diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 463500c19..facb02f38 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -34,6 +34,8 @@ Run the tests: npm test ``` +See the [dedicated test docs](tests/README.md) for details and advanced instructions. + ## Coding standards Apply coding standards via: diff --git a/HISTORY.md b/HISTORY.md index 0b143e717..c006c434f 100644 --- a/HISTORY.md +++ b/HISTORY.md @@ -4,6 +4,13 @@ All notable changes to this project will be documented in this file. ## unreleased +* Added + * Class `Models.Metadata` got a new property `licenses` ([#1019] via [#1020]) + * Class `Models.Metadata` got a new property `properties` ([#1019] via [#1020]) + +[#1019]: https://github.com/CycloneDX/cyclonedx-javascript-library/issues/1019 +[#1020]: https://github.com/CycloneDX/cyclonedx-javascript-library/pull/1020 + ## 6.3.2 -- 2024-02-25 * Refactor diff --git a/src/models/metadata.ts b/src/models/metadata.ts index b2292be94..df51729fe 100644 --- a/src/models/metadata.ts +++ b/src/models/metadata.ts @@ -18,9 +18,11 @@ Copyright (c) OWASP Foundation. All Rights Reserved. */ import type { Component } from './component' +import { LicenseRepository } from './license' import { LifecycleRepository } from './lifecycle' import { OrganizationalContactRepository } from './organizationalContact' import type { OrganizationalEntity } from './organizationalEntity' +import { PropertyRepository } from './property' import { ToolRepository } from './tool' export interface OptionalMetadataProperties { @@ -31,6 +33,8 @@ export interface OptionalMetadataProperties { component?: Metadata['component'] manufacture?: Metadata['manufacture'] supplier?: Metadata['supplier'] + licenses?: Metadata['licenses'] + properties?: Metadata['properties'] } export class Metadata { @@ -41,6 +45,8 @@ export class Metadata { component?: Component manufacture?: OrganizationalEntity supplier?: OrganizationalEntity + licenses: LicenseRepository + properties: PropertyRepository constructor (op: OptionalMetadataProperties = {}) { this.timestamp = op.timestamp @@ -50,5 +56,7 @@ export class Metadata { this.component = op.component this.manufacture = op.manufacture this.supplier = op.supplier + this.licenses = op.licenses ?? new LicenseRepository() + this.properties = op.properties ?? new PropertyRepository() } } diff --git a/src/serialize/json/normalize.ts b/src/serialize/json/normalize.ts index 6842fafea..80d2b025e 100644 --- a/src/serialize/json/normalize.ts +++ b/src/serialize/json/normalize.ts @@ -223,7 +223,13 @@ export class MetadataNormalizer extends BaseJsonNormalizer { : orgEntityNormalizer.normalize(data.manufacture, options), supplier: data.supplier === undefined ? undefined - : orgEntityNormalizer.normalize(data.supplier, options) + : orgEntityNormalizer.normalize(data.supplier, options), + licenses: this._factory.spec.supportsMetadataLicenses && data.licenses.size > 0 + ? this._factory.makeForLicense().normalizeIterable(data.licenses, options) + : undefined, + properties: this._factory.spec.supportsMetadataProperties && data.properties.size > 0 + ? this._factory.makeForProperty().normalizeIterable(data.properties, options) + : undefined } } } diff --git a/src/serialize/json/types.ts b/src/serialize/json/types.ts index af71bcdb2..2ffb8ddba 100644 --- a/src/serialize/json/types.ts +++ b/src/serialize/json/types.ts @@ -94,6 +94,7 @@ export namespace Normalized { manufacture?: OrganizationalEntity supplier?: OrganizationalEntity licenses?: License[] + properties?: Property[] } export interface LifecyclePhase { diff --git a/src/serialize/xml/normalize.ts b/src/serialize/xml/normalize.ts index fee340589..e216b6252 100644 --- a/src/serialize/xml/normalize.ts +++ b/src/serialize/xml/normalize.ts @@ -246,6 +246,20 @@ export class MetadataNormalizer extends BaseXmlNormalizer { children: this._factory.makeForOrganizationalContact().normalizeIterable(data.authors, options, 'author') } : undefined + const licenses: SimpleXml.Element | undefined = this._factory.spec.supportsMetadataLicenses && data.licenses.size > 0 + ? { + type: 'element', + name: 'licenses', + children: this._factory.makeForLicense().normalizeIterable(data.licenses, options) + } + : undefined + const properties: SimpleXml.Element | undefined = this._factory.spec.supportsMetadataProperties && data.properties.size > 0 + ? { + type: 'element', + name: 'properties', + children: this._factory.makeForProperty().normalizeIterable(data.properties, options, 'property') + } + : undefined return { type: 'element', name: elementName, @@ -262,7 +276,9 @@ export class MetadataNormalizer extends BaseXmlNormalizer { : orgEntityNormalizer.normalize(data.manufacture, options, 'manufacture'), data.supplier === undefined ? undefined - : orgEntityNormalizer.normalize(data.supplier, options, 'supplier') + : orgEntityNormalizer.normalize(data.supplier, options, 'supplier'), + licenses, + properties ].filter(isNotUndefined) } } diff --git a/src/spec/_protocol.ts b/src/spec/_protocol.ts index b5ea27ea0..f4f4b63fd 100644 --- a/src/spec/_protocol.ts +++ b/src/spec/_protocol.ts @@ -43,6 +43,8 @@ export interface _SpecProtocol { supportsVulnerabilityRatingMethod: (rm: Vulnerability.RatingMethod | any) => boolean supportsComponentEvidence: boolean supportsMetadataLifecycles: boolean + supportsMetadataLicenses: boolean + supportsMetadataProperties: boolean supportsExternalReferenceHashes: boolean } @@ -68,6 +70,8 @@ export class _Spec implements _SpecProtocol { readonly #supportsVulnerabilities: boolean readonly #supportsComponentEvidence: boolean readonly #supportsMetadataLifecycles: boolean + readonly #supportsMetadataLicenses: boolean + readonly #supportsMetadataProperties: boolean readonly #supportsExternalReferenceHashes: boolean constructor ( @@ -85,6 +89,8 @@ export class _Spec implements _SpecProtocol { vulnerabilityRatingMethods: Iterable, supportsComponentEvidence: boolean, supportsMetadataLifecycles: boolean, + supportsMetadataLicenses: boolean, + supportsMetadataProperties: boolean, supportsExternalReferenceHashes: boolean ) { this.#version = version @@ -101,6 +107,8 @@ export class _Spec implements _SpecProtocol { this.#vulnerabilityRatingMethods = new Set(vulnerabilityRatingMethods) this.#supportsComponentEvidence = supportsComponentEvidence this.#supportsMetadataLifecycles = supportsMetadataLifecycles + this.#supportsMetadataLicenses = supportsMetadataLicenses + this.#supportsMetadataProperties = supportsMetadataProperties this.#supportsExternalReferenceHashes = supportsExternalReferenceHashes } @@ -167,6 +175,14 @@ export class _Spec implements _SpecProtocol { return this.#supportsMetadataLifecycles } + get supportsMetadataLicenses (): boolean { + return this.#supportsMetadataLicenses + } + + get supportsMetadataProperties (): boolean { + return this.#supportsMetadataProperties + } + get supportsExternalReferenceHashes (): boolean { return this.#supportsExternalReferenceHashes } diff --git a/src/spec/consts.ts b/src/spec/consts.ts index 0988d2271..611c9f94f 100644 --- a/src/spec/consts.ts +++ b/src/spec/consts.ts @@ -79,6 +79,8 @@ export const Spec1dot2: Readonly<_SpecProtocol> = Object.freeze(new _Spec( [], false, false, + false, + false, false )) @@ -139,6 +141,8 @@ export const Spec1dot3: Readonly<_SpecProtocol> = Object.freeze(new _Spec( [], true, false, + true, + true, true )) @@ -206,6 +210,8 @@ export const Spec1dot4: Readonly<_SpecProtocol> = Object.freeze(new _Spec( ], true, false, + true, + true, true )) @@ -302,6 +308,8 @@ export const Spec1dot5: Readonly<_SpecProtocol> = Object.freeze(new _Spec( ], true, true, + true, + true, true )) diff --git a/tests/README.md b/tests/README.md index 84c347fe1..e222b682c 100644 --- a/tests/README.md +++ b/tests/README.md @@ -1,27 +1,31 @@ # Tests -Tests are written in plain JavaScript, and -they are intended to test the build result(`dist.node/` & `dist.web/`), -instead of the source(`src/`). +Tests are written in plain JavaScript. +Tests are intended to test the build result(`dist.node/` & `dist.web/`), instead of the source(`src/`). -## Writing tests - -Test files must follow the pattern `**.{spec,test}.[cm]?js`, -to be picked up. +The test runner will NOT build the project; you need to do so manually on demand. +See the [dedicated contributing docs](../CONTRIBUTING.md) for details and advanced instructions. -## Snapshots +## Writing tests -Some tests check against snapshots. -To update these, set the env var `CJL_TEST_UPDATE_SNAPSHOTS` to a non-falsy value. +Test files must follow the pattern `**.{spec,test}.[cm]?js`, to be picked up. ## Run node tests -Test runner is `mocha`, -configured in [mocharc file](../.mocharc.js). +Test runner is `mocha`, configured in [mocharc file](../.mocharc.js). ```shell npm test ``` +### Snapshots + +Some tests check against snapshots. +To update these, set the env var `CJL_TEST_UPDATE_SNAPSHOTS` to a non-falsy value. + +like so: +```shell +CJL_TEST_UPDATE_SNAPSHOTS=1 npm test +``` ## Run browser tests diff --git a/tests/_data/models.js b/tests/_data/models.js index 273379d0a..a20d6e441 100644 --- a/tests/_data/models.js +++ b/tests/_data/models.js @@ -87,7 +87,15 @@ module.exports.createComplexStructure = function () { name: 'Jane "the-other-supplier" Doe' }) ]) - }) + }), + licenses: new Models.LicenseRepository([ + new Models.SpdxLicense('0BSD'), + new Models.NamedLicense('Some license name') + ]), + properties: new Models.PropertyRepository([ + new Models.Property('a', 'b'), + new Models.Property('cdx:reproducible', 'true') + ]) }) }) diff --git a/tests/_data/normalizeResults/json_sortedLists_spec1.3.json b/tests/_data/normalizeResults/json_sortedLists_spec1.3.json index d1abdc313..76a67449c 100644 --- a/tests/_data/normalizeResults/json_sortedLists_spec1.3.json +++ b/tests/_data/normalizeResults/json_sortedLists_spec1.3.json @@ -64,7 +64,29 @@ "phone": "555-0123456789" } ] - } + }, + "licenses": [ + { + "license": { + "name": "Some license name" + } + }, + { + "license": { + "id": "0BSD" + } + } + ], + "properties": [ + { + "name": "a", + "value": "b" + }, + { + "name": "cdx:reproducible", + "value": "true" + } + ] }, "components": [ { diff --git a/tests/_data/normalizeResults/json_sortedLists_spec1.4.json b/tests/_data/normalizeResults/json_sortedLists_spec1.4.json index a16915581..96ab686c5 100644 --- a/tests/_data/normalizeResults/json_sortedLists_spec1.4.json +++ b/tests/_data/normalizeResults/json_sortedLists_spec1.4.json @@ -71,7 +71,29 @@ "phone": "555-0123456789" } ] - } + }, + "licenses": [ + { + "license": { + "name": "Some license name" + } + }, + { + "license": { + "id": "0BSD" + } + } + ], + "properties": [ + { + "name": "a", + "value": "b" + }, + { + "name": "cdx:reproducible", + "value": "true" + } + ] }, "components": [ { diff --git a/tests/_data/normalizeResults/json_sortedLists_spec1.5.json b/tests/_data/normalizeResults/json_sortedLists_spec1.5.json index 6c29514b0..c91b9a4c3 100644 --- a/tests/_data/normalizeResults/json_sortedLists_spec1.5.json +++ b/tests/_data/normalizeResults/json_sortedLists_spec1.5.json @@ -80,7 +80,29 @@ "phone": "555-0123456789" } ] - } + }, + "licenses": [ + { + "license": { + "name": "Some license name" + } + }, + { + "license": { + "id": "0BSD" + } + } + ], + "properties": [ + { + "name": "a", + "value": "b" + }, + { + "name": "cdx:reproducible", + "value": "true" + } + ] }, "components": [ { diff --git a/tests/_data/normalizeResults/xml_sortedLists_spec1.3.json b/tests/_data/normalizeResults/xml_sortedLists_spec1.3.json index c14ba5d4c..e0d0c27dd 100644 --- a/tests/_data/normalizeResults/xml_sortedLists_spec1.3.json +++ b/tests/_data/normalizeResults/xml_sortedLists_spec1.3.json @@ -202,6 +202,56 @@ ] } ] + }, + { + "type": "element", + "name": "licenses", + "children": [ + { + "type": "element", + "name": "license", + "children": [ + { + "type": "element", + "name": "name", + "children": "Some license name" + } + ] + }, + { + "type": "element", + "name": "license", + "children": [ + { + "type": "element", + "name": "id", + "children": "0BSD" + } + ] + } + ] + }, + { + "type": "element", + "name": "properties", + "children": [ + { + "type": "element", + "name": "property", + "attributes": { + "name": "a" + }, + "children": "b" + }, + { + "type": "element", + "name": "property", + "attributes": { + "name": "cdx:reproducible" + }, + "children": "true" + } + ] } ] }, diff --git a/tests/_data/normalizeResults/xml_sortedLists_spec1.4.json b/tests/_data/normalizeResults/xml_sortedLists_spec1.4.json index bb295af96..78a394840 100644 --- a/tests/_data/normalizeResults/xml_sortedLists_spec1.4.json +++ b/tests/_data/normalizeResults/xml_sortedLists_spec1.4.json @@ -227,6 +227,56 @@ ] } ] + }, + { + "type": "element", + "name": "licenses", + "children": [ + { + "type": "element", + "name": "license", + "children": [ + { + "type": "element", + "name": "name", + "children": "Some license name" + } + ] + }, + { + "type": "element", + "name": "license", + "children": [ + { + "type": "element", + "name": "id", + "children": "0BSD" + } + ] + } + ] + }, + { + "type": "element", + "name": "properties", + "children": [ + { + "type": "element", + "name": "property", + "attributes": { + "name": "a" + }, + "children": "b" + }, + { + "type": "element", + "name": "property", + "attributes": { + "name": "cdx:reproducible" + }, + "children": "true" + } + ] } ] }, diff --git a/tests/_data/normalizeResults/xml_sortedLists_spec1.5.json b/tests/_data/normalizeResults/xml_sortedLists_spec1.5.json index df4355a62..0cc12a514 100644 --- a/tests/_data/normalizeResults/xml_sortedLists_spec1.5.json +++ b/tests/_data/normalizeResults/xml_sortedLists_spec1.5.json @@ -260,6 +260,56 @@ ] } ] + }, + { + "type": "element", + "name": "licenses", + "children": [ + { + "type": "element", + "name": "license", + "children": [ + { + "type": "element", + "name": "name", + "children": "Some license name" + } + ] + }, + { + "type": "element", + "name": "license", + "children": [ + { + "type": "element", + "name": "id", + "children": "0BSD" + } + ] + } + ] + }, + { + "type": "element", + "name": "properties", + "children": [ + { + "type": "element", + "name": "property", + "attributes": { + "name": "a" + }, + "children": "b" + }, + { + "type": "element", + "name": "property", + "attributes": { + "name": "cdx:reproducible" + }, + "children": "true" + } + ] } ] }, diff --git a/tests/_data/serializeResults/json_complex_spec1.3.json.bin b/tests/_data/serializeResults/json_complex_spec1.3.json.bin index f513685da..36ba3a051 100644 --- a/tests/_data/serializeResults/json_complex_spec1.3.json.bin +++ b/tests/_data/serializeResults/json_complex_spec1.3.json.bin @@ -64,7 +64,29 @@ "phone": "555-0123456789" } ] - } + }, + "licenses": [ + { + "license": { + "name": "Some license name" + } + }, + { + "license": { + "id": "0BSD" + } + } + ], + "properties": [ + { + "name": "a", + "value": "b" + }, + { + "name": "cdx:reproducible", + "value": "true" + } + ] }, "components": [ { diff --git a/tests/_data/serializeResults/json_complex_spec1.4.json.bin b/tests/_data/serializeResults/json_complex_spec1.4.json.bin index 51d980d87..e954c0f1a 100644 --- a/tests/_data/serializeResults/json_complex_spec1.4.json.bin +++ b/tests/_data/serializeResults/json_complex_spec1.4.json.bin @@ -71,7 +71,29 @@ "phone": "555-0123456789" } ] - } + }, + "licenses": [ + { + "license": { + "name": "Some license name" + } + }, + { + "license": { + "id": "0BSD" + } + } + ], + "properties": [ + { + "name": "a", + "value": "b" + }, + { + "name": "cdx:reproducible", + "value": "true" + } + ] }, "components": [ { diff --git a/tests/_data/serializeResults/json_complex_spec1.5.json.bin b/tests/_data/serializeResults/json_complex_spec1.5.json.bin index e3eaa37e1..2a8c59931 100644 --- a/tests/_data/serializeResults/json_complex_spec1.5.json.bin +++ b/tests/_data/serializeResults/json_complex_spec1.5.json.bin @@ -80,7 +80,29 @@ "phone": "555-0123456789" } ] - } + }, + "licenses": [ + { + "license": { + "name": "Some license name" + } + }, + { + "license": { + "id": "0BSD" + } + } + ], + "properties": [ + { + "name": "a", + "value": "b" + }, + { + "name": "cdx:reproducible", + "value": "true" + } + ] }, "components": [ { diff --git a/tests/_data/serializeResults/xml_complex_spec1.3.xml.bin b/tests/_data/serializeResults/xml_complex_spec1.3.xml.bin index 9a4f25c21..97f97b5be 100644 --- a/tests/_data/serializeResults/xml_complex_spec1.3.xml.bin +++ b/tests/_data/serializeResults/xml_complex_spec1.3.xml.bin @@ -47,6 +47,18 @@ 555-0123456789 + + + Some license name + + + 0BSD + + + + b + true + diff --git a/tests/_data/serializeResults/xml_complex_spec1.4.xml.bin b/tests/_data/serializeResults/xml_complex_spec1.4.xml.bin index fac0f219e..3dffebaaa 100644 --- a/tests/_data/serializeResults/xml_complex_spec1.4.xml.bin +++ b/tests/_data/serializeResults/xml_complex_spec1.4.xml.bin @@ -53,6 +53,18 @@ 555-0123456789 + + + Some license name + + + 0BSD + + + + b + true + diff --git a/tests/_data/serializeResults/xml_complex_spec1.5.xml.bin b/tests/_data/serializeResults/xml_complex_spec1.5.xml.bin index 0e611b52f..e4b400960 100644 --- a/tests/_data/serializeResults/xml_complex_spec1.5.xml.bin +++ b/tests/_data/serializeResults/xml_complex_spec1.5.xml.bin @@ -62,6 +62,18 @@ 555-0123456789 + + + Some license name + + + 0BSD + + + + b + true +