if LicenseRef is specified without an inline do not create a license node (#2164)

* if LicenseRef is specified without an inline do not create a license node

Signed-off-by: pxp928 <[email protected]>

* remove unused ignoreLR flag and move check for LicenseRef

Signed-off-by: pxp928 <[email protected]>

* add inline map to SPDX and reorg license fix

Signed-off-by: pxp928 <[email protected]>

---------

Signed-off-by: pxp928 <[email protected]>

Author: pxp928

internal/testing/testdata/exampledata/small-legal-cyclonedx-no-inline.json

@@ -0,0 +1,280 @@
+{
+  "bomFormat" : "CycloneDX",
+  "specVersion" : "1.4",
+  "serialNumber" : "urn:uuid:0697952e-9848-4785-95bf-f81ff9731682",
+  "version" : 1,
+  "metadata" : {
+    "timestamp" : "2022-11-09T11:14:31Z",
+    "tools" : [
+      {
+        "vendor" : "OWASP Foundation",
+        "name" : "CycloneDX Maven plugin",
+        "version" : "2.7.1",
+        "hashes" : [
+          {
+            "alg" : "SHA3-512",
+            "content" : "72ea0ed8faa3cc4493db96d0223094842e7153890b091ff364040ad3ad89363157fc9d1bd852262124aec83134f0c19aa4fd0fa482031d38a76d74dfd36b7964"
+          }
+        ]
+      }
+    ],
+    "component" : {
+      "group" : "org.acme",
+      "name" : "getting-started",
+      "version" : "1.0.0-SNAPSHOT",
+      "licenses": [
+        {
+          "license": {
+            "id": "GPL-2.0"
+          }
+        },
+        {
+          "license": {
+            "id": "LGPL-3.0-or-later"
+          }
+        }
+      ],
+      "hashes" : [
+        {
+          "alg" : "SHA3-512",
+          "content" : "85240ed8faa3cc4493db96d0223094842e7153890b091ff364040ad3ad89363157fc9d1bd852262124aec83134f0c19aa4fd0fa482031d38a76d74dfd36b7964"
+        }
+      ],
+      "purl" : "pkg:maven/org.acme/[email protected]?type=jar",
+      "type" : "library",
+      "bom-ref" : "pkg:maven/org.acme/[email protected]?type=jar"
+    }
+  },
+  "components" : [
+    {
+      "publisher" : "JBoss by Red Hat",
+      "group" : "io.quarkus",
+      "name" : "quarkus-resteasy-reactive",
+      "version" : "2.13.4.Final",
+      "description" : "A JAX-RS implementation utilizing build time processing and Vert.x. This extension is not compatible with the quarkus-resteasy extension, or any of the extensions that depend on it.",
+      "scope" : "optional",
+      "hashes" : [
+        {
+          "alg" : "MD5",
+          "content" : "bf39044af8c6ba66fc3beb034bc82ae8"
+        },
+        {
+          "alg" : "SHA3-512",
+          "content" : "615e56bdfeb591af8b5fdeadf019f8fa729643232d7e0768674411a7d959bb00e12e114280a6949f871514e1a86e01e0033372a0a826d15720050d7cffb80e69"
+        }
+      ],
+      "licenses" : [
+        {
+          "license" : {
+            "id" : "Apache-2.0"
+          }
+        }
+      ],
+      "purl" : "pkg:maven/io.quarkus/[email protected]?type=jar",
+      "externalReferences" : [
+        {
+          "type" : "distribution",
+          "url" : "https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/"
+        },
+        {
+          "type" : "issue-tracker",
+          "url" : "https://github.com/quarkusio/quarkus/issues/"
+        },
+        {
+          "type" : "vcs",
+          "url" : "https://github.com/quarkusio/quarkus"
+        },
+        {
+          "type" : "website",
+          "url" : "http://www.jboss.org"
+        },
+        {
+          "type" : "mailing-list",
+          "url" : "http://lists.jboss.org/pipermail/jboss-user/"
+        }
+      ],
+      "type" : "library",
+      "bom-ref" : "pkg:maven/io.quarkus/[email protected]?type=jar"
+    },
+    {
+      "publisher" : "SmallRye",
+      "group" : "io.smallrye.reactive",
+      "name" : "smallrye-mutiny-vertx-uri-template",
+      "version" : "2.27.0",
+      "description" : "SmallRye Build Parent POM",
+      "hashes" : [
+        {
+          "alg" : "MD5",
+          "content" : "8756663af131035a2090d83f5f1b4054"
+        }
+      ],
+      "licenses" : [
+        {
+          "expression" : "Apache-2.0 AND (MIT OR GPL-2.0-only)"
+        }
+      ],
+      "purl" : "pkg:maven/io.smallrye.reactive/[email protected]?type=jar",
+      "externalReferences" : [
+        {
+          "type" : "website",
+          "url" : "https://wwww.smallrye.io"
+        },
+        {
+          "type" : "issue-tracker",
+          "url" : "https://github.com/smallrye/smallrye-mutiny-vertx-bindings/issues"
+        },
+        {
+          "type" : "vcs",
+          "url" : "https://github.com/smallrye/smallrye-mutiny-vertx-bindings"
+        },
+        {
+          "type" : "distribution",
+          "url" : "https://oss.sonatype.org/service/local/staging/deploy/maven2/"
+        }
+      ],
+      "type" : "library",
+      "bom-ref" : "pkg:maven/io.smallrye.reactive/[email protected]?type=jar"
+    },
+    {
+      "publisher" : "JBoss by Red Hat",
+      "group" : "io.quarkus",
+      "name" : "quarkus-resteasy-reactive-common",
+      "version" : "2.13.4.Final",
+      "description" : "Common runtime parts of Quarkus RESTEasy Reactive",
+      "hashes" : [
+        {
+          "alg" : "SHA3-512",
+          "content" : "54ffa51cb2fb25e70871e4b69489814ebb3d23d4f958e83ef1f811c00a8753c6c30c5bbc1b48b6427357eb70e5c35c7b357f5252e246fbfa00b90ee22ad095e1"
+        }
+      ],
+      "licenses" : [
+        {
+          "license": {
+            "id": "Apache-2.0"
+          }
+        },
+        {
+          "license": {
+            "name": "Custom license",
+            "text": {
+              "content": "This is the text of the custom license I wrote"
+            }
+          }
+        },
+        {
+          "license": {
+            "name": "Custom license 2"
+          }
+        }
+      ],
+      "purl" : "pkg:maven/io.quarkus/[email protected]?type=jar",
+      "externalReferences" : [
+        {
+          "type" : "mailing-list",
+          "url" : "http://lists.jboss.org/pipermail/jboss-user/"
+        }
+      ],
+      "type" : "library",
+      "bom-ref" : "pkg:maven/io.quarkus/[email protected]?type=jar"
+    },
+    {
+      "publisher" : "JBoss by Red Hat",
+      "group" : "io.quarkus",
+      "name" : "netbase",
+      "version" : ".3",
+      "description" : "Common runtime parts of Quarkus RESTEasy Reactive",
+      "hashes" : [
+        {
+          "alg" : "SHA3-512",
+          "content" : "87gna51cb2fb25e70871e4b69489814ebb3d23d4f958e83ef1f811c00a8753c6c30c5bbc1b48b6427357eb70e5c35c7b357f5252e246fbfa00b90ee22ad095e1"
+        }
+      ],
+      "licenses" : [
+        {
+          "license": {
+            "id": "Apache-2.0"
+          }
+        },
+        {
+          "license": {
+            "name": "Custom license",
+            "text": {
+              "content": "This is the text of the custom license I wrote"
+            }
+          }
+        }
+      ],
+      "purl" : "pkg:deb/debian/[email protected]?arch=all\u0026distro=debian-11",
+      "externalReferences" : [
+        {
+          "type" : "mailing-list",
+          "url" : "http://lists.jboss.org/pipermail/jboss-user/"
+        }
+      ],
+      "type" : "library",
+      "bom-ref" : "pkg:deb/debian/[email protected]?arch=all\u0026distro=debian-11\u0026package-id=913906225fd3778b"
+    },
+    {
+      "publisher" : "Eclipse Foundation",
+      "group" : "org.eclipse.microprofile.context-propagation",
+      "name" : "microprofile-context-propagation-api",
+      "version" : "1.2",
+      "description" : "MicroProfile Context Propagation :: API",
+      "hashes" : [
+        {
+          "alg" : "SHA-256",
+          "content" : "1576e21f3bf9cc3a3092e7cd40e9c9fef70532223af98a9218c1c9c885a71251"
+        }
+      ],
+      "licenses" : [
+        {
+          "license": {
+            "name": "Custom license",
+            "bom-ref" : "LicenseRef-a7fb6b15"
+          }
+        },
+        {
+          "license": {
+            "name": "Custom license 2",
+            "bom-ref" : "LicenseRef-59a01e67"
+          }
+        }
+      ],
+      "purl" : "pkg:maven/org.eclipse.microprofile.context-propagation/[email protected]?type=jar",
+      "externalReferences" : [
+        {
+          "type" : "website",
+          "url" : "http://www.eclipse.org/"
+        },
+        {
+          "type" : "distribution",
+          "url" : "https://oss.sonatype.org/service/local/staging/deploy/maven2/"
+        },
+        {
+          "type" : "issue-tracker",
+          "url" : "https://github.com/eclipse/microprofile-context-propagation/issues"
+        },
+        {
+          "type" : "vcs",
+          "url" : "https://github.com/eclipse/microprofile-context-propagation"
+        }
+      ],
+      "type" : "library",
+      "bom-ref" : "pkg:maven/org.eclipse.microprofile.context-propagation/[email protected]?type=jar"
+    }
+  ],
+  "dependencies" : [
+    {
+      "ref" : "pkg:maven/org.acme/[email protected]?type=jar",
+      "dependsOn" : [
+        "pkg:maven/io.quarkus/[email protected]?type=jar"
+      ]
+    },
+    {
+      "ref" : "pkg:maven/io.quarkus/[email protected]?type=jar",
+      "dependsOn" : [
+        "pkg:maven/io.quarkus/[email protected]?type=jar"
+      ]
+    }
+  ]
+}