From 5ff1d20e5f79ee2ba5be37fde28fb38b9e838071 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sat, 16 Nov 2024 14:18:02 +0100 Subject: [PATCH] feat: tools as `Component`s & `Service`s (#1163) * BREAKING changes * Property `Models.Bom.tools` is an instance of `Models.Tools` now ([#1152] via [#1163]) Before, it was an instance of `Models.ToolRepository`. * Added * Static function `Models.Tool.fromComponent()` (via [#1163]) * Static function `Models.Tool.fromService()` (via [#1163]) * New class `Models.Tools` ([#1152] via [#1163]) * New serialization/normalization for `Models.Tools` ([#1152] via [#1163]) * Changed * Serializers and `Bom`-Normalizers will take changed `Models.Bom.tools` into account ([#1152] via [#1163]) ---- fixes #1152 as described here in https://github.com/CycloneDX/cyclonedx-javascript-library/issues/1152#issuecomment-2417163184 --------- Signed-off-by: Jan Kowalleck --- HISTORY.md | 14 ++ src/_helpers/iterable.ts | 26 +++ src/models/metadata.ts | 6 +- src/models/tool.ts | 48 +++++ src/models/vulnerability/vulnerability.ts | 6 +- src/serialize/json/normalize.ts | 27 ++- src/serialize/json/types.ts | 12 +- src/serialize/xml/normalize.ts | 52 +++++- src/spec/_protocol.ts | 12 +- src/spec/consts.ts | 11 +- tests/_data/models.js | 161 +++++++++++++---- .../json_sortedLists_spec1.2.json | 15 +- .../json_sortedLists_spec1.3.json | 15 +- .../json_sortedLists_spec1.4.json | 26 ++- .../json_sortedLists_spec1.5.json | 80 +++++--- .../json_sortedLists_spec1.6.json | 80 +++++--- .../xml_sortedLists_spec1.2.json | 31 +++- .../xml_sortedLists_spec1.3.json | 31 +++- .../xml_sortedLists_spec1.4.json | 72 +++++++- .../xml_sortedLists_spec1.5.json | 171 +++++++++++++----- .../xml_sortedLists_spec1.6.json | 171 +++++++++++++----- .../json_allTools_spec1.2.json.bin | 52 ++++++ .../json_allTools_spec1.3.json.bin | 52 ++++++ .../json_allTools_spec1.4.json.bin | 66 +++++++ .../json_allTools_spec1.5.json.bin | 66 +++++++ .../json_allTools_spec1.6.json.bin | 66 +++++++ .../json_complex_spec1.2.json.bin | 15 +- .../json_complex_spec1.3.json.bin | 15 +- .../json_complex_spec1.4.json.bin | 26 ++- .../json_complex_spec1.5.json.bin | 80 +++++--- .../json_complex_spec1.6.json.bin | 80 +++++--- .../xml_allTools_spec1.2.xml.bin | 36 ++++ .../xml_allTools_spec1.3.xml.bin | 36 ++++ .../xml_allTools_spec1.4.xml.bin | 48 +++++ .../xml_allTools_spec1.5.xml.bin | 48 +++++ .../xml_allTools_spec1.6.xml.bin | 48 +++++ .../xml_complex_spec1.2.xml.bin | 15 +- .../xml_complex_spec1.3.xml.bin | 15 +- .../xml_complex_spec1.4.xml.bin | 25 ++- .../xml_complex_spec1.5.xml.bin | 59 ++++-- .../xml_complex_spec1.6.xml.bin | 59 ++++-- .../Serialize.JsonSerialize.test.js | 87 ++++----- .../Serialize.XmlSerialize.test.js | 104 ++++++----- ...Models.Vulnerability.Vulnerability.spec.js | 6 +- 44 files changed, 1711 insertions(+), 460 deletions(-) create mode 100644 src/_helpers/iterable.ts create mode 100644 tests/_data/serializeResults/json_allTools_spec1.2.json.bin create mode 100644 tests/_data/serializeResults/json_allTools_spec1.3.json.bin create mode 100644 tests/_data/serializeResults/json_allTools_spec1.4.json.bin create mode 100644 tests/_data/serializeResults/json_allTools_spec1.5.json.bin create mode 100644 tests/_data/serializeResults/json_allTools_spec1.6.json.bin create mode 100644 tests/_data/serializeResults/xml_allTools_spec1.2.xml.bin create mode 100644 tests/_data/serializeResults/xml_allTools_spec1.3.xml.bin create mode 100644 tests/_data/serializeResults/xml_allTools_spec1.4.xml.bin create mode 100644 tests/_data/serializeResults/xml_allTools_spec1.5.xml.bin create mode 100644 tests/_data/serializeResults/xml_allTools_spec1.6.xml.bin diff --git a/HISTORY.md b/HISTORY.md index 29330001f..c81cfa57d 100644 --- a/HISTORY.md +++ b/HISTORY.md @@ -6,6 +6,20 @@ All notable changes to this project will be documented in this file. +* BREAKING changes + * Property `Models.Bom.tools` is an instance of `Models.Tools` now ([#1152] via [#1163]) + Before, it was an instance of `Models.ToolRepository`. +* Added + * Static function `Models.Tool.fromComponent()` (via [#1163]) + * Static function `Models.Tool.fromService()` (via [#1163]) + * New class `Models.Tools` ([#1152] via [#1163]) + * New serialization/normalization for `Models.Tools` ([#1152] via [#1163]) +* Changed + * Serializers and `Bom`-Normalizers will take changed `Models.Bom.tools` into account ([#1152] via [#1163]) + +[#1152]: https://github.com/CycloneDX/cyclonedx-javascript-library/issues/1152 +[#1163]: https://github.com/CycloneDX/cyclonedx-javascript-library/pull/1163 + ## 6.12.0 -- 2024-11-12 * Added diff --git a/src/_helpers/iterable.ts b/src/_helpers/iterable.ts new file mode 100644 index 000000000..7e9d63b38 --- /dev/null +++ b/src/_helpers/iterable.ts @@ -0,0 +1,26 @@ +/*! +This file is part of CycloneDX JavaScript Library. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + +SPDX-License-Identifier: Apache-2.0 +Copyright (c) OWASP Foundation. All Rights Reserved. +*/ + +export function * chainI (...iterables: Array>): Generator { + for (const iterable of iterables) { + for (const item of iterable) { + yield item + } + } +} diff --git a/src/models/metadata.ts b/src/models/metadata.ts index df51729fe..ea2fa821b 100644 --- a/src/models/metadata.ts +++ b/src/models/metadata.ts @@ -23,7 +23,7 @@ import { LifecycleRepository } from './lifecycle' import { OrganizationalContactRepository } from './organizationalContact' import type { OrganizationalEntity } from './organizationalEntity' import { PropertyRepository } from './property' -import { ToolRepository } from './tool' +import { Tools } from './tool' export interface OptionalMetadataProperties { timestamp?: Metadata['timestamp'] @@ -40,7 +40,7 @@ export interface OptionalMetadataProperties { export class Metadata { timestamp?: Date lifecycles: LifecycleRepository - tools: ToolRepository + tools: Tools authors: OrganizationalContactRepository component?: Component manufacture?: OrganizationalEntity @@ -51,7 +51,7 @@ export class Metadata { constructor (op: OptionalMetadataProperties = {}) { this.timestamp = op.timestamp this.lifecycles = op.lifecycles ?? new LifecycleRepository() - this.tools = op.tools ?? new ToolRepository() + this.tools = op.tools ?? new Tools() this.authors = op.authors ?? new OrganizationalContactRepository() this.component = op.component this.manufacture = op.manufacture diff --git a/src/models/tool.ts b/src/models/tool.ts index f7397881e..723da8549 100644 --- a/src/models/tool.ts +++ b/src/models/tool.ts @@ -19,8 +19,12 @@ Copyright (c) OWASP Foundation. All Rights Reserved. import type { Comparable } from '../_helpers/sortable' import { SortableComparables } from '../_helpers/sortable' +import type { Component } from "./component"; +import { ComponentRepository} from "./component"; import { ExternalReferenceRepository } from './externalReference' import { HashDictionary } from './hash' +import type { Service } from "./service"; +import { ServiceRepository } from "./service"; export interface OptionalToolProperties { vendor?: Tool['vendor'] @@ -53,7 +57,51 @@ export class Tool implements Comparable { (this.version ?? '').localeCompare(other.version ?? '') /* eslint-enable @typescript-eslint/strict-boolean-expressions */ } + + static fromComponent(component: Component): Tool { + return new Tool({ + vendor: component.group, + name: component.name, + version: component.version, + hashes: component.hashes, + externalReferences: component.externalReferences + }) + } + + static fromService(service: Service): Tool { + return new Tool({ + vendor: service.group, + name: service.name, + version: service.version, + externalReferences: service.externalReferences + }) + } } export class ToolRepository extends SortableComparables { } + + +export interface OptionalToolsProperties { + components?: Tools['components'] + services?: Tools['services'] + tools?: Tools['tools'] +} + +export class Tools { + components: ComponentRepository + services: ServiceRepository + tools: ToolRepository + + constructor(op: OptionalToolsProperties = {}) { + this.components = op.components ?? new ComponentRepository() + this.services = op.services ?? new ServiceRepository() + this.tools = op.tools ?? new ToolRepository() + } + + get size(): number { + return this.components.size + + this.services.size + + this.tools.size + } +} diff --git a/src/models/vulnerability/vulnerability.ts b/src/models/vulnerability/vulnerability.ts index e158dcaeb..a117d02f0 100644 --- a/src/models/vulnerability/vulnerability.ts +++ b/src/models/vulnerability/vulnerability.ts @@ -22,7 +22,7 @@ import { SortableComparables } from '../../_helpers/sortable' import { CweRepository } from '../../types/cwe' import { BomRef } from '../bomRef' import { PropertyRepository } from '../property' -import { ToolRepository } from '../tool' +import { Tools } from '../tool' import { AdvisoryRepository } from './advisory' import { AffectRepository } from './affect' import type { Analysis } from './analysis' @@ -68,7 +68,7 @@ export class Vulnerability implements Comparable { published?: Date updated?: Date credits?: Credits - tools: ToolRepository + tools: Tools analysis?: Analysis affects: AffectRepository properties: PropertyRepository @@ -88,7 +88,7 @@ export class Vulnerability implements Comparable { this.published = op.published this.updated = op.updated this.credits = op.credits - this.tools = op.tools ?? new ToolRepository() + this.tools = op.tools ?? new Tools() this.analysis = op.analysis this.affects = op.affects ?? new AffectRepository() this.properties = op.properties ?? new PropertyRepository() diff --git a/src/serialize/json/normalize.ts b/src/serialize/json/normalize.ts index 5ac87a783..ae1322cce 100644 --- a/src/serialize/json/normalize.ts +++ b/src/serialize/json/normalize.ts @@ -17,6 +17,7 @@ SPDX-License-Identifier: Apache-2.0 Copyright (c) OWASP Foundation. All Rights Reserved. */ +import { chainI } from "../../_helpers/iterable"; import { isNotUndefined } from '../../_helpers/notUndefined' import type { SortableIterable } from '../../_helpers/sortable' import type { Stringable } from '../../_helpers/stringable' @@ -25,6 +26,7 @@ import { escapeUri } from '../../_helpers/uri' import type * as Models from '../../models' import { LicenseExpression, NamedLicense, SpdxLicense } from '../../models/license' import { NamedLifecycle } from '../../models/lifecycle' +import { Tool, ToolRepository } from '../../models/tool' import { AffectedSingleVersion, AffectedVersionRange } from '../../models/vulnerability/affect' import { isSupportedSpdxId } from '../../spdx' import type { _SpecProtocol as Spec } from '../../spec/_protocol' @@ -72,6 +74,10 @@ export class Factory { return new ToolNormalizer(this) } + makeForTools (): ToolsNormalizer { + return new ToolsNormalizer(this) + } + makeForOrganizationalContact (): OrganizationalContactNormalizer { return new OrganizationalContactNormalizer(this) } @@ -221,7 +227,7 @@ export class MetadataNormalizer extends BaseJsonNormalizer { ? this._factory.makeForLifecycle().normalizeIterable(data.lifecycles, options) : undefined, tools: data.tools.size > 0 - ? this._factory.makeForTool().normalizeIterable(data.tools, options) + ? this._factory.makeForTools().normalize(data.tools, options) : undefined, authors: data.authors.size > 0 ? this._factory.makeForOrganizationalContact().normalizeIterable(data.authors, options) @@ -285,6 +291,23 @@ export class ToolNormalizer extends BaseJsonNormalizer { } } +export class ToolsNormalizer extends BaseJsonNormalizer { + normalize(data: Models.Tools, options: NormalizerOptions): Normalized.ToolsType { + if (data.tools.size > 0 || !this._factory.spec.supportsToolsComponentsServices) { + return this._factory.makeForTool().normalizeIterable( + new ToolRepository(chainI( + Array.from(data.components, Tool.fromComponent), + Array.from(data.services, Tool.fromService), + data.tools, + )), options) + } + return { + components: this._factory.makeForComponent().normalizeIterable(data.components, options), + services: this._factory.makeForService().normalizeIterable(data.services, options) + } + } +} + export class HashNormalizer extends BaseJsonNormalizer { normalize ([algorithm, content]: Models.Hash, options: NormalizerOptions): Normalized.Hash | undefined { const spec = this._factory.spec @@ -723,7 +746,7 @@ export class VulnerabilityNormalizer extends BaseJsonNormalizer 0 - ? this._factory.makeForTool().normalizeIterable(data.tools, options) + ? this._factory.makeForTools().normalize(data.tools, options) : undefined, analysis: data.analysis === undefined ? undefined diff --git a/src/serialize/json/types.ts b/src/serialize/json/types.ts index de27dd472..e8d24d8d2 100644 --- a/src/serialize/json/types.ts +++ b/src/serialize/json/types.ts @@ -90,7 +90,7 @@ export namespace Normalized { export interface Metadata { timestamp?: JsonSchema.DateTime lifecycles?: Lifecycle[] - tools?: Tool[] + tools?: ToolsType authors?: OrganizationalContact[] component?: Component manufacture?: OrganizationalEntity @@ -118,6 +118,14 @@ export namespace Normalized { externalReferences?: ExternalReference[] } + /** since CDX 1.5 */ + export interface Tools { + components: Component[] + services: Service[] + } + + export type ToolsType = Tools | Tool[] + export interface OrganizationalContact { name?: string email?: JsonSchema.IdnEmail @@ -257,7 +265,7 @@ export namespace Normalized { published?: JsonSchema.DateTime updated?: JsonSchema.DateTime credits?: Vulnerability.Credits - tools?: Tool[] + tools?: ToolsType analysis?: Vulnerability.Analysis affects?: Vulnerability.Affect[] properties?: Property[] diff --git a/src/serialize/xml/normalize.ts b/src/serialize/xml/normalize.ts index efb31e17d..733518056 100644 --- a/src/serialize/xml/normalize.ts +++ b/src/serialize/xml/normalize.ts @@ -17,12 +17,14 @@ SPDX-License-Identifier: Apache-2.0 Copyright (c) OWASP Foundation. All Rights Reserved. */ +import { chainI } from "../../_helpers/iterable"; import { isNotUndefined } from '../../_helpers/notUndefined' import type { SortableIterable } from '../../_helpers/sortable' import type { Stringable } from '../../_helpers/stringable' import { treeIteratorSymbol } from '../../_helpers/tree' import { escapeUri } from '../../_helpers/uri' import type * as Models from '../../models' +import { Tool, ToolRepository } from "../../models"; import { LicenseExpression, NamedLicense, SpdxLicense } from '../../models/license' import { NamedLifecycle } from '../../models/lifecycle' import { AffectedSingleVersion, AffectedVersionRange } from '../../models/vulnerability/affect' @@ -75,6 +77,10 @@ export class Factory { return new ToolNormalizer(this) } + makeForTools (): ToolsNormalizer { + return new ToolsNormalizer(this) + } + makeForOrganizationalContact (): OrganizationalContactNormalizer { return new OrganizationalContactNormalizer(this) } @@ -250,11 +256,7 @@ export class MetadataNormalizer extends BaseXmlNormalizer { } : undefined const tools: SimpleXml.Element | undefined = data.tools.size > 0 - ? { - type: 'element', - name: 'tools', - children: this._factory.makeForTool().normalizeIterable(data.tools, options, 'tool') - } + ? this._factory.makeForTools().normalize(data.tools, options, 'tools') : undefined const authors: SimpleXml.Element | undefined = data.authors.size > 0 ? { @@ -369,6 +371,40 @@ export class ToolNormalizer extends BaseXmlNormalizer { } } +export class ToolsNormalizer extends BaseXmlNormalizer { + normalize (data: Models.Tools, options: NormalizerOptions, elementName: string): SimpleXml.Element { + let children: SimpleXml.Element[] = [] + if (data.tools.size > 0 || !this._factory.spec.supportsToolsComponentsServices) { + children = this._factory.makeForTool().normalizeIterable( + new ToolRepository(chainI( + Array.from(data.components, Tool.fromComponent), + Array.from(data.services, Tool.fromService), + data.tools, + )), options, 'tool') + } else { + if (data.components.size > 0) { + children.push({ + type: 'element', + name: 'components', + children: this._factory.makeForComponent().normalizeIterable(data.components, options, 'component') + }) + } + if (data.components.size > 0) { + children.push({ + type: 'element', + name: 'services', + children: this._factory.makeForService().normalizeIterable(data.services, options, 'service') + }) + } + } + return { + type: 'element', + name: elementName, + children + } + } +} + export class HashNormalizer extends BaseXmlNormalizer { normalize ([algorithm, content]: Models.Hash, options: NormalizerOptions, elementName: string): SimpleXml.Element | undefined { const spec = this._factory.spec @@ -935,11 +971,7 @@ export class VulnerabilityNormalizer extends BaseXmlNormalizer 0 - ? { - type: 'element', - name: 'tools', - children: this._factory.makeForTool().normalizeIterable(data.tools, options, 'tool') - } + ? this._factory.makeForTools().normalize(data.tools, options, 'tools') : undefined const affects: SimpleXml.Element | undefined = data.affects.size > 0 ? { diff --git a/src/spec/_protocol.ts b/src/spec/_protocol.ts index ce2930838..50020e007 100644 --- a/src/spec/_protocol.ts +++ b/src/spec/_protocol.ts @@ -47,7 +47,8 @@ export interface _SpecProtocol { supportsMetadataProperties: boolean supportsExternalReferenceHashes: boolean supportsLicenseAcknowledgement: boolean - supportsServices:boolean + supportsServices: boolean + supportsToolsComponentsServices: boolean } /** @@ -77,6 +78,7 @@ export class _Spec implements _SpecProtocol { readonly #supportsExternalReferenceHashes: boolean readonly #supportsLicenseAcknowledgement: boolean readonly #supportsServices: boolean + readonly #supportsToolsComponentsServices: boolean /* eslint-disable-next-line @typescript-eslint/max-params -- architectural decision */ constructor ( @@ -98,7 +100,8 @@ export class _Spec implements _SpecProtocol { supportsMetadataProperties: boolean, supportsExternalReferenceHashes: boolean, supportsLicenseAcknowledgement: boolean, - supportsServices:boolean + supportsServices: boolean, + supportsToolsComponentsServices: boolean ) { this.#version = version this.#formats = new Set(formats) @@ -119,6 +122,7 @@ export class _Spec implements _SpecProtocol { this.#supportsExternalReferenceHashes = supportsExternalReferenceHashes this.#supportsLicenseAcknowledgement = supportsLicenseAcknowledgement this.#supportsServices = supportsServices + this.#supportsToolsComponentsServices = supportsToolsComponentsServices } get version (): Version { @@ -203,4 +207,8 @@ export class _Spec implements _SpecProtocol { get supportsServices (): boolean { return this.#supportsServices } + + get supportsToolsComponentsServices(): boolean { + return this.#supportsToolsComponentsServices + } } diff --git a/src/spec/consts.ts b/src/spec/consts.ts index f848f26de..5372584fb 100644 --- a/src/spec/consts.ts +++ b/src/spec/consts.ts @@ -86,7 +86,8 @@ export const Spec1dot2: Readonly<_SpecProtocol> = Object.freeze(new _Spec( false, false, false, - true + true, + false )) /** Specification v1.3 */ @@ -150,7 +151,8 @@ export const Spec1dot3: Readonly<_SpecProtocol> = Object.freeze(new _Spec( true, true, false, - true + true, + false )) /** Specification v1.4 */ @@ -221,7 +223,8 @@ export const Spec1dot4: Readonly<_SpecProtocol> = Object.freeze(new _Spec( true, true, false, - true + true, + false )) /** Specification v1.5 */ @@ -321,6 +324,7 @@ export const Spec1dot5: Readonly<_SpecProtocol> = Object.freeze(new _Spec( true, true, false, + true, true )) @@ -426,6 +430,7 @@ export const Spec1dot6: Readonly<_SpecProtocol> = Object.freeze(new _Spec( true, true, true, + true, true )) diff --git a/tests/_data/models.js b/tests/_data/models.js index 0a0659847..50fce1888 100644 --- a/tests/_data/models.js +++ b/tests/_data/models.js @@ -35,29 +35,46 @@ module.exports.createComplexStructure = function () { Enums.LifecyclePhase.Design, new Models.NamedLifecycle('testing', { description: 'my testing stage' }) ]), - tools: new Models.ToolRepository([ - new Models.Tool({ - vendor: 'tool vendor', - name: 'tool name', - version: '0.8.15', - hashes: new Models.HashDictionary([ - [Enums.HashAlgorithm.MD5, 'f32a26e2a3a8aa338cd77b6e1263c535'], - [Enums.HashAlgorithm['SHA-1'], '829c3804401b0727f70f73d4415e162400cbe57b'] - ]) - }), - new Models.Tool({ - vendor: 'tool vendor', - name: 'other tool', - version: '', // empty string, not undefined - externalReferences: new Models.ExternalReferenceRepository([ - new Models.ExternalReference( - 'https://cyclonedx.org/tool-center/', - Enums.ExternalReferenceType.Website, - { comment: 'the tools that made this' } - ) - ]) - }) - ]), + tools: new Models.Tools({ + components: new Models.ComponentRepository([ + new Models.Component( + Enums.ComponentType.Application, + 'tool name', { + group: 'tool group', + version: '0.8.15', + hashes: new Models.HashDictionary([ + [Enums.HashAlgorithm.MD5, '974e5cc07da6e4536bffd935fd4ddc61'], + [Enums.HashAlgorithm['SHA-1'], '2aae6c35c94fcfb415dbe95f408b9ce91ee846ed'] + ]) + }), + new Models.Component( + Enums.ComponentType.Library, + 'other tool', { + group: 'tool group', + version: '', // empty string, not undefined + externalReferences: new Models.ExternalReferenceRepository([ + new Models.ExternalReference( + 'https://cyclonedx.org/tool-center/', + Enums.ExternalReferenceType.Website, + { comment: 'the tools that made this' } + ) + ]) + }) + ]), + services: new Models.ServiceRepository([ + new Models.Service('sbom-generator-service', { + group: 'Service service group', + version: '1', + externalReferences: new Models.ExternalReferenceRepository([ + new Models.ExternalReference( + 'https://example.com/sbom-generator-service/', + Enums.ExternalReferenceType.Website, + { comment: 'the service that made this' } + ) + ]) + }) + ]) + }), authors: new Models.OrganizationalContactRepository([ new Models.OrganizationalContact({ name: 'John "the-co-author" Doe' }), new Models.OrganizationalContact({ @@ -306,7 +323,6 @@ module.exports.createComplexStructure = function () { service.bomRef.value = 'some-service' service.provider = new Models.OrganizationalEntity({ name: 'Service Provider' }) service.group = 'acme' - service.version = '1.2+service-version' service.description = 'this is a test service' service.externalReferences.add(new Models.ExternalReference( 'https://localhost/service/docs', @@ -452,12 +468,14 @@ module.exports.createComplexStructure = function () { new Models.OrganizationalContact({ name: 'John "pentester" Doe' }) ]) }), - tools: new Models.ToolRepository([ - new Models.Tool({ - vendor: 'v the vendor', - name: 'tool name' - }) - ]), + tools: new Models.Tools({ + tools: new Models.ToolRepository([ + new Models.Tool({ + vendor: 'v the vendor', + name: 'tool name' + }) + ]) + }), analysis: new Models.Vulnerability.Analysis({ state: Enums.Vulnerability.AnalysisState.FalsePositive, justification: Enums.Vulnerability.AnalysisJustification.ProtectedAtRuntime, @@ -536,12 +554,21 @@ module.exports.createComplexStructure = function () { new Models.OrganizationalContact({ name: 'John "pentester" Doe' }) ]) }), - tools: new Models.ToolRepository([ - new Models.Tool({ - vendor: 'v the vendor', - name: 'tool name' - }) - ]), + tools: new Models.Tools({ + tools: new Models.ToolRepository([ + new Models.Tool({ + vendor: 'v the vendor', + name: 'tool name' + }) + ]), + components: new Models.ComponentRepository([ + new Models.Component( + Enums.ComponentType.Application, + 'other tool name', { + group: 'g the group' + }) + ]) + }), analysis: new Models.Vulnerability.Analysis({ state: Enums.Vulnerability.AnalysisState.FalsePositive, justification: Enums.Vulnerability.AnalysisJustification.ProtectedAtRuntime, @@ -581,3 +608,65 @@ module.exports.createComplexStructure = function () { return bom } + + +/** + * @returns {Models.Bom} + */ +module.exports.createAllTools = function () { + const bomSerialNumberRaw = '8fd9e244-73b6-4cd3-ab3a-a0fefdee5c9e' + const bom = new Models.Bom({ + version: 7, + serialNumber: `urn:uuid:${bomSerialNumberRaw}`, + }) + bom.metadata.tools.components.add( + new Models.Component( + Enums.ComponentType.Application, + 'Component tool name', { + group: 'Component tool group', + version: '0.8.15', + hashes: new Models.HashDictionary([ + [Enums.HashAlgorithm.MD5, '974e5cc07da6e4536bffd935fd4ddc61'], + [Enums.HashAlgorithm['SHA-1'], '2aae6c35c94fcfb415dbe95f408b9ce91ee846ed'] + ]) + })) + bom.metadata.tools.services.add( + new Models.Service('sbom-generator-service', { + group: 'Service tool group', + version: '1', + externalReferences: new Models.ExternalReferenceRepository([ + new Models.ExternalReference( + 'https://example.com/sbom-generator-service/', + Enums.ExternalReferenceType.Website, + { comment: 'the service that made this' } + ) + ]) + }) + ) + bom.metadata.tools.tools.add( + new Models.Tool({ + vendor: 'Tool tool vendor', + name: 'Tool tool name', + version: '0.8.15', + hashes: new Models.HashDictionary([ + [Enums.HashAlgorithm.MD5, 'f32a26e2a3a8aa338cd77b6e1263c535'], + [Enums.HashAlgorithm['SHA-1'], '829c3804401b0727f70f73d4415e162400cbe57b'] + ]) + }) + ) + bom.metadata.tools.tools.add( + new Models.Tool({ + vendor: 'Tool tool vendor', + name: 'Tool other tool', + version: '', // empty string, not undefined + externalReferences: new Models.ExternalReferenceRepository([ + new Models.ExternalReference( + 'https://cyclonedx.org/tool-center/', + Enums.ExternalReferenceType.Website, + { comment: 'the tools that made this' } + ) + ]) + }) + ) + return bom +} diff --git a/tests/_data/normalizeResults/json_sortedLists_spec1.2.json b/tests/_data/normalizeResults/json_sortedLists_spec1.2.json index aa42973c9..6ee4cdeaf 100644 --- a/tests/_data/normalizeResults/json_sortedLists_spec1.2.json +++ b/tests/_data/normalizeResults/json_sortedLists_spec1.2.json @@ -8,21 +8,26 @@ "timestamp": "2032-05-23T13:37:42.000Z", "tools": [ { - "vendor": "tool vendor", + "vendor": "Service service group", + "name": "sbom-generator-service", + "version": "1" + }, + { + "vendor": "tool group", "name": "other tool" }, { - "vendor": "tool vendor", + "vendor": "tool group", "name": "tool name", "version": "0.8.15", "hashes": [ { "alg": "MD5", - "content": "f32a26e2a3a8aa338cd77b6e1263c535" + "content": "974e5cc07da6e4536bffd935fd4ddc61" }, { "alg": "SHA-1", - "content": "829c3804401b0727f70f73d4415e162400cbe57b" + "content": "2aae6c35c94fcfb415dbe95f408b9ce91ee846ed" } ] } @@ -338,7 +343,7 @@ }, "group": "acme", "name": "dummy-service", - "version": "1.2+service-version", + "version": "1.0+service-version", "description": "this is a test service", "licenses": [ { diff --git a/tests/_data/normalizeResults/json_sortedLists_spec1.3.json b/tests/_data/normalizeResults/json_sortedLists_spec1.3.json index 9cde9ce6c..4266ac0ac 100644 --- a/tests/_data/normalizeResults/json_sortedLists_spec1.3.json +++ b/tests/_data/normalizeResults/json_sortedLists_spec1.3.json @@ -8,21 +8,26 @@ "timestamp": "2032-05-23T13:37:42.000Z", "tools": [ { - "vendor": "tool vendor", + "vendor": "Service service group", + "name": "sbom-generator-service", + "version": "1" + }, + { + "vendor": "tool group", "name": "other tool" }, { - "vendor": "tool vendor", + "vendor": "tool group", "name": "tool name", "version": "0.8.15", "hashes": [ { "alg": "MD5", - "content": "f32a26e2a3a8aa338cd77b6e1263c535" + "content": "974e5cc07da6e4536bffd935fd4ddc61" }, { "alg": "SHA-1", - "content": "829c3804401b0727f70f73d4415e162400cbe57b" + "content": "2aae6c35c94fcfb415dbe95f408b9ce91ee846ed" } ] } @@ -407,7 +412,7 @@ }, "group": "acme", "name": "dummy-service", - "version": "1.2+service-version", + "version": "1.0+service-version", "description": "this is a test service", "licenses": [ { diff --git a/tests/_data/normalizeResults/json_sortedLists_spec1.4.json b/tests/_data/normalizeResults/json_sortedLists_spec1.4.json index df67caea3..cbded2e08 100644 --- a/tests/_data/normalizeResults/json_sortedLists_spec1.4.json +++ b/tests/_data/normalizeResults/json_sortedLists_spec1.4.json @@ -8,7 +8,19 @@ "timestamp": "2032-05-23T13:37:42.000Z", "tools": [ { - "vendor": "tool vendor", + "vendor": "Service service group", + "name": "sbom-generator-service", + "version": "1", + "externalReferences": [ + { + "url": "https://example.com/sbom-generator-service/", + "type": "website", + "comment": "the service that made this" + } + ] + }, + { + "vendor": "tool group", "name": "other tool", "externalReferences": [ { @@ -19,17 +31,17 @@ ] }, { - "vendor": "tool vendor", + "vendor": "tool group", "name": "tool name", "version": "0.8.15", "hashes": [ { "alg": "MD5", - "content": "f32a26e2a3a8aa338cd77b6e1263c535" + "content": "974e5cc07da6e4536bffd935fd4ddc61" }, { "alg": "SHA-1", - "content": "829c3804401b0727f70f73d4415e162400cbe57b" + "content": "2aae6c35c94fcfb415dbe95f408b9ce91ee846ed" } ] } @@ -409,7 +421,7 @@ }, "group": "acme", "name": "dummy-service", - "version": "1.2+service-version", + "version": "1.0+service-version", "description": "this is a test service", "licenses": [ { @@ -663,6 +675,10 @@ ] }, "tools": [ + { + "vendor": "g the group", + "name": "other tool name" + }, { "vendor": "v the vendor", "name": "tool name" diff --git a/tests/_data/normalizeResults/json_sortedLists_spec1.5.json b/tests/_data/normalizeResults/json_sortedLists_spec1.5.json index 72908cbd0..359392b83 100644 --- a/tests/_data/normalizeResults/json_sortedLists_spec1.5.json +++ b/tests/_data/normalizeResults/json_sortedLists_spec1.5.json @@ -15,34 +15,52 @@ "phase": "design" } ], - "tools": [ - { - "vendor": "tool vendor", - "name": "other tool", - "externalReferences": [ - { - "url": "https://cyclonedx.org/tool-center/", - "type": "website", - "comment": "the tools that made this" - } - ] - }, - { - "vendor": "tool vendor", - "name": "tool name", - "version": "0.8.15", - "hashes": [ - { - "alg": "MD5", - "content": "f32a26e2a3a8aa338cd77b6e1263c535" - }, - { - "alg": "SHA-1", - "content": "829c3804401b0727f70f73d4415e162400cbe57b" - } - ] - } - ], + "tools": { + "components": [ + { + "type": "library", + "name": "other tool", + "group": "tool group", + "externalReferences": [ + { + "url": "https://cyclonedx.org/tool-center/", + "type": "website", + "comment": "the tools that made this" + } + ] + }, + { + "type": "application", + "name": "tool name", + "group": "tool group", + "version": "0.8.15", + "hashes": [ + { + "alg": "MD5", + "content": "974e5cc07da6e4536bffd935fd4ddc61" + }, + { + "alg": "SHA-1", + "content": "2aae6c35c94fcfb415dbe95f408b9ce91ee846ed" + } + ] + } + ], + "services": [ + { + "group": "Service service group", + "name": "sbom-generator-service", + "version": "1", + "externalReferences": [ + { + "url": "https://example.com/sbom-generator-service/", + "type": "website", + "comment": "the service that made this" + } + ] + } + ] + }, "authors": [ { "name": "Jane \"the-author\" Doe", @@ -418,7 +436,7 @@ }, "group": "acme", "name": "dummy-service", - "version": "1.2+service-version", + "version": "1.0+service-version", "description": "this is a test service", "licenses": [ { @@ -672,6 +690,10 @@ ] }, "tools": [ + { + "vendor": "g the group", + "name": "other tool name" + }, { "vendor": "v the vendor", "name": "tool name" diff --git a/tests/_data/normalizeResults/json_sortedLists_spec1.6.json b/tests/_data/normalizeResults/json_sortedLists_spec1.6.json index c7fd297a4..57c946944 100644 --- a/tests/_data/normalizeResults/json_sortedLists_spec1.6.json +++ b/tests/_data/normalizeResults/json_sortedLists_spec1.6.json @@ -15,34 +15,52 @@ "phase": "design" } ], - "tools": [ - { - "vendor": "tool vendor", - "name": "other tool", - "externalReferences": [ - { - "url": "https://cyclonedx.org/tool-center/", - "type": "website", - "comment": "the tools that made this" - } - ] - }, - { - "vendor": "tool vendor", - "name": "tool name", - "version": "0.8.15", - "hashes": [ - { - "alg": "MD5", - "content": "f32a26e2a3a8aa338cd77b6e1263c535" - }, - { - "alg": "SHA-1", - "content": "829c3804401b0727f70f73d4415e162400cbe57b" - } - ] - } - ], + "tools": { + "components": [ + { + "type": "library", + "name": "other tool", + "group": "tool group", + "externalReferences": [ + { + "url": "https://cyclonedx.org/tool-center/", + "type": "website", + "comment": "the tools that made this" + } + ] + }, + { + "type": "application", + "name": "tool name", + "group": "tool group", + "version": "0.8.15", + "hashes": [ + { + "alg": "MD5", + "content": "974e5cc07da6e4536bffd935fd4ddc61" + }, + { + "alg": "SHA-1", + "content": "2aae6c35c94fcfb415dbe95f408b9ce91ee846ed" + } + ] + } + ], + "services": [ + { + "group": "Service service group", + "name": "sbom-generator-service", + "version": "1", + "externalReferences": [ + { + "url": "https://example.com/sbom-generator-service/", + "type": "website", + "comment": "the service that made this" + } + ] + } + ] + }, "authors": [ { "name": "Jane \"the-author\" Doe", @@ -419,7 +437,7 @@ }, "group": "acme", "name": "dummy-service", - "version": "1.2+service-version", + "version": "1.0+service-version", "description": "this is a test service", "licenses": [ { @@ -673,6 +691,10 @@ ] }, "tools": [ + { + "vendor": "g the group", + "name": "other tool name" + }, { "vendor": "v the vendor", "name": "tool name" diff --git a/tests/_data/normalizeResults/xml_sortedLists_spec1.2.json b/tests/_data/normalizeResults/xml_sortedLists_spec1.2.json index f13035ad6..1e88b14c1 100644 --- a/tests/_data/normalizeResults/xml_sortedLists_spec1.2.json +++ b/tests/_data/normalizeResults/xml_sortedLists_spec1.2.json @@ -27,7 +27,28 @@ { "type": "element", "name": "vendor", - "children": "tool vendor" + "children": "Service service group" + }, + { + "type": "element", + "name": "name", + "children": "sbom-generator-service" + }, + { + "type": "element", + "name": "version", + "children": "1" + } + ] + }, + { + "type": "element", + "name": "tool", + "children": [ + { + "type": "element", + "name": "vendor", + "children": "tool group" }, { "type": "element", @@ -43,7 +64,7 @@ { "type": "element", "name": "vendor", - "children": "tool vendor" + "children": "tool group" }, { "type": "element", @@ -65,7 +86,7 @@ "attributes": { "alg": "MD5" }, - "children": "f32a26e2a3a8aa338cd77b6e1263c535" + "children": "974e5cc07da6e4536bffd935fd4ddc61" }, { "type": "element", @@ -73,7 +94,7 @@ "attributes": { "alg": "SHA-1" }, - "children": "829c3804401b0727f70f73d4415e162400cbe57b" + "children": "2aae6c35c94fcfb415dbe95f408b9ce91ee846ed" } ] } @@ -1084,7 +1105,7 @@ { "type": "element", "name": "version", - "children": "1.2+service-version" + "children": "1.0+service-version" }, { "type": "element", diff --git a/tests/_data/normalizeResults/xml_sortedLists_spec1.3.json b/tests/_data/normalizeResults/xml_sortedLists_spec1.3.json index 1c02a3be9..5c60c3284 100644 --- a/tests/_data/normalizeResults/xml_sortedLists_spec1.3.json +++ b/tests/_data/normalizeResults/xml_sortedLists_spec1.3.json @@ -27,7 +27,28 @@ { "type": "element", "name": "vendor", - "children": "tool vendor" + "children": "Service service group" + }, + { + "type": "element", + "name": "name", + "children": "sbom-generator-service" + }, + { + "type": "element", + "name": "version", + "children": "1" + } + ] + }, + { + "type": "element", + "name": "tool", + "children": [ + { + "type": "element", + "name": "vendor", + "children": "tool group" }, { "type": "element", @@ -43,7 +64,7 @@ { "type": "element", "name": "vendor", - "children": "tool vendor" + "children": "tool group" }, { "type": "element", @@ -65,7 +86,7 @@ "attributes": { "alg": "MD5" }, - "children": "f32a26e2a3a8aa338cd77b6e1263c535" + "children": "974e5cc07da6e4536bffd935fd4ddc61" }, { "type": "element", @@ -73,7 +94,7 @@ "attributes": { "alg": "SHA-1" }, - "children": "829c3804401b0727f70f73d4415e162400cbe57b" + "children": "2aae6c35c94fcfb415dbe95f408b9ce91ee846ed" } ] } @@ -1240,7 +1261,7 @@ { "type": "element", "name": "version", - "children": "1.2+service-version" + "children": "1.0+service-version" }, { "type": "element", diff --git a/tests/_data/normalizeResults/xml_sortedLists_spec1.4.json b/tests/_data/normalizeResults/xml_sortedLists_spec1.4.json index 46e9cf0d3..9e19d0191 100644 --- a/tests/_data/normalizeResults/xml_sortedLists_spec1.4.json +++ b/tests/_data/normalizeResults/xml_sortedLists_spec1.4.json @@ -27,7 +27,53 @@ { "type": "element", "name": "vendor", - "children": "tool vendor" + "children": "Service service group" + }, + { + "type": "element", + "name": "name", + "children": "sbom-generator-service" + }, + { + "type": "element", + "name": "version", + "children": "1" + }, + { + "type": "element", + "name": "externalReferences", + "children": [ + { + "type": "element", + "name": "reference", + "attributes": { + "type": "website" + }, + "children": [ + { + "type": "element", + "name": "url", + "children": "https://example.com/sbom-generator-service/" + }, + { + "type": "element", + "name": "comment", + "children": "the service that made this" + } + ] + } + ] + } + ] + }, + { + "type": "element", + "name": "tool", + "children": [ + { + "type": "element", + "name": "vendor", + "children": "tool group" }, { "type": "element", @@ -68,7 +114,7 @@ { "type": "element", "name": "vendor", - "children": "tool vendor" + "children": "tool group" }, { "type": "element", @@ -90,7 +136,7 @@ "attributes": { "alg": "MD5" }, - "children": "f32a26e2a3a8aa338cd77b6e1263c535" + "children": "974e5cc07da6e4536bffd935fd4ddc61" }, { "type": "element", @@ -98,7 +144,7 @@ "attributes": { "alg": "SHA-1" }, - "children": "829c3804401b0727f70f73d4415e162400cbe57b" + "children": "2aae6c35c94fcfb415dbe95f408b9ce91ee846ed" } ] } @@ -1234,7 +1280,7 @@ { "type": "element", "name": "version", - "children": "1.2+service-version" + "children": "1.0+service-version" }, { "type": "element", @@ -2085,6 +2131,22 @@ "type": "element", "name": "tools", "children": [ + { + "type": "element", + "name": "tool", + "children": [ + { + "type": "element", + "name": "vendor", + "children": "g the group" + }, + { + "type": "element", + "name": "name", + "children": "other tool name" + } + ] + }, { "type": "element", "name": "tool", diff --git a/tests/_data/normalizeResults/xml_sortedLists_spec1.5.json b/tests/_data/normalizeResults/xml_sortedLists_spec1.5.json index b886f8b03..c93e1334d 100644 --- a/tests/_data/normalizeResults/xml_sortedLists_spec1.5.json +++ b/tests/_data/normalizeResults/xml_sortedLists_spec1.5.json @@ -55,38 +55,93 @@ "children": [ { "type": "element", - "name": "tool", + "name": "components", "children": [ { "type": "element", - "name": "vendor", - "children": "tool vendor" - }, - { - "type": "element", - "name": "name", - "children": "other tool" + "name": "component", + "attributes": { + "type": "library" + }, + "children": [ + { + "type": "element", + "name": "group", + "children": "tool group" + }, + { + "type": "element", + "name": "name", + "children": "other tool" + }, + { + "type": "element", + "name": "externalReferences", + "children": [ + { + "type": "element", + "name": "reference", + "attributes": { + "type": "website" + }, + "children": [ + { + "type": "element", + "name": "url", + "children": "https://cyclonedx.org/tool-center/" + }, + { + "type": "element", + "name": "comment", + "children": "the tools that made this" + } + ] + } + ] + } + ] }, { "type": "element", - "name": "externalReferences", + "name": "component", + "attributes": { + "type": "application" + }, "children": [ { "type": "element", - "name": "reference", - "attributes": { - "type": "website" - }, + "name": "group", + "children": "tool group" + }, + { + "type": "element", + "name": "name", + "children": "tool name" + }, + { + "type": "element", + "name": "version", + "children": "0.8.15" + }, + { + "type": "element", + "name": "hashes", "children": [ { "type": "element", - "name": "url", - "children": "https://cyclonedx.org/tool-center/" + "name": "hash", + "attributes": { + "alg": "MD5" + }, + "children": "974e5cc07da6e4536bffd935fd4ddc61" }, { "type": "element", - "name": "comment", - "children": "the tools that made this" + "name": "hash", + "attributes": { + "alg": "SHA-1" + }, + "children": "2aae6c35c94fcfb415dbe95f408b9ce91ee846ed" } ] } @@ -96,42 +151,52 @@ }, { "type": "element", - "name": "tool", + "name": "services", "children": [ { "type": "element", - "name": "vendor", - "children": "tool vendor" - }, - { - "type": "element", - "name": "name", - "children": "tool name" - }, - { - "type": "element", - "name": "version", - "children": "0.8.15" - }, - { - "type": "element", - "name": "hashes", + "name": "service", + "attributes": {}, "children": [ { "type": "element", - "name": "hash", - "attributes": { - "alg": "MD5" - }, - "children": "f32a26e2a3a8aa338cd77b6e1263c535" + "name": "group", + "children": "Service service group" }, { "type": "element", - "name": "hash", - "attributes": { - "alg": "SHA-1" - }, - "children": "829c3804401b0727f70f73d4415e162400cbe57b" + "name": "name", + "children": "sbom-generator-service" + }, + { + "type": "element", + "name": "version", + "children": "1" + }, + { + "type": "element", + "name": "externalReferences", + "children": [ + { + "type": "element", + "name": "reference", + "attributes": { + "type": "website" + }, + "children": [ + { + "type": "element", + "name": "url", + "children": "https://example.com/sbom-generator-service/" + }, + { + "type": "element", + "name": "comment", + "children": "the service that made this" + } + ] + } + ] } ] } @@ -1267,7 +1332,7 @@ { "type": "element", "name": "version", - "children": "1.2+service-version" + "children": "1.0+service-version" }, { "type": "element", @@ -2118,6 +2183,22 @@ "type": "element", "name": "tools", "children": [ + { + "type": "element", + "name": "tool", + "children": [ + { + "type": "element", + "name": "vendor", + "children": "g the group" + }, + { + "type": "element", + "name": "name", + "children": "other tool name" + } + ] + }, { "type": "element", "name": "tool", diff --git a/tests/_data/normalizeResults/xml_sortedLists_spec1.6.json b/tests/_data/normalizeResults/xml_sortedLists_spec1.6.json index f8ecff77f..ed5c34aae 100644 --- a/tests/_data/normalizeResults/xml_sortedLists_spec1.6.json +++ b/tests/_data/normalizeResults/xml_sortedLists_spec1.6.json @@ -55,38 +55,93 @@ "children": [ { "type": "element", - "name": "tool", + "name": "components", "children": [ { "type": "element", - "name": "vendor", - "children": "tool vendor" - }, - { - "type": "element", - "name": "name", - "children": "other tool" + "name": "component", + "attributes": { + "type": "library" + }, + "children": [ + { + "type": "element", + "name": "group", + "children": "tool group" + }, + { + "type": "element", + "name": "name", + "children": "other tool" + }, + { + "type": "element", + "name": "externalReferences", + "children": [ + { + "type": "element", + "name": "reference", + "attributes": { + "type": "website" + }, + "children": [ + { + "type": "element", + "name": "url", + "children": "https://cyclonedx.org/tool-center/" + }, + { + "type": "element", + "name": "comment", + "children": "the tools that made this" + } + ] + } + ] + } + ] }, { "type": "element", - "name": "externalReferences", + "name": "component", + "attributes": { + "type": "application" + }, "children": [ { "type": "element", - "name": "reference", - "attributes": { - "type": "website" - }, + "name": "group", + "children": "tool group" + }, + { + "type": "element", + "name": "name", + "children": "tool name" + }, + { + "type": "element", + "name": "version", + "children": "0.8.15" + }, + { + "type": "element", + "name": "hashes", "children": [ { "type": "element", - "name": "url", - "children": "https://cyclonedx.org/tool-center/" + "name": "hash", + "attributes": { + "alg": "MD5" + }, + "children": "974e5cc07da6e4536bffd935fd4ddc61" }, { "type": "element", - "name": "comment", - "children": "the tools that made this" + "name": "hash", + "attributes": { + "alg": "SHA-1" + }, + "children": "2aae6c35c94fcfb415dbe95f408b9ce91ee846ed" } ] } @@ -96,42 +151,52 @@ }, { "type": "element", - "name": "tool", + "name": "services", "children": [ { "type": "element", - "name": "vendor", - "children": "tool vendor" - }, - { - "type": "element", - "name": "name", - "children": "tool name" - }, - { - "type": "element", - "name": "version", - "children": "0.8.15" - }, - { - "type": "element", - "name": "hashes", + "name": "service", + "attributes": {}, "children": [ { "type": "element", - "name": "hash", - "attributes": { - "alg": "MD5" - }, - "children": "f32a26e2a3a8aa338cd77b6e1263c535" + "name": "group", + "children": "Service service group" }, { "type": "element", - "name": "hash", - "attributes": { - "alg": "SHA-1" - }, - "children": "829c3804401b0727f70f73d4415e162400cbe57b" + "name": "name", + "children": "sbom-generator-service" + }, + { + "type": "element", + "name": "version", + "children": "1" + }, + { + "type": "element", + "name": "externalReferences", + "children": [ + { + "type": "element", + "name": "reference", + "attributes": { + "type": "website" + }, + "children": [ + { + "type": "element", + "name": "url", + "children": "https://example.com/sbom-generator-service/" + }, + { + "type": "element", + "name": "comment", + "children": "the service that made this" + } + ] + } + ] } ] } @@ -1269,7 +1334,7 @@ { "type": "element", "name": "version", - "children": "1.2+service-version" + "children": "1.0+service-version" }, { "type": "element", @@ -2120,6 +2185,22 @@ "type": "element", "name": "tools", "children": [ + { + "type": "element", + "name": "tool", + "children": [ + { + "type": "element", + "name": "vendor", + "children": "g the group" + }, + { + "type": "element", + "name": "name", + "children": "other tool name" + } + ] + }, { "type": "element", "name": "tool", diff --git a/tests/_data/serializeResults/json_allTools_spec1.2.json.bin b/tests/_data/serializeResults/json_allTools_spec1.2.json.bin new file mode 100644 index 000000000..2c4a6fd76 --- /dev/null +++ b/tests/_data/serializeResults/json_allTools_spec1.2.json.bin @@ -0,0 +1,52 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.2b.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.2", + "version": 7, + "serialNumber": "urn:uuid:8fd9e244-73b6-4cd3-ab3a-a0fefdee5c9e", + "metadata": { + "tools": [ + { + "vendor": "Component tool group", + "name": "Component tool name", + "version": "0.8.15", + "hashes": [ + { + "alg": "MD5", + "content": "974e5cc07da6e4536bffd935fd4ddc61" + }, + { + "alg": "SHA-1", + "content": "2aae6c35c94fcfb415dbe95f408b9ce91ee846ed" + } + ] + }, + { + "vendor": "Service tool group", + "name": "sbom-generator-service", + "version": "1" + }, + { + "vendor": "Tool tool vendor", + "name": "Tool other tool" + }, + { + "vendor": "Tool tool vendor", + "name": "Tool tool name", + "version": "0.8.15", + "hashes": [ + { + "alg": "MD5", + "content": "f32a26e2a3a8aa338cd77b6e1263c535" + }, + { + "alg": "SHA-1", + "content": "829c3804401b0727f70f73d4415e162400cbe57b" + } + ] + } + ] + }, + "components": [], + "dependencies": [] +} \ No newline at end of file diff --git a/tests/_data/serializeResults/json_allTools_spec1.3.json.bin b/tests/_data/serializeResults/json_allTools_spec1.3.json.bin new file mode 100644 index 000000000..081c5b374 --- /dev/null +++ b/tests/_data/serializeResults/json_allTools_spec1.3.json.bin @@ -0,0 +1,52 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.3a.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.3", + "version": 7, + "serialNumber": "urn:uuid:8fd9e244-73b6-4cd3-ab3a-a0fefdee5c9e", + "metadata": { + "tools": [ + { + "vendor": "Component tool group", + "name": "Component tool name", + "version": "0.8.15", + "hashes": [ + { + "alg": "MD5", + "content": "974e5cc07da6e4536bffd935fd4ddc61" + }, + { + "alg": "SHA-1", + "content": "2aae6c35c94fcfb415dbe95f408b9ce91ee846ed" + } + ] + }, + { + "vendor": "Service tool group", + "name": "sbom-generator-service", + "version": "1" + }, + { + "vendor": "Tool tool vendor", + "name": "Tool other tool" + }, + { + "vendor": "Tool tool vendor", + "name": "Tool tool name", + "version": "0.8.15", + "hashes": [ + { + "alg": "MD5", + "content": "f32a26e2a3a8aa338cd77b6e1263c535" + }, + { + "alg": "SHA-1", + "content": "829c3804401b0727f70f73d4415e162400cbe57b" + } + ] + } + ] + }, + "components": [], + "dependencies": [] +} \ No newline at end of file diff --git a/tests/_data/serializeResults/json_allTools_spec1.4.json.bin b/tests/_data/serializeResults/json_allTools_spec1.4.json.bin new file mode 100644 index 000000000..43cbb457a --- /dev/null +++ b/tests/_data/serializeResults/json_allTools_spec1.4.json.bin @@ -0,0 +1,66 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.4", + "version": 7, + "serialNumber": "urn:uuid:8fd9e244-73b6-4cd3-ab3a-a0fefdee5c9e", + "metadata": { + "tools": [ + { + "vendor": "Component tool group", + "name": "Component tool name", + "version": "0.8.15", + "hashes": [ + { + "alg": "MD5", + "content": "974e5cc07da6e4536bffd935fd4ddc61" + }, + { + "alg": "SHA-1", + "content": "2aae6c35c94fcfb415dbe95f408b9ce91ee846ed" + } + ] + }, + { + "vendor": "Service tool group", + "name": "sbom-generator-service", + "version": "1", + "externalReferences": [ + { + "url": "https://example.com/sbom-generator-service/", + "type": "website", + "comment": "the service that made this" + } + ] + }, + { + "vendor": "Tool tool vendor", + "name": "Tool other tool", + "externalReferences": [ + { + "url": "https://cyclonedx.org/tool-center/", + "type": "website", + "comment": "the tools that made this" + } + ] + }, + { + "vendor": "Tool tool vendor", + "name": "Tool tool name", + "version": "0.8.15", + "hashes": [ + { + "alg": "MD5", + "content": "f32a26e2a3a8aa338cd77b6e1263c535" + }, + { + "alg": "SHA-1", + "content": "829c3804401b0727f70f73d4415e162400cbe57b" + } + ] + } + ] + }, + "components": [], + "dependencies": [] +} \ No newline at end of file diff --git a/tests/_data/serializeResults/json_allTools_spec1.5.json.bin b/tests/_data/serializeResults/json_allTools_spec1.5.json.bin new file mode 100644 index 000000000..8cdf548a4 --- /dev/null +++ b/tests/_data/serializeResults/json_allTools_spec1.5.json.bin @@ -0,0 +1,66 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "version": 7, + "serialNumber": "urn:uuid:8fd9e244-73b6-4cd3-ab3a-a0fefdee5c9e", + "metadata": { + "tools": [ + { + "vendor": "Component tool group", + "name": "Component tool name", + "version": "0.8.15", + "hashes": [ + { + "alg": "MD5", + "content": "974e5cc07da6e4536bffd935fd4ddc61" + }, + { + "alg": "SHA-1", + "content": "2aae6c35c94fcfb415dbe95f408b9ce91ee846ed" + } + ] + }, + { + "vendor": "Service tool group", + "name": "sbom-generator-service", + "version": "1", + "externalReferences": [ + { + "url": "https://example.com/sbom-generator-service/", + "type": "website", + "comment": "the service that made this" + } + ] + }, + { + "vendor": "Tool tool vendor", + "name": "Tool other tool", + "externalReferences": [ + { + "url": "https://cyclonedx.org/tool-center/", + "type": "website", + "comment": "the tools that made this" + } + ] + }, + { + "vendor": "Tool tool vendor", + "name": "Tool tool name", + "version": "0.8.15", + "hashes": [ + { + "alg": "MD5", + "content": "f32a26e2a3a8aa338cd77b6e1263c535" + }, + { + "alg": "SHA-1", + "content": "829c3804401b0727f70f73d4415e162400cbe57b" + } + ] + } + ] + }, + "components": [], + "dependencies": [] +} \ No newline at end of file diff --git a/tests/_data/serializeResults/json_allTools_spec1.6.json.bin b/tests/_data/serializeResults/json_allTools_spec1.6.json.bin new file mode 100644 index 000000000..e81facca6 --- /dev/null +++ b/tests/_data/serializeResults/json_allTools_spec1.6.json.bin @@ -0,0 +1,66 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "version": 7, + "serialNumber": "urn:uuid:8fd9e244-73b6-4cd3-ab3a-a0fefdee5c9e", + "metadata": { + "tools": [ + { + "vendor": "Component tool group", + "name": "Component tool name", + "version": "0.8.15", + "hashes": [ + { + "alg": "MD5", + "content": "974e5cc07da6e4536bffd935fd4ddc61" + }, + { + "alg": "SHA-1", + "content": "2aae6c35c94fcfb415dbe95f408b9ce91ee846ed" + } + ] + }, + { + "vendor": "Service tool group", + "name": "sbom-generator-service", + "version": "1", + "externalReferences": [ + { + "url": "https://example.com/sbom-generator-service/", + "type": "website", + "comment": "the service that made this" + } + ] + }, + { + "vendor": "Tool tool vendor", + "name": "Tool other tool", + "externalReferences": [ + { + "url": "https://cyclonedx.org/tool-center/", + "type": "website", + "comment": "the tools that made this" + } + ] + }, + { + "vendor": "Tool tool vendor", + "name": "Tool tool name", + "version": "0.8.15", + "hashes": [ + { + "alg": "MD5", + "content": "f32a26e2a3a8aa338cd77b6e1263c535" + }, + { + "alg": "SHA-1", + "content": "829c3804401b0727f70f73d4415e162400cbe57b" + } + ] + } + ] + }, + "components": [], + "dependencies": [] +} \ No newline at end of file diff --git a/tests/_data/serializeResults/json_complex_spec1.2.json.bin b/tests/_data/serializeResults/json_complex_spec1.2.json.bin index 5205f5eef..84148dcb4 100644 --- a/tests/_data/serializeResults/json_complex_spec1.2.json.bin +++ b/tests/_data/serializeResults/json_complex_spec1.2.json.bin @@ -8,21 +8,26 @@ "timestamp": "2032-05-23T13:37:42.000Z", "tools": [ { - "vendor": "tool vendor", + "vendor": "Service service group", + "name": "sbom-generator-service", + "version": "1" + }, + { + "vendor": "tool group", "name": "other tool" }, { - "vendor": "tool vendor", + "vendor": "tool group", "name": "tool name", "version": "0.8.15", "hashes": [ { "alg": "MD5", - "content": "f32a26e2a3a8aa338cd77b6e1263c535" + "content": "974e5cc07da6e4536bffd935fd4ddc61" }, { "alg": "SHA-1", - "content": "829c3804401b0727f70f73d4415e162400cbe57b" + "content": "2aae6c35c94fcfb415dbe95f408b9ce91ee846ed" } ] } @@ -338,7 +343,7 @@ }, "group": "acme", "name": "dummy-service", - "version": "1.2+service-version", + "version": "1.0+service-version", "description": "this is a test service", "licenses": [ { diff --git a/tests/_data/serializeResults/json_complex_spec1.3.json.bin b/tests/_data/serializeResults/json_complex_spec1.3.json.bin index 961949f12..358fdda1f 100644 --- a/tests/_data/serializeResults/json_complex_spec1.3.json.bin +++ b/tests/_data/serializeResults/json_complex_spec1.3.json.bin @@ -8,21 +8,26 @@ "timestamp": "2032-05-23T13:37:42.000Z", "tools": [ { - "vendor": "tool vendor", + "vendor": "Service service group", + "name": "sbom-generator-service", + "version": "1" + }, + { + "vendor": "tool group", "name": "other tool" }, { - "vendor": "tool vendor", + "vendor": "tool group", "name": "tool name", "version": "0.8.15", "hashes": [ { "alg": "MD5", - "content": "f32a26e2a3a8aa338cd77b6e1263c535" + "content": "974e5cc07da6e4536bffd935fd4ddc61" }, { "alg": "SHA-1", - "content": "829c3804401b0727f70f73d4415e162400cbe57b" + "content": "2aae6c35c94fcfb415dbe95f408b9ce91ee846ed" } ] } @@ -407,7 +412,7 @@ }, "group": "acme", "name": "dummy-service", - "version": "1.2+service-version", + "version": "1.0+service-version", "description": "this is a test service", "licenses": [ { diff --git a/tests/_data/serializeResults/json_complex_spec1.4.json.bin b/tests/_data/serializeResults/json_complex_spec1.4.json.bin index 390129033..6886fe52c 100644 --- a/tests/_data/serializeResults/json_complex_spec1.4.json.bin +++ b/tests/_data/serializeResults/json_complex_spec1.4.json.bin @@ -8,7 +8,19 @@ "timestamp": "2032-05-23T13:37:42.000Z", "tools": [ { - "vendor": "tool vendor", + "vendor": "Service service group", + "name": "sbom-generator-service", + "version": "1", + "externalReferences": [ + { + "url": "https://example.com/sbom-generator-service/", + "type": "website", + "comment": "the service that made this" + } + ] + }, + { + "vendor": "tool group", "name": "other tool", "externalReferences": [ { @@ -19,17 +31,17 @@ ] }, { - "vendor": "tool vendor", + "vendor": "tool group", "name": "tool name", "version": "0.8.15", "hashes": [ { "alg": "MD5", - "content": "f32a26e2a3a8aa338cd77b6e1263c535" + "content": "974e5cc07da6e4536bffd935fd4ddc61" }, { "alg": "SHA-1", - "content": "829c3804401b0727f70f73d4415e162400cbe57b" + "content": "2aae6c35c94fcfb415dbe95f408b9ce91ee846ed" } ] } @@ -409,7 +421,7 @@ }, "group": "acme", "name": "dummy-service", - "version": "1.2+service-version", + "version": "1.0+service-version", "description": "this is a test service", "licenses": [ { @@ -663,6 +675,10 @@ ] }, "tools": [ + { + "vendor": "g the group", + "name": "other tool name" + }, { "vendor": "v the vendor", "name": "tool name" diff --git a/tests/_data/serializeResults/json_complex_spec1.5.json.bin b/tests/_data/serializeResults/json_complex_spec1.5.json.bin index 07f543ae6..2a286217f 100644 --- a/tests/_data/serializeResults/json_complex_spec1.5.json.bin +++ b/tests/_data/serializeResults/json_complex_spec1.5.json.bin @@ -15,34 +15,52 @@ "phase": "design" } ], - "tools": [ - { - "vendor": "tool vendor", - "name": "other tool", - "externalReferences": [ - { - "url": "https://cyclonedx.org/tool-center/", - "type": "website", - "comment": "the tools that made this" - } - ] - }, - { - "vendor": "tool vendor", - "name": "tool name", - "version": "0.8.15", - "hashes": [ - { - "alg": "MD5", - "content": "f32a26e2a3a8aa338cd77b6e1263c535" - }, - { - "alg": "SHA-1", - "content": "829c3804401b0727f70f73d4415e162400cbe57b" - } - ] - } - ], + "tools": { + "components": [ + { + "type": "library", + "name": "other tool", + "group": "tool group", + "externalReferences": [ + { + "url": "https://cyclonedx.org/tool-center/", + "type": "website", + "comment": "the tools that made this" + } + ] + }, + { + "type": "application", + "name": "tool name", + "group": "tool group", + "version": "0.8.15", + "hashes": [ + { + "alg": "MD5", + "content": "974e5cc07da6e4536bffd935fd4ddc61" + }, + { + "alg": "SHA-1", + "content": "2aae6c35c94fcfb415dbe95f408b9ce91ee846ed" + } + ] + } + ], + "services": [ + { + "group": "Service service group", + "name": "sbom-generator-service", + "version": "1", + "externalReferences": [ + { + "url": "https://example.com/sbom-generator-service/", + "type": "website", + "comment": "the service that made this" + } + ] + } + ] + }, "authors": [ { "name": "Jane \"the-author\" Doe", @@ -418,7 +436,7 @@ }, "group": "acme", "name": "dummy-service", - "version": "1.2+service-version", + "version": "1.0+service-version", "description": "this is a test service", "licenses": [ { @@ -672,6 +690,10 @@ ] }, "tools": [ + { + "vendor": "g the group", + "name": "other tool name" + }, { "vendor": "v the vendor", "name": "tool name" diff --git a/tests/_data/serializeResults/json_complex_spec1.6.json.bin b/tests/_data/serializeResults/json_complex_spec1.6.json.bin index bc4097fbc..aa520a610 100644 --- a/tests/_data/serializeResults/json_complex_spec1.6.json.bin +++ b/tests/_data/serializeResults/json_complex_spec1.6.json.bin @@ -15,34 +15,52 @@ "phase": "design" } ], - "tools": [ - { - "vendor": "tool vendor", - "name": "other tool", - "externalReferences": [ - { - "url": "https://cyclonedx.org/tool-center/", - "type": "website", - "comment": "the tools that made this" - } - ] - }, - { - "vendor": "tool vendor", - "name": "tool name", - "version": "0.8.15", - "hashes": [ - { - "alg": "MD5", - "content": "f32a26e2a3a8aa338cd77b6e1263c535" - }, - { - "alg": "SHA-1", - "content": "829c3804401b0727f70f73d4415e162400cbe57b" - } - ] - } - ], + "tools": { + "components": [ + { + "type": "library", + "name": "other tool", + "group": "tool group", + "externalReferences": [ + { + "url": "https://cyclonedx.org/tool-center/", + "type": "website", + "comment": "the tools that made this" + } + ] + }, + { + "type": "application", + "name": "tool name", + "group": "tool group", + "version": "0.8.15", + "hashes": [ + { + "alg": "MD5", + "content": "974e5cc07da6e4536bffd935fd4ddc61" + }, + { + "alg": "SHA-1", + "content": "2aae6c35c94fcfb415dbe95f408b9ce91ee846ed" + } + ] + } + ], + "services": [ + { + "group": "Service service group", + "name": "sbom-generator-service", + "version": "1", + "externalReferences": [ + { + "url": "https://example.com/sbom-generator-service/", + "type": "website", + "comment": "the service that made this" + } + ] + } + ] + }, "authors": [ { "name": "Jane \"the-author\" Doe", @@ -419,7 +437,7 @@ }, "group": "acme", "name": "dummy-service", - "version": "1.2+service-version", + "version": "1.0+service-version", "description": "this is a test service", "licenses": [ { @@ -673,6 +691,10 @@ ] }, "tools": [ + { + "vendor": "g the group", + "name": "other tool name" + }, { "vendor": "v the vendor", "name": "tool name" diff --git a/tests/_data/serializeResults/xml_allTools_spec1.2.xml.bin b/tests/_data/serializeResults/xml_allTools_spec1.2.xml.bin new file mode 100644 index 000000000..8640d3bd0 --- /dev/null +++ b/tests/_data/serializeResults/xml_allTools_spec1.2.xml.bin @@ -0,0 +1,36 @@ + + + + + + Component tool group + Component tool name + 0.8.15 + + 974e5cc07da6e4536bffd935fd4ddc61 + 2aae6c35c94fcfb415dbe95f408b9ce91ee846ed + + + + Service tool group + sbom-generator-service + 1 + + + Tool tool vendor + Tool other tool + + + Tool tool vendor + Tool tool name + 0.8.15 + + f32a26e2a3a8aa338cd77b6e1263c535 + 829c3804401b0727f70f73d4415e162400cbe57b + + + + + + + \ No newline at end of file diff --git a/tests/_data/serializeResults/xml_allTools_spec1.3.xml.bin b/tests/_data/serializeResults/xml_allTools_spec1.3.xml.bin new file mode 100644 index 000000000..77340ea4a --- /dev/null +++ b/tests/_data/serializeResults/xml_allTools_spec1.3.xml.bin @@ -0,0 +1,36 @@ + + + + + + Component tool group + Component tool name + 0.8.15 + + 974e5cc07da6e4536bffd935fd4ddc61 + 2aae6c35c94fcfb415dbe95f408b9ce91ee846ed + + + + Service tool group + sbom-generator-service + 1 + + + Tool tool vendor + Tool other tool + + + Tool tool vendor + Tool tool name + 0.8.15 + + f32a26e2a3a8aa338cd77b6e1263c535 + 829c3804401b0727f70f73d4415e162400cbe57b + + + + + + + \ No newline at end of file diff --git a/tests/_data/serializeResults/xml_allTools_spec1.4.xml.bin b/tests/_data/serializeResults/xml_allTools_spec1.4.xml.bin new file mode 100644 index 000000000..d0ac8ded5 --- /dev/null +++ b/tests/_data/serializeResults/xml_allTools_spec1.4.xml.bin @@ -0,0 +1,48 @@ + + + + + + Component tool group + Component tool name + 0.8.15 + + 974e5cc07da6e4536bffd935fd4ddc61 + 2aae6c35c94fcfb415dbe95f408b9ce91ee846ed + + + + Service tool group + sbom-generator-service + 1 + + + https://example.com/sbom-generator-service/ + the service that made this + + + + + Tool tool vendor + Tool other tool + + + https://cyclonedx.org/tool-center/ + the tools that made this + + + + + Tool tool vendor + Tool tool name + 0.8.15 + + f32a26e2a3a8aa338cd77b6e1263c535 + 829c3804401b0727f70f73d4415e162400cbe57b + + + + + + + \ No newline at end of file diff --git a/tests/_data/serializeResults/xml_allTools_spec1.5.xml.bin b/tests/_data/serializeResults/xml_allTools_spec1.5.xml.bin new file mode 100644 index 000000000..f3c90ac9e --- /dev/null +++ b/tests/_data/serializeResults/xml_allTools_spec1.5.xml.bin @@ -0,0 +1,48 @@ + + + + + + Component tool group + Component tool name + 0.8.15 + + 974e5cc07da6e4536bffd935fd4ddc61 + 2aae6c35c94fcfb415dbe95f408b9ce91ee846ed + + + + Service tool group + sbom-generator-service + 1 + + + https://example.com/sbom-generator-service/ + the service that made this + + + + + Tool tool vendor + Tool other tool + + + https://cyclonedx.org/tool-center/ + the tools that made this + + + + + Tool tool vendor + Tool tool name + 0.8.15 + + f32a26e2a3a8aa338cd77b6e1263c535 + 829c3804401b0727f70f73d4415e162400cbe57b + + + + + + + \ No newline at end of file diff --git a/tests/_data/serializeResults/xml_allTools_spec1.6.xml.bin b/tests/_data/serializeResults/xml_allTools_spec1.6.xml.bin new file mode 100644 index 000000000..7b36d67a8 --- /dev/null +++ b/tests/_data/serializeResults/xml_allTools_spec1.6.xml.bin @@ -0,0 +1,48 @@ + + + + + + Component tool group + Component tool name + 0.8.15 + + 974e5cc07da6e4536bffd935fd4ddc61 + 2aae6c35c94fcfb415dbe95f408b9ce91ee846ed + + + + Service tool group + sbom-generator-service + 1 + + + https://example.com/sbom-generator-service/ + the service that made this + + + + + Tool tool vendor + Tool other tool + + + https://cyclonedx.org/tool-center/ + the tools that made this + + + + + Tool tool vendor + Tool tool name + 0.8.15 + + f32a26e2a3a8aa338cd77b6e1263c535 + 829c3804401b0727f70f73d4415e162400cbe57b + + + + + + + \ No newline at end of file diff --git a/tests/_data/serializeResults/xml_complex_spec1.2.xml.bin b/tests/_data/serializeResults/xml_complex_spec1.2.xml.bin index 2ee07e908..48937bf25 100644 --- a/tests/_data/serializeResults/xml_complex_spec1.2.xml.bin +++ b/tests/_data/serializeResults/xml_complex_spec1.2.xml.bin @@ -4,16 +4,21 @@ 2032-05-23T13:37:42.000Z - tool vendor + Service service group + sbom-generator-service + 1 + + + tool group other tool - tool vendor + tool group tool name 0.8.15 - f32a26e2a3a8aa338cd77b6e1263c535 - 829c3804401b0727f70f73d4415e162400cbe57b + 974e5cc07da6e4536bffd935fd4ddc61 + 2aae6c35c94fcfb415dbe95f408b9ce91ee846ed @@ -237,7 +242,7 @@ acme dummy-service - 1.2+service-version + 1.0+service-version this is a test service diff --git a/tests/_data/serializeResults/xml_complex_spec1.3.xml.bin b/tests/_data/serializeResults/xml_complex_spec1.3.xml.bin index 8e8bc8813..786429019 100644 --- a/tests/_data/serializeResults/xml_complex_spec1.3.xml.bin +++ b/tests/_data/serializeResults/xml_complex_spec1.3.xml.bin @@ -4,16 +4,21 @@ 2032-05-23T13:37:42.000Z - tool vendor + Service service group + sbom-generator-service + 1 + + + tool group other tool - tool vendor + tool group tool name 0.8.15 - f32a26e2a3a8aa338cd77b6e1263c535 - 829c3804401b0727f70f73d4415e162400cbe57b + 974e5cc07da6e4536bffd935fd4ddc61 + 2aae6c35c94fcfb415dbe95f408b9ce91ee846ed @@ -270,7 +275,7 @@ acme dummy-service - 1.2+service-version + 1.0+service-version this is a test service diff --git a/tests/_data/serializeResults/xml_complex_spec1.4.xml.bin b/tests/_data/serializeResults/xml_complex_spec1.4.xml.bin index 3f36a8aa2..60141a882 100644 --- a/tests/_data/serializeResults/xml_complex_spec1.4.xml.bin +++ b/tests/_data/serializeResults/xml_complex_spec1.4.xml.bin @@ -4,7 +4,18 @@ 2032-05-23T13:37:42.000Z - tool vendor + Service service group + sbom-generator-service + 1 + + + https://example.com/sbom-generator-service/ + the service that made this + + + + + tool group other tool @@ -14,12 +25,12 @@ - tool vendor + tool group tool name 0.8.15 - f32a26e2a3a8aa338cd77b6e1263c535 - 829c3804401b0727f70f73d4415e162400cbe57b + 974e5cc07da6e4536bffd935fd4ddc61 + 2aae6c35c94fcfb415dbe95f408b9ce91ee846ed @@ -270,7 +281,7 @@ acme dummy-service - 1.2+service-version + 1.0+service-version this is a test service @@ -469,6 +480,10 @@ + + g the group + other tool name + v the vendor tool name diff --git a/tests/_data/serializeResults/xml_complex_spec1.5.xml.bin b/tests/_data/serializeResults/xml_complex_spec1.5.xml.bin index cc5fb7f9e..3ad96d85c 100644 --- a/tests/_data/serializeResults/xml_complex_spec1.5.xml.bin +++ b/tests/_data/serializeResults/xml_complex_spec1.5.xml.bin @@ -12,25 +12,40 @@ - - tool vendor - other tool - - - https://cyclonedx.org/tool-center/ - the tools that made this - - - - - tool vendor - tool name - 0.8.15 - - f32a26e2a3a8aa338cd77b6e1263c535 - 829c3804401b0727f70f73d4415e162400cbe57b - - + + + tool group + other tool + + + https://cyclonedx.org/tool-center/ + the tools that made this + + + + + tool group + tool name + 0.8.15 + + 974e5cc07da6e4536bffd935fd4ddc61 + 2aae6c35c94fcfb415dbe95f408b9ce91ee846ed + + + + + + Service service group + sbom-generator-service + 1 + + + https://example.com/sbom-generator-service/ + the service that made this + + + + @@ -279,7 +294,7 @@ acme dummy-service - 1.2+service-version + 1.0+service-version this is a test service @@ -478,6 +493,10 @@ + + g the group + other tool name + v the vendor tool name diff --git a/tests/_data/serializeResults/xml_complex_spec1.6.xml.bin b/tests/_data/serializeResults/xml_complex_spec1.6.xml.bin index 216a7a3a2..ec8a02a19 100644 --- a/tests/_data/serializeResults/xml_complex_spec1.6.xml.bin +++ b/tests/_data/serializeResults/xml_complex_spec1.6.xml.bin @@ -12,25 +12,40 @@ - - tool vendor - other tool - - - https://cyclonedx.org/tool-center/ - the tools that made this - - - - - tool vendor - tool name - 0.8.15 - - f32a26e2a3a8aa338cd77b6e1263c535 - 829c3804401b0727f70f73d4415e162400cbe57b - - + + + tool group + other tool + + + https://cyclonedx.org/tool-center/ + the tools that made this + + + + + tool group + tool name + 0.8.15 + + 974e5cc07da6e4536bffd935fd4ddc61 + 2aae6c35c94fcfb415dbe95f408b9ce91ee846ed + + + + + + Service service group + sbom-generator-service + 1 + + + https://example.com/sbom-generator-service/ + the service that made this + + + + @@ -279,7 +294,7 @@ acme dummy-service - 1.2+service-version + 1.0+service-version this is a test service @@ -478,6 +493,10 @@ + + g the group + other tool name + v the vendor tool name diff --git a/tests/integration/Serialize.JsonSerialize.test.js b/tests/integration/Serialize.JsonSerialize.test.js index 2678a76e0..e49f0a2af 100644 --- a/tests/integration/Serialize.JsonSerialize.test.js +++ b/tests/integration/Serialize.JsonSerialize.test.js @@ -20,7 +20,7 @@ Copyright (c) OWASP Foundation. All Rights Reserved. const assert = require('assert') const { describe, beforeEach, afterEach, it } = require('mocha') -const { createComplexStructure } = require('../_data/models') +const { createComplexStructure, createAllTools } = require('../_data/models') const { loadSerializeResult, writeSerializeResult } = require('../_data/serialize') const { @@ -39,52 +39,57 @@ const { describe('Serialize.JsonSerialize', function () { this.timeout(60000); - [ - Spec.Spec1dot6, - Spec.Spec1dot5, - Spec.Spec1dot4, - Spec.Spec1dot3, - Spec.Spec1dot2 - ].forEach(spec => describe(`complex with spec v${spec.version}`, () => { - const normalizerFactory = new JsonNormalizeFactory(spec) - - beforeEach(function () { - this.bom = createComplexStructure() - }) + Object.entries({ + complex: createComplexStructure, + allTools: createAllTools + }).forEach(([fixtureName, bomFixture]) => describe(`from fixture ${fixtureName}`, () => { + [ + Spec.Spec1dot6, + Spec.Spec1dot5, + Spec.Spec1dot4, + Spec.Spec1dot3, + Spec.Spec1dot2 + ].forEach(spec => describe(`with spec v${spec.version}`, () => { + const normalizerFactory = new JsonNormalizeFactory(spec) + + beforeEach(function () { + this.bom = bomFixture() + }) - afterEach(function () { - delete this.bom - }) + afterEach(function () { + delete this.bom + }) - it('serialize', async function () { - const serializer = new JsonSerializer(normalizerFactory) + it('serialize', async function () { + const serializer = new JsonSerializer(normalizerFactory) + + const serialized = serializer.serialize( + this.bom, { + sortLists: true, + space: 4 + }) - const serialized = serializer.serialize( - this.bom, { - sortLists: true, - space: 4 - }) - - const validator = new JsonStrictValidator(spec.version) - try { - const validationError = await validator.validate(serialized) - assert.strictEqual(validationError, null) - } catch (err) { - if (!(err instanceof MissingOptionalDependencyError)) { - // unexpected error - assert.fail(err) + const validator = new JsonStrictValidator(spec.version) + try { + const validationError = await validator.validate(serialized) + assert.strictEqual(validationError, null) + } catch (err) { + if (!(err instanceof MissingOptionalDependencyError)) { + // unexpected error + assert.fail(err) + } } - } - if (process.env.CJL_TEST_UPDATE_SNAPSHOTS) { - writeSerializeResult(serialized, 'json_complex', spec.version, 'json') - } - assert.strictEqual( - serialized, - loadSerializeResult('json_complex', spec.version, 'json')) - }) + if (process.env.CJL_TEST_UPDATE_SNAPSHOTS) { + writeSerializeResult(serialized, `json_${fixtureName}`, spec.version, 'json') + } + assert.strictEqual( + serialized, + loadSerializeResult(`json_${fixtureName}`, spec.version, 'json')) + }) - // TODO add more tests + // TODO add more tests + })) })) describe('make bom-refs unique', () => { diff --git a/tests/integration/Serialize.XmlSerialize.test.js b/tests/integration/Serialize.XmlSerialize.test.js index bc8964d28..0b1384346 100644 --- a/tests/integration/Serialize.XmlSerialize.test.js +++ b/tests/integration/Serialize.XmlSerialize.test.js @@ -20,7 +20,7 @@ Copyright (c) OWASP Foundation. All Rights Reserved. const assert = require('assert') const { describe, beforeEach, afterEach, it } = require('mocha') -const { createComplexStructure } = require('../_data/models') +const { createComplexStructure, createAllTools } = require('../_data/models') const { loadSerializeResult, writeSerializeResult } = require('../_data/serialize') const { @@ -40,62 +40,68 @@ describe('Serialize.XmlSerialize', function () { this.timeout(60000); - [ - Spec.Spec1dot6, - Spec.Spec1dot5, - Spec.Spec1dot4, - Spec.Spec1dot3, - Spec.Spec1dot2 - ].forEach(spec => describe(`complex with spec v${spec.version}`, () => { - const normalizerFactory = new XmlNormalizeFactory(spec) - - beforeEach(function () { - this.bom = createComplexStructure() - }) - - afterEach(function () { - delete this.bom - }) + Object.entries({ + complex: createComplexStructure, + allTools: createAllTools + }).forEach(([fixtureName, bomFixture]) => describe(`from fixture ${fixtureName}`, () => { + [ + Spec.Spec1dot6, + Spec.Spec1dot5, + Spec.Spec1dot4, + Spec.Spec1dot3, + Spec.Spec1dot2 + ].forEach(spec => describe(`with spec v${spec.version}`, () => { + const normalizerFactory = new XmlNormalizeFactory(spec) + + beforeEach(function () { + this.bom = bomFixture() + }) - if (expectMissingDepError) { - it('throws MissingOptionalDependencyError', function () { - const serializer = new XmlSerializer(normalizerFactory) - assert.throws( - () => { serializer.serialize(this.bom, {}) }, - (err) => err instanceof MissingOptionalDependencyError - ) + afterEach(function () { + delete this.bom }) - return // skip other tests - } - it('serialize', async function () { - const serializer = new XmlSerializer(normalizerFactory) - const serialized = await serializer.serialize( - this.bom, { - sortLists: true, - space: 4 + if (expectMissingDepError) { + it('throws MissingOptionalDependencyError', function () { + const serializer = new XmlSerializer(normalizerFactory) + assert.throws( + () => { serializer.serialize(this.bom, {}) }, + (err) => err instanceof MissingOptionalDependencyError + ) }) + return // skip other tests + } - const validator = new Validation.XmlValidator(spec.version) - try { - const validationError = await validator.validate(serialized) - assert.strictEqual(validationError, null) - } catch (err) { - if (!(err instanceof Validation.MissingOptionalDependencyError)) { - // unexpected error - throw err + it('serialize', async function () { + const serializer = new XmlSerializer(normalizerFactory) + const serialized = await serializer.serialize( + this.bom, { + sortLists: true, + space: 4 + }) + + const validator = new Validation.XmlValidator(spec.version) + try { + const validationError = await validator.validate(serialized) + assert.strictEqual(validationError, null) + } catch (err) { + if (!(err instanceof Validation.MissingOptionalDependencyError)) { + // unexpected error + throw err + } } - } - if (process.env.CJL_TEST_UPDATE_SNAPSHOTS) { - writeSerializeResult(serialized, 'xml_complex', spec.version, 'xml') - } - assert.strictEqual( - serialized, - loadSerializeResult('xml_complex', spec.version, 'xml')) - }) + if (process.env.CJL_TEST_UPDATE_SNAPSHOTS) { + writeSerializeResult(serialized, `xml_${fixtureName}`, spec.version, 'xml') + } + assert.strictEqual( + serialized, + loadSerializeResult(`xml_${fixtureName}`, spec.version, 'xml')) + }) + + // TODO add more tests + })) - // TODO add more tests })) describe('make bom-refs unique', () => { diff --git a/tests/unit/Models.Vulnerability.Vulnerability.spec.js b/tests/unit/Models.Vulnerability.Vulnerability.spec.js index 58ba2a48b..5e5a79844 100644 --- a/tests/unit/Models.Vulnerability.Vulnerability.spec.js +++ b/tests/unit/Models.Vulnerability.Vulnerability.spec.js @@ -22,7 +22,7 @@ const { suite, test } = require('mocha') const { Models: { - PropertyRepository, ToolRepository, + PropertyRepository, Tools, Vulnerability: { AdvisoryRepository, AffectRepository, Analysis, Credits, RatingRepository, ReferenceRepository, Source, Vulnerability @@ -53,7 +53,7 @@ suite('Models.Vulnerability.Vulnerability', () => { assert.strictEqual(vulnerability.published, undefined) assert.strictEqual(vulnerability.updated, undefined) assert.strictEqual(vulnerability.credits, undefined) - assert.ok(vulnerability.tools instanceof ToolRepository) + assert.ok(vulnerability.tools instanceof Tools) assert.strictEqual(vulnerability.tools.size, 0) assert.strictEqual(vulnerability.analysis, undefined) assert.ok(vulnerability.affects instanceof AffectRepository) @@ -72,7 +72,7 @@ suite('Models.Vulnerability.Vulnerability', () => { const dummyPublished = new Date() const dummyUpdated = new Date() const dummyCredits = new Credits() - const dummyTools = new ToolRepository() + const dummyTools = new Tools() const dummyAnalysis = new Analysis() const dummyAffects = new AffectRepository() const dummyProperties = new PropertyRepository()