Add v1.5 JSON and protobuf tests

Signed-off-by: Patrick Dwyer <patrick.dwyer@owasp.org>
CycloneDX · Sep 5, 2023 · 7f75991 · 7f75991
1 parent 5c7747d
commit 7f75991
Show file tree

Hide file tree

Showing 246 changed files with 11,687 additions and 795 deletions.
diff --git a/src/CycloneDX.Core/BomUtils.cs b/src/CycloneDX.Core/BomUtils.cs
@@ -154,6 +154,7 @@ internal static Bom CopyBomAndDowngrade(Bom bom)
                     foreach (var composition in bomCopy.Compositions)
                     {
                         composition.BomRef = null;
+                        composition.Vulnerabilities = null;
                     }
                 }
 
@@ -196,6 +197,23 @@ internal static Bom CopyBomAndDowngrade(Bom bom)
                         vulnerability.Analysis.FirstIssued = null;
                         vulnerability.Analysis.LastUpdated = null;
                     }
+
+                    if (vulnerability.Ratings != null)
+                    {
+                        var i = 0;
+                        while (i < vulnerability.Ratings.Count)
+                        {
+                            if (vulnerability.Ratings[i].Method == ScoreMethod.CVSSV4 ||
+                                vulnerability.Ratings[i].Method == ScoreMethod.SSVC)
+                            {
+                                vulnerability.Ratings.RemoveAt(i);
+                            }
+                            else
+                            {
+                                i++;
+                            }
+                        }
+                    }
                 });
 
                 EnumerateAllEvidence(bomCopy, (evidence) =>
@@ -205,6 +223,11 @@ internal static Bom CopyBomAndDowngrade(Bom bom)
                     evidence.Callstack = null;
                 });
 
+                EnumerateAllLicenseChoices(bomCopy, (licenseChoice) =>
+                {
+                    licenseChoice.BomRef = null;
+                });
+
                 EnumerateAllLicenses(bomCopy, (license) =>
                 {
                     license.BomRef = null;
@@ -223,6 +246,7 @@ internal static Bom CopyBomAndDowngrade(Bom bom)
                 });
             }
 
+            // triggers a bunch of stuff, don't remove unless you know what you are doing
             bomCopy.SpecVersion = bomCopy.SpecVersion;
 
             return bomCopy;
@@ -312,12 +336,20 @@ public static void EnumerateAllEvidence(Bom bom, Action<Evidence> callback)
         }
 
         public static void EnumerateAllLicenses(Bom bom, Action<License> callback)
+        {
+            EnumerateAllLicenseChoices(bom, (licenseChoice) =>
+            {
+                if (licenseChoice.License != null) callback(licenseChoice.License);
+            });
+        }
+
+        public static void EnumerateAllLicenseChoices(Bom bom, Action<LicenseChoice> callback)
         {
             if (bom.Metadata?.Licenses != null)
             {
                 foreach (var license in bom.Metadata.Licenses)
                 {
-                    if (license.License != null) callback(license.License);
+                    callback(license);
                 }
 
             }
@@ -327,7 +359,7 @@ public static void EnumerateAllLicenses(Bom bom, Action<License> callback)
                 {
                     foreach (var license in component.Licenses)
                     {
-                        if (license.License != null) callback(license.License);
+                        callback(license);
                     }
                 }
             });
@@ -338,7 +370,7 @@ public static void EnumerateAllLicenses(Bom bom, Action<License> callback)
                 {
                     foreach (var license in service.Licenses)
                     {
-                        if (license.License != null) callback(license.License);
+                        callback(license);
                     }
                 }
             });
@@ -349,7 +381,7 @@ public static void EnumerateAllLicenses(Bom bom, Action<License> callback)
                 {
                     foreach (var license in evidence.Licenses)
                     {
-                        if (license.License != null) callback(license.License);
+                        callback(license);
                     }
                 }
             });

diff --git a/src/CycloneDX.Core/Json/Converters/ComponentTypeConverter.cs b/src/CycloneDX.Core/Json/Converters/ComponentTypeConverter.cs
diff --git a/...Json/Converters/AggregateTypeConverter.cs → ...ers/DataflowSourceDestinationConverter.cs b/...Json/Converters/AggregateTypeConverter.cs → ...ers/DataflowSourceDestinationConverter.cs
@@ -16,50 +16,42 @@
 // Copyright (c) OWASP Foundation. All Rights Reserved.
 
 using System;
+using System.Collections.Generic;
 using System.Diagnostics.Contracts;
 using System.Text.Json;
 using System.Text.Json.Serialization;
 using CycloneDX.Models;
-using AggregateType = CycloneDX.Models.Composition.AggregateType;
 
 namespace CycloneDX.Json.Converters
 {
 
-    public class AggregateTypeConverter : JsonConverter<AggregateType>
+    public class DataflowSourceDestinationConverter : JsonConverter<DataflowSourceDestination>
     {
-        public override AggregateType Read(
+        public override DataflowSourceDestination Read(
             ref Utf8JsonReader reader,
             Type typeToConvert,
             JsonSerializerOptions options)
         {
-            if (reader.TokenType == JsonTokenType.Null
-                || reader.TokenType != JsonTokenType.String)
+            if (reader.TokenType == JsonTokenType.String)
             {
-                throw new JsonException();
+                return new DataflowSourceDestination { Url = reader.GetString() };
             }
 
-            var aggregateString = reader.GetString();
-
-            AggregateType aggregate;
-            var success = Enum.TryParse<AggregateType>(aggregateString.Replace("_", ""), ignoreCase: true, out aggregate);
-            if (success)
-            {
-                return aggregate;
-            }
-            else
-            {
-                throw new JsonException();
-            }
+            throw new JsonException();
         }
 
         public override void Write(
             Utf8JsonWriter writer,
-            AggregateType value,
+            DataflowSourceDestination value,
             JsonSerializerOptions options)
         {
             Contract.Requires(writer != null);
+            Contract.Requires(value != null);
 
-            writer.WriteStringValue(value.ToString().ToLowerInvariant());
+            if (value != null)
+            {
+                writer.WriteStringValue(value.Url);
+            }
         }
     }
 }
diff --git a/...s/ImpactAnalysisJustificationConverter.cs → ...nverters/EnvironmentVarChoiceConverter.cs b/...s/ImpactAnalysisJustificationConverter.cs → ...nverters/EnvironmentVarChoiceConverter.cs
@@ -16,50 +16,54 @@
 // Copyright (c) OWASP Foundation. All Rights Reserved.
 
 using System;
+using System.Collections.Generic;
 using System.Diagnostics.Contracts;
 using System.Text.Json;
 using System.Text.Json.Serialization;
 using CycloneDX.Models;
-using ImpactAnalysisJustification = CycloneDX.Models.Vulnerabilities.ImpactAnalysisJustification;
 
 namespace CycloneDX.Json.Converters
 {
 
-    public class ImpactAnalysisJustificationConverter : JsonConverter<ImpactAnalysisJustification>
+    public class EnvironmentVarChoiceConverter : JsonConverter<EnvironmentVarChoice>
     {
-        public override ImpactAnalysisJustification Read(
+        public override EnvironmentVarChoice Read(
             ref Utf8JsonReader reader,
             Type typeToConvert,
             JsonSerializerOptions options)
         {
-            if (reader.TokenType == JsonTokenType.Null
-                || reader.TokenType != JsonTokenType.String)
+            if (reader.TokenType == JsonTokenType.StartObject)
             {
-                throw new JsonException();
+                var property = JsonSerializer.Deserialize<Property>(ref reader, options);
+                return new EnvironmentVarChoice { Property = property };
             }
-
-            var justificationString = reader.GetString();
-
-            ImpactAnalysisJustification justification;
-            var success = Enum.TryParse<ImpactAnalysisJustification>(justificationString.Replace("_", ""), ignoreCase: true, out justification);
-            if (success)
-            {
-                return justification;
-            }
-            else
+            else if (reader.TokenType == JsonTokenType.String)
             {
-                throw new JsonException();
+                return new EnvironmentVarChoice { Value = reader.GetString() };
             }
+
+            throw new JsonException();
         }
 
         public override void Write(
             Utf8JsonWriter writer,
-            ImpactAnalysisJustification value,
+            EnvironmentVarChoice value,
             JsonSerializerOptions options)
         {
             Contract.Requires(writer != null);
+            Contract.Requires(value != null);
 
-            writer.WriteStringValue(value.ToString().ToLowerInvariant());
+            if (value != null)
+            {
+                if (value.Property == null)
+                {
+                    JsonSerializer.Serialize(writer, value.Value, options);
+                }
+                else
+                {
+                    JsonSerializer.Serialize(writer, value.Property, options);
+                }
+            }
         }
     }
 }
diff --git a/src/CycloneDX.Core/Json/Converters/ExternalReferenceTypeConverter.cs b/src/CycloneDX.Core/Json/Converters/ExternalReferenceTypeConverter.cs