feat!: Add support for CycloneDX 1.6

Added: - Additions and updates to the model - Testcases - Merge functionality Fixed - Some problem with Protobuff Serialization *ESPECIALLY FIXED OFFSET DATETIMES (BREAKING)* - Multiple other minor bugs in the Serialization processes. * . * inbetween: xml enums still need to be fixed but roundtrip tests work * fixed problems stemming from cdx 1.5 implementation * DatasetChoices fix deserialization namespace problem * Adapt interop and merge tests Signed-off-by: andreas hilti <[email protected]> * Adapt core tests Signed-off-by: andreas hilti <[email protected]> * Further adapt core tests Signed-off-by: andreas hilti <[email protected]> * Add missing snapshots Signed-off-by: andreas hilti <[email protected]> * workaround for incorrect Protobuf Tools serialization Signed-off-by: andreas hilti <[email protected]> * Adding Tests for Protobuff and Json * several fixes for JSON tests Signed-off-by: andreas hilti <[email protected]> * add some snapshots Signed-off-by: andreas hilti <[email protected]> * fix JSON validation Signed-off-by: andreas hilti <[email protected]> * support multiple EvidenceIdentities Signed-off-by: andreas hilti <[email protected]> * add protobuf support for CBOM Signed-off-by: andreas hilti <[email protected]> * add missing snapshots Signed-off-by: andreas hilti <[email protected]> * CipherSuites via XmlArray with XmlArrayItem * FixcryptoProperties.ObjectId for JSON * OID now in Snapshots * support tags for components and services Signed-off-by: andreas hilti <[email protected]> * Generated Implementation for Declarations * fix style Signed-off-by: andreas hilti <[email protected]> * support OmniborId and Swhid Signed-off-by: andreas hilti <[email protected]> * support component Authors and Manufacturer Signed-off-by: andreas hilti <[email protected]> * support BOM Manufacturer Signed-off-by: andreas hilti <[email protected]> * Fully Implement Declarations * add support for license acknowledgment Signed-off-by: andreas hilti <[email protected]> * add support for source-distribution Signed-off-by: andreas hilti <[email protected]> * Support for concludedValue Signed-off-by: andreas hilti <[email protected]> * Delete 1.5 Snapshots in Json/1.6 folder * Mostly EnvironmentalConsideration + Postal Address * Use EnumerateAllComponents for EnumerateAllDatasetChoices * Simplify CryptoFunctions as XmlArray * Simpify XMLArrays in CryptoProperties.cs * Enum.Null in CryptoProperties * Fix enums for protobuf serialization Signed-off-by: andreas hilti <[email protected]> * Fix CertificationLevel protobuf serialization Signed-off-by: andreas hilti <[email protected]> * Add Definitions/Standards * fix tests * Fix JSON serialization of ImplementationPlatform Signed-off-by: andreas hilti <[email protected]> * Fix all tests * Fix JSON serialization of CertificationLevel Signed-off-by: andreas hilti <[email protected]> * Fix Protobuf serialization of provides Signed-off-by: andreas hilti <[email protected]> * Fix workflows Signed-off-by: andreas hilti <[email protected]> * Fix Protobuf serialization of DataFlow Signed-off-by: andreas hilti <[email protected]> * Fix JSON serialization of DatasetChoices Signed-off-by: andreas hilti <[email protected]> * Several fixes for EnergyConsumption Signed-off-by: andreas hilti <[email protected]> * Fix Protobuf serialization of vulnerability rating score Signed-off-by: andreas hilti <[email protected]> * Fix xml serialization of license expressions Signed-off-by: andreas hilti <[email protected]> * Fix protobuf serialization of DateTime Signed-off-by: andreas hilti <[email protected]> * Fix protobuf serialization of lifecycle Signed-off-by: andreas hilti <[email protected]> * Add deprecations for component.author and metatada.manufacture Signed-off-by: andreas hilti <[email protected]> * Fix protobuf serialization of component and service tools Signed-off-by: andreas hilti <[email protected]> * Fix several enum serializations Signed-off-by: andreas hilti <[email protected]> * Fix xml serialization for obsolete elements Signed-off-by: andreas hilti <[email protected]> * merge attestations and standards Signed-off-by: MTsfoni <[email protected]> * missing added file Signed-off-by: MTsfoni <[email protected]> * address some codacy warnings Signed-off-by: MTsfoni <[email protected]> * Address Codacy Issue * - Add missing license headers - move protobuf compatibility level to protobuf serializer - split up files to be one class per file * Test for merging attestation and standards Signed-off-by: MTsfoni <[email protected]> * Add new locations of relevant types to EnumerateAll...-functions Signed-off-by: MTsfoni <[email protected]> * codacy Signed-off-by: MTsfoni <[email protected]> * Fix JSON serialization of Ikev2TransformTypes Signed-off-by: andreas hilti <[email protected]> * Cleanup Signed-off-by: andreas hilti <[email protected]> * Enhance Signature Signed-off-by: andreas hilti <[email protected]> * Support multisignature and signaturechain Signed-off-by: andreas hilti <[email protected]> --------- Signed-off-by: andreas hilti <[email protected]> Signed-off-by: Michael Tsfoni <[email protected]> Co-authored-by: andreas hilti <[email protected]>
CycloneDX · Sep 14, 2024 · d1eacc2 · d1eacc2
1 parent a42f0bf
commit d1eacc2
Show file tree

Hide file tree

Showing 620 changed files with 50,237 additions and 492 deletions.
diff --git a/src/CycloneDX.Core/BomUtils.cs b/src/CycloneDX.Core/BomUtils.cs
diff --git a/src/CycloneDX.Core/Json/Converters/DatasetChoicesConverter.cs b/src/CycloneDX.Core/Json/Converters/DatasetChoicesConverter.cs
@@ -0,0 +1,97 @@
+// This file is part of CycloneDX Library for .NET
+//
+// Licensed under the Apache License, Version 2.0 (the “License”);
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an “AS IS” BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// SPDX-License-Identifier: Apache-2.0
+// Copyright (c) OWASP Foundation. All Rights Reserved.
+
+using System;
+using System.Collections.Generic;
+using System.Diagnostics.Contracts;
+using System.Text.Json;
+using System.Text.Json.Serialization;
+using CycloneDX.Models;
+
+namespace CycloneDX.Json.Converters
+{
+
+    public class RefObject {
+        public string Ref { get; set; }
+    }
+
+    public class DatasetChoicesConverter : JsonConverter<DatasetChoices>
+    {
+        public override DatasetChoices Read(
+            ref Utf8JsonReader reader,
+            Type typeToConvert,
+            JsonSerializerOptions options)
+        {
+            if (reader.TokenType == JsonTokenType.Null)
+            {
+                return null;
+            }
+            else if (reader.TokenType == JsonTokenType.StartArray)
+            {
+                reader.Read();
+                var datasetChoices = new DatasetChoices();
+                while (reader.TokenType != JsonTokenType.EndArray)
+                {
+                    var doc = JsonDocument.ParseValue(ref reader);
+                    if (doc.RootElement.TryGetProperty("type", out var typeValue))
+                    {
+                        var data = doc.Deserialize<Data>(options);
+                        datasetChoices.Add(new DatasetChoice { DataSet = data });
+                    }
+                    else
+                    {
+                        var reference = doc.Deserialize<RefObject>(options);
+                        datasetChoices.Add(new DatasetChoice { Ref = reference.Ref });
+                    }
+                    reader.Read();
+                }
+                return datasetChoices;
+            }
+            else
+            {
+                throw new JsonException();
+            }
+        }
+
+        public override void Write(
+            Utf8JsonWriter writer,
+            DatasetChoices value,
+            JsonSerializerOptions options)
+        {
+            Contract.Requires(writer != null);
+            Contract.Requires(value != null);
+
+            writer.WriteStartArray();
+            if (value != null)
+            {
+                foreach (var datasetChoice in value)
+                {
+                    if (datasetChoice.DataSet != null)
+                    {
+                        JsonSerializer.Serialize(writer, datasetChoice.DataSet, options);
+                    }
+                    if (datasetChoice.Ref != null)
+                    {
+                        JsonSerializer.Serialize(writer, new RefObject { Ref = datasetChoice.Ref }, options);
+                    }
+                }
+            }
+            writer.WriteEndArray();
+
+        }
+    }
+}
diff --git a/src/CycloneDX.Core/Json/Converters/DependencyConverter.cs b/src/CycloneDX.Core/Json/Converters/DependencyConverter.cs
@@ -15,6 +15,7 @@
 // SPDX-License-Identifier: Apache-2.0
 // Copyright (c) OWASP Foundation. All Rights Reserved.
 
+using CycloneDX.Models;
 using System;
 using System.Collections.Generic;
 using System.Diagnostics.Contracts;
@@ -91,6 +92,32 @@ public override Dependency Read(
                             }
                         }
                     }
+                    else if (propertyName == "provides")
+                    {
+                        dependency.Provides = new List<Provides>();
+                        while (reader.Read())
+                        {
+                            if (reader.TokenType == JsonTokenType.EndArray)
+                            {
+                                break;
+                            }
+                            else if (reader.TokenType == JsonTokenType.String)
+                            {
+                                dependency.Provides.Add(new Provides
+                                {
+                                    Ref = reader.GetString()
+                                });
+                            }
+                            else if (reader.TokenType == JsonTokenType.StartArray)
+                            {
+                                // this happens the first time through
+                            }
+                            else
+                            {
+                                throw new JsonException();
+                            }
+                        }
+                    }
                 }
                 throw new JsonException();
             }
@@ -122,6 +149,17 @@ public override void Write(
                 writer.WriteEndArray();
             }
 
+            if (value.Provides != null)
+            {
+                writer.WritePropertyName("provides");
+                writer.WriteStartArray();
+                foreach (var provides in value.Provides)
+                {
+                    writer.WriteStringValue(provides.Ref);
+                }
+                writer.WriteEndArray();
+            }
+
             writer.WriteEndObject();
         }
     }

diff --git a/src/CycloneDX.Core/Json/Converters/EnumMemberConverter.cs b/src/CycloneDX.Core/Json/Converters/EnumMemberConverter.cs
@@ -0,0 +1,106 @@
+// This file is part of CycloneDX Library for .NET
+//
+// Licensed under the Apache License, Version 2.0 (the “License”);
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an “AS IS” BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// SPDX-License-Identifier: Apache-2.0
+// Copyright (c) OWASP Foundation. All Rights Reserved.
+
+using System;
+using System.Diagnostics.Contracts;
+using System.Runtime.Serialization;
+using System.Text.Json;
+using System.Text.Json.Serialization;
+using System.Linq;
+using System.Collections.Generic;
+using System.Runtime.CompilerServices;
+
+namespace CycloneDX.Json.Converters
+{
+
+    // Decorate enum values with the EnumMember to specialize how it is serialized
+    // If unspecified, it behaves as the HyphenEnumConverter
+    public class EnumMemberConverter<T> : JsonConverter<T> where T: struct, System.Enum
+    {
+
+        private readonly Dictionary<T, string> _valueToString = new Dictionary<T, string>();
+        private readonly Dictionary<string, T> _stringToValue = new Dictionary<string, T>();
+
+        public EnumMemberConverter()
+        {
+            var enumType = typeof(T);
+            var enumValues = Enum.GetValues(enumType).Cast<T>();
+
+            foreach (var value in enumValues)
+            {
+                var enumMember = enumType.GetMember(value.ToString())[0];
+                var attr = enumMember.GetCustomAttributes(typeof(EnumMemberAttribute), false)
+                  .Cast<EnumMemberAttribute>().FirstOrDefault();
+                if (attr == null)
+                {
+                    continue;
+                }
+
+                _valueToString.Add(value, attr.Value);
+                _stringToValue.Add(attr.Value, value);
+            }
+        }
+
+        public override T Read(
+            ref Utf8JsonReader reader,
+            Type typeToConvert,
+            JsonSerializerOptions options)
+        {
+            if (reader.TokenType == JsonTokenType.Null
+                || reader.TokenType != JsonTokenType.String)
+            {
+                throw new JsonException();
+            }
+
+            var enumString = reader.GetString();
+
+            if (_stringToValue.TryGetValue(enumString, out var value))
+            {
+                return value;
+            }
+            else
+            {
+                var success = Enum.TryParse<T>(enumString.Replace("-", "_"), ignoreCase: true, out var enumValue);
+                if (success)
+                {
+                    return enumValue;
+                }
+                else
+                {
+                    throw new JsonException();
+                }
+            }
+        }
+
+        public override void Write(
+            Utf8JsonWriter writer,
+            T value,
+            JsonSerializerOptions options)
+        {
+            Contract.Requires(writer != null);
+
+            if (_valueToString.TryGetValue(value, out var stringValue))
+            {
+                writer.WriteStringValue(stringValue);
+            }
+            else
+            {
+                writer.WriteStringValue(value.ToString().ToLowerInvariant().Replace("_", "-"));
+            }
+        }
+    }
+}
diff --git a/src/CycloneDX.Core/Json/Converters/IdentityListConverter.cs b/src/CycloneDX.Core/Json/Converters/IdentityListConverter.cs
@@ -0,0 +1,79 @@
+// This file is part of CycloneDX Library for .NET
+//
+// Licensed under the Apache License, Version 2.0 (the “License”);
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an “AS IS” BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// SPDX-License-Identifier: Apache-2.0
+// Copyright (c) OWASP Foundation. All Rights Reserved.
+
+using System;
+using System.Collections.Generic;
+using System.Diagnostics.Contracts;
+using System.Text.Json;
+using System.Text.Json.Serialization;
+using CycloneDX.Models;
+
+namespace CycloneDX.Json.Converters
+{
+
+    public class EvidenceIdentityListConverter : JsonConverter<EvidenceIdentityList>
+    {
+        public override EvidenceIdentityList Read(
+            ref Utf8JsonReader reader,
+            Type typeToConvert,
+            JsonSerializerOptions options)
+        {
+            if (reader.TokenType == JsonTokenType.StartObject)
+            {
+                var serializerOptions = Utils.GetJsonSerializerOptions();                
+                var identity = JsonSerializer.Deserialize<EvidenceIdentity>(ref reader, serializerOptions);
+                return new EvidenceIdentityList { Identities = new List<EvidenceIdentity> { identity } };
+            }
+            else if (reader.TokenType == JsonTokenType.StartArray)
+            {
+                var evidenceIdentityList = new EvidenceIdentityList();
+                evidenceIdentityList.Identities = JsonSerializer.Deserialize<List<EvidenceIdentity>>(ref reader, options);
+                return evidenceIdentityList;
+            }
+            else
+            {
+                throw new JsonException();
+            }
+        }
+
+        public override void Write(
+            Utf8JsonWriter writer,
+            EvidenceIdentityList value,
+            JsonSerializerOptions options)
+        {
+            Contract.Requires(writer != null);
+            Contract.Requires(value != null);
+
+            if (value.Identities?.Count != 1)
+            {
+                writer.WriteStartArray();
+                if (value.Identities != null)
+                {
+                    foreach (var identity in value.Identities)
+                    {
+                        JsonSerializer.Serialize(writer, identity, options);
+                    }
+                }
+                writer.WriteEndArray();
+            }
+            else
+            {
+                JsonSerializer.Serialize(writer, value.Identities[0], options);
+            }
+        }
+    }
+}