anchore · spiffcs · May 16, 2023 · May 16, 2023 · May 16, 2023
diff --git a/schema/json/schema-8.0.0.json b/schema/json/schema-8.0.0.json
@@ -748,7 +748,7 @@
         "type": {
           "type": "string"
         },
-        "url": {
+        "urls": {
           "items": {
             "type": "string"
           },
@@ -766,7 +766,7 @@
         "value",
         "spdxExpression",
         "type",
-        "url",
+        "urls",
         "locations"
       ]
     },

diff --git a/syft/formats/common/cyclonedxhelpers/licenses.go b/syft/formats/common/cyclonedxhelpers/licenses.go
@@ -99,7 +99,7 @@ func separateLicenses(p pkg.Package) (spdx, other cyclonedx.Licenses, expression
 		// singular expression case
 		// only ID field here since we guarantee that the license is valid
 		if value, exists := spdxlicense.ID(l.SPDXExpression); exists {
-			if !l.URL.Empty() {
+			if !l.URLs.Empty() {
 				processLicenseURLs(l, value, &spdxc)
 				continue
 			}
@@ -127,7 +127,7 @@ func separateLicenses(p pkg.Package) (spdx, other cyclonedx.Licenses, expression
 
 		// license string that are not valid spdx expressions or ids
 		// we only use license Name here since we cannot guarantee that the license is a valid SPDX expression
-		if !l.URL.Empty() {
+		if !l.URLs.Empty() {
 			processLicenseURLs(l, "", &otherc)
 			continue
 		}
@@ -141,7 +141,7 @@ func separateLicenses(p pkg.Package) (spdx, other cyclonedx.Licenses, expression
 }
 
 func processLicenseURLs(l pkg.License, spdxID string, populate *cyclonedx.Licenses) {
-	for _, url := range l.URL.ToSlice() {
+	for _, url := range l.URLs.ToSlice() {
 		if spdxID == "" {
 			*populate = append(*populate, cyclonedx.LicenseChoice{
 				License: &cyclonedx.License{

diff --git a/syft/formats/common/cyclonedxhelpers/licenses_test.go b/syft/formats/common/cyclonedxhelpers/licenses_test.go
@@ -137,7 +137,7 @@ func Test_encodeLicense(t *testing.T) {
 			},
 		},
 		{
-			name: "with multiple URLs and single with no URL",
+			name: "with multiple URLs and single with no URLs",
 			input: pkg.Package{
 				Licenses: pkg.NewLicenseSet(
 					pkg.NewLicense("MIT"),
@@ -224,7 +224,7 @@ func TestDecodeLicenses(t *testing.T) {
 					Value: "RandomLicense",
 					// CycloneDX specification doesn't give a field for determining the license type
 					Type: license.Declared,
-					URL:  internal.NewStringSet(),
+					URLs: internal.NewStringSet(),
 				},
 			},
 		},
@@ -244,7 +244,7 @@ func TestDecodeLicenses(t *testing.T) {
 					Value:          "MIT",
 					SPDXExpression: "MIT",
 					Type:           license.Declared,
-					URL:            internal.NewStringSet(),
+					URLs:           internal.NewStringSet(),
 				},
 			},
 		},
@@ -263,7 +263,7 @@ func TestDecodeLicenses(t *testing.T) {
 					Value:          "MIT AND GPL-3.0-only WITH Classpath-exception-2.0",
 					SPDXExpression: "MIT AND GPL-3.0-only WITH Classpath-exception-2.0",
 					Type:           license.Declared,
-					URL:            internal.NewStringSet(),
+					URLs:           internal.NewStringSet(),
 				},
 			},
 		},

diff --git a/syft/formats/syftjson/model/package.go b/syft/formats/syftjson/model/package.go
@@ -40,8 +40,8 @@ type License struct {
 	Value          string            `json:"value"`
 	SPDXExpression string            `json:"spdxExpression"`
 	Type           license.Type      `json:"type"`
-	URL            []string          `json:"url"`
-	Location       []source.Location `json:"locations"`
+	URLs           []string          `json:"urls"`
+	Locations      []source.Location `json:"locations"`
 }
 
 func newModelLicensesFromValues(licenses []string) (ml []License) {

diff --git a/syft/formats/syftjson/test-fixtures/snapshot/TestDirectoryEncoder.golden b/syft/formats/syftjson/test-fixtures/snapshot/TestDirectoryEncoder.golden
@@ -16,7 +16,7 @@
      "value": "MIT",
      "spdxExpression": "MIT",
      "type": "declared",
-     "url": [],
+     "urls": [],
      "locations": []
     }
    ],

diff --git a/syft/formats/syftjson/test-fixtures/snapshot/TestEncodeFullJSONDocument.golden b/syft/formats/syftjson/test-fixtures/snapshot/TestEncodeFullJSONDocument.golden
@@ -16,7 +16,7 @@
      "value": "MIT",
      "spdxExpression": "MIT",
      "type": "declared",
-     "url": [],
+     "urls": [],
      "locations": []
     }
    ],

diff --git a/syft/formats/syftjson/test-fixtures/snapshot/TestImageEncoder.golden b/syft/formats/syftjson/test-fixtures/snapshot/TestImageEncoder.golden
@@ -17,7 +17,7 @@
      "value": "MIT",
      "spdxExpression": "MIT",
      "type": "declared",
-     "url": [],
+     "urls": [],
      "locations": []
     }
    ],

diff --git a/syft/formats/syftjson/to_format_model.go b/syft/formats/syftjson/to_format_model.go
@@ -188,15 +188,15 @@ func toLicenseModel(pkgLicenses []pkg.License) (modelLicenses []model.License) {
 	for _, l := range pkgLicenses {
 		// guarantee collection
 		locations := make([]source.Location, 0)
-		if v := l.Location.ToSlice(); v != nil {
+		if v := l.Locations.ToSlice(); v != nil {
 			locations = v
 		}
 		modelLicenses = append(modelLicenses, model.License{
 			Value:          l.Value,
 			SPDXExpression: l.SPDXExpression,
 			Type:           l.Type,
-			URL:            l.URL.ToSlice(),
-			Location:       locations,
+			URLs:           l.URLs.ToSlice(),
+			Locations:      locations,
 		})
 	}
 	return

diff --git a/syft/formats/syftjson/to_syft_model.go b/syft/formats/syftjson/to_syft_model.go
@@ -108,8 +108,8 @@ func toSyftLicenses(m []model.License) (p []pkg.License) {
 			Value:          l.Value,
 			SPDXExpression: l.SPDXExpression,
 			Type:           l.Type,
-			URL:            internal.NewStringSet(l.URL...),
-			Location:       source.NewLocationSet(l.Location...),
+			URLs:           internal.NewStringSet(l.URLs...),
+			Locations:      source.NewLocationSet(l.Locations...),
 		})
 	}
 	return

diff --git a/syft/pkg/cataloger/apkdb/parse_apk_db_test.go b/syft/pkg/cataloger/apkdb/parse_apk_db_test.go
@@ -684,7 +684,7 @@ func TestSinglePackageDetails(t *testing.T) {
 			test.expected.Locations = source.NewLocationSet(fixtureLocation)
 			licenses := test.expected.Licenses.ToSlice()
 			for i := range licenses {
-				licenses[i].Location.Add(fixtureLocation)
+				licenses[i].Locations.Add(fixtureLocation)
 			}
 			test.expected.Licenses = pkg.NewLicenseSet(licenses...)
 			pkgtest.TestFileParser(t, test.fixture, parseApkDB, []pkg.Package{test.expected}, nil)

diff --git a/syft/pkg/cataloger/golang/licenses_test.go b/syft/pkg/cataloger/golang/licenses_test.go
@@ -35,8 +35,8 @@ func Test_LocalLicenseSearch(t *testing.T) {
 				Value:          "Apache-2.0",
 				SPDXExpression: "Apache-2.0",
 				Type:           license.Concluded,
-				Location:       source.NewLocationSet(loc1),
-				URL:            internal.NewStringSet(),
+				Locations:      source.NewLocationSet(loc1),
+				URLs:           internal.NewStringSet(),
 			},
 		},
 		{
@@ -46,8 +46,8 @@ func Test_LocalLicenseSearch(t *testing.T) {
 				Value:          "MIT",
 				SPDXExpression: "MIT",
 				Type:           license.Concluded,
-				Location:       source.NewLocationSet(loc2),
-				URL:            internal.NewStringSet(),
+				Locations:      source.NewLocationSet(loc2),
+				URLs:           internal.NewStringSet(),
 			},
 		},
 	}
@@ -126,8 +126,8 @@ func Test_RemoteProxyLicenseSearch(t *testing.T) {
 				Value:          "Apache-2.0",
 				SPDXExpression: "Apache-2.0",
 				Type:           license.Concluded,
-				Location:       source.NewLocationSet(loc1),
-				URL:            internal.NewStringSet(),
+				Locations:      source.NewLocationSet(loc1),
+				URLs:           internal.NewStringSet(),
 			},
 		},
 		{
@@ -137,8 +137,8 @@ func Test_RemoteProxyLicenseSearch(t *testing.T) {
 				Value:          "MIT",
 				SPDXExpression: "MIT",
 				Type:           license.Concluded,
-				Location:       source.NewLocationSet(loc2),
-				URL:            internal.NewStringSet(),
+				Locations:      source.NewLocationSet(loc2),
+				URLs:           internal.NewStringSet(),
 			},
 		},
 	}

diff --git a/syft/pkg/cataloger/php/parse_installed_json_test.go b/syft/pkg/cataloger/php/parse_installed_json_test.go
@@ -135,7 +135,7 @@ func TestParseInstalledJsonComposerV1(t *testing.T) {
 				expectedPkgs[i].Locations = locations
 				locationLicenses := pkg.NewLicenseSet()
 				for _, license := range expectedPkgs[i].Licenses.ToSlice() {
-					license.Location = locations
+					license.Locations = locations
 					locationLicenses.Add(license)
 				}
 				expectedPkgs[i].Licenses = locationLicenses

diff --git a/syft/pkg/license.go b/syft/pkg/license.go
@@ -14,7 +14,7 @@ import (
 var _ sort.Interface = (*Licenses)(nil)
 
 // License represents an SPDX Expression or license value extracted from a packages metadata
-// We want to ignore URL and Location since we merge these fields across equal licenses.
+// We want to ignore URLs and Location since we merge these fields across equal licenses.
 // A License is a unique combination of value, expression and type, where
 // its sources are always considered merged and additions to the evidence
 // of where it was found and how it was sourced.
@@ -26,8 +26,8 @@ type License struct {
 	Value          string             `json:"value"`
 	SPDXExpression string             `json:"spdxExpression"`
 	Type           license.Type       `json:"type"`
-	URL            internal.StringSet `hash:"ignore"`
-	Location       source.LocationSet `hash:"ignore"`
+	URLs           internal.StringSet `hash:"ignore"`
+	Locations      source.LocationSet `hash:"ignore"`
 }
 
 type Licenses []License
@@ -40,7 +40,7 @@ func (l Licenses) Less(i, j int) bool {
 	if l[i].Value == l[j].Value {
 		if l[i].SPDXExpression == l[j].SPDXExpression {
 			if l[i].Type == l[j].Type {
-				// While URL and location are not exclusive fields
+				// While URLs and location are not exclusive fields
 				// returning true here reduces the number of swaps
 				// while keeping a consistent sort order of
 				// the order that they appear in the list initially
@@ -69,8 +69,8 @@ func NewLicense(value string) License {
 		Value:          value,
 		SPDXExpression: spdxExpression,
 		Type:           license.Declared,
-		URL:            internal.NewStringSet(),
-		Location:       source.NewLocationSet(),
+		URLs:           internal.NewStringSet(),
+		Locations:      source.NewLocationSet(),
 	}
 }
 
@@ -84,8 +84,8 @@ func NewLicenseFromType(value string, t license.Type) License {
 		Value:          value,
 		SPDXExpression: spdxExpression,
 		Type:           t,
-		URL:            internal.NewStringSet(),
-		Location:       source.NewLocationSet(),
+		URLs:           internal.NewStringSet(),
+		Locations:      source.NewLocationSet(),
 	}
 }
 
@@ -109,7 +109,7 @@ func NewLicensesFromLocation(location source.Location, values ...string) (licens
 func NewLicenseFromLocations(value string, locations ...source.Location) License {
 	l := NewLicense(value)
 	for _, loc := range locations {
-		l.Location.Add(loc)
+		l.Locations.Add(loc)
 	}
 	return l
 }
@@ -118,7 +118,7 @@ func NewLicenseFromURLs(value string, urls ...string) License {
 	l := NewLicense(value)
 	for _, u := range urls {
 		if u != "" {
-			l.URL.Add(u)
+			l.URLs.Add(u)
 		}
 	}
 	return l
@@ -141,11 +141,11 @@ func (s License) Merge(l License) (*License, error) {
 		return nil, fmt.Errorf("cannot merge licenses with different hash")
 	}
 
-	s.URL.Add(l.URL.ToSlice()...)
-	if s.Location.Empty() && l.Location.Empty() {
+	s.URLs.Add(l.URLs.ToSlice()...)
+	if s.Locations.Empty() && l.Locations.Empty() {
 		return &s, nil
 	}
 
-	s.Location.Add(l.Location.ToSlice()...)
+	s.Locations.Add(l.Locations.ToSlice()...)
 	return &s, nil
 }
diff --git a/syft/pkg/license_set.go b/syft/pkg/license_set.go
@@ -34,8 +34,8 @@ func (s *LicenseSet) addToExisting(license License) (id artifact.ID, merged bool
 		return id, false, nil
 	}
 
-	// we got the same id; we want to merge the URL and Location data
-	// URL/Location are not considered when taking the Hash
+	// we got the same id; we want to merge the URLs and Location data
+	// URLs/Location are not considered when taking the Hash
 	m, err := v.Merge(license)
 	if err != nil {
 		return id, false, fmt.Errorf("could not merge license into map: %w", err)

diff --git a/syft/pkg/license_set_test.go b/syft/pkg/license_set_test.go
@@ -97,8 +97,8 @@ func TestLicenseSet_Add(t *testing.T) {
 					Value:          "MIT",
 					SPDXExpression: "MIT",
 					Type:           license.Declared,
-					URL:            internal.NewStringSet("https://example.com"),
-					Location:       source.NewLocationSet(source.NewLocation("/place")),
+					URLs:           internal.NewStringSet("https://example.com"),
+					Locations:      source.NewLocationSet(source.NewLocation("/place")),
 				},
 			},
 		},
@@ -115,15 +115,15 @@ func TestLicenseSet_Add(t *testing.T) {
 					Value:          "MIT",
 					SPDXExpression: "MIT",
 					Type:           license.Concluded,
-					URL:            internal.NewStringSet(),
-					Location:       source.NewLocationSet(),
+					URLs:           internal.NewStringSet(),
+					Locations:      source.NewLocationSet(),
 				},
 				{
 					Value:          "MIT",
 					SPDXExpression: "MIT",
 					Type:           license.Declared,
-					URL:            internal.NewStringSet("https://example.com"),
-					Location:       source.NewLocationSet(source.NewLocation("/place")),
+					URLs:           internal.NewStringSet("https://example.com"),
+					Locations:      source.NewLocationSet(source.NewLocation("/place")),
 				},
 			},
 		},

diff --git a/syft/pkg/license_test.go b/syft/pkg/license_test.go
@@ -21,8 +21,8 @@ func Test_Hash(t *testing.T) {
 	lic1 := NewLicenseFromLocations("MIT", loc1)
 	lic2 := NewLicenseFromLocations("MIT", loc2)
 
-	lic1.URL.Add("foo")
-	lic2.URL.Add("bar") // we also want to check the URL are ignored
+	lic1.URLs.Add("foo")
+	lic2.URLs.Add("bar") // we also want to check the URLs are ignored
 
 	hash1, err := artifact.IDByHash(lic1)
 	require.NoError(t, err)