spdx / spdx-java-rdf-store Goto Github PK

SPDX Tools RDF Support Library

License: Apache License 2.0

Java 100.00%

spdx-java-rdf-store's Introduction

Spdx-Java-Rdf-Store

This Java library implements an RDF store implementing the SPDX Java Library Storage Interface using an underlying RDF store.

Code quality badges

| | | | |

Using the Library

This library is intended to be used in conjunction with the SPDX Java Library.

Simply create a new instance of RdfStore() and reference it as your storage.

Serializing and Deserializing RDF Formats

This library supports the ISerializableModelStore interface for serializing and deserializing RDF files and data stores.

The format is specified by calling the setOutputFormat(OutputFormat outputFormat) method.

OutputFormat must be one of RDF/XML-ABBREV (default), RDF/XML, N-TRIPLET, or TURTLE.

A convenience method public String loadModelFromFile(String fileNameOrUrl, boolean overwrite) can be used to load the model from a file or URL.

Development Status

Mostly stable - although it has not been widely used.

spdx-java-rdf-store's People

Contributors

Stargazers

Watchers

Forkers

goneall garydgregory

spdx-java-rdf-store's Issues

Does the DocumentUri and CreationInformation need to be updated when upgrading document?

Currently, deprecated properties are "upgraded" to relationships when deserializing RDF documents. This is technically changing the model which should require a new, unique URI.

We may also want to update the creation information.

This issue came up in a discussion on the SPDX tech email list.

Inconsistent namespace for listed licenses

Old listed license namespace use http://spdx.org/licenses while new listed licenses may use https instead of http.

hasFile property should be replaced with CONTAINS relationship

Based on the comment in the RDF OWL ontology for the CONTAINS relationship:

A Relationship of relationshipType_contains expresses that an SPDXElement contains the relatedSPDXElement. For example, a Package contains a File. (relationshipType_contains introduced in SPDX 2.0 deprecates property 'hasFile' from SPDX 1.2)

hasFile property in Package should be replaced with a CONTAINS relationship. This can be done in the upgrade process when deserializing an RDF file.

Tool identifies 0BSD as BSD

I was using the tool to verify SPDX RDF reports generated by FOSSology. Where I noticed, the tool identifies 0BSD as BSD license.

$ java -jar tools-java-1.1.3-jar-with-dependencies.jar Verify SPDX2_30-seconds-of-code-master.tar.gz.spdx.rdf
WARNING: sun.reflect.Reflection.getCallerClass is not supported. This will impact performance.
This SPDX Document is not valid due to:
        Missing required license name in 30-seconds-of-code-master.tar.gz/30-seconds-of-code-master.tar/30-seconds-of-code-master.zip/30-seconds-of-code-master/.mdlrc.style.rb in 30-seconds-of-code-master.tar.gz
        Missing required license text for BSD in 30-seconds-of-code-master.tar.gz/30-seconds-of-code-master.tar/30-seconds-of-code-master.zip/30-seconds-of-code-master/.mdlrc.style.rb in 30-seconds-of-code-master.tar.gz

This causes tool to say the SPDX Document is not valid. I am attaching the file as .txt here to check.

SPDX2_30-seconds-of-code-master.tar.gz.spdx.rdf.txt

The license is used as a licenseConcluded in a <spdx:File>

<spdx:licenseConcluded>
  <spdx:ListedLicense rdf:about="http://spdx.org/licenses/0BSD">
    <spdx:name>BSD Zero Clause License</spdx:name>
    <spdx:licenseId>0BSD</spdx:licenseId>
    <spdx:licenseText><![CDATA[
Copyright (C) YEAR by AUTHOR EMAIL

Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted.

THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
    ]]></spdx:licenseText>
    <rdfs:seeAlso>http://landley.net/toybox/license.html</rdfs:seeAlso>
  </spdx:ListedLicense>
</spdx:licenseConcluded>

Change deployments from Bintray to Maven Central and Github packages

Bintray is retiring their service on May 1. Prior to retirement, we need to start publishing an alternative package storage provider.

Suggest both Maven Central and Github Packages.

This can be automated using Github actions. See https://docs.github.com/en/actions/guides/publishing-java-packages-with-maven#publishing-packages-to-the-maven-central-repository-and-github-packages

RIOT Exception thrown when spaces are in the file path

When the attached RDF/XML file is verified using the file path docfest2021/SPDX DocFest 20210916/ScanCode/scancode-toolkit/time-1.9.tar.gz-extract-clipeu.spdx.rdf, the following error is generated:

11:49:02.369 [main] ERROR org.apache.jena.riot - Bad character in IRI (space): <file:///C:/Users/gary/git/tools-java/SPDX[space]...>
Exception in thread "main" org.apache.jena.riot.RiotException: Bad character in IRI (space): <file:///C:/Users/gary/git/tools-java/SPDX[space]...>
	at org.apache.jena.riot.system.ErrorHandlerFactory$ErrorHandlerStd.error(ErrorHandlerFactory.java:140)
	at org.apache.jena.riot.lang.ReaderRIOTRDFXML$HandlerSink.convert(ReaderRIOTRDFXML.java:256)
	at org.apache.jena.riot.lang.ReaderRIOTRDFXML$HandlerSink.convert(ReaderRIOTRDFXML.java:273)
	at org.apache.jena.riot.lang.ReaderRIOTRDFXML$HandlerSink.statement(ReaderRIOTRDFXML.java:225)
...

Following is the stack trace from where the error is detected in Jena:

Thread [main] (Suspended (breakpoint at line 256 in ReaderRIOTRDFXML$HandlerSink))	
	owns: RDFXMLParser  (id=197)	
	ReaderRIOTRDFXML$HandlerSink.convert(AResource) line: 256	
	ReaderRIOTRDFXML$HandlerSink.convert(AResource, AResource, AResource) line: 273	
	ReaderRIOTRDFXML$HandlerSink.statement(AResource, AResource, AResource) line: 225	
	RDFXMLParser(XMLHandler).triple(ANode, ANode, ANode) line: 72	
	WantTopLevelDescription(ParserSupport).triple(ANode, ANode, ANode) line: 233	
	WantTopLevelDescription(WantDescription).aPredAndObj(ANode, ANode) line: 109	
	WantPropertyElement.theObject(ANode) line: 200	
	WantPropertyElement.startElement(String, String, String, Attributes) line: 129	
	RDFXMLParser(XMLHandler).startElement(String, String, String, Attributes) line: 111	
	SAXParserImpl$JAXPSAXParser(AbstractSAXParser).startElement(QName, XMLAttributes, Augmentations) line: not available	
	SAXParserImpl$JAXPSAXParser(AbstractXMLDocumentParser).emptyElement(QName, XMLAttributes, Augmentations) line: not available	
	XMLNSDocumentScannerImpl.scanStartElement() line: not available	
	XMLNSDocumentScannerImpl$NSContentDriver(XMLDocumentFragmentScannerImpl$FragmentContentDriver).next() line: not available	
	XMLNSDocumentScannerImpl(XMLDocumentScannerImpl).next() line: not available	
	XMLNSDocumentScannerImpl.next() line: not available	
	XMLNSDocumentScannerImpl(XMLDocumentFragmentScannerImpl).scanDocument(boolean) line: not available	
	XIncludeAwareParserConfiguration(XML11Configuration).parse(boolean) line: not available	
	XIncludeAwareParserConfiguration(XML11Configuration).parse(XMLInputSource) line: not available	
	SAXParserImpl$JAXPSAXParser(XMLParser).parse(XMLInputSource) line: not available	
	SAXParserImpl$JAXPSAXParser(AbstractSAXParser).parse(InputSource) line: not available	
	SAXParserImpl$JAXPSAXParser.parse(InputSource) line: not available	
	RDFXMLParser.parse(InputSource, String) line: 101	
	ARP.load(InputStream, String) line: 118	
	ReaderRIOTRDFXML.parse() line: 188	
	ReaderRIOTRDFXML.read(InputStream, String, ContentType, StreamRDF, Context) line: 86	
	RDFParser.read(ReaderRIOT, InputStream, Reader, String, Context, ContentType, StreamRDF) line: 352	
	RDFParser.parseNotUri(StreamRDF) line: 342	
	RDFParser.parse(StreamRDF) line: 291	
	RDFParserBuilder.parse(StreamRDF) line: 506	
	RDFDataMgr.parseFromInputStream(StreamRDF, InputStream, String, Lang, Context) line: 870	
	RDFDataMgr.read(Graph, InputStream, String, Lang) line: 268	
	RDFDataMgr.read(Model, InputStream, String, Lang) line: 254	
	RDFReaderRIOT.read(Model, InputStream, String) line: 69	
	ModelCom.read(InputStream, String, String) line: 305	
	RdfStore.deSerialize(InputStream, boolean) line: 521	
	Verify.verify(String, SerFileType) line: 118	
	Verify.main(String[]) line: 70	
``
[time-1.9.tar.gz-extract-clipeu.spdx.rdf.txt](https://github.com/spdx/spdx-java-rdf-store/files/7187890/time-1.9.tar.gz-extract-clipeu.spdx.rdf.txt)
`

Release version 0.7 checklist

Create release for any dependent libraries which have changed (Spdx-Java-Library)
Update dependency versions in the pom.xml file
Update the version in the pom.xml file
Publish using the command maven deploy - this will deploy to the bintray SPDX tools
Sync the bintray repo with Maven Central
Tag the repo with the release version
Publish the release on github

documentDescribes property should be replaced with a DESCRIBES property

The SPDX 2.2 Ontology includes a property documentDescribes which has been replaced with the a DESCRIBES relationship between the Document and the Package in the 2.0 spec.

The upgrade facility should replace any documentDescribes property with the preferred relationship approach.

SDPX Validator complains on licenseConcluded tag which is written according to specification

Hello team, currently I'm working in fixing errors to pass validation and face situation when validator start complaining on things which are seems to be correct according to specification. I use online tool https://tools.spdx.org/app/validate/ to validate spdx document.

ps: Document I work with is written in RDF format.

Issue I face is related to licenseConcluded tag <spdx:licenseConcluded rdf:resource="http://spdx.org/licenses/GPL-2.0-only"/>

Here the example of spdx document which FAILS validation:

<?xml version="1.0"?>
<rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:spdx="http://spdx.org/rdf/terms#" xmlns:rdfs="http://www.w3.org/2000/01/rdf-schema#">
  <spdx:SpdxDocument rdf:about="http://3781_431#SPDXRef-DOCUMENT">
    <spdx:dataLicense rdf:resource="http://spdx.org/licenses/CC0-1.0"/>
    <spdx:creationInfo>
      <spdx:CreationInfo>
        <rdfs:comment/>
        <spdx:created>2022-09-15T08:20:02Z</spdx:created>
        <spdx:creator>Person: Some person</spdx:creator>
        <spdx:creator>Tool:   Some tool </spdx:creator>
        <spdx:licenseListVersion>2.0</spdx:licenseListVersion>
      </spdx:CreationInfo>
    </spdx:creationInfo>
    <spdx:specVersion>SPDX-2.2</spdx:specVersion>
    <spdx:name>Report for scan: DEMO</spdx:name>
    <spdx:hasFile>
      <spdx:File rdf:about="http://3781_431#SPDXRef-file7a92c4a8a3d3a21742500d2f574cf8d91">
        <spdx:fileName>EXAMPLE_PROJECT/angular1.2.32/angular.js</spdx:fileName>
        <rdfs:comment/>
        <spdx:checksum>
          <spdx:Checksum>
            <spdx:algorithm rdf:resource="http://spdx.org/rdf/terms#checksumAlgorithm_sha256"/>
            <spdx:checksumValue>16464f2133d32c3d86a95b5657bc82ecf93362706998bd1bff8ea22fa9ea50c0</spdx:checksumValue>
          </spdx:Checksum>
        </spdx:checksum>
        <spdx:checksum>
          <spdx:Checksum>
            <spdx:algorithm rdf:resource="http://spdx.org/rdf/terms#checksumAlgorithm_sha1"/>
            <spdx:checksumValue>eb3f2c52012c3b4be18a929dc875d0848f4300dd</spdx:checksumValue>
          </spdx:Checksum>
        </spdx:checksum>
        <spdx:checksum>
          <spdx:Checksum>
            <spdx:algorithm rdf:resource="http://spdx.org/rdf/terms#checksumAlgorithm_md5"/>
            <spdx:checksumValue>7a92c4a8a3d3a21742500d2f574cf8d9</spdx:checksumValue>
          </spdx:Checksum>
        </spdx:checksum>
        <spdx:copyrightText rdf:resource="http://spdx.org/rdf/terms#noassertion"/>
        <spdx:licenseConcluded rdf:resource="http://spdx.org/rdf/terms#noassertion"/>
      </spdx:File>
    </spdx:hasFile>
    <spdx:relationship>
      <spdx:Relationship>
        <spdx:relationshipType rdf:resource="http://spdx.org/rdf/terms#relationshipType_describes"/>
        <spdx:relatedSpdxElement>
          <spdx:Package rdf:about="http://3781_431#SPDXRef-Package62">
            <spdx:name>kernel</spdx:name>
            <spdx:versionInfo>3.8.6</spdx:versionInfo>
            <spdx:externalRef>
              <spdx:ExternalRef>
                <spdx:referenceLocator>cpe:2.3:o:linux:linux_kernel:3.8.6:*:*:*:*:*:*:*</spdx:referenceLocator>
                <spdx:referenceType>
                  <spdx:ReferenceType rdf:about="http://spdx.org/rdf/references/cpe23Type"/>
                </spdx:referenceType>
                <spdx:referenceCategory rdf:resource="http://spdx.org/rdf/terms#referenceCategory_security"/>
              </spdx:ExternalRef>
            </spdx:externalRef>
            <spdx:supplier>NOASSERTION</spdx:supplier>
            <spdx:downloadLocation>NOASSERTION</spdx:downloadLocation>
            <spdx:packageVerificationCode>
              <spdx:PackageVerificationCode>
                <spdx:packageVerificationCodeValue>c17c93e2d0d8558ef260a22adab86602784ddd54</spdx:packageVerificationCodeValue>
              </spdx:PackageVerificationCode>
            </spdx:packageVerificationCode>
            <spdx:copyrightText rdf:resource="http://spdx.org/rdf/terms#noassertion"/>
            <spdx:licenseConcluded rdf:resource="http://spdx.org/licenses/GPL-2.0-only"/>
            <spdx:licenseInfoFromFiles rdf:resource="http://spdx.org/licenses/GPL-2.0-only"/>
            <spdx:licenseDeclared rdf:resource="http://spdx.org/licenses/GPL-2.0-only"/>
            <spdx:hasFile>
              <spdx:File rdf:about="http://3781_431#SPDXRef-file346403c6c410bc234f156ef4a49497c5182">
                <spdx:fileName>EXAMPLE_PROJECT/prop_files_with_snippets/sample_copy.c</spdx:fileName>
                <rdfs:comment/>
                <spdx:checksum>
                  <spdx:Checksum>
                    <spdx:algorithm rdf:resource="http://spdx.org/rdf/terms#checksumAlgorithm_sha256"/>
                    <spdx:checksumValue>60d077054ce59622848ae1906f9d4267d73d9807bdb34477413cb16e3e42b2eb</spdx:checksumValue>
                  </spdx:Checksum>
                </spdx:checksum>
                <spdx:checksum>
                  <spdx:Checksum>
                    <spdx:algorithm rdf:resource="http://spdx.org/rdf/terms#checksumAlgorithm_sha1"/>
                    <spdx:checksumValue>1af5b44d1a35d93587bd955b2a304e1406e53cdd</spdx:checksumValue>
                  </spdx:Checksum>
                </spdx:checksum>
                <spdx:checksum>
                  <spdx:Checksum>
                    <spdx:algorithm rdf:resource="http://spdx.org/rdf/terms#checksumAlgorithm_md5"/>
                    <spdx:checksumValue>346403c6c410bc234f156ef4a49497c5</spdx:checksumValue>
                  </spdx:Checksum>
                </spdx:checksum>
                <spdx:copyrightText rdf:resource="http://spdx.org/rdf/terms#noassertion"/>
                **<spdx:licenseConcluded rdf:resource="http://3781_431#LicenseRef-GPL"/>**
                <spdx:licenseInfoFromFiles rdf:resource="http://3781_431#LicenseRef-GPL"/>
              </spdx:File>
            </spdx:hasFile>
          </spdx:Package>
        </spdx:relatedSpdxElement>
      </spdx:Relationship>
    </spdx:relationship>
    <spdx:hasExtractedLicensingInfo>
      <spdx:ExtractedLicensingInfo rdf:about="http://3781_431#LicenseRef-GPL">
        <spdx:licenseId>LicenseRef-GPL</spdx:licenseId>
        <spdx:name>GPL</spdx:name>
        <spdx:extractedText>GPL</spdx:extractedText>
      </spdx:ExtractedLicensingInfo>
    </spdx:hasExtractedLicensingInfo>
  </spdx:SpdxDocument>
</rdf:RDF>

Validator says:
The following warning(s) were raised: [Missing required license name in kernel, Missing required license text for GPL-2.0-only in kernel]

This is exact the same spdx document, but one part related to licenseConcluded is changed and it's pass validation

<?xml version="1.0"?>
<rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:spdx="http://spdx.org/rdf/terms#" xmlns:rdfs="http://www.w3.org/2000/01/rdf-schema#">
  <spdx:SpdxDocument rdf:about="http://3781_431#SPDXRef-DOCUMENT">
    <spdx:dataLicense rdf:resource="http://spdx.org/licenses/CC0-1.0"/>
    <spdx:creationInfo>
      <spdx:CreationInfo>
        <rdfs:comment/>
        <spdx:created>2022-09-15T08:20:02Z</spdx:created>
        <spdx:creator>Person: Some Person</spdx:creator>
        <spdx:creator>Tool:   Some tool </spdx:creator>
        <spdx:licenseListVersion>2.0</spdx:licenseListVersion>
      </spdx:CreationInfo>
    </spdx:creationInfo>
    <spdx:specVersion>SPDX-2.2</spdx:specVersion>
    <spdx:name>Report for scan: DEMO </spdx:name>
    <spdx:relationship>
      <spdx:Relationship>
        <spdx:relationshipType rdf:resource="http://spdx.org/rdf/terms#relationshipType_describes"/>
        <spdx:relatedSpdxElement>
          <spdx:Package rdf:about="http://3781_431#SPDXRef-Package62">
            <spdx:name>kernel</spdx:name>
            <spdx:versionInfo>3.8.6</spdx:versionInfo>
            <spdx:externalRef>
              <spdx:ExternalRef>
                <spdx:referenceLocator>cpe:2.3:o:linux:linux_kernel:3.8.6:*:*:*:*:*:*:*</spdx:referenceLocator>
                <spdx:referenceType>
                  <spdx:ReferenceType rdf:about="http://spdx.org/rdf/references/cpe23Type"/>
                </spdx:referenceType>
                <spdx:referenceCategory rdf:resource="http://spdx.org/rdf/terms#referenceCategory_security"/>
              </spdx:ExternalRef>
            </spdx:externalRef>
            <spdx:supplier>NOASSERTION</spdx:supplier>
            <spdx:downloadLocation>NOASSERTION</spdx:downloadLocation>
            <spdx:packageVerificationCode>
              <spdx:PackageVerificationCode>
                <spdx:packageVerificationCodeValue>c17c93e2d0d8558ef260a22adab86602784ddd54</spdx:packageVerificationCodeValue>
              </spdx:PackageVerificationCode>
            </spdx:packageVerificationCode>
            <spdx:copyrightText rdf:resource="http://spdx.org/rdf/terms#noassertion"/>
            **<spdx:licenseConcluded>
              <spdx:ListedLicense rdf:about="http://spdx.org/licenses/GPL-2.0-only">
                <spdx:name>GNU General Public License v2.0 only</spdx:name>
                <spdx:licenseId>GPL-2.0-only</spdx:licenseId>
                <spdx:licenseText>GNU GENERAL PUBLIC LICENSE .......... License text here</spdx:licenseText>
              </spdx:ListedLicense>
            </spdx:licenseConcluded>**
            <spdx:licenseInfoFromFiles rdf:resource="http://spdx.org/licenses/GPL-2.0-only"/>
            <spdx:licenseDeclared rdf:resource="http://spdx.org/licenses/GPL-2.0-only"/>
            <spdx:hasFile>
              <spdx:File rdf:about="http://3781_431#SPDXRef-file346403c6c410bc234f156ef4a49497c5182">
                <spdx:fileName>EXAMPLE_PROJECT/prop_files_with_snippets/sample_copy.c</spdx:fileName>
                <rdfs:comment/>
                <spdx:checksum>
                  <spdx:Checksum>
                    <spdx:algorithm rdf:resource="http://spdx.org/rdf/terms#checksumAlgorithm_sha256"/>
                    <spdx:checksumValue>60d077054ce59622848ae1906f9d4267d73d9807bdb34477413cb16e3e42b2eb</spdx:checksumValue>
                  </spdx:Checksum>
                </spdx:checksum>
                <spdx:checksum>
                  <spdx:Checksum>
                    <spdx:algorithm rdf:resource="http://spdx.org/rdf/terms#checksumAlgorithm_sha1"/>
                    <spdx:checksumValue>1af5b44d1a35d93587bd955b2a304e1406e53cdd</spdx:checksumValue>
                  </spdx:Checksum>
                </spdx:checksum>
                <spdx:checksum>
                  <spdx:Checksum>
                    <spdx:algorithm rdf:resource="http://spdx.org/rdf/terms#checksumAlgorithm_md5"/>
                    <spdx:checksumValue>346403c6c410bc234f156ef4a49497c5</spdx:checksumValue>
                  </spdx:Checksum>
                </spdx:checksum>
                <spdx:copyrightText rdf:resource="http://spdx.org/rdf/terms#noassertion"/>
                <spdx:licenseConcluded rdf:resource="http://3781_431#LicenseRef-GPL"/>
                <spdx:licenseInfoFromFiles rdf:resource="http://3781_431#LicenseRef-GPL"/>
              </spdx:File>
            </spdx:hasFile>
          </spdx:Package>
        </spdx:relatedSpdxElement>
      </spdx:Relationship>
    </spdx:relationship>
    <spdx:hasExtractedLicensingInfo>
      <spdx:ExtractedLicensingInfo rdf:about="http://3781_431#LicenseRef-GPL">
        <spdx:licenseId>LicenseRef-GPL</spdx:licenseId>
        <spdx:name>GPL</spdx:name>
        <spdx:extractedText>GPL</spdx:extractedText>
      </spdx:ExtractedLicensingInfo>
    </spdx:hasExtractedLicensingInfo>
  </spdx:SpdxDocument>
</rdf:RDF>

**The question is why spdx licenses in licenseConcluded tag with rdf:resource="http://spdx.org/licenses/GPL-2.0-only" requite name and text to be specified in document? **
<spdx:licenseConcluded rdf:resource="http://spdx.org/licenses/GPL-2.0-only"/>

Does SPDX validator validate spdx document according to specification?

Thanks in advance

best regards,
Alina

rdfs prefix missing in generated Turtle RDF documents

see for example here:
https://github.com/spdx/license-list-data/blob/master/rdfturtle/AFL-2.0.turtle

Where we see for example <http://www.w3.org/2000/01/rdf-schema#seeAlso> instead of schema:seeAlso,
which would make it more pleasant for the human eye (which is the main goal of the Turtle format).

Possible number format exception when getting the next SPDX ID

See spdx/Spdx-Java-Library#103 for a detailed description.

RdfSpdxDocumentModelManager is the class/file that needs to be updated.

Warning message "Possibly ambiguous ID being introduced."

Hello
First of all, thank you for making a good tool.

while converting SPDX spreadsheet to SPDX RDF using java-tools, I saw the following warning message.
id is the same value, but output a warning message, "Possibly ambiguous ID being introduced. SPDXRef-Package-25 is being raplaced by SPDXRef-Package-25"

Is it the intended behavior to output an error message even if the id and previous values are the same?

debugger

id and previous are the same.

warning message

WARN  21-10-05 12:19:28[http-nio-8180-exec-1] [o.s.s.RdfSpdxDocumentModelManager:326] - Possibly ambiguous ID being introduced.  SPDXRef-Package-25 is being raplaced by SPDXRef-Package-25
WARN  21-10-05 12:19:28[http-nio-8180-exec-1] [o.s.s.RdfSpdxDocumentModelManager:326] - Possibly ambiguous ID being introduced.  SPDXRef-Package-25 is being raplaced by SPDXRef-Package-25
WARN  21-10-05 12:19:28[http-nio-8180-exec-1] [o.s.s.RdfSpdxDocumentModelManager:326] - Possibly ambiguous ID being introduced.  SPDXRef-Package-25 is being raplaced by SPDXRef-Package-25
WARN  21-10-05 12:19:28[http-nio-8180-exec-1] [o.s.s.RdfSpdxDocumentModelManager:326] - Possibly ambiguous ID being introduced.  SPDXRef-Package-25 is being raplaced by SPDXRef-Package-25
WARN  21-10-05 12:19:28[http-nio-8180-exec-1] [o.s.s.RdfSpdxDocumentModelManager:326] - Possibly ambiguous ID being introduced.  SPDXRef-Package-25 is being raplaced by SPDXRef-Package-25
WARN  21-10-05 12:19:28[http-nio-8180-exec-1] [o.s.s.RdfSpdxDocumentModelManager:326] - Possibly ambiguous ID being introduced.  SPDXRef-Package-25 is being raplaced by SPDXRef-Package-25
WARN  21-10-05 12:19:28[http-nio-8180-exec-1] [o.s.s.RdfSpdxDocumentModelManager:326] - Possibly ambiguous ID being introduced.  SPDXRef-Package-25 is being raplaced by SPDXRef-Package-25
WARN  21-10-05 12:19:28[http-nio-8180-exec-1] [o.s.s.RdfSpdxDocumentModelManager:326] - Possibly ambiguous ID being introduced.  SPDXRef-Package-25 is being raplaced by SPDXRef-Package-25
WARN  21-10-05 12:19:28[http-nio-8180-exec-1] [o.s.s.RdfSpdxDocumentModelManager:326] - Possibly ambiguous ID being introduced.  SPDXRef-Package-25 is being raplaced by SPDXRef-Package-25
WARN  21-10-05 12:19:28[http-nio-8180-exec-1] [o.s.s.RdfSpdxDocumentModelManager:326] - Possibly ambiguous ID being introduced.  SPDXRef-Package-25 is being raplaced by SPDXRef-Package-25
WARN  21-10-05 12:19:28[http-nio-8180-exec-1] [o.s.s.RdfSpdxDocumentModelManager:326] - Possibly ambiguous ID being introduced.  SPDXRef-Package-25 is being raplaced by SPDXRef-Package-25
WARN  21-10-05 12:19:28[http-nio-8180-exec-1] [o.s.s.RdfSpdxDocumentModelManager:326] - Possibly ambiguous ID being introduced.  SPDXRef-Package-25 is being raplaced by SPDXRef-Package-25
WARN  21-10-05 12:19:28[http-nio-8180-exec-1] [o.s.s.RdfSpdxDocumentModelManager:326] - Possibly ambiguous ID being introduced.  SPDXRef-DOCUMENT is being raplaced by SPDXRef-DOCUMENT
WARN  21-10-05 12:19:28[http-nio-8180-exec-1] [o.s.s.RdfSpdxDocumentModelManager:326] - Possibly ambiguous ID being introduced.  SPDXRef-DOCUMENT is being raplaced by SPDXRef-DOCUMENT
WARN  21-10-05 12:19:28[http-nio-8180-exec-1] [o.s.s.RdfSpdxDocumentModelManager:326] - Possibly ambiguous ID being introduced.  SPDXRef-DOCUMENT is being raplaced by SPDXRef-DOCUMENT
WARN  21-10-05 12:19:28[http-nio-8180-exec-1] [o.s.s.RdfSpdxDocumentModelManager:326] - Possibly ambiguous ID being introduced.  SPDXRef-Package-25 is being raplaced by SPDXRef-Package-25
WARN  21-10-05 12:19:28[http-nio-8180-exec-1] [o.s.s.RdfSpdxDocumentModelManager:326] - Possibly ambiguous ID being introduced.  SPDXRef-DOCUMENT is being raplaced by SPDXRef-DOCUMENT
WARN  21-10-05 12:19:28[http-nio-8180-exec-1] [o.s.s.RdfSpdxDocumentModelManager:326] - Possibly ambiguous ID being introduced.  SPDXRef-Package-1 is being raplaced by SPDXRef-Package-1
WARN  21-10-05 12:19:28[http-nio-8180-exec-1] [o.s.s.RdfSpdxDocumentModelManager:326] - Possibly ambiguous ID being introduced.  SPDXRef-Package-1 is being raplaced by SPDXRef-Package-1
WARN  21-10-05 12:19:28[http-nio-8180-exec-1] [o.s.s.RdfSpdxDocumentModelManager:326] - Possibly ambiguous ID being introduced.  SPDXRef-Package-1 is being raplaced by SPDXRef-Package-1
WARN  21-10-05 12:19:28[http-nio-8180-exec-1] [o.s.s.RdfSpdxDocumentModelManager:326] - Possibly ambiguous ID being introduced.  SPDXRef-Package-1 is being raplaced by SPDXRef-Package-1
WARN  21-10-05 12:19:28[http-nio-8180-exec-1] [o.s.s.RdfSpdxDocumentModelManager:326] - Possibly ambiguous ID being introduced.  SPDXRef-Package-1 is being raplaced by SPDXRef-Package-1
WARN  21-10-05 12:19:28[http-nio-8180-exec-1] [o.s.s.RdfSpdxDocumentModelManager:326] - Possibly ambiguous ID being introduced.  SPDXRef-Package-1 is being raplaced by SPDXRef-Package-1
WARN  21-10-05 12:19:28[http-nio-8180-exec-1] [o.s.s.RdfSpdxDocumentModelManager:326] - Possibly ambiguous ID being introduced.  SPDXRef-Package-1 is being raplaced by SPDXRef-Package-1
WARN  21-10-05 12:19:28[http-nio-8180-exec-1] [o.s.s.RdfSpdxDocumentModelManager:326] - Possibly ambiguous ID being introduced.  SPDXRef-Package-1 is being raplaced by SPDXRef-Package-1
WARN  21-10-05 12:19:28[http-nio-8180-exec-1] [o.s.s.RdfSpdxDocumentModelManager:326] - Possibly ambiguous ID being introduced.  SPDXRef-Package-1 is being raplaced by SPDXRef-Package-1
WARN  21-10-05 12:19:28[http-nio-8180-exec-1] [o.s.s.RdfSpdxDocumentModelManager:326] - Possibly ambiguous ID being introduced.  SPDXRef-Package-1 is being raplaced by SPDXRef-Package-1
WARN  21-10-05 12:19:28[http-nio-8180-exec-1] [o.s.s.RdfSpdxDocumentModelManager:326] - Possibly ambiguous ID being introduced.  SPDXRef-Package-1 is being raplaced by SPDXRef-Package-1
WARN  21-10-05 12:19:28[http-nio-8180-exec-1] [o.s.s.RdfSpdxDocumentModelManager:326] - Possibly ambiguous ID being introduced.  SPDXRef-Package-1 is being raplaced by SPDXRef-Package-1
WARN  21-10-05 12:19:28[http-nio-8180-exec-1] [o.s.s.RdfSpdxDocumentModelManager:326] - Possibly ambiguous ID being introduced.  SPDXRef-Package-1 is being raplaced by SPDXRef-Package-1
WARN  21-10-05 12:19:28[http-nio-8180-exec-1] [o.s.s.RdfSpdxDocumentModelManager:326] - Possibly ambiguous ID being introduced.  SPDXRef-Package-1 is being raplaced by SPDXRef-Package-1
WARN  21-10-05 12:19:28[http-nio-8180-exec-1] [o.s.s.RdfSpdxDocumentModelManager:326] - Possibly ambiguous ID being introduced.  SPDXRef-DOCUMENT is being raplaced by SPDXRef-DOCUMENT
WARN  21-10-05 12:19:28[http-nio-8180-exec-1] [o.s.s.RdfSpdxDocumentModelManager:326] - Possibly ambiguous ID being introduced.  SPDXRef-DOCUMENT is being raplaced by SPDXRef-DOCUMENT