feat: add properties for licenses according to CycloneDX 1.5 (#947)

This change adds properties to DisjunctiveLicense according to CycloneDX
v1.5

Related to / implements a part of issue #578

----


### AI Tool Disclosure

- [x] My contribution does not include any AI-generated content
- [ ] My contribution includes AI-generated content, as disclosed below:
  - AI Tools: `[e.g. GitHub CoPilot, ChatGPT, JetBrains Junie etc.]`
- LLMs and versions: `[e.g. GPT-4.1, Claude Haiku 4.5, Gemini 2.5 Pro
etc.]`
- Prompts: `[Summarize the key prompts or instructions given to the AI
tools]`

### Affirmation

- [x] My code follows the
[CONTRIBUTING.md](https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/CONTRIBUTING.md)
guidelines

Signed-off-by: Peter Schuster <p.schuster@pilz.de>

Author: peschuster

cyclonedx/model/license.py

@@ -20,6 +20,7 @@
 License related things
 """
 
+from collections.abc import Iterable
 from enum import Enum
 from json import loads as json_loads
 from typing import TYPE_CHECKING, Any, Optional, Union
@@ -34,7 +35,7 @@
 from ..exception.model import MutuallyExclusivePropertiesException
 from ..exception.serialization import CycloneDxDeserializationException
 from ..schema.schema import SchemaVersion1Dot5, SchemaVersion1Dot6, SchemaVersion1Dot7
-from . import AttachedText, XsUri
+from . import AttachedText, Property, XsUri
 from .bom_ref import BomRef
 
 
@@ -85,6 +86,7 @@ def __init__(
         id: Optional[str] = None, name: Optional[str] = None,
         text: Optional[AttachedText] = None, url: Optional[XsUri] = None,
         acknowledgement: Optional[LicenseAcknowledgement] = None,
+        properties: Optional[Iterable[Property]] = None,
     ) -> None:
         if not id and not name:
             raise MutuallyExclusivePropertiesException('Either `id` or `name` MUST be supplied')
@@ -99,6 +101,7 @@ def __init__(
         self._text = text
         self._url = url
         self._acknowledgement = acknowledgement
+        self._properties = SortedSet(properties or [])
 
     @property
     @serializable.view(SchemaVersion1Dot5)
@@ -200,17 +203,25 @@ def url(self, url: Optional[XsUri]) -> None:
     # def licensing(self, ...) -> None:
     #     ...  # TODO since CDX1.5
 
-    # @property
-    # ...
-    # @serializable.view(SchemaVersion1Dot5)
-    # @serializable.view(SchemaVersion1Dot6)
-    # @serializable.xml_sequence(6)
-    # def properties(self) -> ...:
-    #     ...  # TODO since CDX1.5
-    #
-    # @licensing.setter
-    # def properties(self, ...) -> None:
-    #     ...  # TODO since CDX1.5
+    @property
+    @serializable.view(SchemaVersion1Dot5)
+    @serializable.view(SchemaVersion1Dot6)
+    @serializable.view(SchemaVersion1Dot7)
+    @serializable.xml_array(serializable.XmlArraySerializationType.NESTED, 'property')
+    @serializable.xml_sequence(6)
+    def properties(self) -> 'SortedSet[Property]':
+        """
+        Provides the ability to document properties in a key/value store. This provides flexibility to include data not
+        officially supported in the standard without having to use additional namespaces or create extensions.
+
+        Return:
+            Set of `Property`
+        """
+        return self._properties
+
+    @properties.setter
+    def properties(self, properties: Iterable[Property]) -> None:
+        self._properties = SortedSet(properties)
 
     @property
     @serializable.view(SchemaVersion1Dot6)
@@ -245,6 +256,7 @@ def __comparable_tuple(self) -> _ComparableTuple:
             self._url,
             self._text,
             self._bom_ref.value,
+            _ComparableTuple(self._properties),
         ))
 
     def __eq__(self, other: object) -> bool:

tests/_data/models.py

@@ -1082,6 +1082,14 @@ def get_bom_with_licenses() -> Bom:
                           DisjunctiveLicense(name='some additional',
                                              text=AttachedText(content='this is additional license text')),
                       ]),
+            Component(name='c-with-license-properties', type=ComponentType.LIBRARY, bom_ref='C4',
+                      licenses=[
+                          DisjunctiveLicense(id='Apache-2.0',
+                                             properties=[Property(name='key1', value='val1'),
+                                                         Property(name='key2', value='val2')]),
+                          DisjunctiveLicense(name='some other license',
+                                             properties=[Property(name='myname', value='proprietary')]),
+                      ]),
         ],
         services=[
             Service(name='s-with-expression', bom_ref='S1',

tests/_data/snapshots/get_bom_with_licenses-1.0.xml.bin

@@ -11,6 +11,11 @@
       <version/>
       <modified>false</modified>
     </component>
+    <component type="library">
+      <name>c-with-license-properties</name>
+      <version/>
+      <modified>false</modified>
+    </component>
     <component type="library">
       <name>c-with-name</name>
       <version/>

tests/_data/snapshots/get_bom_with_licenses-1.1.xml.bin

@@ -18,6 +18,18 @@
         <expression>Apache-2.0 OR MIT</expression>
       </licenses>
     </component>
+    <component type="library" bom-ref="C4">
+      <name>c-with-license-properties</name>
+      <version/>
+      <licenses>
+        <license>
+          <id>Apache-2.0</id>
+        </license>
+        <license>
+          <name>some other license</name>
+        </license>
+      </licenses>
+    </component>
     <component type="library" bom-ref="C3">
       <name>c-with-name</name>
       <version/>

tests/_data/snapshots/get_bom_with_licenses-1.2.json.bin

@@ -25,6 +25,24 @@
       "type": "library",
       "version": ""
     },
+    {
+      "bom-ref": "C4",
+      "licenses": [
+        {
+          "license": {
+            "id": "Apache-2.0"
+          }
+        },
+        {
+          "license": {
+            "name": "some other license"
+          }
+        }
+      ],
+      "name": "c-with-license-properties",
+      "type": "library",
+      "version": ""
+    },
     {
       "bom-ref": "C3",
       "licenses": [
@@ -62,6 +80,9 @@
     {
       "ref": "C3"
     },
+    {
+      "ref": "C4"
+    },
     {
       "ref": "S1"
     },

tests/_data/snapshots/get_bom_with_licenses-1.2.xml.bin

@@ -30,6 +30,18 @@
         <expression>Apache-2.0 OR MIT</expression>
       </licenses>
     </component>
+    <component type="library" bom-ref="C4">
+      <name>c-with-license-properties</name>
+      <version/>
+      <licenses>
+        <license>
+          <id>Apache-2.0</id>
+        </license>
+        <license>
+          <name>some other license</name>
+        </license>
+      </licenses>
+    </component>
     <component type="library" bom-ref="C3">
       <name>c-with-name</name>
       <version/>
@@ -79,6 +91,7 @@
     <dependency ref="C1"/>
     <dependency ref="C2"/>
     <dependency ref="C3"/>
+    <dependency ref="C4"/>
     <dependency ref="S1"/>
     <dependency ref="S2"/>
     <dependency ref="S3"/>

tests/_data/snapshots/get_bom_with_licenses-1.3.json.bin

@@ -25,6 +25,24 @@
       "type": "library",
       "version": ""
     },
+    {
+      "bom-ref": "C4",
+      "licenses": [
+        {
+          "license": {
+            "id": "Apache-2.0"
+          }
+        },
+        {
+          "license": {
+            "name": "some other license"
+          }
+        }
+      ],
+      "name": "c-with-license-properties",
+      "type": "library",
+      "version": ""
+    },
     {
       "bom-ref": "C3",
       "licenses": [
@@ -62,6 +80,9 @@
     {
       "ref": "C3"
     },
+    {
+      "ref": "C4"
+    },
     {
       "ref": "S1"
     },

tests/_data/snapshots/get_bom_with_licenses-1.3.xml.bin

@@ -35,6 +35,18 @@
         <expression>Apache-2.0 OR MIT</expression>
       </licenses>
     </component>
+    <component type="library" bom-ref="C4">
+      <name>c-with-license-properties</name>
+      <version/>
+      <licenses>
+        <license>
+          <id>Apache-2.0</id>
+        </license>
+        <license>
+          <name>some other license</name>
+        </license>
+      </licenses>
+    </component>
     <component type="library" bom-ref="C3">
       <name>c-with-name</name>
       <version/>
@@ -84,6 +96,7 @@
     <dependency ref="C1"/>
     <dependency ref="C2"/>
     <dependency ref="C3"/>
+    <dependency ref="C4"/>
     <dependency ref="S1"/>
     <dependency ref="S2"/>
     <dependency ref="S3"/>

tests/_data/snapshots/get_bom_with_licenses-1.4.json.bin

@@ -23,6 +23,23 @@
       "name": "c-with-expression",
       "type": "library"
     },
+    {
+      "bom-ref": "C4",
+      "licenses": [
+        {
+          "license": {
+            "id": "Apache-2.0"
+          }
+        },
+        {
+          "license": {
+            "name": "some other license"
+          }
+        }
+      ],
+      "name": "c-with-license-properties",
+      "type": "library"
+    },
     {
       "bom-ref": "C3",
       "licenses": [
@@ -59,6 +76,9 @@
     {
       "ref": "C3"
     },
+    {
+      "ref": "C4"
+    },
     {
       "ref": "S1"
     },

tests/_data/snapshots/get_bom_with_licenses-1.4.xml.bin

@@ -32,6 +32,17 @@
         <expression>Apache-2.0 OR MIT</expression>
       </licenses>
     </component>
+    <component type="library" bom-ref="C4">
+      <name>c-with-license-properties</name>
+      <licenses>
+        <license>
+          <id>Apache-2.0</id>
+        </license>
+        <license>
+          <name>some other license</name>
+        </license>
+      </licenses>
+    </component>
     <component type="library" bom-ref="C3">
       <name>c-with-name</name>
       <licenses>
@@ -80,6 +91,7 @@
     <dependency ref="C1"/>
     <dependency ref="C2"/>
     <dependency ref="C3"/>
+    <dependency ref="C4"/>
     <dependency ref="S1"/>
     <dependency ref="S2"/>
     <dependency ref="S3"/>