Skip to content

Commit

Permalink
Merge pull request #194 from CycloneDX/v1.5-dev-service-dataflows
Browse files Browse the repository at this point in the history 
Extend service dataflow support
  • Loading branch information
@stevespringett
stevespringett authored Apr 19, 2023
2 parents cb12e32 + 5ca7232 commit 68ee653
Show file tree
Hide file tree
Showing 6 changed files with 846 additions and 15 deletions.
22 changes: 16 additions & 6 deletions schema/bom-1.5.proto
View file
Original file line number Diff line number Diff line change
Expand Up @@ -123,16 +123,24 @@ message Component {
optional ReleaseNotes releaseNotes = 24;
}

// Specifies the data classification.
message DataClassification {
// Specifies the data flow.
message DataFlow {
// Specifies the flow direction of the data.
DataFlow flow = 1;
// SimpleContent value of element
DataFlowDirection flow = 1;
// Data classification tags data according to its type, sensitivity, and value if altered, stolen, or destroyed.
string value = 2;
// Name for the defined data
optional string name = 3;
// Short description of the data content and usage
optional string description = 4;
// The URI, URL, or BOM-Link of the components or services the data came in from
repeated string source = 5;
// The URI, URL, or BOM-Link of the components or services the data is sent to
repeated string destination = 6;
}

// Specifies the flow direction of the data. Valid values are: inbound, outbound, bi-directional, and unknown. Direction is relative to the service. Inbound flow states that data enters the service. Outbound flow states that data leaves the service. Bi-directional states that data flows both ways, and unknown states that the direction is not known.
enum DataFlow {
enum DataFlowDirection {
DATA_FLOW_NULL = 0;
DATA_FLOW_INBOUND = 1;
DATA_FLOW_OUTBOUND = 2;
Expand Down Expand Up @@ -481,7 +489,7 @@ message Service {
optional bool authenticated = 8;
// A boolean value indicating if use of the service crosses a trust zone or boundary. A value of true indicates that by using the service, a trust boundary is crossed. A value of false indicates that by using the service, a trust boundary is not crossed.
optional bool x_trust_boundary = 9;
repeated DataClassification data = 10;
repeated DataFlow data = 10;
repeated LicenseChoice licenses = 11;
// Provides the ability to document external references related to the service.
repeated ExternalReference external_references = 12;
Expand All @@ -491,6 +499,8 @@ message Service {
repeated Property properties = 14;
// Specifies optional release notes.
optional ReleaseNotes releaseNotes = 15;
// The name of the trust zone the service resides in.
optional string trustZone = 16;
}

message Swid {
Expand Down
53 changes: 47 additions & 6 deletions schema/bom-1.5.schema.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1160,12 +1160,17 @@
"title": "Crosses Trust Boundary",
"description": "A boolean value indicating if use of the service crosses a trust zone or boundary. A value of true indicates that by using the service, a trust boundary is crossed. A value of false indicates that by using the service, a trust boundary is not crossed."
},
"trustZone": {
"type": "string",
"title": "Trust Zone",
"description": "The name of the trust zone the service resides in."
},
"data": {
"type": "array",
"additionalItems": false,
"items": {"$ref": "#/definitions/dataClassification"},
"title": "Data Classification",
"description": "Specifies the data classification."
"items": {"$ref": "#/definitions/dataFlow"},
"title": "Data",
"description": "Specifies the data flow, classification, and other relevant information."
},
"licenses": {
"type": "array",
Expand Down Expand Up @@ -1207,7 +1212,7 @@
}
}
},
"dataClassification": {
"dataFlow": {
"type": "object",
"title": "Hash Objects",
"required": [
Expand All @@ -1217,18 +1222,54 @@
"additionalProperties": false,
"properties": {
"flow": {
"$ref": "#/definitions/dataFlow",
"$ref": "#/definitions/dataFlowDirection",
"title": "Directional Flow",
"description": "Specifies the flow direction of the data. Direction is relative to the service. Inbound flow states that data enters the service. Outbound flow states that data leaves the service. Bi-directional states that data flows both ways, and unknown states that the direction is not known."
},
"classification": {
"type": "string",
"title": "Classification",
"description": "Data classification tags data according to its type, sensitivity, and value if altered, stolen, or destroyed."
},
"name": {
"type": "string",
"title": "Name",
"description": "Name for the defined data",
"examples": [
"Credit card reporting"
]
},
"description": {
"type": "string",
"title": "Description",
"description": "Short description of the data content and usage",
"examples": [
"Credit card information being exchanged in between the web app and the database"
]
},
"source": {
"type": "array",
"additionalItems": false,
"items": {
"type": "string",
"format": "iri-reference"
},
"title": "Source",
"description": "The URI, URL, or BOM-Link of the components or services the data came in from"
},
"destination": {
"type": "array",
"additionalItems": false,
"items": {
"type": "string",
"format": "iri-reference"
},
"title": "Destination",
"description": "The URI, URL, or BOM-Link of the components or services the data is sent to"
}
}
},
"dataFlow": {
"dataFlowDirection": {
"type": "string",
"enum": [
"inbound",
Expand Down
67 changes: 64 additions & 3 deletions schema/bom-1.5.xsd
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1620,15 +1620,76 @@ limitations under the License.
A value of false indicates that by using the service, a trust boundary is not crossed.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="trustZone" type="xs:string" minOccurs="0" maxOccurs="1">
<xs:annotation>
<xs:documentation>The name of the trust zone the service resides in.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="data" minOccurs="0" maxOccurs="1">
<xs:complexType>
<xs:sequence minOccurs="0" maxOccurs="unbounded">
<xs:element name="classification" type="bom:dataClassificationType">
<xs:choice>
<xs:sequence minOccurs="0" maxOccurs="unbounded">
<xs:element name="classification" type="bom:dataClassificationType">
<xs:annotation>
<xs:documentation>DEPRECATED: Specifies the data classification. THIS FIELD IS DEPRECATED AS OF v1.5. Use dataflow\classification instead</xs:documentation>
</xs:annotation>
</xs:element>
</xs:sequence>
<xs:element name="dataflow" minOccurs="0" maxOccurs="unbounded">
<xs:annotation>
<xs:documentation>Specifies the data classification.</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:sequence>
<xs:element name="classification" type="bom:dataClassificationType" minOccurs="0" maxOccurs="1">
<xs:annotation>
<xs:documentation>Specifies the data classification.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="source" minOccurs="0" maxOccurs="1">
<xs:annotation>
<xs:documentation>The URI, URL, or BOM-Link of the components or services the data came in from.</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:sequence minOccurs="0" maxOccurs="unbounded">
<xs:element name="url" type="xs:anyURI"/>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="destination" minOccurs="0" maxOccurs="1">
<xs:annotation>
<xs:documentation>The URI, URL, or BOM-Link of the components or services the data is sent to.</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:sequence minOccurs="0" maxOccurs="unbounded">
<xs:element name="url" type="xs:anyURI"/>
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:sequence>
<xs:attribute name="name" type="xs:string" use="optional">
<xs:annotation>
<xs:documentation>
Name for the defined data.
</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="description" type="xs:string" use="optional">
<xs:annotation>
<xs:documentation>
Short description of the data content and usage.
</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:anyAttribute namespace="##any" processContents="lax">
<xs:annotation>
<xs:documentation>User-defined attributes may be used on this element as long as they
do not have the same name as an existing attribute used by the schema.</xs:documentation>
</xs:annotation>
</xs:anyAttribute>
</xs:complexType>
</xs:element>
</xs:sequence>
</xs:choice>
</xs:complexType>
</xs:element>
<xs:element name="licenses" type="bom:licenseChoiceType" minOccurs="0" maxOccurs="1"/>
Expand Down
Loading

0 comments on commit 68ee653

Please sign in to comment.