feat(spec1-5): add support for vulnerability rejected timestamps

Signed-off-by: nscuro <[email protected]>
CycloneDX · Dec 7, 2023 · 25b250a · 25b250a
1 parent 55ff321
commit 25b250a
Show file tree

Hide file tree

Showing 6 changed files with 13 additions and 0 deletions.
diff --git a/convert.go b/convert.go
@@ -82,6 +82,14 @@ func (b *BOM) convert(specVersion SpecVersion) {
 		}
 	}
 
+	if b.Vulnerabilities != nil {
+		for i := range *b.Vulnerabilities {
+			if specVersion < SpecVersion1_5 {
+				(*b.Vulnerabilities)[i].Rejected = ""
+			}
+		}
+	}
+
 	b.SpecVersion = specVersion
 	b.XMLNS = xmlNamespaces[specVersion]
 	b.JSONSchema = jsonSchemas[specVersion]

diff --git a/cyclonedx.go b/cyclonedx.go
@@ -608,6 +608,7 @@ type Vulnerability struct {
 	Created        string                    `json:"created,omitempty" xml:"created,omitempty"`
 	Published      string                    `json:"published,omitempty" xml:"published,omitempty"`
 	Updated        string                    `json:"updated,omitempty" xml:"updated,omitempty"`
+	Rejected       string                    `json:"rejected,omitempty" xml:"rejected,omitempty"`
 	Credits        *Credits                  `json:"credits,omitempty" xml:"credits,omitempty"`
 	Tools          *[]Tool                   `json:"tools,omitempty" xml:"tools>tool,omitempty"`
 	Analysis       *VulnerabilityAnalysis    `json:"analysis,omitempty" xml:"analysis,omitempty"`

diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-vulnerability.json b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-vulnerability.json
@@ -62,6 +62,7 @@
       "created": "2021-01-01T00:00:00.000Z",
       "published": "2021-01-01T00:00:00.000Z",
       "updated": "2021-01-01T00:00:00.000Z",
+      "rejected": "2022-01-01T00:00:00.000Z",
       "credits": {
         "organizations": [
           {

diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-vulnerability.xml b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-vulnerability.xml
@@ -63,6 +63,7 @@
       <created>2021-01-01T00:00:00.000Z</created>
       <published>2021-01-01T00:00:00.000Z</published>
       <updated>2021-01-01T00:00:00.000Z</updated>
+      <rejected>2022-01-01T00:00:00.000Z</rejected>
       <credits>
         <organizations>
           <organization>

diff --git a/testdata/valid-vulnerability.json b/testdata/valid-vulnerability.json
@@ -63,6 +63,7 @@
       "created": "2021-01-01T00:00:00.000Z",
       "published": "2021-01-01T00:00:00.000Z",
       "updated": "2021-01-01T00:00:00.000Z",
+      "rejected": "2022-01-01T00:00:00.000Z",
       "credits": {
         "organizations": [
           {

diff --git a/testdata/valid-vulnerability.xml b/testdata/valid-vulnerability.xml
@@ -64,6 +64,7 @@
             <created>2021-01-01T00:00:00.000Z</created>
             <published>2021-01-01T00:00:00.000Z</published>
             <updated>2021-01-01T00:00:00.000Z</updated>
+            <rejected>2022-01-01T00:00:00.000Z</rejected>
             <credits>
                 <organizations>
                     <organization>