Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] XML Schema Violation: externalReferences.hashes included in XML BOM schema versions 1.1 and 1.2 #152

Closed
madpah opened this issue Jan 27, 2022 · 1 comment · Fixed by #148
Closed

[BUG] XML Schema Violation: externalReferences.hashes included in XML BOM schema versions 1.1 and 1.2 #152

madpah opened this issue Jan 27, 2022 · 1 comment · Fixed by #148
Assignees
@madpah
Labels
bug Something isn't working schema 1.1 schema 1.2
Milestone
2.0.0

Comments

@madpah
Copy link
Collaborator

madpah commented Jan 27, 2022

Example BOM generation:

bom = Bom(components=[
        Component(
            name='toml', version='0.10.2', bom_ref='pkg:pypi/[email protected]?extension=tar.gz',
            purl=PackageURL(
                type='pypi', name='toml', version='0.10.2', qualifiers='extension=tar.gz'
            ), hashes=[
                HashType.from_composite_str('sha256:806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b')
            ], external_references=[
                get_external_reference_1()
            ]
        )
    ])

Generates

...
<externalReferences>
                <reference type="distribution">
                    <url>https://cyclonedx.org</url>
                    <comment>No comment</comment>
                    <hashes>
                        <hash alg="SHA-256">806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b</hash>
                    </hashes>
                </reference>
            </externalReferences>
...

.externalReferences.hashes is not part of the schema prior to version 1.3.
@madpah madpah changed the title [BUG] XML Schema Violation: externalReferences.hashes included in XML BOM output prior to 1.3 [BUG] XML Schema Violation: externalReferences.hashes included in XML BOM schema versions 1.1 and 1.2 Jan 27, 2022
@madpah
Copy link
Collaborator Author

madpah commented Jan 27, 2022

Confirmed this doesn't affect 1.0 output as externalReferences is not supported full stop and is not included in 1.0.

madpah added a commit that referenced this issue Jan 27, 2022
@madpah
test: refactored fixtures for tests which has uncovered #150, #151 and
df43a9b 
…#152

Signed-off-by: Paul Horton <[email protected]>
@madpah madpah linked a pull request Feb 2, 2022 that will close this issue
RELEASE 2.0.0 #148
Merged
@madpah madpah added this to the 1.4.0 milestone Feb 2, 2022
@madpah madpah self-assigned this Feb 2, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@madpah madpah

Labels
bug Something isn't working schema 1.1 schema 1.2
Projects
None yet
Milestone
2.0.0
Development

Successfully merging a pull request may close this issue.

RELEASE 2.0.0 CycloneDX/cyclonedx-python-lib
1 participant
@madpah