[issue-426] update model: ExternalIdentifier and Relationship types

to cb39f85bed80d432acd2c177fb6480efb8fc73ae

Signed-off-by: Armin Tänzer <armin.taenzer@tngtech.com>

Author: armintaenzertng

README.md

@@ -50,7 +50,7 @@ additional installation of optional dependencies
 * Serialize to JSON-LD
 
 See [Quickstart to SPDX 3.0](#quickstart-to-spdx-30) below.  
-The implementation is based on the descriptive markdown files in the repository https://github.com/spdx/spdx-3-model (latest commit: 7ecb523ea152ed40c09ff6451b47ceefad148164).
+The implementation is based on the descriptive markdown files in the repository https://github.com/spdx/spdx-3-model (latest commit: cb39f85bed80d432acd2c177fb6480efb8fc73ae).
 
 
 # Installation

src/spdx_tools/spdx3/model/external_identifier.py

@@ -13,9 +13,11 @@
 class ExternalIdentifierType(Enum):
     CPE22 = auto()
     CPE23 = auto()
+    CVE = auto()
     EMAIL = auto()
     GITOID = auto()
     PURL = auto()
+    SECURITY_OTHER = auto()
     SWHID = auto()
     SWID = auto()
     URL_SCHEME = auto()

src/spdx_tools/spdx3/model/relationship.py

@@ -13,12 +13,20 @@
 
 
 class RelationshipType(Enum):
+    AFFECTS = auto()
     AMENDS = auto()
     ANCESTOR = auto()
     AVAILABLE_FROM = auto()
+    BUILD_CONFIG_OF = auto()
     BUILD_DEPENDENCY = auto()
+    BUILD_HOST_OF = auto()
+    BUILD_INPUT_OF = auto()
+    BUILD_INVOKED_BY = auto()
+    BUILD_ON_BEHALF_OF = auto()
+    BUILD_OUTPUT_OF = auto()
     BUILD_TOOL = auto()
     CONTAINS = auto()
+    COORDINATED_BY = auto()
     COPY = auto()
     DATA_FILE = auto()
     DEPENDENCY_MANIFEST = auto()
@@ -29,13 +37,20 @@ class RelationshipType(Enum):
     DEV_TOOL = auto()
     DISTRIBUTION_ARTIFACT = auto()
     DOCUMENTATION = auto()
+    DOES_NOT_AFFECT = auto()
     DYNAMIC_LINK = auto()
     EXAMPLE = auto()
     EXPANDED_FROM_ARCHIVE = auto()
+    EXPLOIT_CREATED_BY = auto()
     FILE_ADDED = auto()
     FILE_DELETED = auto()
     FILE_MODIFIED = auto()
+    FIXED_BY = auto()
+    FIXED_IN = auto()
+    FOUND_BY = auto()
     GENERATES = auto()
+    HAS_ASSESSMENT_FOR = auto()
+    HAS_ASSOCIATED_VULNERABILITY = auto()
     METAFILE = auto()
     OPTIONAL_COMPONENT = auto()
     OPTIONAL_DEPENDENCY = auto()
@@ -44,6 +59,9 @@ class RelationshipType(Enum):
     PATCH = auto()
     PREREQUISITE = auto()
     PROVIDED_DEPENDENCY = auto()
+    PUBLISHED_BY = auto()
+    REPORTED_BY = auto()
+    REPUBLISHED_BY = auto()
     REQUIREMENT_FOR = auto()
     RUNTIME_DEPENDENCY = auto()
     SPECIFICATION_FOR = auto()
@@ -52,30 +70,8 @@ class RelationshipType(Enum):
     TEST_CASE = auto()
     TEST_DEPENDENCY = auto()
     TEST_TOOL = auto()
-    VARIANT = auto()
-    BUILD_INPUT_OF = auto()
-    BUILD_OUTPUT_OF = auto()
-    BUILD_CONFIG_OF = auto()
-    BUILD_INVOKED_BY = auto()
-    BUILD_ON_BEHALF_OF = auto()
-    BUILD_HOST_OF = auto()
-    HAS_ASSOCIATED_VULNERABILITY = auto()
-    COORDINATED_BY = auto()
-    HAS_CVSS_V2_ASSESSMENT_FOR = auto()
-    HAS_CVSS_V3_ASSESSMENT_FOR = auto()
-    HAS_EPSS_ASSESSMENT_FOR = auto()
-    HAS_EXPLOIT_CATALOG_ASSESSMENT_FOR = auto()
-    HAS_SSVC_ASSESSMENT_FOR = auto()
-    EXPLOIT_CREATED_BY = auto()
-    FIXED_BY = auto()
-    FOUND_BY = auto()
-    PUBLISHED_BY = auto()
-    REPORTED_BY = auto()
-    REPUBLISHED_BY = auto()
-    AFFECTS = auto()
-    DOES_NOT_AFFECT = auto()
-    FIXED_IN = auto()
     UNDER_INVESTIGATION_FOR = auto()
+    VARIANT = auto()
 
 
 class RelationshipCompleteness(Enum):

tests/spdx3/fixtures.py

@@ -297,32 +297,32 @@ def listed_license_fixture(
     "score": "4.3",
     "severity": "low",
     "vector": "(AV:N/AC:M/Au:N/C:P/I:N/A:N)",
-    "relationship_type": RelationshipType.HAS_CVSS_V2_ASSESSMENT_FOR,
+    "relationship_type": RelationshipType.HAS_ASSESSMENT_FOR,
 }
 
 CVSS_V3_VULN_ASSESSMENT_RELATIONSHIP_DICT = {
     "score": "6.8",
     "severity": "medium",
     "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
-    "relationship_type": RelationshipType.HAS_CVSS_V3_ASSESSMENT_FOR,
+    "relationship_type": RelationshipType.HAS_ASSESSMENT_FOR,
 }
 
 EPSS_VULN_ASSESSMENT_RELATIONSHIP_DICT = {
     "probability": 80,
     "severity": "high",
-    "relationship_type": RelationshipType.HAS_EPSS_ASSESSMENT_FOR,
+    "relationship_type": RelationshipType.HAS_ASSESSMENT_FOR,
 }
 
 SSVC_VULN_ASSESSMENT_RELATIONSHIP_DICT = {
     "decision_type": SsvcDecisionType.ACT,
-    "relationship_type": RelationshipType.HAS_SSVC_ASSESSMENT_FOR,
+    "relationship_type": RelationshipType.HAS_ASSESSMENT_FOR,
 }
 
 EXPLOIT_CATALOG_VULN_ASSESSMENT_RELATIONSHIP_DICT = {
     "catalog_type": ExploitCatalogType.KEV,
     "exploited": True,
     "locator": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
-    "relationship_type": RelationshipType.HAS_EXPLOIT_CATALOG_ASSESSMENT_FOR,
+    "relationship_type": RelationshipType.HAS_ASSESSMENT_FOR,
 }
 
 VEX_VULN_ASSESSMENT_RELATIONSHIP_DICT = {