Skip to content

Commit

Permalink
feat: Add CycloneDX 1.6 fields swhid and omniborId
Browse files Browse the repository at this point in the history 
- adds swhid and omniborId fields
- updates unit test data to CycloneDX 1.6
- fixes schema/bom-1.6.xsd SPDX schemaLocation

Co-authored-by: Daniel Ekelund <[email protected]>
Signed-off-by: Tim Pickles <[email protected]>
Signed-off-by: Daniel Ekelund <[email protected]>
  • Loading branch information
@snyk-tim
snyk-tim and Daniel Ekelund committed May 15, 2024
1 parent 3a84845 commit 729c284
Show file tree
Hide file tree
Showing 156 changed files with 687 additions and 159 deletions.
5 changes: 5 additions & 0 deletions convert.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -145,6 +145,11 @@ func componentConverter(specVersion SpecVersion) func(*Component) {
}
}

if specVersion < SpecVersion1_6 {
c.SWHID = nil
c.OmniborID = nil
}

if !specVersion.supportsComponentType(c.Type) {
c.Type = ComponentTypeApplication
}
Expand Down
24 changes: 14 additions & 10 deletions cyclonedx.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -95,10 +95,10 @@ type BOM struct {

func NewBOM() *BOM {
return &BOM{
JSONSchema: jsonSchemas[SpecVersion1_5],
XMLNS: xmlNamespaces[SpecVersion1_5],
JSONSchema: jsonSchemas[SpecVersion1_6],
XMLNS: xmlNamespaces[SpecVersion1_6],
BOMFormat: BOMFormat,
SpecVersion: SpecVersion1_5,
SpecVersion: SpecVersion1_6,
Version: 1,
}
}
Expand Down Expand Up @@ -173,6 +173,8 @@ type Component struct {
Copyright string `json:"copyright,omitempty" xml:"copyright,omitempty"`
CPE string `json:"cpe,omitempty" xml:"cpe,omitempty"`
PackageURL string `json:"purl,omitempty" xml:"purl,omitempty"`
OmniborID *[]string `json:"omniborId,omitempty" xml:"omniborId,omitempty"`
SWHID *[]string `json:"swhid,omitempty" xml:"swhid,omitempty"`
SWID *SWID `json:"swid,omitempty" xml:"swid,omitempty"`
Modified *bool `json:"modified,omitempty" xml:"modified,omitempty"`
Pedigree *Pedigree `json:"pedigree,omitempty" xml:"pedigree,omitempty"`
Expand Down Expand Up @@ -325,13 +327,15 @@ type EvidenceIdentity struct {
type EvidenceIdentityFieldType string

const (
EvidenceIdentityFieldTypeCPE EvidenceIdentityFieldType = "cpe"
EvidenceIdentityFieldTypeGroup EvidenceIdentityFieldType = "group"
EvidenceIdentityFieldTypeHash EvidenceIdentityFieldType = "hash"
EvidenceIdentityFieldTypeName EvidenceIdentityFieldType = "name"
EvidenceIdentityFieldTypePURL EvidenceIdentityFieldType = "purl"
EvidenceIdentityFieldTypeSWID EvidenceIdentityFieldType = "swid"
EvidenceIdentityFieldTypeVersion EvidenceIdentityFieldType = "version"
EvidenceIdentityFieldTypeCPE EvidenceIdentityFieldType = "cpe"
EvidenceIdentityFieldTypeGroup EvidenceIdentityFieldType = "group"
EvidenceIdentityFieldTypeHash EvidenceIdentityFieldType = "hash"
EvidenceIdentityFieldTypeName EvidenceIdentityFieldType = "name"
EvidenceIdentityFieldTypePURL EvidenceIdentityFieldType = "purl"
EvidenceIdentityFieldTypeOmniborID EvidenceIdentityFieldType = "omniborId"
EvidenceIdentityFieldTypeSWHID EvidenceIdentityFieldType = "swhid"
EvidenceIdentityFieldTypeSWID EvidenceIdentityFieldType = "swid"
EvidenceIdentityFieldTypeVersion EvidenceIdentityFieldType = "version"
)

type EvidenceIdentityMethod struct {
Expand Down
3 changes: 3 additions & 0 deletions cyclonedx_json.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -124,6 +124,8 @@ func (sv *SpecVersion) UnmarshalJSON(bytes []byte) error {
*sv = SpecVersion1_4
case SpecVersion1_5.String():
*sv = SpecVersion1_5
case SpecVersion1_6.String():
*sv = SpecVersion1_6
default:
return ErrInvalidSpecVersion
}
Expand Down Expand Up @@ -192,4 +194,5 @@ var jsonSchemas = map[SpecVersion]string{
SpecVersion1_3: "http://cyclonedx.org/schema/bom-1.3.schema.json",
SpecVersion1_4: "http://cyclonedx.org/schema/bom-1.4.schema.json",
SpecVersion1_5: "http://cyclonedx.org/schema/bom-1.5.schema.json",
SpecVersion1_6: "http://cyclonedx.org/schema/bom-1.6.schema.json",
}
3 changes: 3 additions & 0 deletions cyclonedx_xml.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -292,6 +292,8 @@ func (sv *SpecVersion) UnmarshalXML(d *xml.Decoder, start xml.StartElement) erro
*sv = SpecVersion1_4
case SpecVersion1_5.String():
*sv = SpecVersion1_5
case SpecVersion1_6.String():
*sv = SpecVersion1_6
default:
return ErrInvalidSpecVersion
}
Expand Down Expand Up @@ -411,4 +413,5 @@ var xmlNamespaces = map[SpecVersion]string{
SpecVersion1_3: "http://cyclonedx.org/schema/bom/1.3",
SpecVersion1_4: "http://cyclonedx.org/schema/bom/1.4",
SpecVersion1_5: "http://cyclonedx.org/schema/bom/1.5",
SpecVersion1_6: "http://cyclonedx.org/schema/bom/1.6",
}
18 changes: 9 additions & 9 deletions encode_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,9 +50,9 @@ func TestJsonBOMEncoder_SetPretty(t *testing.T) {
require.NoError(t, encoder.Encode(bom))

assert.Equal(t, `{
"$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.5",
"specVersion": "1.6",
"version": 1,
"metadata": {
"authors": [
Expand Down Expand Up @@ -83,9 +83,9 @@ func TestJsonBOMEncoder_SetEscapeHTML_true(t *testing.T) {
require.NoError(t, encoder.Encode(bom))

assert.Equal(t, `{
"$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.5",
"specVersion": "1.6",
"version": 1,
"metadata": {
"authors": [
Expand Down Expand Up @@ -116,9 +116,9 @@ func TestJsonBOMEncoder_SetEscapeHTML_false(t *testing.T) {
require.NoError(t, encoder.Encode(bom))

assert.Equal(t, `{
"$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.5",
"specVersion": "1.6",
"version": 1,
"metadata": {
"authors": [
Expand Down Expand Up @@ -158,7 +158,7 @@ func TestXmlBOMEncoder_SetPretty(t *testing.T) {
require.NoError(t, encoder.Encode(bom))

assert.Equal(t, `<?xml version="1.0" encoding="UTF-8"?>
<bom xmlns="http://cyclonedx.org/schema/bom/1.5" version="1">
<bom xmlns="http://cyclonedx.org/schema/bom/1.6" version="1">
<metadata>
<authors>
<author>
Expand Down Expand Up @@ -186,7 +186,7 @@ func TestJsonBOMEncoder_EncodeVersion(t *testing.T) {
require.ErrorContains(t, err, "not supported")
})

for _, version := range []SpecVersion{SpecVersion1_2, SpecVersion1_3, SpecVersion1_4, SpecVersion1_5} {
for _, version := range []SpecVersion{SpecVersion1_2, SpecVersion1_3, SpecVersion1_4, SpecVersion1_5, SpecVersion1_6} {
t.Run(version.String(), func(t *testing.T) {
// Read original BOM JSON
inputFile, err := os.Open("./testdata/valid-bom.json")
Expand Down Expand Up @@ -216,7 +216,7 @@ func TestJsonBOMEncoder_EncodeVersion(t *testing.T) {
}

func TestXmlBOMEncoder_EncodeVersion(t *testing.T) {
for _, version := range []SpecVersion{SpecVersion1_0, SpecVersion1_1, SpecVersion1_2, SpecVersion1_3, SpecVersion1_4, SpecVersion1_5} {
for _, version := range []SpecVersion{SpecVersion1_0, SpecVersion1_1, SpecVersion1_2, SpecVersion1_3, SpecVersion1_4, SpecVersion1_5, SpecVersion1_6} {
t.Run(version.String(), func(t *testing.T) {
// Read original BOM JSON
inputFile, err := os.Open("./testdata/valid-bom.xml")
Expand Down
2 changes: 1 addition & 1 deletion example_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -89,7 +89,7 @@ func Example_encode() {

// Output:
// <?xml version="1.0" encoding="UTF-8"?>
// <bom xmlns="http://cyclonedx.org/schema/bom/1.5" version="1">
// <bom xmlns="http://cyclonedx.org/schema/bom/1.6" version="1">
// <metadata>
// <component bom-ref="pkg:golang/acme-inc/[email protected]" type="application">
// <name>ACME Application</name>
Expand Down
4 changes: 2 additions & 2 deletions roundtrip_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ func TestRoundTripJSON(t *testing.T) {
require.NoError(t, err)

// Sanity checks: BOM has to be valid
assertValidBOM(t, buf.Bytes(), BOMFileFormatJSON, SpecVersion1_5)
assertValidBOM(t, buf.Bytes(), BOMFileFormatJSON, SpecVersion1_6)

// Compare with snapshot
assert.NoError(t, snapShooter.SnapshotMulti(filepath.Base(bomFilePath), buf.String()))
Expand Down Expand Up @@ -85,7 +85,7 @@ func TestRoundTripXML(t *testing.T) {
require.NoError(t, err)

// Sanity check: BOM has to be valid
assertValidBOM(t, buf.Bytes(), BOMFileFormatXML, SpecVersion1_5)
assertValidBOM(t, buf.Bytes(), BOMFileFormatXML, SpecVersion1_6)

// Compare with snapshot
assert.NoError(t, snapShooter.SnapshotMulti(filepath.Base(bomFilePath), buf.String()))
Expand Down
2 changes: 1 addition & 1 deletion schema/bom-1.6.xsd
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ limitations under the License.
vc:maxVersion="1.1"
version="1.6.0">

<xs:import namespace="http://cyclonedx.org/schema/spdx" schemaLocation="http://cyclonedx.org/schema/spdx"/>
<xs:import namespace="http://cyclonedx.org/schema/spdx" schemaLocation="spdx.xsd"/>

<xs:annotation>
<xs:documentation>
Expand Down
200 changes: 200 additions & 0 deletions testdata/snapshots/cyclonedx-go-TestJsonBOMEncoder_EncodeVersion-func3-1.6.bom.json
View file

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-annotation.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"bomFormat": "CycloneDX",
"specVersion": "1.5",
"specVersion": "1.6",
"serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",
"version": 1,
"components": [
Expand Down
2 changes: 1 addition & 1 deletion testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-assembly.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"bomFormat": "CycloneDX",
"specVersion": "1.5",
"specVersion": "1.6",
"serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",
"version": 1,
"components": [
Expand Down
2 changes: 1 addition & 1 deletion testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-bom.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"bomFormat": "CycloneDX",
"specVersion": "1.5",
"specVersion": "1.6",
"serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",
"version": 1,
"metadata": {
Expand Down
2 changes: 1 addition & 1 deletion testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-component-hashes.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"bomFormat": "CycloneDX",
"specVersion": "1.5",
"specVersion": "1.6",
"serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",
"version": 1,
"components": [
Expand Down
18 changes: 18 additions & 0 deletions testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-component-omniborId.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
{
"bomFormat": "CycloneDX",
"specVersion": "1.6",
"serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",
"version": 1,
"components": [
{
"type": "application",
"author": "Acme Super Heros",
"name": "Acme Application",
"version": "9.1.1",
"omniborId": [
"gitoid:blob:sha1:a94a8fe5ccb19ba61c4c0873d391e987982fbbd3"
]
}
]
}

2 changes: 1 addition & 1 deletion testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-component-ref.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"bomFormat": "CycloneDX",
"specVersion": "1.5",
"specVersion": "1.6",
"serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",
"version": 1,
"components": [
Expand Down
18 changes: 18 additions & 0 deletions testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-component-swhid.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
{
"bomFormat": "CycloneDX",
"specVersion": "1.6",
"serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",
"version": 1,
"components": [
{
"type": "application",
"author": "Acme Super Heros",
"name": "Acme Application",
"version": "9.1.1",
"swhid": [
"swh:1:cnt:94a9ed024d3859793618152ea559a168bbcbb5e2"
]
}
]
}

2 changes: 1 addition & 1 deletion testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-component-swid-full.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"bomFormat": "CycloneDX",
"specVersion": "1.5",
"specVersion": "1.6",
"serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",
"version": 1,
"components": [
Expand Down
2 changes: 1 addition & 1 deletion testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-component-swid.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"bomFormat": "CycloneDX",
"specVersion": "1.5",
"specVersion": "1.6",
"serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",
"version": 1,
"components": [
Expand Down
2 changes: 1 addition & 1 deletion testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-component-types.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"bomFormat": "CycloneDX",
"specVersion": "1.5",
"specVersion": "1.6",
"serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",
"version": 1,
"components": [
Expand Down
2 changes: 1 addition & 1 deletion testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-compositions.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"bomFormat": "CycloneDX",
"specVersion": "1.5",
"specVersion": "1.6",
"serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",
"version": 1,
"metadata": {
Expand Down
2 changes: 1 addition & 1 deletion testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-dependency.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"bomFormat": "CycloneDX",
"specVersion": "1.5",
"specVersion": "1.6",
"serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",
"version": 1,
"components": [
Expand Down
2 changes: 1 addition & 1 deletion testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-empty-components.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"bomFormat": "CycloneDX",
"specVersion": "1.5",
"specVersion": "1.6",
"serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",
"version": 1,
"components": []
Expand Down
2 changes: 1 addition & 1 deletion testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-evidence.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"bomFormat": "CycloneDX",
"specVersion": "1.5",
"specVersion": "1.6",
"serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",
"version": 1,
"components": [
Expand Down
2 changes: 1 addition & 1 deletion testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-external-reference.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"bomFormat": "CycloneDX",
"specVersion": "1.5",
"specVersion": "1.6",
"serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",
"version": 1,
"components": [
Expand Down
2 changes: 1 addition & 1 deletion testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-formulation.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"bomFormat": "CycloneDX",
"specVersion": "1.5",
"specVersion": "1.6",
"serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",
"version": 1,
"components": [
Expand Down
2 changes: 1 addition & 1 deletion testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-license-expression.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"bomFormat": "CycloneDX",
"specVersion": "1.5",
"specVersion": "1.6",
"serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",
"version": 1,
"components": [
Expand Down
2 changes: 1 addition & 1 deletion testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-license-id.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"bomFormat": "CycloneDX",
"specVersion": "1.5",
"specVersion": "1.6",
"serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",
"version": 1,
"components": [
Expand Down
2 changes: 1 addition & 1 deletion testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-license-licensing.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"bomFormat": "CycloneDX",
"specVersion": "1.5",
"specVersion": "1.6",
"serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",
"version": 1,
"components": [
Expand Down
2 changes: 1 addition & 1 deletion testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-license-name.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"bomFormat": "CycloneDX",
"specVersion": "1.5",
"specVersion": "1.6",
"serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",
"version": 1,
"components": [
Expand Down
2 changes: 1 addition & 1 deletion testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-lifecycle.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"bomFormat": "CycloneDX",
"specVersion": "1.5",
"specVersion": "1.6",
"serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",
"version": 1,
"metadata": {
Expand Down
2 changes: 1 addition & 1 deletion testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-machine-learning.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"bomFormat": "CycloneDX",
"specVersion": "1.5",
"specVersion": "1.6",
"serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",
"version": 1,
"components": [
Expand Down
2 changes: 1 addition & 1 deletion testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-metadata-author.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"bomFormat": "CycloneDX",
"specVersion": "1.5",
"specVersion": "1.6",
"serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",
"version": 1,
"metadata": {
Expand Down
Loading

0 comments on commit 729c284

Please sign in to comment.