Merge pull request #552 from CycloneDX/feat/cdx1.6.1

CycloneDX · Nov 22, 2024 · d9f8d4c · d9f8d4c
2 parents 9a320b3 + fce34d4
commit d9f8d4c
Show file tree

Hide file tree

Showing 115 changed files with 1,787 additions and 418 deletions.
diff --git a/src/main/java/org/cyclonedx/model/Component.java b/src/main/java/org/cyclonedx/model/Component.java
@@ -207,8 +207,7 @@ public String getScopeName() {
     private ModelCard modelCard;
 
     @VersionFilter(Version.VERSION_15)
-    @JsonProperty("data")
-    private ComponentData data;
+    private List<ComponentData> data;
 
     @VersionFilter(Version.VERSION_16)
     @JsonProperty("cryptoProperties")
@@ -500,11 +499,14 @@ public void setModelCard(final ModelCard modelCard) {
         this.modelCard = modelCard;
     }
 
-    public ComponentData getData() {
+    @JsonProperty("data")
+    @JacksonXmlElementWrapper(useWrapping = false)
+    @JacksonXmlProperty(localName = "data")
+    public List<ComponentData> getData() {
         return data;
     }
 
-    public void setData(final ComponentData data) {
+    public void setData(final List<ComponentData> data) {
         this.data = data;
     }
 

diff --git a/src/main/resources/bom-1.6.proto b/src/main/resources/bom-1.6.proto
diff --git a/src/main/resources/bom-1.6.schema.json b/src/main/resources/bom-1.6.schema.json
diff --git a/src/main/resources/bom-1.6.xsd b/src/main/resources/bom-1.6.xsd
diff --git a/src/test/java/org/cyclonedx/parsers/JsonParserTest.java b/src/test/java/org/cyclonedx/parsers/JsonParserTest.java
@@ -446,8 +446,8 @@ public void schema16_attestation() throws Exception {
         assertEquals(1, assessors.size());
 
         Assessor assessor = assessors.get(0);
-        assertEquals(false, assessor.getThirdParty());
-        assertEquals("Acme Inc", assessor.getOrganization().getName());
+        assertEquals(true, assessor.getThirdParty());
+        assertEquals("Assessors Inc", assessor.getOrganization().getName());
         assertEquals("assessor-1", assessor.getBomRef());
 
         //Attestations
@@ -467,7 +467,7 @@ public void schema16_attestation() throws Exception {
         Conformance conformance = map.getConformance();
         assertEquals(0.8, conformance.getScore());
         assertEquals("Conformance rationale here", conformance.getRationale());
-        assertEquals("mitigations-1", conformance.getMitigationStrategies().get(0));
+        assertEquals("mitigationStrategy-1", conformance.getMitigationStrategies().get(0));
 
         Confidence confidence = map.getConfidence();
         assertEquals(1.0, confidence.getScore());

diff --git a/src/test/java/org/cyclonedx/parsers/XmlParserTest.java b/src/test/java/org/cyclonedx/parsers/XmlParserTest.java
@@ -591,8 +591,8 @@ public void schema16_attestation() throws Exception {
         assertEquals(1, assessors.size());
 
         Assessor assessor = assessors.get(0);
-        assertEquals(false, assessor.getThirdParty());
-        assertEquals("Acme Inc", assessor.getOrganization().getName());
+        assertEquals(true, assessor.getThirdParty());
+        assertEquals("Assessors Inc", assessor.getOrganization().getName());
         assertEquals("assessor-1", assessor.getBomRef());
 
         //Attestations
@@ -612,7 +612,7 @@ public void schema16_attestation() throws Exception {
         Conformance conformance = map.getConformance();
         assertEquals(0.8, conformance.getScore());
         assertEquals("Conformance rationale here", conformance.getRationale());
-        assertEquals("mitigations-1", conformance.getMitigationStrategies().get(0));
+        assertEquals("mitigationStrategy-1", conformance.getMitigationStrategies().get(0));
 
         Confidence confidence = map.getConfidence();
         assertEquals(1.0, confidence.getScore());

diff --git a/src/test/resources/1.6/invalid-bomformat-1.6.json b/src/test/resources/1.6/invalid-bomformat-1.6.json
@@ -1,4 +1,5 @@
 {
+  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
   "bomFormat": "AnotherFormat",
   "specVersion": "1.6",
   "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",

diff --git a/src/test/resources/1.6/invalid-component-ref-1.6.json b/src/test/resources/1.6/invalid-component-ref-1.6.json
@@ -1,4 +1,5 @@
 {
+  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
   "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",
@@ -10,12 +11,6 @@
       "name": "acme-library",
       "version": "1.0.0"
     },
-    {
-      "type": "library",
-      "bom-ref": "123",
-      "name": "acme-library",
-      "version": "1.0.0"
-    },
     {
       "type": "library",
       "bom-ref": "",

diff --git a/src/test/resources/1.6/invalid-component-ref-1.6.xml b/src/test/resources/1.6/invalid-component-ref-1.6.xml
@@ -10,6 +10,10 @@
                     <name>acme-library</name>
                     <version>1.0.0</version>
                 </component>
+                <component type="library" bom-ref="123">
+                    <name>acme-library2</name>
+                    <version>1.0.0</version>
+                </component>
                 <component type="library" bom-ref="">
                     <!-- empty value in attribute `bom-ref` -->
                     <name>acme-library</name>

diff --git a/src/test/resources/1.6/invalid-component-swid-1.6.json b/src/test/resources/1.6/invalid-component-swid-1.6.json
@@ -1,4 +1,5 @@
 {
+  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
   "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",

diff --git a/src/test/resources/1.6/invalid-component-type-1.6.json b/src/test/resources/1.6/invalid-component-type-1.6.json
@@ -1,4 +1,5 @@
 {
+  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
   "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",

diff --git a/src/test/resources/1.6/invalid-dependency-1.6.json b/src/test/resources/1.6/invalid-dependency-1.6.json
@@ -1,4 +1,5 @@
 {
+  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
   "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",

diff --git a/src/test/resources/1.6/invalid-empty-component-1.6.json b/src/test/resources/1.6/invalid-empty-component-1.6.json
@@ -1,4 +1,5 @@
 {
+  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
   "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",

diff --git a/src/test/resources/1.6/invalid-hash-alg-1.6.json b/src/test/resources/1.6/invalid-hash-alg-1.6.json
@@ -1,4 +1,5 @@
 {
+  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
   "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",

diff --git a/src/test/resources/1.6/invalid-hash-md5-1.6.json b/src/test/resources/1.6/invalid-hash-md5-1.6.json
@@ -1,4 +1,5 @@
 {
+  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
   "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",

diff --git a/src/test/resources/1.6/invalid-hash-sha1-1.6.json b/src/test/resources/1.6/invalid-hash-sha1-1.6.json
@@ -1,4 +1,5 @@
 {
+  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
   "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",

diff --git a/src/test/resources/1.6/invalid-hash-sha256-1.6.json b/src/test/resources/1.6/invalid-hash-sha256-1.6.json
@@ -1,4 +1,5 @@
 {
+  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
   "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",

diff --git a/src/test/resources/1.6/invalid-hash-sha512-1.6.json b/src/test/resources/1.6/invalid-hash-sha512-1.6.json
@@ -1,4 +1,5 @@
 {
+  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
   "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",

diff --git a/src/test/resources/1.6/invalid-issue-type-1.6.json b/src/test/resources/1.6/invalid-issue-type-1.6.json
@@ -1,4 +1,5 @@
 {
+  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
   "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",

diff --git a/src/test/resources/1.6/invalid-license-choice-1.6.json b/src/test/resources/1.6/invalid-license-choice-1.6.json
@@ -1,4 +1,5 @@
 {
+  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
   "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",

diff --git a/src/test/resources/1.6/invalid-license-encoding-1.6.json b/src/test/resources/1.6/invalid-license-encoding-1.6.json
@@ -1,4 +1,5 @@
 {
+  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
   "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",

diff --git a/src/test/resources/1.6/invalid-license-id-1.6.json b/src/test/resources/1.6/invalid-license-id-1.6.json
@@ -1,4 +1,5 @@
 {
+  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
   "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",

diff --git a/src/test/resources/1.6/invalid-license-missing-id-and-name-1.6.json b/src/test/resources/1.6/invalid-license-missing-id-and-name-1.6.json
@@ -1,10 +1,12 @@
 {
+  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
   "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",
   "version": 1,
   "components": [
     {
+      "type": "library",
       "name": "license-with-no-id-nor-name",
       "version": "23",
       "description": "testcase for issue#288",

diff --git a/src/test/resources/1.6/invalid-metadata-license-1.6.json b/src/test/resources/1.6/invalid-metadata-license-1.6.json
@@ -1,4 +1,5 @@
 {
+  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
   "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",

diff --git a/src/test/resources/1.6/invalid-metadata-timestamp-1.6.json b/src/test/resources/1.6/invalid-metadata-timestamp-1.6.json
@@ -1,4 +1,5 @@
 {
+  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
   "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",

diff --git a/src/test/resources/1.6/invalid-missing-component-type-1.6.json b/src/test/resources/1.6/invalid-missing-component-type-1.6.json
@@ -1,4 +1,5 @@
 {
+  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
   "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",

diff --git a/src/test/resources/1.6/invalid-patch-type-1.6.json b/src/test/resources/1.6/invalid-patch-type-1.6.json
@@ -1,4 +1,5 @@
 {
+  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
   "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",

diff --git a/src/test/resources/1.6/invalid-properties-1.6.json b/src/test/resources/1.6/invalid-properties-1.6.json
@@ -1,4 +1,5 @@
 {
+  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
   "serialNumber": "urn:uuid:bcb403ae-91fa-436e-bc93-84d1078cdeed",

diff --git a/src/test/resources/1.6/invalid-scope-1.6.json b/src/test/resources/1.6/invalid-scope-1.6.json
@@ -1,4 +1,5 @@
 {
+  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
   "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",

diff --git a/src/test/resources/1.6/invalid-serialnumber-1.6.json b/src/test/resources/1.6/invalid-serialnumber-1.6.json
@@ -1,4 +1,5 @@
 {
+  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
   "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f",

diff --git a/src/test/resources/1.6/invalid-service-data-1.6.json b/src/test/resources/1.6/invalid-service-data-1.6.json
@@ -1,4 +1,5 @@
 {
+  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
   "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",

diff --git a/src/test/resources/1.6/valid-annotation-1.6.json b/src/test/resources/1.6/valid-annotation-1.6.json
@@ -1,4 +1,5 @@
 {
+  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
   "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",
@@ -76,6 +77,13 @@
             "name": "Partner Org",
             "url": [
               "https://partner.org"
+            ],
+            "contact" : [
+              {
+                "name": "Support",
+                "email": "support@partner.org",
+                "phone": "800-555-1212"
+              }
             ]
           },
           "group": "org.partner",

diff --git a/src/test/resources/1.6/valid-annotation-1.6.textproto b/src/test/resources/1.6/valid-annotation-1.6.textproto
@@ -24,8 +24,8 @@ annotations {
     }
   }
   timestamp {
-    seconds: 3173618478
-    nanos: 3
+    seconds: 1640995200
+    nanos: 0
   }
   text: "This is a sample annotation made by an organization"
 }
@@ -40,10 +40,10 @@ annotations {
     }
   }
   timestamp {
-    seconds: 3173618478
-    nanos: 3
+    seconds: 1640995200
+    nanos: 0
   }
-  text: "This is a sample annotation made by an person"
+  text: "This is a sample annotation made by a person"
 }
 annotations {
   bom_ref: "annotation-3"
@@ -56,8 +56,8 @@ annotations {
     }
   }
   timestamp {
-    seconds: 3173618478
-    nanos: 3
+    seconds: 1640995200
+    nanos: 0
   }
   text: "This is a sample annotation made by a component"
 }
@@ -72,7 +72,7 @@ annotations {
         url: "https://partner.org"
         contact {
           name: "Support"
-          email: "support@partner"
+          email: "support@partner.org"
           phone: "800-555-1212"
         }
       }
@@ -90,8 +90,8 @@ annotations {
     }
   }
   timestamp {
-    seconds: 3173618478
-    nanos: 3
+    seconds: 1640995200
+    nanos: 0
   }
   text: "This is a sample annotation made by a service"
 }
diff --git a/src/test/resources/1.6/valid-annotation-1.6.xml b/src/test/resources/1.6/valid-annotation-1.6.xml
@@ -21,7 +21,7 @@
                     </contact>
                 </organization>
             </annotator>
-            <timestamp>2020-04-07T07:01:00Z</timestamp>
+            <timestamp>2022-01-01T00:00:00Z</timestamp>
             <text>This is a sample annotation made by an organization</text>
         </annotation>
         <annotation bom-ref="annotation-2">
@@ -35,8 +35,8 @@
                     <phone>800-555-1212</phone>
                 </individual>
             </annotator>
-            <timestamp>2020-04-07T07:01:00Z</timestamp>
-            <text>This is a sample annotation made by an person</text>
+            <timestamp>2022-01-01T00:00:00Z</timestamp>
+            <text>This is a sample annotation made by a person</text>
         </annotation>
         <annotation bom-ref="annotation-3">
             <subjects>
@@ -48,7 +48,7 @@
                     <version>9.1.2</version>
                 </component>
             </annotator>
-            <timestamp>2020-04-07T07:01:00Z</timestamp>
+            <timestamp>2022-01-01T00:00:00Z</timestamp>
             <text>This is a sample annotation made by a component</text>
         </annotation>
         <annotation bom-ref="annotation-4">
@@ -62,7 +62,7 @@
                         <url>https://partner.org</url>
                         <contact>
                             <name>Support</name>
-                            <email>support@partner</email>
+                            <email>support@partner.org</email>
                             <phone>800-555-1212</phone>
                         </contact>
                     </provider>
@@ -76,11 +76,11 @@
                     <authenticated>true</authenticated>
                     <x-trust-boundary>true</x-trust-boundary>
                     <data>
-                        <classification flow="bi-directional">pubic</classification>
+                        <classification flow="bi-directional">public</classification>
                     </data>
                 </service>
             </annotator>
-            <timestamp>2020-04-07T07:01:00Z</timestamp>
+            <timestamp>2022-01-01T00:00:00Z</timestamp>
             <text>This is a sample annotation made by a service</text>
         </annotation>
     </annotations>

diff --git a/src/test/resources/1.6/valid-assembly-1.6.json b/src/test/resources/1.6/valid-assembly-1.6.json
@@ -1,4 +1,5 @@
 {
+  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
   "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",

diff --git a/src/test/resources/1.6/valid-attestation-1.6.json b/src/test/resources/1.6/valid-attestation-1.6.json
@@ -1,4 +1,5 @@
 {
+  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
   "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",