From fe7512f7117b2f97321501d1195aa6717b65eaf8 Mon Sep 17 00:00:00 2001
From: Jan Kowalleck <jan.kowalleck@gmail.com>
Date: Fri, 8 Sep 2023 02:30:22 +0200
Subject: [PATCH] fix #288

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
---
 schema/bom-1.6.xsd                             |  4 ++--
 ...nvalid-license-missing-id-and-name-1.6.json | 18 ++++++++++++++++++
 ...d-license-missing-id-and-name-1.6.textproto | 12 ++++++++++++
 ...invalid-license-missing-id-and-name-1.6.xml | 13 +++++++++++++
 4 files changed, 45 insertions(+), 2 deletions(-)
 create mode 100644 tools/src/test/resources/1.6/invalid-license-missing-id-and-name-1.6.json
 create mode 100644 tools/src/test/resources/1.6/invalid-license-missing-id-and-name-1.6.textproto
 create mode 100644 tools/src/test/resources/1.6/invalid-license-missing-id-and-name-1.6.xml

diff --git a/schema/bom-1.6.xsd b/schema/bom-1.6.xsd
index 1cc87910..d7f903eb 100644
--- a/schema/bom-1.6.xsd
+++ b/schema/bom-1.6.xsd
@@ -641,12 +641,12 @@ limitations under the License.
     <xs:complexType name="licenseType">
         <xs:sequence>
             <xs:choice>
-                <xs:element name="id" type="spdx:licenseId" minOccurs="0" maxOccurs="1">
+                <xs:element name="id" type="spdx:licenseId" minOccurs="1" maxOccurs="1">
                     <xs:annotation>
                         <xs:documentation>A valid SPDX license ID</xs:documentation>
                     </xs:annotation>
                 </xs:element>
-                <xs:element name="name" type="xs:normalizedString" minOccurs="0" maxOccurs="1">
+                <xs:element name="name" type="xs:normalizedString" minOccurs="1" maxOccurs="1">
                     <xs:annotation>
                         <xs:documentation>If SPDX does not define the license used, this field may be used to provide the license name</xs:documentation>
                     </xs:annotation>
diff --git a/tools/src/test/resources/1.6/invalid-license-missing-id-and-name-1.6.json b/tools/src/test/resources/1.6/invalid-license-missing-id-and-name-1.6.json
new file mode 100644
index 00000000..65b72d31
--- /dev/null
+++ b/tools/src/test/resources/1.6/invalid-license-missing-id-and-name-1.6.json
@@ -0,0 +1,18 @@
+{
+  "bomFormat": "CycloneDX",
+  "specVersion": "1.6",
+  "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",
+  "version": 1,
+  "components": [
+    {
+      "name": "license-with-no-id-nor-name",
+      "version": "23",
+      "description": "testcase for issue#288",
+      "licenses": [
+        {
+          "license": {}
+        }
+      ]
+    }
+  ]
+}
diff --git a/tools/src/test/resources/1.6/invalid-license-missing-id-and-name-1.6.textproto b/tools/src/test/resources/1.6/invalid-license-missing-id-and-name-1.6.textproto
new file mode 100644
index 00000000..14f6a657
--- /dev/null
+++ b/tools/src/test/resources/1.6/invalid-license-missing-id-and-name-1.6.textproto
@@ -0,0 +1,12 @@
+spec_version: "1.6"
+version: 1
+serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79"
+components {
+  type: CLASSIFICATION_LIBRARY
+  name: "license-with-no-id-nor-name"
+  version: "23"
+  description: "testcase for issue#288"
+  licenses {
+    license {}
+  }
+}
\ No newline at end of file
diff --git a/tools/src/test/resources/1.6/invalid-license-missing-id-and-name-1.6.xml b/tools/src/test/resources/1.6/invalid-license-missing-id-and-name-1.6.xml
new file mode 100644
index 00000000..34fff4ec
--- /dev/null
+++ b/tools/src/test/resources/1.6/invalid-license-missing-id-and-name-1.6.xml
@@ -0,0 +1,13 @@
+<?xml version="1.0"?>
+<bom serialNumber="urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" version="1" xmlns="http://cyclonedx.org/schema/bom/1.6">
+    <components>
+        <component type="library">
+            <name>license-with-no-id-nor-name</name>
+            <version>23</version>
+            <description>testcase for issue#288</description>
+            <licenses>
+                <license />
+            </licenses>
+        </component>
+    </components>
+</bom>
\ No newline at end of file