26/8AgoD8HP2Xrv8Abg/YE8H/AAa1j4S6X8LIfGV3rnxRGuRarfCQPKsFtpsKQMgNubd83EsTBpGVkBTBAPtf/hH9W/6HnVf+/Np/8Yo/4R/Vv+h51X/vzaf/ABisr4G+N9W+JvwT8HfEjXre3hvvEPhbT9SvYrRGWJJZ7aOV1QMzEKGcgAknGMk9ap/tE6n+0DpHwb1m/wD2WfCvhfWvHqrAvh/TvGmqT2elyM08aytcTQRySKqQmVwEUlmRV43ZAB0P/CP6t/0POq/9+bT/AOMUh0DWQMx+ONSLDoJILUr+IEIP6ivlH/glh+2X+2H+0n8R/j58FP20dA+Gln4m+Dfjqy0GOb4X22oJY3Cz2K3TEvfSvJKRvChtkWcH5K+w6AKPhzUbnVNJS5vFUTJLLDNsGFLxyNGxA7AlSfxq9WX4P/5BM3/YVvv/AErlrUoAKKKKACuA/ab/AGePBf7UfwZ1b4PeNg0Ud9GJNO1KFf32nXicw3UR4IdG54I3KWU8Ma7+itaNarh60atN2lFpp9mjKvQpYmjKlVV4yTTT6pngH7Cn7Q/jPx9o2s/s9/H7bbfFP4bTrp/ieNj/AMhW3x/o+pxZxvSZNpJH8RyQodRXv9fnh/wXP0P4pfDW98C/tM/Aka3oOpQWt/o3ijxf4ZvZrW4itnMD2sEskLAiMt9oIJ4BwM8rWn/wTz/4KWzeDvgro/g79vfWfE+ialfXjnwp428U6FcJZavYFU8vdeFSHlVxMDI+FKBCXJzX1WL4eq4/LY5tgkmpvWnH4oyV+blV9Y3XMklzRjLZpJnyOE4jpZfmksnxzadNaVZaRlF25eZtaSs+Vyb5ZSjum2j78oqh4a8U+GfGmiQeJfB3iKx1bTbpN9rqGm3aTwTL6q6Eqw+hq/XyLjKLs1Zn2UZRkk07phRRRSGFFFFABRRRQAUUUUAFePftJfDTxVpmsWP7SXwas9/izw1CVv8ATo+Brmm5zLauB95gMsh5ORgAnbj2GivNzfK6GcYGWHqNxejjJfFCcXeM4vpKL1XRq8XeMmn6OVZnXynGxxFNKS1Uov4ZwkrShJdYyWj6p2krOKa5/wCFvxL8LfF/wJp/xC8HXnm2OoQ7lVsb4XHDxOOzq2QR7cZGDXQV4B4shl/Y++Lb/EnTImX4ceMr9U8T2sYymiai5wt6oH3YpDgPjof+ALXvsM0NxClxbyrJG6hkdGyGB5BBHUVxZFmlfGQnhcYlHE0Wo1Etnf4akP7lRLmW/LLng9Ya9md5ZQwk4YnCNyw1a7pt7q3xU5f36bdn/MuWa0lo6iiivfPCCvEf2tP+Cf8A8Af2yr/S9b+KUer2Wp6REYLfVNBvI4Z5ICxbyH8yORWQMWYfLkFmwRk59uorDE4XDYyi6VeClF9Hsc2MwWEzDDuhiYKcHumrrTY+Urj9lT42fsVSnxl+wvqs+u+GEAfXPhH4j1FnjucAb5rC4fJgnbGSp+ViT97Cx16/+zh+1p8KP2mNMuYvCV1c6Z4g0tvL8QeENbh+z6lpcoOGWWFuSoPG9cr2JByo9Orx39o/9jPwF8eNTtviLoGsXng34g6UM6J478Pny7uEgYEcwBAuYuxR/wCEkAqCc+f9Tr5f72C1h1pt6f8Abjfwv+6/cf8Ad3PK+oYnK/ey7WHWk3Zf9w278j/uu8H/AHHqexUV8z+A/wBsf4g/A7xZZ/BT9vjQ7XQb+6l8jQPiTpykaFrpHTzHwBaTkclWwvU/INufpaKWKeJZoZFdHUMjqchgehB7iu3C4yhi4vk0a3i9JRfZrp5PVPdNo9HBZhhsfFum2pR0lFq0ovtKL1Xk9U902h1FFeJfte/tdL8BINM+GXww8N/8JZ8UvFxMHg3whbtksxyDd3JBHlW0eCzMSN21gCAHdPSwuFr4yuqNJXk/kkurb2SS1beiRpi8XQwVB1qztFfNtvRJJatt6JLVv8PFv2x/2pvh3+1b8TNB/wCCc/wM+LFp9p8Va89p8R9ZtZSi2OnW6+bPZQysAs0820x4jLgbWRvvHH2N4U8LeH/A/hjTvBnhPSorHS9JsorPTrKBcJBBGgREUegUAfhX5vfsrf8ABDj4yfCb9pHwp8Xfib8XvDs+j+GtUtNYMOjPcNeXF5CySiEiSJUWPzVwX3kso+6pbj9Ma9/iJZVhoUMJl1b2lOKbk7bzb1b0V9Eklb3Vpd3bPnuGnm+JnXxmZ0PZVJNRir7QS0S1dlzNtu/vN3srJBRRRXzB9UFFFFABXmv7T3xd1f4aeCYNB8Cwi58X+KboaZ4WsxjPnvw059EiU7iTwDtB4NeiajqNhpGnz6tql3Hb21rC01xPK21I41BLMxPQAAkn2rxH9njTr/46fEvUf2sfFVpIlgVk0z4e2NwuDBYqxWS72no8zZ56hdw5BWvmuIcZiZKnleDly18Rdcy3p01b2lX1SfLDvUnH+Vn0eQYTDxdTM8ZHmo0LPle1So7+zp+ja5p9qcJfzI9F+BXwi0n4I/DSw8B6bMbiaIGbU79877y7fmWZieSS3TOSFCjtXX0UV7mDweGy/CU8Nh48sIJRil0SVl/wXu223q2eJjMXiMfip4nES5pzblJvq27v/htkkktEgooorpOcKKKKACiiigAooooA89/am+POk/s1/ArX/i3qMIuLiwtfL0iw5Jvb6Q7LeAAcndIVzjkKGPasH9iD4C6t8BvgZa2njeZrnxh4lu5de8bX8uDJPqdyd8isR12DbHxwShI+9Xn3jD/jLr9uzT/h7H+/8DfBBo9W17vFfeI5VP2WA9m8hMucdG3qw5FfUNeThv8AbMfPEP4YXhD1+3L77QXlGR4mE/4UMzni38FO9OHm/wDl5L70oJ9oy7hRRRXrHthRRRQAUUUUAFFFFABXjP7B/wDyRDXP+yzfEf8A9TXW69mrxn9g/wD5Ihrn/ZZviP8A+prrdAHs1FFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFfnp/wAF7v2xf2Wvg/4O+FvwZ+KHx58NaF4ri+OXw98VyaBqWpLHdLolv4khafUCh58hBbXBZ+g8l/Sv0LooA+P/APgox+25oF//AME0dQ+Jn7GvxD0zxPrfxkntvAnwd1jRLwSQ32s6vcnTopoZF4JgzcXBPQC0b0r6I/Zo+Angv9lr9nrwT+zh8O4NmieB/C9lounEoFaVLeFY/NfHV3Kl2PUsxJ613FFAHzx8AvBfiTwT+378X7XxL8XPEPi+S8+Ffge5t7nxFbadE9jE2q+LgLWIWFpbKYlwSDIry5Y7pGGAPc/EH/IW0P8A7Cr/APpJcV5b4H/5SF/FD/sjPgP/ANO3i+vUvEH/ACFtD/7Cr/8ApJcUAcN+0b+zP/w0V/Y3/GQPxO8C/wBj/aP+Sc+K/wCy/t3m+V/x8fu383Z5XydNvmSdd3HmP/Ds/wD6yBftN/8Ah1v/ALmr6bor0aGbZjhqSp0qlorpywf5wb/E83EZPluKrOrVp3k93zTXlsqkV+CPmT/h2f8A9ZAv2m//AA63/wBzUf8ADs//AKyBftN/+HW/+5q+m6K2/t3Nv+fv/ktP/wCVGH+r+T/8+v8Ayap/8tPmT/h2f/1kC/ab/wDDrf8A3NXT/Bz9hv8A4U98SNO+I3/DYPx08U/2d53/ABIfGXxB+3abdeZC8X76DyV37d+9eRh0Vu2K90oqKmdZnVpuE6l01Z+7DZ+lNP7mvU0p5HlVGopwp2ad171TdetRr70/QKra1o2k+I9Hu/D2vadDeWN/bSW97aXEYaOeJ1KujKeCpUkEdwas0V5Z6p+GGn634s1b4aaZ/wAGwt/qd9Jr1l+0g/h7Up3kb7RJ8I7cr4jS8aX+F3tmis1GcEDZk5wfvr/gvL8TPg78P/8Agk/8cPhZrPxB8NaJq2pfCq+i8P8Ahy61a3trm6QKEVbe3Zg0gGNoCKemO1fVEfwD+BUPxhk/aHi+C3hJfiBLpn9my+OV8OWo1h7Pj/Rje+X55i4H7vft4HHFYXxu/Yy/Y+/aZ1qz8SftIfso/DX4g6jp1qbbT7/xv4F0/Vp7WAsXMUb3ULsibiW2qQMknFAGF+w58Zvg/wCPf2TfBE/gT4q+G9bTQPAGjJrraPrlvdf2cwsI8rP5bt5R+R+Gwflb0Ndt4W/aF+A/jf4P2/7QnhL4zeF9Q8B3Vu1xb+MrbXYG0uSJZDE0gud/lbRIpTO7G4EdaofBn9k79lj9nHStW0L9nn9mn4f+A7HXtn9u2fgzwbY6XFqOxWVPPS2iQTbVdwN4OA7AdTVqL9mn9nKD4KH9mqH4AeCU+HJtTbHwAvhWzGieSZTKYvsPl+RsMhLldmNx3YzzQB8J/wDBJv8AaH+AFz/wUL/bUs7f45eDpJvFXxs0c+GIk8TWhbWB/Y8CZtQJM3Hz/L+73fNx1r9Iq8T8E/8ABNT/AIJzfDXxdpvxA+HP7AXwT0DXtGvI7vSNb0T4VaRaXdjcIdyTQzRW6vE6kAhlIIIyDXtlAGX4P/5BM3/YVvv/AErlrUrL8H/8gmb/ALCt9/6Vy1qUAFFFFABRRRQAVR8R+GfDfjHRbjw34u8P2WqaddJsurDUbRJ4Zl9GRwVYexFXqKabi7p2YnGMlZq6PmXxN/wTM8C+FdbuPHX7H3xW8SfBvX5n8yWPw3cm40i6ft5+nzExuOmFUqo/u1R/4aJ/b2/ZoP2f9pj9nSD4keHYPv8Ajb4TZe7RB/HPpsuHLY5YxlUXHevqiivWWcVqq5cZBVl/e+NelRWl9/MvI8eWS0KTc8FN0X/d+B+tN3h9yg/M8t+Af7aP7M/7S6fZ/hJ8VtPvNSUH7RoN4xtdRgZfvBraYLJ8pyCwBXI6mvUq8o+Pn7Ef7Mf7Sj/2j8UPhbZSawhDW/iPTM2epQuv3WFzCVdtp5AcsvtXlv8Awof/AIKC/szfvv2ePj/a/FTw5B93wd8VDt1FEH8MOpR4Lv0A83ai46Gn9VyvF/7vV9nL+Wpt8qkVb/wKMfUn63m2D/3mj7SP81Lf505O/wD4BKXofVNFfNHhP/gpr8M9E16DwF+1l8OfEfwa8RzNsjj8XWpfTLl+/kahGPKkQf32CLx1r6M0LX9C8UaRBr/hnWrTUbC6jD2t7YXKzQzKf4ldCVYe4NceLy/GYJr20Gk9nvF+kleL+TO7CZjgsen7Com1utpL1i7SXzXzLdFFFcZ2hRRRQAUUUUAUfE3hrQvGXh698K+JtNjvNP1C2aC7tpRlZEYYI9vqOQeRXjXwG8S658CvH5/ZR+JOpST2pief4d63cn/j+shybNm/56xDgDuo6AbM+51w/wAf/gtp/wAbvAraGt82n6xYTreeHdZiyJLC9TlJARztJ4YdwfUAj5zPcuxUpwzLAL/aaKdleyq03rOlJ/3rc1Nv4Kii9pTPockzDDRhPLsc/wDZ61rvd05rSNWK8r8s0vjpuS3jA7iivNv2b/jTqHxP0C88L+O7Ead408MTiy8UaYcDEo+7cIO8UgG4EcdQMjBPpNerluY4XNsDDF4d3hJddGmtHGS3UotOMovVSTXr5eY5ficrxs8LiFaUX01TT1UovZxkmpRa0aafoUUUV3HEFFFFAGP488AeCfih4UvPA3xD8L2Ws6Rfx7LvT7+ASRyDscHoQeQwwQQCCCM180y/Dj9pH9gKRtV+BcepfEv4SxMXuvAV3OZdY8PxdS2nytzcRL/zxbngAclpK+rq8b/a7/a40v8AZv0bTvCvhLw7J4p+IviuU2vgnwVZHM19OePOlx/q7dOrucDAIBHJXF5RLNcTGNC6q/ZkrJpbu99HBbyUvdtd6bnjZvh8EqX1upN05wWk4/Er7Rt9tN2XI07t6Weq4j4kf8FN/hDc/DPSLn9mc/8ACd+PvF87WPhPwRbgpdR3YHztexkhraKLO52bAYD5W25deo/ZB/ZFu/gtPqfxm+M/iNfFfxZ8XASeKvFEi5W3U4K2NoCB5VtHhQAAN+0EgAIq+S+C/wDgmd8V9AsG/aHtf2gbnSvj7qN9Nqmq69aQqdHkeYKW01rYLhrYbQu/G4nL7ThVHpnwU/bZuJPG8P7P37Wfg5fh98RG+WyWaXOleIBnAlsbgnadxx+6Y7gSFBZgQN55xLLaby6pZOTs60b8lXXSKbScF/cl8cveUpLlivHwVfEyxtOtnMeSWnsv+fabVrvV8tZ9pO0U+WnJvmb+gaKKKR9iFFFFABRRXKfGz4s6H8E/htqXxC1xfNFpHts7NT893ctxFCvfLNjpnAyegrnxeLw+Aws8TiJKMIJyk3skldv+t9EtWjowmFxGOxUMPQi5Tm1GKW7bdkv6829Ezzn9pHVtT+M3j7TP2SvB17JFFfRrqHjy/t2wbPTFYEQZHR5mwMehGQVY17TpGkaZoGk22haLZR21nZW6QWtvEuFijRQqqB2AAArzj9l34T654C8JXfjT4hsJvGXi+6/tLxLcMOY3Yfu7YeiRKdoHQEtjjFen14PD2ExFR1M1xkXGtiLWi96dJX9nT8nZ89TvUm19hHuZ/isPTVPK8JJSo0L3ktqlV29pU81dclP/AKdwT+2wooor6Y+bCiiigAooooAKKKKACvOP2sfj5Yfs1fAfXfipLbi5v7eAW2g6ftLNe6hKdlvCFHLZcgkDnarHtXo9fL2u5/a7/bxtfDC/v/AvwLZL7Uu8V/4mlU+TH6N9mQFuOVkDKRhq8/Ma9SlQUKX8Sb5Y+Te8vSKvJ+iXU8vNsTVoYZU6D/e1HyQ8m95ekI3k/RLqej/sU/AO/wD2fPgRY6B4ruDdeKtbuJda8aag7BnutUuTvmLMPvbfljB7iPPc161RRXVh6FPC0I0ae0VZf13erfm2dmFw1LB4aFCkvdikl8u/m9W31bbCiiitjoCiiigAooooAKKKKACvGf2D/wDkiGuf9lm+I/8A6mut17NXjP7B/wDyRDXP+yzfEf8A9TXW6APZqKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigDxnwP/AMpC/ih/2RnwH/6dvF9epeIP+Qtof/YVf/0kuK8t8D/8pC/ih/2RnwH/AOnbxfXqXiD/AJC2h/8AYVf/ANJLigDUorjPi7+0J8IPgP8A2f8A8LW8Xf2V/avm/YP+JfcT+b5Wzf8A6mN9uPMTrjOeM4NcX/w8I/ZB/wCiu/8AlA1D/wCR68LGcUcM5diZYfF42lTqRteMqkIyV1dXTaaunf0PbwfDPEeYYeOIwuDq1KctpRpylF2dnZpNOzVvU9norxj/AIeEfsg/9Fd/8oGof/I9H/Dwj9kH/orv/lA1D/5Hrl/124N/6GVD/wAG0/8A5I6v9TeL/wDoX1//AAVP/wCRPZ6K8Y/4eEfsg/8ARXf/ACgah/8AI9bXw9/bG/Zw+KvjCz8BeAviN9v1a/8AM+yWn9kXkW/ZG0jfNJCqjCIx5I6Y64Fa0OL+E8TWjRo4+jKcmkkqsG23okkndtvRIyrcJ8U4ajKrVwNaMIptt05pJLVttqySW7PTaKK5X46Xvxd034LeLdS+ANlo9z45tvDl7N4PtfEEEktjcaksDtbRXCxSxOYmlCK211IDEg8V9EfPnVUV8Oal/wAFgrRf+CI8H/BUTR/CtjN4svvBsUFj4QMMpifxlJcDTf7M8oOJmjXU8oUDCTykJyD8w8w/4Lm/sJ/Db46f8EwfHH7XX7XXhL+0vjF4J+BKqBoXiXVLXQtN1WJGmmmttPF20L4nmlCvP5z7FjBY7QaAP0yorz39kj/k1L4Y/wDZPdF/9IYaT9p39l/4V/te/DA/Bv40jW5fDc+ow3Wo6fofiO70tr9YskW801pJHK0LE5aMOA20A8cUAeh0V+Vmrfs1fAL9jj/gtL8AfgX/AMEr9CvPCmr3Wm6xqf7R3hDw5rV3NoqeF/soWzudTglleOK6a5YCBgBIzMpbKlCf1ToAy/B//IJm/wCwrff+lctalZfg/wD5BM3/AGFb7/0rlrUoAKKKKACiiigAooooAKKKKACiiigDN8WeDvCPj3QZ/C3jnwvp2s6ZdLtudO1WyS4glHoySAqfxFfOmu/8E0fD3gLV5/Gf7Fvxp8TfB/WJpDLLp+lXBvtEupPWawuCUPoNpCqOi19O0V24XMcbgk1Rm0nut4v1i7xfzXzOHF5bgcc060E5LaSupL0kmpL5O3kfK/8Aw1B+2/8As1/6L+1d+zMPGmgwcP48+EZa5ZUH8c+nSkSrxy7qQg5wDXr3wF/a/wD2bv2mLTzfg18WdL1W6VS0+kPIYL6DHXfbShZVAORu27eOCa9KryD49fsJfsv/ALRl5/b/AI++Glvba+jB7fxVoMhsNThkH3XE8OGcjsJN4HpXZ9ZyrGfx6TpS/mp6x+dOT/8ASJL0OP6rm+C/3eqqsf5amkvlUiv/AEuD9T1+ivlb/hT/APwUW/Zj/e/BD40af8ZPDUH3fC3xIYW2sJGP4IdRTCyuePmmwo7LWt4J/wCCm/wdg8Qw/D39prwf4g+DniiU7VsfHNmY7G4bu0F8o8mSMf322A9qmWTYipFzwklWj/c+JesHaa+SkvMcc7w1OShjIujJ/wA/wv0qK8H83F+R9J0VX0rVtK13TYdZ0PU7e8s7mMSW91aTLJHKh6MrKSGB9RVivJaadmewmmroKKKKQzxv9pD4c+KfDmv2f7TnwcsTJ4l8PQGPWdLj4GuaZ1kgYDrIoG5DyeMYJCgej/DT4jeFviz4H074geDb8XGn6lAJIicbo26NG47OrAqR6g1u18C/tEfG74ofsk/tJ+JfCfwSvX0bQ7+7ttTl0q4s45ra5mkhRpXiDoTGjMWUhCOUIyMAD834nzrC+HmIeb1FJ4XESUakIq7jVa92rFaL31Hlqq6u1CavLmUv0PhrJ8Vx9h1lVNpYmhFypzk7KVJP3qUnq/dcuam7OycoO0bNffVFeG6H+2s/9i2d54z/AGbfibp801rHJPNB4UaW13FQTscPkrnplQcYyKtD9vj9nS0OPEmq65ox7jVPDV2mPrtjavfhxtwnKClLGQhez9/mp766+0pw79/meHPgzimMnGOElO2nucs9u3JOf5fI9oory7Sv21P2WdYx9k+NOkpnp9q8yD/0ai4rnP2iv29fg98HPhwfEHw/1mx8c+I9QmFn4c8NeHdQjuJLq7fhPNaMnyIR1aR8ADgZJAPrYDOskzStGlhcXSnKTsrVaf61F9/RHk4/J85yyjKrisLVhGKu70qn6QfyXVmp+1z+1toX7NHh6w0bQ9Bl8T+PfE8xs/BHgqwObjUrk8b2xzHAhOXkPAHA5rE/ZE/ZJ134aazqP7Q/7Q+vQ+J/i74qiH9t6wBmDSLc8rp1kD/q4U4BIwXIyeMVR/Y1/ZmvfDmv3/7TX7QHjDT/ABb8W/E8AGo6haTrLa6DanldOsQCQkag4Zhy5zyRkt9E19VXxeGwuHeFwU1JS+Oovt/3Yv8A59p/ObV37vLE+Vw+DxOLxKxeOg48v8Om/sf3pLrUa+UE+Ve9zSCuR+NfwJ+FP7Q/gif4ffF3wfbavp0vzReaNsttJjAlhkHzROP7ykdwcgkHrqK8WpTp1qbhUScXunqmerVpUq9J06sVKL0aaumvNM+UF8T/ALS//BPpha/EB9W+KnwegOIfEcUfm6/4Zh7C6Qf8fcCj/loOVAJO0BUP0j8Nfif8P/jF4OtPiB8MfFtlrWj3ybre+sZdyk91YdUcdCjAMp4IBrdZVZSrAEEYIPevm74lfsYeMPhh4yu/jv8AsJ+JLXwl4iuX83XPBV4p/sHxFjkh4lwLaU84kTAyf4NzPXl+yxeW60b1KX8t7zj/AIW/iX92Tuvsyex4vscdlGtC9Wj/ACN3nBf3G376X8knzL7MnpE+kqK8W/Z1/bR8IfGPX5vhL8QvDl34E+JOnLjVPBOvMFlfAyZbWThbqIgEhl5wM424Y+016GHxNDF0vaUpXX5Pqmt011TSaPVwmMw2Oo+1oS5l+KfVNOzTXVNJrsFeC6Vj9qb9opvET/vvAvw0vTFpw6xaprYHzS+jJAMAH+9ggkMRXRftUfEvxHoujad8HfhjNnxj43nax0tkPNjb4/f3jY5UImcHrk5GdpFdt8KPhp4c+D/w90v4c+FYdtpplsIxIRhppDy8rf7TMSx9z6V8xjv+F/Oll61oYdxnW7SqfFSpeajpVqLypRe7R9pgf+EHJnj3pXrqUKXeNP4atXyctaVN+dWS2TOiooor64+UCiiigAooooAKKKKACiiqmv67o/hbQr3xN4h1GKz0/TrSS6vrudsJBDGpd3Y9gFBJ9hSbSV2JtRTb2R59+158foP2bPgNrPxJgt/tWrFFsfDWnBdzXupTnZbxKo5b5juIHO1GxVb9jH4A3H7OnwG0zwfr9z9q8SajLJq3jDUXfc93qlyd87s38W04jDd1jB6mvmnwB+1h8Hf+Cg37f3hHw/puq3Nt4V8Aaddar4b0vVrfy313W1OBOEBYbIYQZYwxDgox2gFgPuuvGwFejmmLnjKclKELwhb5Ocvm7RX91dmfPZXicPnOOqY+lJSpwvThbXs6kvm7RX92Lez1KKKK9o+iCiiigAooooAKKKKACiiigArxn9g//kiGuf8AZZviP/6mut17NXjP7B//ACRDXP8Ass3xH/8AU11ugD2aiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiivkL/got+1J+3h+yl8RPh74y+FGh/CO4+FXiD4leEfCevf8JDFqlx4hkl1bV47KdrdIZIbaFY45VZHdpSWzmPAGQD69or5U/b8/4KB6l+zl8UvCv7N/wy8YfDTwz4n8Q+Hr7xLr3jj4waybPw74T0K1nt7Y3VwFlha5mnurqGCGBZogSJGaRQgDexfsm+NfiX8Rfgrp/jX4ofE/4beNLrUJpZdO8U/CZZl0XUbPOI5YhNcXJDZDBts0i5HDdQADC8D/APKQv4of9kZ8B/8Ap28X16l4g/5C2h/9hV//AEkuK8t8D/8AKQv4of8AZGfAf/p28X16l4g/5C2h/wDYVf8A9JLigDUooooAKKKKACiiigAooooA/KrR/wDglj+2Ha/8FN4vhLc+ArQfsgab8fJ/jrYat/blp5jeIpNOXZpAsxL56QR6o0l0B5Xkle4bFe+/8FsrL9t74yfsr+N/2PP2Tf2FdT+JcPxI8B3enXPjC1+IWiaTBolzIxRY5LfULiKSf5QH3J8vzYzkV9sUUAfOP/BPr4g/td6j+zzH4I/aP/Ye1P4V6v4I8M6bpmh2upePtH1ceInhtDG7o2nzSLbAPEgxKQf3oIztNc78f/jp/wAFVLv/AIJuJ8SfgB+w7pth+0drkX2U/Di98eaXd23hlnmlQ3jXkk0Vre+XCscqxhwC8qg5COD9YUUAfnb/AMEuPCH7WP7Jj2vw78Vf8Eo/iJb614815L/4wfHfxj8XfCeoahrF++fM1C7jtb+Sdoo8sIrWEMIkO1QWLs36JUUUAZfg/wD5BM3/AGFb7/0rlrUrL8H/APIJm/7Ct9/6Vy1qUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABWT428BeB/iV4em8JfEPwfpmu6XcDE+n6vYx3EL+5SQEZ9+1a1FVGUoSUouzXVaEyhGcXGSun0eq+5ny/qv8AwTZh+GOpTeK/2H/jz4l+E+oSSGWTQopjqWg3L9T5llcEhSem4NhQflWq/wDw1t+2N+zd/on7YX7LsniDRYOJPiB8JC17AEH/AC0nsZMTQgDlnyF67VNfVFFess4qVly42CrLu9J/KcbS/wDAudHjvJadB82BqSovtHWHzpyvH/wHkZ578Cv2rv2d/wBpbTP7R+CfxZ0nXHWPfPYRT+XeQD1kt5AssY7ZZQD2Jr0KvGfjr+wH+y7+0Bqf/CVeKPh8ukeJUk8238XeFZzp2pwy9pPOhx5jDt5gcD0rzz/hXH/BST9mEeb8LPifpXxw8MQfd8PeOWGn67HGP4Ir9f3c7erzevC0/qeW4v8A3WtyS/lqWX3VF7r/AO3lD1F9dzTB6Yqjzx/npXf30376/wC3XP0PqmsnxB4B8C+LNQtdW8U+C9J1O6sW3WVzqGmxTSW5znKM6koc88YrwjwB/wAFNfgXfeI4vh1+0BomufCHxY/H9j/ECxNrBMehaG8/1MkeSMOxTd2FfRFhf2OqWUWpaZexXNvPGHguIJA6SKRkMrDgg+orzMfldailTxlHR6rmSlF21TTtKLtumm7b6M9PL81oYhupg62q0fK3GSvo01eMo32aaV9tSWggMNrDIPUGivK/2r/2rfBf7K/geDV9U0+41vxJrVx9i8H+ENMG691q9bAWKNQCQgLLvfBCgjgsyqxh8PWxdaNGlG8paJf106tvRK7bSQ8TiaGEoSrVpcsY6t/1u3skrttpJNsxP2yPjj8Ff2d/B1tceIPhpp/ivxZ4huPsXg3wbb6bFNea1eNgKiqVYrGCyl5MEKCAMsyqeN/ZY/4J/wCk6PpGp/E39qnQ9I1zxr4slFzf6LZW6xaT4fjP3bO0gjwgKjAaXlmI+8eWfa/ZN/ZS8aaR4yuv2sf2r9Qt9b+LGv2+yOKM7rPwrZHO3T7MZIUgEh5ASWJYAnLvJ9D1WZ5dkCoPCLD0qrfxzlTpyu19mDlBtQT3as5vXSNk88sx+fSrrGTr1aSX8Omqk48qf2pqM0nNraLuoLTWTk15DqP7Bv7KGov5zfCWG3kByslnqd3CVPsElA/Sqv8Awwx8KrP/AJFnxv450TH3f7K8Wzpt+m/dXtFFfIy4M4SlLmWBpJ94wUH98HB/ifXR4w4qjHl+u1Wu0puS+6amvwPF/wDhkzxlpn/IsftcfEuHH3RqerR3gH/faDNH/Cj/ANrHSjnQv2y3nQdINV8EWkmfq4bdXtFFL/U/I4/wlUh/gr14/wDuaRX+tudS/iunP/HQoS/9xI8X/wCEb/b10n/kH/Er4davjp/auj3Vvu+vknij/hKv28dJ/wCQh8Kvh/q+Ov8AZWuXFvn6ecOK9ooo/wBWHD+DjsTH/uNzL7p05fmH+sin/FwWGl/3C5X98KkfyPlD9orwb8Tv2h9Ah0z4w/sN3yahpzeZonirwt46tBqOlzA5ElvIF3rggHacqSASMgEcL4b/AG6f2rv2SvB97o37WvwP8S67pFpH5WgeP5NN8klzhYotR2bkBJIHmq25sDh2JYfdNUfEnhrw/wCMdAvPCvivRrbUdN1C3aC9sbyESRTRsMFWU8EVyS4ZzalVnXoZlU53Fr3oUXd2aXM4whez2bi2vNaHiZhLKsXWjicNgqdCunFuUJVXGaTXu1KcptTi1pdShON/cmtj5K/YE+PR/aL/AGhPFPj/AMcadDca9c+HYm0i8smJtLKxjkVHgiUliu55EfO45w3TJz9h18m6j+xv8SP2NfFd78Y/2BrO2vdNu0U+JPhZrdyWjvo1yc2V1IS8EvJIRmKknuAqV7D+zf8Atb/Cr9paxurPw1NdaT4l0k+X4h8G67D9n1LS5QcMJIm5ZQeN65HIBwcqM+C8Fjcgy7+zszq8+Ic6k+dq3tOeXNfm2lJL4tpaJcvKla8/4twnEGdpvDfVZckIRp83NTfJGz9jJ293qoO043fMpNuT9Rooor7Y4gooooAKKKKACiivOf2jf2o/hV+zH4Zh1nx9qM1xqWoSeToPhvS4vP1DVpyQFighHLZJALHCgkAnJAOVatSw9J1KslGK3b/r+uiZjiMRQwtGVWtJRit29v67LVt6JN6HbeK/FnhjwJ4cvPF/jPX7TS9L0+AzXuoX86xRQoOrMzHA/wAivlnXfHHxq/4KPx3ngb4Mi98E/Be6WS01zxxe2m3UPFEByksFhDIP3cDDKtKw5Bx2aM6XhT9mj4w/te+I7P4uftywrp3h61nFz4Y+DllcFrW2/uTak4x9pmx/yz+6OQQAzR19QWdnaadaRafp9rHBBBGscEEKBUjRRgKoHAAAAAHSvMcMTmq99OnRfTac159YRfb4mt3FOx4zhi86X7xOlh39nadRf3usIP8Al+OS+JwTsfJX7H//AAST+H37KHxx/wCF3H4p3/iO5sI508PWc2mLbCyEqNEzSMsjee/lOyghUHzE7emPrmiiuzA5fg8to+yw0OWN27a7v1ud+W5Xl+UYf2GDpqEbt2V9311bf/A0Ciiiuw9AKKKKACiiigAooooAKKKKACvGf2D/APkiGuf9lm+I/wD6mut17NXjP7B//JENc/7LN8R//U11ugD2aiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACvgz/gt18XNXj8O/Dj4L+Df2dfjF4z1XTPi74G8a3954B+Ems65YQaXYa/HPdBrqyt5IluEitpH+zlvMKtGduJFz950UAfnL+034Q0Hxd+3t8Cv+CtWufshfEfxv4CtvhprfhPVPDsnwtvZ/EPhS/a8E1lqcuhyxfbSrL9thJSFnjE0b42uGHr//AASJ+Enjn4feFPjL8QtW+DuqfDfwl8SfjZqfif4dfD7W7BbO70nSpbSzgaWW0B/0Frm5gubn7MQCgmBYBnYD67ooA+ePgF8MfDfwu/b9+L+n+GtS8Q3Meo/CvwPfXDeIvF2o6w6Svqvi4FYnv55mgi+UYhjKxKclUBY59z8Qf8hbQ/8AsKv/AOklxXlvgf8A5SF/FD/sjPgP/wBO3i+vUvEH/IW0P/sKv/6SXFAGpRXnH7QX/DXf/Eo/4ZW/4Vv/AMvH9vf8LB+3/wDTPyPs/wBj/wC22/f/ALGO9eb/APG3b/q3D/yv1w1sd7Go4eyqSt1jC6+T5l+R5uIzL6vWdP2FWVusYXT9Hzr8tz6Por5w/wCNu3/VuH/lfo/427f9W4f+V+sv7T/6cVf/AAD/AO3MP7Y/6hq3/gv/AO6H0fRXzh/xt2/6tw/8r9dJ8I/+HjH/AAsLT/8AhfH/AApT/hFP3v8Aav8AwiP9r/2j/qn8ryvtH7v/AFvl7t38G7HOKqGY881H2NRX6uFkvV870NKea+0qKH1esru13Tsl5t87su7sz2uiiuV+Onwc8FftD/Bbxb8BviPYfadA8Z+HL3RdYhAGWtrmB4ZNuejBXJB7EA9q9E9U6qvlz/goH/wVe+En/BOqacfEr9nP41+M7aw8MjX9Z1b4bfD1tR07SrDzZYjJdX0ssNtAwMLko8gbaVOPmXPwXN+1h8ZvEv8AwRW03/gl/L4iZPj9f/Fb/hmLUZVyXiWGbyp9UK53tb/2EokM2cFpN249/sf/AIK8/DDwd8Ev+CFfxk+DXw70sWWgeE/gjLo+iWa/8sbS2tkhiT3wiKKAPrf4deN9J+Jvw+0L4kaDb3ENj4h0a11Kyiu0VZUiniWVFcKzAMFcAgEjOcE9axP2gvjTbfs+fCjUvitdfDPxn4xXT5IEXw78P/Dsmq6tdtLMkSiG2QgsAXDMxIVEVnYhVJqj+yR/yal8Mf8Asnui/wDpDDXoLBipCtg44OOlAHyv8Jf+CtXwh8cfHTwz+zr8Yv2c/jN8F/E3jh5ovAyfF3wTHYWniCeKMySW1tdWtzcw+eIxu8qR0Y5AALMAfqmvyx/ac+GH7VH7PH7df7LPxh/4KVftQ2Hxu8B3XxitfC/w+07wf4Og8J/8I/4x1K2njsdRurQPdPqUIEcicXUXkMwfZICyn9TqAMvwf/yCZv8AsK33/pXLWpWX4P8A+QTN/wBhW+/9K5a1KACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigDE+IHw1+HvxX8OS+EPib4I0rX9Lm/1lhq9hHcRE/3grggMOzDkdjXzvff8E4tV+EN7L4k/YV/aH8R/DGdpDK3ha7lOq6BcMTkg2twSYi3ILqzFQflUV9R0V3YXMsbg4uNKfuveLtKL9YyvF/cn5nBi8swOOkp1Ye8tpK8ZL0lFqS9LteR+f37Wf8AwUw/bp/Yk8L2HhT41/s6+CZfEerSyDQ/F+maxNPpGoRw7PO/0TKTxuPMj4aRAd+QMDFdN/wSjktv2um8Qft9fGmaTWfH7a9caFpyzW+yx8PWkcUUgh0+Ms2wMtxhpCd5ywzku0n1L8d/2cvgn+014QTwJ8c/h/a+INMiuBPBDPLJFJDIBjdHLEySRnBIO1hkcHIrT+FPwk+G/wADvAtl8NPhP4RtdD0PT1ItbC0BwCTlmZmJZ2J5LMSx7k17dbOsreSOjh8P7PETdpSjonG92ldtpPS8VZabtPlPCo5Hmqz1V8Rifa4aCvCEtZKdrJu0Um462k7vXZNcx0dFFFfLH1gUUUUAFFFFABRRRQAUUUUAFeQftIfsbfD74/X9r490rVLzwj4+0kZ0Lx34ebyr22YDhJcEC4i7GN+xYAruOfX6KxxGHoYqk6dWN0/6uuqa6NNNdGc+KwmGxtF0q8VKL/Po09010aaa6M+ZfA/7YXxH+Animz+DH7fWi2ujXN1KIPD/AMTtNQjRNbPYTHAFnORyVbCdThF27vpiGaG5hS4t5lkjkUNHIjAqykZBBHUVl+OPAng34l+FbzwR8QPDNlrGkahF5d5p9/AJI5F9wehB5BHIIBBBFfNE/wAL/wBo/wDYGnfWf2fI9R+JHwpRi958O725MmraDHnLNp0rZM8Y/wCeDZPGBks0g87nxeW/xL1KX8284/4kvjX95LmXVS3PJ9pjso0q3rUf5t6kF/eS+OK/miudfajLc+raK4f4C/tF/CL9pXwaPGvwl8VR38KMI7+ykHl3VhL3inhPzRuMHrwcZUkc13FenSq0q9NVKck4vZrVM9mjXo4mkqtKSlF6pp3T+YUVT8Q+ItA8I6Hd+J/FOtWunadYwNNe317OsUMEajJd3YgKB6mvl3U/jD8dv2+NRn8G/sv3194J+FyTNBrXxSuLdo73WFB2vDpcbYKKeQZzgjnG0rtfnxeNp4VqFnKcvhit3/kl1k7Jeb0fJjsxo4Jxgk51JfDCPxPz7KK6ylaK7t2T6747/tmapb+OJf2dP2TvCkXjj4kMNt6BIf7L8OLnBmv5l4BU/wDLIHcSMHBKq2j+zl+xnpfwv8TTfG34y+K5fHnxQ1KP/iYeLNTjGyyUg/6PYxfdt4gCVG0BiCfug7B3XwI/Z8+FH7N3gaLwB8JfDEen2gPmXdwx33F9NjmaeU/NI59TwOgAAAHa1hRwVSrVVfGNSktYxXww9P5pf33/ANuqK35sPl1atWWJx7UprWMV8EPS/wAUu85K/wDKorcooor0z2QooooAKKKKACiiigAooooAKKKKACiiigArxn9g/wD5Ihrn/ZZviP8A+prrdezV4z+wf/yRDXP+yzfEf/1NdboA9mooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAPGfA/wDykL+KH/ZGfAf/AKdvF9epeIP+Qtof/YVf/wBJLivLfA//ACkL+KH/AGRnwH/6dvF9eoeKWNrJpurOjGGy1DzLgqpJVGhlj3YHYGQE+gyaANaisoeOfBJGf+Ew0sfW/jH/ALNS/wDCc+Cf+hw0r/wYR/8AxVAGpRWX/wAJz4J/6HDSv/BhH/8AFUf8Jz4J/wChw0r/AMGEf/xVAGpRWX/wnPgn/ocNK/8ABhH/APFUf8Jz4J/6HDSv/BhH/wDFUAalFZf/AAnPgn/ocNK/8GEf/wAVR/wnPgn/AKHDSv8AwYR//FUAfOVn/wAEjv2VrH/gpRN/wVJhv/FJ8fS2bougtqcH9hRXj2Cae+pJbeR5gu2tEEJk83aQSduTmrf/AAUD/wCCZ3hv/golo7+D/iF+1v8AGrwR4YvNBk0nXPCPw48TWFnpuswu5ZmuormxuDI+DtyGUbQBjvX0F/wnPgn/AKHDSv8AwYR//FUf8Jz4J/6HDSv/AAYR/wDxVAHj37H/AOwyv7IPw61n4Y237Wvxk+Imn6nY29np0nxL8S2d7NoUEMLxLHYtbWduIQVYZ3B+Y0xjBzVX/gn54f8A+GPfD37H7/tT/G4p4ZuVuLD4lx/EN4vFssyzSyh59QjiUTD980ZRoyjRqqspxXtf/Cc+Cf8AocNK/wDBhH/8VR/wnPgn/ocNK/8ABhH/APFUAfMfwq/4JC/Bfwf8cvDX7RPxs/aI+M3xt8S+CJnuPA7fGHxvHqFn4funXYbq2tLW3toBPt4EsiO4wrAhlVh9YVl/8Jz4J/6HDSv/AAYR/wDxVIfHXgsD5fFumueyx3qMx+gByfwoAXwf/wAgmb/sK33/AKVy1qVmeEIpo9DEk8LRme6uLhUdcMFkneRcg9DhhxWnQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAeD/Hr9iex8XeMj8ef2d/F8nw8+JkKk/27p0Q+yauOvk39vjbOjYAL4LDgnftArzTX/wDgq1a/s3xv8O/20Pgn4g0Tx1ZqhMHheGG6sdVgbcFvbaSWZNsTMjAqSSp4ySGC/YdfMn7eH/BNDwd+234m0bx2/wARrrwxrelWIsJbtNNF5Fc2gkeRYzGZI9rK8khDBv4yCDxjwMzweOw9KVfKtKresdOWV93Z2Sku6av1voz5fOcBmeEozxOSWVZvWDtySvvLldkpre6cebXmvoznPhN8NPHP/BSCz0r9oP8AaT1qC3+Gks5ufCHwu0S/LwXPlyMon1KZcec4ZSPKGApGCF+dW+t9M0zTdF06DR9H0+C0tLWFYra1tohHHDGowqKqgBVAAAA4ArlP2fvgl4T/AGcvg5oXwV8ES3Emm6FatHFNdMDJM7yPLLI2OAWkkdsDgbsDgV2Vd+XYN4agpVNaskueV7tu2qv2TvZKyS2XV+nlOAeDwynW1rTSdSTd25W1V/5U7qKSUUtl1ZRRRXoHqhRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAV4z+wf/yRDXP+yzfEf/1Ndbr2avGf2D/+SIa5/wBlm+I//qa63QB7NRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAeM+B/+UhfxQ/7Iz4D/wDTt4vr2avMfib+yD8Fviz8SJfi54km8a6f4guNDtNIu77wj8UfEGgC5s7aa6mt45YtMvreOUxyXt0Vd1LDzmGcYAx/+GD/AII/9Dx8Zv8AxI7xr/8ALegD2aivGf8Ahg/4I/8AQ8fGb/xI7xr/APLeuR/aA/YC0bUvgP42074EfEv4w2Xji48I6lH4MvJ/2jvGWyDVWtZBaSN5mqsmFnMZO5WXA5BGRQB9KUV4z/wwf8Ef+h4+M3/iR3jX/wCW9H/DB/wR/wCh4+M3/iR3jX/5b0AezUV4z/wwf8Ef+h4+M3/iR3jX/wCW9H/DB/wR/wCh4+M3/iR3jX/5b0AezUV4z/wwf8Ef+h4+M3/iR3jX/wCW9H/DB/wR/wCh4+M3/iR3jX/5b0AezUV4z/wwf8Ef+h4+M3/iR3jX/wCW9H/DB/wR/wCh4+M3/iR3jX/5b0AezUV4z/wwf8Ef+h4+M3/iR3jX/wCW9cjrP7AWjSfHjw3qOj/Ev4wp4Hi8I63H4isz+0d4y3y6q91pR06QZ1XfhYE1QHawXMi7gx2FQD6Uorxn/hg/4I/9Dx8Zv/EjvGv/AMt6P+GD/gj/ANDx8Zv/ABI7xr/8t6APZqK8Z/4YP+CP/Q8fGb/xI7xr/wDLej/hg/4I/wDQ8fGb/wASO8a//LegD2aivGf+GD/gj/0PHxm/8SO8a/8Ay3o/4YP+CP8A0PHxm/8AEjvGv/y3oA9morxn/hg/4I/9Dx8Zv/EjvGv/AMt6P+GD/gj/ANDx8Zv/ABI7xr/8t6APZqK8Z/4YP+CP/Q8fGb/xI7xr/wDLeuR+Cf7AWjWHg29g+MvxL+MN3q7eLvEElnLD+0d4ywulPrF4+lx/u9VUZTT2tEORuyp3FmyxAPpSivGf+GD/AII/9Dx8Zv8AxI7xr/8ALej/AIYP+CP/AEPHxm/8SO8a/wDy3oA9morxn/hg/wCCP/Q8fGb/AMSO8a//AC3o/wCGD/gj/wBDx8Zv/EjvGv8A8t6APZqK8Z/4YP8Agj/0PHxm/wDEjvGv/wAt6P8Ahg/4I/8AQ8fGb/xI7xr/APLegD2aivGf+GD/AII/9Dx8Zv8AxI7xr/8ALej/AIYP+CP/AEPHxm/8SO8a/wDy3oA9mor5r+JH7AWjXXjL4fz/AA7+Jfxhg0i28XTSePIpP2jvGWbnSjo+pJHGu7VScjUH05/kKtiM87dyt13/AAwf8Ef+h4+M3/iR3jX/AOW9AHs1FeM/8MH/AAR/6Hj4zf8AiR3jX/5b0f8ADB/wR/6Hj4zf+JHeNf8A5b0AezUV4z/wwf8ABH/oePjN/wCJHeNf/lvR/wAMH/BH/oePjN/4kd41/wDlvQB7NRXjP/DB/wAEf+h4+M3/AIkd41/+W9H/AAwf8Ef+h4+M3/iR3jX/AOW9AHs1FeM/8MH/AAR/6Hj4zf8AiR3jX/5b0f8ADB/wR/6Hj4zf+JHeNf8A5b0AezUV81/Df9gLRrXxl8QJ/iJ8S/jDPpFz4uhk8BxR/tHeMs22lDR9NSSNtuqg5OoJqL/OWbEg527VXrv+GD/gj/0PHxm/8SO8a/8Ay3oA9morxn/hg/4I/wDQ8fGb/wASO8a//Lej/hg/4I/9Dx8Zv/EjvGv/AMt6APZqK8Z/4YP+CP8A0PHxm/8AEjvGv/y3o/4YP+CP/Q8fGb/xI7xr/wDLegD2aivGf+GD/gj/ANDx8Zv/ABI7xr/8t6P+GD/gj/0PHxm/8SO8a/8Ay3oA9morxn/hg/4I/wDQ8fGb/wASO8a//LeuR/aA/YC0bUvgP42074EfEv4w2Xji48I6lH4MvJ/2jvGWyDVWtZBaSN5mqsmFnMZO5WXA5BGRQB9KUV4z/wAMH/BH/oePjN/4kd41/wDlvR/wwf8ABH/oePjN/wCJHeNf/lvQB7NRXjP/AAwf8Ef+h4+M3/iR3jX/AOW9H/DB/wAEf+h4+M3/AIkd41/+W9AHs1FeM/8ADB/wR/6Hj4zf+JHeNf8A5b0f8MH/AAR/6Hj4zf8AiR3jX/5b0AezUV4z/wAMH/BH/oePjN/4kd41/wDlvR/wwf8ABH/oePjN/wCJHeNf/lvQB7NRXjP/AAwf8Ef+h4+M3/iR3jX/AOW9cjo37AWjR/HjxJqOsfEv4wv4Hl8I6JH4dsx+0d4y3xaql1qp1GQ41XfhoH0sDcxXMbbQp3lgD6Uorxn/AIYP+CP/AEPHxm/8SO8a/wDy3o/4YP8Agj/0PHxm/wDEjvGv/wAt6APZqK8Z/wCGD/gj/wBDx8Zv/EjvGv8A8t6P+GD/AII/9Dx8Zv8AxI7xr/8ALegD2aivGf8Ahg/4I/8AQ8fGb/xI7xr/APLej/hg/wCCP/Q8fGb/AMSO8a//AC3oA9morxn/AIYP+CP/AEPHxm/8SO8a/wDy3o/4YP8Agj/0PHxm/wDEjvGv/wAt6APZqK8Z/wCGD/gj/wBDx8Zv/EjvGv8A8t65H9n/APYC0bTfgP4J0747/Ev4w3vji38I6bH4zvIP2jvGWyfVVtYxdyL5eqqmGnEhG1VXB4AGBQB9KUV4z/wwf8Ef+h4+M3/iR3jX/wCW9H/DB/wR/wCh4+M3/iR3jX/5b0AezUV4z/wwf8Ef+h4+M3/iR3jX/wCW9H/DB/wR/wCh4+M3/iR3jX/5b0AezV4z+wf/AMkQ1z/ss3xH/wDU11uj/hg/4I/9Dx8Zv/EjvGv/AMt6774N/BvwB8A/AEHwy+GVhf2+k29/fXoGqa5ealcy3N5eTXt1NLdXsss8zyXFxNIWkdjl8DAAAAOoooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACvy0i/Zk+Gv7cXwj/bD/bB+OAvbj4m+D/ih440D4XeM49VnhvPAVr4cjNvpx0xkcCzPn27XchQDzmnbzN6nFfqXXxx8YP+CWfxM8U638V/CfwO/bNv/h98Mvjrqk2o/FHwVB4Kgv71rq6to7XUpdK1F50OnG8hiUSb4bnbIzyR+WzcAHu37D/xb8T/AB//AGLPhB8d/GqqNZ8bfC7w/r2rhIwgF1eadBcS4UcKN8jcdq+I/wDgoF+x9+yp8EPHfw4+HX7Dfw2k0j9qfxv8SNL1fwt4p0bWLubWLTS7fU4Z9a1TVrmSV5JNLFp9pgeKctHI9xHFGhbAX7msPgr458G+Ovh5bfCT4sxeGvhn4J8L3ej6l8NYfDUFwmr/ALq3i0+Rb52860FokMgEaAiXzvnI2DPzF8FP+Can7fHwM+Onj39oLRP+Chfw71zxN8RddF1r2v8Air9nm5u9STTo2/0bSIJ08RRpBaQISscccSruZpGDOxNAHV/8FNf2cf2YfE1lF8c/il/wTG8Q/tGeJV0ptLtbXwxHZS3emW8QlmRlF5fW/kZeVwJLVZLjcw+U7Vx8tfDnUdd+Of7E37Bn7HXxA+PF5448L/Fzxtqdv8SNattUvlfVtO0fTdX1EeHrma4WK5dI57W3spxKsckn2F1dRudT92/Hr4Lftz+M/Htzrf7Pf7ceheBfD13YRwtoOtfCCHXJrOZQQ09tc/brbazZB2zRzqCOBg4rz64/4JO+BPDn7I/w5/Z1+D/xn8QeH/FPwn8ZN4x8FfE2+tIL++XxBNPdzXt1dwERx3MN0b+9Sa3BjUpPtUoUQgA5r9jLwJ4W/ZD/AOCn/wAW/wBiX4G6Z/ZHwx1H4ReGfH+ieELWVzYeHNSn1DVNNvI7OIki3juFs7eZolwgdWZQNzZ+168I/ZK/Y38VfAz4leO/2iPjn8bv+FjfE74iJp1prXiO38Npo9jZaZYJKLPT7KyE05giVri4lYtNI8kkzMzcKB7vQAUUUUAfMH/BZn4r/EP4Nf8ABNj4keLPhT4ru9B16/8A7H8P2eu6fJsuNNXVtYsdLluonHMckcV5I6uOVZQwIIzXkUv7NPwY/wCCcn/BSX9mjwp+x94R/wCEP0L4u2vivwx8RNCsb2Z7fXPsOjNqlnqVykjsJL2KW0kQ3R/eut26uzAgV9e/tT/s3/Dz9r39njxd+zT8VRdroXjDR5LG8uNPm8u5tWJDxXMLkELNFKscqMQQHjUkEcV5F8Ef2D/jRpv7Q/hj9pX9sH9rgfFjXPh94bvtH+HlvY+BIdAttN+2iJLzULlI7mc3d9LFBHF5gMUSI0gSFTISAD2X9oD9nP4O/tSeAR8Lfjr4UfXfDrX8V3caQdRuLeG6ePOxJhBIhmiycmJyY2wNykDFfH//AATO8DfDKz/bk+N+rfsM6AdC/Zr07w9pnhxbDS7iQaBqvja2ubr+0rvR4ixSOKG3a2tZ5IAscs8ZxvMTNXrX7SX7Gf7Yn7QX7Ivjb9m2D/goPNoeu+L/ABffXEXjm1+HMKS6d4anuWdNBSG1vLdjsgK2xvRKkzoGb5WbK7H7Iv7L37Uv7OXgYfCLxV+0X8OLvwdpPhb+yfBeh/D34KSeHToUqhVimDT6xfJOqKG/dtGNzHcznkMAfGXxw+Bn7Pn7Lv7ePwI8K/s3fsX+Iv2fXi+NOn2Wp/Hmd0j0jxlZvBKG0AyWd1czXcmoOyQodTS3AdCVcybFe/8AtjfsJ+JtE/bY+Pn7bnxd/wCCVHw1/aM8C61pfh650t/EHimzj1zTbTTNJ8u++w2VxZTJO7tkiN57cuYABu3LX0dqv/BPr9qD44eL/A7/ALaP7dNn468I+AfGen+K9N8LeFfhXB4efVdUsJRNYyahc/bbozRxTBZTFBHbq7Iu75RtO9+0d+yj+3b8bdV8WeFPBn/BRKx8H/D/AMWwtayaLa/CC2uda0qzkgWKeGz1Nr1I0Zv3jLLLayvGZOD8q4APY/2cfij8L/jf+z94I+MXwSwPB/ifwpp+p+F0FuIfLsJrdJIEMY/1ZWNlUp/CQR2rtK5T4FfBjwH+zl8FfCfwB+F2nyWvhvwV4cs9E0O3ml8yRLW2hWGPe/8AG+1AWY8sST3rq6ACiiigD4d/aQ+FXgH9tb/grnpv7Jv7Svh2PxR8NPAv7PS+M7TwRqUjHTdR1vUNbnsBd3MAIW5a3t7FliEgZY2u3YAMQa6j/gj9qut6P8PfjP8As73Gv6hqOhfBv9oXxD4N8Ey6pfSXU9voiQWV/a2hmlLSSrbjUGtkLsWEcCLn5a7n9p39i/x/8Tvjv4a/aw/Zq/aAi+GnxL8P+Grzw1d6rqPhJdd03WdEuJo7g2l1Zm4tmLRXESywyxzIyM0gYOrlap/C39hn4jfAD9lq++DXwF/amv8ARfH/AIh8ct4t8ZfFfVfCVnqNxrWpXWpR3eps1i5WCJbiFXtIwp/0eIxldzRgkA47/gpZ+zf/AMEyfDvgfxV+2J+2/wDBuDxLqA06HTdMknvbu41Ke7K+TZ2GiwrL+4vppCFj+yqkjSNuZsKWHLeD/i3+19+zB/wTP+Bf7OHxA8R/2l+1D8RvD9p4Y0OTXLgXkmnXxgMt1ql+5P79NMs8yzuSRNNEke4tcKT0v7U3/BO39qn47ftt+H/2vvA37Z3hHS7DwVo/2bwD4D8bfBybX7Lw/fyLtudViaLWbISXki5jWWSNjFGSqEZZm9T8b/sLfBz9qD4beFfD3/BQz4Z/Dv4z+I/DK3Ri1u/8Ara2aSTuu97aznuLprbckcCsPOfcYg2RkKAD8+P2edf1X/gnZ/wSX/b8u/2f/FOoy6v8OfjJ4yh8Pa/qF6bm/N3/AGPpES6lLI2TJP5rm4ZjwXycY4r2Dxp+yT8Hv+CZPx9/ZN+IP7LWm3Glan44+JS/D34oXMepTyv44tb3QdRujf6kXdvtV1Fd2EVwtw2XBd13bGK16f8Asz/8ER/2Nv2dfAfx5+Gtp8PfDk+k/HXV9Xiv10TwzHpk2k+Hb61hhXQ4pEkctFC0csqSDYA82RGpXJ1fgr/wTj+MWh/Fr4a/ED9qb9sy6+KemfBa0uU+GGif8IPBpDxXcto1iNR1OdLiX+0btLR5YkdEt0BmeTyy5BAB9ZUUUUAFeX/tu/FvxN8Af2L/AIvfHfwWqtrPgr4X6/r2kq8YcG5s9OnuIsqeGG+NeD1r1Csvxt4M8M/EbwZq/wAPfGukx3+ja9pdxp2rWE2dlzbTxtFLG2OcMjMp+tAH5jv+zL8Nv2IPg/8AseftifBH7bb/ABP8YfFDwNoPxR8aSarPNeePLbxGgt9S/tNnci8/fXC3cZcHyWgXy9ijFfpT8XPhR4I+Ofw31b4S/EmwurvQdcthb6pa2ep3FnJNFuDFPOt3SVA23B2sCQSOhNfLfwg/4JY/EvwrrXwo8IfG/wDbNv8A4gfDD4FapDqPwv8ABM/gqCxvRc2ttJa6bJquopO/9omzhlby9kNtukVJJPMZefXfiZ8CP2s/GXhH4x+HPCP7bDeH7nx0kEXww1GP4f2sr/DyMWkUM+zbNG2pPJKs06yTMhiaUKMqgyAfMH7O3wW+Bfw4/wCCutv4H/4JueBYfCngb4feANVsP2jV8MzSR6Be6zcvaPo+nmLcYpNWgC3U8sqjzI4p1SR8yBK8f/bt8ZXv7Z/x6+B/7YsfiGRfhn4H/a/8FeEfg/ZR3W2HW511jZrHiJ1BxJE00AsrRjkCK3uJl+W6Uj67/wCCfX7Cn7Uv7Dvh3w/8I739qP4ca/8AD3R4bhr/AEXRPgpd6VqurXsqsz31xqU2vXZkuJJ286WR4XaUkjK5BHG/tHf8G/X/AATb+NMPhH/hAP2XPhn4Hn0D4i6T4i1240/4fW0za9p9rOZLnSZdrx7YrlTsdzvAHJjfpQByv/BRX9gT4l/Hb/goFpf7UQ/4J+/DH9oXwbpfwSXw7H4a+InjC30zyNT/ALWluzNaiayuleQQkIN4iQ+cf3owa+nP+CdHxi+BPxy/Y58HeNf2cPhY3gTwtbw3Wkw+BJLCK1fw5d2V1LaXenNFESiGG4hlT5flYAMOGFUfjN+zx+2bf65bWP7Jn7aHhv4Y+ELbw/baZa+FdR+DkGt/2eYQyia0n+3W3lnYY1EcqTRr5QwuCQer/Y0/ZS8EfsVfs7aH+zz4E17VNYg0uW7u9R17XJVe91fULy6lu7y9nZFVd8txPK+AAFDBRwooA9RooooAK+Mf+Cj+gad+0B+2t+zF+xD8SxNefDbxxN4w8R+OPDguXit/EB0WwtPsdjdbCDNbefqHntASUkNqm4MBivs6vEv2xf2P9S/aT1LwH8T/AIZ/FubwB8Sfhfr0+qeB/GC6KmpwQi5tntbyzurN5Ixc2s8D4dFkicNHG6yKU5APHv8AgnD4f039n79tj9pz9iL4ZLNZ/DbwRJ4P8SeB/DZuXlt/D51qxu/tlja7yTDbedp/nrApCRtdPtCg4r079uT9mT/gn54+8OXf7SX7fPgfw/qvh/wJ4eme4vvGV7M+maZahjI832Uv5JmJwFk8szE7UQ5IBzvg5+wz8VfhB8O/jB4isv2qZbv44/GNmudW+L7eCrcQaVdw2Is9N+y6Q8rxfZbNFVkt5ZZDIzSmSRvMOOS/bf8A+Cdf7TP7X3ij4TavaftneHbHSPhqsWoap4R8W/CRtY0rxP4giUCLVrqC31WyB8pgZIrZi8SSHfhiq7QD598P/sfftR/tRf8ABBnxh+zvo/gfUZp/G/js6r8JfBHxK1p0vNM8FjxTa3+nadqE9x5joU06EnY5kdI2SIgsuwd7+yF4y+Cn7HHxY+JvwJg/4Jg+BP2fPijb/Ce58b6enw91G21PSvGGjWUjRNsvIbS0l8yC5ljV4JYUYC4V1LKc19NH4S/tx33wDuPBuqftmeFbb4inWlubLx1onwfEOnpZqUP2SXS7jU7gybsOGlW5jbDjbtK5blv2ff2EfiD4X/aO1f8Aa7/a1/aNi+Knjy98Et4P0ZdO8Fx6Doui6LJcpc3EEFl9ouXeSeaOJpJpZ3JWJEUKowQD4XsPgd4R+Av/AAS2+Av/AAVw8KXd7N8fdV1z4feLPG3xCbUpm1DxYviPVtPg1LSrxt+JrQw6pJGlvjZCIIzGEKZr9eq+KPh9/wAEivGHhXTfAfwD8V/tg3+v/AL4X+MbXxD4J+F03g2GK/DWVwbnTbC+1b7QxvLK0m8tkiFvG7CCJZJHCnP2vQAUUUUAFflpF+zJ8Nf24vhH+2H+2D8cBe3HxN8H/FDxxoHwu8Zx6rPDeeArXw5GbfTjpjI4FmfPt2u5CgHnNO3mb1OK/Uuvjj4wf8Es/iZ4p1v4r+E/gd+2bf8Aw++GXx11SbUfij4Kg8FQX9611dW0drqUulai86HTjeQxKJN8NztkZ5I/LZuAD3b9h/4t+J/j/wDsWfCD47+NVUaz42+F3h/XtXCRhALq806C4lwo4Ub5G47V8R/8FAv2Pv2VPgh47+HHw6/Yb+G0mkftT+N/iRper+FvFOjaxdzaxaaXb6nDPrWqatcySvJJpYtPtMDxTlo5HuI4o0LYC/c1h8FfHPg3x18PLb4SfFmLw18M/BPhe70fUvhrD4aguE1f91bxafIt87edaC0SGQCNARL53zkbBn5i+Cn/AATU/b4+Bnx08e/tBaJ/wUL+HeueJviLroute1/xV+zzc3epJp0bf6NpEE6eIo0gtIEJWOOOJV3M0jBnYmgDlP8Agoh+wB8TPjX/AMFDov2qZf8Agnf8Mf2h/B1j8DrTw3B4d+IXjG20yS21OPV727kktFnsrpHk8mWNB5nkofNx5owaofHr4T+FP+Cov/BMn4AXn7Ev7Knhq98G+HfixpOq6j8HPG1zDo1haWOjvf2d/o1yFhnSMJcI1sQkUoP3grLX1V+0H8Ev27PHXjq61f8AZ1/br0L4f+H7zTY7dtE1f4PQa7PZzDcHuba5N9b7XYFTtmjnQFfu4JFYHgf9hf4pfs0/sn+CP2Zv2I/2oj4MuPCd9c3WqeI/GfguHxI3iOW6luLm7ku4hPasskt3cPcFoZY9p+UDbxQByP8AwS38RfAvwT4v+J/7JvhP9gzw3+zt4/8ABdzpmp+MvB3hG4tbrTNWtb6KUWWp2t5bwwfao2FvNG2+GOSNoirKMivsGvAv2Qf2KvEf7P8A8S/H37RXxs+O1z8Svif8SV0628Q+Jf8AhH4tIsbTT9PSVbOwsbGOSX7PChuJ3YtLK8jyFmY4GPfaACiiigD5g/4LM/Ff4h/Br/gmx8SPFnwp8V3eg69f/wBj+H7PXdPk2XGmrq2sWOly3UTjmOSOK8kdXHKsoYEEZryKX9mn4Mf8E5P+Ckv7NHhT9j7wj/wh+hfF218V+GPiJoVjezPb659h0ZtUs9SuUkdhJexS2kiG6P711u3V2YECvr39qf8AZv8Ah5+17+zx4u/Zp+Kou10Lxho8ljeXGnzeXc2rEh4rmFyCFmilWOVGIIDxqSCOK8i+CP7B/wAaNN/aH8MftK/tg/tcD4sa58PvDd9o/wAPLex8CQ6Bbab9tESXmoXKR3M5u76WKCOLzAYokRpAkKmQkAHsv7QH7Ofwd/ak8Aj4W/HXwo+u+HWv4ru40g6jcW8N08ediTCCRDNFk5MTkxtgblIGK+I/2Gk+HPwn/ac/aP8Ai7+wf4RbTP2cPB3gK306HRtLuJBoOt+ONPe9l1G40eIkxxxR2/2a0nkhCxyzxnG8xM1e7ftJfsZ/tiftBfsi+Nv2bYP+Cg82h674v8X31xF45tfhzCkuneGp7lnTQUhtby3Y7ICtsb0SpM6Bm+Vmyu9+xp+y/wDtFfs4+Frf4R/E/wCNfwx8Q/D3SPDiaT4b8HeBvgvN4bTT1Uqo3SS6xfLLH5YdTH5almfcXPIYA/N79hP4j+Frb4JfBf8A4KZ/tqf8E7v+EgPjrxZpE2tftLa14/W58R6drOoagtvb3Y0wR/6HoqXkkVrDFDc8W4jZrbDEH6M8Ffsk/B7/AIKcftB/tY+PP2ptNuNV1HwP8ST8PfhhcS6lPE/ge1s9B066+36aUdfst1Ld38tw1wuHJjRd2xQtdj4T/wCCO3jLQ/BfhX9lbXf2yr/VP2c/BPjG017w/wDCt/BMEepPFZ341Cx0q61n7QxuLGC5SJggtkmZIURpiBmuy+NX/BOX4x638W/iV8Q/2WP2zLn4V6b8aLO2j+J+i/8ACDw6u8t1DaCx/tHTJnuIf7Ou3tEiid3S4QmGOTyw4JIB1f8AwSY+O3j79pr/AIJp/BH46fFPUJLzxJ4h+HenTa5fzD5726SMRSXLf7UrIZDjjLnHFfQ1cr8Dfgz4B/Z0+DHhT4B/CzS2svDfgzw9Z6Lodq8m90tbaFYo97fxuVQFmPLMSTya6qgAooooA+A4/wBmr4Mf8FG/+Ck/7S3hP9sHwh/wmGg/CKz8KeGPh5oN/ezJb6J9v0ddUvNStkjdRHeyS3UcYuh+9RbRFRlANeuf8EZvit8Q/jJ/wTa+HPir4q+LLvX9d09tZ8P3mu6hJvuNSXSdZvtLiupXPMkkkVnG7OeWZixyTUvxv/YQ+NGpftD+Jv2lv2Pf2tx8J9e+IHhux0b4h2994Eh1+21L7EJUs9Qt0kuYDa30UU8kQkJlidBGHhYxgnqPhh+xxrv7OHwT+D37PH7LHxvu/CPhX4aapbt4kg1HQLfVbnxhpqw3H2i1mmlKm1mnuplunuYhu3oyhQrnAB8w/wDBX/8AZP8A2H/h58HfFvxM0P4O3WoftI/FK8m074L6romt3Z8UT+LZkP2OTTpzNvs7e2cJcTeWY7eKCFy4wcNzv/BRvxt8efG37WH7NX/BPDxh8Ipvi2mufDXVvEfjjwhD4qOg6N4r1myS0gRtUu1jZl02EteXBhWKUSzPaq0LAceveJ/+Cb/7a0n7cfi39t/wT+3j4EOq6xYrpPg3T/G3wIuNYbwbow5awsZItftUXzXAeabylkmYKGO1VUemftK/sR/EL44eIvhd8evAn7Qlt4L+M/wus7u1sPHEHg1b3TNTgvreKLUbW50uS5VmtpnhilRFuRJC0a7ZW+bcAfKWvfBrQv2wf+CWX7Qn/BPP9lT9jbRPhH8RfDvjax0jxd8JG8QxSaRb3zT6XqAube7VFjazuLARyqywxkkODCG+96d/wTzj+BP7OX7XGufspah/wTG8B/s6fEjX/A58RaVf/DrU7XU9L8VaNbXccEyreRWdpIs0E08Ja3lhHyyh1Zhk16X8KP2C/jR8FPhd8QL/AMBftfyf8Ln+J/jODxL4x+K2p+A7a4triaGK3torOPSvOVYrNLS2jt0jE5lUFn84seLv7PX7DXxQ8J/tO3P7ZP7V37TSfE7x9B4Ok8LeGF0fwZH4f0fQNLmuY7m5EFoLm6keeaWGEvPJOx2xKihVyKAPpCiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigDzP9sX9rT4O/sMfs0+Lf2qvjzq81p4Y8Iab9pvRaxh57qRnWOG2hUkBpZZXjiQEgbnG4qMkfLnw9+Mv/BwB+0L4Ls/jf4C+An7NXwu0PW7Vb3QvAHxP1PX9Q19LZxujF7cWPlwWsrIVJQRSNHnDqGBUc1/wdBaBrd5/wAExIvHEGk3F/oPgv4reGNf8aWdvEZDLpEN55c25B95Q8sTHsAuTwM1+gnhPxX4a8eeFtN8b+DNdtdU0fWLCG+0rUrGYSQ3dtKgkjljYcMjIysCOCCKAPiD9tv/AIKRftsfsif8E5/Df7TPjz9m7wl4P+J938T9L8LeIPCOrapLrWmJb3Govatd209tJbs6ywqk8W45TzArqxU1931+dn/BzPdWt3/wTp0Q2tzHJ5fxz8IJJ5bhtrDUBlTjoR6V+idAHyr+xZ+3H8Wf2jf2+P2q/wBlnxv4e8O2vh/4Ga94ZsvCV5pVpOl5dx6jp81zObt5JnSRleNQnlpEApOQx5Hy3+wx+3d/wXy/b2/ZBg/bN+DHhb9lC40661DVYLHwVqWi+I7LUb02N1LbtEtz/aEsEckhiOxmGzLDcVGSO/8A+CVv/KYz/gol/wBjh4C/9Mt1Xy3/AMEH/AP/AAWC+IP/AASt0Twv+yT8e/gT4F8B6j4h8SQadrmv+DNW1HxPprtqlys0yFbtbN2Ehdow0WANobJyaAP0y/4Jf/t8eGv+Clf7GXhf9q/QfBVx4ZudVkurHXvDV1cec+l6jazNBPCJNq+Ym5d6NtUlHXKq2VHG/wDBRr9v74xfs5fF34Q/scfsk/CXQfF3xk+ON/qkfhRfGOqy2eiaPZabbC5vL69eFWlkVYz8sUeGfa+DlVR+/wD+Cbv7B/w+/wCCbX7IHhf9kv4d+Jb3XYdC+0XGqeIdSiEc+q39xM01xcsgJEYZ3IVMttRUUsxBY8//AMFE/wDgmL8I/wDgohZeD/EOv/Ejxl8PvH3w41G4vvh78Svh9q/2PVdEmnVFmRWIIeKQRx70OCQgAZctkAzfgHq3/BZ/RfjT4e0j9q7wr+zjr3gDUWuE8Qa18MbrW7DU9HZbaV4XW31BpY7lGmWKI7ZFYCQttwpr3f4x/tB/AT9nbQYfFX7QPxv8IeBdLuJTFBqXjHxLa6ZbyOBkqslzIiscHoDmvze1j4q/8FTP+CRf7X/wH+Fv7SH7aen/ALR3wf8Ajj8RbbwNBJr3g630nxF4ev7oqsE6y2zN9pjVmDO8jP8AKrDbGWVq2f2SPgr8H/22P+C0n7X3jr9sjwHo3jjX/hFqHhvw18NPDHjCwjvrTw5olxYPcG5trWcMivcyDzDNtLAlgpAcggH6LfDL4ufCj41+E4/Hvwa+J3h7xboUsjRxa14Y1qC/tHdQCyiaB2QkZGRnjIrl/A37ZX7IHxP+Is3wg+Gn7Vnw28ReLbdnW48L6F450+71GIpneGtopmlXbg5yvGDmvi3/AILzeDPCH7EP/BGX4wWX7HngLRvhfYeLvEWkxeL7rwNo8WnRww399Y2F9dmO3VVDy2yR27sBllbnnmuR/wCC0v8AwT4/YK/Zf/4I3+Ivid+z38IPCXw/8QfB/TNI1j4XfEHwvp9vaataajDeWyW8i30SiWd7gsFdmZvMaQOcuFYAH6ReMvjb8GPhz4r0nwJ8Qvi74Y0HXNetL260LRtZ1+2tbvUYLOLzruWCGV1eZIIj5krICI1+ZiBzWb4E/af/AGafij8PdV+Lfwy/aH8DeIvCmhXUttrnifQvFtneafp08SJJLFPcxStHC6JJGzK7AqsikgBhn81/+CgHwj8Pftq/8FOv+Cb/AIP/AGmvCkd7ZeI/BXjPWPGPhy4jKwXk8WiafetaTx9HhNxGqyQsCroGRgQxFVP+C13w2/4RX9rP9kb9ib4AfsZeD/E/w68b+K/E/iXxF8HbTV7XwlovjTWNM061NnFe3CW7xMIU/e+VJG4n8qOIjhSoB+mPwY/al/Zk/aQN8P2eP2jPAnj3+zCBqX/CF+L7LVPshJwBL9mlfy8kH72Old3X5P2/7IH7evib9uj4CftJfCT/AIJDfDL9m9/AnjFLfx74m8B/F7TLoa14VuU8m9sLiytNPtBcBVKyxli5Ro8KoJBH6wUAfNPgz9sz4kfGj/gpd41/Y++Duj6CfA/wh8D2lz8T/Et/aTTXZ8Ral+807TbQpMkaLHapJPOzLIxLxxgRnLHE/wCCSn7ePxZ/bS+G/wARPB/7Tnhjw7oPxc+D/wAUNV8HeP8AR/C1tPBYs0Eha1vLeO4mmkWGaE8M0jbmikZcKQB5X/wQfaXU/H37bfiPxPk+JJv21/F9pemT/WCwt4rNbFOeTGqNIEPp0rnPjH4h0H/gmj/wXq0r48eJdVh0T4XftZ/DmfSvF2oXD+Xa2XivQIfOtrqZhwvmWP7lRjLPJI2Tg0Ae6eNv28Pi/rP/AAV/8H/8E5fgX4c8N3nhzSPhpe+M/jZr2p2dxNd6bDI4g0y0tHjnjjhneYo7iVJd0MoKhdpJzfh78VP+Cq/7Qn7Jfgb4m/s+fGD9kPVvF95qesR+Mda0r+2dd8LXMEV48VoumzWd6r+aiIVuPMdwJQyqF2kV5v8A8EAfDGvfHHwz8ZP+CsfxH0qaDXv2mfiPcah4djvE/fWXhPTWex0m2OeQQqTZIwHURNjoav8A/BsH/wAoYvhr/wBjB4q/9SLUaAPPPgj+2h/wXn+OP7bHxv8A2ItE1b9kWy1r4GweHJdb1m68F+KDa6iNYsDewiALqhceWg2tvA56ZFfoj8Aofj/b/CPR4f2pNS8HXfjxUm/4SC48AWV3b6Q7edJ5X2eO7kkmUeT5Qbe7ZcORgEAfEP8AwT5/5WAf+ChH/YP+Fn/qNtXvVh+1h+31c/tHt8K73/glN4itvAY8WyaavxSb4u+HGtzpi3DRpqv2AXH2vY0QE3kbPNAbaV3AigDL/Zb/AG4/iz8bv+CoP7Uv7FHivw94dt/CvwQtfBcnhTUNPtJ01C7Or6Sby5+1u8zRyBZBiPy448Lw28819U1+eH/BPn/lYB/4KEf9g/4Wf+o21fQn/BWj9qDVf2Pv+CdvxT+N3hR5T4lh8NtpXg2K25ml1vUHWxsBGo5dhc3ET4HOEbpjIAPOP2e/26f22f2s/wBlz4xftE/s1fBTwL4muNP+L2peG/gTpV/qU+mW2u6JYX0NjPql7dvJIGzIt9IqxJHlbdUwWbNVP+CT/wC3R+3B+0z+0F+0V+zX+3T4L+F+j+JPgnrXh+yg/wCFXR6gbWX+0bS4umEkt7M7TFFSFdyxxDdv4YbTX0B+wL+zBpf7F37Fnwx/ZZ0tIs+CfBtlp+oTQ/duL4Rh7ucf9dLhppPq9fKf/BLH/lL5/wAFDf8AsdvAv/pknoA+2P2g/j18Lf2Xfgl4n/aF+NfiaPSPC3hDSJdR1m/k5KxIOEReryOxVEQcu7qoyWAr48/4I7f8FLv2wf27Pj3+0H8Jv2tvgb4Y+H8nwxk8K3nhjw/pEF0NRtbHXLO8v4YNSkmnkSS6jt0tFfy44QshmBXoF8+/4Kt/HH4ia7/wUI+G/wAGPi9+xP8AH/x38AfhzY2/jbUl+E3wmvvEFt4v8UiVhp9ndvEFiFpZBTctEXYyTGIOhVQa80/4JLft36b44/4La/tevH+yb8dtK/4WzrXgRIBrnwvubY+E/sWhXaE67ub/AIlYn6wGTPmryKAPu34V/tmfEJf+CkfxE/YA+O2iaHZyJ4QsvG3wf1nR7aaE6zoLv9lvYLkSyyKby2vFwTHtDwyo3lptJb6Tr8+v+CgrzaT/AMF3P2BdQ8J5GqalY/Eyy11Yv+W2mJolvKolx0RZcsueC9foLQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAGf4t8JeFvH3hbUvA3jjw7ZaxousWMtlq2lalarPb3ltKhSSGWNwVdGVipUgggkGvjDSP+CE/wAFfh5aTeEv2df23f2oPhR4Kkmd4Ph38P8A4xyQaPZB2LOlstzBPPbKSScRTL14Ir7fooA+TvjP/wAEa/2S/i/+wnpv/BPaz17x34U8FaV4li8QW+reHvE/m60+pLdyXj3Ml5qEd0XkkuJZJHYrnLfLtAAHN+GP+CM+ueGfEuneJH/4K/8A7aupDT76G5Onap8YbGW2uvLcN5UyDTAXjbG1lBGVJGRX2rRQB4z8AP2HPhN+zl+0r8Z/2pvBHiHxFdeIPjnqWkXvi2z1W7geztJNOtZLaAWiRwo8askjF/MeUlgMFRwT9gf9hz4Tf8E6v2atL/ZZ+CfiHxFqnh/SdSv722vPFN3BPeNJd3UlzIGeCGFCoeRguEBCgZJPJ9mooAK8H/bF/wCCfPwx/bK8Q+GvHmufF74oeAPFXhGC6t9B8WfCrx5caJfQwXLRNNC+wNFOjGCP5ZI2HBx1OfeKKAPkf4Jf8Ebf2ffhl+0DoP7Ufxd+Ofxi+N3jfwisv/CF6t8afHf9rR+HXkG2SWztoYYII5CP4zGxBAYEMoYbv7Vn/BKf4A/tQ/G20/ae0b4lfEn4T/E+30kaVdfEL4O+Lv7G1HUtPB3La3YaKWC6jU4x5kTMNqjdhVA+m6KAPCvhj/wT4+DXg79mjxb+yr8VPGnjr4veHPHlzczeL7z4v+LJdav9RE8EMDR+cQnkxqkEflpCsYjYF02sS1eI+F/+CBf7Kthd+F9C+Jv7Qfx2+JPgHwVqMF74U+EXxF+Jbah4Y0+S3/49l+yiBJJ44RgRxzyyIFG0gqSp+46KAPH/AIs/sU/Cv4x/tdfCT9tDxPr/AIgg8U/Bmz1628L2FhdQLp90mr2qWtybpHhaRyqIDH5ckeGyW3jipf2yP2Iv2e/27fhna/DH9oDw3eTx6VqsWq+G9d0TU5bDVdB1GLPlXtldwkSW8y5PIOCDhgw4r1uigD5U+CP/AASl8PfCP4p6D8VfF/7d37TPxLl8NXf2rRtD+I/xbe70yOYIyLJLbW0Futyyhjjz/M555NfVdFFAHyZ8F/2WvjH+zL/wVQ+KHxc+Hng4ah8Ifj54ZsdZ8UXkOoW8Z8NeLtNUW2TbySLLJDfWrhi8SyFZrc7wisGPX/8ABSr/AIJpfs8f8FUf2fbf9nT9o6/8Rafplj4gt9a03V/Cd5Bb6hZXcSSRho5J4JkCtHNKjAoch+MEAj6EooA5j4J/CDwN+z78HfCvwK+GWmGz8O+DvD1nouiWzEFo7W2hWGMMQBubagJbAyST3rhv2Ef2KfhX/wAE9f2ZND/ZS+C+v+INT8O6Beahc2d74ouoJr13vL2a8lDvBDDGQJJ3C4QYUKDk5J9gooA8Z+Dv7Dnwm+CP7YHxj/bX8KeIfEVx4q+N8OgR+K9P1C7gfT7QaRZGztvsiJCskZaM5k8ySTLcrsHFezUUUAfFfxq/4Ik/DX4rftb/ABC/bO8D/tz/ALSHwr8VfE9dKXxbafCnx7Y6VY3I06xisrYbG0+WQ7Y4y3zyN88shG0NtHPan/wRa8anx98NIdZ/4KAfGP4neCPDPxV0rxx4r0X43eLI9anluNIgvDp1vYGC1gWGN7q6WW4Em8SC1gwAU5+9aKAON/aB+EE/x8+D2ufCK2+LXjLwK+tQRxL4s+H2rpYaxp22VJN9tO8cqxsdmwko2Udh3yPjP4S/8G/Xw8+Cvxf1j45eBv8Agpr+13D4h8T6tY6h4xun+KOnD/hI5LQbYFvimlq1wgjzHgtnYzAEZr7+ooAK8b+Bn7EPwo/Z/wD2pfjR+1x4N8QeIbnxJ8dLjQpvFtlqd3A9jaNpNnJaWws0SFJIw0cjGTzJJcsAV2Dg+yUUAfJnw/8A2WfjH8S/+CtPjD9uf46+Dho/hjwB4Cg8DfBGxl1C3uH1Bblxd6rrbJDI5ty7lLSNJNshjidmRMrn6zoooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/9k=" + } + } + ] + } + }, + "considerations": { + "users": [ + "Who are the intended users of the model?" + ], + "useCases": [ + "Who are the intended users of the model?" + ], + "technicalLimitations": [ + "What are the known technical limitations of the model? E.g. What kind(s) of data should the model be expected not to perform well on? What are the factors that might degrade model performance?" + ], + "performanceTradeoffs": [ + "What are the known tradeoffs in accuracy/performance of the model?" + ], + "ethicalConsiderations": [ + { + "name": "The name of the risk", + "mitigationStrategy": "Strategy used to address this risk" + } + ], + "fairnessAssessments": [ + { + "groupAtRisk": "The groups or individuals at risk of being systematically disadvantaged by the model", + "benefits": "Expected benefits to the identified groups", + "harms": "Expected harms to the identified groups", + "mitigationStrategy": "With respect to the benefits and harms outlined, please describe any mitigation strategy implemented." + } + ] + } } } ], diff --git a/src/test/resources/bom-1.5.xml b/src/test/resources/bom-1.5.xml index 84ba15036..4e651e9a5 100644 --- a/src/test/resources/bom-1.5.xml +++ b/src/test/resources/bom-1.5.xml @@ -176,6 +176,86 @@ + + + + supervised + + task goes here + the architecture family goes here + The architecture of the model. + + + dataset + Training Data + + https://example.com/path/to/dataset + + public + + + + + string + + + + + string + + + + + + + The type of performance metric + The value of the performance metric + The name of the slice this metric was computed on. By default, assume this metric is not sliced + + The lower bound of the confidence interval + The upper bound of the confidence interval + + + + + Performance images + + + FID vs CLIP Scores on 512x512 samples for different v1-versions + /9j/4AAQSkZJRgABAQEASABIAAD/2wBDAAIBAQEBAQIBAQECAgICAgQDAgICAgUEBAMEBgUGBgYFBgYGBwkIBgcJBwYGCAsICQoKCgoKBggLDAsKDAkKCgr/2wBDAQICAgICAgUDAwUKBwYHCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgr/wAARCAH4AxgDASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwD9/KKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAPDv2yv+CkH7G3/AAT/ALrwpYftYfFe68N3PjiW8i8K2tl4S1XV5dQe1WJrgKmnWs7LsWeI/OFyG4ztbGN+y9/wVb/YY/bK+Jp+D/7PHxO8Qav4gXTZb82mpfDPxDpMfkRlA7efqFhBDkF1+XfuOeAcHHyZ/wAFx/ird/BH/gpn+wN8U7D4UeLfHE2j+KfHUieFPAmnRXerahu0qyj2W8U0sSOw37yGkX5UY5JGD9i/smftw69+1R4r1Twvq37DPx4+FKaZp4uk1T4teE7HT7S9JkCeTA9tfXDNKM7iCqjaCc9qANj4f/t7fsnfFH4O/Ef4/eBPit9u8JfCTWNa0v4hat/YV/F/ZV3pMIm1CPypIFln8qMht0KSK/RC54rwnSf+DiL/AII+6xY22sJ+1feWenXao1vq+r/DHxLY2LK33W+03GnJCFOR8xcDnrXyt+wD/wAodv8Ago7/ANlg+NH/AKaEr7a/4IwWNlqf/BIL9njTdSs4ri2uPg3osdxbzxh0lRrNAysp4YEEgg8EGgD6G+F3xW+GPxu8B6d8Ufg58QtF8VeG9Xh83S9e8P6lFeWl0mSCUliZlbBBBweCCDgit+vzQ/4Je+GNH/ZN/wCC1X7Xn7C/wZtE0z4YXGjeHfH2h+FLQbLPQNSvLeNb1LeMfLCkzyBtigKqQxKoAQV9Zf8ABUXVP2qfDP7A/wATPHX7FPjt/D/xL8MeHX1zw5crpFrf/avsbLcT2fkXUUiOZ4I5oVwAweRSGBFAHvtFfB37Zv8AwVc1Sw/4I0eH/wBt39lSaMeP/jNpOiaJ8JdOjiiuHj8TauywJbqkqtHLLav9pYo6sjNaFWDAkHgv2/v2yv2sP2eP2i/gZ+w744/4KA+GvgRo+v8Awqk1Txd+0j4s8Eafdp4j8RWskVvLptulysenWLuC10xdAoWRFUL8quAfpdRXhH7BugftAaX4C1PWPjJ+3l4f/aD0nVLmKbwl4x0Pwhp+lGKEKwlikOnSvb3PzbSsiBMcgg9a8O/4ORPj78R/2dv+CPvxT8U/CjXZ9J1nWxpvh5dXtpSj2Vvf30NvcuGHKloHljDAgqZAQcgUAdj8TP8Aguz/AMEnfhN451P4d+KP2w9KvNT0SYxayfC/h/VNbtrBwSGWe6061ngiKkEMGcbSCDgg16F4w/4KZ/sI+CP2Qbn9vbVP2ktEvPhFZywRXXjTQIbjVIIpZbiO2SIxWUcswk86WNGTZuQt84UAkdh+yh+y58G/2Mv2fvDP7N/wI8IWWj+HfDOlxWsEdpbrG11IqASXUxUZkmlYF3kbLMzEkmvhf/g5o+Fvw2+FP/BC3426b8MvAek+H7bVfEug6nqNro1hHbRXF5Lr2nebcMkYCmR9oLNjLHJOSSSAfpbXnfgb9q74BfEn9ofx1+yn4K8e/bfH3w1s9NuvGug/2XdR/wBnQ38PnWjefJEsM3mR/NiJ3K9GCnivRK/PD9hr/lYa/bm/7E/4b/8ApnoA7zUf+Dhr/gkNpGo6pp2o/tS6jENF1SfTtWvT8LfE5s7S5hkMcqPdDTfJXawILb9vfOOa+svhR8Wvhj8dvh1pHxd+DXjzSvE/hjXrQXOj67ol6lxbXcRJG5HQkHDAqR1VlKkAgivx4/4Iz/8ABVf9ib9kL9lL4q/BL44ah4u1TxRJ8dfGV0nhDw18Lta1l9ShmugqQpLb2j2jPJtZdjzLjPzbQc19af8ABuV+zf8AG39mz/gnjcaX8b/hlf8AgWXxb8Sdd8UeGfAWqxmO58N6PdyR/ZrKSI8wsPLeTyyAyiYbgrblAB9c/tH/ALT37Pv7IXwtu/jV+0z8XNF8F+F7KVYpdX1u7EaPK2dsMajLzSsFYiOMM5CnAODXi3wH/wCC0/8AwTL/AGlfilo3wU+Ef7TsNz4q8RSFNA0bWfCmr6RLqTBSxFub+0hWY4BPyE5A4ry//gtj+yx+1P8AFXxd+z5+1l+y78F9M+K118BPiFc+INa+Eep6vFZf8JDBNBGizQSTgxC5tzGWj3AkNJuUOV2NF8Dv+C437PPxa/aC8Ifsr/tmfsffFL4CfEXxDqiJ4Hs/jB4NWPTtT1HIVI7C/BKvMWbYrlIwWdUVizhSAffNFfBPxj/aW/bl/bK/4KM+Pv8Agn3+wx8bdF+D/hv4J+HtHvvir8T7vwhBr2qXGparC1xZabY2t0fsyJ9nVneaQOQykADbhus+N3x4/ac/4JOf8E8/i9+1B+2D+0XY/HS88G2iXfhK+XwTb+HZ5ZJ3htLazu0tHaJgbuaPM0aoQjn5MqMgH2VRX5gfGnX/APgul+yR+xhP/wAFI/Hn7aXg7xrqPhnQIfFXjz9n5/hXY2OkQ6ZtWW8s7TVInN6JreEuRLIzhzEflPAboP8Agob/AMFC/wBsC68d/sQyf8E7/GOlaZaftJ3F7Nc2PirRYLq0msrjSbS6tbi5+UzKtqty9yY7eWJpTF5ZfDZAB+j9Ffmz+3B+19+2B/wS4+GXgv4M/Ev9vbwb43+JPx1+IZ0vwp8Sfin4S0zwx4f8BaVBbI+oXk6WsiJcLFuQxJNJuZ51VncKEfz3SP8AgqB8Sf2Rf2j/AIQaXr//AAWa+C/7XHgz4o/EKw8F+KPDnhqz8PWGu+F7i/LJbarapo9w5ls0mCpMJlYqrqAxZwVAP1oor8uvjt+3V+0d8Sv+ClvxW/ZD13/gqT4N/ZE0f4frpEfgLStf8D6TeXvjuK7tBNJqC3WtMIGjWUtEsVv8/wApDYZCW/Qb9mDw98Z/C3wQ0XRPj/8AHPS/iV4njE73PjjRvDselQatA8zvbSi1ikkjjbyGiVtjFWZSwwGwADv6K+P/APgrB+2p8f8A9n2/+Dv7LH7H9tokXxZ+P/jl/D/hrXvEtqbix8PWNvEJtQ1N4Aw+0PDEyFIidpLEndt2N5R46+Of/BRr/gl7+058ENI/az/a4034+fCf43fEG18AX2qXnw5sPDuq+FtfvEY2EkP2AiO4tpXSQOsilkVCdxOMgH6L0V+b/jP49/8ABTb49/8ABZH4y/sE/s7ftMaN4B+H/hf4deHdc/4SPUPA9lq11oEk8f7yOyidU8+e5kbJe6klihjgk2xFnXHoH/BN/wDaX/bB0r9tn42/8E2/21fi3pfxK1r4b6RoviTwf8SrDwxBo1xq+lagjh4ru0tv3EcsMqqoaMAMCxPYUAfbGrarYaHpVzreqz+Va2du89zLtLbI0UsxwAScAHgDNfFuif8ABxP/AMEifE2lw654c/aO8S6hZXAJt7yx+Cvi+WKUAkEq66SQ3II4PUV9h/EDSb7X/Aet6FpkQe5vdIuYLdCwUM7xMqjJ4HJHNflZ+zFr/wDwWR/4Inf8E4vCmifF39jb4U/ED4ZfCbQLm48XW/gf4jXf/CUWenG4mu7q88ue0W0l8hJXYxxyMSsR+YDLAA/TL43ftJ/Ar9m34OXn7QXx5+Jum+FPBthFBJea/rLtFDEJnVIgQRu3O7ooXG4lgMZrhf2KP+Ckv7FP/BRSx8S6p+xp8bY/Glt4QvILXxDPDoOoWSW0syyNEAby3i80MI3O6PcvHJGRntvh34x+CP7Y/wAAPC/xX0bSNO8UeCvGuiafr+ixa1psc0csEqJcW7vDKGCyLlTgjKOvYivi7/gkVaWtj/wU4/4KA2VjbRwwxfFPwykUMSBVRRpEgAAHAA9KAPpf9rP/AIKZ/sLfsN+JdM8EftQftC6b4b1/WbL7ZpXhyDT7vUdSurfe6CZLSyhmnMZaORQ+zBMbAHINbX7JH7eP7In7dvhnUfFn7J/xz0nxhb6NdLb61a2yTW17psrZ2rc2lykdxb7trbfMjXdsbGdpx6Nc+FfAmneJrj4oXfhzSYNZGlLZ3XiKSziW5FjG7yrC9wRv8lXkkcIW2guzYBJNfnP/AME8b/Sf20v+C1/xq/4KWfs3aCLP4L6b8MIPhpF4rt4fKtviF4gg1CO4uNTgwMXEVtHF9lFxyGCx7GILAAH6XVy/xr+M3w1/Z1+EfiP47fGPxJ/Y/hXwlo8+qeIdV+xzXH2S0hQvJJ5UCPJJhQTtRWY9ga/P79pz/gqN+0d/wSK/aK8eeB/217bXvix4E+IdrNq/7M2uaF4bt4r2XV8pGfBl0tjAil/MkjaC5dGdoixZpX+SP0jX/wBmb/gor+0B/wAEa/ij8GP2qPiHp/in44fFfwPrHk6FBZ2OnaZ4ZlvoSLbRYZII08yO3DKjTzPLIz7z5jrtoA6H4df8F4/+CXXxY8U6F4N8AfHXxNf33iXULWy0Qf8ACnPFkUNzNcOqQ/vpNLWJEZnX947KgByWAya9y/at/bO/Zc/Yd+HcHxX/AGsfjRpHgjQLq/FlaX+rM5+03JjeQQxJGrPI+yN22qpOFJr4XH7av/BSv/gkF+zv8Pb/APb6/ZL+Gur/AAQ8I6TofhbxL44+Efji9vNT8MQKkFjDf3lpeWkQuEaTywywHgyDBJwG/RzXvB3w7+JVppuoeJ/Cmja/BaTrfaRNqFhFdLBIUIWeEurbG2OQHXBwx5waAOD/AGOv23P2YP2/fhG/x2/ZI+Jw8W+FI9Xn0t9VGjXtji7hVGkj8u8hikOBIh3bdp3cE4OOE/aY/wCCvH/BOf8AZA+J1z8Ffj5+0zYab4vsreOfUPDGk6HqOsX9nE8ayI88GnW87who3RwXC5Vw3Qg14N/wbfgL+yx8Z1UYA/ap8c4A/wCvmGvuDxTd/Bj4GaP4q+Oni1fDvhazFp/afjTxVcww2okitoAgnu58AuI4Y1QM5O1EVRwAKAMj9mb9q39nP9sn4XwfGf8AZf8AjBovjTw1PO0H9p6NcFvJnUAtDNGwEkEoDKTHIquAykjBBPoNfnJ/wQp8Nav8Vfjx+1N/wUh8GfD+68H/AAm+P3jrSrj4V6Dd2RtW1G1022nt7jXvIIHlLfyy+cCQGYhycjYx+zf21PjF8Rf2ev2RPiX8dPhF8Pz4q8UeEfBGpatoHh4RO4vrqC3eSOMpH87ruUEonzMAQvJFAHp1FfmT/wAE6fjP+1h+2Na+AvjD4L/4L9/Dfx3qGof2fq/jX4M6Z8KtBj+y2zGOW80xRHMmpWrpGZIlnl3HcocpjIr1X/gq3+0ZrvwF8b6FJrH/AAWT8C/sweHbvQw0Oj3vw+0/Xdd1i7E0okuI1vHfZbKnlJ8lu3zh8uMgUAfcNFfnp/wRN/4KheKv2yvip8Yv2W/HH7R3hX40N8MG0q/8L/GLwl4cbR4/EumX0cm5bmy+5Bc280Rjby8I4cYHylm8p/4J3/ET/gtr/wAFK/2U/E3xi0L/AIKDeH/hxN4e8eeIdG8Jzn4T6Vqdx4ka1u3Ef21nRIbW1T5LZRBCZj5csryMSqUAfrDRX5YfsiftE/8ABYr/AIKufsEWf7a/wl/af8JfAm6stKu7XRvCumfDq11tPFep6fuiurm8nvmY2NvNdRSwpDApeJULmWQkIHftP/8ABXr9pnX/APg3P8K/8FQ/gTeW/hX4ja2+hx3iafptvcwm5/ttNOv4oYryOZFjlaOYJuVmRZBhiy7qAP1Nrz/x3+1J8Cfhn8fPAX7MHjfx19i8c/E631SfwPof9mXUn9pR6dAs94fOjiaGHy4mVsSuhbOE3Hivg39s34nf8Fkv+CdXwCH/AAUh+KH7WfhH4g6D4au7C9+KXwDsPhtZ2FhY6bc3EUNxHpeqLI15JLbGYBZJ3ZZApkKjHlN0n7YniXR/Gf8AwXJ/4J9eMPD1z51hq3hH4l3ljNtx5kMugWzo2O2VYGgD9DqK/LX48/8ABUjxv8ff25fip+zH4B/4KmfB79kvwR8GdRt9Fu/EPjQaJeeIPF+stHvuhbW+sTpDBZ25/dGQI7M4ODhsR7P7H3/BW347eJPhf+1V8JZfiL4A/aK+IX7Ovg//AISLwL4++GBhbTfiDZ3Gnz3FskkFjLLHHdRTwGGeKBsEuFQbhuYA/TGivy//AOCdPxy/a3/bV0fwJ8Y/Bv8AwX5+G3izW9USw1fxj8EtO+FOgoLGFtkt3pYVZk1OBo0MkQnkydyBymOK/UCgD59/au/4KnfsG/sSeP7D4UftIfHhdI8Ualpn9o2vhzSfDWp6zf8A2PeUFw8Gm21xJFGWVlDuFBKnBODXvtjeW+o2UOoWjlop4lkiZkKkqwyDggEcHoea/H/4C/sxftveIP8Agvj+0To2gf8ABTLXtI1jRvAvhS91TxAnws8P3Emq6XO8ksOlGKWAx28cKjYJogJZM7nJYZr3Hwt8dv8Agon/AMFNv2tfjh4I/ZI/ay034C/Cr4FeNpPAya1afDyw8Rat4o8Q26A35kF+TFbW0LsiqqLvcMDuBJ2gH6KUV+ef7N3/AAUO/ay139m79r/4G/tE6lokXx1/ZY0fUkm8ZeG9LSKy1qCbSLm+0fVhaS+YkUrrAXeAhowVHGGKCf8A4JK6l/wVU/bC/Z++DH7bX7Sn7b+maToes6Db3mo/DLQvhlprf8JFaeS8a3d7qDAPBPcPi52WkcMcSlI9rfMSAfoLWX448Z+Gvhx4L1j4h+M9S+xaPoOl3Go6teeS8nkW0EbSyybIwzttRWO1QWOMAE8VyP7Wn7Q/hv8AZJ/Zh+IH7Tvi3Tpb3T/AXhC/1y4sIHCvd/ZoHkWBWIIVpGVUBPALAmvzm8Rr/wAFqfij/wAEvPFP7ffj79rzwdfL4x+EWoeJrj9nmL4ZWsGmWug3enSTfZINWWT7aL1bOTzFeQyJ5wEbIy5egD7v1z/gop+xx4b/AGZPCP7Y+tfGHyfhv47vNNtfCniP/hH9Rb7dNfyeVaL9nW3M8XmOcZkjUL1YqOa1P2t/25P2U/2FPB+m+Ov2qvjBZ+FLHWtRFhosbWNze3Wo3O3cYre1tIpZ5iBydiNtyM4yM/nHpP7S3xp/ZV/4NyP2UfiL8CPF0Wi6xfan4E0a6u5tItL0PZXd4Ip4vLuopEBZCRvCh16qynmtD/grN8B/2p/G/wDwXM/Y2svh/wDtz6v4STxcfiA/gFYPAGj3y+BpLLw1atePCLmJhqBvOQftW/yN2YdpoA+1viD/AMFa/wDgn18KfgL4O/aV+I3x+Oj+FPiDc3EHgtr3wpqy6lq8kEjRzLDpn2X7cdjL8xMAADIejoT7L8FfjN8O/wBob4V6L8afhNq9zf8AhzxDafatJvLzSbqwlli3Fctb3ccc0Ryp+WRFPfGCK/J39s39lr9uiX/gtb+yh4Guf+CoOvy+I9Q8A+LX8M+MX+FHh7zPD0ltpNrHfyR2v2fyJzfMrO/mqfJ37YtqgCvV/wBsv/go18Xvh9+1n4W/4Jg6H/wUZ+GPwX1Hwp8LLDXviz+0R8VbPSIbrV759sMVrpunXUsNkLmfa11KMNHGkoCKNm1wD9NKK/OP/gnX/wAFJvHepf8ABQK+/wCCeXxK/bw+GP7Tek638P5fFfgb4t/DwaZDdW01vcLFdaRqdvpcslssgRhNHIgTKKcglgE47/gm/wDFD/gsD/wUh0D4l+Lb39vXTPht4X8BfHHxD4b0O/sfhVpOqapr0NrdAiCXzUSC3tYYmjhUrE1xI5mZ5RtQUAfqbRX5KTf8FU/H37afxz+KH/CJ/wDBZX4Jfsj+A/h746vvCfhTRfEUHh7UPEXimSyISfVbmPWblBb2bykiFYkDMqsGYFdzdR8Kv+CuXx5+LP8AwSn/AGsPHdl8XfBWrfFv9nK01rTrL4ofDhbW+0PxCIrM3Gna1bRv50H7xd2+E+ZGHibgBtigH6h1z/jv4s/Cv4Wz6Ha/E34l+H/DkvibXIdF8Nx69rMFm2ralMGMNlbCV1M9w4VtsSbnbacA4NfmP42+J/8AwW80D/gmLpv/AAVVb9uHwhY6honwtsfG+o/BU/Cmxl03VNNSzjuZlu9RyLpbuW33Tv8AZxDEkjGKNFUCSsP/AILTXvxi/ay8NfsB/tF/CT9ovUvAekfEX45eBZ9B0KHwxp9//YurajaT3dtrIluIy00tvG5jFs/+jvncyE4oA/XSivNP2VvhP8ffg58OLjwr+0b+1ZqPxh16XV5bmDxTqfhDTdFkhtWjiVLQQadHHEyqySP5hG8+aQThVx4F+3h+1V8fP2PP2/P2a/EF948x8Cfiprt38PvGuiTaXa7NP8R3UZl0a+W5MXnqZZFkgZDKIgqbthY5oA+yK+W/2kv+C1X/AAS9/ZH+Mb/s+fH79rbR9G8axXsFpc+G7TR9Q1G5tpplR4kmWyt5fJLLIjDeVGHB71znx0/aq+PfjP8A4LCfCP8AYK/Z28ef2R4c8O+BtT8ffHiSHS7W5N1pzMLTS9OEk8Tm3eS63SP5ZSUxEEMAMnyb/g5b8A+BNB/4Jwap4w0PwVpNlq+rfFjwe2q6paabFHc3rLqluoMsqqGkIVVUbicBQOwoA/SCiqHijxV4Y8EeH7rxZ408R2GkaVYxebfanql4lvb26dNzySEKg5HJIFfLn/BRP9pjx94p/YH+KfxH/wCCZX7Tvha9+JXgDQV8RWv/AAjl1pmuCW3tXE9xaSwMJgPPtoriNCAr79u1gQaAPrKivhH9u3/gqZrmmf8ABIrwr+1x+xzexr8QvjrD4f0H4M2jQw3Lx+INZZESIpKrRvLbL9pYo6Mpe22spBIrk/8Agob/AMFFfi7+zh8bfg7/AME1tC/bT+G3wv8AGfiH4eDxF8TP2hPizHp0FtZWUB+yCSzspnt7Sa+vLuKdhEdscaI5WMjlAD9GqK/Mn9j3/gpf4+8Cf8FFfAX7DXjn/gpb8Kv2sPC/xf0LV5vDXjbwNHo1tq/hfVtNt/tT2moQaPM9ubae3EhikKo7SRsvIQ5pfsv/ABa/4K3/ALfP7Tv7Unwf8Eftv6Z8L/A/wl+OGpaF4a8UQ/DHS9Y1V4gAIdMijnRIFggRfMeaZZp5WuUUOoQkgH6h15/+1H+1H8Cf2LvgTrv7S/7S/jn/AIRrwT4a+y/23rf9mXV59m+0XUVrD+5tYpZn3TTxJ8qHG7JwoJH54fFv9t/9qDx5/wAFFPiX+xt42/4KveDf2UrL4cWmiW/g2DxB4A0e4vviH9psVmn1RZ9YYW4j8/fGsFr8wwVJBQlvTP8Agqx8dP20P2Fv+CEvj744W/7UGjeLfiv4ZGkPY/E3TfA1hDa38F14ksoEl/s6YXNqGNlceW3DqWzIm07doB+gdFfFX/BSH9r39qWw/aw+Dn/BNf8AYd8SaJ4V8efFi01TWvEXxG1/RV1KPwnoNggLzwWbsqXNzLJujQSEoCmGHz74+R8E/tE/t5/sHf8ABRT4U/sZftpftF6Z8bPAfx80/V4fBHj5vBFnoGq6FrenW4uJLO5hscQTW8sTKEcIr73A4CMWAP0Dor8y/hL8ZP8Agqz+2n/wUC/ar/Zg+FX7Y2lfDPwB8J/Gul22ieKG+HOm6xqlqLiwEi6daxTIkJj3LJNLPc+fJzEkYQFmHXfsc/t8/tq6b8Fv2uPhD8erHTPin8Yv2WLi+XRtV0DQ/wCz18bwvpUl/pnmWcBIhuJTGUdIePnVVBYFmAP0Gor8tf8AgnT8fv2vf24vDfgf4yeEP+C+3w11zxNrENlq3i34Gaf8J9CA0xW2S3Wk7POTU4mjXzIhcOSSyb9pHB/UqgAooooAKKKKACiiigAooooAKKKKAPjP9v39lH4+/Gz/AIKU/sZfH/4Y+Av7T8I/CfxJ4uuvH+rf2paw/wBlQ3umW8Fs3lSyrLPvkRlxCjlcZYKCDX2ZRRQB+b/7IH7BP7WPwu/4JsftrfAHx38KfsPi34t/Ej4nap8PdJ/t2wl/tW01bTlh0+TzY52ig82QFdszxsnVwg5qp+xB8Vv+Cx/7LH7Fnw1/ZOsf+CMNxda14F8E2Gg/8JHr3x/8N2+nTSwQrH9oZLWS4nCZG7YqliOMjqP0rooA+Qf+CYf/AAT++Mv7N3jv4r/tiftj/EHQ/E/xz+OesWl54xm8LRSrpGh2FnEYbHSrEzASPHFGdpkcAvtjBBMe9/r10SRSjqGVhggjIIpaKAPyK/Y8/wCCSP7avw3/AOCiPhb4NfFbwFaQfsm/s/8AxM8WfEL4LamuvWco1G81QQNp2nNaJM1xF/Z8s97MkjxIpcS8kMm77W/bq8b/ALYWm+K4PAvw4/4JkeF/2iPhnqehRPqltqHj/S9Nu7XUhNOHje01WM29xAYvIKuJFYM0gIIxXb+P/j1+0X/w0XrPwF+BHwL8Fa+nh/wVouv6nq/i74k3ejEnUbvVbeOCKG30e+3hP7KdmdnTPnKAvykl3/Ccf8FC/wDo1/4M/wDh+NW/+ZegD5w/4I2/sH/HX9lz4w/Hv9oH4ifArwx8EvC3xc1rR7nwj8A/B/iCPUrPwybO2khuLt5LdEtUmumZXKW42KFAJIVAPpv9uv8AY9+HH7fX7JPjj9kT4rXM9to3jXSPsrX9qgaWxuY5EntrpFPDNFPFFKFPDbMHgmqf/Ccf8FC/+jX/AIM/+H41b/5l6P8AhOP+Chf/AEa/8Gf/AA/Grf8AzL0AfNPwb+NH/Bcb9ln4caZ+z/8AFH/gnT4f+PN/4ZsY9O034reDPjPpmiQa5bxKEhnvbPU0We3uCiqZWjEqs5YquMZwf+Co/wCzH/wU0/b2/wCCKfxH+B3jb4N+Dbj4y+LfEWmXeieA/A/iWP7JYadBq9jOtu99qDQRy3CQwyvJJlUZsiMY2ivrT/hOP+Chf/Rr/wAGf/D8at/8y9H/AAnH/BQv/o1/4M/+H41b/wCZegDwW1/b8/4LEy3McVz/AMECNbijaQCSU/tLeE22KTy2A+TjritT9lP9lH4+/Db/AILKftW/tWeNfAX2LwD8SvDfgm18Fa9/alrJ/aM1hpvk3a+RHK00PlyfLmVEDdVLDmvZv+E4/wCChf8A0a/8Gf8Aw/Grf/MvR/wnH/BQv/o1/wCDP/h+NW/+ZegDxn/gh3+yj8ff2Pv2W/Gvw5/aL8Bf8I7rOr/GzxPr+n2f9qWt35unXdwj282+1lkRd6gnYxDr/Eor7Mrxn/hOP+Chf/Rr/wAGf/D8at/8y9H/AAnH/BQv/o1/4M/+H41b/wCZegCt+2T8Sf27/ha3hjxL+xj+zR4S+KtiJbtPGnhnW/G39g6iVIh+zSWNzLG9ucHz/MSUDP7vaw+avj39pL4Cf8FLP+CtXxa+DHgz4/8A7EOjfs/fDT4V/FnTPHuu69rXxM0/xBrerzWAkEdjYxaaGS3WTzWDySOP4WAzHsk+y/8AhOP+Chf/AEa/8Gf/AA/Grf8AzL0f8Jx/wUL/AOjX/gz/AOH41b/5l6APm74x/s1/tzfsZ/8ABRrx9/wUD/YZ+B+jfGHw18bfD2j2PxU+GN14wt9B1S21PSoWtrLUrG6ux9meP7OzI8MjIxZiQTuyvW/HD4DftN/8FY/+Cefxd/Zf/bA/Z1sfgXeeMrRLTwlYr42t/EU8UkDw3dteXb2iLEoF3DHmKNnJRD8+WGPZP+E4/wCChf8A0a/8Gf8Aw/Grf/MvR/wnH/BQv/o1/wCDP/h+NW/+ZegD4n+NWg/8F0f2uP2MLj/gm747/Yq8H+CtR8TeH4fCvjz9oCT4q2N/o82m7VivL200uJBema4hDgRSKgQyn5hwV9V/aD/YA+KOk/tO/sFQ/ADwRLqnw+/Z1m1fTvE2rT6pawvpmnDQIdPsnaOWRJJy7RBSIUcg8kAc19B/8Jx/wUL/AOjX/gz/AOH41b/5l6P+E4/4KF/9Gv8AwZ/8Pxq3/wAy9AHkP/BXH/gn58Qf2wrH4WfHP4EaP4O1n4i/BHxfLrfh/wAK/EK283RPEtlcQiG+0u5Ox/KMsaRmOUqwR4xkDdvThfgjoX7UXiz4s+FtO1//AIN8/hF8LNPg1y1l1/xxqvj7w3fnTrdJVaSaxg060aeacAZiL+SAwBbGK+mP+E4/4KF/9Gv/AAZ/8Pxq3/zL0f8ACcf8FC/+jX/gz/4fjVv/AJl6APBP2zNa/bM+IXjPxF8KPHf/AAQ78BftB+Borp18Ia/qHxO0GGOa3dF/4+bTVoC9rIGyC8JkzgEAEV1//BFf9iz41/sFfsMad8B/jxrGmnWH8T6rrFr4c0PUZryw8L2d3cGWHSbaeYBpY4QSS2Mb5HwWADt6Z/wnH/BQv/o1/wCDP/h+NW/+Zej/AITj/goX/wBGv/Bn/wAPxq3/AMy9AHkv/BV/9iz4/ftBah8Hf2qP2QLjRJfix8APHL+IPDWg+JLs29j4hsbiIQ6hpjzhT9neaJUCSkFVKkHbu3r5R47+Bv8AwUZ/4Kh/tN/BDVv2sv2RtN+Afwn+CPxBtfH99pd58RrDxFqvinX7NWFhFD/Z4MdvbRO8hdpGDOrkBQcY+sf+E4/4KF/9Gv8AwZ/8Pxq3/wAy9H/Ccf8ABQv/AKNf+DP/AIfjVv8A5l6APJfgB+y38dvBP/BZn9oL9q/xP4F+y+APHHw38KaX4X1/+07V/tt3ZpILmPyElM8ewsPmkRVbPyk0fBn9lv47eFP+C1fxo/a31/wL9n+Hviz4P+HNE8P+IP7TtX+1X9rM7Tw+QspnTaCDueNVPYmvWv8AhOP+Chf/AEa/8Gf/AA/Grf8AzL0f8Jx/wUL/AOjX/gz/AOH41b/5l6APSfijqHxB0n4Z+ItV+Evh6w1fxXbaFdy+GdJ1S8Nva3uoLC5toJpQCYo3lCKzgHarE9q+Cf2mfin/AMFuP2w/gF4n/ZN8Kf8ABLbw78KLvx/oV14f1r4k+KvjnpWr6Zo9ldxNBczw21jH9qnk8p32ZjXaxUkNjbX1b/wnH/BQv/o1/wCDP/h+NW/+Zej/AITj/goX/wBGv/Bn/wAPxq3/AMy9AGT4J+F3xA/4J6f8E8vC/wAFv2YPg/efF/xB8MvBmlaLofhgeILTRZvEDw+TBNMbm7byLYlTLcEMcfKUXkrXw7+wcP8AgsH+zz+2x8dfjr44/wCCOOpJov7QHj/RNTuZF+PPhdj4Xtre3NrK7hJ2a7wrmXCKjELtAJINffH/AAnH/BQv/o1/4M/+H41b/wCZej/hOP8AgoX/ANGv/Bn/AMPxq3/zL0AfJX/BcXwD/wAFSP2kvF/hH9lf9mP9lnXvFfwB1SwjvvjNqvg34j6LoeseIB50ynw/HJqF1E9tbskcTzTIj+alx5YICSK/u/7AfxK/aZtG039njxj/AMEmb/8AZ8+HfhjwwYvDt+PiX4e1a0iaJ4kisUttNneVSyNI/msNuY23Hc4z33/Ccf8ABQv/AKNf+DP/AIfjVv8A5l6P+E4/4KF/9Gv/AAZ/8Pxq3/zL0AfHPxR/4JRfGP8A4K1fGz4mfGv/AIKU6NrHw/0PRbK58M/s0+CtK8SW8934WXdHKfFk0ljPJCb+aaOIpF5hEccZjcNhGr3b9nL4g/8ABVrwX+wXqOm/Gv8AZn0TxR8efAeox6RpwufG1laaX8RrKG6iT+1ormFpWsJJrQyuUuIkYTpkxqr7V9Q/4Tj/AIKF/wDRr/wZ/wDD8at/8y9H/Ccf8FC/+jX/AIM/+H41b/5l6APjP9tXwR/wV0/4K0/BWb9hXxl+wVo/7PPgLxfqNiPiN8QvEfxY0zxDdLptvdxXLwadaacCWmdoUAebYuMqQu7ev2p+0x4/+P37N/wS0ib9kT9kG7+Mmr2d7a6Yng+18c6foL21gsEgN0brUCI3CGOJPLHzt5u4cK1V/wDhOP8AgoX/ANGv/Bn/AMPxq3/zL0f8Jx/wUL/6Nf8Agz/4fjVv/mXoA+JP+CLHh7/gqj+yHNrXwA+P3/BLG/0Pwz4++Mmv+LtV+IA+M3h26j0C31FhKsTWVtPJNclGjVCUwTvztABqn/wVh+EX/BUH9rj9tbS/hXqf/BPzW/iV+yd4Kaz1I+GfC/xV8P6MfiJqwihnX+0/tt3HMljbTM8YtfLAleDzCzB49n3P/wAJx/wUL/6Nf+DP/h+NW/8AmXo/4Tj/AIKF/wDRr/wZ/wDD8at/8y9AFP8AYw+NX7UHxRtNW8P/ALQP/BPbUfgPp+g2lnD4ahu/HuiazFqKESK8USaXK4tlhWOIYcKCJQF+6cekfG/WPi94f+E2va38A/Bmk+IvGNrYNL4f0LXNUaytL+4BBEMk6qxhDDI37SAcEgiuD/4Tj/goX/0a/wDBn/w/Grf/ADL0f8Jx/wAFC/8Ao1/4M/8Ah+NW/wDmXoA/Pz9qn9i79tn/AIKL+P8AwHLF/wAEhvA37N/jLQfiJpXiHVf2hB8TNF1DVLCC1nEs0dp/ZUS3V3JKMhRceXHkDcFJDp6x8e/2av22v2dP+CtXij/gof8AAb9jPQv2g9B8ffDrS/D0OnzeN9P0TWPBVxZsd5t31EeU1tPkO4jYOXJJA2DzPqv/AITj/goX/wBGv/Bn/wAPxq3/AMy9H/Ccf8FC/wDo1/4M/wDh+NW/+ZegD5f/AOCbn7Ln/BQfwr/wVI/aC/bU/bV+GehaDYfFLwX4ch8PReG/EUF/aacbUOn9mBtyzyyQRCPzZ3hijkleQx5TBr0b/gh/+y38dv2QP2IpvhB+0V4F/wCEd8RN8SPE2qLp39p2t3m0u9Slmt5PMtZZI/njZW27ty5wwB4r1r/hOP8AgoX/ANGv/Bn/AMPxq3/zL0f8Jx/wUL/6Nf8Agz/4fjVv/mXoA8Z/4Iifso/H39kL/glV4V/Zt/aJ8Bf8I9410288SPe6L/alrd+Wt1q99cQHzraWSI7opo24c43YbBBA+DP2u/2VPjz+yl/waUeFf2Vv2gfDLeEfHeh+KNKttWsF1C2vTYSXHjJp4XEtrLJFJ+7mif5JDjOCQQQP1Z/4Tj/goX/0a/8ABn/w/Grf/MvXn/7TXwU/aV/bG+E1x8Df2jv2Jfgz4j8LXeoWd9caX/w0X4gs989rOlxA/mWvhuOQbZY0bAbBxgggkUAfOf7Z3wz/AOCyX/BRb4A/8O3vid+yV4S+HuheJruwsvij8fLH4lWd/YXum21xFNcS6XpaxreRy3JhBWOdFWMOYyxz5q+x/tE/sbfF/Wf+Cpv7G/xv+FHw88/4bfBvwx430zxVq39q2yf2St5o8Fpp6eTJKs0+94ymYkfbjL7RzXtP/Ccf8FC/+jX/AIM/+H41b/5l6P8AhOP+Chf/AEa/8Gf/AA/Grf8AzL0AfG3xN/YB/aB/ZI/bW+K/7RnwK/4J9fDf9pzwB8a9ag8Qan4X8Q6rpemeIPCmtCIR3T29xqkTW9zaTkCTZvR1c4AAXMnuv7MNn+1x4d+GHxK+Iejf8EtPhN8FfFi6Vbr8P/CGm+MbGefX7hBM0iald6daJDbR7vJEewzYLSM3QA+qf8Jx/wAFC/8Ao1/4M/8Ah+NW/wDmXo/4Tj/goX/0a/8ABn/w/Grf/MvQB+fH7YX7GP7cH/BSXX/CWmL/AMEgPAv7O3jnTPHel65fftFn4naLqGpaRHa3KzTfYzpcS3l1JIAQon8tM4LBTh0/W2vGf+E4/wCChf8A0a/8Gf8Aw/Grf/MvR/wnH/BQv/o1/wCDP/h+NW/+ZegDyX4Afst/HbwT/wAFmf2gv2r/ABP4F+y+APHHw38KaX4X1/8AtO1f7bd2aSC5j8hJTPHsLD5pEVWz8pNeV+FvgV/wUT/4Jk/tafHDxt+yT+yZpvx7+FXx18bSeOY9GtPiJYeHdW8L+IbhAL8SnUAIrm2mdUZWjbegUDaSDu+rv+E4/wCChf8A0a/8Gf8Aw/Grf/MvR/wnH/BQv/o1/wCDP/h+NW/+ZegD5Z/Zu/4J4/tY6F+zf+1/8c/2iNL0ST46ftT6PqTy+DfDeqJLZaLBDpFzY6PpIu5fLSWVFnKPOSsZLDnClz9Kf8Evfgz8Sv2df+CdfwV+BPxj8N/2P4q8JfDfStL8Q6V9shuPsl3DbokkfmwO8cmGBG5GZT2JrS/4Tj/goX/0a/8ABn/w/Grf/MvR/wAJx/wUL/6Nf+DP/h+NW/8AmXoA6P8Aa1/Z48Oftb/swfED9mHxZqUllp/j3whf6HcX8MYd7T7TA8azqpIDNGzK4BOCVANfn3pXhD/gubbf8E8NR/4Jg3n7Fvg9dW0z4bXHgey+PUPxTsX0zUdLjsmtI7iDTCq3YvZLYLEqzeVEJmEryIuVH3D/AMJx/wAFC/8Ao1/4M/8Ah+NW/wDmXo/4Tj/goX/0a/8ABn/w/Grf/MvQB8RfFT/gnX+2P4k/4IW/s6fscaL8HvO+JHgTxJ4KuvFfhz/hINOX7DDYXolu2+0NcCCXy0GcRyMW6KGPFfQn7Zf7Lnx2+K//AAVi/Yv/AGl/AHgb7f4J+E3/AAsX/hYGt/2naxf2V/amhQWtj+5klWafzZkZP3KSbMZfauDXrP8AwnH/AAUL/wCjX/gz/wCH41b/AOZej/hOP+Chf/Rr/wAGf/D8at/8y9AHkv7TP7Lfx2+IP/BYf9mP9qfwh4F+1+A/h54P8aWPjDXf7TtY/wCz57+zijtE8h5RNLvdWGY0cLjLFRzXnP7dH/BP742+G/2+h/wUg/Zs/ZX+Hnx4i8ReBYPC3xF+EXj27tLK4lNtN5lrqmmXl5FJBHOqHyZI5dqsijBJbKfUH/Ccf8FC/wDo1/4M/wDh+NW/+Zej/hOP+Chf/Rr/AMGf/D8at/8AMvQB5T+wtoHx11P403Pij4k/8Eg/hr+zvoNn4fnWz1yw8VaNqevXl88sIWFV0q3EcNv5Xnl2M7MWEYC4yaj/AOCLn7Lfx2/ZM/Z6+Ifgb9oHwL/YGqa78ePFniLSrX+07W78/Tb27WS2n3W0sirvUE7GIdf4lBr1r/hOP+Chf/Rr/wAGf/D8at/8y9H/AAnH/BQv/o1/4M/+H41b/wCZegD4b8N/sBftIf8ABPj4wfErRPhV/wAEvPhj+1F8MvH/AI+1Dxd4Y1C91zRdJ8ReFpb5lkn0y4OrRGO6tUkBMLxybwrNuBJ2r618R/2dv2nPjr/wSp/aF+Elv/wT7+H/AMHfHXj7wlqul+EPh34G8SadcPfh7ERwG9vI4bW1WdpnlUDcURNuZOTX0V/wnH/BQv8A6Nf+DP8A4fjVv/mXo/4Tj/goX/0a/wDBn/w/Grf/ADL0AeY/F79mX43+KP8Agh5rP7H2heCfP+It1+zGfCdv4d/tK2XdrH9gi0+zfaGkEA/f/J5hk8vvu28147+1P+wb+134o/4JvfsdaR8I/hlp2sfFD9mnxR8PfFmsfD7UfEdvZjVpNH0z7NeabHe5e3SXe5CyljHiNiC2Vz9Yf8Jx/wAFC/8Ao1/4M/8Ah+NW/wDmXo/4Tj/goX/0a/8ABn/w/Grf/MvQBufsr/Fj4+fGP4cXHir9o39lPUfg9r0WrS20PhbU/F2m61JNbLHGy3QuNOkeIKzPIgQkOPKJIAZc+df8Fav2NtU/bv8A2APiF+z94O/d+LptMXVvAF2s6wvba/YyLdWLJKxAh3TRLE0mRtSV+2a6n/hOP+Chf/Rr/wAGf/D8at/8y9H/AAnH/BQv/o1/4M/+H41b/wCZegD5+/4Ix/sr/tf+B9W+Mf7bP/BRfwBZ+HPjb8Z/FVmuo6LZ6raX0el6HplnHbWFuktrLLENxM8jBG5zGWAYEDzP/gvD4O/4KcfthfDvV/2N/wBmT/gmje+KvDFr4q8Pa3pvxPHxc8P2MV/9klgu5oRYXc0c8REgeDcxwSm8AqRX2b/wnH/BQv8A6Nf+DP8A4fjVv/mXo/4Tj/goX/0a/wDBn/w/Grf/ADL0AZv7PXir41ftjfB7xP4T/b//AOCd9n8NrK6uhYt4H8V+LtH8W2mvWRRXaSUWgeEJv+XypASSucYxXZfBT9jz9kj9muTVJv2c/wBlr4c+AH1yGOHWn8FeCLDSjqEabtiTm1hTzVXe+A2QN7Y6muf/AOE4/wCChf8A0a/8Gf8Aw/Grf/MvR/wnH/BQv/o1/wCDP/h+NW/+ZegD88v2GP8Agkr+2z8Lv+CgnhL4TfG3wLaw/ss/s3+NvGHi/wCA+pjX7Oc6pcatJCbCzltUmaeM2PnXkqyyRoPMDYyGXP0J/wAFK/8Agn58X/Gv7YfgH/go9+zb8DPAPxa8ReFfBl14O8Z/CX4jSwQW/iHRJLk3UL2V1cRSw2t7BcPIwaVdrJIRuXBD/RP/AAnH/BQv/o1/4M/+H41b/wCZej/hOP8AgoX/ANGv/Bn/AMPxq3/zL0AeJfsd6F+0Hr3x80jW/G3/AARP+GHwC0HTba5lu/GB8YaDqWsiZoWSOOzi0m2IQMzEPI8y/u2YBcnFaf8AwSy/Zb+O37OPxY/ar8TfGfwL/Y1j8Sf2kNX8U+Cp/wC07W4/tHSZoLdIrnEErmHcyMPLlCSDHKjIr1r/AITj/goX/wBGv/Bn/wAPxq3/AMy9H/Ccf8FC/wDo1/4M/wDh+NW/+ZegDwT9szWv2zPiF4z8RfCjx3/wQ78BftB+Borp18Ia/qHxO0GGOa3dF/4+bTVoC9rIGyC8JkzgEAEV83/EL/gkT+3D4b/4Nt/iL/wTw0Dw7pviX4neKPE9vrHhrwFofiWMWGgWb+JbDUP7JtrzUJIkaO3ghmkLOyguzqpclS/6F/8ACcf8FC/+jX/gz/4fjVv/AJl66T9l/wCMvif48fCT/hPPGngew8OavbeKPEGhanpGl64+pW0U+laze6W7xXMlvbNKkjWZkG6GMgSbSDjJAPmz/gpB+yF+1LfftYfBv/gpT+w94a0XxV48+E9pqmi+Ivhzr+tLpkfizQb9AHggvHVktrmKTdIhkAQl8sfk2Scj4J/Z2/by/bx/4KKfCn9s39tH9nPTfgl4E+Aen6vN4J8At43s9f1bXtb1GBbeS8uZrHMENvFEqlEDs+9AeQ7Bf0DooA+P/wDgnn+y38dvgZ+27+198X/in4F/svw78UfiRo+qeBdR/tO1n/tO0g03yZZPLhleSHbJ8u2VUY9QCOa5z9mf9m39sX9n39rf9uX9ojQPg/plxN8StY0DUvg9HrXiK3jtPEM1lozwOkzQPJLZp5+2MtLGpwdyqwGa+46KAPyP/bZ/Y0/bo/4KYroXhX/hz14E/Z98fweMdM1af9pBvihouoajoK210k8stk2mwre3UjqhVVmEaZYE4IDr+uFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRX5wf8Fev2Rv2N/ht8MdZ8TfCH4TXMv7U3xb8RSwfBbXND1y7Pid/EssomF1b3LTGS0sLQHz5wClrFBGUKgMikA/R+ivib/gpD+zT+z5P4NtvjT8aP8AgmL4i/aU8ey+GPsF5f8AgyK1+0ae1vDkSRm4vYZbQPI7lXsYpZwQTsJC59R/4JLatrOt/wDBNb4L6l4i+O8XxMv38CWi3vjaKWd/7RlUFWDNcok7PEQYWaZElLQsZFV9wAB0Xgf/AJSF/FD/ALIz4D/9O3i+vZq+ePgF8TvDfxR/b9+L+oeGtN8Q20enfCvwPY3C+IvCOo6O7ypqvi4lokv4IWni+YYmjDRMchXJU4+h6ACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAor5w/bY/bY8Vfs2eKtJ8D+B/Cmn3l7eaeL66utVWRoliMjxqiLG6HdmNiSTgDHBzx6/8A/itH8b/AIQ6J8UY9JaxOq27tLaM27y5EkeJwD3XchIPoRXzeB4tyLMeIMRktCo3iKCvNcrS6XtLZtc0b22ut9bfRY3hXO8vyHD5zXppYeu7QfMm+trx3V+WVu9ntpfsKKKK+kPnQooooAKKKKACiiigAooooAK8Z/YP/wCSIa5/2Wb4j/8Aqa63Xs1eM/sH/wDJENc/7LN8R/8A1NdboA9mooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAr4lm/wCCbn7cWjfto+Pf20vBX7fXgGfXfFYOneHF8a/AO41abwloCuXi0eylj8QW0aRZw8siwo9xKN8mcKq/bVFAHz98WvgN/wAFBvFniSa8+E3/AAUD8PeEtIvdMt4LrTrr4KQalPZ3Kwqk1xZTtqEYi8yQNKEuI7kIW25ZQBXc/sh/sv8AgD9jD9m/wp+zJ8ML/UrzR/Cti8MV/rFwJbu9mlmkuLi5mZVVTJLPLLK21VUFyAAABXpFFAHjPgf/AJSF/FD/ALIz4D/9O3i+vZq8Z8D/APKQv4of9kZ8B/8Ap28X17NQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFc58Vvi38N/gd4FvfiX8WPF1roeh6eoN1f3ZOAScKqqoLOxPAVQWPYGrhTnVmoQTbeiS1bfkiKlSnSg5zaSWrb0SXds6OiuJ+BH7RvwT/aa8IP47+BnxAtfEGmRXBgnmgikikhkAztkilVJIzggjcoyORkV21OrSq0Kjp1YuMlumrNeqYqNajiKSqUpKUXqmmmn6NaBRRRWZofP37XHw+8G/FD48fCHwH4v0GK8t9SvtWN2hZkeSCG2SUpvQhgu7BwDXu2haFo3hjRrbw94e0yGzsbOFYrW1t4wqRIBgKAK8j+I3/Ez/AG3PhxY9f7L8M6xeY9PMVYc/pXs9fI8PYbDPO81xigueVZQ5rLmahRpaXte3NJu199dz6vP8TiFk2WYRzfJGi58t3ZOdarra9r8qSvbbTYKKKK+uPlAooooAKKKKACiiigAooooAK8Z/YP8A+SIa5/2Wb4j/APqa63Xs1eM/sH/8kQ1z/ss3xH/9TXW6APZqKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigDxnwP8A8pC/ih/2RnwH/wCnbxfXs1eM+B/+UhfxQ/7Iz4D/APTt4vr2agAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKK+cf+Cp/j74+fDf9ky+8R/s+S39vqA1WCPWtR0tT9psdOKSmSaNl+ZCJBCpccqrscjGR5j/AMEVP2gvjb8avAHjXQ/i/wCO7vxBFoF/Zf2Re6tfG4vR56zGVJHcmRkHlxlS2eWcA4GB49TOaNPOYZc4S5pR5lL7Ozdu/Tfo9DwKvEGHo8QwymVOXPOPMpacuzdu70Tu1onZH25RRRXsHvhRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAV8m/8Fq/h1ofjv8AYN1zWda16WxfwtrFjq1gsabhdXBc2iwMPRhdN06MFPQGvrKvl/8A4KR/8V/rvwV/Zph+f/hN/irZ3OqQdfN0zTlNzdLj8YzntivZ4flOnnVCpF25JczflFSlL8E18zxOI4wqZHXpSV+ePKl5ycYx/wDJmn8il/wSo/YF8WfsP/DvxBd/EPxXa3+v+MJbOa9stOLm3sY4Fl8tAzqrNITO+87QOFAzjJ+raKK48wx+JzTGTxWId5y30t5Ky8krHbluXYXKsDDCYdWhBWV3d922+7bbCiiiuI7jxc/8TT/goEB1TS/hTn6SSah/8TXtFeMfDz/iZ/tu/EW+6/2X4X0izz6eYGmx+lez18xwt79HF1f58TXf3TjD/wBsPpeJ/drYSl/LhqC++Mp/+3hRRRX0580FFFFABRRRQAUUUUAFFFFABXjP7B//ACRDXP8Ass3xH/8AU11uvZq8Z/YP/wCSIa5/2Wb4j/8Aqa63QB7NRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABXzv4x/4Kt/sC/D74iah8MvGnx5Om3mka+dE1jV7rwrqq6Lp2oiXyTa3GrfZfsFvIJDsKyTrhuDzX0RXxV/wU68e3/wC1pa61/wAEhP2bLK11Txj8QtCWP4p6/JAJbD4d+GLlsTX112a/uE8xLO1yHdz57FI49zAHrvx3/wCCmH7Fn7Nfj7Ufhn8X/ivfWWr6JaRXWvx6Z4M1jU4NHgkj8xJb24srSaGyQoQ+6d0G05zjmvaPCfizwv488Lab448EeIrLV9G1iwivdJ1XTbpZ7e8tpUDxzRSISro6MGVgSCCCK+dP21v2nZP2b/BWgfsifs0+EofGnxq8faQ+mfDvwdeSeZFBbxxLBLrerPg+Tp1su1pZGGZmCwxhnf5fSP2IP2Y9O/Yv/ZD+HP7Kml+JZtZj8B+ErPSH1adNrXksUYEkoXJ2KzliqZO1SFycZoAzPA//ACkL+KH/AGRnwH/6dvF9ezV88fALUvivqf7fvxfk+LPgvw9olzH8K/A6aZF4d8Tz6olxZjVfF2yaV5rK0MMpO4GJVkVQARI2SB9D0AFFFeR/teftrfBH9ifwbY+MPjFdahK2q3LQaVpOjWyTXd4yAGQoruiBUDLuZmAG5RySBW+Gw2IxleNGhFynLZLdmGJxWHwVCVevNRhHVt6JHrlFcD+zV+0r8K/2sfhXa/F/4QapPPpk87288F5CI7izuEALwSoCQrgMp4JBDKQSCDXfVNajVw9WVKrFxlF2ae6fYqhXo4mjGrSkpRkrprVNPqgooorI1CiiigAooooAKKKKACiiigAooooAKKKKACiiigAr5i/bB8L+IP2cPinp37fnws0ma5i0+BNN+K2iWi86noxIAuwvea3ODn+4oyQqNn6dqK/sLHVbGfS9Ts4ri2uYWiuLeZAySowIZWB4IIJBB6g1yY3CrF0ORO0lrF/yyWz/AEa6ptdThzDBLHYZwT5ZJqUZdYyWqf6NdYuSe5V8K+KfD/jfwzp/jHwnq0N/pmqWcd1p97btlJoZFDI4PoQQav18sfs5399+xf8AtB3H7Fvi68lPgrxTJPqvwg1O5clYCW33OkMx/iRmLpnkhuSTIqj6npYHFPFUbzVpxdpLtJb/ACe8X1TXmTluNeNw95rlqRfLOP8ALJb/ACekovrFp9wooorsPQCiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACvl/Uv+Lrf8FaNNs/9ZYfCj4VzXW7r5Op6nP5W32zajOfavqCvl/8A4J8f8XE+LXx+/aTl+dfEnxNbQ9NnPPm2Okwi3hdf9lt7fitevln7rDYrEdocq9aklH/0lSPGzT99isLh/wCapzP0pxcv/SnA+oKKKK8g9kKKKy/G/im18DeC9X8a3trJPDo+l3F9NDD9+RYo2kKr7kLgVnVq06FKVWo7Rim2+ySbb+STfyNKVKpXqxpwV5SaSXdtpJfNtL5nln7Pf/Ex/aR+NPiHr5ms6VZhv+uFmVx/49Xs9fFv7CP7V2oeLP2gPEHgzWPCsMY8eavdarFcW8jFrSVIWfymzwyeXGQDgHd7Hj7Sr4jw5znLs84ceIwk+Ze1rc2jVpSqzqde8Zwfz7po+08Qcnx+S8Qqhi48r9lR5dU7qNKEOn96El8uzQUUUV92fDhRRRQAUUUUAFFFFABRRRQAV4z+wf8A8kQ1z/ss3xH/APU11uvZq8Z/YP8A+SIa5/2Wb4j/APqa63QB7NRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABXzFq3/AAR5/YM1X4keLfi3b+C/H2k6/wCO9fm1vxbd+Gfjn4v0mPUr+U5ed4bLVYogcYUBUCqoCqAoAH07RQB83fEX/gkt+w58Uvi/d/H3xR4L8bQeMb/QrLRr/wAQaB8Z/FWkz3NjaRiO3hk+w6nCHChcksCWcs7FnZmPuPws+GXhT4N/D/S/hj4HOqHSdHgMNkda8QXmq3W0sW/eXd7LLcTHLH5pJGOMDOAAOgooA8Z8D/8AKQv4of8AZGfAf/p28X17NXjPgf8A5SF/FD/sjPgP/wBO3i+vZqACvn3/AIKB/wDBPzwb+3t4N0TRtZ8a3PhzWPDlzNJo+sQWQukRJhGJo3hLpvDeVGQQ6kFB2JB+gqK6sHjMTl+JjiMPLlnHZ/h102OXG4LC5jhZYbEx5oS3X49Ndz45/wCCVOkaV+zC3jT9gjxrYix8aeHNdm1xbsuRF4k064EccWoQBidoVY4o3QE7CFyS28D7Gr5//bs/Z68aeOdJ0b9or9n9Fg+Kfw1ma/8ADbKP+Qta4/0jTJcY3pKm4KD0Y4BUOxr0L9mb9obwV+1F8GdI+MXgdmjhv4il/p8zfvtOvE4mtZRwQ6NkdBuBVhwwr0s2bzGP9px1c3aov5alt/8ADNK8ezUo9EeXlCWWy/suWigr03/NTvt/ig3yy7pxl1Z31FFFeGe8FFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQB5j+1t+znYftL/AAiuPB9vqJ0zxBp1wmp+ENejJWTTNTh+aGZWHIGflbHO1iRyARn/ALGn7Rl9+0B8M5rXxzpw0zx14TvW0fx3ojAK1tfx5UyKv/POUAupHH3lBO0mvXq+X/2uPDuufswfF+w/b5+GmlTT6fHDHpfxc0WzTJv9KJCx36qOs1udvPUoACVUOT5ONTwVdY2Hw7VF3j0l6wvr3g2uiPDzFPL8Ssxgvdso1V3h0n60769XByX2UfUFFUvDfiLQ/F/h+x8V+GNUhvtN1K0jurC8t33RzwyKGR1PcFSD+NXa9VNSV1se3GSkk07phRRRTGFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQBynx1+I1v8H/AIK+LfircsoXw54bvdRAbozQwO6r7ksoAHcmvNf+CaPw5uPhj+w58PNH1BW+26lov9s30kn33lvpGuyX77gJlXn+7iue/wCCr2sahcfsqJ8INCuTFqfxL8Y6P4U09k+9uuLpXcAd8xwup9mr6N0XSNP8P6PaaDpNuIbWxto7e2iXokaKFVfwAAr15fuMiiutWo38qcVFf+TTf3HjQ/f5/J9KVNL51JOT/wDJYL7yzRRRXkHshXP/ABX8V2fgb4Y+IfGN/HG8WmaLc3LRSqCsmyJiEIPXcQBjvmugrxn9ua9ub74PWXwx02Zku/G/ifT9EhKfeVZJg7t9NsZBPo1eNxFjp5ZkOJxUNZRhLlXeTXLBfOc4I9jh/AwzLPMNhp6RlOPM+0U+ab+UIyZV/Yl/Z0+H/wAMfhR4f8fxeFIU8Uazokc+o6nIztIVm/ehAGJWPCsikIFzt5ya9wqKys7bTrOHT7KERwwRLHDGvRVUYAH0AqWryLJ8HkOU0cDhoKMYRSdkleSSUpO27k0229XfVkZ3m+LzzNauNxM3KU5N6tuybbjFX2UU0kloraIKKKK9Y8oKKKKACiiigAooooAKKKKACvGf2D/+SIa5/wBlm+I//qa63Xs1eM/sH/8AJENc/wCyzfEf/wBTXW6APZqKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigDxnwP/ykL+KH/ZGfAf8A6dvF9ezV4z4H/wCUhfxQ/wCyM+A//Tt4vr2agAooooAK+Q/ipFL/AME8v2oD+0RpEbRfCL4o6nFa/Ea0jH7rw/rLnbDqwA+5FKTtlPqSTkmNR9eVi/EX4e+EPix4E1b4bePtGi1DRtbsZLTUbOUcSRuMHB6qw6hhypAIwQK9DLsZHCVmqq5qc1yzXePdf3ov3ovo12bPOzLBSxlFOk+WrB80Jdpdn/dkrxkuqfdI2IZoriJZ4JVdHUMjo2QwPIII6inV8t/sSfELxf8AAr4h6l/wTy+Oesy3eqeGrQ3nw08Q3ZwfEHh/JCJnoZ7cAoyj+FDgERlj9SVnjsHLA4h02+aLs4yW0ovVSXqt10aaeqNMvxscfhlUS5ZK6lF7xktJRfo9n1TTWjCiiiuM7QooooAKKKKACiiigAooooAKKKKACiiigAooooAKg1TS9N1zTLnRdYsYrq0vIHguraeMMk0bqVZGU8EEEgg9QanopNJqzE0mrM+Wf2ZdU1L9jv49XX7D3ja/lfwnrpn1b4O6tdyE/udxe40lnPV4mJZM8lSSfvoo+pq8s/a9/Zyg/aS+E0nh3SdT/svxRo10mq+C9fjO2TTtTh+aJww5CsRtbrw2cZUVB+xz+0bP+0R8LWuPFmmf2V408N3j6R450Jxtey1GL5XIXtHJjep5HJXJKmvJwbeBxH1KXwu7pvy6w9YX07wa/lPDwDeW4r+z5/A7ypP+79qn6wvePem1/IetUUUV657oUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH5Gf8ABWn4aftXfFX/AIKLr4Q+Glnr3iOS30HTtT8H6b4e8yVtGtztikmfy+LY/a45GMrFQA8eW+7j9UfhDp3jnSPhP4X0n4n6kl54ltfDtlD4ivI2BWe+WBFnkBGMhpA5z718/fsHf8Xh+P3xx/a3uP3ltrHi9fC3heU8r/Z2loI2kjP9yWRtx/2kNfUdfU8RZlOrh8PlrhFewjFNpauTinJP0ur95Xb1PkuGssp0sRiczjOT+sSk0m7pRUmotebs7do2S0Ciiivlj60K8V+Jv/Fd/tmfD/wOp32/hXRL7xFfRjoWkxbQE+6uCR9a9qrxX9n3/it/2ifiv8VW+eC11S28N6a/ZBaR5nUH3kZTXy/Ev+01cDgP+ftaLf8Agop1pfK8aa+Z9Nw5/s9LG47/AJ9UZJf46zVGPztKo/ke1UUUV9QfMhRRRQAUUUUAFFFFABRRRQAUUUUAFeM/sH/8kQ1z/ss3xH/9TXW69mrxn9g//kiGuf8AZZviP/6mut0AezUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFYnxMl+I0Hw38QT/B+z0e48Wpod23ha38RTSx6fLqIhf7Mt08IMiwGXYHKAsELFQTgUAbdFfA2rf8Edfjx+1JcP4i/4KH/8FS/jB4k1KdRLJ4I+D+rr4P8AC9grZIiW2hWSe6CEMqzzS+YwBLDOQILf/gh9f/s6qvi39h//AIKkftA/C3WIpo0tbTxT4vj8UeHZ5XcIi3GmX6BZizMqLiRW+bA5IoA/QCvk79pr9vn9rL9lrRfGfxu8df8ABPiSf4Q+A7m5m1zxTZ/FGzbW5dJgciXVbfSRbmN4RGGm8uS7jm2D/Vhvlr3n9nCL9oq3+C+i2v7WF14SuPH8AuItfu/AyXCaXdbbiVYJ4Uuf3kZktxC7xksEkd1VmVQx/O/9uf8A4KRfsZ/tkftO+I/+CdnxZ/bA8DfDT4NfD7WUtvjhe+JPFUGnal431CCUMfDVlHI6yR2KOgF7dYBlwbeI4MklAH01+2x/wUT+M/7KWt+CfEvgr9jg+Nvhj4r1zw1pl58SZPiHaabHZTazqUdjEsViYZrm4aMTQynKxIVkAD5DY+rq/On/AILuftn/ALIPw6/Zz+H3ws8R/H/wjpWsaj8TPh74p0fRZdTjSSfQYPElnK9/Eg62yRW8zbxwFib0r7u+DPxq+E37RPwz0v4y/Az4g6X4q8K60kraTr+i3QmtbsRyvC5Rxw22SN0PupHagDgfA/8AykL+KH/ZGfAf/p28X17NXzx8AvBfiTwT+378X7XxL8XPEPi+S8+Ffge5t7nxFbadE9jE2q+LgLWIWFpbKYlwSDIry5Y7pGGAPoegAooooAKKKKAPEv24f2Z9b+PPgGw8YfCrUV0r4leBb3+1/AOtAhStyuC9rITwYZ1UIwPy52kggEHc/ZD/AGmNE/an+Ddr4/t9ObS9bs5307xb4emBE2kapD8s9u6nkAH5lzyVZc4OQPUa+Sf2mNJ1T9hz9oWP9ufwHp80ngbxRJBpvxp0WzjLCEFtlvrSIOrxs22THJDdMyMw9vBNZlhvqM/jV3Sfm9ZU/SW8e01b7Z4WOTyzFf2hD+HKyqryWkanrDaXeDv9g+tqKr6Rq2l6/pVrruiahDd2V7bpPZ3dvIHjmidQyOrDhlIIII6g1YrxWmnZnuJpq6CiiikMKKKKACiiigAooooAKKKKACiiigAooooAKKKKACvlz9q3QtY/ZR+NVl+3l8PNNmm0S5SHSvjBo1nGWNzYFgsOpKg6ywHAJ6lMD5RvNfUdVta0bSfEej3fh/XtOhvLG+tnt7y0uIw0c0TqVdGB4KlSQR6GuTG4X63Q5U7STvF9pLZ+nRrqm0cGY4L69h+WL5ZxalCX8sls/TpJdYtoboWuaP4n0Sz8SeHtShvLDULWO5sru3cNHPE6hkdSOoKkEH3q3Xy5+yzrOrfskfG+8/YS8fajNL4e1BZtV+DusXkhYzWe4vPpbOessBJZR1K5PAKLX1HSwWK+t0OaStJO0l2kt16dU+qaYZdjfr2H5pLlnFuM4/yyW69OsX1i0+4UUUV2HeFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFeZftmfGhf2ev2WvHPxejuRFdaToE39mOT/wAvsuIbYf8Af6SOvTa+XP8AgoH/AMXd+L3wT/ZCtv3kPinxt/b/AImhXkHStLTz3jk9FkcgA/3o8V6OUUKeIzGnGp8CfNL/AAwTlL71G3zPMzjEVMNltSVP42uWP+KbUI/c5X+R6b+w98F2/Z9/ZN8C/Cu5tjFe2OgxTasjDkXs+Z7gH1xLK457AV6tRRXJia9TFYidafxSbb9W2/1OzDYenhMNChT+GCUV6JJfoFFFFYm5neLvEdl4P8Kan4t1I4t9L0+a7n5x8kaF2/RTXm37EPhy90T9nLRdX1cZ1DxDJPrV/JjHmPcytIrfjH5dcF/wU2+LvjP4e/CnT/BvhizC2nit7i11XUDHnyokVD5I7AyBm567UbHqOv8A2Cfih4o+Kn7O+n6j4q0mO2k0m5bS7SWGHYlzBDHGEkC9BjcUOOMxnp0r87XEOXYzxOWVe97Shh5Ne6+XmqShKWvlTUUns22k7pn6A8gx+D8Nnmnu+zr14p+8ublhGcY6edRybW6STas0e0UUUV+iH5+FFFFABRRRQAUUUUAFFFfCX7d//BWv4hfsv/tIzfBH4efDLRr+00OK1fXbrWjN5l0ZoY59luY3URgRyKN7B/mz8uBz5+ZZng8pw6rYl2i2lom9X5I8vN85y/I8KsRjJNRbUdE27vyXo36H3bRWH8MvHNl8T/ht4e+JWmWU1tbeIdDtNTt7a4x5kSTwpKqNj+IBwD7ityu6EozgpR2eq9Hr+p6UJxqQU4u6aTXo0mvwaCvGf2D/APkiGuf9lm+I/wD6mut17NXjP7B//JENc/7LN8R//U11uqKPZqKKKACiiigAooooAKKKKACiiigAooooAKKKKACmyyxQRNPPIqIilnd2wFA6knsKdWD8VPhn4F+NPww8SfBz4oaEuqeGfFug3mjeItMeeSIXdjdQPBcQl42V0Dxu67lZWGcgg4NAHyR/wUO0b48/s/8Axi0r/gp3+x/rs/i698L+GYtB+Lnwah1JGTxh4WguLi6WawQnCarZvdXUsXeZJHizyEk8y+A/jv4k/wDBbX9oDwn+1Hq+p6x4B/Za+G3iqz1r4XeFbqf7Fq3xN8QWU6y2+r30YbdFpttcRq0Fuf8AXSRiR8gBV+Rvij4F/wCDSPwT491T4cfC/wDYa8a/F3UNDu2tdZn+EFt4q1qztZlPzJ9qW/SGXH96J3Xnr1r2H/gm78Af+DYX49ftMaBp/wCzF+zXe+CvjR4N1S28R+HfCXj688SaVq8NxZyrcxXMMF5dmG6MbxeYY1MmFjYumwE0Afr1RRRQAUUUUAeM+B/+UhfxQ/7Iz4D/APTt4vr2avGfA/8AykL+KH/ZGfAf/p28X17NQAUUUUAFFFFABVLxJ4c0Lxh4evvCfijSYL/TdTtJLXULK5TdHPDIpV0YHqCpIP1q7RTTcWmt0JpSTTV0z5O/ZK8R69+x78cLn/gn58UdVnuNAvUm1P4K6/fSEm6sMlptKdz1mtySVHUpn7oMa19Y15L+2X+zHbftP/CQ6Do+rf2P4t0K8TVvA3iSI7ZdL1OE7onDAZCMRtcc8HOMquK37FH7Tlz+0j8MJ4/GukjR/HnhO9bR/H/h5wFey1CPKs6rn/VS7S6EZH3lBOwmvaxyWY4b6/Be+rKqv7z2n6T69pp/zI8PASeW4n+zpv3Hd0n/AHVvT9YX93vTa/kZ7HRRRXiHuhRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAeUfth/s5N+0Z8Kv7N8N6n/ZXjDw/eJq3gjXkO17DUofmjO7sj42N1GCGwSop37H37Ry/tH/ChdZ17TP7K8WaFdvpPjbQJBtk0/UoflkXaeQjEb168HbklTXqtfLf7UOkap+yH8dLT9ujwJYTSeGtWEGk/GLSLSMtvtdwS31VUHWSEkK3cqQONztXkYxPA4j67H4dFUX93pP1hfXvBv8AlPCzBPLcUsxh8DtGqv7v2anrC/vd6bf8qPqSiq+kavpev6Ta67omoQ3dle26T2l1byBo5onUMrqw4KkEEEdQasV6yaauj3E01dBRRRTGFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAV8ufAH/i+P/BRv4tfHGX97pnw70ez8B+HpTypuCftV+R2DpLhCeu1se1fQXxb+Iuj/CD4W+I/ip4gI+xeHNEutRuVLY3rDE0m0e524HqSK8e/4Jh/DrWPA37H+geJfFoLeIPHVzc+LfEE7LgzXF/IZlcjqD5Pkg57ivYwf+z5ZiMR1lamv+3ven/5LFL/ALePFxv+05rhsP0jzVZf9u+7D/yeTf8A26fQVFFFeOe0FFFFAHh/7R2m6d8Tf2gvhf8ABrVtPgvdOW6vdd1qzuYhJE8cEJSEOjAhlZ2dSCMc17RpWk6VoWnQ6PoemW9naW6BLe1tIVjjiUdFVVACj2FeO/Df/iuP20vH3jJvng8KeH7Dw/Zydi0pNzMB7qw2n617VXynDVOnicTjsyaXNVrTinZX5KPLSir2vbmjUdr2u726n1HEdSph8PgsuTfLTowk1d256vNVbte1+WVNXte2l+gUUUV9WfLhRRRQAUUUUAFFFFABXx5qnwC+D37X/wDwUk8eX/xT8C2utaR8NfCOjaYlvI8kccuozs92sknlsvnFIy0ZR9y4IBXgY+wmZUUu7AADJJPAFfNv/BNBW8Y/D/x1+0RcAs3xI+JWq6pYzEcmwjl+z26e4Xy5APrXkZlTp4rFYfDTScXJzaaurQjp/wCTSX3HhZtRpY3GYXCVIqUXKU5Jq6tTjpdP+/OP3H0hbW1vZ28dnZ26RRRIEiijQKqKBgKAOAAOMU+iivXPd2CvGf2D/wDkiGuf9lm+I/8A6mut17NXjP7B/wDyRDXP+yzfEf8A9TXW6APZqKKKACiiigAooooAKKKKACiiigAooooAKKKKACvPP2uvhx44+MX7KHxP+EXwx1gad4l8VfDzWtH8Pag0xjFrfXNhNDBLuHK7ZHRs9sZr0OoNU1TTND0y41rWtRgs7Ozgee7u7qZY4oIkUszuzEBVABJJOAASaAPzA/YO/wCC3P8AwTC/Yr/Zf8D/ALGv7ULap+zp4/8Ah34Xs9G8T/DzxZ4C1GDZewRLHcXUU1tbyQ3Ec8qvMJt++XzN7AliaqfGj9uH9mj/AILE/ta/s8eAv+Ccfh3WvH2pfCv41aX4w8Y/GSDwjeafpfhbRLNZGvdPN7dxRPJJeqyQi3QFJPvEnyxj9BfE3xp/Y48aW8dr4x+LPwz1aKJt0Uep69p86ofUB3IFeVftUf8ABRz4JfsrWvwj8N/CFvB/jCT4jfG3w18PxpGg+K7aI6TBqtw0LX6xwLJ5ghIB8vCBiwG9aAPqGiiigAooooA8Z8D/APKQv4of9kZ8B/8Ap28X17NXjPgf/lIX8UP+yM+A/wD07eL69moAKKKKACiiigAooooAK+VP2yfB3ib9l/4uWf8AwUP+DujTXUFnbx6f8YfD1kvOraMCAL5V7z23B3d0UZKqr5+q6ivbKz1Kzm07UbSOe3uImjngmQMkiMMMrKeCCCQQeua7cBjHgsRztc0WmpR6Si91+qfSSTWxw5hgljsPyJ8sk1KMusZLZ/o11i2nuUfBvjHwz8QvCem+OvBesw6jpOr2Ud3p19btlJ4ZFDKw+oPQ8joa06+RvgJe3v7A37SZ/Y+8VXcn/Cs/Ht3Pf/CDU7mQlNMvGbfcaK7HoCzb4snksBlmkO365qswwawdZcj5qclzQl3i+/mneMl0kn0aJy3GvG0H7RctSD5Zx7SXbvFq0ovrFrqnYooorgPQCiiigAooooAKKKKACiiigAorxn9vHwl8WfGn7P11ovwgju5rz7fE+p2dgx866swrh40A5Y7zGSo5IUjnofM/+CY9/wCNfCv/AAlfwh+JE2oadeWi2l7pfh3WIJIZ4Yn8wSyokgBCEmLOOAef4ufisXxhPB8aUMhqYWfJVjdVtoc1pNQWlm/da+JS5rWi1dn2WE4ShjODq2eQxUOelKzo7z5bxTm9bpe8n8Lja95J2R9ZUUUV9qfGhRRRQAVU8QaBovirQr3wx4j0yG90/UbWS2vrO4TdHPC6lXRgeoKkgj3q3RSaUlZiaUk09mfL37Juv61+yv8AGW+/YK+I+pzT6TJHLqvwg1q8fJvNNLFpdOZj1ltzkgdSmThV2A/UNeR/tk/s5XX7Qvwwj/4Q3UhpfjfwveLq/gXXEIV7PUIvmVC3/POTARgcjlWIO0Crf7Iv7Rtr+0p8JIfFGoaadL8S6VcvpfjLQZAVk03U4TtmjKnkKT8y5/hYA8g48rBN4Ku8FP4d6b/u9Y+sL6d4Nfys8TL28uxLy6fw2cqT7x6w9ad9O8HF/ZZ6jRRRXrHuBRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAfMf8AwVI1O/8AFfwl8Kfsu+Hrp49R+LnjrT9BkMJw8Ngsqz3c/wDuqsaBvZzX0rpemWGi6Zb6NpVqkFraQJDbQRjCxxqoVVHsAAK+VNE8U+GP2mv+CqCXfh3xHYarofwU8BSiGSyu0mRda1GTy5dpUkHbbrsbHKum04PFfWVezmUZYbB4fCtWai5y9aj0+6EY/eeJlco4rG4nFp3TkqcX/dpqz++cpfcFFFFeMe2FNmmit4XuJ5AiIpZ3Y4CgckmnV57+1f41Pw//AGcvGHiWOXZKNFktrZweRLPiBCPcNID+FcWZY2nluXVsZU+GnCU36Ri5fpb5nZl2CqZjmFHCU/iqTjBespKP63+RzP7DkMus/DDWfivdxsJvG/i/UdXBcfMIjMYo1+gEZx9a9orl/gn4LHw6+EPhrwOYtkmmaJbQTjGMyiMeYfxfcfxrqK4eGsFUy7h/C4er8ahFy/xyXPP/AMnnI7uI8bTzDPsTiKfwOcuX/BH3If8AkkIhRRRXtnihRRRQAUUUUAFFFFAHmP7aPxK/4VD+yj4/+IEdx5U9n4YuY7KTONtzMvkQn/v7IlWf2Rvhr/wqD9mLwJ8OZLfyp9N8MWi3qYxi5eMST/8AkV3NeY/8FI/+K30H4a/s5w/P/wALB+Jum2upQf3tOtmNxctjvt2RHFfSdeXS/fZvVn0hGMfnJub/AAUTxqH7/Pa0+lOEIL1k3Ul+Cggooor1D2Qrxn9g/wD5Ihrn/ZZviP8A+prrdezV4z+wf/yRDXP+yzfEf/1NdboA9mooooAKKKKACiiigAooooAKKKKACiiigAooooAK4D9q74Nf8NF/st/Er9nz7QsX/Cd+ANZ8O+azFQn22xmttxI6Y83Oa7+sP4m+G/E/jL4b+IfCHgnx5c+Fda1XQ7uz0jxPZ2cVxNpF1LC6RXiRTAxyvE7LIEcFWKAMCCaAPz7/AGJP+Dc//gnj4f8A2Svh94e/bC/YR8DXnxO07wzb2njW/stVvJ47y+iXy3uA6TKrGQKJDhQNzkYFWfj/AP8ABvR+x7oXjf4K/FT9gv8AZr8D+BPFHw/+PvhXxZ4j1ebUb5Hn0HT7z7ReW0OTMHmfbEUVgoJXl177+r/tO/8ABdH9kqQ+Gfiz+wD4P/aS0i3Oy1+IPwf8axeH76eIcK93pGoByJ2xlhbyGJSeOOKZpn7cP/Bbf9o6QeGPgL/wSW0T4RpMdr+O/jt8S4Z7Wz9T/Zmmp9qmbHIwyrnAJAyaAPvuvhv/AIKN65+3T+xv8CPiX+3Pof8AwUFtvsvhCSXVPDPwr1H4aaWui6jAbhVtdGlnCtqEt1PuS3WeK4jzLIpEQHy19Wfs3+BPjF8Nfgvovg74/wDxr/4WJ4xtxcSa74vGgw6Yl7LLcSzBY7WElIYokkWBFyzbIVLMzFmPxD8ZtM/b2+Lv7fV38UP2g/8Agmn4+8c/C34Va7v+BvhTwt498IJpl/fx7l/4SjUUvtYgllusE/ZYHiVbVWL4MzFlAPQdZ+Kv7Zf7Z/7X3xC/Z9+AX7Q0/wADtG+EHgzw7Prc9r4Q07Wb/VfEWsWst6ttP9vjkjSztrdIA6RLHLI87YlQKK9i/wCCbX7UPi79sT9jLwh8c/iPodjpvim4fUdI8W2Wmbvs0eraZqFzpt40IYlliee0kkRSSQjqCSRk+QeIvBf7ZX7Ln7ZHxH/as+AX7I1z8T9F+OXhDw9JrXhi38baVpWoeF/EWl20tqone7mWGa0lt5IFeSB5ZEe2bbHIrAn17/gmz+y94v8A2O/2MfCHwM+I+t2Oo+KYH1HV/Ft7pm77M+ranqFzqV4sJYBmiSe7kjRiASiKSATgAF7wP/ykL+KH/ZGfAf8A6dvF9ezV88fAL4R/Cj4Qft+/F/TfhN8MfD3he21T4V+B9Q1O38O6LBZJeXkmq+Lg9xKsKKJJWCqDI2WIUZPAr6HoAKKKKACiiigAooooAKKKKAPN/wBq39m7wt+1T8GNR+FfiK5eyumZbvQNagyJtK1GLJguoyCCCrcHBBKsy5Gc1yP7DH7SPin4u+E9V+EnxttksPil8O7tdK8baecD7SQP3OoRdN0U6AOCABuzgBSufdq+Yv25vhb41+GXi7Sf2/P2f9Ha58VeCbUweMtDt/l/4STw8TunhYDrLEAZEPJG3oxRFr2cvnDGUXl9V2u702/sz7N9Iz0T6KXLLueJmVOeCrrMaKvZWqJfah3S6yp6yXVx5o9j6dornvhP8UvBPxs+G+jfFf4dawl9ouu2KXVjcL12nqjD+F1YFWU8qykHkV0NeROE6U3Cas07NPdNbo9inUhVgpwd01dNbNPVMKKKKksKKKKACiiigAooooAK8r/aV+D/AIi8Uw6f8XPhO62/jrwkxn0iToNQg582yl/vI4Jxnox6jcTXqlFefmmW4bN8DPC172lazWkoyTvGcX0lGSUovo11TafflmY4nKcbDE0bXV7p6xlFq0oyXWMotxkuz6NJrkvgl8YPDvxv+H9p450BGgdyYdR0+b/W2N0nEkDjggqfUDIIPeutrwX4t6ZqP7MHxQk/aR8H2MsvhXXJUh+IukWyE+SxOE1KNR/EpOHA65J6sWX3PS9U07W9Mt9Z0i9iubS7gWa2uIXDJLGwBVlI6gggg152RZlia/tMBjrLE0bKVtFOL+CrFfyzS1X2KinB7Rv6Gd5dhqHJjsFd4atdxvq4SXx0pP8Amg3o/twcJreVp6KKK+hPACiiigAr5Z/aU03UP2Nvj9bftt+DLGVvB/iJoNK+MOlWsZIRCwS21dUHV42YI+OSDgDLsw+pqo+JvDWg+M/Dl/4R8U6VDfabqdpJa39ncLuSeGRSrow9CCRXHjsK8VRtF2nF3i+0lt8ns11i2uxwZjgnjcPaD5akXzQl/LJbP0esZLrFtdixpupafrGnW+r6TexXNrdQpNbXMEgZJY2AZXVhwQQQQR1BqavmD9kPxLr37M/xa1D9gT4n6rNcWltBJqfwl1u7bJ1HSCSXsmY9Zrc5GOpQEgBVXP0/TwWKWLoczVpLSS/lkt1+qfVNPqPLsasdhudrlmm4yj/LJbr9U+sXF9QooorrO4KKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAK5X466LN4k+CHjLw7beKv7Ckv/AArqNtHrmSP7OZ7aRRcZXkeXnfxz8tdVXzz/AMFQfiBrXhP9krVPAvg98+IfiLqVp4P8PwhsGWe/k8t145/1Am6d8V25bQnicwpUoOzco69tU2/RJNvyWpw5nXp4XLq1WaulGWnfRpJebbSVtbvTU+Kf+CLP7D/7ROm/Gnw/+15rkA0XwSdJvGs3e/RpNcWWOW3VPKRi6IsmJcyhcmJCoOQR+rlYXwv+H+i/Cj4baB8MPDibbDw9o1tp1p8uCY4YljBPuQuT7k1u13cQ51Wz3MpYmaSS92Nlb3U3a/d66/5Hn8OZHR4fyuOFpttv3pNu/vNK9uyutPvd2wooorxD3grxX9sT/iqrz4d/BuP5v+Em8cW0l7F132VqDNMMf98H8K9qrxW//wCK6/bvsLbG+18C+B5bjd/zzvLyTy8e2YRn8K+X4u/fZXDBLfEVaVL/ALdlNSn/AOU6cr+T8z6bhT9zmc8Y/wDmHp1an/byg4w/8nqRt6eR7VRRRX1B8yFFFFABRRRQAUUUUAFFFVNf13R/C2hXvibxDqMVnp+nWkl1fXc7YSCGNS7ux7AKCT7Ck2krsTaim3sj538Xf8XR/wCConhPQB+8s/hh8OL3WHbqsd9qEotQh/2vJAcewr6Tr4f/AOCff7XHwV+Nn7afxf1i21q5TXPG17aDwpFeWxRbnS9Pt2jAQ5+WQrmVkIBwM8kMB9wV4+SV6OLoVMRTkpc9Sb08mopf+AxT9GeBw7icPjsNWxVKal7SrN6O+zUYr/wGKfpJBRRRXsn0AV4z+wf/AMkQ1z/ss3xH/wDU11uvZq8Z/YP/AOSIa5/2Wb4j/wDqa63QB7NRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFfA37cvhn4jftw/wDBTnw1/wAE2dT/AGjPG3w3+GWl/A+X4ieJovhzrZ0vVPFl2+rnTYrF7xQXjtYFTzZET75nQN/CyfPn7Mnxy+LvhH/glD/wTm+KGjfGLxOniDxB8evD3h/XIR4guT/wkem6jc6nbXkF5HvxdokWJx5gbyzbBhgigD9fKKKKACiiigDxnwP/AMpC/ih/2RnwH/6dvF9ezV4z4H/5SF/FD/sjPgP/ANO3i+vZqACiiigAooooAKKKKACiiigApGVWUqwBBGCD3paKAPkLwgx/4J0ftTj4Z3beR8GPi7q7S+F5mOIfC/iF+Xss9I4LjGUHADAAABZGP17XFftDfAfwL+0t8H9a+DPxEtC+n6xbFFnjA820nX5oriMno6OAw7HGDkEg+V/sJfHjx1qg1v8AZM/aIux/ws34bFLe9unJxr+lnAttTiJ5cMpUOeSGILYL7R7mJ/4VMH9bX8Wmkqn96O0anrtGfnyye7Z4OF/4Scb9Tf8ACqNun/dlq5U/TeVPy5or4Uj6Jooorwz3gooooAKKKKACiiigAooooAh1LTrDWNPn0nVbOK4tbqForm3mQMkqMCGVgeCCCQRXhXwq1G//AGWvinH+zt4rvJJPB/iCeSb4earcOT9mkJy+myMe4JyhPXIHJbC+91ynxq+EXhv43fD+88B+I90Xm4lsb6IfvbK5XmOeM9Qyn3GQSOhNfPZ7lmJxHs8dgbLE0buF9FOL+OlJ/wAs0tHryTUJraV/fyTMsPQ58FjbvDVrKVtXCS+CrFfzQb1X24OcHvG3V0V5T+zV8XvEniIaj8Gvi3th8c+EyItS7LqVtwIr6P8AvK4I3Y6MRkDcAPVq9HK8zw2b4GGKoXSd009JRknaUJLpKMk4yXddU035+Z5biMpxssNWtdWaa1jKLV4yi+sZRacX2fRppFFFFegcAUUUUAeP/tnfs56l8fPhtb6l4A1EaZ498IXo1jwJrSkK0F9Hg+SzH/llKFCMD8v3WIO3B0/2S/2i9N/aY+EFt42bTjpuu2M76d4s0KQFZNL1OH5ZoWU8gZ+Zc87WGecgem18r/tDWV5+xX+0PB+2V4VtJP8AhBvFssGl/F3TbZCVtXLbLbV1Ud1ZgkmByG6FpCR5GLX1DEfXI/A7KovLaM/+3b2l/cf908LHp5Zi/wC0I/A7Rqry2jU9YXtLvB3+wfVFFRWV7Z6lZQ6jp13HPb3ESyQTwuGSRGGVZSOCCCCCOualr19z3U01dBRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABXy38Yv+L7f8FMfhv8ACWM+dpHwq8NXfjHW0HKNf3BFtZRt6On+uX2Y19RsyqpZmAAGSSelfLv/AATdB+LGu/Fn9su7HmD4jeOpbXw9Oed+i6aDa2rA9skSggcZQda9jK/3FDEYv+WPLH/FU938I87PFzX/AGjEYfBr7c+aX+Gn734y5EfUdFFFeOe0FFFFABXiv7KP/FXePvip8YnG4ax4yOmWch/jtrCMRIw9juP5V1P7TXx60f8AZ0+Fdz4+1OykuZ5ZxZ6Xax8ebdOjsgYn7qgIzE88L0JNecf8E1/if4X8Y/Ar/hB9Ktp4tT8OXLHWGnO7z3uZZZVmDd84ZcHkbO/Br4XM84yytx3gMplVXtYQq1eXq5OChBbWvyurNK+ybPt8tynMqPBGOzSNJ+znKlS5uiipuc3ve3MqUHpu0j6Iooor7o+ICiiigAooooAKKKKACvLv22fGnhvwB+yP8RvEfi2FZbE+Eb20e3Zyone4iNvHFkcjfJKi5HPzV6jXzR+3b/xd74r/AAh/ZFtv3kHiXxX/AG94oiHI/srTV85o5PRZZCFB/vR15+aVZUsBU5fikuVesvdX/pV/RM8vOq8qGWVeTWUlyR85T9xfjK78kzgP+Cd//BK7Sf2dvE/h/wDaR8d+O7nUvEZ0FJrTRF04W8ek3FzbbJld/MYzsqyPGDhByTgnGPtaiiqy7LcJleGVDDxtHd+b0u362/yKynKcDkuDWGwkOWO73u3ZXbv1dv0WgUUUV3HpBXjP7B//ACRDXP8Ass3xH/8AU11uvZq8Z/YP/wCSIa5/2Wb4j/8Aqa63QB7NRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAfDP7dXwS+E37b37f8A4b/Zcj13x78Lvit4E+EsvjrwL8dPh74iSyvra2uNSOnXWk+UyMLqAlIpJUf5QJYwCvmMWqf8E+/+CD/ww/Yq8VeCfGnxI/ah+IXxfuPhbZXNr8KdE8W3EUGi+ERcBhNcWljECv2lld1852YgNwAVVgn/AAVr/wCCfvhf44/FTwp+2n8Q/wDgqd4l/Zw074daL/Z2k6ppmpWGmW9pcTSzNPN9uuHjdTcI0MTwb/LkW1iyrEVxH7En7Pmq/Gr4o6N47+Bv/ByJ40+NOn+ENdsdS8ReENI1fRL6K9tYrhHe1u1tyZYoZgpiLYBIc4OaAP0pooooAKKKKAPGfA//ACkL+KH/AGRnwH/6dvF9ezV4z4H/AOUhfxQ/7Iz4D/8ATt4vr2agAooooAKKKKACiiigAooooAKKKKACvnX9u74E+Or46J+1x+ztZ5+Jnw23z2tpGDjxBpRybnTJQvL7lLNGOSGLBcM4YfRVFdWCxdTA4mNaGtt09mno4vyaun9+6RyY7B0sfhpUZ6X1TW8WtYyXnF2a+7Zs4v8AZ7+O3gX9pT4QaL8Zvh3eGTTtYtQ5hkI820mHyy28gHR0cFT24yMggntK+QfFIP8AwTn/AGqD8QrUGD4L/F7WFj8RxLxB4X8RPwl5jpHb3GMOeApBJICIp+vgQwDKcg9CK6MxwlOhONWhrSqK8X1XeL/vQej7q0tpHPlmMq4iEqVfStTdppbPtJf3ZrVdnzR3iFFFFeaemFFFFABRRRQAUUUUAFFFFAHk/wC0t8JPE2tnTvjX8IVWLxx4TzJYLj5dUteTLYyY+8GGdvoxOCN24dd8GPi54a+Nvw/svHvhksiTgx3llKf3tncLxJBIOzKfzBBHBFdVXgfxRsL79lb4qyftBeF7OR/BniO4SH4g6XboSLOYnampRqPc4kA65zyWyvx+ZRlw5mEs2pr/AGepb6xFfZeijiEv7qtGtbeHLU3pu/1uXNcQ4COV1H+/p39hJ/aWrlQb/vO8qN9p80Nqit75RUOn6hY6rYQappl3HcW1zEstvPC4ZJEYZVlI4IIIINTV9fGSkk07pnybTi2mrNBRRRTEFZ3i7wn4d8d+F9Q8F+LtJhv9L1WzktdQsp1yk0LqVZT9QT71o0UpRUotNXTFKMZxcZK6Z8x/sdeLPEX7O/xO1H9gL4r6tNc/2VbtqHws1u7bnVdEJJ+zFu81vypUfwqcAKgJ+nK8b/bS/Z11n44/D6z8TfDS+GnfELwVe/2v4F1YEApdJgtbOTwYplUIwPy52k5CkHc/ZT/aJ0X9pv4PWXxCtLE6fqsEr2PibRJQRLpepRYWe3dTyMN8y55KspODkDysDJ4Os8DN6JXpvvHrH1ht5xcX0Z4mXSlgMQ8uqPRK9JvrDrG/endLu4OL6M9Iooor1j3AooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAPFf+Ch/wAYLz4J/seeNfFGiO/9r3+m/wBj6FHD/rXvbxhbRlB3ZfMMgH/TM12P7M3wfs/gD+z94P8Ag3aIgPh7QLe1uXj6SXAQGeT/AIFKXb/gVeK/tcf8Xu/bY+CP7MEP72w0O8n+IHiqHqFiswYrHcO6tcM6kHjkda+o69jFf7NlNCh1m3Ufp8EPwUn8zxcJ/tOcV6/Smo0l6/HP8XBfIKKKK8c9oKKKKAPCv25NMsviPpXgv4ALAr3vi/xZDiQKDJa2tupe5nTIOGVGx9Gau4+AX7OPw2/Zw8PXPh/4ewXbm+mEt9fahMsk9wVBChiqquFBOAFA5PcmuP8AA/8Axdb9svxP44b95pvgDR4tC0w/wm9n/e3Lr/tKP3R9iK9tr4nI8twGZ55is/qUoupzulSm1qqdJezk0/79T2mu9opJpaP7PO8xx2W5Lhsip1ZKnyKrVino6lV+0imv7kPZ6bXk203qiiiivtj4wKKKKACiiigAooooAK+aP2bv+L2/tx/Fv9oaX97pvhFIPAXhmXqA0JE9/jtkTlcEdmr2X9ob4sWPwL+Bvir4u35TGgaJPdQxydJZwpEMf/A5Ci/8CrjP2APhNffB/wDZO8J6Jr4dta1WzbWtflmH7yS8vGNw+/1ZQ6xn/rnXl4n/AGjMqNHpC9R/L3Yfi5P5Hi4z/as3w+H6QTqy9V7kP/JpSl/26ey0UUV6h7QUUUUAFeM/sH/8kQ1z/ss3xH/9TXW69mrxn9g//kiGuf8AZZviP/6mut0AezUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH5qf8FB/D37J3xH/AOC1/wAJvh5/wUpm0Gb4VRfBC9vvhVo/j+5SPw5qPjP+1xHeJMsxEE9wtj9l2RTZU+YcAsUB5f8AbR+GP/BOT4L/ALdX7Kus/wDBO3w98OPDPx21D436XY6jo3wfjs7WW+8GSRT/ANtvqNrYYjNutsCwllXduQBCQr4+sv2nbr9lf9sD9rG1/wCCX37Rv7L2j/EGzPwwf4hahqHiGKKS30mL+0P7Ot1hBXzVuJX+0YkjZCqROMndg8UP2e/+Cdn/AARn8W/DjxF+zr+xB4f0KX4tfE7Tfh9deKtIYvf6XLqIl+zM01yZJmt3nhjjaNJFG6SNiG28AH2tX59f8FtP2UvgJqeq/B39rrUvAz3HxC079ob4a6Rp+uz6vdutrZnxLbbkitjL9njZhI4aRYw7A4LEAY/QWvlX/go3+wp+1L+25feGNF+F/wC2P4a+HnhTw14h0LxJHoupfCRtcup9b0vUTewXBuhqtqFgYpbo0HlE/u3PmfPhQDxr/gpRP+zLd/8ABSX4e6B/wU71vSLT9nqf4QanJ4Si8c6gbbwvceNF1GLzheszLA1yun7TbLcHHM5j/eV0P/BAX45p8Xf2fPi74L8MaxrWoeBvhv8AtCeIvDXwqu9fe4e4HhcR2l7p0W+5/fPGkV7tiMhLCDyR2AHuPjz4Fft7+J/hr4W8O+Hv23fBOneI7C2uY/GOs3nwOF5Za1I8qtBNb2baqrWTxINozNOrE7ivAA6z9kT9lnwt+yN8KJvh7ovinU/Eeraxr994h8ZeLtbEYvfEGtXsplu76ZYlWNCzYVY0UJHHHHGowgoA4n4BfE7w38Uf2/fi/qHhrTfENtHp3wr8D2NwviLwjqOju8qar4uJaJL+CFp4vmGJow0THIVyVOPoevGfA/8AykL+KH/ZGfAf/p28X17NQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQBzvxb+FXgn43/DbWfhP8RtIW+0XXbF7W+t24O08h1P8LqwDKw5VlBHSvBv2Gfip42+HHivVv2Bv2gtXa48WeB7VZvCOuXHH/CS+HidsFwpP3pYgBHIMkjaOWKu1fTdeEftz/s3+Kvi14W0n4wfBC4Sw+KXw6u21TwXf4x9rwP32ny8jdFOgK4JA3YyQpbPr5bXpVISwWIdoTd039ieyl6P4Z/3WnvE8fM6FalUjj8Or1IKzivtw3cf8S+KH95NbSPd6K85/ZU/aQ8K/tUfBfTfit4bt3s7iQta67o0+RNpWoRYE9rICAQVbkZAJVlbAzXo1ebXoVcNWlSqq0otprs1/X69T0sPXo4qhGtSd4ySafdP+vzW6CiiisjYKKKKACiiigAooooAKr6tpOm69pdzoms2MV1Z3kDw3VtOgZJY2BDKwPUEEirFFTKMZxcZK6ejXdMcZShJSi7Napng3wf1bUv2Zfien7NPjO+ll8MazJJP8OdYuXJ2c5fTZGP8AEpOUz1BA/iVR7zXI/G/4PeH/AI4fD+68E65I9vKWE+l6lDxLYXacxzoRggg9cEZBIzzXNfs1fGHxB4uttQ+FPxVjW28deE3FvrUPQX0X/LO9i6bkkGCcdCegDKK+SyuUuHcwjlFV/uJ3eHk+ltZUG+8FeVK796neGrpa/WZnGPEGAlm1Jfv4WWIiut9I10u03aNW3w1LS0VTT1Oiiivrz5IKKKKACvlb4721z+xD+0fF+1v4dt3X4e+ObiDTPixYwISmn3RbZbauFHTltkhHXcThmkBH1TWX418GeGfiJ4R1LwJ4z0iK/wBK1eyktNQs5h8ssTqVYe3B4I5BwRyK4sdhXiqK5HacXzRfaS/R6qS6pvsjz8ywUsZQXs3y1IPmhLtJd/7rV4yXWLfVI0bW6tr22jvLO4SaGZA8UsThldSMhgRwQRzmn18zfsZeMvE3wI+Iep/sB/F7V5bm68P2xvvhrrd0cHWdBJO2LPQzW+ChUfwqcDbHk/TNXgsUsXQU7Wa0kusZLdfJ7Pqmn1Ly/Gxx+GVS3LJNqUesZLSUX6PZ9U01owooorqO0KKKKACiiigAooooAKKKKACiiigAooooAKKK8B/4KUfteap+xf8Asz3HxL8N6Et/rOq6pHo2ieaxEVtczQzSCeTHJVFhc7RjLbRkAk104PCV8fi4Yairzm0l6v8Ap/ccuNxlDL8HUxNd2hBNv0X9JfM5n9iX/i9P7Unxx/axuP3tm3iGPwV4UlPRbLTlH2h4z3SWdlfPqpr6kr4f/wCCFP7Qtj8Tv2atS+DCeEvsF34AvUNzqCSFl1IX0tzMJWLc+aGSQNyRjZjHQfcFenxJRq4bOatCatycsUv7sYpRfzXvesmeVwxWpYrJKWIg7+05pt/3pSk5L5P3fSKCiiivDPfCsb4ieNNN+HPgPWPHmrkfZ9I02a7kUnG/YhYKPckAD3IrZrxT9sqebxla+EP2d9OlYTeOvEkUeoKjYYabbET3LDHphPrzXjcQ5jUyvJa2IpK9RK0F3qTahTXznOPyTPXyDL6eZ5xRw9V2pt3m+0Ipzm/lCMvm0a/7GngvUvCnwI07WfEIJ1jxRcS6/rEjDBee6bzAT6ER+WCPUGvVKbBBDawJbW8SpHGgWNEGAqgYAA7CnV05Tl1PKcro4Km7qnGMb92lq35yk5SfnJmGa5hUzXM62MmrOpJyt2TeiXlGKjFeUUFFFFegeeFFFFABRRRQAUUUUAfNH/BQZj8VfEvws/Y/syZF8feMkvfEUK850bTgLm4VvTcwj2k8EoRzX0sqqqhVUAAYAA6V+XvwT/4KSz/F3/gpzovxD8QfDkf2ZrUCeDPDdqJW8/TIbi7UpcsD8rSM7fvMAYRiATt+b9Q6+fyPHYXNKuIxNGV/eUfSMV7v33lI+X4czLBZzXxeMoS5vfUNmrRhH3d/5m5y+avqFFFFfQH1AUUUUAFeM/sH/wDJENc/7LN8R/8A1Ndbr2avGf2D/wDkiGuf9lm+I/8A6mut0AezUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFeW/tyfE7xJ8Ev2KfjB8Z/BkjprHhH4W+INa0po1ywubXTbieIgdzvjWgDwT9vv8AZe/bY8PftVeE/wDgo3/wTph8J69470TwTP4L8b/DjxxfPaWfinQHu/tkK290vFtdwXJkdWfCsJSCcApJ574c+Cv/AAVb/wCCif7Q/wAL/F37f3wI8DfA74U/CLxva+NbbwVoHjJNf1nxNr9mr/YGluYAIYbSGRzKV+8zKAQ2Q8eX+2V+1/8AHL9j/wD4N4PCXxe+H3xZ1XxF8WfGfw88KaP4c8XajeG4vb/W9aS2827SR8kyKk1zNF12mOMdFrzm7/4J+ePf+CNHxT/Zv/aF+FH7aPxa8bar49+MmgfD7416J458WvqGl+JV1oSQPfxwOoMUsFyFkjJZ2CdXOH3gH600UUUAFFFFAHjPgf8A5SF/FD/sjPgP/wBO3i+vZq8Z8D/8pC/ih/2RnwH/AOnbxfXs1ABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQB8i/Hazu/2A/2lh+134XtZB8MPiBeQ2Hxc023QlNKvmbZb60qjoCzbJcDksT8zSLt+trO8tNRtItQ0+6jngnjWSCeFwySIwyGUjgggggjrVDxr4M8MfETwjqXgPxro0Oo6RrFlJaajY3C5SaGRSrKfwPUcjqOa+Z/2MvGfif9mT4s3v8AwTu+MmszXUen2z6h8IPEN43Or6ICSbNm6Ge2wRtH8CnACopb3J/8KuB5/wDl9RWvedNaJ+cqeifeFn9lngw/4SMf7P8A5c1np2hUerj5RqatdFO6+2j6rooorwz3gooooAKKKKACiiigAooooAK8k/aV+FHie9udP+PPwdhC+NvCiloYAPl1ey6y2UgH3sjJT0YkDBII9borzs1yzD5vgZYatdXs1JaShJO8ZxfSUZJNP1TunJP0MrzLEZTjY4mlZ2unF6xlFq0oSXWMo3TXo1ZpNcx8H/iv4X+NXw/sfiB4UmPkXabZ7aQ/vLWdeJIZB2ZTx7jBHBBrp68C+Itnd/smfFeT45eHraRvAnim7SLx1p0CEjTbpjtTUUUdFJOJAOpPcldvvNneWmoWkV/YXMc0E8ayQzROGWRGGQwI4IIIINcGRZniMUqmDxtliaNlNLRST+CrBfyVEr215JqcHrFX7s7y3D4ZwxmCu8NWu4X1cWvipSf89Nu19OaDhNaSdpKKKK+gPBCiiigDxb9tf9nnxB8ZfAth46+FF0th8RvAl5/a/gjUhgFplAMlm5PWKdV2FScZ25+UEHpf2W/2hvD/AO038HdP+Jmj2rWV7ua01/R5ciXS9Riws9s4PIKtyMgEqynAzivRK+VPjRDN+wx+0vH+1FosTR/DX4h3kOn/ABQtIl/d6VqLHbb6uFH3VYnZKfViTuZ1x5GK/wCE/E/XF8ErKp5dIz/7d2l/daf2Twsb/wAJeM+vx/hytGqu3SNT/t2/LP8AuNN/AfVdFNhmhuYUuLeVZI5FDI6NkMDyCCOop1eue6FFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFfG/iLwh4f/wCCmP7WGq+H/F1i2pfBf4QyTadLbLcSRw+IfEkkZSYh42ViltG2AVIIcgglZDXpn7fnx98X/DP4faZ8Hfgq3m/Ev4m350PwbAjYa13AfaL9sfdSCNt27naxUkEBq9C/Zq+AfhD9mT4J6D8FvBa77bR7QLcXjriS9uWO6a4f/aeQs3sCAOAK9zCSlleCeMTtVqXjT7pbTmuz+xF93JrY8HGRjm2OWCavSp2lU7Se8Kb7r7c12UE9yT4Efs5fBP8AZl8IP4E+Bnw/tfD+mS3BnnhglklkmkIxukllZ5JDgADcxwOBgV21FFePVq1a9R1KsnKT3bd2/Vs9qjRo4ekqdKKjFaJJJJeiWgUUUVmaBXiXw9/4ur+2J4t+IL/vNN8C6XF4d0puqm7kPm3Tj0Zf9WfYivUfiX440/4a/D7WvH+qYMGkabNdMhON5RSVQe7HCj3NcV+xz4I1Dwb8BdKvdfy2r+IpJNc1mVhhpLi6bzMsPUIY1PutfLZt/wAKHEGCwC+GnzYif/bnuUk/WpOUv+4fkfT5X/sGQ4zHP4qlqEP+3/fqtelOEY/9v+Z6jRRRX1J8wFFFFABRRRQAUUUUAFcl8ePirpnwP+DHif4uavtMPh/RZ7xY3OBNIqHy4vq77UHuwrra+aP+Cgzv8V/EPww/Y5sXLj4geLkvPEkSnP8AxJdPxc3Ct/d3MI9pPBKEc1xZjiJ4bBTnD4to/wCKT5Y/i19zPOzbFTweX1KlP47Wj/ik1GP/AJNJP0TKP7AH7Cvwh+HPw48IfHzxt8PYLr4mappp1TU9cvJpWeGW7Zptqwl/KidEkWMsqBuDzya+paRESNBHGgVVGFUDAA9KWqwWCw+Aw0aNGKSVr2Vruyu33b3bLy7LsLleEjh6EUkkr2SV3ZJyfdvdt66hRRRXWdwUUUUAFeM/sH/8kQ1z/ss3xH/9TXW69mrxn9g//kiGuf8AZZviP/6mut0AezUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFUvEvhvQfGXhzUPCHirSYL/S9VspbPUrG5TdHc28qFJI3B6qysQR3Bq7RQB+eHwo/4N5Phj4A+LfgHUvGv7aXxf8AHPwo+E3iaPxB8L/gn4r1lLjSNEvoSxtdz433EVuWIiQgFV+Usys6v9UftS/sc6X+1T8UPg5418WfEG+sdG+EfxAHjFPDVtZo0es6nDbSw2Tyyk7o1gaaWQBQdzEZxtBrw39qH/g4M/4Jm/sr/GDUvgBrnxP13xj4y0SZote0L4c+FbnWH0yRTh45pYlEIdTlXQOXRgVYKeK9I/YQ/wCCtH7CX/BR641TQf2X/jGL3xFoUXm634P1zTJ9N1ayj3BTI1vcKpkjDMqtJGXRWZVZgSBQB9I0UV4X8d/+ClX7E37M/wAc/Dv7Nfxp+NqaT438VXum2mi6FB4f1G9aSW/ufstmJZLW3kjt1lmyivMyLkckDmgD3SivLf2k/wBtH9mv9kh9Ds/jv8Q5NO1DxNLPH4d0LSdBvtX1PUzCoaZoLHT4J7mVI1ZS7rGVTeu4jcM7v7P/AO0Z8E/2pvhvB8W/gD8QrPxJoE91Nam8tUkje3uYXKTW88MqrLbzIww0UqK6nqozQBx3gf8A5SF/FD/sjPgP/wBO3i+vZq8Z8D/8pC/ih/2RnwH/AOnbxfXs1ABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAV41+2x+zHd/tHfDK3uvAuqjR/H/hG9GsfD/xAhCtZ6hHgiNm/wCeUu0I4OR91iG2AV7LRW+FxNbB4iNak7Si7/8AAa6pq6a6ptHPisLRxuGlQqq8ZKz/AEafRp2ae6aTPJv2Nf2nLT9qD4Rr4j1XSTo/ivRLt9J8ceHJQVl0vVIflljKnkIxG5DzwcE7lYD1mvk79rHw7rn7HPxzt/8AgoD8MNKnn8O6gsOmfGvQLGMsbixyFh1ZEHWaAkBj1KY+6DI1fUnhzxFoXi7w/Y+KvDGqwX+m6laR3Vhe20gaOeGRQyOpHUFSCD7125lhqK5cVh1+6qXsv5ZL4oP0vePeDT6M4csxVaTlhMS71adrv+eL+Ga9bWkuk1JbNF2iiivLPWCiiigAooooAKKKKACiiigCrrei6T4k0e68P69p8V3ZXtu8F3bTLlJY2BDKR6EGvEvgtrerfs4fEpf2XvHeoSzaDqJef4b61dNnfFnL6fIx/wCWkefl9QQOMote71xvx1+DeifHDwDP4Q1O4e0u45FudG1WHiXT7xOY5kI5GDwQCMgkZHUfO57luKqunmGAS+s0b8qvZVIPWdKT7TteLfwVFGW3Pf6DJMxw1JTwGOf+zVrcz3dOa0hViu8b2kl8dNyjvy27KivMP2a/jJrnjrTr/wCHHxOt0svHPhSQWviC06C5X/lneR9N0cgwcjgE9ACufT69PLMywubYGGKw7fLLo1ZxadpRkukoyTjJPZrtZvzcyy7E5VjZ4Wuvej1WqkmrxlF9Yyi1KLW6fqkUUUV3nCFZHj3wL4W+JvgvVPh7430iO/0nWbKS01C0lHEkbjB56gjqCOQQCORWvRUyjGcXGSumTOEakHGSuno13T3Pmn9izx14q+DfjbVf2CPjLq0lzqvhS2+1+ANbuuDrnh8kiLB7ywY8tlHZcDIjLH6WrxL9tr9n3xN8VvB2m/E/4OzLZ/En4f3Z1XwZfAYM7AfvrF+m6OdBsKkgbtuTtLZ639mP9oLwx+018HdM+KnhyFrWWcNb6xpUp/e6bfR/LPbSA4IKt0yASpVsDdXl4GUsJVeBqPZXg31h29YbPvHlfc8bLZzwNd5dVd+VXpt/ah/LfrKnpF9XHkl3PQKKKK9Y9sKKKKACiiigAooooAKKKKACqmv69o3hbQr3xN4i1KGy0/TrSS5vry4fbHBDGpZ3YnooUEk+gq3Xyp+29r2s/tMfF3w//wAE7vh1qc0Nvq8aa18WdUtHIbT9CjcFbXcPuy3LhVA6hdpIKua7cvwf13EqDfLFXcpfyxWsn92iXVtLqcOY436jhXUiuabajGP80npFffq30ipPoH7EWg6z+0z8XvEH/BRD4iabNDbatHJonwl0u7TDafoUbkNd7T92W5cM2eoXcASjivquqmgaDo3hXQrLwx4c0yGy0/TrSO1sbO3TbHBDGoVEUdgFAAHoKt0ZhjPruJc0uWKtGMf5YrSK+7VvrJt9Qy7BfUcKqcnzTbcpS/mk9ZP79EukVFdAoooriO4KKKKAPE/2xZZPHD+DP2c7F2L+NvEcZ1RUPI021xPcHjp0THrg17VFFHBEsMMaoiKFRVGAAOgFeKfDP/i6n7XvjP4lSfvNO8FWEXhnR26qblj5t2w9GVv3ZPowr22vluHf9uxmNzR7VKns4f8AXuhemreUqntZeejPp+IP9iwmDyxb04e0n/18rWm7+cafso+WoUUUV9SfMBRRRQAUUUUAFFFFABXzP+z/AP8AF9P28vij8fJT52k+A7SHwJ4ZkPK+eh8/UGHYMspVMjkq+K9l/aJ+Len/AAH+Bnir4v6iUK6Bos91BHIeJZwuIY/+BylE/wCBVxv7Afwk1D4O/sp+FtG8Qh21zV7Ztb8QzTD95Je3jGd9/qyh1jP/AFzry8T/ALRmNGh0heo/l7sP/JnJ/I8XGf7Vm1DD9IXqy+XuU1/4E5S/7dPZaKKK9Q9oKKKKACiiigArxn9g/wD5Ihrn/ZZviP8A+prrdezV4z+wf/yRDXP+yzfEf/1NdboA9mooooAKKKKACiiigAooooAKKKKACiiigAooooAK8r/bo+K+v/Af9iT4x/HHwpceVqngz4V+Idd02UDOy4tNNuLiNvwaMGvVK4P9qX4ffC/4tfsx/Eb4VfG/xX/YPgvxN4D1fSfF+uf2jFZ/2dpdzZSw3Vz58wMcHlwvI/mSAom3cwIBoA8i/wCCQH7Lfwr/AGU/+CePwr8KfDjwxa2t9rngjS9c8XawsI+1a3q93ax3F1d3Mv35naWV9pcsVQKgO1QK8s/4Kx/DLwV8L/2mP2Vf25/BGg2umfEGx/aK8PeBtT16zhWOfVNA13ztPubK4ZQDOitJFJHv3eWVfbjeTXzRpX/BO/8A4I0aFpdtomif8HE3xZs7Kzt0gs7O1/bK0aOKCJFCpGiKgCqqgAADAAAFdH8I/wDgnb/wR5vPjv8ADnxFYf8ABcL4g/EnXfDPxD0XXfCPg7xL+1No+tW2o6zaXsU1lF9j8stOzTKqBI8SNvKqQWoA/WCvj3/gtP8A8kB+FP8A2dF8NP8A1JbOvsKvBf2sf+CZ37HX7b/i3TfG37S3gfxLrd7pFvaxadHpvxN8QaRawm2uJLiCYW2nX8EBnSWRnWcoZRhBvwiBQDwv9tS2+LnjL/grV8J/Cn7HPiPQPDPxZ0T4K+IdS13xJ49sZNQ0OXwtPqVhC1mLCF4p7i7N7FBIskVzbiKON95lEioN/wD4IvSX+leEPjx4B+IKxXHxK0T9ojXD8V9c025V9L1nW7i0sbgXVggjQ21v9kktI/sz7pInicPJKxMj+qeM/wDgmR+xZ8QvAfg74f8AjD4YatexeAI7mPwfrrePdbTXtMjuGLTomsJeDUGSQn5la4ZSFUEYRQPQ/wBnr9mz4G/sp/DpPhR+z78ObLw1oQvZr2a1tXkkkuruZt0tzcTSs8txO5A3Syu7tgZY4FAHmHwC1L4r6n+378X5Piz4L8PaJcx/CvwOmmReHfE8+qJcWY1XxdsmleaytDDKTuBiVZFUAESNkgfQ9eM+B/8AlIX8UP8AsjPgP/07eL69moAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigCtrGj6V4h0i60DXdOhvLG+tnt7y0uYw8c8TqVdGU8MpUkEHqDXyn+zHrGq/sQftBSfsKePtQmk8E+JHn1P4K63eSFhGm7fcaM7nq8bNujzyQ3XLoo+ta8t/a/8A2ZtG/an+Dlz4Ek1JtL12xuE1Lwh4hhJWbSNUh+aC4Rl5Az8rY5KscYOCPUy3E0Yc2GxD/dVLJv8AlkvhmvOLeq6xcl2PKzPC1p8uKwy/fU7tLbmi/ig/KSWj6TUX3PUqK8T/AGH/ANpnWfj58Pr7wr8UdNXSviT4Gvf7H8f6IwCmO7TIW6QDgwzqpdSPlzuAJCgn2yuPFYWtg8RKjVXvR+59mn1TVmn1TTOzCYqjjcNGvSfuyXzXRpro00010aaCiiiuc6QooooAKKKKACiiigAooooA8h/aU+F3ilNRsP2hvg3bD/hMvC8Z8yzXga1p+cy2bgfeOMlO4PTkqR3fwm+KPhb4y+ArD4heELkvaX0WWif/AFlvKOHicdmVsg/mMgg10deA+Oba4/ZF+LUnxe0WB/8AhX3i69RPGVjEpK6RfOdqX6KOiOTh8dz3JQD4/ME+GsxlmcP92qte3XSEtIxrpdto1v7vLV3hNn12Aa4jy+OWz/3mkn7B/wA8dXKg/PeVH+9zU9pxR79RTLa5t7y3ju7SdJYpUDxSxsGV1IyCCOCCO9Pr69NNXR8k007MKKKKYgr5U+K0cn7CX7TqftEaWjRfC/4mX8Vl8RbZB+60XVmOINUwOFSQkrKeBkljuZkA+q6xfiN8PvCXxX8Cat8N/HekpfaRrVi9rf2z/wASMMZB/hYHDKw5VgCORXFjsLLE0k6btUi+aL7Nd/KSvGS7PukedmWCnjKCdJ8tWD5oPtJdH/dkrxkuqfdI2Y5I5Y1licMrAFWU5BB7ilr5s/Ym+IXi34XeK9X/AGEPjXqr3HiDwZbC48Gazc8HXvD5O2CQeskPEbgdAAOdjNX0nV4PFRxlBVErPZp7xktGn6P71ZrRmmAxsMfhlVSs9VKL3jJaSi/NP71ZrRoKKKK6jtCiiigAooooAKKKKAOF/aU+PnhD9mT4Ka98afGrbrXR7Qtb2aNiS9uWO2G3T/aeQqvsCSeAa89/YD+Afi/4a/D/AFT4yfGpPN+JfxOvxrnjKZ0w1puH+j2C5+6kEZ27f4WZgCQFrhdS/wCM8f23U0Nf9J+FnwJ1MS33eDXPFePlj9HS0UnPo+QQVkFfW1e1if8AhOwCwq/iVLSn5R3hD/2+S7uCex4WF/4U8weLf8OleNPzltOf4ezi+ym1uFFFFeKe6FFFFABWB8U/Hdh8MPhxrfxB1LaYtI0yW52MceY6qdifVm2qPc1v18Z/8FRfjv4r0bU9P+A2jGGLTL7TYdS1Z9oZ7gidxHCc/dUNCHP97I7DB+T444lo8JcMYjMZ35kuWFlf95O6h8k9X5R8z6rgvhyrxVxJQy+FuVvmnd29yNnP5taLzfke/fsfeA7/AMCfATRzru5tW1zfrOsyuMO9xdHzTu/2gpRT/u16dXDfs1fETxB8V/gX4c+IHinR0sb/AFGyZri3jjKIdkjxh1U9FdVDgejiu5r0uHIYOnw/hI4Rt0vZQ5W1ZtOKd2nqm7uTv1k/V+bxDPF1M+xcsUkqntJ8yTuk1Jqya0aVklbol6Iooor2jxwooooAKKKKACiiigD5n/b5J+L3j74VfsdWhMkPjLxWNW8UxLyP7H04CeVH9BI+0KT/ABR4r6YAAGAMAdAK+Z/2bP8Ai+X7b3xY/aMm/faX4RWHwF4WlPK7oCJr9h2z55UBh1ViK+mK8vLf3062Kf25WX+GF4r73zs8XKf9oqV8a/8Al5K0f8FO8F98ueXzCiiivUPaCiiigAooooAK8Z/YP/5Ihrn/AGWb4j/+prrdezV4z+wf/wAkQ1z/ALLN8R//AFNdboA9mooooAKKKKACiiigAooooAKKKKACiiigAooooAK83/bJ8cfDT4ZfshfFX4k/GfwKPFHg7w98N9c1PxZ4ZMMcg1fTINPnlurPZIQj+bCjx7WIU78HjNekV5F/wUD+Ffjn46/sF/G74I/DDSF1DxL4y+EXiXQ/D1g9zHCLm+u9LubeCIySMqRhpJEXc7BRnJIAJoA+Wfif+xr/AMEMfgv+xzpn7bnxJ/4Js/Da08J6lp3h+6+zWnw8sp7uH+17mztbVCgABIlvYQ5DYADEZxz7x4I/4JFf8Ev/AIa+NNI+I3w//YJ+Feja9oGqW+paJq+neDrWK4sbuCRZYZ4nVMo6SKrKw5BUGvz3/aM0X/gv9+0L/wAE/NP/AGCrz/gkD4a0u00+w8LWw8SxfHvRZZHGi3+n3it5BkUDzTYBCN/yiUn5tuD9UfCL9sf/AILpeKPix4X8NfF3/gjb4X8L+E9R8RWVr4n8TW/x90q8k0jTpJ0S5u1t0+adooi8gjX5nKbRyaAPuuiiigAooooA8Z8D/wDKQv4of9kZ8B/+nbxfXs1eM+B/+UhfxQ/7Iz4D/wDTt4vr2agAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD5a/bZ8AeLvgJ8RtO/wCCh3wO0WW71Dw7aCy+J3h60GDr/h/ILyY6Ge3ADqx/hQZO2Pafoz4efEDwj8VfA2lfEjwFrMWoaNrdjHd6deQniSJxkZHVSOhU8ggg4INa80MNxC9vcRLJHIpV0dchgeCCD1FfIvwmmm/4J6ftPj9m/WpWj+EfxP1KW7+Gt5I37rQNYc7ptJJP3Y5Sd0Q9SANzGRh7lP8A4VcD7J/xqS93vOmtXHzlDWUe8OaP2UeDU/4SMf7VfwazXN2hUeil5RnpGXafLL7TPryiiivDPeCiiigAooooAKKKKACiiigAqn4g8P6N4r0O78NeItOivLC/t3gu7WZcrLGwwyn8DVyipnCFSDhNXTVmnqmno011TTsyoTnTmpwdmndNaNNapp90zwr4G+INZ/Z9+Ig/ZW+IWoyz6Xcq8/w41u5b/j4tgctYu3TzYs/L6r6AoK91rivj18F9J+OHgOTwzc3bWOpWsq3eg6vDkS6feJzHKpHOM8EDqCehwRkfs2/GfV/iLo994H+Itoth438LTC08S6fwBIcfJdR+scg+YEcAnjgqT8llM55Bj1k1d3pSu8PJ9lrKg2/tU1rTu7ypaaypO/1WaQhnuBeb0VarGyxEV3eirJL7NR6VLaRq66RqK3plFFFfXnyYUUUUAeG/tu/ALxZ8R/DGlfGT4KsLb4l/Du6bU/Cdwo/4/VA/f6fJ03RzICu0kfNgZAZs9v8As1/H3wn+0v8AB7Sfiz4TVoReRmPUdOlP73T7xPlmtpBwQyNnqBlSrYwwru6+A/2qf2mNJ/4Jjfti6hrfgDw//bmkfEvQ11nxN4L+2G0S0vxM8S38MvluoMuyXem35mUkkfJjw8wr0snr/XZu1OVoz9dozS6v7MratWf2T5vNMTQyDEf2jUdqM2o1PJ7Qml1enJJLVx5Xryn35RXG/s/fG7wn+0d8HNC+NXgiK4j03XbVpIobpQJIXSR4pY2xwSskbrkcHbkcGuyr2aVSnWpxqQd4tJp909UfQUa1LEUY1abvGSTTXVNXT+4KKKKs0CiiigArwv8Ab1/aG8T/AAZ+F9l4D+EUX2r4kfEPUBoPgSyQ/MlxJgSXjddscCNvLEFQxTdwSa9t1XVNN0PS7nW9Zv4rWzs7d57u6nkCRwxIpZnZjwFABJJ6AV8sfsa6VqX7WPx313/goT43sJU0ZUm0D4OaddIVNtpUbss+obT92S4fcAeGC715Uqa9bK6NKLljK6vTpWdn9qb+CHo2ry/uxfc8jNa9WShgqDtUq3V19mC+Ofqk+WP9+S7M9s/Za/Z68MfsufA7Q/g54Zl+0HT4DJqmpOP3moXsh3T3Lk8ku5JGScKFXOFFehUUV51etVxNaVWo7yk22+7Z6VChSw1CNGkrRikkuyWiCiiisjUKKKKAML4mfEPw58KPAeqfEPxZc+XY6XatNLgjdIeixrnqzMQoHqwry39n34EWXjDQ7/4yftB+CtM1bxL4zukv5LLV7CO4TS7UDFtbIsqnYVQgngHJAPK5qp4p/wCMpP2ho/AEP73wP8OrtLnxAw5j1PV+fKtfRki5LD1ypHKmveq+Nw9KlxNm8sVWipYbDuUKaaTjOp8NWpZppqGtKndNX9rJdGfX16tXhvKY4WlJxxNdRnUabUoU/ip07pppz0qzs07eyi+qGwww20KW9vCsccahY40UBVUDAAA6CnUUV9kkkrI+Qbbd2FFFFABRRRQAUUUUAFfPP/BTf9pj4lfsq/syv8QPhRaw/wBsX+uW+lxX88AlXT1kjlc3GxgVYgxBAGBXMgJBxg/Q1fLHxSsbL9s39tfT/gfeWcWofD/4QRx6x4yt5oxJb6lrcyEWlm6nKuscZZ2ByDmRGHSvLzipWWCdKjLlqVPdi1um+vpFJtvt52PFz6rXWXSoYeTjVqtQg1upPd+kYqUm+iWmrRw//BDj4u+LfHfwQ8U+BNf8Polr4d1xZ7XXFRg2oS3hmlmWRjw8iFFJbrtlQEcAn7frL8H+CPBfw80OPwx4A8IaXoemxMzRado+nx20CEnJIjjUKCT14rUrTKsHVy/LqeGqT53FWvt1f5ba69zXJMBWyvKqWEq1OeUFbmta+r/K9tde+oUUUV6B6oUUUUAFFFFABXjP7B//ACRDXP8Ass3xH/8AU11uvZq8Z/YP/wCSIa5/2Wb4j/8Aqa63QB7NRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRXy1+3D+3z8e/2PPip4I0jTf2LH8T/D3xV428N+GdQ+I8/xEtLBbC81fUksVWKwEM1xcNEZEkbcIkYNgSZBIAPqWivJf2hviF+2l4O8QWFn+zF+y94F8eaZNZl9SvvFfxbuPDsttPvIEaRRaPfCVduDvLocnG3jJ5n/AIJpftoeNf2+f2aD+0X4v+Clh4IguvFWraXodtpXi5tattVs7G5a0/tCG4eztG8qWaKcIDECURXz8+1QDa8D/wDKQv4of9kZ8B/+nbxfXqviG+vbZbSx02RY5r67ECTMm4RgI8jNjudqHHuRXlXgf/lIX8UP+yM+A/8A07eL69S8Qf8AIW0P/sKv/wCklxQAg8P6vjnxzqmfaG0/+MUv/CP6t/0POq/9+bT/AOMVqUUAZf8Awj+rf9Dzqv8A35tP/jFH/CP6t/0POq/9+bT/AOMVqUUAZf8Awj+rf9Dzqv8A35tP/jFH/CP6t/0POq/9+bT/AOMVqUUAZf8Awj+rf9Dzqv8A35tP/jFH/CP6t/0POq/9+bT/AOMVqVz3xa+Kfgf4G/C7xF8Z/ibqs1h4c8KaLc6tr1/b6fPdvbWdvE0s0oht0eWTaisxVEZsA4BoAu/8I/q3/Q86r/35tP8A4xR/wj+rf9Dzqv8A35tP/jFcve/tO/AbTv2aH/bEvPiRZp8NU8Gf8JYfFYilMJ0c2v2oXQQJ5hBhwwQJvOQoXccV8of8FLP26/8AgoD8HP2Xrv8Abg/YE8H/AAa1j4S6X8LIfGV3rnxRGuRarfCQPKsFtpsKQMgNubd83EsTBpGVkBTBAPtf/hH9W/6HnVf+/Np/8Yo/4R/Vv+h51X/vzaf/ABisr4G+N9W+JvwT8HfEjXre3hvvEPhbT9SvYrRGWJJZ7aOV1QMzEKGcgAknGMk9ap/tE6n+0DpHwb1m/wD2WfCvhfWvHqrAvh/TvGmqT2elyM08aytcTQRySKqQmVwEUlmRV43ZAB0P/CP6t/0POq/9+bT/AOMUh0DWQMx+ONSLDoJILUr+IEIP6ivlH/glh+2X+2H+0n8R/j58FP20dA+Gln4m+Dfjqy0GOb4X22oJY3Cz2K3TEvfSvJKRvChtkWcH5K+w6AKPhzUbnVNJS5vFUTJLLDNsGFLxyNGxA7AlSfxq9WX4P/5BM3/YVvv/AErlrUoAKKKKACuA/ab/AGePBf7UfwZ1b4PeNg0Ud9GJNO1KFf32nXicw3UR4IdG54I3KWU8Ma7+itaNarh60atN2lFpp9mjKvQpYmjKlVV4yTTT6pngH7Cn7Q/jPx9o2s/s9/H7bbfFP4bTrp/ieNj/AMhW3x/o+pxZxvSZNpJH8RyQodRXv9fnh/wXP0P4pfDW98C/tM/Aka3oOpQWt/o3ijxf4ZvZrW4itnMD2sEskLAiMt9oIJ4BwM8rWn/wTz/4KWzeDvgro/g79vfWfE+ialfXjnwp428U6FcJZavYFU8vdeFSHlVxMDI+FKBCXJzX1WL4eq4/LY5tgkmpvWnH4oyV+blV9Y3XMklzRjLZpJnyOE4jpZfmksnxzadNaVZaRlF25eZtaSs+Vyb5ZSjum2j78oqh4a8U+GfGmiQeJfB3iKx1bTbpN9rqGm3aTwTL6q6Eqw+hq/XyLjKLs1Zn2UZRkk07phRRRSGFFFFABRRRQAUUUUAFePftJfDTxVpmsWP7SXwas9/izw1CVv8ATo+Brmm5zLauB95gMsh5ORgAnbj2GivNzfK6GcYGWHqNxejjJfFCcXeM4vpKL1XRq8XeMmn6OVZnXynGxxFNKS1Uov4ZwkrShJdYyWj6p2krOKa5/wCFvxL8LfF/wJp/xC8HXnm2OoQ7lVsb4XHDxOOzq2QR7cZGDXQV4B4shl/Y++Lb/EnTImX4ceMr9U8T2sYymiai5wt6oH3YpDgPjof+ALXvsM0NxClxbyrJG6hkdGyGB5BBHUVxZFmlfGQnhcYlHE0Wo1Etnf4akP7lRLmW/LLng9Ya9md5ZQwk4YnCNyw1a7pt7q3xU5f36bdn/MuWa0lo6iiivfPCCvEf2tP+Cf8A8Af2yr/S9b+KUer2Wp6REYLfVNBvI4Z5ICxbyH8yORWQMWYfLkFmwRk59uorDE4XDYyi6VeClF9Hsc2MwWEzDDuhiYKcHumrrTY+Urj9lT42fsVSnxl+wvqs+u+GEAfXPhH4j1FnjucAb5rC4fJgnbGSp+ViT97Cx16/+zh+1p8KP2mNMuYvCV1c6Z4g0tvL8QeENbh+z6lpcoOGWWFuSoPG9cr2JByo9Orx39o/9jPwF8eNTtviLoGsXng34g6UM6J478Pny7uEgYEcwBAuYuxR/wCEkAqCc+f9Tr5f72C1h1pt6f8Abjfwv+6/cf8Ad3PK+oYnK/ey7WHWk3Zf9w278j/uu8H/AHHqexUV8z+A/wBsf4g/A7xZZ/BT9vjQ7XQb+6l8jQPiTpykaFrpHTzHwBaTkclWwvU/INufpaKWKeJZoZFdHUMjqchgehB7iu3C4yhi4vk0a3i9JRfZrp5PVPdNo9HBZhhsfFum2pR0lFq0ovtKL1Xk9U902h1FFeJfte/tdL8BINM+GXww8N/8JZ8UvFxMHg3whbtksxyDd3JBHlW0eCzMSN21gCAHdPSwuFr4yuqNJXk/kkurb2SS1beiRpi8XQwVB1qztFfNtvRJJatt6JLVv8PFv2x/2pvh3+1b8TNB/wCCc/wM+LFp9p8Va89p8R9ZtZSi2OnW6+bPZQysAs0820x4jLgbWRvvHH2N4U8LeH/A/hjTvBnhPSorHS9JsorPTrKBcJBBGgREUegUAfhX5vfsrf8ABDj4yfCb9pHwp8Xfib8XvDs+j+GtUtNYMOjPcNeXF5CySiEiSJUWPzVwX3kso+6pbj9Ma9/iJZVhoUMJl1b2lOKbk7bzb1b0V9Eklb3Vpd3bPnuGnm+JnXxmZ0PZVJNRir7QS0S1dlzNtu/vN3srJBRRRXzB9UFFFFABXmv7T3xd1f4aeCYNB8Cwi58X+KboaZ4WsxjPnvw059EiU7iTwDtB4NeiajqNhpGnz6tql3Hb21rC01xPK21I41BLMxPQAAkn2rxH9njTr/46fEvUf2sfFVpIlgVk0z4e2NwuDBYqxWS72no8zZ56hdw5BWvmuIcZiZKnleDly18Rdcy3p01b2lX1SfLDvUnH+Vn0eQYTDxdTM8ZHmo0LPle1So7+zp+ja5p9qcJfzI9F+BXwi0n4I/DSw8B6bMbiaIGbU79877y7fmWZieSS3TOSFCjtXX0UV7mDweGy/CU8Nh48sIJRil0SVl/wXu223q2eJjMXiMfip4nES5pzblJvq27v/htkkktEgooorpOcKKKKACiiigAooooA89/am+POk/s1/ArX/i3qMIuLiwtfL0iw5Jvb6Q7LeAAcndIVzjkKGPasH9iD4C6t8BvgZa2njeZrnxh4lu5de8bX8uDJPqdyd8isR12DbHxwShI+9Xn3jD/jLr9uzT/h7H+/8DfBBo9W17vFfeI5VP2WA9m8hMucdG3qw5FfUNeThv8AbMfPEP4YXhD1+3L77QXlGR4mE/4UMzni38FO9OHm/wDl5L70oJ9oy7hRRRXrHthRRRQAUUUUAFFFFABXjP7B/wDyRDXP+yzfEf8A9TXW69mrxn9g/wD5Ihrn/ZZviP8A+prrdAHs1FFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFfnp/wAF7v2xf2Wvg/4O+FvwZ+KHx58NaF4ri+OXw98VyaBqWpLHdLolv4khafUCh58hBbXBZ+g8l/Sv0LooA+P/APgox+25oF//AME0dQ+Jn7GvxD0zxPrfxkntvAnwd1jRLwSQ32s6vcnTopoZF4JgzcXBPQC0b0r6I/Zo+Angv9lr9nrwT+zh8O4NmieB/C9lounEoFaVLeFY/NfHV3Kl2PUsxJ613FFAHzx8AvBfiTwT+378X7XxL8XPEPi+S8+Ffge5t7nxFbadE9jE2q+LgLWIWFpbKYlwSDIry5Y7pGGAPc/EH/IW0P8A7Cr/APpJcV5b4H/5SF/FD/sjPgP/ANO3i+vUvEH/ACFtD/7Cr/8ApJcUAcN+0b+zP/w0V/Y3/GQPxO8C/wBj/aP+Sc+K/wCy/t3m+V/x8fu383Z5XydNvmSdd3HmP/Ds/wD6yBftN/8Ah1v/ALmr6bor0aGbZjhqSp0qlorpywf5wb/E83EZPluKrOrVp3k93zTXlsqkV+CPmT/h2f8A9ZAv2m//AA63/wBzUf8ADs//AKyBftN/+HW/+5q+m6K2/t3Nv+fv/ktP/wCVGH+r+T/8+v8Ayap/8tPmT/h2f/1kC/ab/wDDrf8A3NXT/Bz9hv8A4U98SNO+I3/DYPx08U/2d53/ABIfGXxB+3abdeZC8X76DyV37d+9eRh0Vu2K90oqKmdZnVpuE6l01Z+7DZ+lNP7mvU0p5HlVGopwp2ad171TdetRr70/QKra1o2k+I9Hu/D2vadDeWN/bSW97aXEYaOeJ1KujKeCpUkEdwas0V5Z6p+GGn634s1b4aaZ/wAGwt/qd9Jr1l+0g/h7Up3kb7RJ8I7cr4jS8aX+F3tmis1GcEDZk5wfvr/gvL8TPg78P/8Agk/8cPhZrPxB8NaJq2pfCq+i8P8Ahy61a3trm6QKEVbe3Zg0gGNoCKemO1fVEfwD+BUPxhk/aHi+C3hJfiBLpn9my+OV8OWo1h7Pj/Rje+X55i4H7vft4HHFYXxu/Yy/Y+/aZ1qz8SftIfso/DX4g6jp1qbbT7/xv4F0/Vp7WAsXMUb3ULsibiW2qQMknFAGF+w58Zvg/wCPf2TfBE/gT4q+G9bTQPAGjJrraPrlvdf2cwsI8rP5bt5R+R+Gwflb0Ndt4W/aF+A/jf4P2/7QnhL4zeF9Q8B3Vu1xb+MrbXYG0uSJZDE0gud/lbRIpTO7G4EdaofBn9k79lj9nHStW0L9nn9mn4f+A7HXtn9u2fgzwbY6XFqOxWVPPS2iQTbVdwN4OA7AdTVqL9mn9nKD4KH9mqH4AeCU+HJtTbHwAvhWzGieSZTKYvsPl+RsMhLldmNx3YzzQB8J/wDBJv8AaH+AFz/wUL/bUs7f45eDpJvFXxs0c+GIk8TWhbWB/Y8CZtQJM3Hz/L+73fNx1r9Iq8T8E/8ABNT/AIJzfDXxdpvxA+HP7AXwT0DXtGvI7vSNb0T4VaRaXdjcIdyTQzRW6vE6kAhlIIIyDXtlAGX4P/5BM3/YVvv/AErlrUrL8H/8gmb/ALCt9/6Vy1qUAFFFFABRRRQAVR8R+GfDfjHRbjw34u8P2WqaddJsurDUbRJ4Zl9GRwVYexFXqKabi7p2YnGMlZq6PmXxN/wTM8C+FdbuPHX7H3xW8SfBvX5n8yWPw3cm40i6ft5+nzExuOmFUqo/u1R/4aJ/b2/ZoP2f9pj9nSD4keHYPv8Ajb4TZe7RB/HPpsuHLY5YxlUXHevqiivWWcVqq5cZBVl/e+NelRWl9/MvI8eWS0KTc8FN0X/d+B+tN3h9yg/M8t+Af7aP7M/7S6fZ/hJ8VtPvNSUH7RoN4xtdRgZfvBraYLJ8pyCwBXI6mvUq8o+Pn7Ef7Mf7Sj/2j8UPhbZSawhDW/iPTM2epQuv3WFzCVdtp5AcsvtXlv8Awof/AIKC/szfvv2ePj/a/FTw5B93wd8VDt1FEH8MOpR4Lv0A83ai46Gn9VyvF/7vV9nL+Wpt8qkVb/wKMfUn63m2D/3mj7SP81Lf505O/wD4BKXofVNFfNHhP/gpr8M9E16DwF+1l8OfEfwa8RzNsjj8XWpfTLl+/kahGPKkQf32CLx1r6M0LX9C8UaRBr/hnWrTUbC6jD2t7YXKzQzKf4ldCVYe4NceLy/GYJr20Gk9nvF+kleL+TO7CZjgsen7Com1utpL1i7SXzXzLdFFFcZ2hRRRQAUUUUAUfE3hrQvGXh698K+JtNjvNP1C2aC7tpRlZEYYI9vqOQeRXjXwG8S658CvH5/ZR+JOpST2pief4d63cn/j+shybNm/56xDgDuo6AbM+51w/wAf/gtp/wAbvAraGt82n6xYTreeHdZiyJLC9TlJARztJ4YdwfUAj5zPcuxUpwzLAL/aaKdleyq03rOlJ/3rc1Nv4Kii9pTPockzDDRhPLsc/wDZ61rvd05rSNWK8r8s0vjpuS3jA7iivNv2b/jTqHxP0C88L+O7Ead408MTiy8UaYcDEo+7cIO8UgG4EcdQMjBPpNerluY4XNsDDF4d3hJddGmtHGS3UotOMovVSTXr5eY5ficrxs8LiFaUX01TT1UovZxkmpRa0aafoUUUV3HEFFFFAGP488AeCfih4UvPA3xD8L2Ws6Rfx7LvT7+ASRyDscHoQeQwwQQCCCM180y/Dj9pH9gKRtV+BcepfEv4SxMXuvAV3OZdY8PxdS2nytzcRL/zxbngAclpK+rq8b/a7/a40v8AZv0bTvCvhLw7J4p+IviuU2vgnwVZHM19OePOlx/q7dOrucDAIBHJXF5RLNcTGNC6q/ZkrJpbu99HBbyUvdtd6bnjZvh8EqX1upN05wWk4/Er7Rt9tN2XI07t6Weq4j4kf8FN/hDc/DPSLn9mc/8ACd+PvF87WPhPwRbgpdR3YHztexkhraKLO52bAYD5W25deo/ZB/ZFu/gtPqfxm+M/iNfFfxZ8XASeKvFEi5W3U4K2NoCB5VtHhQAAN+0EgAIq+S+C/wDgmd8V9AsG/aHtf2gbnSvj7qN9Nqmq69aQqdHkeYKW01rYLhrYbQu/G4nL7ThVHpnwU/bZuJPG8P7P37Wfg5fh98RG+WyWaXOleIBnAlsbgnadxx+6Y7gSFBZgQN55xLLaby6pZOTs60b8lXXSKbScF/cl8cveUpLlivHwVfEyxtOtnMeSWnsv+fabVrvV8tZ9pO0U+WnJvmb+gaKKKR9iFFFFABRRXKfGz4s6H8E/htqXxC1xfNFpHts7NT893ctxFCvfLNjpnAyegrnxeLw+Aws8TiJKMIJyk3skldv+t9EtWjowmFxGOxUMPQi5Tm1GKW7bdkv6829Ezzn9pHVtT+M3j7TP2SvB17JFFfRrqHjy/t2wbPTFYEQZHR5mwMehGQVY17TpGkaZoGk22haLZR21nZW6QWtvEuFijRQqqB2AAArzj9l34T654C8JXfjT4hsJvGXi+6/tLxLcMOY3Yfu7YeiRKdoHQEtjjFen14PD2ExFR1M1xkXGtiLWi96dJX9nT8nZ89TvUm19hHuZ/isPTVPK8JJSo0L3ktqlV29pU81dclP/AKdwT+2wooor6Y+bCiiigAooooAKKKKACvOP2sfj5Yfs1fAfXfipLbi5v7eAW2g6ftLNe6hKdlvCFHLZcgkDnarHtXo9fL2u5/a7/bxtfDC/v/AvwLZL7Uu8V/4mlU+TH6N9mQFuOVkDKRhq8/Ma9SlQUKX8Sb5Y+Te8vSKvJ+iXU8vNsTVoYZU6D/e1HyQ8m95ekI3k/RLqej/sU/AO/wD2fPgRY6B4ruDdeKtbuJda8aag7BnutUuTvmLMPvbfljB7iPPc161RRXVh6FPC0I0ae0VZf13erfm2dmFw1LB4aFCkvdikl8u/m9W31bbCiiitjoCiiigAooooAKKKKACvGf2D/wDkiGuf9lm+I/8A6mut17NXjP7B/wDyRDXP+yzfEf8A9TXW6APZqKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigDxnwP/AMpC/ih/2RnwH/6dvF9epeIP+Qtof/YVf/0kuK8t8D/8pC/ih/2RnwH/AOnbxfXqXiD/AJC2h/8AYVf/ANJLigDUorjPi7+0J8IPgP8A2f8A8LW8Xf2V/avm/YP+JfcT+b5Wzf8A6mN9uPMTrjOeM4NcX/w8I/ZB/wCiu/8AlA1D/wCR68LGcUcM5diZYfF42lTqRteMqkIyV1dXTaaunf0PbwfDPEeYYeOIwuDq1KctpRpylF2dnZpNOzVvU9norxj/AIeEfsg/9Fd/8oGof/I9H/Dwj9kH/orv/lA1D/5Hrl/124N/6GVD/wAG0/8A5I6v9TeL/wDoX1//AAVP/wCRPZ6K8Y/4eEfsg/8ARXf/ACgah/8AI9bXw9/bG/Zw+KvjCz8BeAviN9v1a/8AM+yWn9kXkW/ZG0jfNJCqjCIx5I6Y64Fa0OL+E8TWjRo4+jKcmkkqsG23okkndtvRIyrcJ8U4ajKrVwNaMIptt05pJLVttqySW7PTaKK5X46Xvxd034LeLdS+ANlo9z45tvDl7N4PtfEEEktjcaksDtbRXCxSxOYmlCK211IDEg8V9EfPnVUV8Oal/wAFgrRf+CI8H/BUTR/CtjN4svvBsUFj4QMMpifxlJcDTf7M8oOJmjXU8oUDCTykJyD8w8w/4Lm/sJ/Db46f8EwfHH7XX7XXhL+0vjF4J+BKqBoXiXVLXQtN1WJGmmmttPF20L4nmlCvP5z7FjBY7QaAP0yorz39kj/k1L4Y/wDZPdF/9IYaT9p39l/4V/te/DA/Bv40jW5fDc+ow3Wo6fofiO70tr9YskW801pJHK0LE5aMOA20A8cUAeh0V+Vmrfs1fAL9jj/gtL8AfgX/AMEr9CvPCmr3Wm6xqf7R3hDw5rV3NoqeF/soWzudTglleOK6a5YCBgBIzMpbKlCf1ToAy/B//IJm/wCwrff+lctalZfg/wD5BM3/AGFb7/0rlrUoAKKKKACiiigAooooAKKKKACiiigDN8WeDvCPj3QZ/C3jnwvp2s6ZdLtudO1WyS4glHoySAqfxFfOmu/8E0fD3gLV5/Gf7Fvxp8TfB/WJpDLLp+lXBvtEupPWawuCUPoNpCqOi19O0V24XMcbgk1Rm0nut4v1i7xfzXzOHF5bgcc060E5LaSupL0kmpL5O3kfK/8Aw1B+2/8As1/6L+1d+zMPGmgwcP48+EZa5ZUH8c+nSkSrxy7qQg5wDXr3wF/a/wD2bv2mLTzfg18WdL1W6VS0+kPIYL6DHXfbShZVAORu27eOCa9KryD49fsJfsv/ALRl5/b/AI++Glvba+jB7fxVoMhsNThkH3XE8OGcjsJN4HpXZ9ZyrGfx6TpS/mp6x+dOT/8ASJL0OP6rm+C/3eqqsf5amkvlUiv/AEuD9T1+ivlb/hT/APwUW/Zj/e/BD40af8ZPDUH3fC3xIYW2sJGP4IdRTCyuePmmwo7LWt4J/wCCm/wdg8Qw/D39prwf4g+DniiU7VsfHNmY7G4bu0F8o8mSMf322A9qmWTYipFzwklWj/c+JesHaa+SkvMcc7w1OShjIujJ/wA/wv0qK8H83F+R9J0VX0rVtK13TYdZ0PU7e8s7mMSW91aTLJHKh6MrKSGB9RVivJaadmewmmroKKKKQzxv9pD4c+KfDmv2f7TnwcsTJ4l8PQGPWdLj4GuaZ1kgYDrIoG5DyeMYJCgej/DT4jeFviz4H074geDb8XGn6lAJIicbo26NG47OrAqR6g1u18C/tEfG74ofsk/tJ+JfCfwSvX0bQ7+7ttTl0q4s45ra5mkhRpXiDoTGjMWUhCOUIyMAD834nzrC+HmIeb1FJ4XESUakIq7jVa92rFaL31Hlqq6u1CavLmUv0PhrJ8Vx9h1lVNpYmhFypzk7KVJP3qUnq/dcuam7OycoO0bNffVFeG6H+2s/9i2d54z/AGbfibp801rHJPNB4UaW13FQTscPkrnplQcYyKtD9vj9nS0OPEmq65ox7jVPDV2mPrtjavfhxtwnKClLGQhez9/mp766+0pw79/meHPgzimMnGOElO2nucs9u3JOf5fI9oory7Sv21P2WdYx9k+NOkpnp9q8yD/0ai4rnP2iv29fg98HPhwfEHw/1mx8c+I9QmFn4c8NeHdQjuJLq7fhPNaMnyIR1aR8ADgZJAPrYDOskzStGlhcXSnKTsrVaf61F9/RHk4/J85yyjKrisLVhGKu70qn6QfyXVmp+1z+1toX7NHh6w0bQ9Bl8T+PfE8xs/BHgqwObjUrk8b2xzHAhOXkPAHA5rE/ZE/ZJ134aazqP7Q/7Q+vQ+J/i74qiH9t6wBmDSLc8rp1kD/q4U4BIwXIyeMVR/Y1/ZmvfDmv3/7TX7QHjDT/ABb8W/E8AGo6haTrLa6DanldOsQCQkag4Zhy5zyRkt9E19VXxeGwuHeFwU1JS+Oovt/3Yv8A59p/ObV37vLE+Vw+DxOLxKxeOg48v8Om/sf3pLrUa+UE+Ve9zSCuR+NfwJ+FP7Q/gif4ffF3wfbavp0vzReaNsttJjAlhkHzROP7ykdwcgkHrqK8WpTp1qbhUScXunqmerVpUq9J06sVKL0aaumvNM+UF8T/ALS//BPpha/EB9W+KnwegOIfEcUfm6/4Zh7C6Qf8fcCj/loOVAJO0BUP0j8Nfif8P/jF4OtPiB8MfFtlrWj3ybre+sZdyk91YdUcdCjAMp4IBrdZVZSrAEEYIPevm74lfsYeMPhh4yu/jv8AsJ+JLXwl4iuX83XPBV4p/sHxFjkh4lwLaU84kTAyf4NzPXl+yxeW60b1KX8t7zj/AIW/iX92Tuvsyex4vscdlGtC9Wj/ACN3nBf3G376X8knzL7MnpE+kqK8W/Z1/bR8IfGPX5vhL8QvDl34E+JOnLjVPBOvMFlfAyZbWThbqIgEhl5wM424Y+016GHxNDF0vaUpXX5Pqmt011TSaPVwmMw2Oo+1oS5l+KfVNOzTXVNJrsFeC6Vj9qb9opvET/vvAvw0vTFpw6xaprYHzS+jJAMAH+9ggkMRXRftUfEvxHoujad8HfhjNnxj43nax0tkPNjb4/f3jY5UImcHrk5GdpFdt8KPhp4c+D/w90v4c+FYdtpplsIxIRhppDy8rf7TMSx9z6V8xjv+F/Oll61oYdxnW7SqfFSpeajpVqLypRe7R9pgf+EHJnj3pXrqUKXeNP4atXyctaVN+dWS2TOiooor64+UCiiigAooooAKKKKACiiqmv67o/hbQr3xN4h1GKz0/TrSS6vrudsJBDGpd3Y9gFBJ9hSbSV2JtRTb2R59+158foP2bPgNrPxJgt/tWrFFsfDWnBdzXupTnZbxKo5b5juIHO1GxVb9jH4A3H7OnwG0zwfr9z9q8SajLJq3jDUXfc93qlyd87s38W04jDd1jB6mvmnwB+1h8Hf+Cg37f3hHw/puq3Nt4V8Aaddar4b0vVrfy313W1OBOEBYbIYQZYwxDgox2gFgPuuvGwFejmmLnjKclKELwhb5Ocvm7RX91dmfPZXicPnOOqY+lJSpwvThbXs6kvm7RX92Lez1KKKK9o+iCiiigAooooAKKKKACiiigArxn9g//kiGuf8AZZviP/6mut17NXjP7B//ACRDXP8Ass3xH/8AU11ugD2aiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiivkL/got+1J+3h+yl8RPh74y+FGh/CO4+FXiD4leEfCevf8JDFqlx4hkl1bV47KdrdIZIbaFY45VZHdpSWzmPAGQD69or5U/b8/4KB6l+zl8UvCv7N/wy8YfDTwz4n8Q+Hr7xLr3jj4waybPw74T0K1nt7Y3VwFlha5mnurqGCGBZogSJGaRQgDexfsm+NfiX8Rfgrp/jX4ofE/4beNLrUJpZdO8U/CZZl0XUbPOI5YhNcXJDZDBts0i5HDdQADC8D/APKQv4of9kZ8B/8Ap28X16l4g/5C2h/9hV//AEkuK8t8D/8AKQv4of8AZGfAf/p28X16l4g/5C2h/wDYVf8A9JLigDUooooAKKKKACiiigAooooA/KrR/wDglj+2Ha/8FN4vhLc+ArQfsgab8fJ/jrYat/blp5jeIpNOXZpAsxL56QR6o0l0B5Xkle4bFe+/8FsrL9t74yfsr+N/2PP2Tf2FdT+JcPxI8B3enXPjC1+IWiaTBolzIxRY5LfULiKSf5QH3J8vzYzkV9sUUAfOP/BPr4g/td6j+zzH4I/aP/Ye1P4V6v4I8M6bpmh2upePtH1ceInhtDG7o2nzSLbAPEgxKQf3oIztNc78f/jp/wAFVLv/AIJuJ8SfgB+w7pth+0drkX2U/Di98eaXd23hlnmlQ3jXkk0Vre+XCscqxhwC8qg5COD9YUUAfnb/AMEuPCH7WP7Jj2vw78Vf8Eo/iJb614815L/4wfHfxj8XfCeoahrF++fM1C7jtb+Sdoo8sIrWEMIkO1QWLs36JUUUAZfg/wD5BM3/AGFb7/0rlrUrL8H/APIJm/7Ct9/6Vy1qUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABWT428BeB/iV4em8JfEPwfpmu6XcDE+n6vYx3EL+5SQEZ9+1a1FVGUoSUouzXVaEyhGcXGSun0eq+5ny/qv8AwTZh+GOpTeK/2H/jz4l+E+oSSGWTQopjqWg3L9T5llcEhSem4NhQflWq/wDw1t+2N+zd/on7YX7LsniDRYOJPiB8JC17AEH/AC0nsZMTQgDlnyF67VNfVFFess4qVly42CrLu9J/KcbS/wDAudHjvJadB82BqSovtHWHzpyvH/wHkZ578Cv2rv2d/wBpbTP7R+CfxZ0nXHWPfPYRT+XeQD1kt5AssY7ZZQD2Jr0KvGfjr+wH+y7+0Bqf/CVeKPh8ukeJUk8238XeFZzp2pwy9pPOhx5jDt5gcD0rzz/hXH/BST9mEeb8LPifpXxw8MQfd8PeOWGn67HGP4Ir9f3c7erzevC0/qeW4v8A3WtyS/lqWX3VF7r/AO3lD1F9dzTB6Yqjzx/npXf30376/wC3XP0PqmsnxB4B8C+LNQtdW8U+C9J1O6sW3WVzqGmxTSW5znKM6koc88YrwjwB/wAFNfgXfeI4vh1+0BomufCHxY/H9j/ECxNrBMehaG8/1MkeSMOxTd2FfRFhf2OqWUWpaZexXNvPGHguIJA6SKRkMrDgg+orzMfldailTxlHR6rmSlF21TTtKLtumm7b6M9PL81oYhupg62q0fK3GSvo01eMo32aaV9tSWggMNrDIPUGivK/2r/2rfBf7K/geDV9U0+41vxJrVx9i8H+ENMG691q9bAWKNQCQgLLvfBCgjgsyqxh8PWxdaNGlG8paJf106tvRK7bSQ8TiaGEoSrVpcsY6t/1u3skrttpJNsxP2yPjj8Ff2d/B1tceIPhpp/ivxZ4huPsXg3wbb6bFNea1eNgKiqVYrGCyl5MEKCAMsyqeN/ZY/4J/wCk6PpGp/E39qnQ9I1zxr4slFzf6LZW6xaT4fjP3bO0gjwgKjAaXlmI+8eWfa/ZN/ZS8aaR4yuv2sf2r9Qt9b+LGv2+yOKM7rPwrZHO3T7MZIUgEh5ASWJYAnLvJ9D1WZ5dkCoPCLD0qrfxzlTpyu19mDlBtQT3as5vXSNk88sx+fSrrGTr1aSX8Omqk48qf2pqM0nNraLuoLTWTk15DqP7Bv7KGov5zfCWG3kByslnqd3CVPsElA/Sqv8Awwx8KrP/AJFnxv450TH3f7K8Wzpt+m/dXtFFfIy4M4SlLmWBpJ94wUH98HB/ifXR4w4qjHl+u1Wu0puS+6amvwPF/wDhkzxlpn/IsftcfEuHH3RqerR3gH/faDNH/Cj/ANrHSjnQv2y3nQdINV8EWkmfq4bdXtFFL/U/I4/wlUh/gr14/wDuaRX+tudS/iunP/HQoS/9xI8X/wCEb/b10n/kH/Er4davjp/auj3Vvu+vknij/hKv28dJ/wCQh8Kvh/q+Ov8AZWuXFvn6ecOK9ooo/wBWHD+DjsTH/uNzL7p05fmH+sin/FwWGl/3C5X98KkfyPlD9orwb8Tv2h9Ah0z4w/sN3yahpzeZonirwt46tBqOlzA5ElvIF3rggHacqSASMgEcL4b/AG6f2rv2SvB97o37WvwP8S67pFpH5WgeP5NN8klzhYotR2bkBJIHmq25sDh2JYfdNUfEnhrw/wCMdAvPCvivRrbUdN1C3aC9sbyESRTRsMFWU8EVyS4ZzalVnXoZlU53Fr3oUXd2aXM4whez2bi2vNaHiZhLKsXWjicNgqdCunFuUJVXGaTXu1KcptTi1pdShON/cmtj5K/YE+PR/aL/AGhPFPj/AMcadDca9c+HYm0i8smJtLKxjkVHgiUliu55EfO45w3TJz9h18m6j+xv8SP2NfFd78Y/2BrO2vdNu0U+JPhZrdyWjvo1yc2V1IS8EvJIRmKknuAqV7D+zf8Atb/Cr9paxurPw1NdaT4l0k+X4h8G67D9n1LS5QcMJIm5ZQeN65HIBwcqM+C8Fjcgy7+zszq8+Ic6k+dq3tOeXNfm2lJL4tpaJcvKla8/4twnEGdpvDfVZckIRp83NTfJGz9jJ293qoO043fMpNuT9Rooor7Y4gooooAKKKKACiivOf2jf2o/hV+zH4Zh1nx9qM1xqWoSeToPhvS4vP1DVpyQFighHLZJALHCgkAnJAOVatSw9J1KslGK3b/r+uiZjiMRQwtGVWtJRit29v67LVt6JN6HbeK/FnhjwJ4cvPF/jPX7TS9L0+AzXuoX86xRQoOrMzHA/wAivlnXfHHxq/4KPx3ngb4Mi98E/Be6WS01zxxe2m3UPFEByksFhDIP3cDDKtKw5Bx2aM6XhT9mj4w/te+I7P4uftywrp3h61nFz4Y+DllcFrW2/uTak4x9pmx/yz+6OQQAzR19QWdnaadaRafp9rHBBBGscEEKBUjRRgKoHAAAAAHSvMcMTmq99OnRfTac159YRfb4mt3FOx4zhi86X7xOlh39nadRf3usIP8Al+OS+JwTsfJX7H//AAST+H37KHxx/wCF3H4p3/iO5sI508PWc2mLbCyEqNEzSMsjee/lOyghUHzE7emPrmiiuzA5fg8to+yw0OWN27a7v1ud+W5Xl+UYf2GDpqEbt2V9311bf/A0Ciiiuw9AKKKKACiiigAooooAKKKKACvGf2D/APkiGuf9lm+I/wD6mut17NXjP7B//JENc/7LN8R//U11ugD2aiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACvgz/gt18XNXj8O/Dj4L+Df2dfjF4z1XTPi74G8a3954B+Ems65YQaXYa/HPdBrqyt5IluEitpH+zlvMKtGduJFz950UAfnL+034Q0Hxd+3t8Cv+CtWufshfEfxv4CtvhprfhPVPDsnwtvZ/EPhS/a8E1lqcuhyxfbSrL9thJSFnjE0b42uGHr//AASJ+Enjn4feFPjL8QtW+DuqfDfwl8SfjZqfif4dfD7W7BbO70nSpbSzgaWW0B/0Frm5gubn7MQCgmBYBnYD67ooA+ePgF8MfDfwu/b9+L+n+GtS8Q3Meo/CvwPfXDeIvF2o6w6Svqvi4FYnv55mgi+UYhjKxKclUBY59z8Qf8hbQ/8AsKv/AOklxXlvgf8A5SF/FD/sjPgP/wBO3i+vUvEH/IW0P/sKv/6SXFAGpRXnH7QX/DXf/Eo/4ZW/4Vv/AMvH9vf8LB+3/wDTPyPs/wBj/wC22/f/ALGO9eb/APG3b/q3D/yv1w1sd7Go4eyqSt1jC6+T5l+R5uIzL6vWdP2FWVusYXT9Hzr8tz6Por5w/wCNu3/VuH/lfo/427f9W4f+V+sv7T/6cVf/AAD/AO3MP7Y/6hq3/gv/AO6H0fRXzh/xt2/6tw/8r9dJ8I/+HjH/AAsLT/8AhfH/AApT/hFP3v8Aav8AwiP9r/2j/qn8ryvtH7v/AFvl7t38G7HOKqGY881H2NRX6uFkvV870NKea+0qKH1esru13Tsl5t87su7sz2uiiuV+Onwc8FftD/Bbxb8BviPYfadA8Z+HL3RdYhAGWtrmB4ZNuejBXJB7EA9q9E9U6qvlz/goH/wVe+En/BOqacfEr9nP41+M7aw8MjX9Z1b4bfD1tR07SrDzZYjJdX0ssNtAwMLko8gbaVOPmXPwXN+1h8ZvEv8AwRW03/gl/L4iZPj9f/Fb/hmLUZVyXiWGbyp9UK53tb/2EokM2cFpN249/sf/AIK8/DDwd8Ev+CFfxk+DXw70sWWgeE/gjLo+iWa/8sbS2tkhiT3wiKKAPrf4deN9J+Jvw+0L4kaDb3ENj4h0a11Kyiu0VZUiniWVFcKzAMFcAgEjOcE9axP2gvjTbfs+fCjUvitdfDPxn4xXT5IEXw78P/Dsmq6tdtLMkSiG2QgsAXDMxIVEVnYhVJqj+yR/yal8Mf8Asnui/wDpDDXoLBipCtg44OOlAHyv8Jf+CtXwh8cfHTwz+zr8Yv2c/jN8F/E3jh5ovAyfF3wTHYWniCeKMySW1tdWtzcw+eIxu8qR0Y5AALMAfqmvyx/ac+GH7VH7PH7df7LPxh/4KVftQ2Hxu8B3XxitfC/w+07wf4Og8J/8I/4x1K2njsdRurQPdPqUIEcicXUXkMwfZICyn9TqAMvwf/yCZv8AsK33/pXLWpWX4P8A+QTN/wBhW+/9K5a1KACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigDE+IHw1+HvxX8OS+EPib4I0rX9Lm/1lhq9hHcRE/3grggMOzDkdjXzvff8E4tV+EN7L4k/YV/aH8R/DGdpDK3ha7lOq6BcMTkg2twSYi3ILqzFQflUV9R0V3YXMsbg4uNKfuveLtKL9YyvF/cn5nBi8swOOkp1Ye8tpK8ZL0lFqS9LteR+f37Wf8AwUw/bp/Yk8L2HhT41/s6+CZfEerSyDQ/F+maxNPpGoRw7PO/0TKTxuPMj4aRAd+QMDFdN/wSjktv2um8Qft9fGmaTWfH7a9caFpyzW+yx8PWkcUUgh0+Ms2wMtxhpCd5ywzku0n1L8d/2cvgn+014QTwJ8c/h/a+INMiuBPBDPLJFJDIBjdHLEySRnBIO1hkcHIrT+FPwk+G/wADvAtl8NPhP4RtdD0PT1ItbC0BwCTlmZmJZ2J5LMSx7k17dbOsreSOjh8P7PETdpSjonG92ldtpPS8VZabtPlPCo5Hmqz1V8Rifa4aCvCEtZKdrJu0Um462k7vXZNcx0dFFFfLH1gUUUUAFFFFABRRRQAUUUUAFeQftIfsbfD74/X9r490rVLzwj4+0kZ0Lx34ebyr22YDhJcEC4i7GN+xYAruOfX6KxxGHoYqk6dWN0/6uuqa6NNNdGc+KwmGxtF0q8VKL/Po09010aaa6M+ZfA/7YXxH+Animz+DH7fWi2ujXN1KIPD/AMTtNQjRNbPYTHAFnORyVbCdThF27vpiGaG5hS4t5lkjkUNHIjAqykZBBHUVl+OPAng34l+FbzwR8QPDNlrGkahF5d5p9/AJI5F9wehB5BHIIBBBFfNE/wAL/wBo/wDYGnfWf2fI9R+JHwpRi958O725MmraDHnLNp0rZM8Y/wCeDZPGBks0g87nxeW/xL1KX8284/4kvjX95LmXVS3PJ9pjso0q3rUf5t6kF/eS+OK/miudfajLc+raK4f4C/tF/CL9pXwaPGvwl8VR38KMI7+ykHl3VhL3inhPzRuMHrwcZUkc13FenSq0q9NVKck4vZrVM9mjXo4mkqtKSlF6pp3T+YUVT8Q+ItA8I6Hd+J/FOtWunadYwNNe317OsUMEajJd3YgKB6mvl3U/jD8dv2+NRn8G/sv3194J+FyTNBrXxSuLdo73WFB2vDpcbYKKeQZzgjnG0rtfnxeNp4VqFnKcvhit3/kl1k7Jeb0fJjsxo4Jxgk51JfDCPxPz7KK6ylaK7t2T6747/tmapb+OJf2dP2TvCkXjj4kMNt6BIf7L8OLnBmv5l4BU/wDLIHcSMHBKq2j+zl+xnpfwv8TTfG34y+K5fHnxQ1KP/iYeLNTjGyyUg/6PYxfdt4gCVG0BiCfug7B3XwI/Z8+FH7N3gaLwB8JfDEen2gPmXdwx33F9NjmaeU/NI59TwOgAAAHa1hRwVSrVVfGNSktYxXww9P5pf33/ANuqK35sPl1atWWJx7UprWMV8EPS/wAUu85K/wDKorcooor0z2QooooAKKKKACiiigAooooAKKKKACiiigArxn9g/wD5Ihrn/ZZviP8A+prrdezV4z+wf/yRDXP+yzfEf/1NdboA9mooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAPGfA/wDykL+KH/ZGfAf/AKdvF9epeIP+Qtof/YVf/wBJLivLfA//ACkL+KH/AGRnwH/6dvF9eoeKWNrJpurOjGGy1DzLgqpJVGhlj3YHYGQE+gyaANaisoeOfBJGf+Ew0sfW/jH/ALNS/wDCc+Cf+hw0r/wYR/8AxVAGpRWX/wAJz4J/6HDSv/BhH/8AFUf8Jz4J/wChw0r/AMGEf/xVAGpRWX/wnPgn/ocNK/8ABhH/APFUf8Jz4J/6HDSv/BhH/wDFUAalFZf/AAnPgn/ocNK/8GEf/wAVR/wnPgn/AKHDSv8AwYR//FUAfOVn/wAEjv2VrH/gpRN/wVJhv/FJ8fS2bougtqcH9hRXj2Cae+pJbeR5gu2tEEJk83aQSduTmrf/AAUD/wCCZ3hv/golo7+D/iF+1v8AGrwR4YvNBk0nXPCPw48TWFnpuswu5ZmuormxuDI+DtyGUbQBjvX0F/wnPgn/AKHDSv8AwYR//FUf8Jz4J/6HDSv/AAYR/wDxVAHj37H/AOwyv7IPw61n4Y237Wvxk+Imn6nY29np0nxL8S2d7NoUEMLxLHYtbWduIQVYZ3B+Y0xjBzVX/gn54f8A+GPfD37H7/tT/G4p4ZuVuLD4lx/EN4vFssyzSyh59QjiUTD980ZRoyjRqqspxXtf/Cc+Cf8AocNK/wDBhH/8VR/wnPgn/ocNK/8ABhH/APFUAfMfwq/4JC/Bfwf8cvDX7RPxs/aI+M3xt8S+CJnuPA7fGHxvHqFn4funXYbq2tLW3toBPt4EsiO4wrAhlVh9YVl/8Jz4J/6HDSv/AAYR/wDxVIfHXgsD5fFumueyx3qMx+gByfwoAXwf/wAgmb/sK33/AKVy1qVmeEIpo9DEk8LRme6uLhUdcMFkneRcg9DhhxWnQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAeD/Hr9iex8XeMj8ef2d/F8nw8+JkKk/27p0Q+yauOvk39vjbOjYAL4LDgnftArzTX/wDgq1a/s3xv8O/20Pgn4g0Tx1ZqhMHheGG6sdVgbcFvbaSWZNsTMjAqSSp4ySGC/YdfMn7eH/BNDwd+234m0bx2/wARrrwxrelWIsJbtNNF5Fc2gkeRYzGZI9rK8khDBv4yCDxjwMzweOw9KVfKtKresdOWV93Z2Sku6av1voz5fOcBmeEozxOSWVZvWDtySvvLldkpre6cebXmvoznPhN8NPHP/BSCz0r9oP8AaT1qC3+Gks5ufCHwu0S/LwXPlyMon1KZcec4ZSPKGApGCF+dW+t9M0zTdF06DR9H0+C0tLWFYra1tohHHDGowqKqgBVAAAA4ArlP2fvgl4T/AGcvg5oXwV8ES3Emm6FatHFNdMDJM7yPLLI2OAWkkdsDgbsDgV2Vd+XYN4agpVNaskueV7tu2qv2TvZKyS2XV+nlOAeDwynW1rTSdSTd25W1V/5U7qKSUUtl1ZRRRXoHqhRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAV4z+wf/yRDXP+yzfEf/1Ndbr2avGf2D/+SIa5/wBlm+I//qa63QB7NRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAeM+B/+UhfxQ/7Iz4D/wDTt4vr2avMfib+yD8Fviz8SJfi54km8a6f4guNDtNIu77wj8UfEGgC5s7aa6mt45YtMvreOUxyXt0Vd1LDzmGcYAx/+GD/AII/9Dx8Zv8AxI7xr/8ALegD2aivGf8Ahg/4I/8AQ8fGb/xI7xr/APLeuR/aA/YC0bUvgP42074EfEv4w2Xji48I6lH4MvJ/2jvGWyDVWtZBaSN5mqsmFnMZO5WXA5BGRQB9KUV4z/wwf8Ef+h4+M3/iR3jX/wCW9H/DB/wR/wCh4+M3/iR3jX/5b0AezUV4z/wwf8Ef+h4+M3/iR3jX/wCW9H/DB/wR/wCh4+M3/iR3jX/5b0AezUV4z/wwf8Ef+h4+M3/iR3jX/wCW9H/DB/wR/wCh4+M3/iR3jX/5b0AezUV4z/wwf8Ef+h4+M3/iR3jX/wCW9H/DB/wR/wCh4+M3/iR3jX/5b0AezUV4z/wwf8Ef+h4+M3/iR3jX/wCW9cjrP7AWjSfHjw3qOj/Ev4wp4Hi8I63H4isz+0d4y3y6q91pR06QZ1XfhYE1QHawXMi7gx2FQD6Uorxn/hg/4I/9Dx8Zv/EjvGv/AMt6P+GD/gj/ANDx8Zv/ABI7xr/8t6APZqK8Z/4YP+CP/Q8fGb/xI7xr/wDLej/hg/4I/wDQ8fGb/wASO8a//LegD2aivGf+GD/gj/0PHxm/8SO8a/8Ay3o/4YP+CP8A0PHxm/8AEjvGv/y3oA9morxn/hg/4I/9Dx8Zv/EjvGv/AMt6P+GD/gj/ANDx8Zv/ABI7xr/8t6APZqK8Z/4YP+CP/Q8fGb/xI7xr/wDLeuR+Cf7AWjWHg29g+MvxL+MN3q7eLvEElnLD+0d4ywulPrF4+lx/u9VUZTT2tEORuyp3FmyxAPpSivGf+GD/AII/9Dx8Zv8AxI7xr/8ALej/AIYP+CP/AEPHxm/8SO8a/wDy3oA9morxn/hg/wCCP/Q8fGb/AMSO8a//AC3o/wCGD/gj/wBDx8Zv/EjvGv8A8t6APZqK8Z/4YP8Agj/0PHxm/wDEjvGv/wAt6P8Ahg/4I/8AQ8fGb/xI7xr/APLegD2aivGf+GD/AII/9Dx8Zv8AxI7xr/8ALej/AIYP+CP/AEPHxm/8SO8a/wDy3oA9mor5r+JH7AWjXXjL4fz/AA7+Jfxhg0i28XTSePIpP2jvGWbnSjo+pJHGu7VScjUH05/kKtiM87dyt13/AAwf8Ef+h4+M3/iR3jX/AOW9AHs1FeM/8MH/AAR/6Hj4zf8AiR3jX/5b0f8ADB/wR/6Hj4zf+JHeNf8A5b0AezUV4z/wwf8ABH/oePjN/wCJHeNf/lvR/wAMH/BH/oePjN/4kd41/wDlvQB7NRXjP/DB/wAEf+h4+M3/AIkd41/+W9H/AAwf8Ef+h4+M3/iR3jX/AOW9AHs1FeM/8MH/AAR/6Hj4zf8AiR3jX/5b0f8ADB/wR/6Hj4zf+JHeNf8A5b0AezUV81/Df9gLRrXxl8QJ/iJ8S/jDPpFz4uhk8BxR/tHeMs22lDR9NSSNtuqg5OoJqL/OWbEg527VXrv+GD/gj/0PHxm/8SO8a/8Ay3oA9morxn/hg/4I/wDQ8fGb/wASO8a//Lej/hg/4I/9Dx8Zv/EjvGv/AMt6APZqK8Z/4YP+CP8A0PHxm/8AEjvGv/y3o/4YP+CP/Q8fGb/xI7xr/wDLegD2aivGf+GD/gj/ANDx8Zv/ABI7xr/8t6P+GD/gj/0PHxm/8SO8a/8Ay3oA9morxn/hg/4I/wDQ8fGb/wASO8a//LeuR/aA/YC0bUvgP42074EfEv4w2Xji48I6lH4MvJ/2jvGWyDVWtZBaSN5mqsmFnMZO5WXA5BGRQB9KUV4z/wAMH/BH/oePjN/4kd41/wDlvR/wwf8ABH/oePjN/wCJHeNf/lvQB7NRXjP/AAwf8Ef+h4+M3/iR3jX/AOW9H/DB/wAEf+h4+M3/AIkd41/+W9AHs1FeM/8ADB/wR/6Hj4zf+JHeNf8A5b0f8MH/AAR/6Hj4zf8AiR3jX/5b0AezUV4z/wAMH/BH/oePjN/4kd41/wDlvR/wwf8ABH/oePjN/wCJHeNf/lvQB7NRXjP/AAwf8Ef+h4+M3/iR3jX/AOW9cjo37AWjR/HjxJqOsfEv4wv4Hl8I6JH4dsx+0d4y3xaql1qp1GQ41XfhoH0sDcxXMbbQp3lgD6Uorxn/AIYP+CP/AEPHxm/8SO8a/wDy3o/4YP8Agj/0PHxm/wDEjvGv/wAt6APZqK8Z/wCGD/gj/wBDx8Zv/EjvGv8A8t6P+GD/AII/9Dx8Zv8AxI7xr/8ALegD2aivGf8Ahg/4I/8AQ8fGb/xI7xr/APLej/hg/wCCP/Q8fGb/AMSO8a//AC3oA9morxn/AIYP+CP/AEPHxm/8SO8a/wDy3o/4YP8Agj/0PHxm/wDEjvGv/wAt6APZqK8Z/wCGD/gj/wBDx8Zv/EjvGv8A8t65H9n/APYC0bTfgP4J0747/Ev4w3vji38I6bH4zvIP2jvGWyfVVtYxdyL5eqqmGnEhG1VXB4AGBQB9KUV4z/wwf8Ef+h4+M3/iR3jX/wCW9H/DB/wR/wCh4+M3/iR3jX/5b0AezUV4z/wwf8Ef+h4+M3/iR3jX/wCW9H/DB/wR/wCh4+M3/iR3jX/5b0AezV4z+wf/AMkQ1z/ss3xH/wDU11uj/hg/4I/9Dx8Zv/EjvGv/AMt6774N/BvwB8A/AEHwy+GVhf2+k29/fXoGqa5ealcy3N5eTXt1NLdXsss8zyXFxNIWkdjl8DAAAAOoooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACvy0i/Zk+Gv7cXwj/bD/bB+OAvbj4m+D/ih440D4XeM49VnhvPAVr4cjNvpx0xkcCzPn27XchQDzmnbzN6nFfqXXxx8YP+CWfxM8U638V/CfwO/bNv/h98Mvjrqk2o/FHwVB4Kgv71rq6to7XUpdK1F50OnG8hiUSb4bnbIzyR+WzcAHu37D/xb8T/AB//AGLPhB8d/GqqNZ8bfC7w/r2rhIwgF1eadBcS4UcKN8jcdq+I/wDgoF+x9+yp8EPHfw4+HX7Dfw2k0j9qfxv8SNL1fwt4p0bWLubWLTS7fU4Z9a1TVrmSV5JNLFp9pgeKctHI9xHFGhbAX7msPgr458G+Ovh5bfCT4sxeGvhn4J8L3ej6l8NYfDUFwmr/ALq3i0+Rb52860FokMgEaAiXzvnI2DPzF8FP+Can7fHwM+Onj39oLRP+Chfw71zxN8RddF1r2v8Air9nm5u9STTo2/0bSIJ08RRpBaQISscccSruZpGDOxNAHV/8FNf2cf2YfE1lF8c/il/wTG8Q/tGeJV0ptLtbXwxHZS3emW8QlmRlF5fW/kZeVwJLVZLjcw+U7Vx8tfDnUdd+Of7E37Bn7HXxA+PF5448L/Fzxtqdv8SNattUvlfVtO0fTdX1EeHrma4WK5dI57W3spxKsckn2F1dRudT92/Hr4Lftz+M/Htzrf7Pf7ceheBfD13YRwtoOtfCCHXJrOZQQ09tc/brbazZB2zRzqCOBg4rz64/4JO+BPDn7I/w5/Z1+D/xn8QeH/FPwn8ZN4x8FfE2+tIL++XxBNPdzXt1dwERx3MN0b+9Sa3BjUpPtUoUQgA5r9jLwJ4W/ZD/AOCn/wAW/wBiX4G6Z/ZHwx1H4ReGfH+ieELWVzYeHNSn1DVNNvI7OIki3juFs7eZolwgdWZQNzZ+168I/ZK/Y38VfAz4leO/2iPjn8bv+FjfE74iJp1prXiO38Npo9jZaZYJKLPT7KyE05giVri4lYtNI8kkzMzcKB7vQAUUUUAfMH/BZn4r/EP4Nf8ABNj4keLPhT4ru9B16/8A7H8P2eu6fJsuNNXVtYsdLluonHMckcV5I6uOVZQwIIzXkUv7NPwY/wCCcn/BSX9mjwp+x94R/wCEP0L4u2vivwx8RNCsb2Z7fXPsOjNqlnqVykjsJL2KW0kQ3R/eut26uzAgV9e/tT/s3/Dz9r39njxd+zT8VRdroXjDR5LG8uNPm8u5tWJDxXMLkELNFKscqMQQHjUkEcV5F8Ef2D/jRpv7Q/hj9pX9sH9rgfFjXPh94bvtH+HlvY+BIdAttN+2iJLzULlI7mc3d9LFBHF5gMUSI0gSFTISAD2X9oD9nP4O/tSeAR8Lfjr4UfXfDrX8V3caQdRuLeG6ePOxJhBIhmiycmJyY2wNykDFfH//AATO8DfDKz/bk+N+rfsM6AdC/Zr07w9pnhxbDS7iQaBqvja2ubr+0rvR4ixSOKG3a2tZ5IAscs8ZxvMTNXrX7SX7Gf7Yn7QX7Ivjb9m2D/goPNoeu+L/ABffXEXjm1+HMKS6d4anuWdNBSG1vLdjsgK2xvRKkzoGb5WbK7H7Iv7L37Uv7OXgYfCLxV+0X8OLvwdpPhb+yfBeh/D34KSeHToUqhVimDT6xfJOqKG/dtGNzHcznkMAfGXxw+Bn7Pn7Lv7ePwI8K/s3fsX+Iv2fXi+NOn2Wp/Hmd0j0jxlZvBKG0AyWd1czXcmoOyQodTS3AdCVcybFe/8AtjfsJ+JtE/bY+Pn7bnxd/wCCVHw1/aM8C61pfh650t/EHimzj1zTbTTNJ8u++w2VxZTJO7tkiN57cuYABu3LX0dqv/BPr9qD44eL/A7/ALaP7dNn468I+AfGen+K9N8LeFfhXB4efVdUsJRNYyahc/bbozRxTBZTFBHbq7Iu75RtO9+0d+yj+3b8bdV8WeFPBn/BRKx8H/D/AMWwtayaLa/CC2uda0qzkgWKeGz1Nr1I0Zv3jLLLayvGZOD8q4APY/2cfij8L/jf+z94I+MXwSwPB/ifwpp+p+F0FuIfLsJrdJIEMY/1ZWNlUp/CQR2rtK5T4FfBjwH+zl8FfCfwB+F2nyWvhvwV4cs9E0O3ml8yRLW2hWGPe/8AG+1AWY8sST3rq6ACiiigD4d/aQ+FXgH9tb/grnpv7Jv7Svh2PxR8NPAv7PS+M7TwRqUjHTdR1vUNbnsBd3MAIW5a3t7FliEgZY2u3YAMQa6j/gj9qut6P8PfjP8As73Gv6hqOhfBv9oXxD4N8Ey6pfSXU9voiQWV/a2hmlLSSrbjUGtkLsWEcCLn5a7n9p39i/x/8Tvjv4a/aw/Zq/aAi+GnxL8P+Grzw1d6rqPhJdd03WdEuJo7g2l1Zm4tmLRXESywyxzIyM0gYOrlap/C39hn4jfAD9lq++DXwF/amv8ARfH/AIh8ct4t8ZfFfVfCVnqNxrWpXWpR3eps1i5WCJbiFXtIwp/0eIxldzRgkA47/gpZ+zf/AMEyfDvgfxV+2J+2/wDBuDxLqA06HTdMknvbu41Ke7K+TZ2GiwrL+4vppCFj+yqkjSNuZsKWHLeD/i3+19+zB/wTP+Bf7OHxA8R/2l+1D8RvD9p4Y0OTXLgXkmnXxgMt1ql+5P79NMs8yzuSRNNEke4tcKT0v7U3/BO39qn47ftt+H/2vvA37Z3hHS7DwVo/2bwD4D8bfBybX7Lw/fyLtudViaLWbISXki5jWWSNjFGSqEZZm9T8b/sLfBz9qD4beFfD3/BQz4Z/Dv4z+I/DK3Ri1u/8Ara2aSTuu97aznuLprbckcCsPOfcYg2RkKAD8+P2edf1X/gnZ/wSX/b8u/2f/FOoy6v8OfjJ4yh8Pa/qF6bm/N3/AGPpES6lLI2TJP5rm4ZjwXycY4r2Dxp+yT8Hv+CZPx9/ZN+IP7LWm3Glan44+JS/D34oXMepTyv44tb3QdRujf6kXdvtV1Fd2EVwtw2XBd13bGK16f8Asz/8ER/2Nv2dfAfx5+Gtp8PfDk+k/HXV9Xiv10TwzHpk2k+Hb61hhXQ4pEkctFC0csqSDYA82RGpXJ1fgr/wTj+MWh/Fr4a/ED9qb9sy6+KemfBa0uU+GGif8IPBpDxXcto1iNR1OdLiX+0btLR5YkdEt0BmeTyy5BAB9ZUUUUAFeX/tu/FvxN8Af2L/AIvfHfwWqtrPgr4X6/r2kq8YcG5s9OnuIsqeGG+NeD1r1Csvxt4M8M/EbwZq/wAPfGukx3+ja9pdxp2rWE2dlzbTxtFLG2OcMjMp+tAH5jv+zL8Nv2IPg/8AseftifBH7bb/ABP8YfFDwNoPxR8aSarPNeePLbxGgt9S/tNnci8/fXC3cZcHyWgXy9ijFfpT8XPhR4I+Ofw31b4S/EmwurvQdcthb6pa2ep3FnJNFuDFPOt3SVA23B2sCQSOhNfLfwg/4JY/EvwrrXwo8IfG/wDbNv8A4gfDD4FapDqPwv8ABM/gqCxvRc2ttJa6bJquopO/9omzhlby9kNtukVJJPMZefXfiZ8CP2s/GXhH4x+HPCP7bDeH7nx0kEXww1GP4f2sr/DyMWkUM+zbNG2pPJKs06yTMhiaUKMqgyAfMH7O3wW+Bfw4/wCCutv4H/4JueBYfCngb4feANVsP2jV8MzSR6Be6zcvaPo+nmLcYpNWgC3U8sqjzI4p1SR8yBK8f/bt8ZXv7Z/x6+B/7YsfiGRfhn4H/a/8FeEfg/ZR3W2HW511jZrHiJ1BxJE00AsrRjkCK3uJl+W6Uj67/wCCfX7Cn7Uv7Dvh3w/8I739qP4ca/8AD3R4bhr/AEXRPgpd6VqurXsqsz31xqU2vXZkuJJ286WR4XaUkjK5BHG/tHf8G/X/AATb+NMPhH/hAP2XPhn4Hn0D4i6T4i1240/4fW0za9p9rOZLnSZdrx7YrlTsdzvAHJjfpQByv/BRX9gT4l/Hb/goFpf7UQ/4J+/DH9oXwbpfwSXw7H4a+InjC30zyNT/ALWluzNaiayuleQQkIN4iQ+cf3owa+nP+CdHxi+BPxy/Y58HeNf2cPhY3gTwtbw3Wkw+BJLCK1fw5d2V1LaXenNFESiGG4hlT5flYAMOGFUfjN+zx+2bf65bWP7Jn7aHhv4Y+ELbw/baZa+FdR+DkGt/2eYQyia0n+3W3lnYY1EcqTRr5QwuCQer/Y0/ZS8EfsVfs7aH+zz4E17VNYg0uW7u9R17XJVe91fULy6lu7y9nZFVd8txPK+AAFDBRwooA9RooooAK+Mf+Cj+gad+0B+2t+zF+xD8SxNefDbxxN4w8R+OPDguXit/EB0WwtPsdjdbCDNbefqHntASUkNqm4MBivs6vEv2xf2P9S/aT1LwH8T/AIZ/FubwB8Sfhfr0+qeB/GC6KmpwQi5tntbyzurN5Ixc2s8D4dFkicNHG6yKU5APHv8AgnD4f039n79tj9pz9iL4ZLNZ/DbwRJ4P8SeB/DZuXlt/D51qxu/tlja7yTDbedp/nrApCRtdPtCg4r079uT9mT/gn54+8OXf7SX7fPgfw/qvh/wJ4eme4vvGV7M+maZahjI832Uv5JmJwFk8szE7UQ5IBzvg5+wz8VfhB8O/jB4isv2qZbv44/GNmudW+L7eCrcQaVdw2Is9N+y6Q8rxfZbNFVkt5ZZDIzSmSRvMOOS/bf8A+Cdf7TP7X3ij4TavaftneHbHSPhqsWoap4R8W/CRtY0rxP4giUCLVrqC31WyB8pgZIrZi8SSHfhiq7QD598P/sfftR/tRf8ABBnxh+zvo/gfUZp/G/js6r8JfBHxK1p0vNM8FjxTa3+nadqE9x5joU06EnY5kdI2SIgsuwd7+yF4y+Cn7HHxY+JvwJg/4Jg+BP2fPijb/Ce58b6enw91G21PSvGGjWUjRNsvIbS0l8yC5ljV4JYUYC4V1LKc19NH4S/tx33wDuPBuqftmeFbb4inWlubLx1onwfEOnpZqUP2SXS7jU7gybsOGlW5jbDjbtK5blv2ff2EfiD4X/aO1f8Aa7/a1/aNi+Knjy98Et4P0ZdO8Fx6Doui6LJcpc3EEFl9ouXeSeaOJpJpZ3JWJEUKowQD4XsPgd4R+Av/AAS2+Av/AAVw8KXd7N8fdV1z4feLPG3xCbUpm1DxYviPVtPg1LSrxt+JrQw6pJGlvjZCIIzGEKZr9eq+KPh9/wAEivGHhXTfAfwD8V/tg3+v/AL4X+MbXxD4J+F03g2GK/DWVwbnTbC+1b7QxvLK0m8tkiFvG7CCJZJHCnP2vQAUUUUAFflpF+zJ8Nf24vhH+2H+2D8cBe3HxN8H/FDxxoHwu8Zx6rPDeeArXw5GbfTjpjI4FmfPt2u5CgHnNO3mb1OK/Uuvjj4wf8Es/iZ4p1v4r+E/gd+2bf8Aw++GXx11SbUfij4Kg8FQX9611dW0drqUulai86HTjeQxKJN8NztkZ5I/LZuAD3b9h/4t+J/j/wDsWfCD47+NVUaz42+F3h/XtXCRhALq806C4lwo4Ub5G47V8R/8FAv2Pv2VPgh47+HHw6/Yb+G0mkftT+N/iRper+FvFOjaxdzaxaaXb6nDPrWqatcySvJJpYtPtMDxTlo5HuI4o0LYC/c1h8FfHPg3x18PLb4SfFmLw18M/BPhe70fUvhrD4aguE1f91bxafIt87edaC0SGQCNARL53zkbBn5i+Cn/AATU/b4+Bnx08e/tBaJ/wUL+HeueJviLroute1/xV+zzc3epJp0bf6NpEE6eIo0gtIEJWOOOJV3M0jBnYmgDlP8Agoh+wB8TPjX/AMFDov2qZf8Agnf8Mf2h/B1j8DrTw3B4d+IXjG20yS21OPV727kktFnsrpHk8mWNB5nkofNx5owaofHr4T+FP+Cov/BMn4AXn7Ev7Knhq98G+HfixpOq6j8HPG1zDo1haWOjvf2d/o1yFhnSMJcI1sQkUoP3grLX1V+0H8Ev27PHXjq61f8AZ1/br0L4f+H7zTY7dtE1f4PQa7PZzDcHuba5N9b7XYFTtmjnQFfu4JFYHgf9hf4pfs0/sn+CP2Zv2I/2oj4MuPCd9c3WqeI/GfguHxI3iOW6luLm7ku4hPasskt3cPcFoZY9p+UDbxQByP8AwS38RfAvwT4v+J/7JvhP9gzw3+zt4/8ABdzpmp+MvB3hG4tbrTNWtb6KUWWp2t5bwwfao2FvNG2+GOSNoirKMivsGvAv2Qf2KvEf7P8A8S/H37RXxs+O1z8Svif8SV0628Q+Jf8AhH4tIsbTT9PSVbOwsbGOSX7PChuJ3YtLK8jyFmY4GPfaACiiigD5g/4LM/Ff4h/Br/gmx8SPFnwp8V3eg69f/wBj+H7PXdPk2XGmrq2sWOly3UTjmOSOK8kdXHKsoYEEZryKX9mn4Mf8E5P+Ckv7NHhT9j7wj/wh+hfF218V+GPiJoVjezPb659h0ZtUs9SuUkdhJexS2kiG6P711u3V2YECvr39qf8AZv8Ah5+17+zx4u/Zp+Kou10Lxho8ljeXGnzeXc2rEh4rmFyCFmilWOVGIIDxqSCOK8i+CP7B/wAaNN/aH8MftK/tg/tcD4sa58PvDd9o/wAPLex8CQ6Bbab9tESXmoXKR3M5u76WKCOLzAYokRpAkKmQkAHsv7QH7Ofwd/ak8Aj4W/HXwo+u+HWv4ru40g6jcW8N08ediTCCRDNFk5MTkxtgblIGK+I/2Gk+HPwn/ac/aP8Ai7+wf4RbTP2cPB3gK306HRtLuJBoOt+ONPe9l1G40eIkxxxR2/2a0nkhCxyzxnG8xM1e7ftJfsZ/tiftBfsi+Nv2bYP+Cg82h674v8X31xF45tfhzCkuneGp7lnTQUhtby3Y7ICtsb0SpM6Bm+Vmyu9+xp+y/wDtFfs4+Frf4R/E/wCNfwx8Q/D3SPDiaT4b8HeBvgvN4bTT1Uqo3SS6xfLLH5YdTH5almfcXPIYA/N79hP4j+Frb4JfBf8A4KZ/tqf8E7v+EgPjrxZpE2tftLa14/W58R6drOoagtvb3Y0wR/6HoqXkkVrDFDc8W4jZrbDEH6M8Ffsk/B7/AIKcftB/tY+PP2ptNuNV1HwP8ST8PfhhcS6lPE/ge1s9B066+36aUdfst1Ld38tw1wuHJjRd2xQtdj4T/wCCO3jLQ/BfhX9lbXf2yr/VP2c/BPjG017w/wDCt/BMEepPFZ341Cx0q61n7QxuLGC5SJggtkmZIURpiBmuy+NX/BOX4x638W/iV8Q/2WP2zLn4V6b8aLO2j+J+i/8ACDw6u8t1DaCx/tHTJnuIf7Ou3tEiid3S4QmGOTyw4JIB1f8AwSY+O3j79pr/AIJp/BH46fFPUJLzxJ4h+HenTa5fzD5726SMRSXLf7UrIZDjjLnHFfQ1cr8Dfgz4B/Z0+DHhT4B/CzS2svDfgzw9Z6Lodq8m90tbaFYo97fxuVQFmPLMSTya6qgAooooA+A4/wBmr4Mf8FG/+Ck/7S3hP9sHwh/wmGg/CKz8KeGPh5oN/ezJb6J9v0ddUvNStkjdRHeyS3UcYuh+9RbRFRlANeuf8EZvit8Q/jJ/wTa+HPir4q+LLvX9d09tZ8P3mu6hJvuNSXSdZvtLiupXPMkkkVnG7OeWZixyTUvxv/YQ+NGpftD+Jv2lv2Pf2tx8J9e+IHhux0b4h2994Eh1+21L7EJUs9Qt0kuYDa30UU8kQkJlidBGHhYxgnqPhh+xxrv7OHwT+D37PH7LHxvu/CPhX4aapbt4kg1HQLfVbnxhpqw3H2i1mmlKm1mnuplunuYhu3oyhQrnAB8w/wDBX/8AZP8A2H/h58HfFvxM0P4O3WoftI/FK8m074L6romt3Z8UT+LZkP2OTTpzNvs7e2cJcTeWY7eKCFy4wcNzv/BRvxt8efG37WH7NX/BPDxh8Ipvi2mufDXVvEfjjwhD4qOg6N4r1myS0gRtUu1jZl02EteXBhWKUSzPaq0LAceveJ/+Cb/7a0n7cfi39t/wT+3j4EOq6xYrpPg3T/G3wIuNYbwbow5awsZItftUXzXAeabylkmYKGO1VUemftK/sR/EL44eIvhd8evAn7Qlt4L+M/wus7u1sPHEHg1b3TNTgvreKLUbW50uS5VmtpnhilRFuRJC0a7ZW+bcAfKWvfBrQv2wf+CWX7Qn/BPP9lT9jbRPhH8RfDvjax0jxd8JG8QxSaRb3zT6XqAube7VFjazuLARyqywxkkODCG+96d/wTzj+BP7OX7XGufspah/wTG8B/s6fEjX/A58RaVf/DrU7XU9L8VaNbXccEyreRWdpIs0E08Ja3lhHyyh1Zhk16X8KP2C/jR8FPhd8QL/AMBftfyf8Ln+J/jODxL4x+K2p+A7a4triaGK3torOPSvOVYrNLS2jt0jE5lUFn84seLv7PX7DXxQ8J/tO3P7ZP7V37TSfE7x9B4Ok8LeGF0fwZH4f0fQNLmuY7m5EFoLm6keeaWGEvPJOx2xKihVyKAPpCiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigDzP9sX9rT4O/sMfs0+Lf2qvjzq81p4Y8Iab9pvRaxh57qRnWOG2hUkBpZZXjiQEgbnG4qMkfLnw9+Mv/BwB+0L4Ls/jf4C+An7NXwu0PW7Vb3QvAHxP1PX9Q19LZxujF7cWPlwWsrIVJQRSNHnDqGBUc1/wdBaBrd5/wAExIvHEGk3F/oPgv4reGNf8aWdvEZDLpEN55c25B95Q8sTHsAuTwM1+gnhPxX4a8eeFtN8b+DNdtdU0fWLCG+0rUrGYSQ3dtKgkjljYcMjIysCOCCKAPiD9tv/AIKRftsfsif8E5/Df7TPjz9m7wl4P+J938T9L8LeIPCOrapLrWmJb3Govatd209tJbs6ywqk8W45TzArqxU1931+dn/BzPdWt3/wTp0Q2tzHJ5fxz8IJJ5bhtrDUBlTjoR6V+idAHyr+xZ+3H8Wf2jf2+P2q/wBlnxv4e8O2vh/4Ga94ZsvCV5pVpOl5dx6jp81zObt5JnSRleNQnlpEApOQx5Hy3+wx+3d/wXy/b2/ZBg/bN+DHhb9lC40661DVYLHwVqWi+I7LUb02N1LbtEtz/aEsEckhiOxmGzLDcVGSO/8A+CVv/KYz/gol/wBjh4C/9Mt1Xy3/AMEH/AP/AAWC+IP/AASt0Twv+yT8e/gT4F8B6j4h8SQadrmv+DNW1HxPprtqlys0yFbtbN2Ehdow0WANobJyaAP0y/4Jf/t8eGv+Clf7GXhf9q/QfBVx4ZudVkurHXvDV1cec+l6jazNBPCJNq+Ym5d6NtUlHXKq2VHG/wDBRr9v74xfs5fF34Q/scfsk/CXQfF3xk+ON/qkfhRfGOqy2eiaPZabbC5vL69eFWlkVYz8sUeGfa+DlVR+/wD+Cbv7B/w+/wCCbX7IHhf9kv4d+Jb3XYdC+0XGqeIdSiEc+q39xM01xcsgJEYZ3IVMttRUUsxBY8//AMFE/wDgmL8I/wDgohZeD/EOv/Ejxl8PvH3w41G4vvh78Svh9q/2PVdEmnVFmRWIIeKQRx70OCQgAZctkAzfgHq3/BZ/RfjT4e0j9q7wr+zjr3gDUWuE8Qa18MbrW7DU9HZbaV4XW31BpY7lGmWKI7ZFYCQttwpr3f4x/tB/AT9nbQYfFX7QPxv8IeBdLuJTFBqXjHxLa6ZbyOBkqslzIiscHoDmvze1j4q/8FTP+CRf7X/wH+Fv7SH7aen/ALR3wf8Ajj8RbbwNBJr3g630nxF4ev7oqsE6y2zN9pjVmDO8jP8AKrDbGWVq2f2SPgr8H/22P+C0n7X3jr9sjwHo3jjX/hFqHhvw18NPDHjCwjvrTw5olxYPcG5trWcMivcyDzDNtLAlgpAcggH6LfDL4ufCj41+E4/Hvwa+J3h7xboUsjRxa14Y1qC/tHdQCyiaB2QkZGRnjIrl/A37ZX7IHxP+Is3wg+Gn7Vnw28ReLbdnW48L6F450+71GIpneGtopmlXbg5yvGDmvi3/AILzeDPCH7EP/BGX4wWX7HngLRvhfYeLvEWkxeL7rwNo8WnRww399Y2F9dmO3VVDy2yR27sBllbnnmuR/wCC0v8AwT4/YK/Zf/4I3+Ivid+z38IPCXw/8QfB/TNI1j4XfEHwvp9vaataajDeWyW8i30SiWd7gsFdmZvMaQOcuFYAH6ReMvjb8GPhz4r0nwJ8Qvi74Y0HXNetL260LRtZ1+2tbvUYLOLzruWCGV1eZIIj5krICI1+ZiBzWb4E/af/AGafij8PdV+Lfwy/aH8DeIvCmhXUttrnifQvFtneafp08SJJLFPcxStHC6JJGzK7AqsikgBhn81/+CgHwj8Pftq/8FOv+Cb/AIP/AGmvCkd7ZeI/BXjPWPGPhy4jKwXk8WiafetaTx9HhNxGqyQsCroGRgQxFVP+C13w2/4RX9rP9kb9ib4AfsZeD/E/w68b+K/E/iXxF8HbTV7XwlovjTWNM061NnFe3CW7xMIU/e+VJG4n8qOIjhSoB+mPwY/al/Zk/aQN8P2eP2jPAnj3+zCBqX/CF+L7LVPshJwBL9mlfy8kH72Old3X5P2/7IH7evib9uj4CftJfCT/AIJDfDL9m9/AnjFLfx74m8B/F7TLoa14VuU8m9sLiytNPtBcBVKyxli5Ro8KoJBH6wUAfNPgz9sz4kfGj/gpd41/Y++Duj6CfA/wh8D2lz8T/Et/aTTXZ8Ral+807TbQpMkaLHapJPOzLIxLxxgRnLHE/wCCSn7ePxZ/bS+G/wARPB/7Tnhjw7oPxc+D/wAUNV8HeP8AR/C1tPBYs0Eha1vLeO4mmkWGaE8M0jbmikZcKQB5X/wQfaXU/H37bfiPxPk+JJv21/F9pemT/WCwt4rNbFOeTGqNIEPp0rnPjH4h0H/gmj/wXq0r48eJdVh0T4XftZ/DmfSvF2oXD+Xa2XivQIfOtrqZhwvmWP7lRjLPJI2Tg0Ae6eNv28Pi/rP/AAV/8H/8E5fgX4c8N3nhzSPhpe+M/jZr2p2dxNd6bDI4g0y0tHjnjjhneYo7iVJd0MoKhdpJzfh78VP+Cq/7Qn7Jfgb4m/s+fGD9kPVvF95qesR+Mda0r+2dd8LXMEV48VoumzWd6r+aiIVuPMdwJQyqF2kV5v8A8EAfDGvfHHwz8ZP+CsfxH0qaDXv2mfiPcah4djvE/fWXhPTWex0m2OeQQqTZIwHURNjoav8A/BsH/wAoYvhr/wBjB4q/9SLUaAPPPgj+2h/wXn+OP7bHxv8A2ItE1b9kWy1r4GweHJdb1m68F+KDa6iNYsDewiALqhceWg2tvA56ZFfoj8Aofj/b/CPR4f2pNS8HXfjxUm/4SC48AWV3b6Q7edJ5X2eO7kkmUeT5Qbe7ZcORgEAfEP8AwT5/5WAf+ChH/YP+Fn/qNtXvVh+1h+31c/tHt8K73/glN4itvAY8WyaavxSb4u+HGtzpi3DRpqv2AXH2vY0QE3kbPNAbaV3AigDL/Zb/AG4/iz8bv+CoP7Uv7FHivw94dt/CvwQtfBcnhTUNPtJ01C7Or6Sby5+1u8zRyBZBiPy448Lw28819U1+eH/BPn/lYB/4KEf9g/4Wf+o21fQn/BWj9qDVf2Pv+CdvxT+N3hR5T4lh8NtpXg2K25ml1vUHWxsBGo5dhc3ET4HOEbpjIAPOP2e/26f22f2s/wBlz4xftE/s1fBTwL4muNP+L2peG/gTpV/qU+mW2u6JYX0NjPql7dvJIGzIt9IqxJHlbdUwWbNVP+CT/wC3R+3B+0z+0F+0V+zX+3T4L+F+j+JPgnrXh+yg/wCFXR6gbWX+0bS4umEkt7M7TFFSFdyxxDdv4YbTX0B+wL+zBpf7F37Fnwx/ZZ0tIs+CfBtlp+oTQ/duL4Rh7ucf9dLhppPq9fKf/BLH/lL5/wAFDf8AsdvAv/pknoA+2P2g/j18Lf2Xfgl4n/aF+NfiaPSPC3hDSJdR1m/k5KxIOEReryOxVEQcu7qoyWAr48/4I7f8FLv2wf27Pj3+0H8Jv2tvgb4Y+H8nwxk8K3nhjw/pEF0NRtbHXLO8v4YNSkmnkSS6jt0tFfy44QshmBXoF8+/4Kt/HH4ia7/wUI+G/wAGPi9+xP8AH/x38AfhzY2/jbUl+E3wmvvEFt4v8UiVhp9ndvEFiFpZBTctEXYyTGIOhVQa80/4JLft36b44/4La/tevH+yb8dtK/4WzrXgRIBrnwvubY+E/sWhXaE67ub/AIlYn6wGTPmryKAPu34V/tmfEJf+CkfxE/YA+O2iaHZyJ4QsvG3wf1nR7aaE6zoLv9lvYLkSyyKby2vFwTHtDwyo3lptJb6Tr8+v+CgrzaT/AMF3P2BdQ8J5GqalY/Eyy11Yv+W2mJolvKolx0RZcsueC9foLQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAGf4t8JeFvH3hbUvA3jjw7ZaxousWMtlq2lalarPb3ltKhSSGWNwVdGVipUgggkGvjDSP+CE/wAFfh5aTeEv2df23f2oPhR4Kkmd4Ph38P8A4xyQaPZB2LOlstzBPPbKSScRTL14Ir7fooA+TvjP/wAEa/2S/i/+wnpv/BPaz17x34U8FaV4li8QW+reHvE/m60+pLdyXj3Ml5qEd0XkkuJZJHYrnLfLtAAHN+GP+CM+ueGfEuneJH/4K/8A7aupDT76G5Onap8YbGW2uvLcN5UyDTAXjbG1lBGVJGRX2rRQB4z8AP2HPhN+zl+0r8Z/2pvBHiHxFdeIPjnqWkXvi2z1W7geztJNOtZLaAWiRwo8askjF/MeUlgMFRwT9gf9hz4Tf8E6v2atL/ZZ+CfiHxFqnh/SdSv722vPFN3BPeNJd3UlzIGeCGFCoeRguEBCgZJPJ9mooAK8H/bF/wCCfPwx/bK8Q+GvHmufF74oeAPFXhGC6t9B8WfCrx5caJfQwXLRNNC+wNFOjGCP5ZI2HBx1OfeKKAPkf4Jf8Ebf2ffhl+0DoP7Ufxd+Ofxi+N3jfwisv/CF6t8afHf9rR+HXkG2SWztoYYII5CP4zGxBAYEMoYbv7Vn/BKf4A/tQ/G20/ae0b4lfEn4T/E+30kaVdfEL4O+Lv7G1HUtPB3La3YaKWC6jU4x5kTMNqjdhVA+m6KAPCvhj/wT4+DXg79mjxb+yr8VPGnjr4veHPHlzczeL7z4v+LJdav9RE8EMDR+cQnkxqkEflpCsYjYF02sS1eI+F/+CBf7Kthd+F9C+Jv7Qfx2+JPgHwVqMF74U+EXxF+Jbah4Y0+S3/49l+yiBJJ44RgRxzyyIFG0gqSp+46KAPH/AIs/sU/Cv4x/tdfCT9tDxPr/AIgg8U/Bmz1628L2FhdQLp90mr2qWtybpHhaRyqIDH5ckeGyW3jipf2yP2Iv2e/27fhna/DH9oDw3eTx6VqsWq+G9d0TU5bDVdB1GLPlXtldwkSW8y5PIOCDhgw4r1uigD5U+CP/AASl8PfCP4p6D8VfF/7d37TPxLl8NXf2rRtD+I/xbe70yOYIyLJLbW0Futyyhjjz/M555NfVdFFAHyZ8F/2WvjH+zL/wVQ+KHxc+Hng4ah8Ifj54ZsdZ8UXkOoW8Z8NeLtNUW2TbySLLJDfWrhi8SyFZrc7wisGPX/8ABSr/AIJpfs8f8FUf2fbf9nT9o6/8Rafplj4gt9a03V/Cd5Bb6hZXcSSRho5J4JkCtHNKjAoch+MEAj6EooA5j4J/CDwN+z78HfCvwK+GWmGz8O+DvD1nouiWzEFo7W2hWGMMQBubagJbAyST3rhv2Ef2KfhX/wAE9f2ZND/ZS+C+v+INT8O6Beahc2d74ouoJr13vL2a8lDvBDDGQJJ3C4QYUKDk5J9gooA8Z+Dv7Dnwm+CP7YHxj/bX8KeIfEVx4q+N8OgR+K9P1C7gfT7QaRZGztvsiJCskZaM5k8ySTLcrsHFezUUUAfFfxq/4Ik/DX4rftb/ABC/bO8D/tz/ALSHwr8VfE9dKXxbafCnx7Y6VY3I06xisrYbG0+WQ7Y4y3zyN88shG0NtHPan/wRa8anx98NIdZ/4KAfGP4neCPDPxV0rxx4r0X43eLI9anluNIgvDp1vYGC1gWGN7q6WW4Em8SC1gwAU5+9aKAON/aB+EE/x8+D2ufCK2+LXjLwK+tQRxL4s+H2rpYaxp22VJN9tO8cqxsdmwko2Udh3yPjP4S/8G/Xw8+Cvxf1j45eBv8Agpr+13D4h8T6tY6h4xun+KOnD/hI5LQbYFvimlq1wgjzHgtnYzAEZr7+ooAK8b+Bn7EPwo/Z/wD2pfjR+1x4N8QeIbnxJ8dLjQpvFtlqd3A9jaNpNnJaWws0SFJIw0cjGTzJJcsAV2Dg+yUUAfJnw/8A2WfjH8S/+CtPjD9uf46+Dho/hjwB4Cg8DfBGxl1C3uH1Bblxd6rrbJDI5ty7lLSNJNshjidmRMrn6zoooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/9k= + + + + + + + Who are the intended users of the model? + + + Who are the intended users of the model? + + + What are the known technical limitations of the model? + + + What are the known tradeoffs in accuracy/performance of the model? + + + + The name of the risk + Strategy used to address this risk + + + + + The groups or individuals at risk of being systematically disadvantaged by the model + Expected benefits to the identified groups + Expected harms to the identified groups + With respect to the benefits and harms outlined, please describe any mitigation strategy implemented. + + + + From 7fd5d4ca1b290b423656444d962e94974b3788a0 Mon Sep 17 00:00:00 2001 From: Alex Alzate Date: Tue, 11 Jul 2023 10:14:10 -0500 Subject: [PATCH 31/40] Code Improvements --- .../cyclonedx/model/component/modelCard/PerformanceMetric.java | 2 +- .../model/component/modelCard/consideration/Risk.java | 1 - .../org/cyclonedx/util/VersionJsonAnnotationIntrospector.java | 2 +- .../org/cyclonedx/util/VersionXmlAnnotationIntrospector.java | 2 +- .../util/deserializer/OrganizationalChoiceDeserializer.java | 3 --- 5 files changed, 3 insertions(+), 7 deletions(-) diff --git a/src/main/java/org/cyclonedx/model/component/modelCard/PerformanceMetric.java b/src/main/java/org/cyclonedx/model/component/modelCard/PerformanceMetric.java index 8efe3c060..47dedc50d 100644 --- a/src/main/java/org/cyclonedx/model/component/modelCard/PerformanceMetric.java +++ b/src/main/java/org/cyclonedx/model/component/modelCard/PerformanceMetric.java @@ -3,7 +3,7 @@ import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonInclude; import com.fasterxml.jackson.annotation.JsonProperty; -import org.cyclonedx.model.ExtensibleElement;; +import org.cyclonedx.model.ExtensibleElement; @JsonIgnoreProperties(ignoreUnknown = true) @JsonInclude(JsonInclude.Include.NON_EMPTY) diff --git a/src/main/java/org/cyclonedx/model/component/modelCard/consideration/Risk.java b/src/main/java/org/cyclonedx/model/component/modelCard/consideration/Risk.java index 98ee68479..d654ef8f9 100644 --- a/src/main/java/org/cyclonedx/model/component/modelCard/consideration/Risk.java +++ b/src/main/java/org/cyclonedx/model/component/modelCard/consideration/Risk.java @@ -3,7 +3,6 @@ import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonInclude; import com.fasterxml.jackson.databind.annotation.JsonDeserialize; -import org.cyclonedx.model.ExtensibleElement; import org.cyclonedx.util.deserializer.RiskDeserializer; @JsonIgnoreProperties(ignoreUnknown = true) diff --git a/src/main/java/org/cyclonedx/util/VersionJsonAnnotationIntrospector.java b/src/main/java/org/cyclonedx/util/VersionJsonAnnotationIntrospector.java index a5b05ace3..b24b5aa86 100644 --- a/src/main/java/org/cyclonedx/util/VersionJsonAnnotationIntrospector.java +++ b/src/main/java/org/cyclonedx/util/VersionJsonAnnotationIntrospector.java @@ -36,7 +36,7 @@ public VersionJsonAnnotationIntrospector(final String version) { public boolean hasIgnoreMarker(final AnnotatedMember m) { if (m.hasAnnotation(VersionFilter.class)) { VersionFilter filter = m.getAnnotation(VersionFilter.class); - if (Arrays.stream(filter.versions()).anyMatch(v -> v.equals(version))) { + if (Arrays.asList(filter.versions()).contains(version)) { return true; } } diff --git a/src/main/java/org/cyclonedx/util/VersionXmlAnnotationIntrospector.java b/src/main/java/org/cyclonedx/util/VersionXmlAnnotationIntrospector.java index 8e6867f82..b0a0a6814 100644 --- a/src/main/java/org/cyclonedx/util/VersionXmlAnnotationIntrospector.java +++ b/src/main/java/org/cyclonedx/util/VersionXmlAnnotationIntrospector.java @@ -37,7 +37,7 @@ public VersionXmlAnnotationIntrospector(final String version) { public boolean hasIgnoreMarker(final AnnotatedMember m) { if (m.hasAnnotation(VersionFilter.class)) { VersionFilter filter = m.getAnnotation(VersionFilter.class); - if (Arrays.stream(filter.versions()).anyMatch(v -> v.equals(version))) { + if (Arrays.asList(filter.versions()).contains(version)) { return true; } } diff --git a/src/main/java/org/cyclonedx/util/deserializer/OrganizationalChoiceDeserializer.java b/src/main/java/org/cyclonedx/util/deserializer/OrganizationalChoiceDeserializer.java index 54a279dd8..60ea73ff0 100644 --- a/src/main/java/org/cyclonedx/util/deserializer/OrganizationalChoiceDeserializer.java +++ b/src/main/java/org/cyclonedx/util/deserializer/OrganizationalChoiceDeserializer.java @@ -19,15 +19,12 @@ package org.cyclonedx.util.deserializer; import java.io.IOException; -import java.util.ArrayList; -import java.util.List; import com.fasterxml.jackson.core.JsonParser; import com.fasterxml.jackson.databind.JsonDeserializer; import com.fasterxml.jackson.databind.node.ArrayNode; import com.fasterxml.jackson.databind.DeserializationContext; import com.fasterxml.jackson.databind.JsonNode; -import com.fasterxml.jackson.databind.deser.std.StdDeserializer; import com.fasterxml.jackson.databind.node.ObjectNode; import org.cyclonedx.model.OrganizationalChoice; import org.cyclonedx.model.OrganizationalContact; From ad80d1d9dcca73067c947e3da344783f73c247d8 Mon Sep 17 00:00:00 2001 From: Alexander Alzate Date: Fri, 14 Jul 2023 18:11:04 -0500 Subject: [PATCH 32/40] 1.5 add support formulation (#311) --- .../json/AbstractBomJsonGenerator.java | 14 +- .../xml/AbstractBomXmlGenerator.java | 14 +- src/main/java/org/cyclonedx/model/Bom.java | 15 + .../cyclonedx/model/ExternalReference.java | 8 + .../java/org/cyclonedx/model/Metadata.java | 2 +- .../cyclonedx/model/formulation/Formula.java | 117 ++++++++ .../model/formulation/FormulationCommon.java | 189 ++++++++++++ .../cyclonedx/model/formulation/Workflow.java | 32 ++ .../formulation/common/AbstractType.java | 72 +++++ .../formulation/common/BasicDataAbstract.java | 83 ++++++ .../formulation/common/EnvVariableChoice.java | 36 +++ .../model/formulation/common/InputType.java | 54 ++++ .../model/formulation/common/OutputType.java | 53 ++++ .../common/ResourceReferenceChoice.java | 31 ++ .../model/formulation/task/Command.java | 33 +++ .../model/formulation/task/Step.java | 55 ++++ .../model/formulation/task/Task.java | 26 ++ .../model/formulation/trigger/Condition.java | 39 +++ .../model/formulation/trigger/Event.java | 77 +++++ .../model/formulation/trigger/Trigger.java | 85 ++++++ .../model/formulation/workspace/Volume.java | 108 +++++++ .../formulation/workspace/Workspace.java | 161 ++++++++++ .../ResourceReferenceChoiceDeserializer.java | 51 ++++ .../EnvVariableChoiceDeserializer.java | 60 ++++ .../deserializer/InputTypeDeserializer.java | 102 +++++++ .../LifecycleDeserializer.java | 2 +- .../deserializer/OutputTypeDeserializer.java | 107 +++++++ .../serializer/CollectionTypeSerializer.java | 2 +- .../util/serializer/DependencySerializer.java | 33 ++- .../util/serializer/InputTypeSerializer.java | 89 ++++++ .../{ => serializer}/LifecycleSerializer.java | 2 +- .../util/serializer/OutputTypeSerializer.java | 92 ++++++ .../org/cyclonedx/BomJsonGeneratorTest.java | 1 - .../org/cyclonedx/parsers/JsonParserTest.java | 272 ++++++++++++++++- .../org/cyclonedx/parsers/XmlParserTest.java | 269 ++++++++++++++++- .../resources/1.5/valid-formulation-1.5.json | 2 +- .../resources/1.5/valid-formulation-1.5.xml | 2 +- src/test/resources/bom-1.5.json | 279 ++++++++++++++++++ src/test/resources/bom-1.5.xml | 228 ++++++++++++++ 39 files changed, 2876 insertions(+), 21 deletions(-) create mode 100644 src/main/java/org/cyclonedx/model/formulation/Formula.java create mode 100644 src/main/java/org/cyclonedx/model/formulation/FormulationCommon.java create mode 100644 src/main/java/org/cyclonedx/model/formulation/Workflow.java create mode 100644 src/main/java/org/cyclonedx/model/formulation/common/AbstractType.java create mode 100644 src/main/java/org/cyclonedx/model/formulation/common/BasicDataAbstract.java create mode 100644 src/main/java/org/cyclonedx/model/formulation/common/EnvVariableChoice.java create mode 100644 src/main/java/org/cyclonedx/model/formulation/common/InputType.java create mode 100644 src/main/java/org/cyclonedx/model/formulation/common/OutputType.java create mode 100644 src/main/java/org/cyclonedx/model/formulation/common/ResourceReferenceChoice.java create mode 100644 src/main/java/org/cyclonedx/model/formulation/task/Command.java create mode 100644 src/main/java/org/cyclonedx/model/formulation/task/Step.java create mode 100644 src/main/java/org/cyclonedx/model/formulation/task/Task.java create mode 100644 src/main/java/org/cyclonedx/model/formulation/trigger/Condition.java create mode 100644 src/main/java/org/cyclonedx/model/formulation/trigger/Event.java create mode 100644 src/main/java/org/cyclonedx/model/formulation/trigger/Trigger.java create mode 100644 src/main/java/org/cyclonedx/model/formulation/workspace/Volume.java create mode 100644 src/main/java/org/cyclonedx/model/formulation/workspace/Workspace.java create mode 100644 src/main/java/org/cyclonedx/util/ResourceReferenceChoiceDeserializer.java create mode 100644 src/main/java/org/cyclonedx/util/deserializer/EnvVariableChoiceDeserializer.java create mode 100644 src/main/java/org/cyclonedx/util/deserializer/InputTypeDeserializer.java rename src/main/java/org/cyclonedx/util/{ => deserializer}/LifecycleDeserializer.java (98%) create mode 100644 src/main/java/org/cyclonedx/util/deserializer/OutputTypeDeserializer.java create mode 100644 src/main/java/org/cyclonedx/util/serializer/InputTypeSerializer.java rename src/main/java/org/cyclonedx/util/{ => serializer}/LifecycleSerializer.java (98%) create mode 100644 src/main/java/org/cyclonedx/util/serializer/OutputTypeSerializer.java diff --git a/src/main/java/org/cyclonedx/generators/json/AbstractBomJsonGenerator.java b/src/main/java/org/cyclonedx/generators/json/AbstractBomJsonGenerator.java index 1bd475843..d739bba02 100644 --- a/src/main/java/org/cyclonedx/generators/json/AbstractBomJsonGenerator.java +++ b/src/main/java/org/cyclonedx/generators/json/AbstractBomJsonGenerator.java @@ -25,9 +25,11 @@ import org.cyclonedx.model.Bom; import org.cyclonedx.model.BomReference; import org.cyclonedx.util.serializer.ComponentWrapperSerializer; +import org.cyclonedx.util.serializer.InputTypeSerializer; import org.cyclonedx.util.serializer.LicenseChoiceSerializer; +import org.cyclonedx.util.serializer.OutputTypeSerializer; import org.cyclonedx.util.serializer.TrimStringSerializer; -import org.cyclonedx.util.LifecycleSerializer; +import org.cyclonedx.util.serializer.LifecycleSerializer; import org.cyclonedx.util.VersionJsonAnnotationIntrospector; import org.cyclonedx.util.serializer.DependencySerializer; import com.fasterxml.jackson.core.JsonProcessingException; @@ -79,7 +81,15 @@ private void setupObjectMapper(final ObjectMapper mapper) { lifecycleModule.addSerializer(new LifecycleSerializer(false)); mapper.registerModule(lifecycleModule); - depModule.addSerializer(new DependencySerializer(false)); + SimpleModule inputTypeModule = new SimpleModule(); + inputTypeModule.addSerializer(new InputTypeSerializer(false)); + mapper.registerModule(inputTypeModule); + + SimpleModule outputTypeModule = new SimpleModule(); + outputTypeModule.addSerializer(new OutputTypeSerializer(false)); + mapper.registerModule(outputTypeModule); + + depModule.addSerializer(new DependencySerializer(false, null)); mapper.registerModule(depModule); componentWrapperModule.addSerializer(new ComponentWrapperSerializer(mapper)); diff --git a/src/main/java/org/cyclonedx/generators/xml/AbstractBomXmlGenerator.java b/src/main/java/org/cyclonedx/generators/xml/AbstractBomXmlGenerator.java index 8321100d1..286e9598e 100644 --- a/src/main/java/org/cyclonedx/generators/xml/AbstractBomXmlGenerator.java +++ b/src/main/java/org/cyclonedx/generators/xml/AbstractBomXmlGenerator.java @@ -28,8 +28,10 @@ import org.cyclonedx.exception.GeneratorException; import org.cyclonedx.model.Bom; import org.cyclonedx.util.serializer.DependencySerializer; -import org.cyclonedx.util.LifecycleSerializer; +import org.cyclonedx.util.serializer.InputTypeSerializer; +import org.cyclonedx.util.serializer.LifecycleSerializer; import org.cyclonedx.util.VersionXmlAnnotationIntrospector; +import org.cyclonedx.util.serializer.OutputTypeSerializer; import org.w3c.dom.Document; import org.xml.sax.InputSource; import org.xml.sax.SAXException; @@ -74,12 +76,20 @@ private void setupObjectMapper(final ObjectMapper mapper) { SimpleModule lifecycleModule = new SimpleModule(); lifecycleModule.addSerializer(new LifecycleSerializer(true)); mapper.registerModule(lifecycleModule); + + SimpleModule inputTypeModule = new SimpleModule(); + inputTypeModule.addSerializer(new InputTypeSerializer(true)); + mapper.registerModule(inputTypeModule); + + SimpleModule outputTypeModule = new SimpleModule(); + outputTypeModule.addSerializer(new OutputTypeSerializer(false)); + mapper.registerModule(outputTypeModule); } private void registerDependencyModule(final ObjectMapper mapper, final boolean useNamespace) { SimpleModule depModule = new SimpleModule(); - depModule.addSerializer(new DependencySerializer(useNamespace)); + depModule.addSerializer(new DependencySerializer(useNamespace, null)); mapper.registerModule(depModule); } diff --git a/src/main/java/org/cyclonedx/model/Bom.java b/src/main/java/org/cyclonedx/model/Bom.java index 56be1b74f..3f071370f 100644 --- a/src/main/java/org/cyclonedx/model/Bom.java +++ b/src/main/java/org/cyclonedx/model/Bom.java @@ -29,6 +29,7 @@ import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlRootElement; +import org.cyclonedx.model.formulation.Formula; import org.cyclonedx.model.vulnerability.Vulnerability; import org.cyclonedx.util.deserializer.DependencyDeserializer; import org.cyclonedx.util.deserializer.VulnerabilityDeserializer; @@ -51,6 +52,7 @@ "properties", "vulnerabilities", "annotations", + "formulation", "signature" }) public class Bom extends ExtensibleElement { @@ -76,6 +78,9 @@ public class Bom extends ExtensibleElement { @VersionFilter(versions = {"1.0", "1.1", "1.2"}) private List compositions; + @VersionFilter(versions = {"1.0", "1.1", "1.2", "1.3", "1.4"}) + private List formulation; + @VersionFilter(versions = {"1.0", "1.1", "1.2", "1.3"}) @JsonDeserialize(using = VulnerabilityDeserializer.class) private List vulnerabilities; @@ -186,6 +191,16 @@ public void setCompositions(List compositions) { this.compositions = compositions; } + @JacksonXmlElementWrapper(localName = "formulation") + @JacksonXmlProperty(localName = "formula") + public List getFormulation() { + return formulation; + } + + public void setFormulation(final List formulation) { + this.formulation = formulation; + } + @JacksonXmlElementWrapper(localName = "vulnerabilities") @JacksonXmlProperty(localName = "vulnerability") public List getVulnerabilities() { return vulnerabilities; } diff --git a/src/main/java/org/cyclonedx/model/ExternalReference.java b/src/main/java/org/cyclonedx/model/ExternalReference.java index 073bd2a43..c3e8b11ec 100644 --- a/src/main/java/org/cyclonedx/model/ExternalReference.java +++ b/src/main/java/org/cyclonedx/model/ExternalReference.java @@ -104,6 +104,14 @@ public enum Type { CODIFIED_INFRASTRUCTURE("codified-infrastructure"), @JsonProperty("quality-metrics") QUALITY_METRICS("quality-metrics"), + @JsonProperty("log") + LOG("log"), + @JsonProperty("configuration") + CONFIGURATION("configuration"), + @JsonProperty("evidence") + EVIDENCE("evidence"), + @JsonProperty("formulation") + FORMULATION("formulation"), @JsonProperty("other") OTHER("other"); diff --git a/src/main/java/org/cyclonedx/model/Metadata.java b/src/main/java/org/cyclonedx/model/Metadata.java index 0af1fe9c1..468c93cba 100644 --- a/src/main/java/org/cyclonedx/model/Metadata.java +++ b/src/main/java/org/cyclonedx/model/Metadata.java @@ -26,9 +26,9 @@ import com.fasterxml.jackson.databind.annotation.JsonSerialize; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; +import org.cyclonedx.util.deserializer.LifecycleDeserializer; import org.cyclonedx.util.serializer.CustomDateSerializer; import org.cyclonedx.util.deserializer.LicenseDeserializer; -import org.cyclonedx.util.LifecycleDeserializer; import java.util.ArrayList; import java.util.Date; import java.util.List; diff --git a/src/main/java/org/cyclonedx/model/formulation/Formula.java b/src/main/java/org/cyclonedx/model/formulation/Formula.java new file mode 100644 index 000000000..8118f5e2d --- /dev/null +++ b/src/main/java/org/cyclonedx/model/formulation/Formula.java @@ -0,0 +1,117 @@ +/* + * This file is part of CycloneDX Core (Java). + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * Copyright (c) OWASP Foundation. All Rights Reserved. + */ +package org.cyclonedx.model.formulation; + +import java.util.ArrayList; +import java.util.List; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.annotation.JsonPropertyOrder; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlRootElement; +import org.cyclonedx.model.Component; +import org.cyclonedx.model.ExtensibleElement; +import org.cyclonedx.model.Property; +import org.cyclonedx.model.Service; + +@JsonIgnoreProperties(ignoreUnknown = true) +@JsonInclude(JsonInclude.Include.NON_EMPTY) +@JsonPropertyOrder( + {"components", "services", "workflows", "properties"}) +public class Formula + extends ExtensibleElement +{ + + @JacksonXmlProperty(isAttribute = true, localName = "bom-ref") + @JsonProperty("bom-ref") + private String bomRef; + + private List components; + + private List services; + + private List workflows; + + private List properties; + + @JacksonXmlElementWrapper(localName = "components") + @JacksonXmlProperty(localName = "component") + public List getComponents() { + return components; + } + + @JacksonXmlElementWrapper(localName = "services") + @JacksonXmlProperty(localName = "service") + public List getServices() { + return services; + } + + public void setServices(List services) { + this.services = services; + } + + public void addService(Service service) { + if (services == null) { + services = new ArrayList<>(); + } + services.add(service); + } + + @JacksonXmlElementWrapper(localName = "properties") + @JacksonXmlProperty(localName = "property") + public List getProperties() { + return properties; + } + + public void setProperties(List properties) { + this.properties = properties; + } + + public void addProperty(Property property) { + if (this.properties == null) { + this.properties = new ArrayList<>(); + } + this.properties.add(property); + } + + public String getBomRef() { + return bomRef; + } + + public void setBomRef(final String bomRef) { + this.bomRef = bomRef; + } + + public void setComponents(final List components) { + this.components = components; + } + + @JacksonXmlElementWrapper(localName = "workflows") + @JacksonXmlProperty(localName = "workflow") + public List getWorkflows() { + return workflows; + } + + public void setWorkflows(final List workflows) { + this.workflows = workflows; + } +} diff --git a/src/main/java/org/cyclonedx/model/formulation/FormulationCommon.java b/src/main/java/org/cyclonedx/model/formulation/FormulationCommon.java new file mode 100644 index 000000000..3f4ad4a32 --- /dev/null +++ b/src/main/java/org/cyclonedx/model/formulation/FormulationCommon.java @@ -0,0 +1,189 @@ +package org.cyclonedx.model.formulation; + +import java.util.Date; +import java.util.List; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.databind.annotation.JsonDeserialize; +import com.fasterxml.jackson.databind.annotation.JsonSerialize; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; +import org.cyclonedx.model.Dependency; +import org.cyclonedx.model.DependencyList; +import org.cyclonedx.model.formulation.common.BasicDataAbstract; +import org.cyclonedx.model.formulation.common.InputType; +import org.cyclonedx.model.formulation.common.OutputType; +import org.cyclonedx.model.formulation.task.Step; +import org.cyclonedx.model.formulation.trigger.Trigger; +import org.cyclonedx.model.formulation.workspace.Workspace; +import org.cyclonedx.util.deserializer.DependencyDeserializer; +import org.cyclonedx.util.serializer.CustomDateSerializer; +import org.cyclonedx.util.serializer.DependencySerializer; + +@JsonIgnoreProperties(ignoreUnknown = true) +@JsonInclude(JsonInclude.Include.NON_EMPTY) +public abstract class FormulationCommon extends BasicDataAbstract +{ + protected Trigger trigger; + + protected List taskTypes; + + protected List inputs; + + protected List outputs; + + @JsonSerialize(using = CustomDateSerializer.class) + @JsonProperty("timeStart") + protected Date timeStart; + + @JsonSerialize(using = CustomDateSerializer.class) + @JsonProperty("timeEnd") + protected Date timeEnd; + + protected List workspaces; + + @JsonProperty("runtimeTopology") + @JacksonXmlProperty(localName = "runtimeTopology") + @JsonSerialize(using = DependencySerializer.class, as = DependencyList.class) + protected DependencyList runtimeTopology; + + @JsonProperty("taskDependencies") + @JacksonXmlProperty(localName = "taskDependencies") + @JsonSerialize(using = DependencySerializer.class, as = DependencyList.class) + protected DependencyList taskDependencies; + + private List steps; + + @JacksonXmlElementWrapper(localName = "steps") + @JacksonXmlProperty(localName = "step") + public List getSteps() { + return steps; + } + + public void setSteps(final List steps) { + this.steps = steps; + } + + @JacksonXmlElementWrapper(useWrapping = false) + @JsonDeserialize(using = DependencyDeserializer.class) + public List getTaskDependencies() { + return taskDependencies; + } + + public void setTaskDependencies(List taskDependencies) { + this.taskDependencies = new DependencyList(taskDependencies); + } + + @JacksonXmlElementWrapper(useWrapping = false) + @JsonDeserialize(using = DependencyDeserializer.class) + public List getRuntimeTopology() { + return runtimeTopology; + } + + public void setRuntimeTopology(List runtimeTopology) { + this.runtimeTopology = new DependencyList(runtimeTopology); + } + + public Trigger getTrigger() { + return trigger; + } + + public void setTrigger(final Trigger trigger) { + this.trigger = trigger; + } + + @JacksonXmlElementWrapper(localName = "taskTypes") + @JacksonXmlProperty(localName = "taskType") + public List getTaskTypes() { + return taskTypes; + } + + public void setTaskTypes(final List taskTypes) { + this.taskTypes = taskTypes; + } + + @JacksonXmlElementWrapper(localName = "inputs") + @JacksonXmlProperty(localName = "input") + public List getInputs() { + return inputs; + } + + public void setInputs(final List inputTypes) { + this.inputs = inputTypes; + } + + @JacksonXmlElementWrapper(localName = "outputs") + @JacksonXmlProperty(localName = "output") + public List getOutputs() { + return outputs; + } + + public void setOutputs(final List outputTypes) { + this.outputs = outputTypes; + } + + public Date getTimeStart() { + return timeStart; + } + + public void setTimeStart(final Date timeStart) { + this.timeStart = timeStart; + } + + public Date getTimeEnd() { + return timeEnd; + } + + public void setTimeEnd(final Date timeEnd) { + this.timeEnd = timeEnd; + } + + @JacksonXmlElementWrapper(localName = "workspaces") + @JacksonXmlProperty(localName = "workspace") + public List getWorkspaces() { + return workspaces; + } + + public void setWorkspaces(final List workspaces) { + this.workspaces = workspaces; + } + + public enum TaskType { + @JsonProperty("copy") + COPY("copy"), + @JsonProperty("clone") + CLONE("clone"), + @JsonProperty("LINT") + LINT("LINT"), + @JsonProperty("scan") + SCAN("scan"), + @JsonProperty("merge") + MERGE("merge"), + @JsonProperty("build") + BUILD("build"), + @JsonProperty("test") + TEST("test"), + @JsonProperty("deliver") + DELIVER("deliver"), + @JsonProperty("deploy") + DEPLOY("deploy"), + @JsonProperty("release") + RELEASE("release"), + @JsonProperty("clean") + CLEAN("clean"), + @JsonProperty("other") + OTHER("other"); + + private final String name; + + public String getTypeName() { + return this.name; + } + + TaskType(String name) { + this.name = name; + } + } +} diff --git a/src/main/java/org/cyclonedx/model/formulation/Workflow.java b/src/main/java/org/cyclonedx/model/formulation/Workflow.java new file mode 100644 index 000000000..d010fd12d --- /dev/null +++ b/src/main/java/org/cyclonedx/model/formulation/Workflow.java @@ -0,0 +1,32 @@ +package org.cyclonedx.model.formulation; + +import java.util.List; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonPropertyOrder; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlRootElement; +import org.cyclonedx.model.formulation.task.Task; +@JsonIgnoreProperties(ignoreUnknown = true) +@JsonInclude(JsonInclude.Include.NON_EMPTY) +@JsonPropertyOrder( + { + "uid", "name", "description", "resourceReferences", "tasks", "taskDependencies", "taskTypes", "trigger", + "steps", "inputs", "outputs", "timeStart", "timeEnd", "workspaces", "runtimeTopology", "properties" + }) +public class Workflow extends FormulationCommon +{ + private List tasks; + + @JacksonXmlElementWrapper(localName = "tasks") + @JacksonXmlProperty(localName = "task") + public List getTasks() { + return tasks; + } + + public void setTasks(final List tasks) { + this.tasks = tasks; + } +} diff --git a/src/main/java/org/cyclonedx/model/formulation/common/AbstractType.java b/src/main/java/org/cyclonedx/model/formulation/common/AbstractType.java new file mode 100644 index 000000000..c537e169f --- /dev/null +++ b/src/main/java/org/cyclonedx/model/formulation/common/AbstractType.java @@ -0,0 +1,72 @@ +package org.cyclonedx.model.formulation.common; + +import java.util.List; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; +import org.cyclonedx.model.AttachmentText; +import org.cyclonedx.model.ExtensibleElement; +import org.cyclonedx.model.Property; + +@JsonIgnoreProperties(ignoreUnknown = true) +@JsonInclude(JsonInclude.Include.NON_EMPTY) +public abstract class AbstractType extends ExtensibleElement +{ + private ResourceReferenceChoice source; + private ResourceReferenceChoice target; + private ResourceReferenceChoice resource; + private List environmentVars; + private AttachmentText data; + private List properties; + + public ResourceReferenceChoice getSource() { + return source; + } + + public void setSource(final ResourceReferenceChoice source) { + this.source = source; + } + + public ResourceReferenceChoice getTarget() { + return target; + } + + public void setTarget(final ResourceReferenceChoice target) { + this.target = target; + } + + public ResourceReferenceChoice getResource() { + return resource; + } + + public void setResource(final ResourceReferenceChoice resource) { + this.resource = resource; + } + + + @JacksonXmlElementWrapper(localName = "environmentVars") + public List getEnvironmentVars() { + return environmentVars; + } + + public void setEnvironmentVars(final List environmentVars) { + this.environmentVars = environmentVars; + } + + public AttachmentText getData() { + return data; + } + + public void setData(final AttachmentText data) { + this.data = data; + } + + public List getProperties() { + return properties; + } + + public void setProperties(final List properties) { + this.properties = properties; + } +} \ No newline at end of file diff --git a/src/main/java/org/cyclonedx/model/formulation/common/BasicDataAbstract.java b/src/main/java/org/cyclonedx/model/formulation/common/BasicDataAbstract.java new file mode 100644 index 000000000..5e1e1aa6e --- /dev/null +++ b/src/main/java/org/cyclonedx/model/formulation/common/BasicDataAbstract.java @@ -0,0 +1,83 @@ +package org.cyclonedx.model.formulation.common; + +import java.util.List; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; +import org.cyclonedx.model.ExtensibleElement; +import org.cyclonedx.model.Property; + +@JsonIgnoreProperties(ignoreUnknown = true) +@JsonInclude(JsonInclude.Include.NON_EMPTY) +public abstract class BasicDataAbstract + extends ExtensibleElement +{ + @JacksonXmlProperty(isAttribute = true, localName = "bom-ref") + @JsonProperty("bom-ref") + protected String bomRef; + + protected String uid; + + protected String name; + + protected String description; + + protected List resourceReferences; + + protected List properties; + + public String getBomRef() { + return bomRef; + } + + public void setBomRef(final String bomRef) { + this.bomRef = bomRef; + } + + public String getUid() { + return uid; + } + + public void setUid(final String uid) { + this.uid = uid; + } + + public String getName() { + return name; + } + + public void setName(final String name) { + this.name = name; + } + + public String getDescription() { + return description; + } + + public void setDescription(final String description) { + this.description = description; + } + + @JacksonXmlElementWrapper(localName = "resourceReferences") + @JacksonXmlProperty(localName = "resourceReference") + public List getResourceReferences() { + return resourceReferences; + } + + public void setResourceReferences(final List resourceReferences) { + this.resourceReferences = resourceReferences; + } + + @JacksonXmlElementWrapper(localName = "properties") + @JacksonXmlProperty(localName = "property") + public List getProperties() { + return properties; + } + + public void setProperties(final List properties) { + this.properties = properties; + } +} diff --git a/src/main/java/org/cyclonedx/model/formulation/common/EnvVariableChoice.java b/src/main/java/org/cyclonedx/model/formulation/common/EnvVariableChoice.java new file mode 100644 index 000000000..3e24cb85d --- /dev/null +++ b/src/main/java/org/cyclonedx/model/formulation/common/EnvVariableChoice.java @@ -0,0 +1,36 @@ +package org.cyclonedx.model.formulation.common; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.databind.annotation.JsonDeserialize; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; +import org.cyclonedx.model.Property; +import org.cyclonedx.util.deserializer.EnvVariableChoiceDeserializer; + +@JsonIgnoreProperties(ignoreUnknown = true) +@JsonInclude(JsonInclude.Include.NON_EMPTY) +@JsonDeserialize(using = EnvVariableChoiceDeserializer.class) +public class EnvVariableChoice +{ + @JacksonXmlProperty(localName = "value") + private String value; + + @JacksonXmlProperty(localName = "environmentVar") + private Property environmentVar; + + public String getValue() { + return value; + } + + public void setValue(final String value) { + this.value = value; + } + + public Property getEnvironmentVar() { + return environmentVar; + } + + public void setEnvironmentVar(final Property environmentVar) { + this.environmentVar = environmentVar; + } +} \ No newline at end of file diff --git a/src/main/java/org/cyclonedx/model/formulation/common/InputType.java b/src/main/java/org/cyclonedx/model/formulation/common/InputType.java new file mode 100644 index 000000000..3d6b14ba0 --- /dev/null +++ b/src/main/java/org/cyclonedx/model/formulation/common/InputType.java @@ -0,0 +1,54 @@ +package org.cyclonedx.model.formulation.common; + +import java.util.List; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.databind.annotation.JsonDeserialize; +import org.cyclonedx.util.deserializer.InputTypeDeserializer; + +@JsonDeserialize(using = InputTypeDeserializer.class) +@JsonIgnoreProperties(ignoreUnknown = true) +@JsonInclude(JsonInclude.Include.NON_EMPTY) +public class InputType extends AbstractType +{ + private List parameters; + + public List getParameters() { + return parameters; + } + + public void setParameters(final List parameters) { + this.parameters = parameters; + } + + public static class Parameter { + private String name; + private String value; + private String dataType; + + public String getName() { + return name; + } + + public void setName(final String name) { + this.name = name; + } + + public String getValue() { + return value; + } + + public void setValue(final String value) { + this.value = value; + } + + public String getDataType() { + return dataType; + } + + public void setDataType(final String dataType) { + this.dataType = dataType; + } + } +} \ No newline at end of file diff --git a/src/main/java/org/cyclonedx/model/formulation/common/OutputType.java b/src/main/java/org/cyclonedx/model/formulation/common/OutputType.java new file mode 100644 index 000000000..c74631832 --- /dev/null +++ b/src/main/java/org/cyclonedx/model/formulation/common/OutputType.java @@ -0,0 +1,53 @@ +package org.cyclonedx.model.formulation.common; + + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonInclude.Include; +import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.databind.annotation.JsonDeserialize; +import org.cyclonedx.util.deserializer.OutputTypeDeserializer; + +@JsonDeserialize(using = OutputTypeDeserializer.class) +@JsonIgnoreProperties(ignoreUnknown = true) +@JsonInclude(Include.NON_NULL) +public class OutputType + extends AbstractType +{ + @JsonProperty("type") + private OutputTypeEnum type; + + public OutputTypeEnum getType() { + return type; + } + + public void setType(final OutputTypeEnum type) { + this.type = type; + } + + public enum OutputTypeEnum { + + @JsonProperty("artifact") + ARTIFACT("artifact"), + @JsonProperty("attestation") + ATTESTATION("attestation"), + @JsonProperty("log") + LOG("log"), + @JsonProperty("evidence") + EVIDENCE("evidence"), + @JsonProperty("metrics") + METRICS("metrics"), + @JsonProperty("other") + OTHER("other"); + + private final String name; + + public String getTypeName() { + return this.name; + } + + OutputTypeEnum(String name) { + this.name = name; + } + } +} diff --git a/src/main/java/org/cyclonedx/model/formulation/common/ResourceReferenceChoice.java b/src/main/java/org/cyclonedx/model/formulation/common/ResourceReferenceChoice.java new file mode 100644 index 000000000..b27082ae6 --- /dev/null +++ b/src/main/java/org/cyclonedx/model/formulation/common/ResourceReferenceChoice.java @@ -0,0 +1,31 @@ +package org.cyclonedx.model.formulation.common; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.databind.annotation.JsonDeserialize; +import org.cyclonedx.model.ExternalReference; +import org.cyclonedx.util.ResourceReferenceChoiceDeserializer; + +@JsonIgnoreProperties(ignoreUnknown = true) +@JsonInclude(JsonInclude.Include.NON_EMPTY) +@JsonDeserialize(using = ResourceReferenceChoiceDeserializer.class) +public class ResourceReferenceChoice { + private String ref; + private ExternalReference externalReference; + + public String getRef() { + return ref; + } + + public void setRef(final String ref) { + this.ref = ref; + } + + public ExternalReference getExternalReference() { + return externalReference; + } + + public void setExternalReference(final ExternalReference externalReference) { + this.externalReference = externalReference; + } +} \ No newline at end of file diff --git a/src/main/java/org/cyclonedx/model/formulation/task/Command.java b/src/main/java/org/cyclonedx/model/formulation/task/Command.java new file mode 100644 index 000000000..31339e4ae --- /dev/null +++ b/src/main/java/org/cyclonedx/model/formulation/task/Command.java @@ -0,0 +1,33 @@ +package org.cyclonedx.model.formulation.task; + +import java.util.List; + +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; +import org.cyclonedx.model.ExtensibleElement; +import org.cyclonedx.model.Property; + +public class Command extends ExtensibleElement +{ + private String executed; + + private List properties; + + public String getExecuted() { + return executed; + } + + public void setExecuted(final String executed) { + this.executed = executed; + } + + @JacksonXmlElementWrapper(localName = "properties") + @JacksonXmlProperty(localName = "property") + public List getProperties() { + return properties; + } + + public void setProperties(final List properties) { + this.properties = properties; + } +} diff --git a/src/main/java/org/cyclonedx/model/formulation/task/Step.java b/src/main/java/org/cyclonedx/model/formulation/task/Step.java new file mode 100644 index 000000000..1570920c9 --- /dev/null +++ b/src/main/java/org/cyclonedx/model/formulation/task/Step.java @@ -0,0 +1,55 @@ +package org.cyclonedx.model.formulation.task; + +import java.util.List; + +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; +import org.cyclonedx.model.ExtensibleElement; +import org.cyclonedx.model.Property; + +public class Step extends ExtensibleElement +{ + private String name; + + private String description; + + private List commands; + + private List properties; + + public String getName() { + return name; + } + + public void setName(final String name) { + this.name = name; + } + + public String getDescription() { + return description; + } + + public void setDescription(final String description) { + this.description = description; + } + + @JacksonXmlElementWrapper(localName = "commands") + @JacksonXmlProperty(localName = "command") + public List getCommands() { + return commands; + } + + public void setCommands(final List commands) { + this.commands = commands; + } + + @JacksonXmlElementWrapper(localName = "properties") + @JacksonXmlProperty(localName = "property") + public List getProperties() { + return properties; + } + + public void setProperties(final List properties) { + this.properties = properties; + } +} \ No newline at end of file diff --git a/src/main/java/org/cyclonedx/model/formulation/task/Task.java b/src/main/java/org/cyclonedx/model/formulation/task/Task.java new file mode 100644 index 000000000..28d5de26f --- /dev/null +++ b/src/main/java/org/cyclonedx/model/formulation/task/Task.java @@ -0,0 +1,26 @@ +package org.cyclonedx.model.formulation.task; + +import java.util.List; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonPropertyOrder; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlRootElement; +import org.cyclonedx.model.formulation.FormulationCommon; + + +@JacksonXmlRootElement(localName = "task") +@JsonIgnoreProperties(ignoreUnknown = true) +@JsonInclude(JsonInclude.Include.NON_EMPTY) +@JsonPropertyOrder( + { + "uid", "name", "description", "resourceReferences", "taskTypes", "trigger", "steps", "inputs", "outputs", + "timeStart", "timeEnd", "workspaces", "runtimeTopology", "taskDependencyGraph", "properties", + }) +public class Task + extends FormulationCommon +{ + +} diff --git a/src/main/java/org/cyclonedx/model/formulation/trigger/Condition.java b/src/main/java/org/cyclonedx/model/formulation/trigger/Condition.java new file mode 100644 index 000000000..6c586e854 --- /dev/null +++ b/src/main/java/org/cyclonedx/model/formulation/trigger/Condition.java @@ -0,0 +1,39 @@ +package org.cyclonedx.model.formulation.trigger; + +import java.util.List; + +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; +import org.cyclonedx.model.Property; + +public class Condition { + private String description; + private String expression; + private List properties; + + public String getDescription() { + return description; + } + + public void setDescription(final String description) { + this.description = description; + } + + public String getExpression() { + return expression; + } + + public void setExpression(final String expression) { + this.expression = expression; + } + + @JacksonXmlElementWrapper(localName = "properties") + @JacksonXmlProperty(localName = "property") + public List getProperties() { + return properties; + } + + public void setProperties(final List properties) { + this.properties = properties; + } +} \ No newline at end of file diff --git a/src/main/java/org/cyclonedx/model/formulation/trigger/Event.java b/src/main/java/org/cyclonedx/model/formulation/trigger/Event.java new file mode 100644 index 000000000..2cdb8bbf7 --- /dev/null +++ b/src/main/java/org/cyclonedx/model/formulation/trigger/Event.java @@ -0,0 +1,77 @@ +package org.cyclonedx.model.formulation.trigger; + +import java.util.List; + +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; +import org.cyclonedx.model.AttachmentText; +import org.cyclonedx.model.Property; +import org.cyclonedx.model.formulation.common.ResourceReferenceChoice; + +public class Event { + private String uid; + private String description; + private String timeReceived; + private AttachmentText data; + private ResourceReferenceChoice source; + private ResourceReferenceChoice target; + private List properties; + + public String getUid() { + return uid; + } + + public void setUid(final String uid) { + this.uid = uid; + } + + public String getDescription() { + return description; + } + + public void setDescription(final String description) { + this.description = description; + } + + public String getTimeReceived() { + return timeReceived; + } + + public void setTimeReceived(final String timeReceived) { + this.timeReceived = timeReceived; + } + + public AttachmentText getData() { + return data; + } + + public void setData(final AttachmentText data) { + this.data = data; + } + + public ResourceReferenceChoice getSource() { + return source; + } + + public void setSource(final ResourceReferenceChoice source) { + this.source = source; + } + + public ResourceReferenceChoice getTarget() { + return target; + } + + public void setTarget(final ResourceReferenceChoice target) { + this.target = target; + } + + @JacksonXmlElementWrapper(localName = "properties") + @JacksonXmlProperty(localName = "property") + public List getProperties() { + return properties; + } + + public void setProperties(final List properties) { + this.properties = properties; + } +} \ No newline at end of file diff --git a/src/main/java/org/cyclonedx/model/formulation/trigger/Trigger.java b/src/main/java/org/cyclonedx/model/formulation/trigger/Trigger.java new file mode 100644 index 000000000..d4b103cb6 --- /dev/null +++ b/src/main/java/org/cyclonedx/model/formulation/trigger/Trigger.java @@ -0,0 +1,85 @@ +package org.cyclonedx.model.formulation.trigger; + +import java.util.List; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonPropertyOrder; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; +import org.cyclonedx.model.formulation.common.BasicDataAbstract; +import org.cyclonedx.model.formulation.common.InputType; +import org.cyclonedx.model.formulation.common.OutputType; + +@JsonIgnoreProperties(ignoreUnknown = true) +@JsonInclude(JsonInclude.Include.NON_EMPTY) +@JsonPropertyOrder({ + "uid", "name", "description", "resourceReferences", "type", "event", "conditions", "timeActivated", "inputs", + "outputs", "properties" +}) +public class Trigger + extends BasicDataAbstract +{ + private String type; + private Event event; + private List conditions; + private String timeActivated; + + private List inputs; + + private List outputs; + + public String getType() { + return type; + } + + public void setType(final String type) { + this.type = type; + } + + public Event getEvent() { + return event; + } + + public void setEvent(final Event event) { + this.event = event; + } + + @JacksonXmlElementWrapper(localName = "conditions") + @JacksonXmlProperty(localName = "condition") + public List getConditions() { + return conditions; + } + + public void setConditions(final List conditions) { + this.conditions = conditions; + } + + public String getTimeActivated() { + return timeActivated; + } + + public void setTimeActivated(final String timeActivated) { + this.timeActivated = timeActivated; + } + + @JacksonXmlElementWrapper(localName = "inputs") + @JacksonXmlProperty(localName = "input") + public List getInputs() { + return inputs; + } + + public void setInputs(final List inputs) { + this.inputs = inputs; + } + + @JacksonXmlElementWrapper(localName = "outputs") + @JacksonXmlProperty(localName = "output") + public List getOutputs() { + return outputs; + } + + public void setOutputs(final List outputs) { + this.outputs = outputs; + } +} \ No newline at end of file diff --git a/src/main/java/org/cyclonedx/model/formulation/workspace/Volume.java b/src/main/java/org/cyclonedx/model/formulation/workspace/Volume.java new file mode 100644 index 000000000..7afe2ab6d --- /dev/null +++ b/src/main/java/org/cyclonedx/model/formulation/workspace/Volume.java @@ -0,0 +1,108 @@ +package org.cyclonedx.model.formulation.workspace; + +import java.util.List; + +import com.fasterxml.jackson.annotation.JsonProperty; +import org.cyclonedx.model.ExtensibleElement; +import org.cyclonedx.model.Property; + +public class Volume extends ExtensibleElement +{ + private String uid; + + private String name; + + private Mode mode = Mode.FILESYSTEM; + + private String path; + + private String sizeAllocated; + + private Boolean persistent; + + private Boolean remote; + + private List properties; + + public enum Mode { + + @JsonProperty("filesystem") + FILESYSTEM("filesystem"), + @JsonProperty("block") + BLOCK("block"); + + private final String name; + + public String getMode() { + return this.name; + } + + Mode(String name) { + this.name = name; + } + } + + public String getUid() { + return uid; + } + + public void setUid(final String uid) { + this.uid = uid; + } + + public String getName() { + return name; + } + + public void setName(final String name) { + this.name = name; + } + + public Mode getMode() { + return mode; + } + + public void setMode(final Mode mode) { + this.mode = mode; + } + + public String getPath() { + return path; + } + + public void setPath(final String path) { + this.path = path; + } + + public String getSizeAllocated() { + return sizeAllocated; + } + + public void setSizeAllocated(final String sizeAllocated) { + this.sizeAllocated = sizeAllocated; + } + + public Boolean getPersistent() { + return persistent; + } + + public void setPersistent(final Boolean persistent) { + this.persistent = persistent; + } + + public Boolean getRemote() { + return remote; + } + + public void setRemote(final Boolean remote) { + this.remote = remote; + } + + public List getProperties() { + return properties; + } + + public void setProperties(final List properties) { + this.properties = properties; + } +} diff --git a/src/main/java/org/cyclonedx/model/formulation/workspace/Workspace.java b/src/main/java/org/cyclonedx/model/formulation/workspace/Workspace.java new file mode 100644 index 000000000..34bc33793 --- /dev/null +++ b/src/main/java/org/cyclonedx/model/formulation/workspace/Workspace.java @@ -0,0 +1,161 @@ +package org.cyclonedx.model.formulation.workspace; + +import java.util.List; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.annotation.JsonPropertyOrder; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; +import org.cyclonedx.model.ExtensibleElement; +import org.cyclonedx.model.Property; +import org.cyclonedx.model.formulation.common.BasicDataAbstract; +import org.cyclonedx.model.formulation.common.ResourceReferenceChoice; + +@JsonIgnoreProperties(ignoreUnknown = true) +@JsonInclude(JsonInclude.Include.NON_EMPTY) +@JsonPropertyOrder({ + "uid", "name", "aliases", "description", "resourceReferences", "accessMode", "mountPath", "managedDataType", + "volumeRequest", "volume", "properties" +}) +public class Workspace extends BasicDataAbstract +{ + private List aliases; + + private AccessMode accessMode; + + private String mountPath; + + private String managedDataType; + + private String volumeRequest; + + private Volume volume; + + public enum AccessMode { + + @JsonProperty("read-only") + READ_ONLY("read-only"), + @JsonProperty("read-write") + READ_WRITE("read-write"), + @JsonProperty("read-write-once") + READ_WRITE_ONCE("read-write-once"), + @JsonProperty("write-once") + WRITE_ONCE("write-once"), + @JsonProperty("write-only") + WRITE_ONLY("write-only"); + + private final String name; + + public String getAccessMode() { + return this.name; + } + + AccessMode(String name) { + this.name = name; + } + } + + public String getBomRef() { + return bomRef; + } + + public void setBomRef(final String bomRef) { + this.bomRef = bomRef; + } + + public String getUid() { + return uid; + } + + public void setUid(final String uid) { + this.uid = uid; + } + + public String getName() { + return name; + } + + public void setName(final String name) { + this.name = name; + } + + @JacksonXmlElementWrapper(localName = "aliases") + @JacksonXmlProperty(localName = "alias") + public List getAliases() { + return aliases; + } + + public void setAliases(final List aliases) { + this.aliases = aliases; + } + + public String getDescription() { + return description; + } + + public void setDescription(final String description) { + this.description = description; + } + + @JacksonXmlElementWrapper(localName = "resourceReferences") + @JacksonXmlProperty(localName = "resourceReference") + public List getResourceReferences() { + return resourceReferences; + } + + public void setResourceReferences(final List resourceReferences) { + this.resourceReferences = resourceReferences; + } + + public AccessMode getAccessMode() { + return accessMode; + } + + public void setAccessMode(final AccessMode accessMode) { + this.accessMode = accessMode; + } + + public String getMountPath() { + return mountPath; + } + + public void setMountPath(final String mountPath) { + this.mountPath = mountPath; + } + + public String getManagedDataType() { + return managedDataType; + } + + public void setManagedDataType(final String managedDataType) { + this.managedDataType = managedDataType; + } + + public String getVolumeRequest() { + return volumeRequest; + } + + public void setVolumeRequest(final String volumeRequest) { + this.volumeRequest = volumeRequest; + } + + public Volume getVolume() { + return volume; + } + + public void setVolume(final Volume volume) { + this.volume = volume; + } + + @JacksonXmlElementWrapper(localName = "properties") + @JacksonXmlProperty(localName = "property") + public List getProperties() { + return properties; + } + + public void setProperties(final List properties) { + this.properties = properties; + } +} diff --git a/src/main/java/org/cyclonedx/util/ResourceReferenceChoiceDeserializer.java b/src/main/java/org/cyclonedx/util/ResourceReferenceChoiceDeserializer.java new file mode 100644 index 000000000..634f33029 --- /dev/null +++ b/src/main/java/org/cyclonedx/util/ResourceReferenceChoiceDeserializer.java @@ -0,0 +1,51 @@ +/* + * This file is part of CycloneDX Core (Java). + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * Copyright (c) OWASP Foundation. All Rights Reserved. + */ +package org.cyclonedx.util; + +import com.fasterxml.jackson.core.JsonParser; +import com.fasterxml.jackson.databind.DeserializationContext; +import com.fasterxml.jackson.databind.JsonDeserializer; +import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.ObjectMapper; +import org.cyclonedx.model.ExternalReference; +import org.cyclonedx.model.formulation.common.ResourceReferenceChoice; + +import java.io.IOException; + +public class ResourceReferenceChoiceDeserializer extends JsonDeserializer +{ + private final ObjectMapper objectMapper = new ObjectMapper(); + + @Override + public ResourceReferenceChoice deserialize(JsonParser jsonParser, DeserializationContext deserializationContext) throws IOException { + JsonNode node = jsonParser.getCodec().readTree(jsonParser); + ResourceReferenceChoice resourceReferenceChoice = new ResourceReferenceChoice(); + + if (node.has("ref")) { + String ref = node.get("ref").asText(); + resourceReferenceChoice.setRef(ref); + } else if (node.has("externalReference")) { + JsonNode externalReferenceNode = node.get("externalReference"); + ExternalReference externalReference = objectMapper.treeToValue(externalReferenceNode, ExternalReference.class); + resourceReferenceChoice.setExternalReference(externalReference); + } + + return resourceReferenceChoice; + } +} diff --git a/src/main/java/org/cyclonedx/util/deserializer/EnvVariableChoiceDeserializer.java b/src/main/java/org/cyclonedx/util/deserializer/EnvVariableChoiceDeserializer.java new file mode 100644 index 000000000..888922bbb --- /dev/null +++ b/src/main/java/org/cyclonedx/util/deserializer/EnvVariableChoiceDeserializer.java @@ -0,0 +1,60 @@ +/* + * This file is part of CycloneDX Core (Java). + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * Copyright (c) OWASP Foundation. All Rights Reserved. + */ +package org.cyclonedx.util.deserializer; + +import java.io.IOException; + +import com.fasterxml.jackson.core.JsonParser; +import com.fasterxml.jackson.databind.DeserializationContext; +import com.fasterxml.jackson.databind.JsonDeserializer; +import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.ObjectMapper; +import org.cyclonedx.model.Property; +import org.cyclonedx.model.formulation.common.EnvVariableChoice; + +public class EnvVariableChoiceDeserializer + extends JsonDeserializer +{ + @Override + public EnvVariableChoice deserialize(JsonParser jsonParser, DeserializationContext deserializationContext) throws IOException { + JsonNode node = jsonParser.getCodec().readTree(jsonParser); + EnvVariableChoice envReferenceChoice = new EnvVariableChoice(); + + if (node.has("value")) { + String value = node.get("value").asText(); + envReferenceChoice.setValue(value); + } else if (node.has("environmentVar")) { + JsonNode envVarNode = node.get("environmentVar"); + Property prop = new Property(); + + if (envVarNode.has("name")) { + String name = envVarNode.get("name").asText(); + prop.setName(name); + } + if (envVarNode.has("")) { + String value = envVarNode.get("").asText(); + prop.setValue(value); + } + + envReferenceChoice.setEnvironmentVar(prop); + } + + return envReferenceChoice; + } +} diff --git a/src/main/java/org/cyclonedx/util/deserializer/InputTypeDeserializer.java b/src/main/java/org/cyclonedx/util/deserializer/InputTypeDeserializer.java new file mode 100644 index 000000000..b1c16ba95 --- /dev/null +++ b/src/main/java/org/cyclonedx/util/deserializer/InputTypeDeserializer.java @@ -0,0 +1,102 @@ +/* + * This file is part of CycloneDX Core (Java). + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * Copyright (c) OWASP Foundation. All Rights Reserved. + */ +package org.cyclonedx.util.deserializer; + +import java.io.IOException; +import java.util.ArrayList; +import java.util.List; + +import com.fasterxml.jackson.core.JsonParser; +import com.fasterxml.jackson.core.type.TypeReference; +import com.fasterxml.jackson.core.JsonProcessingException; +import com.fasterxml.jackson.databind.DeserializationContext; +import com.fasterxml.jackson.databind.JsonDeserializer; +import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.ObjectMapper; +import org.cyclonedx.model.AttachmentText; +import org.cyclonedx.model.Property; +import org.cyclonedx.model.formulation.common.EnvVariableChoice; +import org.cyclonedx.model.formulation.common.InputType; +import org.cyclonedx.model.formulation.common.InputType.Parameter; +import org.cyclonedx.model.formulation.common.ResourceReferenceChoice; + +public class InputTypeDeserializer extends JsonDeserializer { + private final ObjectMapper objectMapper = new ObjectMapper(); + + @Override + public InputType deserialize(JsonParser jsonParser, DeserializationContext deserializationContext) + throws IOException + { + JsonNode node = jsonParser.getCodec().readTree(jsonParser); + InputType inputType = new InputType(); + + if(node.has("source")) { + JsonNode sourceNode = node.get("source"); + ResourceReferenceChoice source = objectMapper.treeToValue(sourceNode, ResourceReferenceChoice.class); + inputType.setSource(source); + } + + if(node.has("target")) { + JsonNode targetNode = node.get("target"); + ResourceReferenceChoice target = objectMapper.treeToValue(targetNode, ResourceReferenceChoice.class); + inputType.setTarget(target); + } + + createInputDataInfo(node, inputType); + + if(node.has("properties")) { + JsonNode propertiesNode = node.get("properties"); + List properties = objectMapper.convertValue(propertiesNode, new TypeReference>() {}); + inputType.setProperties(properties); + } + + return inputType; + } + + private void createInputDataInfo(JsonNode node, InputType inputType ) throws JsonProcessingException { + if (node.has("resource")) { + JsonNode resourceNode = node.get("resource"); + ResourceReferenceChoice resource = objectMapper.treeToValue(resourceNode, ResourceReferenceChoice.class); + inputType.setResource(resource); + } else if (node.has("parameters")) { + JsonNode parametersNode = node.get("parameters"); + List parameters = objectMapper.convertValue(parametersNode, new TypeReference>() {}); + inputType.setParameters(parameters); + } else if (node.has("environmentVars")) { + JsonNode environmentVarsNode = node.get("environmentVars"); + List environmentVars = new ArrayList<>(); + if (environmentVarsNode.isArray()) { + // if it's an array + for (JsonNode envVarNode : environmentVarsNode) { + EnvVariableChoice envVar = objectMapper.treeToValue(envVarNode, EnvVariableChoice.class); + environmentVars.add(envVar); + } + } else { + // if it's a single object + EnvVariableChoice envVar = objectMapper.treeToValue(environmentVarsNode, EnvVariableChoice.class); + environmentVars.add(envVar); + } + inputType.setEnvironmentVars(environmentVars); + } else if (node.has("data")) { + JsonNode dataNode = node.get("data"); + AttachmentText data = objectMapper.treeToValue(dataNode, AttachmentText.class); + inputType.setData(data); + } + } +} diff --git a/src/main/java/org/cyclonedx/util/LifecycleDeserializer.java b/src/main/java/org/cyclonedx/util/deserializer/LifecycleDeserializer.java similarity index 98% rename from src/main/java/org/cyclonedx/util/LifecycleDeserializer.java rename to src/main/java/org/cyclonedx/util/deserializer/LifecycleDeserializer.java index 63441b046..dedc8fe80 100644 --- a/src/main/java/org/cyclonedx/util/LifecycleDeserializer.java +++ b/src/main/java/org/cyclonedx/util/deserializer/LifecycleDeserializer.java @@ -16,7 +16,7 @@ * SPDX-License-Identifier: Apache-2.0 * Copyright (c) OWASP Foundation. All Rights Reserved. */ -package org.cyclonedx.util; +package org.cyclonedx.util.deserializer; import java.io.IOException; import java.util.ArrayList; diff --git a/src/main/java/org/cyclonedx/util/deserializer/OutputTypeDeserializer.java b/src/main/java/org/cyclonedx/util/deserializer/OutputTypeDeserializer.java new file mode 100644 index 000000000..028fd2ce6 --- /dev/null +++ b/src/main/java/org/cyclonedx/util/deserializer/OutputTypeDeserializer.java @@ -0,0 +1,107 @@ +/* + * This file is part of CycloneDX Core (Java). + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * Copyright (c) OWASP Foundation. All Rights Reserved. + */ +package org.cyclonedx.util.deserializer; + +import java.io.IOException; +import java.util.ArrayList; +import java.util.List; + +import com.fasterxml.jackson.core.JsonParser; +import com.fasterxml.jackson.core.JsonProcessingException; +import com.fasterxml.jackson.core.type.TypeReference; +import com.fasterxml.jackson.databind.DeserializationContext; +import com.fasterxml.jackson.databind.JsonDeserializer; +import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.ObjectMapper; +import org.cyclonedx.model.AttachmentText; +import org.cyclonedx.model.Property; +import org.cyclonedx.model.formulation.common.EnvVariableChoice; +import org.cyclonedx.model.formulation.common.InputType; +import org.cyclonedx.model.formulation.common.InputType.Parameter; +import org.cyclonedx.model.formulation.common.OutputType; +import org.cyclonedx.model.formulation.common.OutputType.OutputTypeEnum; +import org.cyclonedx.model.formulation.common.ResourceReferenceChoice; + +public class OutputTypeDeserializer + extends JsonDeserializer { + private final ObjectMapper objectMapper = new ObjectMapper(); + + @Override + public OutputType deserialize(JsonParser jsonParser, DeserializationContext deserializationContext) + throws IOException + { + JsonNode node = jsonParser.getCodec().readTree(jsonParser); + OutputType outputType = new OutputType(); + + if(node.has("source")) { + JsonNode sourceNode = node.get("source"); + ResourceReferenceChoice source = objectMapper.treeToValue(sourceNode, ResourceReferenceChoice.class); + outputType.setSource(source); + } + + if(node.has("target")) { + JsonNode targetNode = node.get("target"); + ResourceReferenceChoice target = objectMapper.treeToValue(targetNode, ResourceReferenceChoice.class); + outputType.setTarget(target); + } + + createOutputDataInfo(node, outputType); + + if(node.has("properties")) { + JsonNode propertiesNode = node.get("properties"); + List properties = objectMapper.convertValue(propertiesNode, new TypeReference>() {}); + outputType.setProperties(properties); + } + + if(node.has("type")) { + JsonNode typeNode = node.get("type"); + OutputTypeEnum type = objectMapper.treeToValue(typeNode, OutputTypeEnum.class); + outputType.setType(type); + } + + return outputType; + } + + private void createOutputDataInfo(JsonNode node, OutputType outputType) throws JsonProcessingException { + if (node.has("resource")) { + JsonNode resourceNode = node.get("resource"); + ResourceReferenceChoice resource = objectMapper.treeToValue(resourceNode, ResourceReferenceChoice.class); + outputType.setResource(resource); + } else if (node.has("environmentVars")) { + JsonNode environmentVarsNode = node.get("environmentVars"); + List environmentVars = new ArrayList<>(); + if (environmentVarsNode.isArray()) { + // if it's an array + for (JsonNode envVarNode : environmentVarsNode) { + EnvVariableChoice envVar = objectMapper.treeToValue(envVarNode, EnvVariableChoice.class); + environmentVars.add(envVar); + } + } else { + // if it's a single object + EnvVariableChoice envVar = objectMapper.treeToValue(environmentVarsNode, EnvVariableChoice.class); + environmentVars.add(envVar); + } + outputType.setEnvironmentVars(environmentVars); + } else if (node.has("data")) { + JsonNode dataNode = node.get("data"); + AttachmentText data = objectMapper.treeToValue(dataNode, AttachmentText.class); + outputType.setData(data); + } + } +} diff --git a/src/main/java/org/cyclonedx/util/serializer/CollectionTypeSerializer.java b/src/main/java/org/cyclonedx/util/serializer/CollectionTypeSerializer.java index 28c9ab826..135df973f 100644 --- a/src/main/java/org/cyclonedx/util/serializer/CollectionTypeSerializer.java +++ b/src/main/java/org/cyclonedx/util/serializer/CollectionTypeSerializer.java @@ -46,7 +46,7 @@ public JsonSerializer findCollectionSerializer(SerializationConfig config, JsonSerializer elementValueSerializer) { if (isDependencyListType(type)) { - return new DependencySerializer(useNamespace); + return new DependencySerializer(useNamespace, null); } return findSerializer(config, type, beanDescription); } diff --git a/src/main/java/org/cyclonedx/util/serializer/DependencySerializer.java b/src/main/java/org/cyclonedx/util/serializer/DependencySerializer.java index 8cedace88..1d9237cd9 100644 --- a/src/main/java/org/cyclonedx/util/serializer/DependencySerializer.java +++ b/src/main/java/org/cyclonedx/util/serializer/DependencySerializer.java @@ -27,24 +27,41 @@ import com.fasterxml.jackson.core.JsonGenerator; import com.fasterxml.jackson.databind.SerializerProvider; import com.fasterxml.jackson.databind.ser.std.StdSerializer; +import com.fasterxml.jackson.databind.ser.ContextualSerializer; import com.fasterxml.jackson.dataformat.xml.ser.ToXmlGenerator; +import com.fasterxml.jackson.databind.BeanProperty; +import com.fasterxml.jackson.databind.JsonSerializer; +import org.apache.commons.lang3.StringUtils; import org.cyclonedx.CycloneDxSchema; import org.cyclonedx.model.Dependency; import org.cyclonedx.model.DependencyList; -public class DependencySerializer extends StdSerializer +public class DependencySerializer extends StdSerializer implements ContextualSerializer { private final String REF = "ref"; - private boolean useNamespace = false; + private boolean useNamespace; - public DependencySerializer(final boolean useNamespace) { + private final String parentTagName; + + public DependencySerializer(final boolean useNamespace, String parentTagName) { super(DependencyList.class, false); this.useNamespace = useNamespace; + this.parentTagName = parentTagName; + } + + public DependencySerializer() { + this(false, null); } - public DependencySerializer(final Class t) { + public DependencySerializer(Class t, String parentTagName) { super(t); + this.parentTagName = parentTagName; + } + + @Override + public JsonSerializer createContextual(SerializerProvider prov, BeanProperty property) { + return new DependencySerializer(useNamespace, property.getName()); } @Override @@ -90,7 +107,7 @@ private void writeXMLDependenciesWithGenerator(final ToXmlGenerator toXmlGenerat throws IOException, XMLStreamException { if (dependencies != null && !dependencies.isEmpty()) { - processNamespace(toXmlGenerator, "dependencies"); + processNamespace(toXmlGenerator, parentTagName); toXmlGenerator.writeStartArray(); for (Dependency dependency : dependencies) { @@ -135,11 +152,13 @@ private void processNamespace(final ToXmlGenerator toXmlGenerator, final String { QName qName; + String dependenciesNamespace = StringUtils.isBlank(dependencies)? "dependencies" : dependencies; + if (useNamespace) { - qName = new QName(CycloneDxSchema.NS_DEPENDENCY_GRAPH_10, dependencies, "dg"); + qName = new QName(CycloneDxSchema.NS_DEPENDENCY_GRAPH_10, dependenciesNamespace, "dg"); toXmlGenerator.getStaxWriter().setPrefix(qName.getPrefix(), qName.getNamespaceURI()); } else { - qName = new QName(dependencies); + qName = new QName(dependenciesNamespace); } toXmlGenerator.setNextName(qName); diff --git a/src/main/java/org/cyclonedx/util/serializer/InputTypeSerializer.java b/src/main/java/org/cyclonedx/util/serializer/InputTypeSerializer.java new file mode 100644 index 000000000..e080e0269 --- /dev/null +++ b/src/main/java/org/cyclonedx/util/serializer/InputTypeSerializer.java @@ -0,0 +1,89 @@ +package org.cyclonedx.util.serializer; + +import java.io.IOException; + +import com.fasterxml.jackson.core.JsonGenerator; +import com.fasterxml.jackson.databind.SerializerProvider; +import com.fasterxml.jackson.databind.ser.std.StdSerializer; +import com.fasterxml.jackson.dataformat.xml.ser.ToXmlGenerator; +import org.cyclonedx.model.formulation.common.EnvVariableChoice; +import org.cyclonedx.model.formulation.common.InputType; + +public class InputTypeSerializer + extends StdSerializer +{ + private final boolean isXml; + + public InputTypeSerializer(boolean isXml) { + this(null, isXml); + } + + public InputTypeSerializer(Class t, boolean isXml) { + super(t); + this.isXml = isXml; + } + + @Override + public void serialize(InputType value, JsonGenerator jsonGenerator, SerializerProvider serializerProvider) + throws IOException { + if (isXml && jsonGenerator instanceof ToXmlGenerator) { + ToXmlGenerator xmlGenerator = (ToXmlGenerator) jsonGenerator; + createInputChoice(value, xmlGenerator); + } else { + createInputChoice(value, jsonGenerator); + } + } + + private void createInputChoice(final InputType input, final JsonGenerator jsonGenerator) + throws IOException + { + jsonGenerator.writeStartObject(); + + if (input.getResource() != null) { + jsonGenerator.writeFieldName("resource"); + jsonGenerator.writeObject( input.getResource()); + } + else if (input.getParameters() != null && !input.getParameters().isEmpty()) { + jsonGenerator.writeFieldName("parameters"); + jsonGenerator.writeObject( input.getParameters()); + } + else if (input.getEnvironmentVars() != null && !input.getEnvironmentVars().isEmpty()) { + jsonGenerator.writeArrayFieldStart("environmentVars"); + for (EnvVariableChoice envVarChoice : input.getEnvironmentVars()) { + if (envVarChoice.getEnvironmentVar() != null) { + jsonGenerator.writeStartObject(); + jsonGenerator.writeObjectField("environmentVar", envVarChoice.getEnvironmentVar()); + jsonGenerator.writeEndObject(); + } else if (envVarChoice.getValue() != null) { + jsonGenerator.writeStartObject(); + jsonGenerator.writeObjectField("value", envVarChoice.getValue()); + jsonGenerator.writeEndObject(); + } + } + jsonGenerator.writeEndArray(); + } + else if (input.getData() != null) { + jsonGenerator.writeFieldName("data"); + jsonGenerator.writeObject( input.getData()); + } + + if (input.getSource() != null) { + jsonGenerator.writeFieldName("source"); + jsonGenerator.writeObject(input.getSource()); + } + if (input.getTarget() != null) { + jsonGenerator.writeFieldName("target"); + jsonGenerator.writeObject(input.getTarget()); + } + if (input.getProperties() != null) { + jsonGenerator.writeFieldName("properties"); + jsonGenerator.writeObject( input.getProperties()); + } + jsonGenerator.writeEndObject(); + } + + @Override + public Class handledType() { + return InputType.class; + } +} diff --git a/src/main/java/org/cyclonedx/util/LifecycleSerializer.java b/src/main/java/org/cyclonedx/util/serializer/LifecycleSerializer.java similarity index 98% rename from src/main/java/org/cyclonedx/util/LifecycleSerializer.java rename to src/main/java/org/cyclonedx/util/serializer/LifecycleSerializer.java index 7438e9b2e..1992645b4 100644 --- a/src/main/java/org/cyclonedx/util/LifecycleSerializer.java +++ b/src/main/java/org/cyclonedx/util/serializer/LifecycleSerializer.java @@ -1,4 +1,4 @@ -package org.cyclonedx.util; +package org.cyclonedx.util.serializer; import com.fasterxml.jackson.core.JsonGenerator; import com.fasterxml.jackson.databind.SerializerProvider; diff --git a/src/main/java/org/cyclonedx/util/serializer/OutputTypeSerializer.java b/src/main/java/org/cyclonedx/util/serializer/OutputTypeSerializer.java new file mode 100644 index 000000000..62ba2acbf --- /dev/null +++ b/src/main/java/org/cyclonedx/util/serializer/OutputTypeSerializer.java @@ -0,0 +1,92 @@ +package org.cyclonedx.util.serializer; + +import java.io.IOException; + +import com.fasterxml.jackson.core.JsonGenerator; +import com.fasterxml.jackson.databind.SerializerProvider; +import com.fasterxml.jackson.databind.ser.std.StdSerializer; +import com.fasterxml.jackson.dataformat.xml.ser.ToXmlGenerator; +import org.cyclonedx.model.formulation.common.EnvVariableChoice; +import org.cyclonedx.model.formulation.common.OutputType; + +public class OutputTypeSerializer + extends StdSerializer +{ + private final boolean isXml; + + public OutputTypeSerializer(boolean isXml) { + this(null, isXml); + } + + public OutputTypeSerializer(Class t, boolean isXml) { + super(t); + this.isXml = isXml; + } + + @Override + public void serialize(OutputType value, JsonGenerator jsonGenerator, SerializerProvider serializerProvider) + throws IOException { + if (isXml && jsonGenerator instanceof ToXmlGenerator) { + ToXmlGenerator xmlGenerator = (ToXmlGenerator) jsonGenerator; + xmlGenerator.writeStartObject(); + xmlGenerator.writeFieldName("input"); + createOutputChoice(value, xmlGenerator); + xmlGenerator.writeEndObject(); + } else { + createOutputChoice(value, jsonGenerator); + } + } + + private void createOutputChoice(final OutputType output, final JsonGenerator jsonGenerator) + throws IOException + { + jsonGenerator.writeStartObject(); + + if (output.getResource() != null) { + jsonGenerator.writeFieldName("resource"); + jsonGenerator.writeObject( output.getResource()); + } + else if (output.getEnvironmentVars() != null && !output.getEnvironmentVars().isEmpty()) { + jsonGenerator.writeArrayFieldStart("environmentVars"); + for (EnvVariableChoice envVarChoice : output.getEnvironmentVars()) { + if (envVarChoice.getEnvironmentVar() != null) { + jsonGenerator.writeStartObject(); + jsonGenerator.writeObjectField("environmentVar", envVarChoice.getEnvironmentVar()); + jsonGenerator.writeEndObject(); + } else if (envVarChoice.getValue() != null) { + jsonGenerator.writeStartObject(); + jsonGenerator.writeObjectField("value", envVarChoice.getValue()); + jsonGenerator.writeEndObject(); + } + } + jsonGenerator.writeEndArray(); + } + else if (output.getData() != null) { + jsonGenerator.writeFieldName("data"); + jsonGenerator.writeObject( output.getData()); + } + + if (output.getType() != null) { + jsonGenerator.writeFieldName("type"); + jsonGenerator.writeObject(output.getType()); + } + if (output.getSource() != null) { + jsonGenerator.writeFieldName("source"); + jsonGenerator.writeObject(output.getSource()); + } + if (output.getTarget() != null) { + jsonGenerator.writeFieldName("target"); + jsonGenerator.writeObject(output.getTarget()); + } + if (output.getProperties() != null) { + jsonGenerator.writeFieldName("properties"); + jsonGenerator.writeObject( output.getProperties()); + } + jsonGenerator.writeEndObject(); + } + + @Override + public Class handledType() { + return OutputType.class; + } +} diff --git a/src/test/java/org/cyclonedx/BomJsonGeneratorTest.java b/src/test/java/org/cyclonedx/BomJsonGeneratorTest.java index a5ca4b198..d17520a57 100644 --- a/src/test/java/org/cyclonedx/BomJsonGeneratorTest.java +++ b/src/test/java/org/cyclonedx/BomJsonGeneratorTest.java @@ -182,7 +182,6 @@ public void schema14JBomLinkGenerationTest() throws Exception { public void schema15JsonObjectGenerationTest() throws Exception { Bom bom = createCommonBom("/bom-1.5.xml"); BomJsonGenerator generator = BomGeneratorFactory.createJson(Version.VERSION_15, bom); - assertTrue(generator instanceof BomJsonGenerator15); assertEquals(CycloneDxSchema.Version.VERSION_15, generator.getSchemaVersion()); diff --git a/src/test/java/org/cyclonedx/parsers/JsonParserTest.java b/src/test/java/org/cyclonedx/parsers/JsonParserTest.java index 963f84521..778d18813 100644 --- a/src/test/java/org/cyclonedx/parsers/JsonParserTest.java +++ b/src/test/java/org/cyclonedx/parsers/JsonParserTest.java @@ -36,11 +36,25 @@ import org.cyclonedx.model.OrganizationalContact; import org.cyclonedx.model.OrganizationalEntity; import org.cyclonedx.model.OrganizationalChoice; +import org.cyclonedx.model.Property; import org.cyclonedx.model.ReleaseNotes; import org.cyclonedx.model.ReleaseNotes.Notes; import org.cyclonedx.model.ReleaseNotes.Resolves; import org.cyclonedx.model.Service; import org.cyclonedx.model.ServiceData; +import org.cyclonedx.model.formulation.Formula; +import org.cyclonedx.model.formulation.Workflow; +import org.cyclonedx.model.formulation.common.InputType; +import org.cyclonedx.model.formulation.common.OutputType; +import org.cyclonedx.model.formulation.common.ResourceReferenceChoice; +import org.cyclonedx.model.formulation.task.Command; +import org.cyclonedx.model.formulation.task.Step; +import org.cyclonedx.model.formulation.task.Task; +import org.cyclonedx.model.formulation.trigger.Condition; +import org.cyclonedx.model.formulation.trigger.Event; +import org.cyclonedx.model.formulation.trigger.Trigger; +import org.cyclonedx.model.formulation.workspace.Volume; +import org.cyclonedx.model.formulation.workspace.Workspace; import org.cyclonedx.model.vulnerability.Vulnerability; import org.cyclonedx.model.vulnerability.Vulnerability.Analysis.Justification; import org.cyclonedx.model.vulnerability.Vulnerability.Analysis.State; @@ -357,6 +371,9 @@ public void testParsedObjects14Bom() throws Exception { //Assert Annotations assertAnnotations(bom, Version.VERSION_14); + + //Assert Formulation + assertFormulation(bom, Version.VERSION_14); } @Test @@ -384,12 +401,262 @@ public void testParsedObjects15Bom() throws Exception { //Assert Annotations assertAnnotations(bom, Version.VERSION_15); + + //Assert Formulation + assertFormulation(bom, Version.VERSION_15); + } + + private void assertFormulation(final Bom bom, final Version version) { + if(version== Version.VERSION_15) { + List formulas = bom.getFormulation(); + + assertEquals(1, formulas.size()); + + Formula formula = formulas.get(0); + assertNotNull(formula.getBomRef()); + assertNotNull(formula.getComponents()); + assertNull(formula.getServices()); + assertNull(formula.getProperties()); + assertWorkflows(formula.getWorkflows()); + } else { + assertNull(bom.getFormulation()); + } + } + private void assertWorkflows(List workflows) { + assertEquals(workflows.size(), 1); + + Workflow workflow = workflows.get(0); + assertNotNull(workflow.getBomRef()); + assertNotNull(workflow.getUid()); + assertNotNull(workflow.getName()); + assertNotNull(workflow.getDescription()); + assertNotNull(workflow.getResourceReferences()); + + assertNotNull(workflow.getTimeEnd()); + assertNotNull(workflow.getTimeStart()); + assertNotNull(workflow.getRuntimeTopology()); + assertNotNull(workflow.getTaskDependencies()); + + assertTasks(workflow.getTasks()); + assertSteps(workflow.getSteps()); + assertTrigger(workflow.getTrigger()); + assertInputs(workflow.getInputs()); + assertOutputs(workflow.getOutputs()); + assertProperties(workflow.getProperties()); + assertWorkspaces(workflow.getWorkspaces()); + } + + private void assertWorkspaces(List workspaces) { + assertEquals(workspaces.size(), 1); + assertNotNull(workspaces); + + Workspace workspace = workspaces.get(0); + assertNotNull(workspace.getBomRef()); + assertNotNull(workspace.getUid()); + assertNotNull(workspace.getName()); + assertNotNull(workspace.getDescription()); + assertNotNull(workspace.getResourceReferences()); + + assertNotNull(workspace.getAccessMode()); + assertNotNull(workspace.getMountPath()); + assertNotNull(workspace.getManagedDataType()); + assertNotNull(workspace.getVolumeRequest()); + + assertVolume(workspace.getVolume()); + + assertProperties(workspace.getProperties()); + } + + private void assertVolume(Volume volume) { + assertNotNull(volume); + + assertNotNull(volume.getUid()); + assertNotNull(volume.getName()); + assertNotNull(volume.getMode()); + assertNotNull(volume.getPath()); + assertNotNull(volume.getSizeAllocated()); + assertNotNull(volume.getPersistent()); + assertNotNull(volume.getRemote()); + + assertProperties(volume.getProperties()); + } + + private void assertTrigger(Trigger trigger) { + assertNotNull(trigger); + + assertNotNull(trigger.getBomRef()); + assertNotNull(trigger.getUid()); + assertNotNull(trigger.getName()); + assertNotNull(trigger.getDescription()); + assertNotNull(trigger.getResourceReferences()); + assertNotNull(trigger.getType()); + assertNotNull(trigger.getTimeActivated()); + + //Event + assertEvent(trigger.getEvent()); + //Conditions + assertConditions(trigger.getConditions()); + //Inputs + assertInputs(trigger.getInputs()); + //Outputs + assertOutputs(trigger.getOutputs()); + + assertProperties(trigger.getProperties()); + } + + private void assertOutputs(List outputs) { + OutputType outputType = outputs.get(0); + //Source + assertResourceReference(outputType.getSource()); + //Target + assertResourceReference(outputType.getTarget()); + assertOutputData(outputType); + + assertProperties(outputType.getProperties()); + } + + private void assertOutputData(OutputType outputType) { + if (outputType.getResource() != null) { + assertNull(outputType.getData()); + assertNull(outputType.getEnvironmentVars()); + } + else if (outputType.getData() != null) { + assertNull(outputType.getResource()); + assertNull(outputType.getEnvironmentVars()); + } + else if (outputType.getEnvironmentVars() != null) { + assertNull(outputType.getResource()); + assertNull(outputType.getData()); + } + else { + assertNull(outputType.getResource()); + assertNull(outputType.getData()); + assertNull(outputType.getEnvironmentVars()); + } + } + + private void assertInputs(List inputs) { + InputType inputType = inputs.get(0); + //Source + assertResourceReference(inputType.getSource()); + //Target + assertResourceReference(inputType.getTarget()); + assertInputData(inputType); + + assertProperties(inputType.getProperties()); + } + + private void assertInputData(InputType inputType) { + if (inputType.getResource() != null) { + assertNull(inputType.getParameters()); + assertNull(inputType.getData()); + assertNull(inputType.getEnvironmentVars()); + } + else if (inputType.getParameters() != null) { + assertNull(inputType.getResource()); + assertNull(inputType.getData()); + assertNull(inputType.getEnvironmentVars()); + } + else if (inputType.getData() != null) { + assertNull(inputType.getResource()); + assertNull(inputType.getParameters()); + assertNull(inputType.getEnvironmentVars()); + } + else if (inputType.getEnvironmentVars() != null) { + assertNull(inputType.getResource()); + assertNull(inputType.getParameters()); + assertNull(inputType.getData()); + } + else { + assertNull(inputType.getResource()); + assertNull(inputType.getParameters()); + assertNull(inputType.getData()); + assertNull(inputType.getEnvironmentVars()); + } } + private void assertConditions(List conditions) { + assertEquals(conditions.size(), 1); + + Condition condition = conditions.get(0); + + assertNotNull(condition.getDescription()); + assertNotNull(condition.getExpression()); + + assertProperties(condition.getProperties()); + } + + private void assertEvent(Event event) { + assertNotNull(event); + + assertNotNull(event.getUid()); + assertNotNull(event.getDescription()); + assertNotNull(event.getTimeReceived()); + assertNotNull(event.getData()); + + //Source + assertResourceReference(event.getSource()); + //Target + assertResourceReference(event.getTarget()); + + assertProperties(event.getProperties()); + } + + private void assertResourceReference(ResourceReferenceChoice resourceReferenceChoice) { + if (resourceReferenceChoice != null) { + + if (resourceReferenceChoice.getExternalReference() != null) { + assertNull(resourceReferenceChoice.getRef()); + } + else { + assertNull(resourceReferenceChoice.getExternalReference()); + } + } + } + + private void assertTasks(List tasks) { + assertEquals(tasks.size(), 1); + + Task task = tasks.get(0); + assertNotNull(task.getBomRef()); + assertNotNull(task.getUid()); + assertNotNull(task.getName()); + assertNotNull(task.getDescription()); + assertNotNull(task.getResourceReferences()); + assertNotNull(task.getTaskTypes()); + } + + private void assertSteps(List steps) { + assertEquals(steps.size(), 1); + + Step step = steps.get(0); + assertNotNull(step.getName()); + assertNotNull(step.getDescription()); + assertCommands(step.getCommands()); + assertProperties(step.getProperties()); + } + + private void assertCommands(List commands) { + assertEquals(commands.size(), 1); + + Command command = commands.get(0); + assertNotNull(command.getExecuted()); + assertProperties(command.getProperties()); + } + + private void assertProperties(List properties) { + if (properties != null) { + assertEquals(properties.size(), 1); + + Property property = properties.get(0); + assertNotNull(property.getName()); + assertNotNull(property.getValue()); + } + } private void assertAnnotations(final Bom bom, final Version version) { - if(version== Version.VERSION_15) { + if (version == Version.VERSION_15) { List annotations = bom.getAnnotations(); assertEquals(annotations.size(), 1); @@ -401,7 +668,8 @@ private void assertAnnotations(final Bom bom, final Version version) { assertEquals(annotation.getSubjects().size(), 1); assertAnnotator(annotation.getAnnotator()); - } else { + } + else { assertNull(bom.getAnnotations()); } } diff --git a/src/test/java/org/cyclonedx/parsers/XmlParserTest.java b/src/test/java/org/cyclonedx/parsers/XmlParserTest.java index 50ee05526..50a674530 100644 --- a/src/test/java/org/cyclonedx/parsers/XmlParserTest.java +++ b/src/test/java/org/cyclonedx/parsers/XmlParserTest.java @@ -37,11 +37,25 @@ import org.cyclonedx.model.OrganizationalEntity; import org.cyclonedx.model.OrganizationalChoice; import org.cyclonedx.model.Pedigree; +import org.cyclonedx.model.Property; import org.cyclonedx.model.ReleaseNotes; import org.cyclonedx.model.ReleaseNotes.Notes; import org.cyclonedx.model.ReleaseNotes.Resolves; import org.cyclonedx.model.Service; import org.cyclonedx.model.ServiceData; +import org.cyclonedx.model.formulation.Formula; +import org.cyclonedx.model.formulation.Workflow; +import org.cyclonedx.model.formulation.common.InputType; +import org.cyclonedx.model.formulation.common.OutputType; +import org.cyclonedx.model.formulation.common.ResourceReferenceChoice; +import org.cyclonedx.model.formulation.task.Command; +import org.cyclonedx.model.formulation.task.Step; +import org.cyclonedx.model.formulation.task.Task; +import org.cyclonedx.model.formulation.trigger.Condition; +import org.cyclonedx.model.formulation.trigger.Event; +import org.cyclonedx.model.formulation.trigger.Trigger; +import org.cyclonedx.model.formulation.workspace.Volume; +import org.cyclonedx.model.formulation.workspace.Workspace; import org.cyclonedx.model.vulnerability.Vulnerability; import org.cyclonedx.model.vulnerability.Vulnerability.Analysis.Justification; import org.cyclonedx.model.vulnerability.Vulnerability.Analysis.State; @@ -509,11 +523,264 @@ public void testParsedObjects15Bom() throws Exception { //Assert Annotations assertAnnotations(bom, Version.VERSION_15); + //Assert Formulation + assertFormulation(bom, Version.VERSION_15); + } + + private void assertFormulation(final Bom bom, final Version version) { + if(version== Version.VERSION_15) { + List formulas = bom.getFormulation(); + + assertEquals(1, formulas.size()); + + Formula formula = formulas.get(0); + assertNotNull(formula.getBomRef()); + assertNotNull(formula.getComponents()); + assertNull(formula.getServices()); + assertNull(formula.getProperties()); + assertWorkflows(formula.getWorkflows()); + } else { + assertNull(bom.getFormulation()); + } + } + private void assertWorkflows(List workflows) { + assertEquals(workflows.size(), 1); + + Workflow workflow = workflows.get(0); + assertNotNull(workflow.getBomRef()); + assertNotNull(workflow.getUid()); + assertNotNull(workflow.getName()); + assertNotNull(workflow.getDescription()); + assertNotNull(workflow.getResourceReferences()); + + assertNotNull(workflow.getTimeEnd()); + assertNotNull(workflow.getTimeStart()); + assertNotNull(workflow.getRuntimeTopology()); + assertNotNull(workflow.getTaskDependencies()); + + assertTasks(workflow.getTasks()); + assertSteps(workflow.getSteps()); + assertTrigger(workflow.getTrigger()); + assertInputs(workflow.getInputs()); + assertOutputs(workflow.getOutputs()); + assertProperties(workflow.getProperties()); + assertWorkspaces(workflow.getWorkspaces()); + } + + private void assertWorkspaces(List workspaces) { + assertEquals(workspaces.size(), 1); + assertNotNull(workspaces); + + Workspace workspace = workspaces.get(0); + assertNotNull(workspace.getBomRef()); + assertNotNull(workspace.getUid()); + assertNotNull(workspace.getName()); + assertNotNull(workspace.getDescription()); + assertNotNull(workspace.getResourceReferences()); + + + assertNotNull(workspace.getAccessMode()); + assertNotNull(workspace.getMountPath()); + assertNotNull(workspace.getManagedDataType()); + assertNotNull(workspace.getVolumeRequest()); + + assertVolume(workspace.getVolume()); + + //assertProperties(workspace.getProperties()); + } + + private void assertVolume(Volume volume) { + assertNotNull(volume); + + assertNotNull(volume.getUid()); + assertNotNull(volume.getName()); + assertNotNull(volume.getMode()); + assertNotNull(volume.getPath()); + assertNotNull(volume.getSizeAllocated()); + assertNotNull(volume.getPersistent()); + assertNotNull(volume.getRemote()); + + assertProperties(volume.getProperties()); + } + + private void assertTrigger(Trigger trigger) { + assertNotNull(trigger); + + assertNotNull(trigger.getBomRef()); + assertNotNull(trigger.getUid()); + assertNotNull(trigger.getName()); + assertNotNull(trigger.getDescription()); + assertNotNull(trigger.getResourceReferences()); + assertNotNull(trigger.getType()); + assertNotNull(trigger.getTimeActivated()); + + //Event + assertEvent(trigger.getEvent()); + //Conditions + assertConditions(trigger.getConditions()); + //Inputs + assertInputs(trigger.getInputs()); + //Outputs + assertOutputs(trigger.getOutputs()); + + assertProperties(trigger.getProperties()); + } + + private void assertOutputs(List outputs){ + assertNotNull(outputs.size()); + + OutputType outputType = outputs.get(0); + //Source + assertResourceReference(outputType.getSource()); + //Target + assertResourceReference(outputType.getTarget()); + assertOutputData(outputType); + + assertProperties(outputType.getProperties()); + } + + private void assertOutputData(OutputType outputType) { + if (outputType.getResource() != null) { + assertNull(outputType.getData()); + assertNull(outputType.getEnvironmentVars()); + } + else if (outputType.getData() != null) { + assertNull(outputType.getResource()); + assertNull(outputType.getEnvironmentVars()); + } + else if (outputType.getEnvironmentVars() != null) { + assertNull(outputType.getResource()); + assertNull(outputType.getData()); + } + else { + assertNull(outputType.getResource()); + assertNull(outputType.getData()); + assertNull(outputType.getEnvironmentVars()); + } + } + + private void assertInputs(List inputs){ + assertNotNull(inputs.size()); + + InputType inputType = inputs.get(0); + //Source + assertResourceReference(inputType.getSource()); + //Target + assertResourceReference(inputType.getTarget()); + assertInputData(inputType); + + assertProperties(inputType.getProperties()); + } + + private void assertInputData(InputType inputType) { + if (inputType.getResource() != null) { + assertNull(inputType.getParameters()); + assertNull(inputType.getData()); + assertNull(inputType.getEnvironmentVars()); + } + else if (inputType.getParameters() != null) { + assertNull(inputType.getResource()); + assertNull(inputType.getData()); + assertNull(inputType.getEnvironmentVars()); + } + else if (inputType.getData() != null) { + assertNull(inputType.getResource()); + assertNull(inputType.getParameters()); + assertNull(inputType.getEnvironmentVars()); + } + else if (inputType.getEnvironmentVars() != null) { + assertNull(inputType.getResource()); + assertNull(inputType.getParameters()); + assertNull(inputType.getData()); + } + else { + assertNull(inputType.getResource()); + assertNull(inputType.getParameters()); + assertNull(inputType.getData()); + assertNull(inputType.getEnvironmentVars()); + } + } + + private void assertConditions(List conditions) { + assertEquals(conditions.size(), 1); + + Condition condition = conditions.get(0); + + assertNotNull(condition.getDescription()); + assertNotNull(condition.getExpression()); + + assertProperties(condition.getProperties()); + } + + private void assertEvent(Event event) { + assertNotNull(event); + + assertNotNull(event.getUid()); + assertNotNull(event.getDescription()); + assertNotNull(event.getTimeReceived()); + assertNotNull(event.getData()); + + //Source + assertResourceReference(event.getSource()); + //Target + assertResourceReference(event.getTarget()); + + assertProperties(event.getProperties()); + } + + private void assertResourceReference(ResourceReferenceChoice resourceReferenceChoice) { + if (resourceReferenceChoice != null) { + + if (resourceReferenceChoice.getExternalReference() != null) { + assertNull(resourceReferenceChoice.getRef()); + } + else { + assertNull(resourceReferenceChoice.getExternalReference()); + } + } + } + + private void assertTasks(List tasks){ + assertEquals(tasks.size(), 1); + + Task task = tasks.get(0); + assertNotNull(task.getBomRef()); + assertNotNull(task.getUid()); + assertNotNull(task.getName()); + assertNotNull(task.getDescription()); + assertNotNull(task.getResourceReferences()); + assertNotNull(task.getTaskTypes()); + } + + private void assertSteps(List steps){ + assertEquals(steps.size(), 1); + + Step step = steps.get(0); + assertNotNull(step.getName()); + assertNotNull(step.getDescription()); + assertCommands(step.getCommands()); + assertProperties(step.getProperties()); + } + + private void assertCommands(List commands){ + assertEquals(commands.size(), 1); + + Command command = commands.get(0); + assertNotNull(command.getExecuted()); + assertProperties(command.getProperties()); + } + + private void assertProperties(List properties) { + if (properties != null) { + Property property = properties.get(0); + assertNotNull(property.getName()); + assertNotNull(property.getValue()); + } } private void assertAnnotations(final Bom bom, final Version version) { - if(version== Version.VERSION_15) { + if (version == Version.VERSION_15) { List annotations = bom.getAnnotations(); assertEquals(annotations.size(), 1); diff --git a/src/test/resources/1.5/valid-formulation-1.5.json b/src/test/resources/1.5/valid-formulation-1.5.json index 9f9490a1e..703f80531 100644 --- a/src/test/resources/1.5/valid-formulation-1.5.json +++ b/src/test/resources/1.5/valid-formulation-1.5.json @@ -291,4 +291,4 @@ ] } ] -} +} \ No newline at end of file diff --git a/src/test/resources/1.5/valid-formulation-1.5.xml b/src/test/resources/1.5/valid-formulation-1.5.xml index 8492e4b42..1df9e1d4d 100644 --- a/src/test/resources/1.5/valid-formulation-1.5.xml +++ b/src/test/resources/1.5/valid-formulation-1.5.xml @@ -248,4 +248,4 @@ - + \ No newline at end of file diff --git a/src/test/resources/bom-1.5.json b/src/test/resources/bom-1.5.json index 554961e26..a3d408d9c 100644 --- a/src/test/resources/bom-1.5.json +++ b/src/test/resources/bom-1.5.json @@ -580,5 +580,284 @@ "timestamp": "2022-01-01T00:00:00Z", "text": "This is a sample annotation made by an organization" } + ], + "formulation": [ + { + "bom-ref": "formula-1", + "components": [ + { + "bom-ref": "component-1", + "type": "platform", + "name": "Pipeline controller image", + "version": "v0.47.0" + } + ], + "workflows": [ + { + "bom-ref": "workflow-1", + "uid": "8edb2b08-e2c7-11ed-b5ea-0242ac120002", + "name": "My workflow", + "description": "Workflow description here", + "resourceReferences": [ + { + "ref": "component-a" + } + ], + "tasks": [ + { + "bom-ref": "task-1", + "uid": "task-uid-1", + "name": "fetch-repository", + "description": "Description here", + "resourceReferences": [ + { + "ref": "component-a" + } + ], + "taskTypes": [ "clone", "build" ], + "trigger": { + "bom-ref": "trigger-1", + "uid": "trigger-1", + "type": "api" + }, + "steps": [ + { + "name": "My step" + } + ], + "inputs": [ + { + "resource": { + "ref": "component-a" + } + } + ], + "outputs": [ + { + "resource": { + "ref": "component-b" + } + } + ], + "timeStart": "2023-01-01T00:00:00+00:00", + "timeEnd": "2023-01-01T00:00:00+00:00", + "workspaces": [ + { + "bom-ref": "workspace-1", + "uid": "workspace-uid-1", + "name": "workspace" + } + ], + "runtimeTopology": [ + { + "ref": "task-1", + "dependsOn": [ "task-2" ] + } + ] + } + ], + "taskDependencies": [ + { + "ref": "task-1", + "dependsOn": ["task-2"] + } + ], + "taskTypes": [ "clone", "build" ], + "trigger": { + "bom-ref": "trigger-2", + "uid": "trigger-uid-2", + "name": "My trigger", + "description": "Description here", + "resourceReferences": [ + { + "ref": "component-a" + } + ], + "type": "api", + "event": { + "uid": "event-1", + "description": "Description here", + "timeReceived": "2023-01-01T00:00:00+00:00", + "data": { + "contentType": "text/plain", + "content": "Foo/Bar" + }, + "source": { + "ref": "component-g" + }, + "target": { + "ref": "component-h" + }, + "properties": [ + { + "name": "Foo", + "value": "Bar" + } + ] + }, + "conditions": [ + { + "description": "Description here", + "expression": "1 == 1", + "properties": [ + { + "name": "Foo", + "value": "Bar" + } + ] + } + ], + "timeActivated": "2023-01-01T00:00:00+00:00", + "inputs": [ + { + "resource": { + "ref": "component-10" + }, + "source": { + "ref": "component-11" + }, + "target": { + "ref": "component-12" + } + } + ], + "outputs": [ + { + "resource": { + "ref": "component-14" + }, + "type": "artifact", + "source": { + "ref": "component-15" + }, + "target": { + "ref": "component-16" + } + } + ], + "properties": [ + { + "name": "Foo", + "value": "Bar" + } + ] + }, + "steps": [ + { + "name": "My step", + "description": "Description here", + "commands": [ + { + "executed": "ls -las", + "properties": [ + { + "name": "Foo", + "value": "Bar" + } + ] + } + ], + "properties": [ + { + "name": "Foo", + "value": "Bar" + } + ] + } + ], + "inputs": [ + { + "environmentVars": [ + { + "name": "Foo", + "value": "Bar" + } + ] + }, + { + "environmentVars": [ + "FooBar" + ] + }, + { + "environmentVars": [ + { + "name": "Foo", + "value": "Bar" + }, + "FooBar" + ] + } + ], + "outputs": [ + { + "environmentVars": [ + { + "name": "Foo", + "value": "Bar" + } + ] + }, + { + "environmentVars": [ + "FooBar" + ] + }, + { + "environmentVars": [ + { + "name": "Foo", + "value": "Bar" + }, + "FooBar" + ] + } + ], + "timeStart": "2023-01-01T00:00:00+00:00", + "timeEnd": "2023-01-01T00:00:00+10:00", + "workspaces": [ + { + "bom-ref": "workspace-1", + "uid": "workspace-1", + "name": "My workspace", + "aliases": [ "default-workspace" ], + "description": "Description here", + "resourceReferences": [ + { + "ref": "component-t" + } + ], + "accessMode": "read-write", + "mountPath": "/tmp/workspace", + "managedDataType": "ConfigMap", + "volumeRequest": "requestedVolumeClaim", + "volume": { + "uid": "volume-1", + "name": "My volume", + "mode": "filesystem", + "path": "/", + "sizeAllocated": "10GB", + "persistent": true, + "remote": false + } + } + ], + "runtimeTopology": [ + { + "ref": "component-s", + "dependsOn": [ + "component-r" + ] + } + ], + "properties": [ + { + "name": "Foo", + "value": "Bar" + } + ] + } + ] + } ] } diff --git a/src/test/resources/bom-1.5.xml b/src/test/resources/bom-1.5.xml index 4e651e9a5..67cb0fa2d 100644 --- a/src/test/resources/bom-1.5.xml +++ b/src/test/resources/bom-1.5.xml @@ -444,4 +444,232 @@ This is a sample annotation made by an organization + + + + + Pipeline controller image + v0.47.0 + + + + + 8edb2b08-e2c7-11ed-b5ea-0242ac120002 + My workflow + Workflow description here + + + component-a + + + + + task-uid-1 + fetch-repository + Description here + + + component-a + + + + clone + build + + + trigger-1 + api + + + + My step + + + + + + component-a + + + + + + + component-b + + + + 2023-01-01T00:00:00+00:00 + 2023-01-01T00:00:00+00:00 + + + workspace-uid-1 + workspace + + + + + + + + + + + + + + + + clean + build + + + trigger-uid-1 + My trigger + Description here + + + component-a + + + api + + event-1 + Description here + 2023-01-01T00:00:00+00:00 + FooBar + + component-g + + + component-h + + + Bar + + + + + Description here + 1 == 1 + + Bar + + + + 2023-01-01T00:00:00+00:00 + + + + component-10 + + + component-11 + + + component-12 + + + + + + + component-14 + + artifact + + component-15 + + + component-16 + + + + + Bar + + + + + My step + Description here + + + ls -las + + Bar + + + + + Bar + + + + + + + Bar + + + + + FooBar + + + + + + + Bar + + + + + FooBar + + + + 2023-01-01T00:00:00+00:00 + 2023-01-01T00:00:00+00:00 + + + workspace-1 + My workspace + + default-workspace + + Description here + + + component-t + + + read-write + /tmp/workspace + ConfigMap + requestedVolumeClaim + + volume-1 + My volume + filesystem + / + 10GB + true + false + + + + + + + + + + Bar + + + + + From 1cde15848c94a6ba3fe669ff03b9294c331833e4 Mon Sep 17 00:00:00 2001 From: Alexander Alzate Date: Fri, 14 Jul 2023 18:11:24 -0500 Subject: [PATCH 33/40] 1.5 support additional compositions identity (#312) --- .../java/org/cyclonedx/model/Composition.java | 43 +++++++++++++++++-- .../org/cyclonedx/parsers/JsonParserTest.java | 27 +++++++++++- .../org/cyclonedx/parsers/XmlParserTest.java | 25 +++++++++++ .../resources/1.5/valid-compositions-1.5.json | 18 +++++++- .../resources/1.5/valid-compositions-1.5.xml | 16 ++++++- src/test/resources/bom-1.4.json | 6 +++ src/test/resources/bom-1.4.xml | 6 +++ src/test/resources/bom-1.5.json | 6 +++ src/test/resources/bom-1.5.xml | 6 +++ 9 files changed, 147 insertions(+), 6 deletions(-) diff --git a/src/main/java/org/cyclonedx/model/Composition.java b/src/main/java/org/cyclonedx/model/Composition.java index d2ff427e8..4fa8156ac 100644 --- a/src/main/java/org/cyclonedx/model/Composition.java +++ b/src/main/java/org/cyclonedx/model/Composition.java @@ -20,6 +20,7 @@ import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonInclude.Include; import com.fasterxml.jackson.annotation.JsonProperty; import com.fasterxml.jackson.annotation.JsonPropertyOrder; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; @@ -28,10 +29,9 @@ import java.util.ArrayList; import java.util.List; -@SuppressWarnings("unused") @JsonIgnoreProperties(ignoreUnknown = true) -@JsonInclude(JsonInclude.Include.NON_EMPTY) -@JsonPropertyOrder({"aggregate", "assemblies", "dependencies"}) +@JsonInclude(Include.NON_EMPTY) +@JsonPropertyOrder({"aggregate", "assemblies", "dependencies", "vulnerabilities"}) public class Composition { public enum Aggregate { @@ -41,8 +41,16 @@ public enum Aggregate { INCOMPLETE("incomplete"), @JsonProperty("incomplete_first_party_only") INCOMPLETE_FIRST_PARTY_ONLY("incomplete_first_party_only"), + @JsonProperty("incomplete_first_party_proprietary_only") + INCOMPLETE_FIRST_PARTY_PROPRIETARY_ONLY("incomplete_first_party_proprietary_only"), + @JsonProperty("incomplete_first_party_opensource_only") + INCOMPLETE_FIRST_PARTY_OPENSOURCE_ONLY("incomplete_first_party_opensource_only"), @JsonProperty("incomplete_third_party_only") INCOMPLETE_THIRD_PARTY_ONLY("incomplete_third_party_only"), + @JsonProperty("incomplete_third_party_proprietary_only") + INCOMPLETE_THIRD_PARTY_PROPRIETARY_ONLY("incomplete_third_party_proprietary_only"), + @JsonProperty("incomplete_third_party_opensource_only") + INCOMPLETE_THIRD_PARTY_OPENSOURCE_ONLY("incomplete_third_party_opensource_only"), @JsonProperty("unknown") UNKNOWN("unknown"), @JsonProperty("not_specified") @@ -59,10 +67,26 @@ public String getAggregateName() { } } + @JacksonXmlProperty(isAttribute = true, localName = "bom-ref") + @JsonProperty("bom-ref") + @VersionFilter(versions = {"1.0", "1.1", "1.2", "1.3", "1.4"}) + private String bomRef; + private Aggregate aggregate; private List assemblies; private List dependencies; + @VersionFilter(versions = {"1.0", "1.1", "1.2", "1.3", "1.4"}) + private List vulnerabilities; + + public String getBomRef() { + return bomRef; + } + + public void setBomRef(String bomRef) { + this.bomRef = bomRef; + } + public Aggregate getAggregate() { return aggregate; } @@ -104,4 +128,17 @@ public void addDependency(BomReference dependency) { } dependencies.add(dependency); } + + @JacksonXmlElementWrapper(localName = "vulnerabilities") + @JacksonXmlProperty(localName = "vulnerability") + public List getVulnerabilities() { return vulnerabilities; } + + public void setVulnerabilities(List vulnerabilities) { this.vulnerabilities = vulnerabilities; } + + public void addVulnerability(BomReference vulnerability) { + if (vulnerabilities == null) { + vulnerabilities = new ArrayList<>(); + } + vulnerabilities.add(vulnerability); + } } diff --git a/src/test/java/org/cyclonedx/parsers/JsonParserTest.java b/src/test/java/org/cyclonedx/parsers/JsonParserTest.java index 778d18813..9b8cc3417 100644 --- a/src/test/java/org/cyclonedx/parsers/JsonParserTest.java +++ b/src/test/java/org/cyclonedx/parsers/JsonParserTest.java @@ -25,6 +25,8 @@ import org.cyclonedx.model.Annotator; import org.cyclonedx.model.Bom; import org.cyclonedx.model.Component; +import org.cyclonedx.model.Composition; +import org.cyclonedx.model.Composition.Aggregate; import org.cyclonedx.model.Dependency; import org.cyclonedx.model.ExternalReference; import org.cyclonedx.model.License; @@ -358,6 +360,7 @@ public void testParsedObjects14Bom() throws Exception { assertMetadata(bom.getMetadata(), Version.VERSION_14); assertComponent(bom, Version.VERSION_14); assertServices(bom); + assertCompositions(bom, Version.VERSION_14); assertVulnerabilities(bom, Version.VERSION_14); // Dependencies @@ -388,6 +391,7 @@ public void testParsedObjects15Bom() throws Exception { assertMetadata(bom.getMetadata(), Version.VERSION_15); assertComponent(bom, Version.VERSION_15); assertServices(bom); + assertCompositions(bom, Version.VERSION_15); assertVulnerabilities(bom, Version.VERSION_15); // Dependencies @@ -685,7 +689,28 @@ private void assertAnnotator(final Annotator annotator) { assertEquals(annotator.getOrganization().getContacts().size(), 1); assertEquals(annotator.getOrganization().getUrls().size(), 1); } - + + private void assertCompositions(final Bom bom, final Version version) { + final List compositions = bom.getCompositions(); + assertEquals(3, compositions.size()); + Composition composition = compositions.get(0); + + assertEquals(composition.getAggregate(), Aggregate.COMPLETE); + assertNotNull(composition.getAssemblies()); + assertNotNull(composition.getDependencies()); + + //Assert Vulnerability Rejected + if (version == Version.VERSION_15) { + composition = compositions.get(2); + assertNotNull(composition.getVulnerabilities()); + assertEquals("6eee14da-8f42-4cc4-bb65-203235f02415", composition.getVulnerabilities().get(0).getRef()); + } + else { + assertNull(composition.getVulnerabilities()); + assertNull(composition.getBomRef()); + } + } + private void assertVulnerabilities(final Bom bom, final Version version) { final List vulnerabilities = bom.getVulnerabilities(); assertEquals(1, vulnerabilities.size()); diff --git a/src/test/java/org/cyclonedx/parsers/XmlParserTest.java b/src/test/java/org/cyclonedx/parsers/XmlParserTest.java index 50a674530..718ab87de 100644 --- a/src/test/java/org/cyclonedx/parsers/XmlParserTest.java +++ b/src/test/java/org/cyclonedx/parsers/XmlParserTest.java @@ -25,6 +25,8 @@ import org.cyclonedx.model.Annotator; import org.cyclonedx.model.Bom; import org.cyclonedx.model.Component; +import org.cyclonedx.model.Composition; +import org.cyclonedx.model.Composition.Aggregate; import org.cyclonedx.model.Dependency; import org.cyclonedx.model.ExternalReference; import org.cyclonedx.model.License; @@ -483,6 +485,7 @@ public void testParsedObjects14Bom() throws Exception { assertMetadata(bom.getMetadata(), Version.VERSION_14); assertComponent(bom, Version.VERSION_14); assertServices(bom); + assertCompositions(bom, Version.VERSION_14); assertVulnerabilities(bom, Version.VERSION_14); // Dependencies @@ -510,6 +513,7 @@ public void testParsedObjects15Bom() throws Exception { assertMetadata(bom.getMetadata(), Version.VERSION_15); assertComponent(bom, Version.VERSION_15); assertServices(bom); + assertCompositions(bom, Version.VERSION_15); assertVulnerabilities(bom, Version.VERSION_15); // Dependencies @@ -778,6 +782,27 @@ private void assertProperties(List properties) { } } + private void assertCompositions(final Bom bom, final Version version) { + final List compositions = bom.getCompositions(); + assertEquals(3, compositions.size()); + Composition composition = compositions.get(0); + + assertEquals(composition.getAggregate(), Aggregate.COMPLETE); + assertNotNull(composition.getAssemblies()); + assertNotNull(composition.getDependencies()); + + //Assert Vulnerability Rejected + if (version == Version.VERSION_15) { + composition = compositions.get(2); + assertNotNull(composition.getVulnerabilities()); + assertEquals("6eee14da-8f42-4cc4-bb65-203235f02415", composition.getVulnerabilities().get(0).getRef()); + } + else { + assertNull(composition.getVulnerabilities()); + assertNull(composition.getBomRef()); + } + } + private void assertAnnotations(final Bom bom, final Version version) { if (version == Version.VERSION_15) { diff --git a/src/test/resources/1.5/valid-compositions-1.5.json b/src/test/resources/1.5/valid-compositions-1.5.json index 551834e03..01cccb284 100644 --- a/src/test/resources/1.5/valid-compositions-1.5.json +++ b/src/test/resources/1.5/valid-compositions-1.5.json @@ -44,8 +44,18 @@ ] } ], + "vulnerabilities": [ + { + "bom-ref": "vulnerability-1", + "id": "ACME-12345", + "source": { + "name": "Acme Inc" + } + } + ], "compositions": [ { + "bom-ref": "composition-1", "aggregate": "complete", "assemblies": [ "pkg:maven/partner/shaded-library@1.0" @@ -59,6 +69,12 @@ "assemblies": [ "pkg:maven/acme/library@3.0" ] + }, + { + "aggregate": "incomplete_first_party_only", + "vulnerabilities": [ + "vulnerability-1" + ] } ] -} +} \ No newline at end of file diff --git a/src/test/resources/1.5/valid-compositions-1.5.xml b/src/test/resources/1.5/valid-compositions-1.5.xml index 82c16c553..992048784 100644 --- a/src/test/resources/1.5/valid-compositions-1.5.xml +++ b/src/test/resources/1.5/valid-compositions-1.5.xml @@ -32,7 +32,7 @@ - + complete @@ -47,5 +47,19 @@ + + incomplete_first_party_only + + + + + + + ACME-12345 + + Acme Inc + + + diff --git a/src/test/resources/bom-1.4.json b/src/test/resources/bom-1.4.json index 7857f464f..c4e81fe96 100644 --- a/src/test/resources/bom-1.4.json +++ b/src/test/resources/bom-1.4.json @@ -296,6 +296,12 @@ "assemblies": [ "pkg:maven/acme/library@3.0" ] + }, + { + "aggregate": "unknown", + "assemblies": [ + "pkg:maven/acme/library@3.1" + ] } ], "vulnerabilities": [ diff --git a/src/test/resources/bom-1.4.xml b/src/test/resources/bom-1.4.xml index 0fe4b725b..fb42c2cef 100644 --- a/src/test/resources/bom-1.4.xml +++ b/src/test/resources/bom-1.4.xml @@ -187,6 +187,12 @@ + + unknown + + + + diff --git a/src/test/resources/bom-1.5.json b/src/test/resources/bom-1.5.json index a3d408d9c..5e81d28a4 100644 --- a/src/test/resources/bom-1.5.json +++ b/src/test/resources/bom-1.5.json @@ -429,6 +429,12 @@ "assemblies": [ "pkg:maven/acme/library@3.0" ] + }, + { + "aggregate": "incomplete_first_party_only", + "vulnerabilities": [ + "6eee14da-8f42-4cc4-bb65-203235f02415" + ] } ], "properties": [ diff --git a/src/test/resources/bom-1.5.xml b/src/test/resources/bom-1.5.xml index 67cb0fa2d..b5067e4bf 100644 --- a/src/test/resources/bom-1.5.xml +++ b/src/test/resources/bom-1.5.xml @@ -319,6 +319,12 @@ + + incomplete_first_party_only + + + + Bar From c437f757469acb55c23ed1262d0a31d7246270a2 Mon Sep 17 00:00:00 2001 From: Alex Alzate Date: Sat, 15 Jul 2023 12:21:14 -0500 Subject: [PATCH 34/40] Simplify tests --- .../cyclonedx/model/formulation/Formula.java | 1 - .../cyclonedx/model/formulation/Workflow.java | 2 +- .../model/formulation/task/Task.java | 4 - .../formulation/workspace/Workspace.java | 1 - .../EnvVariableChoiceDeserializer.java | 1 - .../deserializer/OutputTypeDeserializer.java | 2 - .../cyclonedx/parsers/AbstractParserTest.java | 835 ++++++++++++++++ .../org/cyclonedx/parsers/JsonParserTest.java | 925 +---------------- .../org/cyclonedx/parsers/XmlParserTest.java | 940 +----------------- src/test/resources/bom-1.2.json | 6 +- src/test/resources/bom-1.2.xml | 3 +- src/test/resources/bom-1.3.json | 6 +- src/test/resources/bom-1.3.xml | 3 +- src/test/resources/bom-1.4.json | 2 +- src/test/resources/bom-1.4.xml | 2 +- src/test/resources/bom-1.5.json | 4 +- src/test/resources/bom-1.5.xml | 2 +- 17 files changed, 928 insertions(+), 1811 deletions(-) create mode 100644 src/test/java/org/cyclonedx/parsers/AbstractParserTest.java diff --git a/src/main/java/org/cyclonedx/model/formulation/Formula.java b/src/main/java/org/cyclonedx/model/formulation/Formula.java index 8118f5e2d..0fde4cb11 100644 --- a/src/main/java/org/cyclonedx/model/formulation/Formula.java +++ b/src/main/java/org/cyclonedx/model/formulation/Formula.java @@ -27,7 +27,6 @@ import com.fasterxml.jackson.annotation.JsonPropertyOrder; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; -import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlRootElement; import org.cyclonedx.model.Component; import org.cyclonedx.model.ExtensibleElement; import org.cyclonedx.model.Property; diff --git a/src/main/java/org/cyclonedx/model/formulation/Workflow.java b/src/main/java/org/cyclonedx/model/formulation/Workflow.java index d010fd12d..6d5975264 100644 --- a/src/main/java/org/cyclonedx/model/formulation/Workflow.java +++ b/src/main/java/org/cyclonedx/model/formulation/Workflow.java @@ -7,8 +7,8 @@ import com.fasterxml.jackson.annotation.JsonPropertyOrder; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; -import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlRootElement; import org.cyclonedx.model.formulation.task.Task; + @JsonIgnoreProperties(ignoreUnknown = true) @JsonInclude(JsonInclude.Include.NON_EMPTY) @JsonPropertyOrder( diff --git a/src/main/java/org/cyclonedx/model/formulation/task/Task.java b/src/main/java/org/cyclonedx/model/formulation/task/Task.java index 28d5de26f..6b4e59c9e 100644 --- a/src/main/java/org/cyclonedx/model/formulation/task/Task.java +++ b/src/main/java/org/cyclonedx/model/formulation/task/Task.java @@ -1,12 +1,8 @@ package org.cyclonedx.model.formulation.task; -import java.util.List; - import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonInclude; import com.fasterxml.jackson.annotation.JsonPropertyOrder; -import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; -import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlRootElement; import org.cyclonedx.model.formulation.FormulationCommon; diff --git a/src/main/java/org/cyclonedx/model/formulation/workspace/Workspace.java b/src/main/java/org/cyclonedx/model/formulation/workspace/Workspace.java index 34bc33793..639965310 100644 --- a/src/main/java/org/cyclonedx/model/formulation/workspace/Workspace.java +++ b/src/main/java/org/cyclonedx/model/formulation/workspace/Workspace.java @@ -8,7 +8,6 @@ import com.fasterxml.jackson.annotation.JsonPropertyOrder; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; -import org.cyclonedx.model.ExtensibleElement; import org.cyclonedx.model.Property; import org.cyclonedx.model.formulation.common.BasicDataAbstract; import org.cyclonedx.model.formulation.common.ResourceReferenceChoice; diff --git a/src/main/java/org/cyclonedx/util/deserializer/EnvVariableChoiceDeserializer.java b/src/main/java/org/cyclonedx/util/deserializer/EnvVariableChoiceDeserializer.java index 888922bbb..d4ed8782e 100644 --- a/src/main/java/org/cyclonedx/util/deserializer/EnvVariableChoiceDeserializer.java +++ b/src/main/java/org/cyclonedx/util/deserializer/EnvVariableChoiceDeserializer.java @@ -24,7 +24,6 @@ import com.fasterxml.jackson.databind.DeserializationContext; import com.fasterxml.jackson.databind.JsonDeserializer; import com.fasterxml.jackson.databind.JsonNode; -import com.fasterxml.jackson.databind.ObjectMapper; import org.cyclonedx.model.Property; import org.cyclonedx.model.formulation.common.EnvVariableChoice; diff --git a/src/main/java/org/cyclonedx/util/deserializer/OutputTypeDeserializer.java b/src/main/java/org/cyclonedx/util/deserializer/OutputTypeDeserializer.java index 028fd2ce6..53a5f3264 100644 --- a/src/main/java/org/cyclonedx/util/deserializer/OutputTypeDeserializer.java +++ b/src/main/java/org/cyclonedx/util/deserializer/OutputTypeDeserializer.java @@ -32,8 +32,6 @@ import org.cyclonedx.model.AttachmentText; import org.cyclonedx.model.Property; import org.cyclonedx.model.formulation.common.EnvVariableChoice; -import org.cyclonedx.model.formulation.common.InputType; -import org.cyclonedx.model.formulation.common.InputType.Parameter; import org.cyclonedx.model.formulation.common.OutputType; import org.cyclonedx.model.formulation.common.OutputType.OutputTypeEnum; import org.cyclonedx.model.formulation.common.ResourceReferenceChoice; diff --git a/src/test/java/org/cyclonedx/parsers/AbstractParserTest.java b/src/test/java/org/cyclonedx/parsers/AbstractParserTest.java new file mode 100644 index 000000000..0caa01483 --- /dev/null +++ b/src/test/java/org/cyclonedx/parsers/AbstractParserTest.java @@ -0,0 +1,835 @@ +/* + * This file is part of CycloneDX Core (Java). + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * Copyright (c) OWASP Foundation. All Rights Reserved. + */ +package org.cyclonedx.parsers; + +import java.io.IOException; +import java.io.InputStream; +import java.util.List; +import java.util.Objects; + +import org.apache.commons.io.IOUtils; +import org.cyclonedx.CycloneDxSchema.Version; +import org.cyclonedx.exception.ParseException; +import org.cyclonedx.model.Annotation; +import org.cyclonedx.model.Annotator; +import org.cyclonedx.model.Bom; +import org.cyclonedx.model.Component; +import org.cyclonedx.model.Component.Type; +import org.cyclonedx.model.Composition; +import org.cyclonedx.model.Composition.Aggregate; +import org.cyclonedx.model.ExternalReference; +import org.cyclonedx.model.License; +import org.cyclonedx.model.LicenseChoice; +import org.cyclonedx.model.Licensing; +import org.cyclonedx.model.LifecycleChoice; +import org.cyclonedx.model.LifecycleChoice.Phase; +import org.cyclonedx.model.Metadata; +import org.cyclonedx.model.OrganizationalChoice; +import org.cyclonedx.model.OrganizationalContact; +import org.cyclonedx.model.OrganizationalEntity; +import org.cyclonedx.model.Property; +import org.cyclonedx.model.ReleaseNotes; +import org.cyclonedx.model.ReleaseNotes.Notes; +import org.cyclonedx.model.ReleaseNotes.Resolves; +import org.cyclonedx.model.Service; +import org.cyclonedx.model.ServiceData; +import org.cyclonedx.model.Tool; +import org.cyclonedx.model.formulation.Formula; +import org.cyclonedx.model.formulation.Workflow; +import org.cyclonedx.model.formulation.common.InputType; +import org.cyclonedx.model.formulation.common.OutputType; +import org.cyclonedx.model.formulation.common.ResourceReferenceChoice; +import org.cyclonedx.model.formulation.task.Command; +import org.cyclonedx.model.formulation.task.Step; +import org.cyclonedx.model.formulation.task.Task; +import org.cyclonedx.model.formulation.trigger.Condition; +import org.cyclonedx.model.formulation.trigger.Event; +import org.cyclonedx.model.formulation.trigger.Trigger; +import org.cyclonedx.model.formulation.workspace.Volume; +import org.cyclonedx.model.formulation.workspace.Workspace; +import org.cyclonedx.model.vulnerability.Vulnerability; +import org.cyclonedx.model.vulnerability.Vulnerability.Analysis.Justification; +import org.cyclonedx.model.vulnerability.Vulnerability.Analysis.State; +import org.cyclonedx.model.vulnerability.Vulnerability.Rating.Method; +import org.cyclonedx.model.vulnerability.Vulnerability.Rating.Severity; +import org.cyclonedx.model.vulnerability.Vulnerability.Version.Status; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertFalse; +import static org.junit.jupiter.api.Assertions.assertNotNull; +import static org.junit.jupiter.api.Assertions.assertNull; +import static org.junit.jupiter.api.Assertions.assertTrue; + +public class AbstractParserTest +{ + void assertBomProperties(Bom bom, String specVersion) { + assertEquals(3, bom.getComponents().size()); + assertEquals(specVersion, bom.getSpecVersion()); + assertEquals(1, bom.getVersion()); + assertNotNull(bom.getMetadata()); + assertNotNull(bom.getMetadata().getTimestamp()); + } + + void assertMetadata(Bom bom, Version version) { + assertBomProperties(bom, version.getVersionString()); + + // Assertions for bom.metadata.tools + assertToolsMetadata(bom.getMetadata().getTools().get(0) + ); + + // Assertions for bom.metadata.authors + assertAuthorMetadata(bom.getMetadata().getAuthors().get(0) + ); + + // Assertions for bom.metadata.component + assertComponentMetadata(bom.getMetadata().getComponent()); + + // Assertions for bom.metadata.manufacture + assertManufacturerMetadata(bom.getMetadata().getManufacture() + ); + + // Assertions for bom.metadata.supplier + assertSupplierMetadata(bom.getMetadata().getSupplier() + ); + } + + void assertToolsMetadata(Tool tool) + { + assertEquals("Awesome Vendor", tool.getVendor()); + assertEquals("Awesome Tool", tool.getName()); + assertEquals("9.1.2", tool.getVersion()); + assertEquals(2, tool.getHashes().size()); + assertEquals("SHA-1", tool.getHashes().get(0).getAlgorithm()); + assertEquals("25ed8e31b995bb927966616df2a42b979a2717f0", tool.getHashes().get(0).getValue()); + } + + void assertAuthorMetadata(OrganizationalContact author) { + assertEquals("Samantha Wright", author.getName()); + assertEquals("samantha.wright@example.com", author.getEmail()); + assertEquals("800-555-1212", author.getPhone()); + } + + void assertComponentMetadata(Component component) { + assertEquals("Acme Application", component.getName()); + assertEquals("9.1.1", component.getVersion()); + assertEquals(Type.APPLICATION, component.getType()); + assertNotNull(component.getSwid()); + assertEquals("Acme Application", component.getSwid().getName()); + assertEquals("9.1.1", component.getSwid().getVersion()); + assertEquals(0, component.getSwid().getTagVersion()); + assertFalse(component.getSwid().isPatch()); + } + + void assertManufacturerMetadata( + OrganizationalEntity manufacturer) + { + assertEquals("Acme, Inc.", manufacturer.getName()); + assertEquals("https://example.com", manufacturer.getUrls().get(0)); + assertEquals("Acme Professional Services", manufacturer.getContacts().get(0).getName()); + assertEquals("professional.services@example.com", manufacturer.getContacts().get(0).getEmail()); + } + + void assertSupplierMetadata( + OrganizationalEntity supplier) + { + assertEquals("Acme, Inc.", supplier.getName()); + assertEquals("https://example.com", supplier.getUrls().get(0)); + assertEquals("Acme Distribution", supplier.getContacts().get(0).getName()); + assertEquals("distribution@example.com", supplier.getContacts().get(0).getEmail()); + } + + void assertComponent( + Component component, + Type type, + String purl) + { + assertEquals("com.acme", component.getGroup()); + assertEquals("tomcat-catalina", component.getName()); + assertEquals("9.0.14", component.getVersion()); + assertEquals(type, component.getType()); + assertEquals(purl, component.getPurl()); + } + + void assertFormulation(final Bom bom, final Version version) { + if (version == Version.VERSION_15) { + List formulas = bom.getFormulation(); + + assertEquals(1, formulas.size()); + + Formula formula = formulas.get(0); + assertNotNull(formula.getBomRef()); + assertNotNull(formula.getComponents()); + assertNull(formula.getServices()); + assertNull(formula.getProperties()); + assertWorkflows(formula.getWorkflows()); + } + else { + assertNull(bom.getFormulation()); + } + } + + private void assertWorkflows(List workflows) { + assertEquals(workflows.size(), 1); + + Workflow workflow = workflows.get(0); + assertNotNull(workflow.getBomRef()); + assertNotNull(workflow.getUid()); + assertNotNull(workflow.getName()); + assertNotNull(workflow.getDescription()); + assertNotNull(workflow.getResourceReferences()); + + assertNotNull(workflow.getTimeEnd()); + assertNotNull(workflow.getTimeStart()); + assertNotNull(workflow.getRuntimeTopology()); + assertNotNull(workflow.getTaskDependencies()); + + assertTasks(workflow.getTasks()); + assertSteps(workflow.getSteps()); + assertTrigger(workflow.getTrigger()); + assertInputs(workflow.getInputs()); + assertOutputs(workflow.getOutputs()); + assertProperties(workflow.getProperties()); + assertWorkspaces(workflow.getWorkspaces()); + } + + private void assertWorkspaces(List workspaces) { + assertEquals(workspaces.size(), 1); + assertNotNull(workspaces); + + Workspace workspace = workspaces.get(0); + assertNotNull(workspace.getBomRef()); + assertNotNull(workspace.getUid()); + assertNotNull(workspace.getName()); + assertNotNull(workspace.getDescription()); + assertNotNull(workspace.getResourceReferences()); + + assertNotNull(workspace.getAccessMode()); + assertNotNull(workspace.getMountPath()); + assertNotNull(workspace.getManagedDataType()); + assertNotNull(workspace.getVolumeRequest()); + + assertVolume(workspace.getVolume()); + + assertProperties(workspace.getProperties()); + } + + private void assertVolume(Volume volume) { + assertNotNull(volume); + + assertNotNull(volume.getUid()); + assertNotNull(volume.getName()); + assertNotNull(volume.getMode()); + assertNotNull(volume.getPath()); + assertNotNull(volume.getSizeAllocated()); + assertNotNull(volume.getPersistent()); + assertNotNull(volume.getRemote()); + + assertProperties(volume.getProperties()); + } + + private void assertTrigger(Trigger trigger) { + assertNotNull(trigger); + + assertNotNull(trigger.getBomRef()); + assertNotNull(trigger.getUid()); + assertNotNull(trigger.getName()); + assertNotNull(trigger.getDescription()); + assertNotNull(trigger.getResourceReferences()); + assertNotNull(trigger.getType()); + assertNotNull(trigger.getTimeActivated()); + + //Event + assertEvent(trigger.getEvent()); + //Conditions + assertConditions(trigger.getConditions()); + //Inputs + assertInputs(trigger.getInputs()); + //Outputs + assertOutputs(trigger.getOutputs()); + + assertProperties(trigger.getProperties()); + } + + private void assertOutputs(List outputs) { + assertNotNull(outputs); + + OutputType outputType = outputs.get(0); + //Source + assertResourceReference(outputType.getSource()); + //Target + assertResourceReference(outputType.getTarget()); + assertOutputData(outputType); + + assertProperties(outputType.getProperties()); + } + + private void assertOutputData(OutputType outputType) { + if (outputType.getResource() != null) { + assertNull(outputType.getData()); + assertNull(outputType.getEnvironmentVars()); + } + else if (outputType.getData() != null) { + assertNull(outputType.getResource()); + assertNull(outputType.getEnvironmentVars()); + } + else if (outputType.getEnvironmentVars() != null) { + assertNull(outputType.getResource()); + assertNull(outputType.getData()); + } + else { + assertNull(outputType.getResource()); + assertNull(outputType.getData()); + assertNull(outputType.getEnvironmentVars()); + } + } + + private void assertInputs(List inputs) { + assertNotNull(inputs); + + InputType inputType = inputs.get(0); + //Source + assertResourceReference(inputType.getSource()); + //Target + assertResourceReference(inputType.getTarget()); + assertInputData(inputType); + + assertProperties(inputType.getProperties()); + } + + private void assertInputData(InputType inputType) { + if (inputType.getResource() != null) { + assertNull(inputType.getParameters()); + assertNull(inputType.getData()); + assertNull(inputType.getEnvironmentVars()); + } + else if (inputType.getParameters() != null) { + assertNull(inputType.getResource()); + assertNull(inputType.getData()); + assertNull(inputType.getEnvironmentVars()); + } + else if (inputType.getData() != null) { + assertNull(inputType.getResource()); + assertNull(inputType.getParameters()); + assertNull(inputType.getEnvironmentVars()); + } + else if (inputType.getEnvironmentVars() != null) { + assertNull(inputType.getResource()); + assertNull(inputType.getParameters()); + assertNull(inputType.getData()); + } + else { + assertNull(inputType.getResource()); + assertNull(inputType.getParameters()); + assertNull(inputType.getData()); + assertNull(inputType.getEnvironmentVars()); + } + } + + private void assertConditions(List conditions) { + assertEquals(conditions.size(), 1); + + Condition condition = conditions.get(0); + + assertNotNull(condition.getDescription()); + assertNotNull(condition.getExpression()); + + assertProperties(condition.getProperties()); + } + + private void assertEvent(Event event) { + assertNotNull(event); + + assertNotNull(event.getUid()); + assertNotNull(event.getDescription()); + assertNotNull(event.getTimeReceived()); + assertNotNull(event.getData()); + + //Source + assertResourceReference(event.getSource()); + //Target + assertResourceReference(event.getTarget()); + + assertProperties(event.getProperties()); + } + + private void assertResourceReference(ResourceReferenceChoice resourceReferenceChoice) { + if (resourceReferenceChoice != null) { + + if (resourceReferenceChoice.getExternalReference() != null) { + assertNull(resourceReferenceChoice.getRef()); + } + else { + assertNull(resourceReferenceChoice.getExternalReference()); + } + } + } + + private void assertTasks(List tasks) { + assertEquals(tasks.size(), 1); + + Task task = tasks.get(0); + assertNotNull(task.getBomRef()); + assertNotNull(task.getUid()); + assertNotNull(task.getName()); + assertNotNull(task.getDescription()); + assertNotNull(task.getResourceReferences()); + assertNotNull(task.getTaskTypes()); + } + + private void assertSteps(List steps) { + assertEquals(steps.size(), 1); + + Step step = steps.get(0); + assertNotNull(step.getName()); + assertNotNull(step.getDescription()); + assertCommands(step.getCommands()); + assertProperties(step.getProperties()); + } + + private void assertCommands(List commands) { + assertEquals(commands.size(), 1); + + Command command = commands.get(0); + assertNotNull(command.getExecuted()); + assertProperties(command.getProperties()); + } + + private void assertProperties(List properties) { + if (properties != null) { + Property property = properties.get(0); + assertNotNull(property.getName()); + assertNotNull(property.getValue()); + } + } + + void assertCompositions(final Bom bom, final Version version) { + final List compositions = bom.getCompositions(); + assertEquals(3, compositions.size()); + Composition composition = compositions.get(0); + + assertEquals(composition.getAggregate(), Aggregate.COMPLETE); + assertNotNull(composition.getAssemblies()); + assertNotNull(composition.getDependencies()); + + //Assert Vulnerability Rejected + if (version == Version.VERSION_15) { + composition = compositions.get(2); + assertNotNull(composition.getVulnerabilities()); + assertEquals("6eee14da-8f42-4cc4-bb65-203235f02415", composition.getVulnerabilities().get(0).getRef()); + } + else { + assertNull(composition.getVulnerabilities()); + assertNull(composition.getBomRef()); + } + } + + void assertAnnotations(final Bom bom, final Version version) { + + if (version == Version.VERSION_15) { + List annotations = bom.getAnnotations(); + + assertEquals(annotations.size(), 1); + + Annotation annotation = annotations.get(0); + assertNotNull(annotation.getBomRef()); + assertNotNull(annotation.getText()); + assertNotNull(annotation.getTimestamp()); + + assertEquals(annotation.getSubjects().size(), 1); + assertAnnotator(annotation.getAnnotator()); + } + else { + assertNull(bom.getAnnotations()); + } + } + + private void assertAnnotator(final Annotator annotator) { + assertNotNull(annotator); + assertNull(annotator.getIndividual()); + assertNull(annotator.getComponent()); + assertNull(annotator.getService()); + + assertNotNull(annotator.getOrganization()); + assertEquals(annotator.getOrganization().getName(), "Acme, Inc."); + assertEquals(annotator.getOrganization().getContacts().size(), 1); + assertEquals(annotator.getOrganization().getUrls().size(), 1); + } + + void assertVulnerabilities(final Bom bom, final Version version) { + final List vulnerabilities = bom.getVulnerabilities(); + assertEquals(1, vulnerabilities.size()); + Vulnerability vuln = vulnerabilities.get(0); + + assertEquals("6eee14da-8f42-4cc4-bb65-203235f02415", vuln.getBomRef()); + assertEquals("SONATYPE-2021123", vuln.getId()); + assertEquals("Description", vuln.getDescription()); + assertEquals("Detail", vuln.getDetail()); + assertEquals("Upgrade", vuln.getRecommendation()); + assertEquals(184, vuln.getCwes().get(0)); + assertNotNull(vuln.getCreated()); + assertNotNull(vuln.getPublished()); + assertNotNull(vuln.getUpdated()); + + //Assert Vulnerability Rejected + if (version != Version.VERSION_14) { + assertNotNull(vuln.getRejected()); + } + else { + assertNull(vuln.getRejected()); + } + + //Source + assertEquals("Sonatype", vuln.getSource().getName()); + assertEquals("https://www.vuln.com", vuln.getSource().getUrl()); + + //References + assertEquals(1, vuln.getReferences().size()); + assertEquals("CVE-2018-7489", vuln.getReferences().get(0).getId()); + assertEquals("NVD", vuln.getReferences().get(0).getSource().getName()); + assertEquals("https://nvd.nist.gov/vuln/detail/CVE-2019-9997", + vuln.getReferences().get(0).getSource().getUrl()); + + //Ratings + assertEquals(1, vuln.getRatings().size()); + assertEquals("NVD", vuln.getRatings().get(0).getSource().getName()); + assertEquals( + "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&version=3.0", + vuln.getRatings().get(0).getSource().getUrl()); + assertEquals(9.8, vuln.getRatings().get(0).getScore()); + assertEquals(Severity.CRITICAL, vuln.getRatings().get(0).getSeverity()); + assertEquals(Method.CVSSV3, vuln.getRatings().get(0).getMethod()); + assertEquals("AN/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", vuln.getRatings().get(0).getVector()); + assertEquals("An optional reason for rating the vulnerability as it was", + vuln.getRatings().get(0).getJustification()); + + //Advisories + assertEquals(1, vuln.getAdvisories().size()); + assertEquals("GitHub Commit", vuln.getAdvisories().get(0).getTitle()); + assertEquals("https://github.com/FasterXML/jackson-databind/commit/6799f8f10cc78e9af6d443ed6982d00a13f2e7d2", + vuln.getAdvisories().get(0).getUrl()); + + //Credits + assertEquals(1, vuln.getCredits().getIndividuals().size()); + assertEquals(1, vuln.getCredits().getOrganizations().size()); + + assertEquals("Jane Doe", vuln.getCredits().getIndividuals().get(0).getName()); + assertEquals("jane.doe@example.com", vuln.getCredits().getIndividuals().get(0).getEmail()); + + assertEquals("Acme, Inc.", vuln.getCredits().getOrganizations().get(0).getName()); + assertEquals("https://example.com", vuln.getCredits().getOrganizations().get(0).getUrls().get(0)); + + //Tools + assertEquals(1, vuln.getTools().size()); + assertEquals("Sonatype CLI", vuln.getTools().get(0).getName()); + assertEquals("Sonatype", vuln.getTools().get(0).getVendor()); + assertEquals("1.131", vuln.getTools().get(0).getVersion()); + assertEquals(1, vuln.getTools().get(0).getHashes().size()); + + //Analysis + assertEquals(State.NOT_AFFECTED, vuln.getAnalysis().getState()); + assertEquals(Justification.CODE_NOT_REACHABLE, vuln.getAnalysis().getJustification()); + assertEquals("An optional explanation of why the application is not affected by the vulnerable component.", + vuln.getAnalysis().getDetail()); + assertEquals("update", vuln.getAnalysis().getResponses().get(0).getResponseName()); + + //Vulnerability Analysis Timestamp 1.5 + if (version != Version.VERSION_14) { + assertNotNull(vuln.getAnalysis().getFirstIssued()); + assertNotNull(vuln.getAnalysis().getLastUpdated()); + } + else { + assertNull(vuln.getAnalysis().getFirstIssued()); + assertNull(vuln.getAnalysis().getLastUpdated()); + } + + //Affects + assertEquals(1, vuln.getAffects().size()); + assertEquals("pkg:maven/com.acme/jackson-databind@2.9.9", vuln.getAffects().get(0).getRef()); + + assertEquals("vers:semver/<2.6.7.5", vuln.getAffects().get(0).getVersions().get(0).getRange()); + assertEquals(Status.AFFECTED, vuln.getAffects().get(0).getVersions().get(0).getStatus()); + + assertEquals("2.9.9", vuln.getAffects().get(0).getVersions().get(1).getVersion()); + assertEquals(Status.AFFECTED, vuln.getAffects().get(0).getVersions().get(1).getStatus()); + } + + void assertServices(final Bom bom) { + //Services + List services = bom.getServices(); + assertEquals(1, services.size()); + Service s = services.get(0); + OrganizationalEntity provider = s.getProvider(); + assertNotNull(provider); + assertEquals("Partner Org", provider.getName()); + List urls = provider.getUrls(); + assertEquals(1, urls.size()); + assertEquals("https://partner.org", urls.get(0)); + + List contacts = provider.getContacts(); + assertEquals(1, contacts.size()); + OrganizationalContact contact = contacts.get(0); + assertEquals("Support", contact.getName()); + assertEquals("support@partner", contact.getEmail()); + assertEquals("800-555-1212", contact.getPhone()); + assertEquals("org.partner", s.getGroup()); + assertEquals("Stock ticker service", s.getName()); + assertEquals("2020-Q2", s.getVersion()); + assertEquals("Provides real-time stock information", s.getDescription()); + + List endpoints = s.getEndpoints(); + assertEquals(2, endpoints.size()); + assertEquals("https://partner.org/api/v1/lookup", endpoints.get(0)); + assertEquals("https://partner.org/api/v1/stock", endpoints.get(1)); + assertNotNull(s.getAuthenticated()); + assertNotNull(s.getxTrustBoundary()); + assertTrue(s.getAuthenticated()); + assertTrue(s.getxTrustBoundary()); + + List data = s.getData(); + assertEquals(4, data.size()); + assertEquals("inbound", data.get(0).getFlow().getFlowName()); + assertEquals("PII", data.get(0).getClassification()); + assertEquals(ServiceData.Flow.OUTBOUND, data.get(1).getFlow()); + assertEquals("PIFI", data.get(1).getClassification()); + assertEquals(ServiceData.Flow.BI_DIRECTIONAL, data.get(2).getFlow()); + assertEquals("public", data.get(2).getClassification()); + assertNotNull(s.getLicense()); + assertEquals(1, s.getLicense().getLicenses().size()); + assertEquals("Partner license", s.getLicense().getLicenses().get(0).getName()); + assertEquals(2, s.getExternalReferences().size()); + assertEquals(ExternalReference.Type.WEBSITE, s.getExternalReferences().get(0).getType()); + assertEquals("http://partner.org", s.getExternalReferences().get(0).getUrl()); + assertEquals(ExternalReference.Type.DOCUMENTATION, s.getExternalReferences().get(1).getType()); + assertEquals("http://api.partner.org/swagger", s.getExternalReferences().get(1).getUrl()); + } + + void assertComponent(final Bom bom, final Version version) { + final List components = bom.getComponents(); + assertEquals(1, components.size()); + Component component = components.get(0); + assertEquals("com.acme", component.getGroup()); + assertEquals("jackson-databind", component.getName()); + assertEquals("2.9.4", component.getVersion()); + assertEquals(Component.Type.LIBRARY, component.getType()); + assertEquals("pkg:maven/com.acme/jackson-databind@2.9.4", component.getPurl()); + assertEquals(12, component.getHashes().size()); + + //Licenses + assertLicense(component.getLicenseChoice(), version); + + assertEquals("Copyright Example Inc. All rights reserved.", component.getCopyright()); + assertEquals("Acme Application", component.getSwid().getName()); + assertEquals("9.1.1", component.getSwid().getVersion()); + assertEquals("swidgen-242eb18a-503e-ca37-393b-cf156ef09691_9.1.1", component.getSwid().getTagId()); + + if (version == Version.VERSION_14) { + assertEquals(1, component.getExternalReferences().size()); + } + else { + assertEquals(2, component.getExternalReferences().size()); + //Security Contact + assertSecurityContact(component.getExternalReferences().get(1)); + } + + //Evidence + assertNotNull(component.getEvidence()); + assertEquals("Copyright 2012 Google Inc. All Rights Reserved.", + component.getEvidence().getCopyright().get(0).getText()); + assertEquals("Apache-2.0", component.getEvidence().getLicenseChoice().getLicenses().get(0).getId()); + assertEquals("http://www.apache.org/licenses/LICENSE-2.0", + component.getEvidence().getLicenseChoice().getLicenses().get(0).getUrl()); + } + + private void assertSecurityContact(ExternalReference externalReference) { + assertEquals(externalReference.getType(), ExternalReference.Type.SECURITY_CONTACT); + assertEquals(externalReference.getComment(), "test"); + assertEquals(externalReference.getUrl(), "http://example.org/docs"); + } + + private void assertLicense(LicenseChoice licenseChoice, final Version version) { + assertNotNull(licenseChoice); + assertNull(licenseChoice.getExpression()); + + assertEquals(1, licenseChoice.getLicenses().size()); + License license = licenseChoice.getLicenses().get(0); + assertNotNull(license); + + if (version == Version.VERSION_14) { + assertNull(license.getProperties()); + assertNull(license.getBomRef()); + } + else { + //Dev Licensing + assertLicensing(license.getLicensing()); + assertEquals(license.getProperties().size(), 1); + assertNotNull(license.getBomRef()); + } + } + + private void assertLicensing(final Licensing licensing) { + assertNotNull(licensing); + + assertEquals(1, licensing.getAltIds().size()); + assertNotNull(licensing.getPurchaseOrder()); + assertLicensor(licensing.getLicensor()); + assertLicensee(licensing.getLicensee()); + assertPurchaser(licensing.getPurchaser()); + assertNotNull(licensing.getExpiration()); + assertNotNull(licensing.getLastRenewal()); + assertEquals(licensing.getLicenseTypes().size(), 1); + } + + private void assertLicensor(OrganizationalChoice licensor) { + assertNull(licensor.getIndividual()); + assertNotNull(licensor.getOrganization()); + assertEquals(licensor.getOrganization().getName(), "Acme Inc"); + assertEquals(licensor.getOrganization().getContacts().size(), 2); + assertNull(licensor.getOrganization().getUrls()); + } + + private void assertLicensee(OrganizationalChoice licensee) { + assertNull(licensee.getIndividual()); + assertNotNull(licensee.getOrganization()); + assertEquals(licensee.getOrganization().getName(), "Example Co."); + assertNull(licensee.getOrganization().getContacts()); + assertNull(licensee.getOrganization().getUrls()); + } + + private void assertPurchaser(OrganizationalChoice purchaser) { + assertNull(purchaser.getOrganization()); + assertNotNull(purchaser.getIndividual()); + assertEquals(purchaser.getIndividual().getName(), "Samantha Wright"); + assertEquals(purchaser.getIndividual().getEmail(), "samantha.wright@gmail.com"); + assertEquals(purchaser.getIndividual().getPhone(), "800-555-1212"); + } + + void assertMetadata(final Metadata metadata, final Version version) { + assertNotNull(metadata); + assertNotNull(metadata.getTimestamp()); + + //Lifecycles + if (version == Version.VERSION_15) { + assertNotNull(metadata.getLifecycles()); + assertEquals(2, metadata.getLifecycles().getLifecycleChoice().size()); + LifecycleChoice firstChoice = metadata.getLifecycles().getLifecycleChoice().get(0); + assertEquals(Phase.BUILD.getPhaseName(), firstChoice.getPhase().getPhaseName()); + assertNull(firstChoice.getName()); + assertNull(firstChoice.getDescription()); + + LifecycleChoice secondChoice = metadata.getLifecycles().getLifecycleChoice().get(1); + assertEquals("platform-integration-testing", secondChoice.getName()); + assertNotNull(secondChoice.getDescription()); + assertNull(secondChoice.getPhase()); + } + else { + assertNull(metadata.getLifecycles()); + } + + //Tool + assertEquals(1, metadata.getTools().size()); + assertEquals("Awesome Vendor", metadata.getTools().get(0).getVendor()); + assertEquals("Awesome Tool", metadata.getTools().get(0).getName()); + assertEquals("9.1.2", metadata.getTools().get(0).getVersion()); + assertEquals(1, metadata.getTools().get(0).getHashes().size()); + assertEquals("SHA-1", metadata.getTools().get(0).getHashes().get(0).getAlgorithm()); + assertEquals("25ed8e31b995bb927966616df2a42b979a2717f0", + metadata.getTools().get(0).getHashes().get(0).getValue()); + + //Author + assertEquals(1, metadata.getAuthors().size()); + assertEquals("Samantha Wright", metadata.getAuthors().get(0).getName()); + assertEquals("samantha.wright@example.com", metadata.getAuthors().get(0).getEmail()); + assertEquals("800-555-1212", metadata.getAuthors().get(0).getPhone()); + + //Component + Component component = metadata.getComponent(); + assertEquals("Acme Application", component.getName()); + assertEquals("9.1.1", component.getVersion()); + assertEquals(Component.Type.APPLICATION, component.getType()); + assertNotNull(component.getSwid()); + assertEquals("swidgen-242eb18a-503e-ca37-393b-cf156ef09691_9.1.1", component.getSwid().getTagId()); + assertEquals("Acme Application", component.getSwid().getName()); + assertEquals("9.1.1", component.getSwid().getVersion()); + assertEquals(0, component.getSwid().getTagVersion()); + assertFalse(component.getSwid().isPatch()); + + //Release Notes + ReleaseNotes releaseNotes = metadata.getComponent().getReleaseNotes(); + assertEquals("major", releaseNotes.getType()); + assertEquals("My new release", releaseNotes.getTitle()); + assertNotNull(releaseNotes.getDescription()); + assertNotNull(releaseNotes.getSocialImage()); + assertNotNull(releaseNotes.getTimestamp()); + assertEquals(1, releaseNotes.getAliases().size()); + assertEquals(1, releaseNotes.getTags().size()); + + //Resolves + assertEquals(1, releaseNotes.getResolves().size()); + Resolves resolves = releaseNotes.getResolves().get(0); + assertEquals(Resolves.Type.SECURITY, resolves.getType()); + assertEquals("CVE-2019-9997", resolves.getId()); + assertEquals("A security issue was fixed that did something bad", resolves.getDescription()); + assertEquals("CVE-2019-9997", resolves.getName()); + + //Notes + assertEquals(1, releaseNotes.getNotes().size()); + Notes note = releaseNotes.getNotes().get(0); + assertEquals("en-US", note.getLocale()); + assertNotNull(note.getText()); + assertEquals("PGgxPk15IG5ldyByZWxlYXNlPGgxPgo8cD5SZWxlYXNlIG5vdGVzIGhlcmU8L3A+", note.getText().getText()); + assertEquals("text/html", note.getText().getContentType()); + assertEquals("base64", note.getText().getEncoding()); + + //Manufacture + assertEquals("Acme, Inc.", metadata.getManufacture().getName()); + assertEquals("https://example.com", metadata.getManufacture().getUrls().get(0)); + assertEquals(1, metadata.getManufacture().getContacts().size()); + assertEquals("Acme Professional Services", metadata.getManufacture().getContacts().get(0).getName()); + assertEquals("professional.services@example.com", metadata.getManufacture().getContacts().get(0).getEmail()); + assertEquals("Acme, Inc.", metadata.getSupplier().getName()); + + //Supplier + assertEquals("https://example.com", metadata.getSupplier().getUrls().get(0)); + assertEquals(1, metadata.getSupplier().getContacts().size()); + assertEquals("Acme Distribution", metadata.getSupplier().getContacts().get(0).getName()); + assertEquals("distribution@example.com", metadata.getSupplier().getContacts().get(0).getEmail()); + } + + void assertCommonBomProperties(Bom bom, Version version) { + assertEquals(version.getVersionString(), bom.getSpecVersion()); + assertEquals(1, bom.getVersion()); + } + + Bom getXmlBom(String filename) throws ParseException, IOException { + final byte[] bomBytes = getBomBytes(filename); + final XmlParser parser = new XmlParser(); + return parser.parse(bomBytes); + } + + Bom getJsonBom(String filename) throws ParseException, IOException { + final byte[] bomBytes = getBomBytes(filename); + final JsonParser parser = new JsonParser(); + return parser.parse(bomBytes); + } + + private byte[] getBomBytes(String filename) throws IOException { + final InputStream inputStream = this.getClass().getResourceAsStream("/" + filename); + return IOUtils.toByteArray(Objects.requireNonNull(inputStream)); + } +} diff --git a/src/test/java/org/cyclonedx/parsers/JsonParserTest.java b/src/test/java/org/cyclonedx/parsers/JsonParserTest.java index 9b8cc3417..839adbfc6 100644 --- a/src/test/java/org/cyclonedx/parsers/JsonParserTest.java +++ b/src/test/java/org/cyclonedx/parsers/JsonParserTest.java @@ -18,66 +18,29 @@ */ package org.cyclonedx.parsers; -import org.apache.commons.io.IOUtils; import org.cyclonedx.CycloneDxSchema; import org.cyclonedx.CycloneDxSchema.Version; -import org.cyclonedx.model.Annotation; -import org.cyclonedx.model.Annotator; import org.cyclonedx.model.Bom; import org.cyclonedx.model.Component; -import org.cyclonedx.model.Composition; -import org.cyclonedx.model.Composition.Aggregate; import org.cyclonedx.model.Dependency; import org.cyclonedx.model.ExternalReference; -import org.cyclonedx.model.License; -import org.cyclonedx.model.LicenseChoice; -import org.cyclonedx.model.Licensing; -import org.cyclonedx.model.LifecycleChoice; -import org.cyclonedx.model.LifecycleChoice.Phase; -import org.cyclonedx.model.Metadata; -import org.cyclonedx.model.OrganizationalContact; -import org.cyclonedx.model.OrganizationalEntity; -import org.cyclonedx.model.OrganizationalChoice; -import org.cyclonedx.model.Property; -import org.cyclonedx.model.ReleaseNotes; -import org.cyclonedx.model.ReleaseNotes.Notes; -import org.cyclonedx.model.ReleaseNotes.Resolves; -import org.cyclonedx.model.Service; -import org.cyclonedx.model.ServiceData; -import org.cyclonedx.model.formulation.Formula; -import org.cyclonedx.model.formulation.Workflow; -import org.cyclonedx.model.formulation.common.InputType; -import org.cyclonedx.model.formulation.common.OutputType; -import org.cyclonedx.model.formulation.common.ResourceReferenceChoice; -import org.cyclonedx.model.formulation.task.Command; -import org.cyclonedx.model.formulation.task.Step; -import org.cyclonedx.model.formulation.task.Task; -import org.cyclonedx.model.formulation.trigger.Condition; -import org.cyclonedx.model.formulation.trigger.Event; -import org.cyclonedx.model.formulation.trigger.Trigger; -import org.cyclonedx.model.formulation.workspace.Volume; -import org.cyclonedx.model.formulation.workspace.Workspace; -import org.cyclonedx.model.vulnerability.Vulnerability; -import org.cyclonedx.model.vulnerability.Vulnerability.Analysis.Justification; -import org.cyclonedx.model.vulnerability.Vulnerability.Analysis.State; -import org.cyclonedx.model.vulnerability.Vulnerability.Rating.Method; -import org.cyclonedx.model.vulnerability.Vulnerability.Rating.Severity; -import org.cyclonedx.model.vulnerability.Vulnerability.Version.Status; import org.junit.jupiter.api.Test; import java.io.File; import java.util.List; +import java.util.Objects; import static org.junit.jupiter.api.Assertions.assertEquals; -import static org.junit.jupiter.api.Assertions.assertFalse; import static org.junit.jupiter.api.Assertions.assertNotNull; import static org.junit.jupiter.api.Assertions.assertNull; import static org.junit.jupiter.api.Assertions.assertTrue; -public class JsonParserTest { +public class JsonParserTest + extends AbstractParserTest +{ @Test public void testValid12Bom() throws Exception { - final File file = new File(this.getClass().getResource("/bom-1.2.json").getFile()); + final File file = new File(Objects.requireNonNull(this.getClass().getResource("/bom-1.2.json")).getFile()); final JsonParser parser = new JsonParser(); Bom bom = parser.parse(file); assertTrue(parser.isValid(file, CycloneDxSchema.Version.VERSION_12)); @@ -86,53 +49,14 @@ public void testValid12Bom() throws Exception { @Test public void testParsedObjects12Bom() throws Exception { - final byte[] bomBytes = IOUtils.toByteArray(this.getClass().getResourceAsStream("/bom-1.2.json")); - final JsonParser parser = new JsonParser(); - final Bom bom = parser.parse(bomBytes); - assertEquals("1.2", bom.getSpecVersion()); - assertEquals(3, bom.getComponents().size()); - assertEquals(1, bom.getVersion()); - assertNotNull(bom.getMetadata()); - assertNotNull(bom.getMetadata().getTimestamp()); - assertEquals(1, bom.getMetadata().getTools().size()); - assertEquals("Awesome Vendor", bom.getMetadata().getTools().get(0).getVendor()); - assertEquals("Awesome Tool", bom.getMetadata().getTools().get(0).getName()); - assertEquals("9.1.2", bom.getMetadata().getTools().get(0).getVersion()); - assertEquals(2, bom.getMetadata().getTools().get(0).getHashes().size()); - assertEquals("SHA-1", bom.getMetadata().getTools().get(0).getHashes().get(0).getAlgorithm()); - assertEquals("25ed8e31b995bb927966616df2a42b979a2717f0", bom.getMetadata().getTools().get(0).getHashes().get(0).getValue()); - assertEquals(1, bom.getMetadata().getAuthors().size()); - assertEquals("Samantha Wright", bom.getMetadata().getAuthors().get(0).getName()); - assertEquals("samantha.wright@example.com", bom.getMetadata().getAuthors().get(0).getEmail()); - assertEquals("800-555-1212", bom.getMetadata().getAuthors().get(0).getPhone()); - assertEquals("Acme Application", bom.getMetadata().getComponent().getName()); - assertEquals("9.1.1", bom.getMetadata().getComponent().getVersion()); - assertEquals(Component.Type.APPLICATION, bom.getMetadata().getComponent().getType()); - assertNotNull(bom.getMetadata().getComponent().getSwid()); - assertEquals("swidgen-242eb18a-503e-ca37-393b-cf156ef09691_9.1.1", bom.getMetadata().getComponent().getSwid().getTagId()); - assertEquals("Acme Application", bom.getMetadata().getComponent().getSwid().getName()); - assertEquals("9.1.1", bom.getMetadata().getComponent().getSwid().getVersion()); - assertEquals(0, bom.getMetadata().getComponent().getSwid().getTagVersion()); - assertFalse(bom.getMetadata().getComponent().getSwid().isPatch()); - assertEquals("Acme, Inc.", bom.getMetadata().getManufacture().getName()); - assertEquals("https://example.com", bom.getMetadata().getManufacture().getUrls().get(0)); - assertEquals(1, bom.getMetadata().getManufacture().getContacts().size()); - assertEquals("Acme Professional Services", bom.getMetadata().getManufacture().getContacts().get(0).getName()); - assertEquals("professional.services@example.com", bom.getMetadata().getManufacture().getContacts().get(0).getEmail()); - assertEquals("Acme, Inc.", bom.getMetadata().getSupplier().getName()); - assertEquals("https://example.com", bom.getMetadata().getSupplier().getUrls().get(0)); - assertEquals(1, bom.getMetadata().getSupplier().getContacts().size()); - assertEquals("Acme Distribution", bom.getMetadata().getSupplier().getContacts().get(0).getName()); - assertEquals("distribution@example.com", bom.getMetadata().getSupplier().getContacts().get(0).getEmail()); + final Bom bom = getJsonBom("bom-1.2.json"); + + assertMetadata(bom, Version.VERSION_12); final List components = bom.getComponents(); - assertEquals(3, components.size()); - Component c1 = components.get(0); - assertEquals("com.acme", c1.getGroup()); - assertEquals("tomcat-catalina", c1.getName()); - assertEquals("9.0.14", c1.getVersion()); - assertEquals(Component.Type.LIBRARY, c1.getType()); - assertEquals("pkg:npm/acme/component@1.0.0", c1.getPurl()); + + // Assertions for bom.components + assertComponent(components.get(0), Component.Type.LIBRARY, "pkg:npm/acme/component@1.0.0"); Component c3 = components.get(2); assertEquals(Component.Type.LIBRARY, c3.getType()); @@ -141,57 +65,11 @@ public void testParsedObjects12Bom() throws Exception { assertEquals("org.glassfish.hk2", c3.getGroup()); assertEquals("osgi-resource-locator", c3.getName()); assertEquals("1.0.1", c3.getVersion()); - assertEquals( "(CDDL-1.0 OR GPL-2.0-with-classpath-exception)", c3.getLicenseChoice().getExpression()); - - testPedigree(c1); + assertEquals("(CDDL-1.0 OR GPL-2.0-with-classpath-exception)", c3.getLicenseChoice().getExpression()); - // Begin Services - List services = bom.getServices(); - assertEquals(1, services.size()); - Service s = services.get(0); - OrganizationalEntity provider = s.getProvider(); - assertNotNull(provider); - assertEquals("Partner Org", provider.getName()); - List urls = provider.getUrls(); - assertEquals(1, urls.size()); - assertEquals("https://partner.org", urls.get(0)); - List contacts = provider.getContacts(); - assertEquals(1, contacts.size()); - OrganizationalContact contact = contacts.get(0); - assertEquals("Support", contact.getName()); - assertEquals("support@partner", contact.getEmail()); - assertEquals("800-555-1212", contact.getPhone()); - assertEquals("org.partner", s.getGroup()); - assertEquals("Stock ticker service", s.getName()); - assertEquals("2020-Q2", s.getVersion()); - assertEquals("Provides real-time stock information", s.getDescription()); - List endpoints = s.getEndpoints(); - assertEquals(2, endpoints.size()); - assertEquals("https://partner.org/api/v1/lookup", endpoints.get(0)); - assertEquals("https://partner.org/api/v1/stock", endpoints.get(1)); - assertNotNull(s.getAuthenticated()); - assertNotNull(s.getxTrustBoundary()); - assertTrue(s.getAuthenticated()); - assertTrue(s.getxTrustBoundary()); - List data = s.getData(); - assertEquals(3, data.size()); - assertEquals("inbound", data.get(0).getFlow().getFlowName()); - assertEquals("PII", data.get(0).getClassification()); - assertEquals(ServiceData.Flow.OUTBOUND, data.get(1).getFlow()); - assertEquals("PIFI", data.get(1).getClassification()); - assertEquals(ServiceData.Flow.BI_DIRECTIONAL, data.get(2).getFlow()); - assertEquals("pubic", data.get(2).getClassification()); - assertNotNull(s.getLicense()); - assertEquals(1, s.getLicense().getLicenses().size()); - assertEquals("Partner license", s.getLicense().getLicenses().get(0).getName()); - assertEquals(2, s.getExternalReferences().size()); - assertEquals(ExternalReference.Type.WEBSITE, s.getExternalReferences().get(0).getType()); - assertEquals("http://partner.org", s.getExternalReferences().get(0).getUrl()); - assertEquals(ExternalReference.Type.DOCUMENTATION, s.getExternalReferences().get(1).getType()); - assertEquals("http://api.partner.org/swagger", s.getExternalReferences().get(1).getUrl()); - // End Services + assertServices(bom); - // Begin Dependencies + // Assertions for bom.dependencies assertEquals(2, bom.getDependencies().size()); Dependency d1 = bom.getDependencies().get(0); assertNotNull(d1); @@ -202,124 +80,20 @@ public void testParsedObjects12Bom() throws Exception { assertNull(d11.getDependencies()); } - private void testPedigree(final Component component) { - assertNotNull(component.getPedigree()); - assertNotNull(component.getPedigree().getAncestors()); - assertEquals(2, component.getPedigree().getAncestors().getComponents().size()); - assertNotNull(component.getPedigree().getDescendants()); - assertEquals(2, component.getPedigree().getDescendants().getComponents().size()); - assertNotNull(component.getPedigree().getVariants()); - assertEquals(2, component.getPedigree().getVariants().getComponents().size()); - } - @Test public void testParsedObjects13Bom() throws Exception { - final byte[] bomBytes = IOUtils.toByteArray(this.getClass().getResourceAsStream("/bom-1.3.json")); - final JsonParser parser = new JsonParser(); - final Bom bom = parser.parse(bomBytes); - assertEquals("1.3", bom.getSpecVersion()); - assertEquals(3, bom.getComponents().size()); - assertEquals(1, bom.getVersion()); - assertNotNull(bom.getMetadata()); - assertNotNull(bom.getMetadata().getTimestamp()); - assertEquals(1, bom.getMetadata().getTools().size()); - assertEquals("Awesome Vendor", bom.getMetadata().getTools().get(0).getVendor()); - assertEquals("Awesome Tool", bom.getMetadata().getTools().get(0).getName()); - assertEquals("9.1.2", bom.getMetadata().getTools().get(0).getVersion()); - assertEquals(2, bom.getMetadata().getTools().get(0).getHashes().size()); - assertEquals("SHA-1", bom.getMetadata().getTools().get(0).getHashes().get(0).getAlgorithm()); - assertEquals("25ed8e31b995bb927966616df2a42b979a2717f0", bom.getMetadata().getTools().get(0).getHashes().get(0).getValue()); - assertEquals(1, bom.getMetadata().getAuthors().size()); - assertEquals("Samantha Wright", bom.getMetadata().getAuthors().get(0).getName()); - assertEquals("samantha.wright@example.com", bom.getMetadata().getAuthors().get(0).getEmail()); - assertEquals("800-555-1212", bom.getMetadata().getAuthors().get(0).getPhone()); - assertEquals("Acme Application", bom.getMetadata().getComponent().getName()); - assertEquals("9.1.1", bom.getMetadata().getComponent().getVersion()); - assertEquals(Component.Type.APPLICATION, bom.getMetadata().getComponent().getType()); - assertNotNull(bom.getMetadata().getComponent().getSwid()); - assertEquals("swidgen-242eb18a-503e-ca37-393b-cf156ef09691_9.1.1", bom.getMetadata().getComponent().getSwid().getTagId()); - assertEquals("Acme Application", bom.getMetadata().getComponent().getSwid().getName()); - assertEquals("9.1.1", bom.getMetadata().getComponent().getSwid().getVersion()); - assertEquals(0, bom.getMetadata().getComponent().getSwid().getTagVersion()); - assertFalse(bom.getMetadata().getComponent().getSwid().isPatch()); - assertEquals("Acme, Inc.", bom.getMetadata().getManufacture().getName()); - assertEquals("https://example.com", bom.getMetadata().getManufacture().getUrls().get(0)); - assertEquals(1, bom.getMetadata().getManufacture().getContacts().size()); - assertEquals("Acme Professional Services", bom.getMetadata().getManufacture().getContacts().get(0).getName()); - assertEquals("professional.services@example.com", bom.getMetadata().getManufacture().getContacts().get(0).getEmail()); - assertEquals("Acme, Inc.", bom.getMetadata().getSupplier().getName()); - assertEquals("https://example.com", bom.getMetadata().getSupplier().getUrls().get(0)); - assertEquals(1, bom.getMetadata().getSupplier().getContacts().size()); - assertEquals("Acme Distribution", bom.getMetadata().getSupplier().getContacts().get(0).getName()); - assertEquals("distribution@example.com", bom.getMetadata().getSupplier().getContacts().get(0).getEmail()); + final Bom bom = getJsonBom("bom-1.3.json"); - final List components = bom.getComponents(); - assertEquals(3, components.size()); - Component c1 = components.get(0); - assertEquals("com.acme", c1.getGroup()); - assertEquals("tomcat-catalina", c1.getName()); - assertEquals("9.0.14", c1.getVersion()); - assertEquals(Component.Type.LIBRARY, c1.getType()); - assertEquals("pkg:npm/acme/component@1.0.0", c1.getPurl()); + assertMetadata(bom, Version.VERSION_13); - Component c3 = components.get(2); - assertEquals(Component.Type.LIBRARY, c3.getType()); - assertEquals("pkg:maven/org.glassfish.hk2/osgi-resource-locator@1.0.1?type=jar", c3.getBomRef()); - assertEquals("GlassFish Community", c3.getPublisher()); - assertEquals("org.glassfish.hk2", c3.getGroup()); - assertEquals("osgi-resource-locator", c3.getName()); - assertEquals("1.0.1", c3.getVersion()); - assertEquals( "(CDDL-1.0 OR GPL-2.0-with-classpath-exception)", c3.getLicenseChoice().getExpression()); + assertServices(bom); - testPedigree(c1); + final List components = bom.getComponents(); + assertEquals(3, components.size()); - // Begin Services - List services = bom.getServices(); - assertEquals(1, services.size()); - Service s = services.get(0); - OrganizationalEntity provider = s.getProvider(); - assertNotNull(provider); - assertEquals("Partner Org", provider.getName()); - List urls = provider.getUrls(); - assertEquals(1, urls.size()); - assertEquals("https://partner.org", urls.get(0)); - List contacts = provider.getContacts(); - assertEquals(1, contacts.size()); - OrganizationalContact contact = contacts.get(0); - assertEquals("Support", contact.getName()); - assertEquals("support@partner", contact.getEmail()); - assertEquals("800-555-1212", contact.getPhone()); - assertEquals("org.partner", s.getGroup()); - assertEquals("Stock ticker service", s.getName()); - assertEquals("2020-Q2", s.getVersion()); - assertEquals("Provides real-time stock information", s.getDescription()); - List endpoints = s.getEndpoints(); - assertEquals(2, endpoints.size()); - assertEquals("https://partner.org/api/v1/lookup", endpoints.get(0)); - assertEquals("https://partner.org/api/v1/stock", endpoints.get(1)); - assertNotNull(s.getAuthenticated()); - assertNotNull(s.getxTrustBoundary()); - assertTrue(s.getAuthenticated()); - assertTrue(s.getxTrustBoundary()); - List data = s.getData(); - assertEquals(3, data.size()); - assertEquals("inbound", data.get(0).getFlow().getFlowName()); - assertEquals("PII", data.get(0).getClassification()); - assertEquals(ServiceData.Flow.OUTBOUND, data.get(1).getFlow()); - assertEquals("PIFI", data.get(1).getClassification()); - assertEquals(ServiceData.Flow.BI_DIRECTIONAL, data.get(2).getFlow()); - assertEquals("pubic", data.get(2).getClassification()); - assertNotNull(s.getLicense()); - assertEquals(1, s.getLicense().getLicenses().size()); - assertEquals("Partner license", s.getLicense().getLicenses().get(0).getName()); - assertEquals(2, s.getExternalReferences().size()); - assertEquals(ExternalReference.Type.WEBSITE, s.getExternalReferences().get(0).getType()); - assertEquals("http://partner.org", s.getExternalReferences().get(0).getUrl()); - assertEquals(ExternalReference.Type.DOCUMENTATION, s.getExternalReferences().get(1).getType()); - assertEquals("http://api.partner.org/swagger", s.getExternalReferences().get(1).getUrl()); - // End Services + assertComponent(components.get(0), Component.Type.LIBRARY, "pkg:npm/acme/component@1.0.0"); - // Begin Dependencies + // Assertions for bom.dependencies assertEquals(2, bom.getDependencies().size()); Dependency d1 = bom.getDependencies().get(0); assertNotNull(d1); @@ -339,7 +113,8 @@ public void testParsedObjects13Bom() throws Exception { @Test public void testValidBomLink() throws Exception { - final File file = new File(this.getClass().getResource("/bom-1.4-bomlink.json").getFile()); + final File file = + new File(Objects.requireNonNull(this.getClass().getResource("/bom-1.4-bomlink.json")).getFile()); final JsonParser parser = new JsonParser(); Bom bom = parser.parse(file); assertTrue(parser.isValid(file, CycloneDxSchema.Version.VERSION_14)); @@ -350,12 +125,9 @@ public void testValidBomLink() throws Exception { @Test public void testParsedObjects14Bom() throws Exception { - final byte[] bomBytes = IOUtils.toByteArray(this.getClass().getResourceAsStream("/bom-1.4.json")); - final JsonParser parser = new JsonParser(); - final Bom bom = parser.parse(bomBytes); + final Bom bom = getJsonBom("bom-1.4.json"); - assertEquals("1.4", bom.getSpecVersion()); - assertEquals(1, bom.getVersion()); + assertCommonBomProperties(bom, Version.VERSION_14); assertMetadata(bom.getMetadata(), Version.VERSION_14); assertComponent(bom, Version.VERSION_14); @@ -381,12 +153,9 @@ public void testParsedObjects14Bom() throws Exception { @Test public void testParsedObjects15Bom() throws Exception { - final byte[] bomBytes = IOUtils.toByteArray(this.getClass().getResourceAsStream("/bom-1.5.json")); - final JsonParser parser = new JsonParser(); - final Bom bom = parser.parse(bomBytes); + final Bom bom = getJsonBom("bom-1.5.json"); - assertEquals("1.5", bom.getSpecVersion()); - assertEquals(1, bom.getVersion()); + assertCommonBomProperties(bom, Version.VERSION_15); assertMetadata(bom.getMetadata(), Version.VERSION_15); assertComponent(bom, Version.VERSION_15); @@ -409,644 +178,4 @@ public void testParsedObjects15Bom() throws Exception { //Assert Formulation assertFormulation(bom, Version.VERSION_15); } - - private void assertFormulation(final Bom bom, final Version version) { - if(version== Version.VERSION_15) { - List formulas = bom.getFormulation(); - - assertEquals(1, formulas.size()); - - Formula formula = formulas.get(0); - assertNotNull(formula.getBomRef()); - assertNotNull(formula.getComponents()); - assertNull(formula.getServices()); - assertNull(formula.getProperties()); - assertWorkflows(formula.getWorkflows()); - } else { - assertNull(bom.getFormulation()); - } - } - private void assertWorkflows(List workflows) { - assertEquals(workflows.size(), 1); - - Workflow workflow = workflows.get(0); - assertNotNull(workflow.getBomRef()); - assertNotNull(workflow.getUid()); - assertNotNull(workflow.getName()); - assertNotNull(workflow.getDescription()); - assertNotNull(workflow.getResourceReferences()); - - assertNotNull(workflow.getTimeEnd()); - assertNotNull(workflow.getTimeStart()); - assertNotNull(workflow.getRuntimeTopology()); - assertNotNull(workflow.getTaskDependencies()); - - assertTasks(workflow.getTasks()); - assertSteps(workflow.getSteps()); - assertTrigger(workflow.getTrigger()); - assertInputs(workflow.getInputs()); - assertOutputs(workflow.getOutputs()); - assertProperties(workflow.getProperties()); - assertWorkspaces(workflow.getWorkspaces()); - } - - private void assertWorkspaces(List workspaces) { - assertEquals(workspaces.size(), 1); - assertNotNull(workspaces); - - Workspace workspace = workspaces.get(0); - assertNotNull(workspace.getBomRef()); - assertNotNull(workspace.getUid()); - assertNotNull(workspace.getName()); - assertNotNull(workspace.getDescription()); - assertNotNull(workspace.getResourceReferences()); - - assertNotNull(workspace.getAccessMode()); - assertNotNull(workspace.getMountPath()); - assertNotNull(workspace.getManagedDataType()); - assertNotNull(workspace.getVolumeRequest()); - - assertVolume(workspace.getVolume()); - - assertProperties(workspace.getProperties()); - } - - private void assertVolume(Volume volume) { - assertNotNull(volume); - - assertNotNull(volume.getUid()); - assertNotNull(volume.getName()); - assertNotNull(volume.getMode()); - assertNotNull(volume.getPath()); - assertNotNull(volume.getSizeAllocated()); - assertNotNull(volume.getPersistent()); - assertNotNull(volume.getRemote()); - - assertProperties(volume.getProperties()); - } - - private void assertTrigger(Trigger trigger) { - assertNotNull(trigger); - - assertNotNull(trigger.getBomRef()); - assertNotNull(trigger.getUid()); - assertNotNull(trigger.getName()); - assertNotNull(trigger.getDescription()); - assertNotNull(trigger.getResourceReferences()); - assertNotNull(trigger.getType()); - assertNotNull(trigger.getTimeActivated()); - - //Event - assertEvent(trigger.getEvent()); - //Conditions - assertConditions(trigger.getConditions()); - //Inputs - assertInputs(trigger.getInputs()); - //Outputs - assertOutputs(trigger.getOutputs()); - - assertProperties(trigger.getProperties()); - } - - private void assertOutputs(List outputs) { - OutputType outputType = outputs.get(0); - //Source - assertResourceReference(outputType.getSource()); - //Target - assertResourceReference(outputType.getTarget()); - assertOutputData(outputType); - - assertProperties(outputType.getProperties()); - } - - private void assertOutputData(OutputType outputType) { - if (outputType.getResource() != null) { - assertNull(outputType.getData()); - assertNull(outputType.getEnvironmentVars()); - } - else if (outputType.getData() != null) { - assertNull(outputType.getResource()); - assertNull(outputType.getEnvironmentVars()); - } - else if (outputType.getEnvironmentVars() != null) { - assertNull(outputType.getResource()); - assertNull(outputType.getData()); - } - else { - assertNull(outputType.getResource()); - assertNull(outputType.getData()); - assertNull(outputType.getEnvironmentVars()); - } - } - - private void assertInputs(List inputs) { - InputType inputType = inputs.get(0); - //Source - assertResourceReference(inputType.getSource()); - //Target - assertResourceReference(inputType.getTarget()); - assertInputData(inputType); - - assertProperties(inputType.getProperties()); - } - - private void assertInputData(InputType inputType) { - if (inputType.getResource() != null) { - assertNull(inputType.getParameters()); - assertNull(inputType.getData()); - assertNull(inputType.getEnvironmentVars()); - } - else if (inputType.getParameters() != null) { - assertNull(inputType.getResource()); - assertNull(inputType.getData()); - assertNull(inputType.getEnvironmentVars()); - } - else if (inputType.getData() != null) { - assertNull(inputType.getResource()); - assertNull(inputType.getParameters()); - assertNull(inputType.getEnvironmentVars()); - } - else if (inputType.getEnvironmentVars() != null) { - assertNull(inputType.getResource()); - assertNull(inputType.getParameters()); - assertNull(inputType.getData()); - } - else { - assertNull(inputType.getResource()); - assertNull(inputType.getParameters()); - assertNull(inputType.getData()); - assertNull(inputType.getEnvironmentVars()); - } - } - - private void assertConditions(List conditions) { - assertEquals(conditions.size(), 1); - - Condition condition = conditions.get(0); - - assertNotNull(condition.getDescription()); - assertNotNull(condition.getExpression()); - - assertProperties(condition.getProperties()); - } - - private void assertEvent(Event event) { - assertNotNull(event); - - assertNotNull(event.getUid()); - assertNotNull(event.getDescription()); - assertNotNull(event.getTimeReceived()); - assertNotNull(event.getData()); - - //Source - assertResourceReference(event.getSource()); - //Target - assertResourceReference(event.getTarget()); - - assertProperties(event.getProperties()); - } - - private void assertResourceReference(ResourceReferenceChoice resourceReferenceChoice) { - if (resourceReferenceChoice != null) { - - if (resourceReferenceChoice.getExternalReference() != null) { - assertNull(resourceReferenceChoice.getRef()); - } - else { - assertNull(resourceReferenceChoice.getExternalReference()); - } - } - } - - private void assertTasks(List tasks) { - assertEquals(tasks.size(), 1); - - Task task = tasks.get(0); - assertNotNull(task.getBomRef()); - assertNotNull(task.getUid()); - assertNotNull(task.getName()); - assertNotNull(task.getDescription()); - assertNotNull(task.getResourceReferences()); - assertNotNull(task.getTaskTypes()); - } - - private void assertSteps(List steps) { - assertEquals(steps.size(), 1); - - Step step = steps.get(0); - assertNotNull(step.getName()); - assertNotNull(step.getDescription()); - assertCommands(step.getCommands()); - assertProperties(step.getProperties()); - } - - private void assertCommands(List commands) { - assertEquals(commands.size(), 1); - - Command command = commands.get(0); - assertNotNull(command.getExecuted()); - assertProperties(command.getProperties()); - } - - private void assertProperties(List properties) { - if (properties != null) { - assertEquals(properties.size(), 1); - - Property property = properties.get(0); - assertNotNull(property.getName()); - assertNotNull(property.getValue()); - } - } - - private void assertAnnotations(final Bom bom, final Version version) { - - if (version == Version.VERSION_15) { - List annotations = bom.getAnnotations(); - - assertEquals(annotations.size(), 1); - - Annotation annotation = annotations.get(0); - assertNotNull(annotation.getBomRef()); - assertNotNull(annotation.getText()); - assertNotNull(annotation.getTimestamp()); - - assertEquals(annotation.getSubjects().size(), 1); - assertAnnotator(annotation.getAnnotator()); - } - else { - assertNull(bom.getAnnotations()); - } - } - - private void assertAnnotator(final Annotator annotator) { - assertNotNull(annotator); - assertNull(annotator.getIndividual()); - assertNull(annotator.getComponent()); - assertNull(annotator.getService()); - - assertNotNull(annotator.getOrganization()); - assertEquals(annotator.getOrganization().getName(), "Acme, Inc."); - assertEquals(annotator.getOrganization().getContacts().size(), 1); - assertEquals(annotator.getOrganization().getUrls().size(), 1); - } - - private void assertCompositions(final Bom bom, final Version version) { - final List compositions = bom.getCompositions(); - assertEquals(3, compositions.size()); - Composition composition = compositions.get(0); - - assertEquals(composition.getAggregate(), Aggregate.COMPLETE); - assertNotNull(composition.getAssemblies()); - assertNotNull(composition.getDependencies()); - - //Assert Vulnerability Rejected - if (version == Version.VERSION_15) { - composition = compositions.get(2); - assertNotNull(composition.getVulnerabilities()); - assertEquals("6eee14da-8f42-4cc4-bb65-203235f02415", composition.getVulnerabilities().get(0).getRef()); - } - else { - assertNull(composition.getVulnerabilities()); - assertNull(composition.getBomRef()); - } - } - - private void assertVulnerabilities(final Bom bom, final Version version) { - final List vulnerabilities = bom.getVulnerabilities(); - assertEquals(1, vulnerabilities.size()); - Vulnerability vuln = vulnerabilities.get(0); - - assertEquals("6eee14da-8f42-4cc4-bb65-203235f02415", vuln.getBomRef()); - assertEquals("SONATYPE-2021123", vuln.getId()); - assertEquals("Description", vuln.getDescription()); - assertEquals("Detail", vuln.getDetail()); - assertEquals("Upgrade", vuln.getRecommendation()); - assertEquals(184, vuln.getCwes().get(0)); - assertNotNull(vuln.getCreated()); - assertNotNull(vuln.getPublished()); - assertNotNull(vuln.getUpdated()); - - //Assert Vulnerability Rejected - if (version != Version.VERSION_14) { - assertNotNull(vuln.getRejected()); - } - else { - assertNull(vuln.getRejected()); - } - - //Source - assertEquals("Sonatype", vuln.getSource().getName()); - assertEquals("https://www.vuln.com", vuln.getSource().getUrl()); - - //References - assertEquals(1, vuln.getReferences().size()); - assertEquals("CVE-2018-7489", vuln.getReferences().get(0).getId()); - assertEquals("NVD", vuln.getReferences().get(0).getSource().getName()); - assertEquals("https://nvd.nist.gov/vuln/detail/CVE-2019-9997", - vuln.getReferences().get(0).getSource().getUrl()); - - //Ratings - assertEquals(1, vuln.getRatings().size()); - assertEquals("NVD", vuln.getRatings().get(0).getSource().getName()); - assertEquals( - "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&version=3.0", - vuln.getRatings().get(0).getSource().getUrl()); - assertEquals(9.8, vuln.getRatings().get(0).getScore()); - assertEquals(Severity.CRITICAL, vuln.getRatings().get(0).getSeverity()); - assertEquals(Method.CVSSV3, vuln.getRatings().get(0).getMethod()); - assertEquals("AN/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", vuln.getRatings().get(0).getVector()); - assertEquals("An optional reason for rating the vulnerability as it was", - vuln.getRatings().get(0).getJustification()); - - //Advisories - assertEquals(1, vuln.getAdvisories().size()); - assertEquals("GitHub Commit", vuln.getAdvisories().get(0).getTitle()); - assertEquals("https://github.com/FasterXML/jackson-databind/commit/6799f8f10cc78e9af6d443ed6982d00a13f2e7d2", - vuln.getAdvisories().get(0).getUrl()); - - //Credits - assertEquals(1, vuln.getCredits().getIndividuals().size()); - assertEquals(1, vuln.getCredits().getOrganizations().size()); - - assertEquals("Jane Doe", vuln.getCredits().getIndividuals().get(0).getName()); - assertEquals("jane.doe@example.com", vuln.getCredits().getIndividuals().get(0).getEmail()); - - assertEquals("Acme, Inc.", vuln.getCredits().getOrganizations().get(0).getName()); - assertEquals("https://example.com", vuln.getCredits().getOrganizations().get(0).getUrls().get(0)); - - //Tools - assertEquals(1, vuln.getTools().size()); - assertEquals("Sonatype CLI", vuln.getTools().get(0).getName()); - assertEquals("Sonatype", vuln.getTools().get(0).getVendor()); - assertEquals("1.131", vuln.getTools().get(0).getVersion()); - assertEquals(1, vuln.getTools().get(0).getHashes().size()); - - //Analysis - assertEquals(State.NOT_AFFECTED, vuln.getAnalysis().getState()); - assertEquals(Justification.CODE_NOT_REACHABLE, vuln.getAnalysis().getJustification()); - assertEquals("An optional explanation of why the application is not affected by the vulnerable component.", - vuln.getAnalysis().getDetail()); - assertEquals("update", vuln.getAnalysis().getResponses().get(0).getResponseName()); - - //Vulnerability Analysis Timestamp 1.5 - if (version != Version.VERSION_14) { - assertNotNull(vuln.getAnalysis().getFirstIssued()); - assertNotNull(vuln.getAnalysis().getLastUpdated()); - } else { - assertNull(vuln.getAnalysis().getFirstIssued()); - assertNull(vuln.getAnalysis().getLastUpdated()); - } - - //Affects - assertEquals(1, vuln.getAffects().size()); - assertEquals("pkg:maven/com.acme/jackson-databind@2.9.9", vuln.getAffects().get(0).getRef()); - - assertEquals("vers:semver/<2.6.7.5", vuln.getAffects().get(0).getVersions().get(0).getRange()); - assertEquals(Status.AFFECTED, vuln.getAffects().get(0).getVersions().get(0).getStatus()); - - assertEquals("2.9.9", vuln.getAffects().get(0).getVersions().get(1).getVersion()); - assertEquals(Status.AFFECTED, vuln.getAffects().get(0).getVersions().get(1).getStatus()); - } - - private void assertServices(final Bom bom) { - //Services - List services = bom.getServices(); - assertEquals(1, services.size()); - Service s = services.get(0); - OrganizationalEntity provider = s.getProvider(); - assertNotNull(provider); - assertEquals("Partner Org", provider.getName()); - List urls = provider.getUrls(); - assertEquals(1, urls.size()); - assertEquals("https://partner.org", urls.get(0)); - - List contacts = provider.getContacts(); - assertEquals(1, contacts.size()); - OrganizationalContact contact = contacts.get(0); - assertEquals("Support", contact.getName()); - assertEquals("support@partner", contact.getEmail()); - assertEquals("800-555-1212", contact.getPhone()); - assertEquals("org.partner", s.getGroup()); - assertEquals("Stock ticker service", s.getName()); - assertEquals("2020-Q2", s.getVersion()); - assertEquals("Provides real-time stock information", s.getDescription()); - - List endpoints = s.getEndpoints(); - assertEquals(2, endpoints.size()); - assertEquals("https://partner.org/api/v1/lookup", endpoints.get(0)); - assertEquals("https://partner.org/api/v1/stock", endpoints.get(1)); - assertNotNull(s.getAuthenticated()); - assertNotNull(s.getxTrustBoundary()); - assertTrue(s.getAuthenticated()); - assertTrue(s.getxTrustBoundary()); - - List data = s.getData(); - assertEquals(4, data.size()); - assertEquals("inbound", data.get(0).getFlow().getFlowName()); - assertEquals("PII", data.get(0).getClassification()); - assertEquals(ServiceData.Flow.OUTBOUND, data.get(1).getFlow()); - assertEquals("PIFI", data.get(1).getClassification()); - assertEquals(ServiceData.Flow.BI_DIRECTIONAL, data.get(2).getFlow()); - assertEquals("pubic", data.get(2).getClassification()); - assertNotNull(s.getLicense()); - assertEquals(1, s.getLicense().getLicenses().size()); - assertEquals("Partner license", s.getLicense().getLicenses().get(0).getName()); - assertEquals(2, s.getExternalReferences().size()); - assertEquals(ExternalReference.Type.WEBSITE, s.getExternalReferences().get(0).getType()); - assertEquals("http://partner.org", s.getExternalReferences().get(0).getUrl()); - assertEquals(ExternalReference.Type.DOCUMENTATION, s.getExternalReferences().get(1).getType()); - assertEquals("http://api.partner.org/swagger", s.getExternalReferences().get(1).getUrl()); - } - - private void assertComponent(final Bom bom, final Version version) { - final List components = bom.getComponents(); - assertEquals(1, components.size()); - Component component = components.get(0); - assertEquals("com.acme", component.getGroup()); - assertEquals("jackson-databind", component.getName()); - assertEquals("2.9.4", component.getVersion()); - assertEquals(Component.Type.LIBRARY, component.getType()); - assertEquals("pkg:maven/com.acme/jackson-databind@2.9.4", component.getPurl()); - assertEquals(12, component.getHashes().size()); - - //Licenses - assertLicense(component.getLicenseChoice(), version); - - assertEquals("Copyright Example Inc. All rights reserved.", component.getCopyright()); - assertEquals("Acme Application", component.getSwid().getName()); - assertEquals("9.1.1", component.getSwid().getVersion()); - assertEquals("swidgen-242eb18a-503e-ca37-393b-cf156ef09691_9.1.1", component.getSwid().getTagId()); - - if (version == Version.VERSION_14) { - assertEquals(1, component.getExternalReferences().size()); - } - else { - assertEquals(2, component.getExternalReferences().size()); - //Security Contact - assertSecurityContact(component.getExternalReferences().get(1)); - } - - //Evidence - assertNotNull(component.getEvidence()); - assertEquals("Copyright 2012 Google Inc. All Rights Reserved.", - component.getEvidence().getCopyright().get(0).getText()); - assertEquals("Apache-2.0", component.getEvidence().getLicenseChoice().getLicenses().get(0).getId()); - assertEquals("http://www.apache.org/licenses/LICENSE-2.0", - component.getEvidence().getLicenseChoice().getLicenses().get(0).getUrl()); - } - - private void assertSecurityContact(ExternalReference externalReference) { - assertEquals(externalReference.getType(), ExternalReference.Type.SECURITY_CONTACT); - assertEquals(externalReference.getComment(), "test"); - assertEquals(externalReference.getUrl(), "http://example.org/docs"); - } - - private void assertLicense(LicenseChoice licenseChoice, final Version version) { - assertNotNull(licenseChoice); - assertNull(licenseChoice.getExpression()); - - assertEquals(1, licenseChoice.getLicenses().size()); - License license = licenseChoice.getLicenses().get(0); - assertNotNull(license); - - - if (version == Version.VERSION_14) { - assertNull(license.getProperties()); - assertNull(license.getBomRef()); - } - else { - //Dev Licensing - assertLicensing(license.getLicensing()); - assertEquals(license.getProperties().size(), 1); - assertNotNull(license.getBomRef()); - } - } - - private void assertLicensing(final Licensing licensing) { - assertNotNull(licensing); - - assertEquals(2, licensing.getAltIds().size()); - assertNotNull(licensing.getPurchaseOrder()); - assertLicensor(licensing.getLicensor()); - assertLicensee(licensing.getLicensee()); - assertPurchaser(licensing.getPurchaser()); - assertNotNull(licensing.getExpiration()); - assertNotNull(licensing.getLastRenewal()); - assertEquals(licensing.getLicenseTypes().size(), 1); - } - - private void assertLicensor(OrganizationalChoice licensor) { - assertNull(licensor.getIndividual()); - assertNotNull(licensor.getOrganization()); - assertEquals(licensor.getOrganization().getName(), "Acme Inc"); - assertEquals(licensor.getOrganization().getContacts().size(), 2); - assertNull(licensor.getOrganization().getUrls()); - } - - private void assertLicensee(OrganizationalChoice licensee) { - assertNull(licensee.getIndividual()); - assertNotNull(licensee.getOrganization()); - assertEquals(licensee.getOrganization().getName(), "Example Co."); - assertNull(licensee.getOrganization().getContacts()); - assertNull(licensee.getOrganization().getUrls()); - } - - private void assertPurchaser(OrganizationalChoice purchaser) { - assertNull(purchaser.getOrganization()); - assertNotNull(purchaser.getIndividual()); - assertEquals(purchaser.getIndividual().getName(), "Samantha Wright"); - assertEquals(purchaser.getIndividual().getEmail(), "samantha.wright@gmail.com"); - assertEquals(purchaser.getIndividual().getPhone(), "800-555-1212"); - } - - private void assertMetadata(final Metadata metadata, final Version version) { - assertNotNull(metadata); - assertNotNull(metadata.getTimestamp()); - - //Lifecycles - if(version == Version.VERSION_15) { - assertNotNull(metadata.getLifecycles()); - assertEquals(2, metadata.getLifecycles().getLifecycleChoice().size()); - LifecycleChoice firstChoice = metadata.getLifecycles().getLifecycleChoice().get(0); - assertEquals(Phase.BUILD.getPhaseName(), firstChoice.getPhase().getPhaseName()); - assertNull(firstChoice.getName()); - assertNull(firstChoice.getDescription()); - - LifecycleChoice secondChoice = metadata.getLifecycles().getLifecycleChoice().get(1); - assertEquals("platform-integration-testing", secondChoice.getName()); - assertNotNull(secondChoice.getDescription()); - assertNull(secondChoice.getPhase()); - } else { - assertNull(metadata.getLifecycles()); - } - - //Tool - assertEquals(1, metadata.getTools().size()); - assertEquals("Awesome Vendor", metadata.getTools().get(0).getVendor()); - assertEquals("Awesome Tool", metadata.getTools().get(0).getName()); - assertEquals("9.1.2", metadata.getTools().get(0).getVersion()); - assertEquals(1, metadata.getTools().get(0).getHashes().size()); - assertEquals("SHA-1", metadata.getTools().get(0).getHashes().get(0).getAlgorithm()); - assertEquals("25ed8e31b995bb927966616df2a42b979a2717f0", - metadata.getTools().get(0).getHashes().get(0).getValue()); - - //Author - assertEquals(1, metadata.getAuthors().size()); - assertEquals("Samantha Wright", metadata.getAuthors().get(0).getName()); - assertEquals("samantha.wright@example.com", metadata.getAuthors().get(0).getEmail()); - assertEquals("800-555-1212", metadata.getAuthors().get(0).getPhone()); - - //Component - Component component = metadata.getComponent(); - assertEquals("Acme Application", component.getName()); - assertEquals("9.1.1", component.getVersion()); - assertEquals(Component.Type.APPLICATION, component.getType()); - assertNotNull(component.getSwid()); - assertEquals("swidgen-242eb18a-503e-ca37-393b-cf156ef09691_9.1.1", component.getSwid().getTagId()); - assertEquals("Acme Application", component.getSwid().getName()); - assertEquals("9.1.1", component.getSwid().getVersion()); - assertEquals(0, component.getSwid().getTagVersion()); - assertFalse(component.getSwid().isPatch()); - - //Release Notes - ReleaseNotes releaseNotes = metadata.getComponent().getReleaseNotes(); - assertEquals("major", releaseNotes.getType()); - assertEquals("My new release", releaseNotes.getTitle()); - assertNotNull(releaseNotes.getDescription()); - assertNotNull(releaseNotes.getSocialImage()); - assertNotNull(releaseNotes.getTimestamp()); - assertEquals(1, releaseNotes.getAliases().size()); - assertEquals(1, releaseNotes.getTags().size()); - - //Resolves - assertEquals(1, releaseNotes.getResolves().size()); - Resolves resolves = releaseNotes.getResolves().get(0); - assertEquals(Resolves.Type.SECURITY, resolves.getType()); - assertEquals("CVE-2019-9997", resolves.getId()); - assertEquals("A security issue was fixed that did something bad", resolves.getDescription()); - assertEquals("CVE-2019-9997", resolves.getName()); - - //Notes - assertEquals(1, releaseNotes.getNotes().size()); - Notes note = releaseNotes.getNotes().get(0); - assertEquals("en-US", note.getLocale()); - assertNotNull(note.getText()); - assertEquals("PGgxPk15IG5ldyByZWxlYXNlPGgxPgo8cD5SZWxlYXNlIG5vdGVzIGhlcmU8L3A+", note.getText().getText()); - assertEquals("text/html", note.getText().getContentType()); - assertEquals("base64", note.getText().getEncoding()); - - //Manufacture - assertEquals("Acme, Inc.", metadata.getManufacture().getName()); - assertEquals("https://example.com", metadata.getManufacture().getUrls().get(0)); - assertEquals(1, metadata.getManufacture().getContacts().size()); - assertEquals("Acme Professional Services", metadata.getManufacture().getContacts().get(0).getName()); - assertEquals("professional.services@example.com", metadata.getManufacture().getContacts().get(0).getEmail()); - assertEquals("Acme, Inc.", metadata.getSupplier().getName()); - - //Supplier - assertEquals("https://example.com", metadata.getSupplier().getUrls().get(0)); - assertEquals(1, metadata.getSupplier().getContacts().size()); - assertEquals("Acme Distribution", metadata.getSupplier().getContacts().get(0).getName()); - assertEquals("distribution@example.com", metadata.getSupplier().getContacts().get(0).getEmail()); - } } diff --git a/src/test/java/org/cyclonedx/parsers/XmlParserTest.java b/src/test/java/org/cyclonedx/parsers/XmlParserTest.java index 718ab87de..f2d92ae15 100644 --- a/src/test/java/org/cyclonedx/parsers/XmlParserTest.java +++ b/src/test/java/org/cyclonedx/parsers/XmlParserTest.java @@ -18,68 +18,30 @@ */ package org.cyclonedx.parsers; -import org.apache.commons.io.IOUtils; import org.cyclonedx.CycloneDxSchema; import org.cyclonedx.CycloneDxSchema.Version; -import org.cyclonedx.model.Annotation; -import org.cyclonedx.model.Annotator; import org.cyclonedx.model.Bom; import org.cyclonedx.model.Component; -import org.cyclonedx.model.Composition; -import org.cyclonedx.model.Composition.Aggregate; import org.cyclonedx.model.Dependency; import org.cyclonedx.model.ExternalReference; -import org.cyclonedx.model.License; -import org.cyclonedx.model.LicenseChoice; -import org.cyclonedx.model.Licensing; -import org.cyclonedx.model.LifecycleChoice; -import org.cyclonedx.model.LifecycleChoice.Phase; -import org.cyclonedx.model.Metadata; -import org.cyclonedx.model.OrganizationalContact; -import org.cyclonedx.model.OrganizationalEntity; -import org.cyclonedx.model.OrganizationalChoice; import org.cyclonedx.model.Pedigree; -import org.cyclonedx.model.Property; -import org.cyclonedx.model.ReleaseNotes; -import org.cyclonedx.model.ReleaseNotes.Notes; -import org.cyclonedx.model.ReleaseNotes.Resolves; -import org.cyclonedx.model.Service; -import org.cyclonedx.model.ServiceData; -import org.cyclonedx.model.formulation.Formula; -import org.cyclonedx.model.formulation.Workflow; -import org.cyclonedx.model.formulation.common.InputType; -import org.cyclonedx.model.formulation.common.OutputType; -import org.cyclonedx.model.formulation.common.ResourceReferenceChoice; -import org.cyclonedx.model.formulation.task.Command; -import org.cyclonedx.model.formulation.task.Step; -import org.cyclonedx.model.formulation.task.Task; -import org.cyclonedx.model.formulation.trigger.Condition; -import org.cyclonedx.model.formulation.trigger.Event; -import org.cyclonedx.model.formulation.trigger.Trigger; -import org.cyclonedx.model.formulation.workspace.Volume; -import org.cyclonedx.model.formulation.workspace.Workspace; -import org.cyclonedx.model.vulnerability.Vulnerability; -import org.cyclonedx.model.vulnerability.Vulnerability.Analysis.Justification; -import org.cyclonedx.model.vulnerability.Vulnerability.Analysis.State; -import org.cyclonedx.model.vulnerability.Vulnerability.Rating.Method; -import org.cyclonedx.model.vulnerability.Vulnerability.Rating.Severity; -import org.cyclonedx.model.vulnerability.Vulnerability.Version.Status; import org.junit.jupiter.api.Test; import java.io.File; import java.util.List; +import java.util.Objects; import static org.junit.jupiter.api.Assertions.assertEquals; -import static org.junit.jupiter.api.Assertions.assertFalse; import static org.junit.jupiter.api.Assertions.assertNotNull; import static org.junit.jupiter.api.Assertions.assertNull; import static org.junit.jupiter.api.Assertions.assertTrue; -@SuppressWarnings("deprecation") -public class XmlParserTest { +public class XmlParserTest + extends AbstractParserTest +{ @Test public void testValid10Bom() throws Exception { - final File file = new File(this.getClass().getResource("/bom-1.0.xml").getFile()); + final File file = new File(Objects.requireNonNull(this.getClass().getResource("/bom-1.0.xml")).getFile()); final XmlParser parser = new XmlParser(); final boolean valid = parser.isValid(file, CycloneDxSchema.Version.VERSION_10); assertTrue(valid); @@ -87,7 +49,7 @@ public void testValid10Bom() throws Exception { @Test public void testValid11Bom() throws Exception { - final File file = new File(this.getClass().getResource("/bom-1.1.xml").getFile()); + final File file = new File(Objects.requireNonNull(this.getClass().getResource("/bom-1.1.xml")).getFile()); final XmlParser parser = new XmlParser(); final boolean valid = parser.isValid(file, CycloneDxSchema.Version.VERSION_11); assertTrue(valid); @@ -95,7 +57,8 @@ public void testValid11Bom() throws Exception { @Test public void testValid11BomWithDependencyGraph10() throws Exception { - final File file = new File(this.getClass().getResource("/bom-1.1-dependency-graph-1.0.xml").getFile()); + final File file = new File( + Objects.requireNonNull(this.getClass().getResource("/bom-1.1-dependency-graph-1.0.xml")).getFile()); final XmlParser parser = new XmlParser(); final boolean valid = parser.isValid(file, CycloneDxSchema.Version.VERSION_11); assertTrue(valid); @@ -103,7 +66,8 @@ public void testValid11BomWithDependencyGraph10() throws Exception { @Test public void testValid11BomWithVulnerability10() throws Exception { - final File file = new File(this.getClass().getResource("/bom-1.1-vulnerability-1.0.xml").getFile()); + final File file = new File( + Objects.requireNonNull(this.getClass().getResource("/bom-1.1-vulnerability-1.0.xml")).getFile()); final XmlParser parser = new XmlParser(); final boolean valid = parser.isValid(file, CycloneDxSchema.Version.VERSION_11); assertTrue(valid); @@ -111,7 +75,7 @@ public void testValid11BomWithVulnerability10() throws Exception { @Test public void testValid12Bom() throws Exception { - final File file = new File(this.getClass().getResource("/bom-1.2.xml").getFile()); + final File file = new File(Objects.requireNonNull(this.getClass().getResource("/bom-1.2.xml")).getFile()); final XmlParser parser = new XmlParser(); final boolean valid = parser.isValid(file, CycloneDxSchema.Version.VERSION_12); assertTrue(valid); @@ -119,7 +83,7 @@ public void testValid12Bom() throws Exception { @Test public void testValidBomLink() throws Exception { - final File file = new File(this.getClass().getResource("/bom-1.4-bomlink.xml").getFile()); + final File file = new File(Objects.requireNonNull(this.getClass().getResource("/bom-1.4-bomlink.xml")).getFile()); final XmlParser parser = new XmlParser(); Bom bom = parser.parse(file); assertTrue(parser.isValid(file, CycloneDxSchema.Version.VERSION_14)); @@ -130,7 +94,7 @@ public void testValidBomLink() throws Exception { @Test public void testValid12BomWithPedigree() throws Exception { - final File file = new File(this.getClass().getResource("/bom-1.2-pedigree.xml").getFile()); + final File file = new File(Objects.requireNonNull(this.getClass().getResource("/bom-1.2-pedigree.xml")).getFile()); final XmlParser parser = new XmlParser(); final boolean valid = parser.isValid(file, CycloneDxSchema.Version.VERSION_12); assertTrue(valid); @@ -147,7 +111,7 @@ private void testPedigree(final Pedigree pedigree) { @Test public void testValid12BomWithPedigreeWithPatches() throws Exception { - final File file = new File(this.getClass().getResource("/bom-1.2-pedigree-example.xml").getFile()); + final File file = new File(Objects.requireNonNull(this.getClass().getResource("/bom-1.2-pedigree-example.xml")).getFile()); final XmlParser parser = new XmlParser(); final boolean valid = parser.isValid(file, CycloneDxSchema.Version.VERSION_12); assertTrue(valid); @@ -163,9 +127,7 @@ private void testPedigreeFromExample(final Pedigree pedigree) { @Test public void testParsedObjects10Bom() throws Exception { - final byte[] bomBytes = IOUtils.toByteArray(this.getClass().getResourceAsStream("/bom-1.0.xml")); - final XmlParser parser = new XmlParser(); - final Bom bom = parser.parse(bomBytes); + final Bom bom = getXmlBom("bom-1.0.xml"); assertEquals(1, bom.getComponents().size()); assertEquals("1.0", bom.getSpecVersion()); assertEquals(1, bom.getVersion()); @@ -189,9 +151,7 @@ public void testParsedObjects10Bom() throws Exception { @Test public void testParsedObjects11Bom() throws Exception { - final byte[] bomBytes = IOUtils.toByteArray(this.getClass().getResourceAsStream("/bom-1.1.xml")); - final XmlParser parser = new XmlParser(); - final Bom bom = parser.parse(bomBytes); + final Bom bom = getXmlBom("bom-1.1.xml"); assertEquals(3, bom.getComponents().size()); assertEquals("1.1", bom.getSpecVersion()); assertEquals(1, bom.getVersion()); @@ -236,9 +196,8 @@ public void testParsedObjects11Bom() throws Exception { @Test public void testParsedObjects11BomWithDependencyGraph10() throws Exception { - final byte[] bomBytes = IOUtils.toByteArray(this.getClass().getResourceAsStream("/bom-1.1-dependency-graph-1.0.xml")); - final XmlParser parser = new XmlParser(); - final Bom bom = parser.parse(bomBytes); + final Bom bom = getXmlBom("bom-1.1-dependency-graph-1.0.xml"); + assertEquals(3, bom.getComponents().size()); assertEquals("1.1", bom.getSpecVersion()); assertEquals(1, bom.getVersion()); @@ -267,98 +226,18 @@ public void testParsedObjects11BomWithDependencyGraph10() throws Exception { @Test public void testParsedObjects12Bom() throws Exception { - final byte[] bomBytes = IOUtils.toByteArray(this.getClass().getResourceAsStream("/bom-1.2.xml")); - final XmlParser parser = new XmlParser(); - final Bom bom = parser.parse(bomBytes); - assertEquals(3, bom.getComponents().size()); - assertEquals("1.2", bom.getSpecVersion()); - assertEquals(1, bom.getVersion()); - assertNotNull(bom.getMetadata()); - assertNotNull(bom.getMetadata().getTimestamp()); - assertEquals(1, bom.getMetadata().getTools().size()); - assertEquals("Awesome Vendor", bom.getMetadata().getTools().get(0).getVendor()); - assertEquals("Awesome Tool", bom.getMetadata().getTools().get(0).getName()); - assertEquals("9.1.2", bom.getMetadata().getTools().get(0).getVersion()); - assertEquals(2, bom.getMetadata().getTools().get(0).getHashes().size()); - assertEquals("SHA-1", bom.getMetadata().getTools().get(0).getHashes().get(0).getAlgorithm()); - assertEquals("25ed8e31b995bb927966616df2a42b979a2717f0", bom.getMetadata().getTools().get(0).getHashes().get(0).getValue()); - assertEquals(1, bom.getMetadata().getAuthors().size()); - assertEquals("Samantha Wright", bom.getMetadata().getAuthors().get(0).getName()); - assertEquals("samantha.wright@example.com", bom.getMetadata().getAuthors().get(0).getEmail()); - assertEquals("800-555-1212", bom.getMetadata().getAuthors().get(0).getPhone()); - assertEquals("Acme Application", bom.getMetadata().getComponent().getName()); - assertEquals("9.1.1", bom.getMetadata().getComponent().getVersion()); - assertEquals(Component.Type.APPLICATION, bom.getMetadata().getComponent().getType()); - assertNotNull(bom.getMetadata().getComponent().getSwid()); - assertEquals("swidgen-242eb18a-503e-ca37-393b-cf156ef09691_9.1.1", bom.getMetadata().getComponent().getSwid().getTagId()); - assertEquals("Acme Application", bom.getMetadata().getComponent().getSwid().getName()); - assertEquals("9.1.1", bom.getMetadata().getComponent().getSwid().getVersion()); - assertEquals(0, bom.getMetadata().getComponent().getSwid().getTagVersion()); - assertFalse(bom.getMetadata().getComponent().getSwid().isPatch()); - assertEquals("Acme, Inc.", bom.getMetadata().getManufacture().getName()); - assertEquals("https://example.com", bom.getMetadata().getManufacture().getUrls().get(0)); - assertEquals(1, bom.getMetadata().getManufacture().getContacts().size()); - assertEquals("Acme Professional Services", bom.getMetadata().getManufacture().getContacts().get(0).getName()); - assertEquals("professional.services@example.com", bom.getMetadata().getManufacture().getContacts().get(0).getEmail()); - assertEquals("Acme, Inc.", bom.getMetadata().getSupplier().getName()); - assertEquals("https://example.com", bom.getMetadata().getSupplier().getUrls().get(0)); - assertEquals(1, bom.getMetadata().getSupplier().getContacts().size()); - assertEquals("Acme Distribution", bom.getMetadata().getSupplier().getContacts().get(0).getName()); - assertEquals("distribution@example.com", bom.getMetadata().getSupplier().getContacts().get(0).getEmail()); + final Bom bom = getXmlBom("bom-1.2.xml"); + + assertMetadata(bom, Version.VERSION_12); + final List components = bom.getComponents(); - assertEquals(3, components.size()); - Component c1 = components.get(0); - assertEquals("com.acme", c1.getGroup()); - assertEquals("tomcat-catalina", c1.getName()); - assertEquals("9.0.14", c1.getVersion()); - assertEquals(Component.Type.APPLICATION, c1.getType()); - assertEquals("pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar", c1.getPurl()); - // Begin Services - List services = bom.getServices(); - assertEquals(1, services.size()); - Service s = services.get(0); - OrganizationalEntity provider = s.getProvider(); - assertNotNull(provider); - assertEquals("Partner Org", provider.getName()); - List urls = provider.getUrls(); - assertEquals(1, urls.size()); - assertEquals("https://partner.org", urls.get(0)); - List contacts = provider.getContacts(); - assertEquals(1, contacts.size()); - OrganizationalContact contact = contacts.get(0); - assertEquals("Support", contact.getName()); - assertEquals("support@partner", contact.getEmail()); - assertEquals("800-555-1212", contact.getPhone()); - assertEquals("org.partner", s.getGroup()); - assertEquals("Stock ticker service", s.getName()); - assertEquals("2020-Q2", s.getVersion()); - assertEquals("Provides real-time stock information", s.getDescription()); - List endpoints = s.getEndpoints(); - assertEquals(2, endpoints.size()); - assertEquals("https://partner.org/api/v1/lookup", endpoints.get(0)); - assertEquals("https://partner.org/api/v1/stock", endpoints.get(1)); - assertNotNull(s.getAuthenticated()); - assertNotNull(s.getxTrustBoundary()); - assertTrue(s.getAuthenticated()); - assertTrue(s.getxTrustBoundary()); - List data = s.getData(); - assertEquals(3, data.size()); - assertEquals("inbound", data.get(0).getFlow().getFlowName()); - assertEquals("PII", data.get(0).getClassification()); - assertEquals(ServiceData.Flow.OUTBOUND, data.get(1).getFlow()); - assertEquals("PIFI", data.get(1).getClassification()); - assertEquals(ServiceData.Flow.BI_DIRECTIONAL, data.get(2).getFlow()); - assertEquals("pubic", data.get(2).getClassification()); - assertNotNull(s.getLicense()); - assertEquals(1, s.getLicense().getLicenses().size()); - assertEquals("Partner license", s.getLicense().getLicenses().get(0).getName()); - assertEquals(2, s.getExternalReferences().size()); - assertEquals(ExternalReference.Type.WEBSITE, s.getExternalReferences().get(0).getType()); - assertEquals("http://partner.org", s.getExternalReferences().get(0).getUrl()); - assertEquals(ExternalReference.Type.DOCUMENTATION, s.getExternalReferences().get(1).getType()); - assertEquals("http://api.partner.org/swagger", s.getExternalReferences().get(1).getUrl()); - // End Services - // Begin Dependencies + + // Assertions for bom.components + assertComponent(components.get(0), Component.Type.APPLICATION, "pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar"); + + assertServices(bom); + + // Assertions for bom.dependencies assertEquals(1, bom.getDependencies().size()); Dependency d1 = bom.getDependencies().get(0); assertNotNull(d1); @@ -371,98 +250,18 @@ public void testParsedObjects12Bom() throws Exception { @Test public void testParsedObjects13Bom() throws Exception { - final byte[] bomBytes = IOUtils.toByteArray(this.getClass().getResourceAsStream("/bom-1.3.xml")); - final XmlParser parser = new XmlParser(); - final Bom bom = parser.parse(bomBytes); - assertEquals(3, bom.getComponents().size()); - assertEquals("1.3", bom.getSpecVersion()); - assertEquals(1, bom.getVersion()); - assertNotNull(bom.getMetadata()); - assertNotNull(bom.getMetadata().getTimestamp()); - assertEquals(1, bom.getMetadata().getTools().size()); - assertEquals("Awesome Vendor", bom.getMetadata().getTools().get(0).getVendor()); - assertEquals("Awesome Tool", bom.getMetadata().getTools().get(0).getName()); - assertEquals("9.1.2", bom.getMetadata().getTools().get(0).getVersion()); - assertEquals(2, bom.getMetadata().getTools().get(0).getHashes().size()); - assertEquals("SHA-1", bom.getMetadata().getTools().get(0).getHashes().get(0).getAlgorithm()); - assertEquals("25ed8e31b995bb927966616df2a42b979a2717f0", bom.getMetadata().getTools().get(0).getHashes().get(0).getValue()); - //assertEquals(1, bom.getMetadata().getAuthors().size()); - //assertEquals("Samantha Wright", bom.getMetadata().getAuthors().get(0).getName()); - //assertEquals("samantha.wright@example.com", bom.getMetadata().getAuthors().get(0).getEmail()); - //assertEquals("800-555-1212", bom.getMetadata().getAuthors().get(0).getPhone()); - assertEquals("Acme Application", bom.getMetadata().getComponent().getName()); - assertEquals("9.1.1", bom.getMetadata().getComponent().getVersion()); - assertEquals(Component.Type.APPLICATION, bom.getMetadata().getComponent().getType()); - assertNotNull(bom.getMetadata().getComponent().getSwid()); - assertEquals("swidgen-242eb18a-503e-ca37-393b-cf156ef09691_9.1.1", bom.getMetadata().getComponent().getSwid().getTagId()); - assertEquals("Acme Application", bom.getMetadata().getComponent().getSwid().getName()); - assertEquals("9.1.1", bom.getMetadata().getComponent().getSwid().getVersion()); - assertEquals(0, bom.getMetadata().getComponent().getSwid().getTagVersion()); - assertFalse(bom.getMetadata().getComponent().getSwid().isPatch()); - assertEquals("Acme, Inc.", bom.getMetadata().getManufacture().getName()); - assertEquals("https://example.com", bom.getMetadata().getManufacture().getUrls().get(0)); - assertEquals(1, bom.getMetadata().getManufacture().getContacts().size()); - assertEquals("Acme Professional Services", bom.getMetadata().getManufacture().getContacts().get(0).getName()); - assertEquals("professional.services@example.com", bom.getMetadata().getManufacture().getContacts().get(0).getEmail()); - assertEquals("Acme, Inc.", bom.getMetadata().getSupplier().getName()); - assertEquals("https://example.com", bom.getMetadata().getSupplier().getUrls().get(0)); - assertEquals(1, bom.getMetadata().getSupplier().getContacts().size()); - assertEquals("Acme Distribution", bom.getMetadata().getSupplier().getContacts().get(0).getName()); - assertEquals("distribution@example.com", bom.getMetadata().getSupplier().getContacts().get(0).getEmail()); + final Bom bom = getXmlBom("bom-1.3.xml"); + + assertMetadata(bom, Version.VERSION_13); + final List components = bom.getComponents(); assertEquals(3, components.size()); - Component c1 = components.get(0); - assertEquals("com.acme", c1.getGroup()); - assertEquals("tomcat-catalina", c1.getName()); - assertEquals("9.0.14", c1.getVersion()); - assertEquals(Component.Type.APPLICATION, c1.getType()); - assertEquals("pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar", c1.getPurl()); - // Begin Services - List services = bom.getServices(); - assertEquals(1, services.size()); - Service s = services.get(0); - OrganizationalEntity provider = s.getProvider(); - assertNotNull(provider); - assertEquals("Partner Org", provider.getName()); - List urls = provider.getUrls(); - assertEquals(1, urls.size()); - assertEquals("https://partner.org", urls.get(0)); - List contacts = provider.getContacts(); - assertEquals(1, contacts.size()); - OrganizationalContact contact = contacts.get(0); - assertEquals("Support", contact.getName()); - assertEquals("support@partner", contact.getEmail()); - assertEquals("800-555-1212", contact.getPhone()); - assertEquals("org.partner", s.getGroup()); - assertEquals("Stock ticker service", s.getName()); - assertEquals("2020-Q2", s.getVersion()); - assertEquals("Provides real-time stock information", s.getDescription()); - List endpoints = s.getEndpoints(); - assertEquals(2, endpoints.size()); - assertEquals("https://partner.org/api/v1/lookup", endpoints.get(0)); - assertEquals("https://partner.org/api/v1/stock", endpoints.get(1)); - assertNotNull(s.getAuthenticated()); - assertNotNull(s.getxTrustBoundary()); - assertTrue(s.getAuthenticated()); - assertTrue(s.getxTrustBoundary()); - List data = s.getData(); - assertEquals(3, data.size()); - assertEquals("inbound", data.get(0).getFlow().getFlowName()); - assertEquals("PII", data.get(0).getClassification()); - assertEquals(ServiceData.Flow.OUTBOUND, data.get(1).getFlow()); - assertEquals("PIFI", data.get(1).getClassification()); - assertEquals(ServiceData.Flow.BI_DIRECTIONAL, data.get(2).getFlow()); - assertEquals("pubic", data.get(2).getClassification()); - assertNotNull(s.getLicense()); - assertEquals(1, s.getLicense().getLicenses().size()); - assertEquals("Partner license", s.getLicense().getLicenses().get(0).getName()); - assertEquals(2, s.getExternalReferences().size()); - assertEquals(ExternalReference.Type.WEBSITE, s.getExternalReferences().get(0).getType()); - assertEquals("http://partner.org", s.getExternalReferences().get(0).getUrl()); - assertEquals(ExternalReference.Type.DOCUMENTATION, s.getExternalReferences().get(1).getType()); - assertEquals("http://api.partner.org/swagger", s.getExternalReferences().get(1).getUrl()); - // End Services - // Begin Dependencies + + assertComponent(components.get(0), Component.Type.APPLICATION, "pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar"); + + assertServices(bom); + + // Assertions for bom.dependencies assertEquals(1, bom.getDependencies().size()); Dependency d1 = bom.getDependencies().get(0); assertNotNull(d1); @@ -475,12 +274,9 @@ public void testParsedObjects13Bom() throws Exception { @Test public void testParsedObjects14Bom() throws Exception { - final byte[] bomBytes = IOUtils.toByteArray(this.getClass().getResourceAsStream("/bom-1.4.xml")); - final XmlParser parser = new XmlParser(); - final Bom bom = parser.parse(bomBytes); + final Bom bom = getXmlBom("bom-1.4.xml"); - assertEquals("1.4", bom.getSpecVersion()); - assertEquals(1, bom.getVersion()); + assertCommonBomProperties(bom, Version.VERSION_14); assertMetadata(bom.getMetadata(), Version.VERSION_14); assertComponent(bom, Version.VERSION_14); @@ -499,16 +295,15 @@ public void testParsedObjects14Bom() throws Exception { //Assert Annotations assertAnnotations(bom, Version.VERSION_14); + //Assert Formulation + assertFormulation(bom, Version.VERSION_14); } @Test public void testParsedObjects15Bom() throws Exception { - final byte[] bomBytes = IOUtils.toByteArray(this.getClass().getResourceAsStream("/bom-1.5.xml")); - final XmlParser parser = new XmlParser(); - final Bom bom = parser.parse(bomBytes); + final Bom bom = getXmlBom("bom-1.5.xml"); - assertEquals("1.5", bom.getSpecVersion()); - assertEquals(1, bom.getVersion()); + assertCommonBomProperties(bom, Version.VERSION_15); assertMetadata(bom.getMetadata(), Version.VERSION_15); assertComponent(bom, Version.VERSION_15); @@ -531,655 +326,12 @@ public void testParsedObjects15Bom() throws Exception { assertFormulation(bom, Version.VERSION_15); } - private void assertFormulation(final Bom bom, final Version version) { - if(version== Version.VERSION_15) { - List formulas = bom.getFormulation(); - - assertEquals(1, formulas.size()); - - Formula formula = formulas.get(0); - assertNotNull(formula.getBomRef()); - assertNotNull(formula.getComponents()); - assertNull(formula.getServices()); - assertNull(formula.getProperties()); - assertWorkflows(formula.getWorkflows()); - } else { - assertNull(bom.getFormulation()); - } - } - private void assertWorkflows(List workflows) { - assertEquals(workflows.size(), 1); - - Workflow workflow = workflows.get(0); - assertNotNull(workflow.getBomRef()); - assertNotNull(workflow.getUid()); - assertNotNull(workflow.getName()); - assertNotNull(workflow.getDescription()); - assertNotNull(workflow.getResourceReferences()); - - assertNotNull(workflow.getTimeEnd()); - assertNotNull(workflow.getTimeStart()); - assertNotNull(workflow.getRuntimeTopology()); - assertNotNull(workflow.getTaskDependencies()); - - assertTasks(workflow.getTasks()); - assertSteps(workflow.getSteps()); - assertTrigger(workflow.getTrigger()); - assertInputs(workflow.getInputs()); - assertOutputs(workflow.getOutputs()); - assertProperties(workflow.getProperties()); - assertWorkspaces(workflow.getWorkspaces()); - } - - private void assertWorkspaces(List workspaces) { - assertEquals(workspaces.size(), 1); - assertNotNull(workspaces); - - Workspace workspace = workspaces.get(0); - assertNotNull(workspace.getBomRef()); - assertNotNull(workspace.getUid()); - assertNotNull(workspace.getName()); - assertNotNull(workspace.getDescription()); - assertNotNull(workspace.getResourceReferences()); - - - assertNotNull(workspace.getAccessMode()); - assertNotNull(workspace.getMountPath()); - assertNotNull(workspace.getManagedDataType()); - assertNotNull(workspace.getVolumeRequest()); - - assertVolume(workspace.getVolume()); - - //assertProperties(workspace.getProperties()); - } - - private void assertVolume(Volume volume) { - assertNotNull(volume); - - assertNotNull(volume.getUid()); - assertNotNull(volume.getName()); - assertNotNull(volume.getMode()); - assertNotNull(volume.getPath()); - assertNotNull(volume.getSizeAllocated()); - assertNotNull(volume.getPersistent()); - assertNotNull(volume.getRemote()); - - assertProperties(volume.getProperties()); - } - - private void assertTrigger(Trigger trigger) { - assertNotNull(trigger); - - assertNotNull(trigger.getBomRef()); - assertNotNull(trigger.getUid()); - assertNotNull(trigger.getName()); - assertNotNull(trigger.getDescription()); - assertNotNull(trigger.getResourceReferences()); - assertNotNull(trigger.getType()); - assertNotNull(trigger.getTimeActivated()); - - //Event - assertEvent(trigger.getEvent()); - //Conditions - assertConditions(trigger.getConditions()); - //Inputs - assertInputs(trigger.getInputs()); - //Outputs - assertOutputs(trigger.getOutputs()); - - assertProperties(trigger.getProperties()); - } - - private void assertOutputs(List outputs){ - assertNotNull(outputs.size()); - - OutputType outputType = outputs.get(0); - //Source - assertResourceReference(outputType.getSource()); - //Target - assertResourceReference(outputType.getTarget()); - assertOutputData(outputType); - - assertProperties(outputType.getProperties()); - } - - private void assertOutputData(OutputType outputType) { - if (outputType.getResource() != null) { - assertNull(outputType.getData()); - assertNull(outputType.getEnvironmentVars()); - } - else if (outputType.getData() != null) { - assertNull(outputType.getResource()); - assertNull(outputType.getEnvironmentVars()); - } - else if (outputType.getEnvironmentVars() != null) { - assertNull(outputType.getResource()); - assertNull(outputType.getData()); - } - else { - assertNull(outputType.getResource()); - assertNull(outputType.getData()); - assertNull(outputType.getEnvironmentVars()); - } - } - - private void assertInputs(List inputs){ - assertNotNull(inputs.size()); - - InputType inputType = inputs.get(0); - //Source - assertResourceReference(inputType.getSource()); - //Target - assertResourceReference(inputType.getTarget()); - assertInputData(inputType); - - assertProperties(inputType.getProperties()); - } - - private void assertInputData(InputType inputType) { - if (inputType.getResource() != null) { - assertNull(inputType.getParameters()); - assertNull(inputType.getData()); - assertNull(inputType.getEnvironmentVars()); - } - else if (inputType.getParameters() != null) { - assertNull(inputType.getResource()); - assertNull(inputType.getData()); - assertNull(inputType.getEnvironmentVars()); - } - else if (inputType.getData() != null) { - assertNull(inputType.getResource()); - assertNull(inputType.getParameters()); - assertNull(inputType.getEnvironmentVars()); - } - else if (inputType.getEnvironmentVars() != null) { - assertNull(inputType.getResource()); - assertNull(inputType.getParameters()); - assertNull(inputType.getData()); - } - else { - assertNull(inputType.getResource()); - assertNull(inputType.getParameters()); - assertNull(inputType.getData()); - assertNull(inputType.getEnvironmentVars()); - } - } - - private void assertConditions(List conditions) { - assertEquals(conditions.size(), 1); - - Condition condition = conditions.get(0); - - assertNotNull(condition.getDescription()); - assertNotNull(condition.getExpression()); - - assertProperties(condition.getProperties()); - } - - private void assertEvent(Event event) { - assertNotNull(event); - - assertNotNull(event.getUid()); - assertNotNull(event.getDescription()); - assertNotNull(event.getTimeReceived()); - assertNotNull(event.getData()); - - //Source - assertResourceReference(event.getSource()); - //Target - assertResourceReference(event.getTarget()); - - assertProperties(event.getProperties()); - } - - private void assertResourceReference(ResourceReferenceChoice resourceReferenceChoice) { - if (resourceReferenceChoice != null) { - - if (resourceReferenceChoice.getExternalReference() != null) { - assertNull(resourceReferenceChoice.getRef()); - } - else { - assertNull(resourceReferenceChoice.getExternalReference()); - } - } - } - - private void assertTasks(List tasks){ - assertEquals(tasks.size(), 1); - - Task task = tasks.get(0); - assertNotNull(task.getBomRef()); - assertNotNull(task.getUid()); - assertNotNull(task.getName()); - assertNotNull(task.getDescription()); - assertNotNull(task.getResourceReferences()); - assertNotNull(task.getTaskTypes()); - } - - private void assertSteps(List steps){ - assertEquals(steps.size(), 1); - - Step step = steps.get(0); - assertNotNull(step.getName()); - assertNotNull(step.getDescription()); - assertCommands(step.getCommands()); - assertProperties(step.getProperties()); - } - - private void assertCommands(List commands){ - assertEquals(commands.size(), 1); - - Command command = commands.get(0); - assertNotNull(command.getExecuted()); - assertProperties(command.getProperties()); - } - - private void assertProperties(List properties) { - if (properties != null) { - Property property = properties.get(0); - assertNotNull(property.getName()); - assertNotNull(property.getValue()); - } - } - - private void assertCompositions(final Bom bom, final Version version) { - final List compositions = bom.getCompositions(); - assertEquals(3, compositions.size()); - Composition composition = compositions.get(0); - - assertEquals(composition.getAggregate(), Aggregate.COMPLETE); - assertNotNull(composition.getAssemblies()); - assertNotNull(composition.getDependencies()); - - //Assert Vulnerability Rejected - if (version == Version.VERSION_15) { - composition = compositions.get(2); - assertNotNull(composition.getVulnerabilities()); - assertEquals("6eee14da-8f42-4cc4-bb65-203235f02415", composition.getVulnerabilities().get(0).getRef()); - } - else { - assertNull(composition.getVulnerabilities()); - assertNull(composition.getBomRef()); - } - } - - private void assertAnnotations(final Bom bom, final Version version) { - - if (version == Version.VERSION_15) { - List annotations = bom.getAnnotations(); - - assertEquals(annotations.size(), 1); - - Annotation annotation = annotations.get(0); - assertNotNull(annotation.getBomRef()); - assertNotNull(annotation.getText()); - assertNotNull(annotation.getTimestamp()); - - assertEquals(annotation.getSubjects().size(), 1); - assertAnnotator(annotation.getAnnotator()); - } else { - assertNull(bom.getAnnotations()); - } - } - - private void assertAnnotator(final Annotator annotator) { - assertNotNull(annotator); - assertNull(annotator.getIndividual()); - assertNull(annotator.getComponent()); - assertNull(annotator.getService()); - - assertNotNull(annotator.getOrganization()); - assertEquals(annotator.getOrganization().getName(), "Acme, Inc."); - assertEquals(annotator.getOrganization().getContacts().size(), 1); - assertEquals(annotator.getOrganization().getUrls().size(), 1); - } - @Test public void testParsedObjects14Bom_WithVulnsExtension() throws Exception { - final byte[] bomBytes = IOUtils.toByteArray(this.getClass().getResourceAsStream("/valid-ext-vulnerability-1.4.xml")); - final XmlParser parser = new XmlParser(); - final Bom bom = parser.parse(bomBytes); + final Bom bom = getXmlBom("valid-ext-vulnerability-1.4.xml"); assertEquals("1.4", bom.getSpecVersion()); assertEquals(1, bom.getVersion()); assertNull(bom.getVulnerabilities()); } - - private void assertVulnerabilities(final Bom bom, final Version version) { - final List vulnerabilities = bom.getVulnerabilities(); - assertEquals(1, vulnerabilities.size()); - Vulnerability vuln = vulnerabilities.get(0); - - assertEquals("6eee14da-8f42-4cc4-bb65-203235f02415", vuln.getBomRef()); - assertEquals("SONATYPE-2021123", vuln.getId()); - assertEquals("Description", vuln.getDescription()); - assertEquals("Detail", vuln.getDetail()); - assertEquals("Upgrade", vuln.getRecommendation()); - assertEquals(184, vuln.getCwes().get(0)); - assertNotNull(vuln.getCreated()); - assertNotNull(vuln.getPublished()); - assertNotNull(vuln.getUpdated()); - - //Assert Vulnerability Rejected - if (version != Version.VERSION_14) { - assertNotNull(vuln.getRejected()); - } - else { - assertNull(vuln.getRejected()); - } - - //Source - assertEquals("Sonatype", vuln.getSource().getName()); - assertEquals("https://www.vuln.com", vuln.getSource().getUrl()); - - //References - assertEquals(1, vuln.getReferences().size()); - assertEquals("CVE-2018-7489", vuln.getReferences().get(0).getId()); - assertEquals("NVD", vuln.getReferences().get(0).getSource().getName()); - assertEquals("https://nvd.nist.gov/vuln/detail/CVE-2019-9997", - vuln.getReferences().get(0).getSource().getUrl()); - - //Ratings - assertEquals(1, vuln.getRatings().size()); - assertEquals("NVD", vuln.getRatings().get(0).getSource().getName()); - assertEquals( - "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&version=3.0", - vuln.getRatings().get(0).getSource().getUrl()); - assertEquals(9.8, vuln.getRatings().get(0).getScore()); - assertEquals(Severity.CRITICAL, vuln.getRatings().get(0).getSeverity()); - assertEquals(Method.CVSSV3, vuln.getRatings().get(0).getMethod()); - assertEquals("AN/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", vuln.getRatings().get(0).getVector()); - assertEquals("An optional reason for rating the vulnerability as it was", - vuln.getRatings().get(0).getJustification()); - - //Advisories - assertEquals(1, vuln.getAdvisories().size()); - assertEquals("GitHub Commit", vuln.getAdvisories().get(0).getTitle()); - assertEquals("https://github.com/FasterXML/jackson-databind/commit/6799f8f10cc78e9af6d443ed6982d00a13f2e7d2", - vuln.getAdvisories().get(0).getUrl()); - - //Credits - assertEquals(1, vuln.getCredits().getIndividuals().size()); - assertEquals(1, vuln.getCredits().getOrganizations().size()); - - assertEquals("Jane Doe", vuln.getCredits().getIndividuals().get(0).getName()); - assertEquals("jane.doe@example.com", vuln.getCredits().getIndividuals().get(0).getEmail()); - - assertEquals("Acme, Inc.", vuln.getCredits().getOrganizations().get(0).getName()); - assertEquals("https://example.com", vuln.getCredits().getOrganizations().get(0).getUrls().get(0)); - - //Tools - assertEquals(1, vuln.getTools().size()); - assertEquals("Sonatype CLI", vuln.getTools().get(0).getName()); - assertEquals("Sonatype", vuln.getTools().get(0).getVendor()); - assertEquals("1.131", vuln.getTools().get(0).getVersion()); - assertEquals(1, vuln.getTools().get(0).getHashes().size()); - - //Analysis - assertEquals(State.NOT_AFFECTED, vuln.getAnalysis().getState()); - assertEquals(Justification.CODE_NOT_REACHABLE, vuln.getAnalysis().getJustification()); - assertEquals("An optional explanation of why the application is not affected by the vulnerable component.", - vuln.getAnalysis().getDetail()); - assertEquals("update", vuln.getAnalysis().getResponses().get(0).getResponseName()); - - //Vulnerability Analysis Timestamp 1.5 - if (version != Version.VERSION_14) { - assertNotNull(vuln.getAnalysis().getFirstIssued()); - assertNotNull(vuln.getAnalysis().getLastUpdated()); - } else { - assertNull(vuln.getAnalysis().getFirstIssued()); - assertNull(vuln.getAnalysis().getLastUpdated()); - } - - //Affects - assertEquals(1, vuln.getAffects().size()); - assertEquals("pkg:maven/com.acme/jackson-databind@2.9.9", vuln.getAffects().get(0).getRef()); - - assertEquals("vers:semver/<2.6.7.5", vuln.getAffects().get(0).getVersions().get(0).getRange()); - assertEquals(Status.AFFECTED, vuln.getAffects().get(0).getVersions().get(0).getStatus()); - - assertEquals("2.9.9", vuln.getAffects().get(0).getVersions().get(1).getVersion()); - assertEquals(Status.AFFECTED, vuln.getAffects().get(0).getVersions().get(1).getStatus()); - } - - private void assertServices(final Bom bom) { - //Services - List services = bom.getServices(); - assertEquals(1, services.size()); - Service s = services.get(0); - OrganizationalEntity provider = s.getProvider(); - assertNotNull(provider); - assertEquals("Partner Org", provider.getName()); - List urls = provider.getUrls(); - assertEquals(1, urls.size()); - assertEquals("https://partner.org", urls.get(0)); - - List contacts = provider.getContacts(); - assertEquals(1, contacts.size()); - OrganizationalContact contact = contacts.get(0); - assertEquals("Support", contact.getName()); - assertEquals("support@partner", contact.getEmail()); - assertEquals("800-555-1212", contact.getPhone()); - assertEquals("org.partner", s.getGroup()); - assertEquals("Stock ticker service", s.getName()); - assertEquals("2020-Q2", s.getVersion()); - assertEquals("Provides real-time stock information", s.getDescription()); - - List endpoints = s.getEndpoints(); - assertEquals(2, endpoints.size()); - assertEquals("https://partner.org/api/v1/lookup", endpoints.get(0)); - assertEquals("https://partner.org/api/v1/stock", endpoints.get(1)); - assertNotNull(s.getAuthenticated()); - assertNotNull(s.getxTrustBoundary()); - assertTrue(s.getAuthenticated()); - assertTrue(s.getxTrustBoundary()); - - List data = s.getData(); - assertEquals(4, data.size()); - assertEquals("inbound", data.get(0).getFlow().getFlowName()); - assertEquals("PII", data.get(0).getClassification()); - assertEquals(ServiceData.Flow.OUTBOUND, data.get(1).getFlow()); - assertEquals("PIFI", data.get(1).getClassification()); - assertEquals(ServiceData.Flow.BI_DIRECTIONAL, data.get(2).getFlow()); - assertEquals("pubic", data.get(2).getClassification()); - assertNotNull(s.getLicense()); - assertEquals(1, s.getLicense().getLicenses().size()); - assertEquals("Partner license", s.getLicense().getLicenses().get(0).getName()); - assertEquals(2, s.getExternalReferences().size()); - assertEquals(ExternalReference.Type.WEBSITE, s.getExternalReferences().get(0).getType()); - assertEquals("http://partner.org", s.getExternalReferences().get(0).getUrl()); - assertEquals(ExternalReference.Type.DOCUMENTATION, s.getExternalReferences().get(1).getType()); - assertEquals("http://api.partner.org/swagger", s.getExternalReferences().get(1).getUrl()); - } - - private void assertComponent(final Bom bom, final Version version) { - final List components = bom.getComponents(); - assertEquals(1, components.size()); - Component component = components.get(0); - assertEquals("com.acme", component.getGroup()); - assertEquals("jackson-databind", component.getName()); - assertEquals("2.9.4", component.getVersion()); - assertEquals(Component.Type.LIBRARY, component.getType()); - assertEquals("pkg:maven/com.acme/jackson-databind@2.9.4", component.getPurl()); - assertEquals(12, component.getHashes().size()); - - //Licenses - assertLicense(component.getLicenseChoice(), version); - - assertEquals("Copyright Example Inc. All rights reserved.", component.getCopyright()); - assertEquals("Acme Application", component.getSwid().getName()); - assertEquals("9.1.1", component.getSwid().getVersion()); - assertEquals("swidgen-242eb18a-503e-ca37-393b-cf156ef09691_9.1.1", component.getSwid().getTagId()); - - if (version == Version.VERSION_14) { - assertEquals(1, component.getExternalReferences().size()); - } - else { - assertEquals(2, component.getExternalReferences().size()); - //Security Contact - assertSecurityContact(component.getExternalReferences().get(1)); - } - - //Evidence - assertNotNull(component.getEvidence()); - assertEquals("Copyright 2012 Google Inc. All Rights Reserved.", - component.getEvidence().getCopyright().get(0).getText()); - assertEquals("Apache-2.0", component.getEvidence().getLicenseChoice().getLicenses().get(0).getId()); - assertEquals("http://www.apache.org/licenses/LICENSE-2.0", - component.getEvidence().getLicenseChoice().getLicenses().get(0).getUrl()); - } - - private void assertSecurityContact(ExternalReference externalReference) { - assertEquals(externalReference.getType(), ExternalReference.Type.SECURITY_CONTACT); - assertEquals(externalReference.getComment(), "test"); - assertEquals(externalReference.getUrl(), "http://example.org/docs"); - } - - private void assertLicense(LicenseChoice licenseChoice, final Version version) { - assertNotNull(licenseChoice); - assertNull(licenseChoice.getExpression()); - - assertEquals(1, licenseChoice.getLicenses().size()); - License license = licenseChoice.getLicenses().get(0); - assertNotNull(license); - - if (version == Version.VERSION_14) { - assertNull(license.getProperties()); - assertNull(license.getBomRef()); - } - else { - //Dev Licensing - assertLicensing(license.getLicensing()); - assertEquals(license.getProperties().size(), 1); - assertNotNull(license.getBomRef()); - } - } - - private void assertLicensing(final Licensing licensing) { - assertNotNull(licensing); - - assertEquals(1, licensing.getAltIds().size()); - assertNotNull(licensing.getPurchaseOrder()); - assertLicensor(licensing.getLicensor()); - assertLicensee(licensing.getLicensee()); - assertPurchaser(licensing.getPurchaser()); - assertNotNull(licensing.getExpiration()); - assertNotNull(licensing.getLastRenewal()); - assertEquals(licensing.getLicenseTypes().size(), 1); - } - - private void assertLicensor(OrganizationalChoice licensor) { - assertNull(licensor.getIndividual()); - assertNotNull(licensor.getOrganization()); - assertEquals(licensor.getOrganization().getName(), "Acme Inc"); - assertEquals(licensor.getOrganization().getContacts().size(), 2); - assertNull(licensor.getOrganization().getUrls()); - } - - private void assertLicensee(OrganizationalChoice licensee) { - assertNull(licensee.getIndividual()); - assertNotNull(licensee.getOrganization()); - assertEquals(licensee.getOrganization().getName(), "Example Co."); - assertNull(licensee.getOrganization().getContacts()); - assertNull(licensee.getOrganization().getUrls()); - } - - private void assertPurchaser(OrganizationalChoice purchaser) { - assertNull(purchaser.getOrganization()); - assertNotNull(purchaser.getIndividual()); - assertEquals(purchaser.getIndividual().getName(), "Samantha Wright"); - assertEquals(purchaser.getIndividual().getEmail(), "samantha.wright@gmail.com"); - assertEquals(purchaser.getIndividual().getPhone(), "800-555-1212"); - } - - private void assertMetadata(final Metadata metadata, final Version version) { - assertNotNull(metadata); - assertNotNull(metadata.getTimestamp()); - - //Lifecycles - if(version == Version.VERSION_15) { - assertNotNull(metadata.getLifecycles()); - assertEquals(2, metadata.getLifecycles().getLifecycleChoice().size()); - LifecycleChoice firstChoice = metadata.getLifecycles().getLifecycleChoice().get(0); - assertEquals(Phase.BUILD.getPhaseName(), firstChoice.getPhase().getPhaseName()); - assertNull(firstChoice.getName()); - assertNull(firstChoice.getDescription()); - - LifecycleChoice secondChoice = metadata.getLifecycles().getLifecycleChoice().get(1); - assertEquals("platform-integration-testing", secondChoice.getName()); - assertNotNull(secondChoice.getDescription()); - assertNull(secondChoice.getPhase()); - } else { - assertNull(metadata.getLifecycles()); - } - - //Tool - assertEquals(1, metadata.getTools().size()); - assertEquals("Awesome Vendor", metadata.getTools().get(0).getVendor()); - assertEquals("Awesome Tool", metadata.getTools().get(0).getName()); - assertEquals("9.1.2", metadata.getTools().get(0).getVersion()); - assertEquals(1, metadata.getTools().get(0).getHashes().size()); - assertEquals("SHA-1", metadata.getTools().get(0).getHashes().get(0).getAlgorithm()); - assertEquals("25ed8e31b995bb927966616df2a42b979a2717f0", - metadata.getTools().get(0).getHashes().get(0).getValue()); - - //Author - assertEquals(1, metadata.getAuthors().size()); - assertEquals("Samantha Wright", metadata.getAuthors().get(0).getName()); - assertEquals("samantha.wright@example.com", metadata.getAuthors().get(0).getEmail()); - assertEquals("800-555-1212", metadata.getAuthors().get(0).getPhone()); - - //Component - Component component = metadata.getComponent(); - assertEquals("Acme Application", component.getName()); - assertEquals("9.1.1", component.getVersion()); - assertEquals(Component.Type.APPLICATION, component.getType()); - assertNotNull(component.getSwid()); - assertEquals("swidgen-242eb18a-503e-ca37-393b-cf156ef09691_9.1.1", component.getSwid().getTagId()); - assertEquals("Acme Application", component.getSwid().getName()); - assertEquals("9.1.1", component.getSwid().getVersion()); - assertEquals(0, component.getSwid().getTagVersion()); - assertFalse(component.getSwid().isPatch()); - - //Release Notes - ReleaseNotes releaseNotes = metadata.getComponent().getReleaseNotes(); - assertEquals("major", releaseNotes.getType()); - assertEquals("My new release", releaseNotes.getTitle()); - assertNotNull(releaseNotes.getDescription()); - assertNotNull(releaseNotes.getSocialImage()); - assertNotNull(releaseNotes.getTimestamp()); - assertEquals(1, releaseNotes.getAliases().size()); - assertEquals(1, releaseNotes.getTags().size()); - - //Resolves - assertEquals(1, releaseNotes.getResolves().size()); - Resolves resolves = releaseNotes.getResolves().get(0); - assertEquals(Resolves.Type.SECURITY, resolves.getType()); - assertEquals("CVE-2019-9997", resolves.getId()); - assertEquals("A security issue was fixed that did something bad", resolves.getDescription()); - assertEquals("CVE-2019-9997", resolves.getName()); - - //Notes - assertEquals(1, releaseNotes.getNotes().size()); - Notes note = releaseNotes.getNotes().get(0); - assertEquals("en-US", note.getLocale()); - assertNotNull(note.getText()); - assertEquals("PGgxPk15IG5ldyByZWxlYXNlPGgxPgo8cD5SZWxlYXNlIG5vdGVzIGhlcmU8L3A+", note.getText().getText()); - assertEquals("text/html", note.getText().getContentType()); - assertEquals("base64", note.getText().getEncoding()); - - //Manufacture - assertEquals("Acme, Inc.", metadata.getManufacture().getName()); - assertEquals("https://example.com", metadata.getManufacture().getUrls().get(0)); - assertEquals(1, metadata.getManufacture().getContacts().size()); - assertEquals("Acme Professional Services", metadata.getManufacture().getContacts().get(0).getName()); - assertEquals("professional.services@example.com", metadata.getManufacture().getContacts().get(0).getEmail()); - assertEquals("Acme, Inc.", metadata.getSupplier().getName()); - - //Supplier - assertEquals("https://example.com", metadata.getSupplier().getUrls().get(0)); - assertEquals(1, metadata.getSupplier().getContacts().size()); - assertEquals("Acme Distribution", metadata.getSupplier().getContacts().get(0).getName()); - assertEquals("distribution@example.com", metadata.getSupplier().getContacts().get(0).getEmail()); - } } diff --git a/src/test/resources/bom-1.2.json b/src/test/resources/bom-1.2.json index 88b5d593c..ce06165f6 100644 --- a/src/test/resources/bom-1.2.json +++ b/src/test/resources/bom-1.2.json @@ -243,8 +243,12 @@ "flow": "outbound" }, { - "classification": "pubic", + "classification": "public", "flow": "bi-directional" + }, + { + "classification": "public", + "flow": "unknown" } ], "licenses": [ diff --git a/src/test/resources/bom-1.2.xml b/src/test/resources/bom-1.2.xml index c845368c0..645bb4446 100644 --- a/src/test/resources/bom-1.2.xml +++ b/src/test/resources/bom-1.2.xml @@ -184,7 +184,8 @@ PII PIFI - pubic + public + public diff --git a/src/test/resources/bom-1.3.json b/src/test/resources/bom-1.3.json index 4e3112a69..5a9dbb3de 100644 --- a/src/test/resources/bom-1.3.json +++ b/src/test/resources/bom-1.3.json @@ -253,8 +253,12 @@ "flow": "outbound" }, { - "classification": "pubic", + "classification": "public", "flow": "bi-directional" + }, + { + "classification": "public", + "flow": "unknown" } ], "licenses": [ diff --git a/src/test/resources/bom-1.3.xml b/src/test/resources/bom-1.3.xml index b830a6947..0c0b0dd96 100644 --- a/src/test/resources/bom-1.3.xml +++ b/src/test/resources/bom-1.3.xml @@ -188,7 +188,8 @@ PII PIFI - pubic + public + public diff --git a/src/test/resources/bom-1.4.json b/src/test/resources/bom-1.4.json index c4e81fe96..b425b0419 100644 --- a/src/test/resources/bom-1.4.json +++ b/src/test/resources/bom-1.4.json @@ -239,7 +239,7 @@ }, { "flow": "bi-directional", - "classification": "pubic" + "classification": "public" }, { "flow": "unknown", diff --git a/src/test/resources/bom-1.4.xml b/src/test/resources/bom-1.4.xml index fb42c2cef..df7e3f49c 100644 --- a/src/test/resources/bom-1.4.xml +++ b/src/test/resources/bom-1.4.xml @@ -150,7 +150,7 @@ PII PIFI - pubic + public partner-data diff --git a/src/test/resources/bom-1.5.json b/src/test/resources/bom-1.5.json index 5e81d28a4..6c89ca0d3 100644 --- a/src/test/resources/bom-1.5.json +++ b/src/test/resources/bom-1.5.json @@ -178,7 +178,7 @@ "id": "Apache-2.0", "licensing": { "altIds": [ - "acme", "acme-license" + "acme-license" ], "licensor": { "organization": { @@ -372,7 +372,7 @@ }, { "flow": "bi-directional", - "classification": "pubic" + "classification": "public" }, { "flow": "unknown", diff --git a/src/test/resources/bom-1.5.xml b/src/test/resources/bom-1.5.xml index b5067e4bf..5276a5517 100644 --- a/src/test/resources/bom-1.5.xml +++ b/src/test/resources/bom-1.5.xml @@ -282,7 +282,7 @@ PII PIFI - pubic + public partner-data From 38c76a794374d960da44fe05539cf15954ea1853 Mon Sep 17 00:00:00 2001 From: Alexander Alzate Date: Wed, 19 Jul 2023 08:37:39 -0500 Subject: [PATCH 35/40] 1.5 deprecate tools (#316) --- .../json/AbstractBomJsonGenerator.java | 7 +- .../xml/AbstractBomXmlGenerator.java | 5 + .../org/cyclonedx/model/AttachmentText.java | 6 + .../java/org/cyclonedx/model/Component.java | 2 + .../java/org/cyclonedx/model/Metadata.java | 25 ++- .../model/OrganizationalContact.java | 20 +- .../cyclonedx/model/OrganizationalEntity.java | 23 ++- .../java/org/cyclonedx/model/Property.java | 4 + .../org/cyclonedx/model/ReleaseNotes.java | 15 ++ .../java/org/cyclonedx/model/Service.java | 3 + src/main/java/org/cyclonedx/model/Tool.java | 4 + .../model/metadata/ToolInformation.java | 34 ++++ .../AttachmentTextDeserializer.java | 52 +++++ .../util/deserializer/HashesDeserializer.java | 56 ++++++ .../deserializer/LifecycleDeserializer.java | 37 ++-- .../deserializer/MetadataDeserializer.java | 181 ++++++++++++++++++ .../util/deserializer/NotesDeserializer.java | 60 ++++++ .../OrganizationalEntityDeserializer.java | 55 ++++++ .../deserializer/PropertiesDeserializer.java | 39 ++++ .../deserializer/PropertyDeserializer.java | 36 ++++ .../deserializer/ResolvesDeserializer.java | 86 +++++++++ .../deserializer/StringListDeserializer.java | 50 +++++ .../util/serializer/DependencySerializer.java | 2 +- .../util/serializer/MetadataSerializer.java | 165 ++++++++++++++++ .../resources/1.5/valid-compositions-1.5.json | 2 +- .../1.5/valid-metadata-tool-1.5.json | 55 ++++-- .../resources/1.5/valid-metadata-tool-1.5.xml | 38 +++- src/test/resources/bom-1.5.json | 2 +- src/test/resources/bom-1.5.xml | 2 +- 29 files changed, 1004 insertions(+), 62 deletions(-) create mode 100644 src/main/java/org/cyclonedx/model/metadata/ToolInformation.java create mode 100644 src/main/java/org/cyclonedx/util/deserializer/AttachmentTextDeserializer.java create mode 100644 src/main/java/org/cyclonedx/util/deserializer/HashesDeserializer.java create mode 100644 src/main/java/org/cyclonedx/util/deserializer/MetadataDeserializer.java create mode 100644 src/main/java/org/cyclonedx/util/deserializer/NotesDeserializer.java create mode 100644 src/main/java/org/cyclonedx/util/deserializer/OrganizationalEntityDeserializer.java create mode 100644 src/main/java/org/cyclonedx/util/deserializer/PropertiesDeserializer.java create mode 100644 src/main/java/org/cyclonedx/util/deserializer/PropertyDeserializer.java create mode 100644 src/main/java/org/cyclonedx/util/deserializer/ResolvesDeserializer.java create mode 100644 src/main/java/org/cyclonedx/util/deserializer/StringListDeserializer.java create mode 100644 src/main/java/org/cyclonedx/util/serializer/MetadataSerializer.java diff --git a/src/main/java/org/cyclonedx/generators/json/AbstractBomJsonGenerator.java b/src/main/java/org/cyclonedx/generators/json/AbstractBomJsonGenerator.java index d739bba02..9ddad9446 100644 --- a/src/main/java/org/cyclonedx/generators/json/AbstractBomJsonGenerator.java +++ b/src/main/java/org/cyclonedx/generators/json/AbstractBomJsonGenerator.java @@ -27,6 +27,7 @@ import org.cyclonedx.util.serializer.ComponentWrapperSerializer; import org.cyclonedx.util.serializer.InputTypeSerializer; import org.cyclonedx.util.serializer.LicenseChoiceSerializer; +import org.cyclonedx.util.serializer.MetadataSerializer; import org.cyclonedx.util.serializer.OutputTypeSerializer; import org.cyclonedx.util.serializer.TrimStringSerializer; import org.cyclonedx.util.serializer.LifecycleSerializer; @@ -45,7 +46,7 @@ public abstract class AbstractBomJsonGenerator extends CycloneDxSchema implement private final DefaultPrettyPrinter prettyPrinter; - public AbstractBomJsonGenerator() { + public AbstractBomJsonGenerator() { this.mapper = new ObjectMapper(); this.prettyPrinter = new DefaultPrettyPrinter(); @@ -81,6 +82,10 @@ private void setupObjectMapper(final ObjectMapper mapper) { lifecycleModule.addSerializer(new LifecycleSerializer(false)); mapper.registerModule(lifecycleModule); + SimpleModule metadataModule = new SimpleModule(); + metadataModule.addSerializer(new MetadataSerializer(false, getSchemaVersion())); + mapper.registerModule(metadataModule); + SimpleModule inputTypeModule = new SimpleModule(); inputTypeModule.addSerializer(new InputTypeSerializer(false)); mapper.registerModule(inputTypeModule); diff --git a/src/main/java/org/cyclonedx/generators/xml/AbstractBomXmlGenerator.java b/src/main/java/org/cyclonedx/generators/xml/AbstractBomXmlGenerator.java index 286e9598e..f7815a622 100644 --- a/src/main/java/org/cyclonedx/generators/xml/AbstractBomXmlGenerator.java +++ b/src/main/java/org/cyclonedx/generators/xml/AbstractBomXmlGenerator.java @@ -31,6 +31,7 @@ import org.cyclonedx.util.serializer.InputTypeSerializer; import org.cyclonedx.util.serializer.LifecycleSerializer; import org.cyclonedx.util.VersionXmlAnnotationIntrospector; +import org.cyclonedx.util.serializer.MetadataSerializer; import org.cyclonedx.util.serializer.OutputTypeSerializer; import org.w3c.dom.Document; import org.xml.sax.InputSource; @@ -77,6 +78,10 @@ private void setupObjectMapper(final ObjectMapper mapper) { lifecycleModule.addSerializer(new LifecycleSerializer(true)); mapper.registerModule(lifecycleModule); + SimpleModule metadataModule = new SimpleModule(); + metadataModule.addSerializer(new MetadataSerializer(true, getSchemaVersion())); + mapper.registerModule(metadataModule); + SimpleModule inputTypeModule = new SimpleModule(); inputTypeModule.addSerializer(new InputTypeSerializer(true)); mapper.registerModule(inputTypeModule); diff --git a/src/main/java/org/cyclonedx/model/AttachmentText.java b/src/main/java/org/cyclonedx/model/AttachmentText.java index cac3ef552..ee8fa39b8 100644 --- a/src/main/java/org/cyclonedx/model/AttachmentText.java +++ b/src/main/java/org/cyclonedx/model/AttachmentText.java @@ -20,23 +20,29 @@ import java.util.Objects; +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonInclude; import com.fasterxml.jackson.annotation.JsonProperty; import com.fasterxml.jackson.annotation.JsonPropertyOrder; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; +import com.fasterxml.jackson.databind.annotation.JsonDeserialize; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlText; +import org.cyclonedx.util.deserializer.AttachmentTextDeserializer; @SuppressWarnings("unused") @JsonPropertyOrder({ "content-type", "encoding"}) @JsonInclude(JsonInclude.Include.NON_NULL) +@JsonIgnoreProperties(ignoreUnknown = true) +@JsonDeserialize(using = AttachmentTextDeserializer.class) public class AttachmentText { @JacksonXmlProperty(isAttribute = true) private String encoding; @JacksonXmlProperty(localName = "content-type", isAttribute = true) + @JsonProperty("contentType") private String contentType; @JacksonXmlText diff --git a/src/main/java/org/cyclonedx/model/Component.java b/src/main/java/org/cyclonedx/model/Component.java index e00563d6a..b4acc2bca 100644 --- a/src/main/java/org/cyclonedx/model/Component.java +++ b/src/main/java/org/cyclonedx/model/Component.java @@ -24,6 +24,7 @@ import org.cyclonedx.model.component.ModelCard; import org.cyclonedx.model.component.modelCard.ComponentData; +import org.cyclonedx.util.deserializer.HashesDeserializer; import org.cyclonedx.util.deserializer.LicenseDeserializer; import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonInclude; @@ -256,6 +257,7 @@ public void setScope(Scope scope) { @JacksonXmlElementWrapper(localName = "hashes") @JacksonXmlProperty(localName = "hash") + @JsonDeserialize(using = HashesDeserializer.class) public List getHashes() { return hashes; } diff --git a/src/main/java/org/cyclonedx/model/Metadata.java b/src/main/java/org/cyclonedx/model/Metadata.java index 468c93cba..fd01b5c17 100644 --- a/src/main/java/org/cyclonedx/model/Metadata.java +++ b/src/main/java/org/cyclonedx/model/Metadata.java @@ -18,6 +18,7 @@ */ package org.cyclonedx.model; +import com.fasterxml.jackson.annotation.JsonIgnore; import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonInclude; import com.fasterxml.jackson.annotation.JsonProperty; @@ -27,8 +28,10 @@ import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; import org.cyclonedx.util.deserializer.LifecycleDeserializer; +import org.cyclonedx.util.deserializer.MetadataDeserializer; import org.cyclonedx.util.serializer.CustomDateSerializer; import org.cyclonedx.util.deserializer.LicenseDeserializer; +import org.cyclonedx.model.metadata.ToolInformation; import java.util.ArrayList; import java.util.Date; import java.util.List; @@ -41,6 +44,7 @@ @JsonPropertyOrder({ "timestamp", "lifecycles", "tools", "authors", "component", "manufacture", "supplier", "licenses", "properties" }) +@JsonDeserialize(using = MetadataDeserializer.class) public class Metadata extends ExtensibleElement { @@ -57,8 +61,14 @@ public class Metadata private Lifecycles lifecycles; @VersionFilter(versions = {"1.0", "1.1"}) + @Deprecated private List tools; + @JacksonXmlElementWrapper(localName = "tools") + @JacksonXmlProperty(localName = "tool") + @VersionFilter(versions = {"1.0", "1.1", "1.2", "1.3", "1.4"}) + private ToolInformation toolInformation; + @VersionFilter(versions = {"1.0", "1.1"}) private List authors; @@ -87,6 +97,7 @@ public void setTimestamp(Date timestamp) { @JacksonXmlElementWrapper(localName = "tools") @JacksonXmlProperty(localName = "tool") + @JsonIgnore public List getTools() { return tools; } @@ -179,25 +190,35 @@ public void setLifecycles(final Lifecycles lifecycles) { this.lifecycles = lifecycles; } + @JacksonXmlElementWrapper(localName = "tools") + @JacksonXmlProperty(localName = "tool") + public ToolInformation getToolChoice() { + return toolInformation; + } + + public void setToolChoice(final ToolInformation toolInformation) { + this.toolInformation = toolInformation; + } + @Override public boolean equals(Object o) { if (this == o) return true; if (o == null || getClass() != o.getClass()) return false; Metadata metadata = (Metadata) o; return Objects.equals(timestamp, metadata.timestamp) && - Objects.equals(tools, metadata.tools) && Objects.equals(authors, metadata.authors) && Objects.equals(component, metadata.component) && Objects.equals(manufacture, metadata.manufacture) && Objects.equals(supplier, metadata.supplier) && Objects.equals(license, metadata.license) && Objects.equals(lifecycles, metadata.lifecycles) && + Objects.equals(toolInformation, metadata.toolInformation) && Objects.equals(properties, metadata.properties); } @Override public int hashCode() { - return Objects.hash(timestamp, tools, authors, component, manufacture, supplier, license, properties, + return Objects.hash(timestamp, toolInformation, authors, component, manufacture, supplier, license, properties, lifecycles); } } diff --git a/src/main/java/org/cyclonedx/model/OrganizationalContact.java b/src/main/java/org/cyclonedx/model/OrganizationalContact.java index a118bc01a..631b9f409 100644 --- a/src/main/java/org/cyclonedx/model/OrganizationalContact.java +++ b/src/main/java/org/cyclonedx/model/OrganizationalContact.java @@ -21,7 +21,10 @@ import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonInclude; import com.fasterxml.jackson.annotation.JsonInclude.Include; +import com.fasterxml.jackson.annotation.JsonProperty; import com.fasterxml.jackson.annotation.JsonPropertyOrder; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; + import java.util.Objects; @JsonIgnoreProperties(ignoreUnknown = true) @@ -29,6 +32,10 @@ @JsonPropertyOrder({"name", "email", "phone"}) public class OrganizationalContact { + @JacksonXmlProperty(isAttribute = true, localName = "bom-ref") + @JsonProperty("bom-ref") + @VersionFilter(versions = {"1.0", "1.1", "1.2", "1.3", "1.4"}) + private String bomRef; private String name; private String email; private String phone; @@ -57,6 +64,14 @@ public void setPhone(String phone) { this.phone = phone; } + public String getBomRef() { + return bomRef; + } + + public void setBomRef(final String bomRef) { + this.bomRef = bomRef; + } + @Override public boolean equals(Object o) { if (this == o) return true; @@ -64,11 +79,12 @@ public boolean equals(Object o) { OrganizationalContact that = (OrganizationalContact) o; return Objects.equals(name, that.name) && Objects.equals(email, that.email) && - Objects.equals(phone, that.phone); + Objects.equals(phone, that.phone) && + Objects.equals(bomRef, that.bomRef); } @Override public int hashCode() { - return Objects.hash(name, email, phone); + return Objects.hash(name, email, phone, bomRef); } } diff --git a/src/main/java/org/cyclonedx/model/OrganizationalEntity.java b/src/main/java/org/cyclonedx/model/OrganizationalEntity.java index 13beb7f5e..dbcb5358c 100644 --- a/src/main/java/org/cyclonedx/model/OrganizationalEntity.java +++ b/src/main/java/org/cyclonedx/model/OrganizationalEntity.java @@ -22,17 +22,27 @@ import com.fasterxml.jackson.annotation.JsonInclude; import com.fasterxml.jackson.annotation.JsonProperty; import com.fasterxml.jackson.annotation.JsonPropertyOrder; +import com.fasterxml.jackson.databind.annotation.JsonDeserialize; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; + import java.util.ArrayList; import java.util.List; import java.util.Objects; +import org.cyclonedx.util.deserializer.OrganizationalEntityDeserializer; + @JsonIgnoreProperties(ignoreUnknown = true) @JsonInclude(JsonInclude.Include.NON_EMPTY) @JsonPropertyOrder({"name", "url", "contact"}) +@JsonDeserialize(using = OrganizationalEntityDeserializer.class) public class OrganizationalEntity { + @JacksonXmlProperty(isAttribute = true, localName = "bom-ref") + @JsonProperty("bom-ref") + @VersionFilter(versions = {"1.0", "1.1", "1.2", "1.3", "1.4"}) + private String bomRef; + private String name; private List url; @@ -76,6 +86,14 @@ public void addContact(OrganizationalContact contact) { this.contact.add(contact); } + public String getBomRef() { + return bomRef; + } + + public void setBomRef(final String bomRef) { + this.bomRef = bomRef; + } + @Override public boolean equals(Object o) { if (this == o) return true; @@ -83,11 +101,12 @@ public boolean equals(Object o) { OrganizationalEntity that = (OrganizationalEntity) o; return Objects.equals(name, that.name) && Objects.equals(url, that.url) && - Objects.equals(contact, that.contact); + Objects.equals(contact, that.contact) && + Objects.equals(bomRef, that.bomRef); } @Override public int hashCode() { - return Objects.hash(name, url, contact); + return Objects.hash(name, url, contact, bomRef); } } diff --git a/src/main/java/org/cyclonedx/model/Property.java b/src/main/java/org/cyclonedx/model/Property.java index 1080dfa78..ff759eeda 100644 --- a/src/main/java/org/cyclonedx/model/Property.java +++ b/src/main/java/org/cyclonedx/model/Property.java @@ -21,13 +21,17 @@ import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonInclude; import com.fasterxml.jackson.annotation.JsonPropertyOrder; +import com.fasterxml.jackson.databind.annotation.JsonDeserialize; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlText; +import org.cyclonedx.util.deserializer.PropertyDeserializer; + import java.util.Objects; @JsonIgnoreProperties(ignoreUnknown = true) @JsonInclude(JsonInclude.Include.NON_NULL) @JsonPropertyOrder({"name", "value"}) +@JsonDeserialize(using = PropertyDeserializer.class) public class Property extends ExtensibleElement { @JacksonXmlProperty(isAttribute = true) diff --git a/src/main/java/org/cyclonedx/model/ReleaseNotes.java b/src/main/java/org/cyclonedx/model/ReleaseNotes.java index 7b4a1ad6c..1942cdce6 100644 --- a/src/main/java/org/cyclonedx/model/ReleaseNotes.java +++ b/src/main/java/org/cyclonedx/model/ReleaseNotes.java @@ -25,9 +25,14 @@ import com.fasterxml.jackson.annotation.JsonInclude; import com.fasterxml.jackson.annotation.JsonProperty; import com.fasterxml.jackson.annotation.JsonPropertyOrder; +import com.fasterxml.jackson.databind.annotation.JsonDeserialize; import com.fasterxml.jackson.databind.annotation.JsonSerialize; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; +import org.cyclonedx.util.deserializer.NotesDeserializer; +import org.cyclonedx.util.deserializer.PropertiesDeserializer; +import org.cyclonedx.util.deserializer.ResolvesDeserializer; +import org.cyclonedx.util.deserializer.StringListDeserializer; import org.cyclonedx.util.serializer.CustomDateSerializer; /** @@ -116,6 +121,7 @@ public void setTimestamp(final Date timestamp) { @JacksonXmlElementWrapper(localName = "aliases") @JacksonXmlProperty(localName = "alias") + @JsonDeserialize(using = StringListDeserializer.class) public List getAliases() { return aliases; } @@ -126,6 +132,7 @@ public void setAliases(final List aliases) { @JacksonXmlElementWrapper(localName = "tags") @JacksonXmlProperty(localName = "tag") + @JsonDeserialize(using = StringListDeserializer.class) public List getTags() { return tags; } @@ -136,6 +143,7 @@ public void setTags(final List tags) { @JacksonXmlElementWrapper(localName = "resolves") @JacksonXmlProperty(localName = "issue") + @JsonDeserialize(using = ResolvesDeserializer.class) public List getResolves() { return resolves; } @@ -146,6 +154,7 @@ public void setResolves(final List resolves) { @JacksonXmlElementWrapper(localName = "notes") @JacksonXmlProperty(localName = "note") + @JsonDeserialize(using = NotesDeserializer.class) public List getNotes() { return notes; } @@ -154,6 +163,9 @@ public void setNotes(final List notes) { this.notes = notes; } + @JacksonXmlElementWrapper(localName = "properties") + @JacksonXmlProperty(localName = "property") + @JsonDeserialize(using = PropertiesDeserializer.class) public List getProperties() { return properties; } @@ -254,7 +266,10 @@ public void setReferences(final List references) { } public static class Notes { + + @JsonProperty("locale") private String locale; + @JsonProperty("text") private AttachmentText text; public String getLocale() { diff --git a/src/main/java/org/cyclonedx/model/Service.java b/src/main/java/org/cyclonedx/model/Service.java index 87dc9fbe1..996364b19 100644 --- a/src/main/java/org/cyclonedx/model/Service.java +++ b/src/main/java/org/cyclonedx/model/Service.java @@ -26,6 +26,8 @@ import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; import org.cyclonedx.util.deserializer.LicenseDeserializer; +import org.cyclonedx.util.deserializer.StringListDeserializer; + import java.util.ArrayList; import java.util.List; @@ -125,6 +127,7 @@ public void setDescription(String description) { @JacksonXmlElementWrapper(localName = "endpoints") @JacksonXmlProperty(localName = "endpoint") + @JsonDeserialize(using = StringListDeserializer.class) public List getEndpoints() { return endpoints; } diff --git a/src/main/java/org/cyclonedx/model/Tool.java b/src/main/java/org/cyclonedx/model/Tool.java index b8ae43548..1e4373549 100644 --- a/src/main/java/org/cyclonedx/model/Tool.java +++ b/src/main/java/org/cyclonedx/model/Tool.java @@ -23,12 +23,15 @@ import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonInclude; import com.fasterxml.jackson.annotation.JsonPropertyOrder; +import com.fasterxml.jackson.databind.annotation.JsonDeserialize; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; +import org.cyclonedx.util.deserializer.HashesDeserializer; @JsonIgnoreProperties(ignoreUnknown = true) @JsonInclude(JsonInclude.Include.NON_EMPTY) @JsonPropertyOrder({"vendor", "name", "version", "hashes", "externalReferences"}) +@Deprecated public class Tool extends ExtensibleElement { private String vendor; @@ -63,6 +66,7 @@ public void setVersion(String version) { @JacksonXmlElementWrapper(localName = "hashes") @JacksonXmlProperty(localName = "hash") + @JsonDeserialize(using = HashesDeserializer.class) public List getHashes() { return hashes; } diff --git a/src/main/java/org/cyclonedx/model/metadata/ToolInformation.java b/src/main/java/org/cyclonedx/model/metadata/ToolInformation.java new file mode 100644 index 000000000..22a0b80f7 --- /dev/null +++ b/src/main/java/org/cyclonedx/model/metadata/ToolInformation.java @@ -0,0 +1,34 @@ +package org.cyclonedx.model.metadata; + +import java.util.List; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; + +import com.fasterxml.jackson.annotation.JsonInclude; +import org.cyclonedx.model.Component; +import org.cyclonedx.model.Service; + +@JsonInclude(JsonInclude.Include.NON_EMPTY) +@XmlAccessorType(XmlAccessType.FIELD) +public class ToolInformation +{ + private List components; + + private List services; + + public List getComponents() { + return components; + } + + public void setComponents(final List components) { + this.components = components; + } + + public List getServices() { + return services; + } + + public void setServices(final List services) { + this.services = services; + } +} diff --git a/src/main/java/org/cyclonedx/util/deserializer/AttachmentTextDeserializer.java b/src/main/java/org/cyclonedx/util/deserializer/AttachmentTextDeserializer.java new file mode 100644 index 000000000..f7e145d81 --- /dev/null +++ b/src/main/java/org/cyclonedx/util/deserializer/AttachmentTextDeserializer.java @@ -0,0 +1,52 @@ +package org.cyclonedx.util.deserializer; + +import com.fasterxml.jackson.core.JsonParser; +import com.fasterxml.jackson.core.ObjectCodec; +import com.fasterxml.jackson.databind.DeserializationContext; +import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.deser.std.StdDeserializer; +import org.cyclonedx.model.AttachmentText; + +import java.io.IOException; + +public class AttachmentTextDeserializer extends StdDeserializer { + + public AttachmentTextDeserializer() { + this(null); + } + + public AttachmentTextDeserializer(Class vc) { + super(vc); + } + + @Override + public AttachmentText deserialize(JsonParser parser, DeserializationContext context) throws IOException { + ObjectCodec codec = parser.getCodec(); + JsonNode node = codec.readTree(parser); + + AttachmentText attachmentText = new AttachmentText(); + + JsonNode textNode = node.get("content"); + if (textNode != null) { + attachmentText.setText(textNode.textValue()); + } + else if (node.has("")) { + attachmentText.setText( node.get("").asText()); + } + + JsonNode contentTypeNode = node.get("content-type"); + if (contentTypeNode == null || !contentTypeNode.isTextual()) { + contentTypeNode = node.get("contentType"); + } + if (contentTypeNode != null && contentTypeNode.isTextual()) { + attachmentText.setContentType(contentTypeNode.textValue()); + } + + JsonNode encodingNode = node.get("encoding"); + if (encodingNode != null && encodingNode.isTextual()) { + attachmentText.setEncoding(encodingNode.textValue()); + } + + return attachmentText; + } +} \ No newline at end of file diff --git a/src/main/java/org/cyclonedx/util/deserializer/HashesDeserializer.java b/src/main/java/org/cyclonedx/util/deserializer/HashesDeserializer.java new file mode 100644 index 000000000..297840b56 --- /dev/null +++ b/src/main/java/org/cyclonedx/util/deserializer/HashesDeserializer.java @@ -0,0 +1,56 @@ +package org.cyclonedx.util.deserializer; + +import java.io.IOException; +import java.util.ArrayList; +import java.util.List; + +import com.fasterxml.jackson.core.JsonParser; +import com.fasterxml.jackson.databind.DeserializationContext; +import com.fasterxml.jackson.databind.JsonDeserializer; +import com.fasterxml.jackson.databind.JsonNode; +import org.cyclonedx.model.Hash; + +public class HashesDeserializer + extends JsonDeserializer> +{ + @Override + public List deserialize(JsonParser parser, DeserializationContext context) throws IOException { + JsonNode node = parser.getCodec().readTree(parser); + if (node.has("hash")) { + return parseHashes(node.get("hash")); + } + else { + return parseHashes(node); + } + } + + private List parseHashes(JsonNode node) { + List hashes = new ArrayList<>(); + if (node.isArray()) { + for (JsonNode resolvesNode : node) { + Hash hash = parseHash(resolvesNode); + hashes.add(hash); + } + } + else { + Hash hash = parseHash(node); + hashes.add(hash); + } + return hashes; + } + + private Hash parseHash(JsonNode node) { + String alg = node.get("alg").asText(); + + String value = null; + JsonNode valueNode = node.get("content"); + if (valueNode != null) { + value = valueNode.textValue(); + } + else if (node.has("")) { + value = node.get("").asText(); + } + + return new Hash(alg, value); + } +} \ No newline at end of file diff --git a/src/main/java/org/cyclonedx/util/deserializer/LifecycleDeserializer.java b/src/main/java/org/cyclonedx/util/deserializer/LifecycleDeserializer.java index dedc8fe80..b8d45cc9c 100644 --- a/src/main/java/org/cyclonedx/util/deserializer/LifecycleDeserializer.java +++ b/src/main/java/org/cyclonedx/util/deserializer/LifecycleDeserializer.java @@ -26,7 +26,6 @@ import com.fasterxml.jackson.databind.DeserializationContext; import com.fasterxml.jackson.databind.JsonDeserializer; import com.fasterxml.jackson.databind.JsonNode; -import com.fasterxml.jackson.dataformat.xml.deser.FromXmlParser; import org.cyclonedx.model.LifecycleChoice; import org.cyclonedx.model.LifecycleChoice.Phase; import org.cyclonedx.model.Lifecycles; @@ -41,30 +40,13 @@ public Lifecycles deserialize(JsonParser jsonParser, DeserializationContext dese JsonNode node = jsonParser.getCodec().readTree(jsonParser); List choices = new ArrayList<>(); - if (jsonParser instanceof FromXmlParser) { - JsonNode lifecycleNode = node.get("lifecycle"); - - if (lifecycleNode != null) { - // If it's an array of lifecycle - if (lifecycleNode.isArray()) { - for (JsonNode choiceNode : lifecycleNode) { - LifecycleChoice choice = createLifecycleChoice(choiceNode); - if (choice != null) { - choices.add(choice); - } - } - } - // If it's a single lifecycle - else { - LifecycleChoice choice = createLifecycleChoice(lifecycleNode); - if (choice != null) { - choices.add(choice); - } - } - } + if(node.has("lifecycle")) { + node = node.get("lifecycle"); } - else { - if (node != null && node.isArray()) { + + if (node != null) { + // If it's an array of lifecycle + if (node.isArray()) { for (JsonNode choiceNode : node) { LifecycleChoice choice = createLifecycleChoice(choiceNode); if (choice != null) { @@ -72,6 +54,13 @@ public Lifecycles deserialize(JsonParser jsonParser, DeserializationContext dese } } } + // If it's a single lifecycle + else { + LifecycleChoice choice = createLifecycleChoice(node); + if (choice != null) { + choices.add(choice); + } + } } Lifecycles lifecycles = new Lifecycles(); diff --git a/src/main/java/org/cyclonedx/util/deserializer/MetadataDeserializer.java b/src/main/java/org/cyclonedx/util/deserializer/MetadataDeserializer.java new file mode 100644 index 000000000..a690a93b8 --- /dev/null +++ b/src/main/java/org/cyclonedx/util/deserializer/MetadataDeserializer.java @@ -0,0 +1,181 @@ +package org.cyclonedx.util.deserializer; + +import java.io.IOException; +import java.text.ParseException; +import java.text.SimpleDateFormat; +import java.util.Date; +import java.util.Iterator; +import java.util.List; +import java.util.ArrayList; +import java.util.Map; +import java.util.Map.Entry; +import java.util.Collections; + +import com.fasterxml.jackson.core.JsonParser; +import com.fasterxml.jackson.core.type.TypeReference; +import com.fasterxml.jackson.databind.DeserializationContext; +import com.fasterxml.jackson.databind.JsonDeserializer; +import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.ObjectMapper; +import org.cyclonedx.model.Component; +import org.cyclonedx.model.LicenseChoice; +import org.cyclonedx.model.Lifecycles; +import org.cyclonedx.model.Metadata; +import org.cyclonedx.model.OrganizationalContact; +import org.cyclonedx.model.OrganizationalEntity; +import org.cyclonedx.model.Property; +import org.cyclonedx.model.Service; +import org.cyclonedx.model.Tool; +import org.cyclonedx.model.metadata.ToolInformation; + +public class MetadataDeserializer + extends JsonDeserializer { + + private final ObjectMapper mapper = new ObjectMapper(); + + private final SimpleDateFormat dateFormat = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ssX"); + + private final LifecycleDeserializer lifecycleDeserializer = new LifecycleDeserializer(); + + @Override + public Metadata deserialize(JsonParser jsonParser, DeserializationContext ctxt) throws IOException { + JsonNode node = jsonParser.getCodec().readTree(jsonParser); + + Metadata metadata = new Metadata(); + + // Parsing other fields in the Metadata object + if (node.has("authors")) { + JsonNode authorsNode = node.get("authors"); + List authors = deserializerOrganizationalContact(authorsNode, mapper); + metadata.setAuthors(authors); + } + + if(node.has("component")) { + Component component = mapper.convertValue(node.get("component"), Component.class); + metadata.setComponent(component); + } + + if (node.has("manufacture")) { + OrganizationalEntity manufacture = mapper.convertValue(node.get("manufacture"), OrganizationalEntity.class); + metadata.setManufacture(manufacture); + } + + if (node.has("lifecycles")) { + JsonParser lifecycleParser = node.get("lifecycles").traverse(jsonParser.getCodec()); + lifecycleParser.nextToken(); + Lifecycles lifecycles = lifecycleDeserializer.deserialize(lifecycleParser, ctxt); + metadata.setLifecycles(lifecycles); + } + + if (node.has("supplier")) { + OrganizationalEntity supplier = mapper.convertValue(node.get("supplier"), OrganizationalEntity.class); + metadata.setSupplier(supplier); + } + + if(node.has("license")) { + LicenseChoice license = mapper.convertValue(node.get("licenses"), LicenseChoice.class); + metadata.setLicenseChoice(license); + } + + if (node.has("timestamp")) { + JsonNode timestampNode = node.get("timestamp"); + if (timestampNode != null && timestampNode.isTextual()) { + String timestampStr = timestampNode.textValue(); + try { + Date timestamp = dateFormat.parse(timestampStr); + metadata.setTimestamp(timestamp); + } catch (ParseException e) { + // Handle parsing exception + } + } + } + + if(node.has("properties")) { + JsonNode propertiesNode = node.get("properties"); + + if (propertiesNode.isObject()) { + List properties = new ArrayList<>(); + Iterator> fields = propertiesNode.fields(); + while (fields.hasNext()) { + Map.Entry field = fields.next(); + if (field.getValue().isArray()) { + for (JsonNode propertyNode : field.getValue()) { + Property property = mapper.convertValue(propertyNode, Property.class); + properties.add(property); + } + } + } + metadata.setProperties(properties); + } + } + + JsonNode toolsNode = node.get("tools"); + + if (toolsNode != null) { + // Check if the 'tools' field is an array or an object + if (toolsNode.isArray()) { + List tools = mapper.convertValue(toolsNode, new TypeReference>() { }); + metadata.setTools(tools); + } + else if (toolsNode.has("tool")) { + Tool tool = mapper.convertValue(toolsNode.get("tool"), Tool.class); + metadata.setTools(Collections.singletonList(tool)); + } + else { + ToolInformation toolInformation = new ToolInformation(); + if (toolsNode.has("components")) { + parseComponents(toolsNode.get("components"), toolInformation); + } + if (toolsNode.has("services")) { + parseServices(toolsNode.get("services"), toolInformation); + } + metadata.setToolChoice(toolInformation); + } + } + + return metadata; + } + + private void parseComponents(JsonNode componentsNode, ToolInformation toolInformation) { + if (componentsNode != null) { + if (componentsNode.isArray()) { + List components = mapper.convertValue(componentsNode, new TypeReference>() {}); + toolInformation.setComponents(components); + } else if (componentsNode.isObject()) { + Component component = mapper.convertValue(componentsNode, Component.class); + toolInformation.setComponents(Collections.singletonList(component)); + } + } + } + + private void parseServices(JsonNode servicesNode, ToolInformation toolInformation) { + if (servicesNode != null) { + if (servicesNode.isArray()) { + List services = mapper.convertValue(servicesNode, new TypeReference>() {}); + toolInformation.setServices(services); + } else if (servicesNode.isObject()) { + Service service = mapper.convertValue(servicesNode, Service.class); + toolInformation.setServices(Collections.singletonList(service)); + } + } + } + + static List deserializerOrganizationalContact(JsonNode node, final ObjectMapper mapper) { + List organizationalContactList = new ArrayList<>(); + + if (node.has("author")) { + node = node.get("author"); + } + + if (node.isArray()) { + for (JsonNode authorNode : node) { + OrganizationalContact author = mapper.convertValue(authorNode, OrganizationalContact.class); + organizationalContactList.add(author); + } + } else if (node.isObject()) { + OrganizationalContact author = mapper.convertValue(node, OrganizationalContact.class); + organizationalContactList.add(author); + } + return organizationalContactList; + } +} diff --git a/src/main/java/org/cyclonedx/util/deserializer/NotesDeserializer.java b/src/main/java/org/cyclonedx/util/deserializer/NotesDeserializer.java new file mode 100644 index 000000000..0aba07fce --- /dev/null +++ b/src/main/java/org/cyclonedx/util/deserializer/NotesDeserializer.java @@ -0,0 +1,60 @@ +package org.cyclonedx.util.deserializer; + +import java.io.IOException; +import java.util.ArrayList; +import java.util.List; + +import com.fasterxml.jackson.core.JsonParser; +import com.fasterxml.jackson.core.JsonProcessingException; +import com.fasterxml.jackson.databind.DeserializationContext; +import com.fasterxml.jackson.databind.JsonDeserializer; +import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.ObjectMapper; +import org.cyclonedx.model.AttachmentText; +import org.cyclonedx.model.ReleaseNotes.Notes; + +public class NotesDeserializer + extends JsonDeserializer> +{ + + private final ObjectMapper mapper = new ObjectMapper(); + @Override + public List deserialize(JsonParser parser, DeserializationContext context) throws IOException { + JsonNode node = parser.getCodec().readTree(parser); + + if(node.has("note")) { + return parseNode(node.get("note")); + } else { + return parseNode(node); + } + } + + private List parseNode (JsonNode node) throws JsonProcessingException { + List list = new ArrayList<>(); + if (node.isArray()) { + for (JsonNode noteNode : node) { + Notes notes = parseNotes(noteNode); + list.add(notes); + } + } else { + Notes notes = parseNotes(node); + list.add(notes); + } + return list; + } + + private Notes parseNotes(JsonNode node) throws JsonProcessingException { + Notes notes = new Notes(); + + if (node.has("locale")) { + notes.setLocale(node.get("locale").asText()); + } + + if (node.has("text")) { + JsonNode dataNode = node.get("text"); + AttachmentText data = mapper.treeToValue(dataNode, AttachmentText.class); + notes.setText(data); + } + return notes; + } +} \ No newline at end of file diff --git a/src/main/java/org/cyclonedx/util/deserializer/OrganizationalEntityDeserializer.java b/src/main/java/org/cyclonedx/util/deserializer/OrganizationalEntityDeserializer.java new file mode 100644 index 000000000..56247e8ae --- /dev/null +++ b/src/main/java/org/cyclonedx/util/deserializer/OrganizationalEntityDeserializer.java @@ -0,0 +1,55 @@ +package org.cyclonedx.util.deserializer; + +import java.io.IOException; +import java.util.ArrayList; +import java.util.List; + +import com.fasterxml.jackson.core.ObjectCodec; +import com.fasterxml.jackson.core.JsonParser; +import com.fasterxml.jackson.databind.DeserializationContext; +import com.fasterxml.jackson.databind.JsonDeserializer; +import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.ObjectMapper; +import org.cyclonedx.model.OrganizationalContact; +import org.cyclonedx.model.OrganizationalEntity; + +public class OrganizationalEntityDeserializer + extends JsonDeserializer +{ + + private final ObjectMapper mapper = new ObjectMapper(); + @Override + public OrganizationalEntity deserialize(JsonParser jsonParser, DeserializationContext deserializationContext) throws IOException { + ObjectCodec codec = jsonParser.getCodec(); + JsonNode node = codec.readTree(jsonParser); + + String bomRef = node.has("bom-ref") ? node.get("bom-ref").asText() : null; + String name = node.has("name") ? node.get("name").asText() : null; + + List url = new ArrayList<>(); + if (node.has("url")) { + JsonNode urlNode = node.get("url"); + if (urlNode.isArray()) { + for (JsonNode urlElement : urlNode) { + url.add(urlElement.asText()); + } + } + else if (urlNode.isTextual()) { + url.add(urlNode.asText()); + } + } + + OrganizationalEntity entity = new OrganizationalEntity(); + entity.setBomRef(bomRef); + entity.setName(name); + entity.setUrls(url); + JsonNode contactNode = node.get("contact"); + + if (contactNode != null) { + List contacts = + MetadataDeserializer.deserializerOrganizationalContact(contactNode, mapper); + entity.setContacts(contacts); + } + return entity; + } +} diff --git a/src/main/java/org/cyclonedx/util/deserializer/PropertiesDeserializer.java b/src/main/java/org/cyclonedx/util/deserializer/PropertiesDeserializer.java new file mode 100644 index 000000000..2bff51392 --- /dev/null +++ b/src/main/java/org/cyclonedx/util/deserializer/PropertiesDeserializer.java @@ -0,0 +1,39 @@ +package org.cyclonedx.util.deserializer; + +import java.io.IOException; +import java.util.ArrayList; +import java.util.List; + +import com.fasterxml.jackson.core.JsonParser; +import com.fasterxml.jackson.databind.DeserializationContext; +import com.fasterxml.jackson.databind.JsonDeserializer; +import com.fasterxml.jackson.databind.JsonNode; +import org.cyclonedx.model.Property; + +public class PropertiesDeserializer + extends JsonDeserializer> +{ + private final PropertyDeserializer propertyDeserializer = new PropertyDeserializer(); + + @Override + public List deserialize(JsonParser p, DeserializationContext ctxt) throws IOException { + JsonNode node = p.getCodec().readTree(p); + List propertiesList = new ArrayList<>(); + + JsonNode propertyNodeItem = node.get("property"); + if (propertyNodeItem.isArray()) { + for (JsonNode propertyNode : propertyNodeItem) { + propertiesList.add(parseProperty(propertyNode, p, ctxt)); + } + } else { + propertiesList.add(parseProperty(propertyNodeItem, p, ctxt)); + } + return propertiesList; + } + + private Property parseProperty(JsonNode node, JsonParser p, DeserializationContext ctxt) throws IOException { + JsonParser propertyParser = node.traverse(p.getCodec()); + propertyParser.nextToken(); + return propertyDeserializer.deserialize(propertyParser, ctxt); + } +} \ No newline at end of file diff --git a/src/main/java/org/cyclonedx/util/deserializer/PropertyDeserializer.java b/src/main/java/org/cyclonedx/util/deserializer/PropertyDeserializer.java new file mode 100644 index 000000000..cb09d0b26 --- /dev/null +++ b/src/main/java/org/cyclonedx/util/deserializer/PropertyDeserializer.java @@ -0,0 +1,36 @@ +package org.cyclonedx.util.deserializer; + +import java.io.IOException; + +import com.fasterxml.jackson.core.JsonParser; +import com.fasterxml.jackson.core.ObjectCodec; +import com.fasterxml.jackson.databind.DeserializationContext; +import com.fasterxml.jackson.databind.JsonDeserializer; +import com.fasterxml.jackson.databind.JsonNode; +import org.cyclonedx.model.Property; + +public class PropertyDeserializer + extends JsonDeserializer +{ + @Override + public Property deserialize(JsonParser parser, DeserializationContext context) throws IOException { + ObjectCodec codec = parser.getCodec(); + JsonNode node = codec.readTree(parser); + + Property property = new Property(); + + JsonNode textNode = node.get("value"); + if (textNode != null) { + property.setValue(textNode.textValue()); + } + else if (node.has("")) { + property.setValue(node.get("").asText()); + } + + JsonNode contentTypeNode = node.get("name"); + if (contentTypeNode != null && contentTypeNode.isTextual()) { + property.setName(contentTypeNode.textValue()); + } + return property; + } +} \ No newline at end of file diff --git a/src/main/java/org/cyclonedx/util/deserializer/ResolvesDeserializer.java b/src/main/java/org/cyclonedx/util/deserializer/ResolvesDeserializer.java new file mode 100644 index 000000000..1d3861e1c --- /dev/null +++ b/src/main/java/org/cyclonedx/util/deserializer/ResolvesDeserializer.java @@ -0,0 +1,86 @@ +package org.cyclonedx.util.deserializer; + +import java.io.IOException; +import java.util.ArrayList; +import java.util.List; + +import com.fasterxml.jackson.core.JsonParser; +import com.fasterxml.jackson.databind.DeserializationContext; +import com.fasterxml.jackson.databind.JsonDeserializer; +import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.ObjectMapper; +import org.cyclonedx.model.ReleaseNotes.Resolves; +import org.cyclonedx.model.Source; + +public class ResolvesDeserializer + extends JsonDeserializer> +{ + private final ObjectMapper mapper = new ObjectMapper(); + + @Override + public List deserialize(JsonParser parser, DeserializationContext context) throws IOException { + JsonNode node = parser.getCodec().readTree(parser); + + if (node.has("issue")) { + return parseResolvesNode(node.get("issue")); + } + else { + return parseResolvesNode(node); + } + } + + private List parseResolvesNode(JsonNode node) { + List resolvesList = new ArrayList<>(); + if (node.isArray()) { + for (JsonNode resolvesNode : node) { + Resolves resolves = parseResolves(resolvesNode); + resolvesList.add(resolves); + } + } + else { + Resolves resolves = parseResolves(node); + resolvesList.add(resolves); + } + return resolvesList; + } + + private Resolves parseResolves(JsonNode node) { + Resolves resolves = new Resolves(); + + if (node.has("type")) { + resolves.setType(Resolves.Type.valueOf(node.get("type").asText().toUpperCase())); + } + + if (node.has("id")) { + resolves.setId(node.get("id").asText()); + } + + if (node.has("name")) { + resolves.setName(node.get("name").asText()); + } + + if (node.has("description")) { + resolves.setDescription(node.get("description").asText()); + } + + if (node.has("source")) { + Source source = mapper.convertValue(node.get("source"), Source.class); + resolves.setSource(source); + } + + if (node.has("references")) { + JsonNode referencesNode = node.get("references"); + List references = new ArrayList<>(); + if (referencesNode.isArray()) { + for (JsonNode refNode : referencesNode) { + references.add(refNode.asText()); + } + } + else { + references.add(referencesNode.get("url").asText()); + } + resolves.setReferences(references); + } + return resolves; + } +} \ No newline at end of file diff --git a/src/main/java/org/cyclonedx/util/deserializer/StringListDeserializer.java b/src/main/java/org/cyclonedx/util/deserializer/StringListDeserializer.java new file mode 100644 index 000000000..c97d125bb --- /dev/null +++ b/src/main/java/org/cyclonedx/util/deserializer/StringListDeserializer.java @@ -0,0 +1,50 @@ +package org.cyclonedx.util.deserializer; + +import java.io.IOException; +import java.util.ArrayList; +import java.util.List; + +import com.fasterxml.jackson.core.JsonParser; +import com.fasterxml.jackson.databind.DeserializationContext; +import com.fasterxml.jackson.databind.JsonDeserializer; +import com.fasterxml.jackson.databind.JsonNode; + +public class StringListDeserializer + extends JsonDeserializer> +{ + @Override + public List deserialize(JsonParser p, DeserializationContext ctxt) throws IOException { + JsonNode node = p.getCodec().readTree(p); + + if (p.getCurrentName().equalsIgnoreCase("aliases")) { + return deserializeList(node, "alias"); + } + else if (p.getCurrentName().equalsIgnoreCase("tags")) { + return deserializeList(node, "tag"); + } + else if (p.getCurrentName().equalsIgnoreCase("endpoints")) { + return deserializeList(node, "endpoint"); + } + return null; + } + + private List deserializeList(JsonNode node, String itemName) { + List list = new ArrayList<>(); + + if(node.has(itemName)) { + node = node.get(itemName); + } + + if (node != null) { + if (node.isArray()) { + for (JsonNode nodeObject : node) { + list.add(nodeObject.asText()); + } + } else { + list.add(node.asText()); + } + } + + return list; + } +} \ No newline at end of file diff --git a/src/main/java/org/cyclonedx/util/serializer/DependencySerializer.java b/src/main/java/org/cyclonedx/util/serializer/DependencySerializer.java index 1d9237cd9..50f11134f 100644 --- a/src/main/java/org/cyclonedx/util/serializer/DependencySerializer.java +++ b/src/main/java/org/cyclonedx/util/serializer/DependencySerializer.java @@ -152,7 +152,7 @@ private void processNamespace(final ToXmlGenerator toXmlGenerator, final String { QName qName; - String dependenciesNamespace = StringUtils.isBlank(dependencies)? "dependencies" : dependencies; + String dependenciesNamespace = StringUtils.isBlank(dependencies) ? "dependencies" : dependencies; if (useNamespace) { qName = new QName(CycloneDxSchema.NS_DEPENDENCY_GRAPH_10, dependenciesNamespace, "dg"); diff --git a/src/main/java/org/cyclonedx/util/serializer/MetadataSerializer.java b/src/main/java/org/cyclonedx/util/serializer/MetadataSerializer.java new file mode 100644 index 000000000..203bd44f3 --- /dev/null +++ b/src/main/java/org/cyclonedx/util/serializer/MetadataSerializer.java @@ -0,0 +1,165 @@ +package org.cyclonedx.util.serializer; + +import java.io.IOException; +import java.util.List; + +import com.fasterxml.jackson.core.JsonGenerator; +import com.fasterxml.jackson.databind.SerializerProvider; +import com.fasterxml.jackson.databind.ser.std.StdSerializer; +import com.fasterxml.jackson.dataformat.xml.ser.ToXmlGenerator; +import org.cyclonedx.CycloneDxSchema.Version; +import org.cyclonedx.model.Metadata; +import org.cyclonedx.model.Property; +import org.cyclonedx.model.metadata.ToolInformation; + +public class MetadataSerializer + extends StdSerializer +{ + private final boolean isXml; + + private final Version version; + + public MetadataSerializer(final boolean isXml, final Version version) { + this(null, isXml, version); + } + + public MetadataSerializer(final Class t, final boolean isXml, final Version version) { + super(t); + this.isXml = isXml; + this.version = version; + } + + @Override + public void serialize(Metadata output, JsonGenerator jsonGenerator, SerializerProvider serializerProvider) + throws IOException { + if (isXml && jsonGenerator instanceof ToXmlGenerator) { + ToXmlGenerator xmlGenerator = (ToXmlGenerator) jsonGenerator; + createMetadataInfo(output, xmlGenerator, serializerProvider); + } else { + createMetadataInfo(output, jsonGenerator, serializerProvider); + } + } + + private void createMetadataInfo(final Metadata metadata, final JsonGenerator jsonGenerator, SerializerProvider serializerProvider) + throws IOException + { + jsonGenerator.writeStartObject(); + + if (metadata.getTimestamp() != null) { + jsonGenerator.writeFieldName("timestamp"); + new CustomDateSerializer().serialize(metadata.getTimestamp(), jsonGenerator, serializerProvider); + } + + if(metadata.getLifecycles() != null) { + jsonGenerator.writeFieldName("lifecycles"); + new LifecycleSerializer(isXml).serialize(metadata.getLifecycles(), jsonGenerator, serializerProvider); + } + + //Tools + parseTools(metadata, jsonGenerator); + + if (metadata.getAuthors() != null) { + if (isXml) { + ToXmlGenerator xmlGenerator = (ToXmlGenerator) jsonGenerator; + writeArrayFieldXML(metadata.getAuthors(), xmlGenerator, "author"); + } + else { + jsonGenerator.writeObjectField("authors", metadata.getAuthors()); + } + } + + if(metadata.getComponent() != null) { + jsonGenerator.writeObjectField("component", metadata.getComponent()); + } + + if(metadata.getManufacture() != null) { + jsonGenerator.writeObjectField("manufacture", metadata.getManufacture()); + } + + if(metadata.getSupplier() != null) { + jsonGenerator.writeObjectField("supplier", metadata.getSupplier()); + } + + if(metadata.getLicenseChoice() != null) { + jsonGenerator.writeFieldName("licenses"); + new LicenseChoiceSerializer().serialize(metadata.getLicenseChoice(), jsonGenerator, serializerProvider); + } + + if(metadata.getProperties()!=null) { + if (isXml) { + ToXmlGenerator xmlGenerator = (ToXmlGenerator) jsonGenerator; + xmlGenerator.writeFieldName("properties"); + xmlGenerator.writeStartObject(); + + for (Property property : metadata.getProperties()) { + xmlGenerator.writeObjectField("property", property); + } + xmlGenerator.writeEndObject(); + } + else { + jsonGenerator.writeObjectField("properties", metadata.getProperties()); + } + } + + jsonGenerator.writeEndObject(); + } + + private void parseTools(Metadata metadata, JsonGenerator jsonGenerator) throws IOException { + if (metadata.getTools() != null) { + if (isXml && jsonGenerator instanceof ToXmlGenerator) { + writeArrayFieldXML(metadata.getTools(), (ToXmlGenerator) jsonGenerator, "tool"); + } + else { + writeArrayFieldJSON(jsonGenerator, "tools", metadata.getTools()); + } + } else if (version.getVersion() >= Version.VERSION_15.getVersion()) { + ToolInformation choice = metadata.getToolChoice(); + if (choice != null) { + if (isXml && jsonGenerator instanceof ToXmlGenerator) { + if (choice.getComponents() != null) { + writeArrayFieldXML(choice.getComponents(), (ToXmlGenerator) jsonGenerator, "component"); + } + if (choice.getServices() != null) { + writeArrayFieldXML(choice.getServices(), (ToXmlGenerator) jsonGenerator, "service"); + } + } + else { + if (choice.getComponents() != null) { + writeArrayFieldJSON(jsonGenerator, "components", choice.getComponents()); + } + if (choice.getServices() != null) { + writeArrayFieldJSON(jsonGenerator, "services", choice.getServices()); + } + } + } + } + } + + private void writeArrayFieldJSON(JsonGenerator jsonGenerator, String fieldName, List items) throws IOException { + if (items != null) { + jsonGenerator.writeArrayFieldStart(fieldName); + for (T item : items) { + jsonGenerator.writeObject(item); + } + jsonGenerator.writeEndArray(); + } + } + + private void writeArrayFieldXML(List items, ToXmlGenerator xmlGenerator, String fieldName) throws IOException { + if (items != null) { + xmlGenerator.writeFieldName(fieldName + "s"); + xmlGenerator.writeStartArray(); + for (T item : items) { + xmlGenerator.writeStartObject(); + xmlGenerator.writeObjectField(fieldName, item); + xmlGenerator.writeEndObject(); + } + xmlGenerator.writeEndArray(); + } + } + + @Override + public Class handledType() { + return Metadata.class; + } +} diff --git a/src/test/resources/1.5/valid-compositions-1.5.json b/src/test/resources/1.5/valid-compositions-1.5.json index 01cccb284..11c8a0012 100644 --- a/src/test/resources/1.5/valid-compositions-1.5.json +++ b/src/test/resources/1.5/valid-compositions-1.5.json @@ -77,4 +77,4 @@ ] } ] -} \ No newline at end of file +} diff --git a/src/test/resources/1.5/valid-metadata-tool-1.5.json b/src/test/resources/1.5/valid-metadata-tool-1.5.json index 81e908a98..aa55d6765 100644 --- a/src/test/resources/1.5/valid-metadata-tool-1.5.json +++ b/src/test/resources/1.5/valid-metadata-tool-1.5.json @@ -4,23 +4,44 @@ "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { - "tools": [ - { - "vendor": "Awesome Vendor", - "name": "Awesome Tool", - "version": "9.1.2", - "hashes": [ - { - "alg": "SHA-1", - "content": "25ed8e31b995bb927966616df2a42b979a2717f0" + "tools": { + "components": [ + { + "type": "application", + "group": "Awesome Vendor", + "name": "Awesome Tool", + "version": "9.1.2", + "hashes": [ + { + "alg": "SHA-1", + "content": "25ed8e31b995bb927966616df2a42b979a2717f0" + }, + { + "alg": "SHA-256", + "content": "a74f733635a19aefb1f73e5947cef59cd7440c6952ef0f03d09d974274cbd6df" + } + ] + } + ], + "services": [ + { + "provider": { + "name": "Acme Org", + "url": [ + "https://example.com" + ] }, - { - "alg": "SHA-256", - "content": "a74f733635a19aefb1f73e5947cef59cd7440c6952ef0f03d09d974274cbd6df" - } - ] - } - ] + "group": "com.example", + "name": "Acme Signing Server", + "description": "Signs artifacts", + "endpoints": [ + "https://example.com/sign", + "https://example.com/verify", + "https://example.com/tsa" + ] + } + ] + } }, "components": [] -} +} \ No newline at end of file diff --git a/src/test/resources/1.5/valid-metadata-tool-1.5.xml b/src/test/resources/1.5/valid-metadata-tool-1.5.xml index caf273f6c..2d3129ab0 100644 --- a/src/test/resources/1.5/valid-metadata-tool-1.5.xml +++ b/src/test/resources/1.5/valid-metadata-tool-1.5.xml @@ -2,16 +2,34 @@ - - Awesome Vendor - Awesome Tool - 9.1.2 - - 25ed8e31b995bb927966616df2a42b979a2717f0 - a74f733635a19aefb1f73e5947cef59cd7440c6952ef0f03d09d974274cbd6df - - + + + Awesome Vendor + Awesome Tool + 9.1.2 + + 25ed8e31b995bb927966616df2a42b979a2717f0 + a74f733635a19aefb1f73e5947cef59cd7440c6952ef0f03d09d974274cbd6df + + + + + + + Acme Org + https://example.com + + com.example + Acme Signing Server + Signs artifacts + + https://example.com/sign + https://example.com/verify + https://example.com/tsa + + + - + \ No newline at end of file diff --git a/src/test/resources/bom-1.5.json b/src/test/resources/bom-1.5.json index 6c89ca0d3..2a71afb63 100644 --- a/src/test/resources/bom-1.5.json +++ b/src/test/resources/bom-1.5.json @@ -433,7 +433,7 @@ { "aggregate": "incomplete_first_party_only", "vulnerabilities": [ - "6eee14da-8f42-4cc4-bb65-203235f02415" + "6eee14da-8f42-4cc4-bb65-203235f02415" ] } ], diff --git a/src/test/resources/bom-1.5.xml b/src/test/resources/bom-1.5.xml index 5276a5517..c2f5140bd 100644 --- a/src/test/resources/bom-1.5.xml +++ b/src/test/resources/bom-1.5.xml @@ -543,7 +543,7 @@ event-1 Description here 2023-01-01T00:00:00+00:00 - FooBar + FooBar component-g From cd02434dffe2b74516ee1c63a3e328aba00c7fa8 Mon Sep 17 00:00:00 2001 From: Alex Alzate Date: Sun, 20 Aug 2023 00:08:41 -0500 Subject: [PATCH 36/40] Fix Issue with licenses --- .../java/org/cyclonedx/model/Component.java | 2 - .../java/org/cyclonedx/model/Evidence.java | 1 - .../java/org/cyclonedx/model/License.java | 3 ++ .../org/cyclonedx/model/LicenseChoice.java | 3 ++ .../java/org/cyclonedx/model/Licensing.java | 16 ++++++ .../java/org/cyclonedx/model/Metadata.java | 2 - .../java/org/cyclonedx/model/Service.java | 2 - .../deserializer/LicenseDeserializer.java | 54 ++++++++----------- .../LicensingTypeDeserializer.java | 45 ++++++++++++++++ .../deserializer/MetadataDeserializer.java | 2 +- .../deserializer/PropertiesDeserializer.java | 27 +++++++--- .../deserializer/StringListDeserializer.java | 3 ++ .../cyclonedx/parsers/AbstractParserTest.java | 8 +++ src/test/resources/bom-1.4.json | 9 +++- src/test/resources/bom-1.4.xml | 5 ++ src/test/resources/bom-1.5.json | 9 +++- src/test/resources/bom-1.5.xml | 5 ++ 17 files changed, 145 insertions(+), 51 deletions(-) create mode 100644 src/main/java/org/cyclonedx/util/deserializer/LicensingTypeDeserializer.java diff --git a/src/main/java/org/cyclonedx/model/Component.java b/src/main/java/org/cyclonedx/model/Component.java index b4acc2bca..f0ae71934 100644 --- a/src/main/java/org/cyclonedx/model/Component.java +++ b/src/main/java/org/cyclonedx/model/Component.java @@ -25,7 +25,6 @@ import org.cyclonedx.model.component.ModelCard; import org.cyclonedx.model.component.modelCard.ComponentData; import org.cyclonedx.util.deserializer.HashesDeserializer; -import org.cyclonedx.util.deserializer.LicenseDeserializer; import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonInclude; import com.fasterxml.jackson.annotation.JsonProperty; @@ -275,7 +274,6 @@ public void addHash(Hash hash) { @JacksonXmlProperty(localName = "licenses") @JsonProperty("licenses") - @JsonDeserialize(using = LicenseDeserializer.class) public LicenseChoice getLicenseChoice() { return license; } diff --git a/src/main/java/org/cyclonedx/model/Evidence.java b/src/main/java/org/cyclonedx/model/Evidence.java index 67fb8dbd9..b3154dd8b 100644 --- a/src/main/java/org/cyclonedx/model/Evidence.java +++ b/src/main/java/org/cyclonedx/model/Evidence.java @@ -40,7 +40,6 @@ public class Evidence extends ExtensibleElement { @JacksonXmlProperty(localName = "licenses") @JsonProperty("licenses") - @JsonDeserialize(using = LicenseDeserializer.class) public LicenseChoice getLicenseChoice() { return license; } diff --git a/src/main/java/org/cyclonedx/model/License.java b/src/main/java/org/cyclonedx/model/License.java index 796cd752d..98c2d8064 100644 --- a/src/main/java/org/cyclonedx/model/License.java +++ b/src/main/java/org/cyclonedx/model/License.java @@ -25,8 +25,10 @@ import com.fasterxml.jackson.annotation.JsonProperty; import com.fasterxml.jackson.annotation.JsonPropertyOrder; import com.fasterxml.jackson.annotation.JsonRootName; +import com.fasterxml.jackson.databind.annotation.JsonDeserialize; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; +import org.cyclonedx.util.deserializer.PropertiesDeserializer; @SuppressWarnings("unused") @JsonIgnoreProperties(ignoreUnknown = true) @@ -97,6 +99,7 @@ public void setUrl(String url) { @JacksonXmlElementWrapper(localName = "properties") @JacksonXmlProperty(localName = "property") + @JsonDeserialize(using = PropertiesDeserializer.class) public List getProperties() { return properties; } diff --git a/src/main/java/org/cyclonedx/model/LicenseChoice.java b/src/main/java/org/cyclonedx/model/LicenseChoice.java index 4a1fa1db8..5f60fc1b5 100644 --- a/src/main/java/org/cyclonedx/model/LicenseChoice.java +++ b/src/main/java/org/cyclonedx/model/LicenseChoice.java @@ -23,11 +23,14 @@ import java.util.Objects; import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.databind.annotation.JsonDeserialize; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; +import org.cyclonedx.util.deserializer.LicenseDeserializer; @JsonIgnoreProperties(ignoreUnknown = true) @JsonInclude(JsonInclude.Include.NON_EMPTY) +@JsonDeserialize(using = LicenseDeserializer.class) public class LicenseChoice { private List license; diff --git a/src/main/java/org/cyclonedx/model/Licensing.java b/src/main/java/org/cyclonedx/model/Licensing.java index dc39b455a..f8839369e 100644 --- a/src/main/java/org/cyclonedx/model/Licensing.java +++ b/src/main/java/org/cyclonedx/model/Licensing.java @@ -22,6 +22,7 @@ import java.util.List; import java.util.Objects; +import com.fasterxml.jackson.annotation.JsonCreator; import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonInclude; import com.fasterxml.jackson.annotation.JsonProperty; @@ -31,7 +32,10 @@ import com.fasterxml.jackson.databind.annotation.JsonSerialize; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; +import org.cyclonedx.model.LifecycleChoice.Phase; +import org.cyclonedx.util.deserializer.LicensingTypeDeserializer; import org.cyclonedx.util.deserializer.OrganizationalChoiceDeserializer; +import org.cyclonedx.util.deserializer.StringListDeserializer; import org.cyclonedx.util.serializer.CustomDateSerializer; @JsonIgnoreProperties(ignoreUnknown = true) @@ -84,6 +88,16 @@ public String getLicensingType() { LicensingType(String name) { this.name = name; } + + @JsonCreator + public static LicensingType fromString(String value) { + for (LicensingType type : LicensingType.values()) { + if (type.name.equalsIgnoreCase(value)) { + return type; + } + } + throw new IllegalArgumentException("Invalid licensing type: " + value); + } } private List altIds; @@ -101,6 +115,7 @@ public String getLicensingType() { @JacksonXmlElementWrapper(localName = "licenseTypes") @JacksonXmlProperty(localName = "licenseType") + @JsonDeserialize(using = LicensingTypeDeserializer.class) private List licenseTypes; @JsonSerialize(using = CustomDateSerializer.class) @@ -111,6 +126,7 @@ public String getLicensingType() { @JacksonXmlElementWrapper(localName = "altIds") @JacksonXmlProperty(localName = "altId") + @JsonDeserialize(using = StringListDeserializer.class) public List getAltIds() { return altIds; } diff --git a/src/main/java/org/cyclonedx/model/Metadata.java b/src/main/java/org/cyclonedx/model/Metadata.java index fd01b5c17..ff9789548 100644 --- a/src/main/java/org/cyclonedx/model/Metadata.java +++ b/src/main/java/org/cyclonedx/model/Metadata.java @@ -30,7 +30,6 @@ import org.cyclonedx.util.deserializer.LifecycleDeserializer; import org.cyclonedx.util.deserializer.MetadataDeserializer; import org.cyclonedx.util.serializer.CustomDateSerializer; -import org.cyclonedx.util.deserializer.LicenseDeserializer; import org.cyclonedx.model.metadata.ToolInformation; import java.util.ArrayList; import java.util.Date; @@ -156,7 +155,6 @@ public void setSupplier(OrganizationalEntity supplier) { @JacksonXmlProperty(localName = "licenses") @JsonProperty("licenses") - @JsonDeserialize(using = LicenseDeserializer.class) public LicenseChoice getLicenseChoice() { return license; } diff --git a/src/main/java/org/cyclonedx/model/Service.java b/src/main/java/org/cyclonedx/model/Service.java index 996364b19..42f5c46ab 100644 --- a/src/main/java/org/cyclonedx/model/Service.java +++ b/src/main/java/org/cyclonedx/model/Service.java @@ -25,7 +25,6 @@ import com.fasterxml.jackson.databind.annotation.JsonDeserialize; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; -import org.cyclonedx.util.deserializer.LicenseDeserializer; import org.cyclonedx.util.deserializer.StringListDeserializer; import java.util.ArrayList; @@ -178,7 +177,6 @@ public void setData(List data) { @JacksonXmlProperty(localName = "licenses") @JsonProperty("licenses") - @JsonDeserialize(using = LicenseDeserializer.class) public LicenseChoice getLicense() { return license; } diff --git a/src/main/java/org/cyclonedx/util/deserializer/LicenseDeserializer.java b/src/main/java/org/cyclonedx/util/deserializer/LicenseDeserializer.java index 8bf62c7d9..45592d251 100644 --- a/src/main/java/org/cyclonedx/util/deserializer/LicenseDeserializer.java +++ b/src/main/java/org/cyclonedx/util/deserializer/LicenseDeserializer.java @@ -19,58 +19,46 @@ package org.cyclonedx.util.deserializer; import java.io.IOException; -import java.util.HashMap; import com.fasterxml.jackson.core.JsonParser; -import com.fasterxml.jackson.core.JsonProcessingException; import com.fasterxml.jackson.databind.DeserializationContext; import com.fasterxml.jackson.databind.JsonDeserializer; import com.fasterxml.jackson.databind.JsonNode; -import com.fasterxml.jackson.databind.ObjectMapper; import com.fasterxml.jackson.databind.node.ArrayNode; -import com.fasterxml.jackson.databind.type.MapType; -import com.fasterxml.jackson.databind.type.TypeFactory; -import com.fasterxml.jackson.dataformat.xml.deser.FromXmlParser; import org.cyclonedx.model.License; import org.cyclonedx.model.LicenseChoice; public class LicenseDeserializer extends JsonDeserializer { - private final ObjectMapper mapper; - - public LicenseDeserializer() { - this.mapper = new ObjectMapper(); - } - @Override public LicenseChoice deserialize( - final JsonParser p, final DeserializationContext ctxt) throws IOException + final JsonParser p, final DeserializationContext ctxt) throws IOException { - if (p instanceof FromXmlParser) { - return p.readValueAs(LicenseChoice.class); - } - ArrayNode nodes = p.readValueAsTree(); + JsonNode rootNode = p.getCodec().readTree(p); + + ArrayNode nodes = (rootNode.isArray() ? (ArrayNode) rootNode : new ArrayNode(null).add(rootNode)); - TypeFactory factory = TypeFactory.defaultInstance(); - MapType type = factory.constructMapType(HashMap.class, String.class, License.class); - LicenseChoice licenseChoice = new LicenseChoice(); for (JsonNode node : nodes) { - HashMap map; - try - { - map = this.mapper.readValue(node.toString(), type); - if(map.get("license") != null) - { - licenseChoice.addLicense(map.get("license")); - } + LicenseChoice licenseChoice = new LicenseChoice(); + + if (node.has("license")) { + processLicenseNode(p, node.get("license"), licenseChoice); + return licenseChoice; } - catch(JsonProcessingException e) - { - // Check for expressions - licenseChoice = this.mapper.readValue(node.toString(), LicenseChoice.class); + else if (node.has("expression")) { + licenseChoice.setExpression(node.get("expression").asText()); + return licenseChoice; } } + return null; + } - return licenseChoice; + private void processLicenseNode(JsonParser p, JsonNode licenseNode, LicenseChoice licenseChoice) throws IOException { + ArrayNode licenseNodes = (licenseNode.isArray() ? (ArrayNode) licenseNode : new ArrayNode(null).add(licenseNode)); + + for (JsonNode license : licenseNodes) { + License licenseObj = p.getCodec().treeToValue(license, License.class); + licenseChoice.addLicense(licenseObj); + } } } diff --git a/src/main/java/org/cyclonedx/util/deserializer/LicensingTypeDeserializer.java b/src/main/java/org/cyclonedx/util/deserializer/LicensingTypeDeserializer.java new file mode 100644 index 000000000..70301a702 --- /dev/null +++ b/src/main/java/org/cyclonedx/util/deserializer/LicensingTypeDeserializer.java @@ -0,0 +1,45 @@ +package org.cyclonedx.util.deserializer; + +import java.io.IOException; +import java.util.ArrayList; +import java.util.List; + +import com.fasterxml.jackson.core.JsonParser; +import com.fasterxml.jackson.databind.DeserializationContext; +import com.fasterxml.jackson.databind.JsonDeserializer; +import com.fasterxml.jackson.databind.JsonNode; +import org.cyclonedx.model.Licensing.LicensingType; + +public class LicensingTypeDeserializer + extends JsonDeserializer> +{ + @Override + public List deserialize(JsonParser parser, DeserializationContext ctxt) throws IOException { + JsonNode node = parser.getCodec().readTree(parser); + if (node.has("licenseType")) { + return parseLicenseTypes(node.get("licenseType")); + } + else { + return parseLicenseTypes(node); + } + } + + private List parseLicenseTypes(JsonNode node) { + List types = new ArrayList<>(); + if (node.isArray()) { + for (JsonNode resolvesNode : node) { + LicensingType type = parseType(resolvesNode); + types.add(type); + } + } + else { + LicensingType type = parseType(node); + types.add(type); + } + return types; + } + + private LicensingType parseType(JsonNode node) { + return LicensingType.fromString(node.asText()); + } +} diff --git a/src/main/java/org/cyclonedx/util/deserializer/MetadataDeserializer.java b/src/main/java/org/cyclonedx/util/deserializer/MetadataDeserializer.java index a690a93b8..e90f4cb26 100644 --- a/src/main/java/org/cyclonedx/util/deserializer/MetadataDeserializer.java +++ b/src/main/java/org/cyclonedx/util/deserializer/MetadataDeserializer.java @@ -72,7 +72,7 @@ public Metadata deserialize(JsonParser jsonParser, DeserializationContext ctxt) metadata.setSupplier(supplier); } - if(node.has("license")) { + if(node.has("licenses")) { LicenseChoice license = mapper.convertValue(node.get("licenses"), LicenseChoice.class); metadata.setLicenseChoice(license); } diff --git a/src/main/java/org/cyclonedx/util/deserializer/PropertiesDeserializer.java b/src/main/java/org/cyclonedx/util/deserializer/PropertiesDeserializer.java index 2bff51392..c03e7ac19 100644 --- a/src/main/java/org/cyclonedx/util/deserializer/PropertiesDeserializer.java +++ b/src/main/java/org/cyclonedx/util/deserializer/PropertiesDeserializer.java @@ -18,17 +18,28 @@ public class PropertiesDeserializer @Override public List deserialize(JsonParser p, DeserializationContext ctxt) throws IOException { JsonNode node = p.getCodec().readTree(p); - List propertiesList = new ArrayList<>(); - JsonNode propertyNodeItem = node.get("property"); - if (propertyNodeItem.isArray()) { - for (JsonNode propertyNode : propertyNodeItem) { - propertiesList.add(parseProperty(propertyNode, p, ctxt)); + if (node.has("property")) { + return parseProperties(node.get("property"), p, ctxt); + } + else { + return parseProperties(node, p, ctxt); + } + } + + private List parseProperties(JsonNode node, JsonParser p, DeserializationContext ctxt) throws IOException { + List properties = new ArrayList<>(); + if (node.isArray()) { + for (JsonNode resolvesNode : node) { + Property type = parseProperty(resolvesNode, p, ctxt); + properties.add(type); } - } else { - propertiesList.add(parseProperty(propertyNodeItem, p, ctxt)); } - return propertiesList; + else { + Property type = parseProperty(node, p, ctxt); + properties.add(type); + } + return properties; } private Property parseProperty(JsonNode node, JsonParser p, DeserializationContext ctxt) throws IOException { diff --git a/src/main/java/org/cyclonedx/util/deserializer/StringListDeserializer.java b/src/main/java/org/cyclonedx/util/deserializer/StringListDeserializer.java index c97d125bb..73f9be63b 100644 --- a/src/main/java/org/cyclonedx/util/deserializer/StringListDeserializer.java +++ b/src/main/java/org/cyclonedx/util/deserializer/StringListDeserializer.java @@ -25,6 +25,9 @@ else if (p.getCurrentName().equalsIgnoreCase("tags")) { else if (p.getCurrentName().equalsIgnoreCase("endpoints")) { return deserializeList(node, "endpoint"); } + else if (p.getCurrentName().equalsIgnoreCase("altIds")) { + return deserializeList(node, "altId"); + } return null; } diff --git a/src/test/java/org/cyclonedx/parsers/AbstractParserTest.java b/src/test/java/org/cyclonedx/parsers/AbstractParserTest.java index 0caa01483..eb3526eef 100644 --- a/src/test/java/org/cyclonedx/parsers/AbstractParserTest.java +++ b/src/test/java/org/cyclonedx/parsers/AbstractParserTest.java @@ -741,6 +741,14 @@ void assertMetadata(final Metadata metadata, final Version version) { assertNull(metadata.getLifecycles()); } + //License + if (version.getVersion() > Version.VERSION_12.getVersion()) { + assertNotNull(metadata.getLicenseChoice()); + } + else { + assertNull(metadata.getLicenseChoice()); + } + //Tool assertEquals(1, metadata.getTools().size()); assertEquals("Awesome Vendor", metadata.getTools().get(0).getVendor()); diff --git a/src/test/resources/bom-1.4.json b/src/test/resources/bom-1.4.json index b425b0419..d241c5aa6 100644 --- a/src/test/resources/bom-1.4.json +++ b/src/test/resources/bom-1.4.json @@ -103,7 +103,14 @@ "email": "distribution@example.com" } ] - } + }, + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ] }, "components": [ { diff --git a/src/test/resources/bom-1.4.xml b/src/test/resources/bom-1.4.xml index df7e3f49c..2a59a4b2d 100644 --- a/src/test/resources/bom-1.4.xml +++ b/src/test/resources/bom-1.4.xml @@ -77,6 +77,11 @@ distribution@example.com + + + Apache-2.0 + + diff --git a/src/test/resources/bom-1.5.json b/src/test/resources/bom-1.5.json index 2a71afb63..a52f87c8c 100644 --- a/src/test/resources/bom-1.5.json +++ b/src/test/resources/bom-1.5.json @@ -112,7 +112,14 @@ "email": "distribution@example.com" } ] - } + }, + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ] }, "components": [ { diff --git a/src/test/resources/bom-1.5.xml b/src/test/resources/bom-1.5.xml index c2f5140bd..074cc227c 100644 --- a/src/test/resources/bom-1.5.xml +++ b/src/test/resources/bom-1.5.xml @@ -86,6 +86,11 @@ distribution@example.com + + + Apache-2.0 + + From e3d7d0c950591f4058c44befa0eac5bc0403002b Mon Sep 17 00:00:00 2001 From: Alex Alzate Date: Mon, 21 Aug 2023 19:56:02 -0500 Subject: [PATCH 37/40] Remove JAXB annotations --- src/main/java/org/cyclonedx/model/LifecycleChoice.java | 3 --- src/main/java/org/cyclonedx/model/Lifecycles.java | 3 --- src/main/java/org/cyclonedx/model/Metadata.java | 6 ++---- .../java/org/cyclonedx/model/metadata/ToolInformation.java | 3 --- 4 files changed, 2 insertions(+), 13 deletions(-) diff --git a/src/main/java/org/cyclonedx/model/LifecycleChoice.java b/src/main/java/org/cyclonedx/model/LifecycleChoice.java index 9198f61e9..568ba2d2f 100644 --- a/src/main/java/org/cyclonedx/model/LifecycleChoice.java +++ b/src/main/java/org/cyclonedx/model/LifecycleChoice.java @@ -22,11 +22,8 @@ import com.fasterxml.jackson.annotation.JsonInclude; import com.fasterxml.jackson.annotation.JsonProperty; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; @JsonInclude(JsonInclude.Include.NON_EMPTY) -@XmlAccessorType(XmlAccessType.FIELD) public class LifecycleChoice { @JsonProperty("phase") diff --git a/src/main/java/org/cyclonedx/model/Lifecycles.java b/src/main/java/org/cyclonedx/model/Lifecycles.java index 6c98d966a..f705c8e1c 100644 --- a/src/main/java/org/cyclonedx/model/Lifecycles.java +++ b/src/main/java/org/cyclonedx/model/Lifecycles.java @@ -22,11 +22,8 @@ import com.fasterxml.jackson.annotation.JsonInclude; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; @JsonInclude(JsonInclude.Include.NON_EMPTY) -@XmlAccessorType(XmlAccessType.FIELD) public class Lifecycles { @JacksonXmlProperty(localName = "lifecycle") diff --git a/src/main/java/org/cyclonedx/model/Metadata.java b/src/main/java/org/cyclonedx/model/Metadata.java index ff9789548..b2fd8956f 100644 --- a/src/main/java/org/cyclonedx/model/Metadata.java +++ b/src/main/java/org/cyclonedx/model/Metadata.java @@ -35,8 +35,6 @@ import java.util.Date; import java.util.List; import java.util.Objects; -import javax.xml.bind.annotation.XmlElement; -import javax.xml.bind.annotation.XmlElementWrapper; @JsonIgnoreProperties(ignoreUnknown = true) @JsonInclude(JsonInclude.Include.NON_EMPTY) @@ -55,8 +53,8 @@ public class Metadata @VersionFilter(versions = {"1.0", "1.1", "1.2", "1.3", "1.4"}) @JsonProperty("lifecycles") @JsonDeserialize(using = LifecycleDeserializer.class) - @XmlElementWrapper(name = "lifecycles") - @XmlElement(name = "lifecycle") + @JacksonXmlElementWrapper(localName = "lifecycles") + @JacksonXmlProperty(localName = "lifecycle") private Lifecycles lifecycles; @VersionFilter(versions = {"1.0", "1.1"}) diff --git a/src/main/java/org/cyclonedx/model/metadata/ToolInformation.java b/src/main/java/org/cyclonedx/model/metadata/ToolInformation.java index 22a0b80f7..e3448fd7c 100644 --- a/src/main/java/org/cyclonedx/model/metadata/ToolInformation.java +++ b/src/main/java/org/cyclonedx/model/metadata/ToolInformation.java @@ -1,15 +1,12 @@ package org.cyclonedx.model.metadata; import java.util.List; -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; import com.fasterxml.jackson.annotation.JsonInclude; import org.cyclonedx.model.Component; import org.cyclonedx.model.Service; @JsonInclude(JsonInclude.Include.NON_EMPTY) -@XmlAccessorType(XmlAccessType.FIELD) public class ToolInformation { private List components; From bfe70014a0051d18e07f0e5d018df5a49d4b3d38 Mon Sep 17 00:00:00 2001 From: Alex Alzate Date: Wed, 23 Aug 2023 19:26:31 -0500 Subject: [PATCH 38/40] Simplify Deserializers --- .../util/deserializer/HashesDeserializer.java | 13 ++++----- .../deserializer/InputTypeDeserializer.java | 17 +++++------- .../deserializer/LicenseDeserializer.java | 23 ++++++++-------- .../LicensingTypeDeserializer.java | 15 +++++------ .../deserializer/LifecycleDeserializer.java | 16 +++-------- .../deserializer/MetadataDeserializer.java | 27 +++++-------------- .../util/deserializer/NotesDeserializer.java | 14 +++++----- .../deserializer/OutputTypeDeserializer.java | 17 +++++------- .../deserializer/PropertiesDeserializer.java | 12 +++------ .../deserializer/ResolvesDeserializer.java | 13 ++++----- 10 files changed, 64 insertions(+), 103 deletions(-) diff --git a/src/main/java/org/cyclonedx/util/deserializer/HashesDeserializer.java b/src/main/java/org/cyclonedx/util/deserializer/HashesDeserializer.java index 297840b56..f1576ab9d 100644 --- a/src/main/java/org/cyclonedx/util/deserializer/HashesDeserializer.java +++ b/src/main/java/org/cyclonedx/util/deserializer/HashesDeserializer.java @@ -8,6 +8,7 @@ import com.fasterxml.jackson.databind.DeserializationContext; import com.fasterxml.jackson.databind.JsonDeserializer; import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.node.ArrayNode; import org.cyclonedx.model.Hash; public class HashesDeserializer @@ -26,14 +27,10 @@ public List deserialize(JsonParser parser, DeserializationContext context) private List parseHashes(JsonNode node) { List hashes = new ArrayList<>(); - if (node.isArray()) { - for (JsonNode resolvesNode : node) { - Hash hash = parseHash(resolvesNode); - hashes.add(hash); - } - } - else { - Hash hash = parseHash(node); + ArrayNode nodes = (node.isArray() ? (ArrayNode) node : new ArrayNode(null).add(node)); + + for (JsonNode resolvesNode : nodes) { + Hash hash = parseHash(resolvesNode); hashes.add(hash); } return hashes; diff --git a/src/main/java/org/cyclonedx/util/deserializer/InputTypeDeserializer.java b/src/main/java/org/cyclonedx/util/deserializer/InputTypeDeserializer.java index b1c16ba95..6be7de597 100644 --- a/src/main/java/org/cyclonedx/util/deserializer/InputTypeDeserializer.java +++ b/src/main/java/org/cyclonedx/util/deserializer/InputTypeDeserializer.java @@ -29,6 +29,7 @@ import com.fasterxml.jackson.databind.JsonDeserializer; import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.databind.node.ArrayNode; import org.cyclonedx.model.AttachmentText; import org.cyclonedx.model.Property; import org.cyclonedx.model.formulation.common.EnvVariableChoice; @@ -79,17 +80,13 @@ private void createInputDataInfo(JsonNode node, InputType inputType ) throws Jso List parameters = objectMapper.convertValue(parametersNode, new TypeReference>() {}); inputType.setParameters(parameters); } else if (node.has("environmentVars")) { - JsonNode environmentVarsNode = node.get("environmentVars"); + JsonNode nodes = node.get("environmentVars"); List environmentVars = new ArrayList<>(); - if (environmentVarsNode.isArray()) { - // if it's an array - for (JsonNode envVarNode : environmentVarsNode) { - EnvVariableChoice envVar = objectMapper.treeToValue(envVarNode, EnvVariableChoice.class); - environmentVars.add(envVar); - } - } else { - // if it's a single object - EnvVariableChoice envVar = objectMapper.treeToValue(environmentVarsNode, EnvVariableChoice.class); + + ArrayNode environmentVarsNode = (nodes.isArray() ? (ArrayNode) nodes : new ArrayNode(null).add(nodes)); + + for (JsonNode envVarNode : environmentVarsNode) { + EnvVariableChoice envVar = objectMapper.treeToValue(envVarNode, EnvVariableChoice.class); environmentVars.add(envVar); } inputType.setEnvironmentVars(environmentVars); diff --git a/src/main/java/org/cyclonedx/util/deserializer/LicenseDeserializer.java b/src/main/java/org/cyclonedx/util/deserializer/LicenseDeserializer.java index 45592d251..d4dd3b0b1 100644 --- a/src/main/java/org/cyclonedx/util/deserializer/LicenseDeserializer.java +++ b/src/main/java/org/cyclonedx/util/deserializer/LicenseDeserializer.java @@ -35,19 +35,20 @@ public LicenseChoice deserialize( final JsonParser p, final DeserializationContext ctxt) throws IOException { JsonNode rootNode = p.getCodec().readTree(p); + if (!rootNode.isEmpty()) { + ArrayNode nodes = (rootNode.isArray() ? (ArrayNode) rootNode : new ArrayNode(null).add(rootNode)); - ArrayNode nodes = (rootNode.isArray() ? (ArrayNode) rootNode : new ArrayNode(null).add(rootNode)); + for (JsonNode node : nodes) { + LicenseChoice licenseChoice = new LicenseChoice(); - for (JsonNode node : nodes) { - LicenseChoice licenseChoice = new LicenseChoice(); - - if (node.has("license")) { - processLicenseNode(p, node.get("license"), licenseChoice); - return licenseChoice; - } - else if (node.has("expression")) { - licenseChoice.setExpression(node.get("expression").asText()); - return licenseChoice; + if (node.has("license")) { + processLicenseNode(p, node.get("license"), licenseChoice); + return licenseChoice; + } + else if (node.has("expression")) { + licenseChoice.setExpression(node.get("expression").asText()); + return licenseChoice; + } } } return null; diff --git a/src/main/java/org/cyclonedx/util/deserializer/LicensingTypeDeserializer.java b/src/main/java/org/cyclonedx/util/deserializer/LicensingTypeDeserializer.java index 70301a702..e9ba0dea9 100644 --- a/src/main/java/org/cyclonedx/util/deserializer/LicensingTypeDeserializer.java +++ b/src/main/java/org/cyclonedx/util/deserializer/LicensingTypeDeserializer.java @@ -8,6 +8,7 @@ import com.fasterxml.jackson.databind.DeserializationContext; import com.fasterxml.jackson.databind.JsonDeserializer; import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.node.ArrayNode; import org.cyclonedx.model.Licensing.LicensingType; public class LicensingTypeDeserializer @@ -26,16 +27,14 @@ public List deserialize(JsonParser parser, DeserializationContext private List parseLicenseTypes(JsonNode node) { List types = new ArrayList<>(); - if (node.isArray()) { - for (JsonNode resolvesNode : node) { - LicensingType type = parseType(resolvesNode); - types.add(type); - } - } - else { - LicensingType type = parseType(node); + + ArrayNode nodes = (node.isArray() ? (ArrayNode) node : new ArrayNode(null).add(node)); + + for (JsonNode resolvesNode : nodes) { + LicensingType type = parseType(resolvesNode); types.add(type); } + return types; } diff --git a/src/main/java/org/cyclonedx/util/deserializer/LifecycleDeserializer.java b/src/main/java/org/cyclonedx/util/deserializer/LifecycleDeserializer.java index b8d45cc9c..5dfcbc84d 100644 --- a/src/main/java/org/cyclonedx/util/deserializer/LifecycleDeserializer.java +++ b/src/main/java/org/cyclonedx/util/deserializer/LifecycleDeserializer.java @@ -26,6 +26,7 @@ import com.fasterxml.jackson.databind.DeserializationContext; import com.fasterxml.jackson.databind.JsonDeserializer; import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.node.ArrayNode; import org.cyclonedx.model.LifecycleChoice; import org.cyclonedx.model.LifecycleChoice.Phase; import org.cyclonedx.model.Lifecycles; @@ -45,18 +46,9 @@ public Lifecycles deserialize(JsonParser jsonParser, DeserializationContext dese } if (node != null) { - // If it's an array of lifecycle - if (node.isArray()) { - for (JsonNode choiceNode : node) { - LifecycleChoice choice = createLifecycleChoice(choiceNode); - if (choice != null) { - choices.add(choice); - } - } - } - // If it's a single lifecycle - else { - LifecycleChoice choice = createLifecycleChoice(node); + ArrayNode nodes = (node.isArray() ? (ArrayNode) node : new ArrayNode(null).add(node)); + for (JsonNode choiceNode : nodes) { + LifecycleChoice choice = createLifecycleChoice(choiceNode); if (choice != null) { choices.add(choice); } diff --git a/src/main/java/org/cyclonedx/util/deserializer/MetadataDeserializer.java b/src/main/java/org/cyclonedx/util/deserializer/MetadataDeserializer.java index e90f4cb26..ce10becb6 100644 --- a/src/main/java/org/cyclonedx/util/deserializer/MetadataDeserializer.java +++ b/src/main/java/org/cyclonedx/util/deserializer/MetadataDeserializer.java @@ -4,11 +4,8 @@ import java.text.ParseException; import java.text.SimpleDateFormat; import java.util.Date; -import java.util.Iterator; import java.util.List; import java.util.ArrayList; -import java.util.Map; -import java.util.Map.Entry; import java.util.Collections; import com.fasterxml.jackson.core.JsonParser; @@ -37,6 +34,8 @@ public class MetadataDeserializer private final LifecycleDeserializer lifecycleDeserializer = new LifecycleDeserializer(); + private final PropertiesDeserializer propertiesDeserializer = new PropertiesDeserializer(); + @Override public Metadata deserialize(JsonParser jsonParser, DeserializationContext ctxt) throws IOException { JsonNode node = jsonParser.getCodec().readTree(jsonParser); @@ -90,23 +89,11 @@ public Metadata deserialize(JsonParser jsonParser, DeserializationContext ctxt) } } - if(node.has("properties")) { - JsonNode propertiesNode = node.get("properties"); - - if (propertiesNode.isObject()) { - List properties = new ArrayList<>(); - Iterator> fields = propertiesNode.fields(); - while (fields.hasNext()) { - Map.Entry field = fields.next(); - if (field.getValue().isArray()) { - for (JsonNode propertyNode : field.getValue()) { - Property property = mapper.convertValue(propertyNode, Property.class); - properties.add(property); - } - } - } - metadata.setProperties(properties); - } + if (node.has("properties")) { + JsonParser propertiesParser = node.get("properties").traverse(jsonParser.getCodec()); + propertiesParser.nextToken(); + List properties = propertiesDeserializer.deserialize(propertiesParser, ctxt); + metadata.setProperties(properties); } JsonNode toolsNode = node.get("tools"); diff --git a/src/main/java/org/cyclonedx/util/deserializer/NotesDeserializer.java b/src/main/java/org/cyclonedx/util/deserializer/NotesDeserializer.java index 0aba07fce..d3e1cea4f 100644 --- a/src/main/java/org/cyclonedx/util/deserializer/NotesDeserializer.java +++ b/src/main/java/org/cyclonedx/util/deserializer/NotesDeserializer.java @@ -10,6 +10,7 @@ import com.fasterxml.jackson.databind.JsonDeserializer; import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.databind.node.ArrayNode; import org.cyclonedx.model.AttachmentText; import org.cyclonedx.model.ReleaseNotes.Notes; @@ -29,15 +30,12 @@ public List deserialize(JsonParser parser, DeserializationContext context } } - private List parseNode (JsonNode node) throws JsonProcessingException { + private List parseNode(JsonNode node) throws JsonProcessingException { List list = new ArrayList<>(); - if (node.isArray()) { - for (JsonNode noteNode : node) { - Notes notes = parseNotes(noteNode); - list.add(notes); - } - } else { - Notes notes = parseNotes(node); + + ArrayNode nodes = (node.isArray() ? (ArrayNode) node : new ArrayNode(null).add(node)); + for (JsonNode noteNode : nodes) { + Notes notes = parseNotes(noteNode); list.add(notes); } return list; diff --git a/src/main/java/org/cyclonedx/util/deserializer/OutputTypeDeserializer.java b/src/main/java/org/cyclonedx/util/deserializer/OutputTypeDeserializer.java index 53a5f3264..4cd445aa7 100644 --- a/src/main/java/org/cyclonedx/util/deserializer/OutputTypeDeserializer.java +++ b/src/main/java/org/cyclonedx/util/deserializer/OutputTypeDeserializer.java @@ -29,6 +29,7 @@ import com.fasterxml.jackson.databind.JsonDeserializer; import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.databind.node.ArrayNode; import org.cyclonedx.model.AttachmentText; import org.cyclonedx.model.Property; import org.cyclonedx.model.formulation.common.EnvVariableChoice; @@ -82,17 +83,13 @@ private void createOutputDataInfo(JsonNode node, OutputType outputType) throws J ResourceReferenceChoice resource = objectMapper.treeToValue(resourceNode, ResourceReferenceChoice.class); outputType.setResource(resource); } else if (node.has("environmentVars")) { - JsonNode environmentVarsNode = node.get("environmentVars"); + JsonNode nodes = node.get("environmentVars"); List environmentVars = new ArrayList<>(); - if (environmentVarsNode.isArray()) { - // if it's an array - for (JsonNode envVarNode : environmentVarsNode) { - EnvVariableChoice envVar = objectMapper.treeToValue(envVarNode, EnvVariableChoice.class); - environmentVars.add(envVar); - } - } else { - // if it's a single object - EnvVariableChoice envVar = objectMapper.treeToValue(environmentVarsNode, EnvVariableChoice.class); + + ArrayNode environmentVarsNode = (nodes.isArray() ? (ArrayNode) nodes : new ArrayNode(null).add(nodes)); + + for (JsonNode envVarNode : environmentVarsNode) { + EnvVariableChoice envVar = objectMapper.treeToValue(envVarNode, EnvVariableChoice.class); environmentVars.add(envVar); } outputType.setEnvironmentVars(environmentVars); diff --git a/src/main/java/org/cyclonedx/util/deserializer/PropertiesDeserializer.java b/src/main/java/org/cyclonedx/util/deserializer/PropertiesDeserializer.java index c03e7ac19..b1b8a94bf 100644 --- a/src/main/java/org/cyclonedx/util/deserializer/PropertiesDeserializer.java +++ b/src/main/java/org/cyclonedx/util/deserializer/PropertiesDeserializer.java @@ -8,6 +8,7 @@ import com.fasterxml.jackson.databind.DeserializationContext; import com.fasterxml.jackson.databind.JsonDeserializer; import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.node.ArrayNode; import org.cyclonedx.model.Property; public class PropertiesDeserializer @@ -29,14 +30,9 @@ public List deserialize(JsonParser p, DeserializationContext ctxt) thr private List parseProperties(JsonNode node, JsonParser p, DeserializationContext ctxt) throws IOException { List properties = new ArrayList<>(); - if (node.isArray()) { - for (JsonNode resolvesNode : node) { - Property type = parseProperty(resolvesNode, p, ctxt); - properties.add(type); - } - } - else { - Property type = parseProperty(node, p, ctxt); + ArrayNode nodes = (node.isArray() ? (ArrayNode) node : new ArrayNode(null).add(node)); + for (JsonNode resolvesNode : nodes) { + Property type = parseProperty(resolvesNode, p, ctxt); properties.add(type); } return properties; diff --git a/src/main/java/org/cyclonedx/util/deserializer/ResolvesDeserializer.java b/src/main/java/org/cyclonedx/util/deserializer/ResolvesDeserializer.java index 1d3861e1c..583dc888f 100644 --- a/src/main/java/org/cyclonedx/util/deserializer/ResolvesDeserializer.java +++ b/src/main/java/org/cyclonedx/util/deserializer/ResolvesDeserializer.java @@ -9,6 +9,7 @@ import com.fasterxml.jackson.databind.JsonDeserializer; import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.databind.node.ArrayNode; import org.cyclonedx.model.ReleaseNotes.Resolves; import org.cyclonedx.model.Source; @@ -31,14 +32,10 @@ public List deserialize(JsonParser parser, DeserializationContext cont private List parseResolvesNode(JsonNode node) { List resolvesList = new ArrayList<>(); - if (node.isArray()) { - for (JsonNode resolvesNode : node) { - Resolves resolves = parseResolves(resolvesNode); - resolvesList.add(resolves); - } - } - else { - Resolves resolves = parseResolves(node); + ArrayNode nodes = (node.isArray() ? (ArrayNode) node : new ArrayNode(null).add(node)); + + for (JsonNode resolvesNode : nodes) { + Resolves resolves = parseResolves(resolvesNode); resolvesList.add(resolves); } return resolvesList; From 16a22e9557ca2d47e721551c189006c3ab711003 Mon Sep 17 00:00:00 2001 From: Alex Alzate Date: Wed, 23 Aug 2023 19:44:05 -0500 Subject: [PATCH 39/40] 1.5_add_support_for_evidence --- .../java/org/cyclonedx/model/Evidence.java | 49 +++++++++- .../java/org/cyclonedx/model/Licensing.java | 1 - .../model/component/evidence/Callstack.java | 27 ++++++ .../model/component/evidence/Frame.java | 88 ++++++++++++++++++ .../model/component/evidence/Identity.java | 91 +++++++++++++++++++ .../model/component/evidence/Method.java | 79 ++++++++++++++++ .../model/component/evidence/Occurrence.java | 34 +++++++ .../cyclonedx/parsers/AbstractParserTest.java | 62 ++++++++++++- src/test/resources/bom-1.5.json | 30 ++++++ src/test/resources/bom-1.5.xml | 27 ++++++ 10 files changed, 479 insertions(+), 9 deletions(-) create mode 100644 src/main/java/org/cyclonedx/model/component/evidence/Callstack.java create mode 100644 src/main/java/org/cyclonedx/model/component/evidence/Frame.java create mode 100644 src/main/java/org/cyclonedx/model/component/evidence/Identity.java create mode 100644 src/main/java/org/cyclonedx/model/component/evidence/Method.java create mode 100644 src/main/java/org/cyclonedx/model/component/evidence/Occurrence.java diff --git a/src/main/java/org/cyclonedx/model/Evidence.java b/src/main/java/org/cyclonedx/model/Evidence.java index b3154dd8b..3d1fc8d01 100644 --- a/src/main/java/org/cyclonedx/model/Evidence.java +++ b/src/main/java/org/cyclonedx/model/Evidence.java @@ -25,21 +25,37 @@ import com.fasterxml.jackson.databind.annotation.JsonDeserialize; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; +import org.cyclonedx.model.component.evidence.Callstack; +import org.cyclonedx.model.component.evidence.Identity; +import org.cyclonedx.model.component.evidence.Occurrence; import org.cyclonedx.util.deserializer.LicenseDeserializer; + import java.util.ArrayList; import java.util.List; @SuppressWarnings("unused") @JsonIgnoreProperties(ignoreUnknown = true) @JsonInclude(JsonInclude.Include.NON_EMPTY) -@JsonPropertyOrder({"licenses", "copyright"}) -public class Evidence extends ExtensibleElement { - +@JsonPropertyOrder({"identity", "occurrences", "callstack", "licenses", "copyright"}) +public class Evidence + extends ExtensibleElement +{ private LicenseChoice license; + private List copyright; + @VersionFilter(versions = {"1.0", "1.1", "1.2", "1.3", "1.4"}) + private Identity identity; + + @VersionFilter(versions = {"1.0", "1.1", "1.2", "1.3", "1.4"}) + private List occurrences; + + @VersionFilter(versions = {"1.0", "1.1", "1.2", "1.3", "1.4"}) + private Callstack callstack; + @JacksonXmlProperty(localName = "licenses") @JsonProperty("licenses") + @JsonDeserialize(using = LicenseDeserializer.class) public LicenseChoice getLicenseChoice() { return license; } @@ -63,4 +79,31 @@ public void addCopyright(Copyright copyright) { } this.copyright.add(copyright); } + + public Identity getIdentity() { + return identity; + } + + public void setIdentity(final Identity identity) { + this.identity = identity; + } + + @JsonProperty("occurrences") + @JacksonXmlElementWrapper(localName = "occurrences") + @JacksonXmlProperty(localName = "occurrence") + public List getOccurrences() { + return occurrences; + } + + public void setOccurrences(final List occurrences) { + this.occurrences = occurrences; + } + + public Callstack getCallstack() { + return callstack; + } + + public void setCallstack(final Callstack callstack) { + this.callstack = callstack; + } } diff --git a/src/main/java/org/cyclonedx/model/Licensing.java b/src/main/java/org/cyclonedx/model/Licensing.java index f8839369e..3140fcc75 100644 --- a/src/main/java/org/cyclonedx/model/Licensing.java +++ b/src/main/java/org/cyclonedx/model/Licensing.java @@ -32,7 +32,6 @@ import com.fasterxml.jackson.databind.annotation.JsonSerialize; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; -import org.cyclonedx.model.LifecycleChoice.Phase; import org.cyclonedx.util.deserializer.LicensingTypeDeserializer; import org.cyclonedx.util.deserializer.OrganizationalChoiceDeserializer; import org.cyclonedx.util.deserializer.StringListDeserializer; diff --git a/src/main/java/org/cyclonedx/model/component/evidence/Callstack.java b/src/main/java/org/cyclonedx/model/component/evidence/Callstack.java new file mode 100644 index 000000000..1681a61f5 --- /dev/null +++ b/src/main/java/org/cyclonedx/model/component/evidence/Callstack.java @@ -0,0 +1,27 @@ +package org.cyclonedx.model.component.evidence; + +import java.util.List; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; + +@JsonIgnoreProperties(ignoreUnknown = true) +@JsonInclude(JsonInclude.Include.NON_EMPTY) +public class Callstack +{ + private List frames; + + @JacksonXmlElementWrapper(localName = "frames") + @JacksonXmlProperty(localName = "frame") + @JsonProperty("frames") + public List getFrames() { + return frames; + } + + public void setFrames(final List frames) { + this.frames = frames; + } +} \ No newline at end of file diff --git a/src/main/java/org/cyclonedx/model/component/evidence/Frame.java b/src/main/java/org/cyclonedx/model/component/evidence/Frame.java new file mode 100644 index 000000000..2f0c6a7db --- /dev/null +++ b/src/main/java/org/cyclonedx/model/component/evidence/Frame.java @@ -0,0 +1,88 @@ +package org.cyclonedx.model.component.evidence; + +import java.util.List; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; +import org.cyclonedx.model.ExtensibleElement; + +@JsonIgnoreProperties(ignoreUnknown = true) +@JsonInclude(JsonInclude.Include.NON_EMPTY) +public class Frame extends ExtensibleElement +{ + private String packageFrame; + + private String module; + + private String function; + + private List parameters; + + private Integer line; + + private Integer column; + + private String fullFilename; + + public String getPackageFrame() { + return packageFrame; + } + + public void setPackageFrame(final String packageFrame) { + this.packageFrame = packageFrame; + } + + public String getModule() { + return module; + } + + public void setModule(final String module) { + this.module = module; + } + + public String getFunction() { + return function; + } + + public void setFunction(final String function) { + this.function = function; + } + + @JsonProperty("parameters") + @JacksonXmlElementWrapper(localName = "parameters") + @JacksonXmlProperty(localName = "parameter") + public List getParameters() { + return parameters; + } + + public void setParameters(final List parameters) { + this.parameters = parameters; + } + + public Integer getLine() { + return line; + } + + public void setLine(final Integer line) { + this.line = line; + } + + public Integer getColumn() { + return column; + } + + public void setColumn(final Integer column) { + this.column = column; + } + + public String getFullFilename() { + return fullFilename; + } + + public void setFullFilename(final String fullFilename) { + this.fullFilename = fullFilename; + } +} \ No newline at end of file diff --git a/src/main/java/org/cyclonedx/model/component/evidence/Identity.java b/src/main/java/org/cyclonedx/model/component/evidence/Identity.java new file mode 100644 index 000000000..11bac246c --- /dev/null +++ b/src/main/java/org/cyclonedx/model/component/evidence/Identity.java @@ -0,0 +1,91 @@ +package org.cyclonedx.model.component.evidence; + +import java.util.List; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.annotation.JsonPropertyOrder; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; +import org.cyclonedx.model.BomReference; +import org.cyclonedx.model.ExtensibleElement; + +@JsonIgnoreProperties(ignoreUnknown = true) +@JsonInclude(JsonInclude.Include.NON_EMPTY) +@JsonPropertyOrder({"field", "confidence", "methods", "tools"}) +public class Identity extends ExtensibleElement +{ + public Field field; + + public Double confidence; + + public List methods; + + public List tools; + + public enum Field { + @JsonProperty("group") + GROUP("group"), + @JsonProperty("name") + NAME("name"), + @JsonProperty("version") + VERSION("version"), + @JsonProperty("purl") + PURL("purl"), + @JsonProperty("cpe") + CPE( "cpe"), + @JsonProperty("swid") + SWID("swid"), + @JsonProperty("hash") + HASH( "hash"); + + private final String name; + + public String getTypeName() { + return this.name; + } + + Field(String name) { + this.name = name; + } + } + + public Field getField() { + return field; + } + + public void setField(final Field field) { + this.field = field; + } + + public Double getConfidence() { + return confidence; + } + + public void setConfidence(final Double confidence) { + this.confidence = confidence; + } + + @JsonProperty("methods") + @JacksonXmlElementWrapper(localName = "methods") + @JacksonXmlProperty(localName = "method") + public List getMethods() { + return methods; + } + + public void setMethods(final List methods) { + this.methods = methods; + } + + @JsonProperty("tools") + @JacksonXmlElementWrapper(localName = "tools") + @JacksonXmlProperty(localName = "tool") + public List getTools() { + return tools; + } + + public void setTools(final List tools) { + this.tools = tools; + } +} diff --git a/src/main/java/org/cyclonedx/model/component/evidence/Method.java b/src/main/java/org/cyclonedx/model/component/evidence/Method.java new file mode 100644 index 000000000..c6c362677 --- /dev/null +++ b/src/main/java/org/cyclonedx/model/component/evidence/Method.java @@ -0,0 +1,79 @@ +package org.cyclonedx.model.component.evidence; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.annotation.JsonPropertyOrder; +import org.cyclonedx.model.ExtensibleElement; + +@JsonIgnoreProperties(ignoreUnknown = true) +@JsonInclude(JsonInclude.Include.NON_EMPTY) +@JsonPropertyOrder({"technique", "confidence", "value"}) +public class Method + extends ExtensibleElement +{ + + private Technique technique; + + private Double confidence; + + private String value; + + public Technique getTechnique() { + return technique; + } + + public void setTechnique(final Technique technique) { + this.technique = technique; + } + + public Double getConfidence() { + return confidence; + } + + public void setConfidence(final Double confidence) { + this.confidence = confidence; + } + + public String getValue() { + return value; + } + + public void setValue(final String value) { + this.value = value; + } + + public enum Technique { + + @JsonProperty("source-code-analysis") + SOURCE_CODE_ANALYSIS("source-code-analysis"), + @JsonProperty("binary-analysis") + BINARY_ANALYSIS( "binary-analysis"), + @JsonProperty("manifest-analysis") + MANIFEST_ANALYSIS("manifest-analysis"), + @JsonProperty("ast-fingerprint") + AST_FINGERPRINT("ast-fingerprint"), + @JsonProperty("hash-comparison") + HASH_COMPARISON("hash-comparison"), + @JsonProperty("instrumentation") + INSTRUMENTATION("instrumentation"), + @JsonProperty("dynamic-analysis") + DYNAMIC_ANALYSIS("dynamic-analysis"), + @JsonProperty("filename") + FILENAME("filename"), + @JsonProperty("attestation") + ATTESTATION("attestation"), + @JsonProperty("other") + OTHER("other"); + + private final String name; + + public String getTypeName() { + return this.name; + } + + Technique(String name) { + this.name = name; + } + } +} \ No newline at end of file diff --git a/src/main/java/org/cyclonedx/model/component/evidence/Occurrence.java b/src/main/java/org/cyclonedx/model/component/evidence/Occurrence.java new file mode 100644 index 000000000..895f0ca35 --- /dev/null +++ b/src/main/java/org/cyclonedx/model/component/evidence/Occurrence.java @@ -0,0 +1,34 @@ +package org.cyclonedx.model.component.evidence; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; +import org.cyclonedx.model.ExtensibleElement; + +@JsonIgnoreProperties(ignoreUnknown = true) +@JsonInclude(JsonInclude.Include.NON_EMPTY) +public class Occurrence extends ExtensibleElement +{ + @JacksonXmlProperty(isAttribute = true, localName = "bom-ref") + @JsonProperty("bom-ref") + private String bomRef; + + private String location; + + public String getBomRef() { + return bomRef; + } + + public void setBomRef(final String bomRef) { + this.bomRef = bomRef; + } + + public String getLocation() { + return location; + } + + public void setLocation(final String location) { + this.location = location; + } +} diff --git a/src/test/java/org/cyclonedx/parsers/AbstractParserTest.java b/src/test/java/org/cyclonedx/parsers/AbstractParserTest.java index eb3526eef..c6615817b 100644 --- a/src/test/java/org/cyclonedx/parsers/AbstractParserTest.java +++ b/src/test/java/org/cyclonedx/parsers/AbstractParserTest.java @@ -33,6 +33,7 @@ import org.cyclonedx.model.Component.Type; import org.cyclonedx.model.Composition; import org.cyclonedx.model.Composition.Aggregate; +import org.cyclonedx.model.Evidence; import org.cyclonedx.model.ExternalReference; import org.cyclonedx.model.License; import org.cyclonedx.model.LicenseChoice; @@ -50,6 +51,10 @@ import org.cyclonedx.model.Service; import org.cyclonedx.model.ServiceData; import org.cyclonedx.model.Tool; +import org.cyclonedx.model.component.evidence.Callstack; +import org.cyclonedx.model.component.evidence.Frame; +import org.cyclonedx.model.component.evidence.Identity; +import org.cyclonedx.model.component.evidence.Occurrence; import org.cyclonedx.model.formulation.Formula; import org.cyclonedx.model.formulation.Workflow; import org.cyclonedx.model.formulation.common.InputType; @@ -648,12 +653,59 @@ void assertComponent(final Bom bom, final Version version) { } //Evidence - assertNotNull(component.getEvidence()); - assertEquals("Copyright 2012 Google Inc. All Rights Reserved.", - component.getEvidence().getCopyright().get(0).getText()); - assertEquals("Apache-2.0", component.getEvidence().getLicenseChoice().getLicenses().get(0).getId()); + assertEvidence(component.getEvidence(), version); + } + + private void assertEvidence(final Evidence evidence, final Version version) { + assertNotNull(evidence); + assertEquals("Copyright 2012 Google Inc. All Rights Reserved.", evidence.getCopyright().get(0).getText()); + assertEquals("Apache-2.0", evidence.getLicenseChoice().getLicenses().get(0).getId()); assertEquals("http://www.apache.org/licenses/LICENSE-2.0", - component.getEvidence().getLicenseChoice().getLicenses().get(0).getUrl()); + evidence.getLicenseChoice().getLicenses().get(0).getUrl()); + + if(version== Version.VERSION_15) { + assertCallStack(evidence.getCallstack()); + assertOccurrences(evidence.getOccurrences()); + assertIdentity(evidence.getIdentity()); + } else { + assertNull(evidence.getCallstack()); + assertNull(evidence.getIdentity()); + assertNull(evidence.getOccurrences()); + } + } + + private void assertOccurrences(final List occurrences){ + assertEquals(occurrences.size(), 1); + Occurrence occurrence = occurrences.get(0); + + assertNotNull(occurrence.getBomRef()); + assertNotNull(occurrence.getLocation()); + } + + private void assertCallStack(final Callstack callstack){ + assertNotNull(callstack); + + assertEquals(callstack.getFrames().size(), 1); + Frame frame = callstack.getFrames().get(0); + + assertNotNull(frame.getColumn()); + assertNotNull(frame.getLine()); + assertNull(frame.getPackageFrame()); + assertNull(frame.getFunction()); + assertNull(frame.getFullFilename()); + assertNull(frame.getParameters()); + assertNotNull(frame.getModule()); + } + + private void assertIdentity(final Identity identity){ + assertNotNull(identity); + + assertNotNull(identity.getField()); + assertNotNull(identity.getConfidence()); + assertNotNull(identity.getMethods()); + assertNotNull(identity.getTools()); + + assertNotNull(identity.getTools().get(0).getRef()); } private void assertSecurityContact(ExternalReference externalReference) { diff --git a/src/test/resources/bom-1.5.json b/src/test/resources/bom-1.5.json index a52f87c8c..e65f064f0 100644 --- a/src/test/resources/bom-1.5.json +++ b/src/test/resources/bom-1.5.json @@ -250,6 +250,36 @@ } ], "evidence": { + "identity": { + "field": "purl", + "confidence": 1, + "methods": [ + { + "technique": "manifest-analysis", + "confidence": 1 + } + ], + "tools": [ + { + "ref": "test" + } + ] + }, + "occurrences": [ + { + "bom-ref": "test", + "location": "file" + } + ], + "callstack": { + "frames": [ + { + "module": "test", + "line": 1, + "column": 1 + } + ] + }, "licenses": [ { "license": { diff --git a/src/test/resources/bom-1.5.xml b/src/test/resources/bom-1.5.xml index 074cc227c..c0c9f517e 100644 --- a/src/test/resources/bom-1.5.xml +++ b/src/test/resources/bom-1.5.xml @@ -171,6 +171,33 @@ + + purl + 1 + + + manifest-analysis + 1 + + + + + + + + + file + + + + + + test + 1 + 1 + + + Apache-2.0 From b6a3ca0fec9278ef8c02cd039533c229ffecb17b Mon Sep 17 00:00:00 2001 From: nscuro Date: Wed, 6 Sep 2023 00:15:53 +0200 Subject: [PATCH 40/40] Fix failure to deserialize `externalReferences` from XML Deserialization would previously fail with the following exception: ``` org.cyclonedx.exception.ParseException: com.fasterxml.jackson.databind.JsonMappingException: Cannot deserialize value of type `java.util.ArrayList` from Object value (token `JsonToken.START_OBJECT`) at [Source: UNKNOWN; byte offset: #UNKNOWN] (through reference chain: org.cyclonedx.model.Component["externalReferences"]) (through reference chain: org.cyclonedx.model.Bom["metadata"]) ``` Thanks to @mr-zepol for nudging me into the right direction. Signed-off-by: nscuro --- src/main/java/org/cyclonedx/model/Bom.java | 2 + .../java/org/cyclonedx/model/Component.java | 2 + .../cyclonedx/model/ExternalReference.java | 9 +++ .../java/org/cyclonedx/model/Service.java | 2 + src/main/java/org/cyclonedx/model/Tool.java | 2 + .../ExternalReferencesDeserializer.java | 75 +++++++++++++++++++ .../1.5/valid-external-reference-1.5.json | 33 ++++++++ .../1.5/valid-external-reference-1.5.xml | 24 ++++++ .../valid-metadata-tool-deprecated-1.5.json | 13 ++++ .../valid-metadata-tool-deprecated-1.5.xml | 9 +++ 10 files changed, 171 insertions(+) create mode 100644 src/main/java/org/cyclonedx/util/deserializer/ExternalReferencesDeserializer.java diff --git a/src/main/java/org/cyclonedx/model/Bom.java b/src/main/java/org/cyclonedx/model/Bom.java index 3f071370f..9fba6c692 100644 --- a/src/main/java/org/cyclonedx/model/Bom.java +++ b/src/main/java/org/cyclonedx/model/Bom.java @@ -32,6 +32,7 @@ import org.cyclonedx.model.formulation.Formula; import org.cyclonedx.model.vulnerability.Vulnerability; import org.cyclonedx.util.deserializer.DependencyDeserializer; +import org.cyclonedx.util.deserializer.ExternalReferencesDeserializer; import org.cyclonedx.util.deserializer.VulnerabilityDeserializer; @SuppressWarnings("unused") @@ -73,6 +74,7 @@ public class Bom extends ExtensibleElement { private DependencyList dependencies; @VersionFilter(versions = {"1.0"}) + @JsonDeserialize(using = ExternalReferencesDeserializer.class) private List externalReferences; @VersionFilter(versions = {"1.0", "1.1", "1.2"}) diff --git a/src/main/java/org/cyclonedx/model/Component.java b/src/main/java/org/cyclonedx/model/Component.java index f0ae71934..2fe1af970 100644 --- a/src/main/java/org/cyclonedx/model/Component.java +++ b/src/main/java/org/cyclonedx/model/Component.java @@ -24,6 +24,7 @@ import org.cyclonedx.model.component.ModelCard; import org.cyclonedx.model.component.modelCard.ComponentData; +import org.cyclonedx.util.deserializer.ExternalReferencesDeserializer; import org.cyclonedx.util.deserializer.HashesDeserializer; import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonInclude; @@ -345,6 +346,7 @@ public void setPedigree(Pedigree pedigree) { @JacksonXmlElementWrapper(localName = "externalReferences") @JacksonXmlProperty(localName = "reference") + @JsonDeserialize(using = ExternalReferencesDeserializer.class) public List getExternalReferences() { return externalReferences; } diff --git a/src/main/java/org/cyclonedx/model/ExternalReference.java b/src/main/java/org/cyclonedx/model/ExternalReference.java index c3e8b11ec..684e0688d 100644 --- a/src/main/java/org/cyclonedx/model/ExternalReference.java +++ b/src/main/java/org/cyclonedx/model/ExternalReference.java @@ -124,6 +124,15 @@ public String getTypeName() { Type(String name) { this.name = name; } + + public static Type fromString(String text) { + for (Type t : Type.values()) { + if (t.name.equals(text)) { + return t; + } + } + return null; + } } private String url; diff --git a/src/main/java/org/cyclonedx/model/Service.java b/src/main/java/org/cyclonedx/model/Service.java index 42f5c46ab..90d0d58b2 100644 --- a/src/main/java/org/cyclonedx/model/Service.java +++ b/src/main/java/org/cyclonedx/model/Service.java @@ -25,6 +25,7 @@ import com.fasterxml.jackson.databind.annotation.JsonDeserialize; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; +import org.cyclonedx.util.deserializer.ExternalReferencesDeserializer; import org.cyclonedx.util.deserializer.StringListDeserializer; import java.util.ArrayList; @@ -187,6 +188,7 @@ public void setLicense(LicenseChoice license) { @JacksonXmlElementWrapper(localName = "externalReferences") @JacksonXmlProperty(localName = "reference") + @JsonDeserialize(using = ExternalReferencesDeserializer.class) public List getExternalReferences() { return externalReferences; } diff --git a/src/main/java/org/cyclonedx/model/Tool.java b/src/main/java/org/cyclonedx/model/Tool.java index 1e4373549..c0506899e 100644 --- a/src/main/java/org/cyclonedx/model/Tool.java +++ b/src/main/java/org/cyclonedx/model/Tool.java @@ -26,6 +26,7 @@ import com.fasterxml.jackson.databind.annotation.JsonDeserialize; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; +import org.cyclonedx.util.deserializer.ExternalReferencesDeserializer; import org.cyclonedx.util.deserializer.HashesDeserializer; @JsonIgnoreProperties(ignoreUnknown = true) @@ -77,6 +78,7 @@ public void setHashes(List hashes) { @JacksonXmlElementWrapper(localName = "externalReferences") @JacksonXmlProperty(localName = "reference") + @JsonDeserialize(using = ExternalReferencesDeserializer.class) public List getExternalReferences() { return externalReferences; } diff --git a/src/main/java/org/cyclonedx/util/deserializer/ExternalReferencesDeserializer.java b/src/main/java/org/cyclonedx/util/deserializer/ExternalReferencesDeserializer.java new file mode 100644 index 000000000..68f42f3f1 --- /dev/null +++ b/src/main/java/org/cyclonedx/util/deserializer/ExternalReferencesDeserializer.java @@ -0,0 +1,75 @@ +/* + * This file is part of CycloneDX Core (Java). + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * Copyright (c) OWASP Foundation. All Rights Reserved. + */ +package org.cyclonedx.util.deserializer; + +import com.fasterxml.jackson.core.JsonParser; +import com.fasterxml.jackson.databind.DeserializationContext; +import com.fasterxml.jackson.databind.JsonDeserializer; +import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.node.ArrayNode; +import org.cyclonedx.model.ExternalReference; + +import java.io.IOException; +import java.util.ArrayList; +import java.util.List; + +public class ExternalReferencesDeserializer extends JsonDeserializer> { + + private final HashesDeserializer hashesDeserializer = new HashesDeserializer(); + + @Override + public List deserialize(JsonParser parser, DeserializationContext context) throws IOException { + JsonNode node = parser.getCodec().readTree(parser); + if (node.has("reference")) { + return parseExternalReferences(node.get("reference"), parser, context); + } else { + return parseExternalReferences(node, parser, context); + } + } + + private List parseExternalReferences(JsonNode node, JsonParser p, DeserializationContext ctxt) throws IOException { + List references = new ArrayList<>(); + ArrayNode nodes = (node.isArray() ? (ArrayNode) node : new ArrayNode(null).add(node)); + for (JsonNode resolvesNode : nodes) { + ExternalReference type = parseExternalReference(resolvesNode, p, ctxt); + references.add(type); + } + return references; + } + + private ExternalReference parseExternalReference(JsonNode node, JsonParser p, DeserializationContext ctxt) throws IOException { + ExternalReference reference = new ExternalReference(); + if (node.has("url")) { + reference.setUrl(node.get("url").asText()); + } + if (node.has("type")) { + reference.setType(ExternalReference.Type.fromString(node.get("type").asText())); + } + if (node.has("comment")) { + reference.setComment(node.get("comment").asText()); + } + if (node.has("hashes")) { + JsonParser hashesParser = node.get("hashes").traverse(p.getCodec()); + hashesParser.nextToken(); + reference.setHashes(hashesDeserializer.deserialize(hashesParser, ctxt)); + } + return reference; + } + +} diff --git a/src/test/resources/1.5/valid-external-reference-1.5.json b/src/test/resources/1.5/valid-external-reference-1.5.json index 78a3eb63f..fc3c94940 100644 --- a/src/test/resources/1.5/valid-external-reference-1.5.json +++ b/src/test/resources/1.5/valid-external-reference-1.5.json @@ -3,6 +3,26 @@ "specVersion": "1.5", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, + "metadata": { + "component": { + "type": "application", + "name": "myapp", + "version": "1.0.0", + "externalReferences": [ + { + "type": "bom", + "url": "https://example.org/support/sbom/portal-server/1.0.0", + "comment": "An external SBOM that describes what this component includes", + "hashes": [ + { + "alg": "SHA-256", + "content": "708f1f53b41f11f02d12a11b1a38d2905d47b099afc71a0f1124ef8582ec7313" + } + ] + } + ] + } + }, "components": [ { "type": "library", @@ -34,5 +54,18 @@ } ] } + ], + "externalReferences": [ + { + "type": "bom", + "url": "https://example.org/support/external-file", + "comment": "An external file that is distributed alongside this BOM", + "hashes": [ + { + "alg": "SHA-256", + "content": "708f1f53b41f11f02d12a11b1a38d2905d47b099afc71a0f1124ef8582ec7313" + } + ] + } ] } diff --git a/src/test/resources/1.5/valid-external-reference-1.5.xml b/src/test/resources/1.5/valid-external-reference-1.5.xml index 0599884bb..f3cf3cff5 100644 --- a/src/test/resources/1.5/valid-external-reference-1.5.xml +++ b/src/test/resources/1.5/valid-external-reference-1.5.xml @@ -1,5 +1,20 @@ + + + myapp + 1.0.0 + + + https://example.org/support/sbom/portal-server/1.0.0 + An external SBOM that describes what this component includes + + f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b + + + + + org.example @@ -24,4 +39,13 @@ + + + https://example.org/support/external-file + An external file that is distributed alongside this BOM + + f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b + + + diff --git a/src/test/resources/1.5/valid-metadata-tool-deprecated-1.5.json b/src/test/resources/1.5/valid-metadata-tool-deprecated-1.5.json index 81e908a98..b692d9238 100644 --- a/src/test/resources/1.5/valid-metadata-tool-deprecated-1.5.json +++ b/src/test/resources/1.5/valid-metadata-tool-deprecated-1.5.json @@ -18,6 +18,19 @@ "alg": "SHA-256", "content": "a74f733635a19aefb1f73e5947cef59cd7440c6952ef0f03d09d974274cbd6df" } + ], + "externalReferences": [ + { + "type": "bom", + "url": "https://example.org/support/sbom/awesome-tool/9.1.2", + "comment": "An external SBOM that describes what this tool includes", + "hashes": [ + { + "alg": "SHA-256", + "content": "708f1f53b41f11f02d12a11b1a38d2905d47b099afc71a0f1124ef8582ec7313" + } + ] + } ] } ] diff --git a/src/test/resources/1.5/valid-metadata-tool-deprecated-1.5.xml b/src/test/resources/1.5/valid-metadata-tool-deprecated-1.5.xml index caf273f6c..d3140e4f2 100644 --- a/src/test/resources/1.5/valid-metadata-tool-deprecated-1.5.xml +++ b/src/test/resources/1.5/valid-metadata-tool-deprecated-1.5.xml @@ -10,6 +10,15 @@ 25ed8e31b995bb927966616df2a42b979a2717f0 a74f733635a19aefb1f73e5947cef59cd7440c6952ef0f03d09d974274cbd6df + + + https://example.org/support/sbom/awesome-tool/9.1.2 + An external SBOM that describes what this tool includes + + f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b + + +