From 84116c6183642eb18f559fa1ed63707db35ea5cf Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sun, 6 Mar 2022 13:12:05 +0100 Subject: [PATCH 001/233] basic setup, models Signed-off-by: Jan Kowalleck --- .editorconfig | 12 + .github/dependabot.yml | 15 + .github/workflows/nodejs.yml | 34 + .github/workflows/release.yml | 13 + .gitignore | 134 ++ .npmignore | 15 + CODEOWNERS | 6 + CONTRIBUTING.md | 28 + NOTICE | 5 + package-lock.json | 46 + package.json | 15 + res/.editorconfig | 10 + res/.gitattributes | 7 + res/bom-1.4.SNAPSHOT.schema.json | 1697 ++++++++++++++++++ res/bom-1.4.SNAPSHOT.xsd | 2407 +++++++++++++++++++++++++ res/spdx.SNAPSHOT.schema.json | 507 ++++++ res/spdx.SNAPSHOT.xsd | 2509 +++++++++++++++++++++++++++ src/enums/AttachmentEncoding.ts | 3 + src/enums/ComponentScope.ts | 5 + src/enums/ComponentType.ts | 10 + src/enums/ExternalReferenceType.ts | 18 + src/enums/HashAlogorithms.ts | 14 + src/models/Attachment.ts | 11 + src/models/Bom.ts | 46 + src/models/BomRef.ts | 6 + src/models/Component.ts | 39 + src/models/ExternalReference.ts | 15 + src/models/Hash.ts | 14 + src/models/License.ts | 33 + src/models/Metadata.ts | 13 + src/models/OrganizationalContact.ts | 8 + src/models/OrganizationalEntity.ts | 10 + src/models/SWID.ts | 35 + src/models/Tool.ts | 11 + tsconfig.json | 103 ++ 35 files changed, 7854 insertions(+) create mode 100644 .editorconfig create mode 100644 .github/dependabot.yml create mode 100644 .github/workflows/nodejs.yml create mode 100644 .github/workflows/release.yml create mode 100644 .gitignore create mode 100644 .npmignore create mode 100644 CODEOWNERS create mode 100644 CONTRIBUTING.md create mode 100644 NOTICE create mode 100644 package-lock.json create mode 100644 package.json create mode 100644 res/.editorconfig create mode 100644 res/.gitattributes create mode 100644 res/bom-1.4.SNAPSHOT.schema.json create mode 100644 res/bom-1.4.SNAPSHOT.xsd create mode 100644 res/spdx.SNAPSHOT.schema.json create mode 100644 res/spdx.SNAPSHOT.xsd create mode 100644 src/enums/AttachmentEncoding.ts create mode 100644 src/enums/ComponentScope.ts create mode 100644 src/enums/ComponentType.ts create mode 100644 src/enums/ExternalReferenceType.ts create mode 100644 src/enums/HashAlogorithms.ts create mode 100644 src/models/Attachment.ts create mode 100644 src/models/Bom.ts create mode 100644 src/models/BomRef.ts create mode 100644 src/models/Component.ts create mode 100644 src/models/ExternalReference.ts create mode 100644 src/models/Hash.ts create mode 100644 src/models/License.ts create mode 100644 src/models/Metadata.ts create mode 100644 src/models/OrganizationalContact.ts create mode 100644 src/models/OrganizationalEntity.ts create mode 100644 src/models/SWID.ts create mode 100644 src/models/Tool.ts create mode 100644 tsconfig.json diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 000000000..0bb108a18 --- /dev/null +++ b/.editorconfig @@ -0,0 +1,12 @@ +root = true + +[*] +end_of_line = lf +insert_final_newline = true + +[*.md] +# trailing white spaces are used for linebreaks in paragraphs. +trim_trailing_whitespace = false + +[*.ts] +charset = utf-8 diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 000000000..3b9adf1ef --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,15 @@ +# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates + +version: 2 +updates: + - package-ecosystem: "npm" + directory: "/" + schedule: + interval: 'weekly' + day: 'saturday' + + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: 'weekly' + day: 'saturday' diff --git a/.github/workflows/nodejs.yml b/.github/workflows/nodejs.yml new file mode 100644 index 000000000..182c3b06c --- /dev/null +++ b/.github/workflows/nodejs.yml @@ -0,0 +1,34 @@ +# docs: https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions + +name: Node CI + +on: + push: + branches: ["master"] + pull_request: + workflow_dispatch: + + +env: + NODE_ACTIVE_LTS: "16" + +jobs: + lint: + name: Lint + timeout-minutes: 30 + runs-on: "ubuntu-latest" + steps: + - name: Checkout + # see https://github.com/actions/checkout + uses: actions/checkout@v3 + - name: Setup Node.js ${{ env.NODE_ACTIVE_LTS }} + # see https://github.com/actions/setup-node + uses: actions/setup-node@v3 + with: + node-version: ${{ env.NODE_ACTIVE_LTS }} + cache: "npm" + cache-dependency-path: "**/package-lock.json" + - name: install project + run: npm ci + - name: run lint + run: npm run lint diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 000000000..506652627 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,13 @@ +# docs: https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions + +name: Release + +on: + push: + branches: ["master"] # run auto-release via semantic-release? + workflow_dispatch: + +env: + NODE_ACTIVE_LTS: "16" + +jobs: # TODO write workflow diff --git a/.gitignore b/.gitignore new file mode 100644 index 000000000..0790dce15 --- /dev/null +++ b/.gitignore @@ -0,0 +1,134 @@ + + +### https://github.com/github/gitignore/blob/main/Node.gitignore + +# Logs +logs +*.log +npm-debug.log* +yarn-debug.log* +yarn-error.log* +lerna-debug.log* +.pnpm-debug.log* + +# Diagnostic reports (https://nodejs.org/api/report.html) +report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json + +# Runtime data +pids +*.pid +*.seed +*.pid.lock + +# Directory for instrumented libs generated by jscoverage/JSCover +lib-cov + +# Coverage directory used by tools like istanbul +coverage +*.lcov + +# nyc test coverage +.nyc_output + +# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files) +.grunt + +# Bower dependency directory (https://bower.io/) +bower_components + +# node-waf configuration +.lock-wscript + +# Compiled binary addons (https://nodejs.org/api/addons.html) +build/Release + +# Dependency directories +node_modules/ +jspm_packages/ + +# Snowpack dependency directory (https://snowpack.dev/) +web_modules/ + +# TypeScript cache +*.tsbuildinfo + +# Optional npm cache directory +.npm + +# Optional eslint cache +.eslintcache + +# Optional stylelint cache +.stylelintcache + +# Microbundle cache +.rpt2_cache/ +.rts2_cache_cjs/ +.rts2_cache_es/ +.rts2_cache_umd/ + +# Optional REPL history +.node_repl_history + +# Output of 'npm pack' +*.tgz + +# Yarn Integrity file +.yarn-integrity + +# dotenv environment variable files +.env +.env.development.local +.env.test.local +.env.production.local +.env.local + +# parcel-bundler cache (https://parceljs.org/) +.cache +.parcel-cache + +# Next.js build output +.next +out + +# Nuxt.js build / generate output +.nuxt +dist + +# Gatsby files +.cache/ +# Comment in the public line in if your project uses Gatsby and not Next.js +# https://nextjs.org/blog/next-9-1#public-directory-support +# public + +# vuepress build output +.vuepress/dist + +# vuepress v2.x temp and cache directory +.temp +.cache + +# Docusaurus cache and generated files +.docusaurus + +# Serverless directories +.serverless/ + +# FuseBox cache +.fusebox/ + +# DynamoDB Local files +.dynamodb/ + +# TernJS port file +.tern-port + +# Stores VSCode versions used for testing VSCode extensions +.vscode-test + +# yarn v2 +.yarn/cache +.yarn/unplugged +.yarn/build-state.yml +.yarn/install-state.gz +.pnp.* diff --git a/.npmignore b/.npmignore new file mode 100644 index 000000000..2ae0e76f0 --- /dev/null +++ b/.npmignore @@ -0,0 +1,15 @@ +# ignore dot-files/-folders +.* + +# project internals can be ignored +/CODEOWNERS + +# this file is part of the license +!/NOTICE + +# do not ignore the results - these are intended to be shipped +!/dist/ + +# ??? should the src/ and tests/ and build-related files be ignored? +# i think not, as typescript-users would love to have it. +# !!! see how other projects do it. diff --git a/CODEOWNERS b/CODEOWNERS new file mode 100644 index 000000000..a5ec908fe --- /dev/null +++ b/CODEOWNERS @@ -0,0 +1,6 @@ +# see https://docs.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners + + +# all maintainers are default-reviewers of new pull requests. +# see https://github.com/orgs/CycloneDX/teams/javascript-maintainers +* @CycloneDX/javascript-maintainers diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 000000000..80039cedf --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,28 @@ +# Contributing + +Pull requests are welcome. +But please read the +[CycloneDX contributing guidelines](https://github.com/CycloneDX/.github/blob/master/CONTRIBUTING.md) +first. + +## Setup + +```shell +npm install +``` + +## Tests + +```shell +npm run lint +npm run test +``` + +## Sign your commits + +Please sign your commits, +to show that you agree to publish your changes under the current terms and licenses of the project. + +```shell +git commit --signed-off ... +``` diff --git a/NOTICE b/NOTICE new file mode 100644 index 000000000..43f3df8d4 --- /dev/null +++ b/NOTICE @@ -0,0 +1,5 @@ +CycloneDX PHP Library +Copyright (c) Steve Springett + +This product includes software developed by the +CycloneDX community (https://cyclonedx.org/). diff --git a/package-lock.json b/package-lock.json new file mode 100644 index 000000000..00436ddaf --- /dev/null +++ b/package-lock.json @@ -0,0 +1,46 @@ +{ + "name": "cyclonedx-javascript-library", + "lockfileVersion": 2, + "requires": true, + "packages": { + "": { + "dependencies": { + "packageurl-js": "^0.0.5" + }, + "devDependencies": { + "typescript": "^4.6" + } + }, + "node_modules/packageurl-js": { + "version": "0.0.5", + "resolved": "https://registry.npmjs.org/packageurl-js/-/packageurl-js-0.0.5.tgz", + "integrity": "sha512-BISQVKLiu7EsWF5Qhx8OvX6K5vOfFcYuQBggFfrF2dHu+/Z2snuabilb0EyLvHZH0XXqbEz20pqFRonTt8z6QA==" + }, + "node_modules/typescript": { + "version": "4.6.2", + "resolved": "https://registry.npmjs.org/typescript/-/typescript-4.6.2.tgz", + "integrity": "sha512-HM/hFigTBHZhLXshn9sN37H085+hQGeJHJ/X7LpBWLID/fbc2acUMfU+lGD98X81sKP+pFa9f0DZmCwB9GnbAg==", + "dev": true, + "bin": { + "tsc": "bin/tsc", + "tsserver": "bin/tsserver" + }, + "engines": { + "node": ">=4.2.0" + } + } + }, + "dependencies": { + "packageurl-js": { + "version": "0.0.5", + "resolved": "https://registry.npmjs.org/packageurl-js/-/packageurl-js-0.0.5.tgz", + "integrity": "sha512-BISQVKLiu7EsWF5Qhx8OvX6K5vOfFcYuQBggFfrF2dHu+/Z2snuabilb0EyLvHZH0XXqbEz20pqFRonTt8z6QA==" + }, + "typescript": { + "version": "4.6.2", + "resolved": "https://registry.npmjs.org/typescript/-/typescript-4.6.2.tgz", + "integrity": "sha512-HM/hFigTBHZhLXshn9sN37H085+hQGeJHJ/X7LpBWLID/fbc2acUMfU+lGD98X81sKP+pFa9f0DZmCwB9GnbAg==", + "dev": true + } + } +} diff --git a/package.json b/package.json new file mode 100644 index 000000000..6ebbe6153 --- /dev/null +++ b/package.json @@ -0,0 +1,15 @@ +{ + "name": "@cyclonedx/cyclonedx-library", + "version": "0.0.1-alpha", + "dependencies": { + "packageurl-js": "^0.0.5" + }, + "devDependencies": { + "typescript": "^4.6" + }, + "scripts": { + "lint": "tsc --noEmit", + "build": "tsc --build", + "test": "echo 'todo: test dist/'" + } +} diff --git a/res/.editorconfig b/res/.editorconfig new file mode 100644 index 000000000..f78a1069c --- /dev/null +++ b/res/.editorconfig @@ -0,0 +1,10 @@ + +# fix settings for files that are copied over, to keep them as is +[*.SNAPSHOT.xsd] +indent_size = 4 +indent_style = space +trim_trailing_whitespace = false +[*.SNAPSHOT.schema.json] +indent_size = 2 +indent_style = space +trim_trailing_whitespace = false diff --git a/res/.gitattributes b/res/.gitattributes new file mode 100644 index 000000000..f72bcfb68 --- /dev/null +++ b/res/.gitattributes @@ -0,0 +1,7 @@ + +# snapshots are vendored for offline use +*.SNAPSHOT.* linguist-vendored + +# specs are vendored for offline use +*.xsd linguist-vendored +*.schema.json linguist-vendored \ No newline at end of file diff --git a/res/bom-1.4.SNAPSHOT.schema.json b/res/bom-1.4.SNAPSHOT.schema.json new file mode 100644 index 000000000..e9d511281 --- /dev/null +++ b/res/bom-1.4.SNAPSHOT.schema.json @@ -0,0 +1,1697 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "http://cyclonedx.org/schema/bom-1.4.schema.json", + "type": "object", + "title": "CycloneDX Software Bill of Materials Standard", + "$comment" : "CycloneDX JSON schema is published under the terms of the Apache License 2.0.", + "required": [ + "bomFormat", + "specVersion", + "version" + ], + "additionalProperties": false, + "properties": { + "$schema": { + "type": "string", + "enum": [ + "http://cyclonedx.org/schema/bom-1.4.schema.json" + ] + }, + "bomFormat": { + "type": "string", + "title": "BOM Format", + "description": "Specifies the format of the BOM. This helps to identify the file as CycloneDX since BOMs do not have a filename convention nor does JSON schema support namespaces. This value MUST be \"CycloneDX\".", + "enum": [ + "CycloneDX" + ] + }, + "specVersion": { + "type": "string", + "title": "CycloneDX Specification Version", + "description": "The version of the CycloneDX specification a BOM conforms to (starting at version 1.2).", + "examples": ["1.4"] + }, + "serialNumber": { + "type": "string", + "title": "BOM Serial Number", + "description": "Every BOM generated SHOULD have a unique serial number, even if the contents of the BOM have not changed over time. If specified, the serial number MUST conform to RFC-4122. Use of serial numbers are RECOMMENDED.", + "examples": ["urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79"], + "pattern": "^urn:uuid:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$" + }, + "version": { + "type": "integer", + "title": "BOM Version", + "description": "Whenever an existing BOM is modified, either manually or through automated processes, the version of the BOM SHOULD be incremented by 1. When a system is presented with multiple BOMs with identical serial numbers, the system SHOULD use the most recent version of the BOM. The default version is '1'.", + "default": 1, + "examples": [1] + }, + "metadata": { + "$ref": "#/definitions/metadata", + "title": "BOM Metadata", + "description": "Provides additional information about a BOM." + }, + "components": { + "type": "array", + "additionalItems": false, + "items": {"$ref": "#/definitions/component"}, + "uniqueItems": true, + "title": "Components", + "description": "A list of software and hardware components." + }, + "services": { + "type": "array", + "additionalItems": false, + "items": {"$ref": "#/definitions/service"}, + "uniqueItems": true, + "title": "Services", + "description": "A list of services. This may include microservices, function-as-a-service, and other types of network or intra-process services." + }, + "externalReferences": { + "type": "array", + "additionalItems": false, + "items": {"$ref": "#/definitions/externalReference"}, + "title": "External References", + "description": "External references provide a way to document systems, sites, and information that may be relevant but which are not included with the BOM." + }, + "dependencies": { + "type": "array", + "additionalItems": false, + "items": {"$ref": "#/definitions/dependency"}, + "uniqueItems": true, + "title": "Dependencies", + "description": "Provides the ability to document dependency relationships." + }, + "compositions": { + "type": "array", + "additionalItems": false, + "items": {"$ref": "#/definitions/compositions"}, + "uniqueItems": true, + "title": "Compositions", + "description": "Compositions describe constituent parts (including components, services, and dependency relationships) and their completeness." + }, + "vulnerabilities": { + "type": "array", + "additionalItems": false, + "items": {"$ref": "#/definitions/vulnerability"}, + "uniqueItems": true, + "title": "Vulnerabilities", + "description": "Vulnerabilities identified in components or services." + }, + "signature": { + "$ref": "#/definitions/signature", + "title": "Signature", + "description": "Enveloped signature in [JSON Signature Format (JSF)](https://cyberphone.github.io/doc/security/jsf.html)." + } + }, + "definitions": { + "refType": { + "$comment": "Identifier-DataType for interlinked elements.", + "type": "string" + }, + "metadata": { + "type": "object", + "title": "BOM Metadata Object", + "additionalProperties": false, + "properties": { + "timestamp": { + "type": "string", + "format": "date-time", + "title": "Timestamp", + "description": "The date and time (timestamp) when the BOM was created." + }, + "tools": { + "type": "array", + "title": "Creation Tools", + "description": "The tool(s) used in the creation of the BOM.", + "additionalItems": false, + "items": {"$ref": "#/definitions/tool"} + }, + "authors" :{ + "type": "array", + "title": "Authors", + "description": "The person(s) who created the BOM. Authors are common in BOMs created through manual processes. BOMs created through automated means may not have authors.", + "additionalItems": false, + "items": {"$ref": "#/definitions/organizationalContact"} + }, + "component": { + "title": "Component", + "description": "The component that the BOM describes.", + "$ref": "#/definitions/component" + }, + "manufacture": { + "title": "Manufacture", + "description": "The organization that manufactured the component that the BOM describes.", + "$ref": "#/definitions/organizationalEntity" + }, + "supplier": { + "title": "Supplier", + "description": " The organization that supplied the component that the BOM describes. The supplier may often be the manufacturer, but may also be a distributor or repackager.", + "$ref": "#/definitions/organizationalEntity" + }, + "licenses": { + "type": "array", + "title": "BOM License(s)", + "additionalItems": false, + "items": {"$ref": "#/definitions/licenseChoice"} + }, + "properties": { + "type": "array", + "title": "Properties", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL.", + "additionalItems": false, + "items": {"$ref": "#/definitions/property"} + } + } + }, + "tool": { + "type": "object", + "title": "Tool", + "description": "Information about the automated or manual tool used", + "additionalProperties": false, + "properties": { + "vendor": { + "type": "string", + "title": "Tool Vendor", + "description": "The name of the vendor who created the tool" + }, + "name": { + "type": "string", + "title": "Tool Name", + "description": "The name of the tool" + }, + "version": { + "type": "string", + "title": "Tool Version", + "description": "The version of the tool" + }, + "hashes": { + "type": "array", + "additionalItems": false, + "items": {"$ref": "#/definitions/hash"}, + "title": "Hashes", + "description": "The hashes of the tool (if applicable)." + }, + "externalReferences": { + "type": "array", + "additionalItems": false, + "items": {"$ref": "#/definitions/externalReference"}, + "title": "External References", + "description": "External references provide a way to document systems, sites, and information that may be relevant but which are not included with the BOM." + } + } + }, + "organizationalEntity": { + "type": "object", + "title": "Organizational Entity Object", + "description": "", + "additionalProperties": false, + "properties": { + "name": { + "type": "string", + "title": "Name", + "description": "The name of the organization", + "examples": [ + "Example Inc." + ] + }, + "url": { + "type": "array", + "items": { + "type": "string", + "format": "iri-reference" + }, + "title": "URL", + "description": "The URL of the organization. Multiple URLs are allowed.", + "examples": ["https://example.com"] + }, + "contact": { + "type": "array", + "title": "Contact", + "description": "A contact at the organization. Multiple contacts are allowed.", + "additionalItems": false, + "items": {"$ref": "#/definitions/organizationalContact"} + } + } + }, + "organizationalContact": { + "type": "object", + "title": "Organizational Contact Object", + "description": "", + "additionalProperties": false, + "properties": { + "name": { + "type": "string", + "title": "Name", + "description": "The name of a contact", + "examples": ["Contact name"] + }, + "email": { + "type": "string", + "format": "idn-email", + "title": "Email Address", + "description": "The email address of the contact.", + "examples": ["firstname.lastname@example.com"] + }, + "phone": { + "type": "string", + "title": "Phone", + "description": "The phone number of the contact.", + "examples": ["800-555-1212"] + } + } + }, + "component": { + "type": "object", + "title": "Component Object", + "required": [ + "type", + "name" + ], + "additionalProperties": false, + "properties": { + "type": { + "type": "string", + "enum": [ + "application", + "framework", + "library", + "container", + "operating-system", + "device", + "firmware", + "file" + ], + "title": "Component Type", + "description": "Specifies the type of component. For software components, classify as application if no more specific appropriate classification is available or cannot be determined for the component. Types include:\n\n* __application__ = A software application. Refer to [https://en.wikipedia.org/wiki/Application_software](https://en.wikipedia.org/wiki/Application_software) for information about applications.\n* __framework__ = A software framework. Refer to [https://en.wikipedia.org/wiki/Software_framework](https://en.wikipedia.org/wiki/Software_framework) for information on how frameworks vary slightly from libraries.\n* __library__ = A software library. Refer to [https://en.wikipedia.org/wiki/Library_(computing)](https://en.wikipedia.org/wiki/Library_(computing))\n for information about libraries. All third-party and open source reusable components will likely be a library. If the library also has key features of a framework, then it should be classified as a framework. If not, or is unknown, then specifying library is RECOMMENDED.\n* __container__ = A packaging and/or runtime format, not specific to any particular technology, which isolates software inside the container from software outside of a container through virtualization technology. Refer to [https://en.wikipedia.org/wiki/OS-level_virtualization](https://en.wikipedia.org/wiki/OS-level_virtualization)\n* __operating-system__ = A software operating system without regard to deployment model (i.e. installed on physical hardware, virtual machine, image, etc) Refer to [https://en.wikipedia.org/wiki/Operating_system](https://en.wikipedia.org/wiki/Operating_system)\n* __device__ = A hardware device such as a processor, or chip-set. A hardware device containing firmware SHOULD include a component for the physical hardware itself, and another component of type 'firmware' or 'operating-system' (whichever is relevant), describing information about the software running on the device.\n* __firmware__ = A special type of software that provides low-level control over a devices hardware. Refer to [https://en.wikipedia.org/wiki/Firmware](https://en.wikipedia.org/wiki/Firmware)\n* __file__ = A computer file. Refer to [https://en.wikipedia.org/wiki/Computer_file](https://en.wikipedia.org/wiki/Computer_file) for information about files.", + "examples": ["library"] + }, + "mime-type": { + "type": "string", + "title": "Mime-Type", + "description": "The optional mime-type of the component. When used on file components, the mime-type can provide additional context about the kind of file being represented such as an image, font, or executable. Some library or framework components may also have an associated mime-type.", + "examples": ["image/jpeg"], + "pattern": "^[-+a-z0-9.]+/[-+a-z0-9.]+$" + }, + "bom-ref": { + "$ref": "#/definitions/refType", + "title": "BOM Reference", + "description": "An optional identifier which can be used to reference the component elsewhere in the BOM. Every bom-ref MUST be unique within the BOM." + }, + "supplier": { + "title": "Component Supplier", + "description": " The organization that supplied the component. The supplier may often be the manufacturer, but may also be a distributor or repackager.", + "$ref": "#/definitions/organizationalEntity" + }, + "author": { + "type": "string", + "title": "Component Author", + "description": "The person(s) or organization(s) that authored the component", + "examples": ["Acme Inc"] + }, + "publisher": { + "type": "string", + "title": "Component Publisher", + "description": "The person(s) or organization(s) that published the component", + "examples": ["Acme Inc"] + }, + "group": { + "type": "string", + "title": "Component Group", + "description": "The grouping name or identifier. This will often be a shortened, single name of the company or project that produced the component, or the source package or domain name. Whitespace and special characters should be avoided. Examples include: apache, org.apache.commons, and apache.org.", + "examples": ["com.acme"] + }, + "name": { + "type": "string", + "title": "Component Name", + "description": "The name of the component. This will often be a shortened, single name of the component. Examples: commons-lang3 and jquery", + "examples": ["tomcat-catalina"] + }, + "version": { + "type": "string", + "title": "Component Version", + "description": "The component version. The version should ideally comply with semantic versioning but is not enforced.", + "examples": ["9.0.14"] + }, + "description": { + "type": "string", + "title": "Component Description", + "description": "Specifies a description for the component" + }, + "scope": { + "type": "string", + "enum": [ + "required", + "optional", + "excluded" + ], + "title": "Component Scope", + "description": "Specifies the scope of the component. If scope is not specified, 'required' scope SHOULD be assumed by the consumer of the BOM.", + "default": "required" + }, + "hashes": { + "type": "array", + "title": "Component Hashes", + "additionalItems": false, + "items": {"$ref": "#/definitions/hash"} + }, + "licenses": { + "type": "array", + "additionalItems": false, + "items": {"$ref": "#/definitions/licenseChoice"}, + "title": "Component License(s)" + }, + "copyright": { + "type": "string", + "title": "Component Copyright", + "description": "A copyright notice informing users of the underlying claims to copyright ownership in a published work.", + "examples": ["Acme Inc"] + }, + "cpe": { + "type": "string", + "title": "Component Common Platform Enumeration (CPE)", + "description": "Specifies a well-formed CPE name that conforms to the CPE 2.2 or 2.3 specification. See [https://nvd.nist.gov/products/cpe](https://nvd.nist.gov/products/cpe)", + "examples": ["cpe:2.3:a:acme:component_framework:-:*:*:*:*:*:*:*"] + }, + "purl": { + "type": "string", + "title": "Component Package URL (purl)", + "description": "Specifies the package-url (purl). The purl, if specified, MUST be valid and conform to the specification defined at: [https://github.com/package-url/purl-spec](https://github.com/package-url/purl-spec)", + "examples": ["pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar"] + }, + "swid": { + "$ref": "#/definitions/swid", + "title": "SWID Tag", + "description": "Specifies metadata and content for [ISO-IEC 19770-2 Software Identification (SWID) Tags](https://www.iso.org/standard/65666.html)." + }, + "modified": { + "type": "boolean", + "title": "Component Modified From Original", + "description": "[Deprecated] - DO NOT USE. This will be removed in a future version. Use the pedigree element instead to supply information on exactly how the component was modified. A boolean value indicating if the component has been modified from the original. A value of true indicates the component is a derivative of the original. A value of false indicates the component has not been modified from the original." + }, + "pedigree": { + "type": "object", + "title": "Component Pedigree", + "description": "Component pedigree is a way to document complex supply chain scenarios where components are created, distributed, modified, redistributed, combined with other components, etc. Pedigree supports viewing this complex chain from the beginning, the end, or anywhere in the middle. It also provides a way to document variants where the exact relation may not be known.", + "additionalProperties": false, + "properties": { + "ancestors": { + "type": "array", + "title": "Ancestors", + "description": "Describes zero or more components in which a component is derived from. This is commonly used to describe forks from existing projects where the forked version contains a ancestor node containing the original component it was forked from. For example, Component A is the original component. Component B is the component being used and documented in the BOM. However, Component B contains a pedigree node with a single ancestor documenting Component A - the original component from which Component B is derived from.", + "additionalItems": false, + "items": {"$ref": "#/definitions/component"} + }, + "descendants": { + "type": "array", + "title": "Descendants", + "description": "Descendants are the exact opposite of ancestors. This provides a way to document all forks (and their forks) of an original or root component.", + "additionalItems": false, + "items": {"$ref": "#/definitions/component"} + }, + "variants": { + "type": "array", + "title": "Variants", + "description": "Variants describe relations where the relationship between the components are not known. For example, if Component A contains nearly identical code to Component B. They are both related, but it is unclear if one is derived from the other, or if they share a common ancestor.", + "additionalItems": false, + "items": {"$ref": "#/definitions/component"} + }, + "commits": { + "type": "array", + "title": "Commits", + "description": "A list of zero or more commits which provide a trail describing how the component deviates from an ancestor, descendant, or variant.", + "additionalItems": false, + "items": {"$ref": "#/definitions/commit"} + }, + "patches": { + "type": "array", + "title": "Patches", + "description": ">A list of zero or more patches describing how the component deviates from an ancestor, descendant, or variant. Patches may be complimentary to commits or may be used in place of commits.", + "additionalItems": false, + "items": {"$ref": "#/definitions/patch"} + }, + "notes": { + "type": "string", + "title": "Notes", + "description": "Notes, observations, and other non-structured commentary describing the components pedigree." + } + } + }, + "externalReferences": { + "type": "array", + "additionalItems": false, + "items": {"$ref": "#/definitions/externalReference"}, + "title": "External References", + "description": "External references provide a way to document systems, sites, and information that may be relevant but which are not included with the BOM." + }, + "components": { + "type": "array", + "additionalItems": false, + "items": {"$ref": "#/definitions/component"}, + "uniqueItems": true, + "title": "Components", + "description": "A list of software and hardware components included in the parent component. This is not a dependency tree. It provides a way to specify a hierarchical representation of component assemblies, similar to system → subsystem → parts assembly in physical supply chains." + }, + "evidence": { + "$ref": "#/definitions/componentEvidence", + "title": "Evidence", + "description": "Provides the ability to document evidence collected through various forms of extraction or analysis." + }, + "releaseNotes": { + "$ref": "#/definitions/releaseNotes", + "title": "Release notes", + "description": "Specifies optional release notes." + }, + "properties": { + "type": "array", + "title": "Properties", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL.", + "additionalItems": false, + "items": {"$ref": "#/definitions/property"} + }, + "signature": { + "$ref": "#/definitions/signature", + "title": "Signature", + "description": "Enveloped signature in [JSON Signature Format (JSF)](https://cyberphone.github.io/doc/security/jsf.html)." + } + } + }, + "swid": { + "type": "object", + "title": "SWID Tag", + "description": "Specifies metadata and content for ISO-IEC 19770-2 Software Identification (SWID) Tags.", + "required": [ + "tagId", + "name" + ], + "additionalProperties": false, + "properties": { + "tagId": { + "type": "string", + "title": "Tag ID", + "description": "Maps to the tagId of a SoftwareIdentity." + }, + "name": { + "type": "string", + "title": "Name", + "description": "Maps to the name of a SoftwareIdentity." + }, + "version": { + "type": "string", + "title": "Version", + "default": "0.0", + "description": "Maps to the version of a SoftwareIdentity." + }, + "tagVersion": { + "type": "integer", + "title": "Tag Version", + "default": 0, + "description": "Maps to the tagVersion of a SoftwareIdentity." + }, + "patch": { + "type": "boolean", + "title": "Patch", + "default": false, + "description": "Maps to the patch of a SoftwareIdentity." + }, + "text": { + "title": "Attachment text", + "description": "Specifies the metadata and content of the SWID tag.", + "$ref": "#/definitions/attachment" + }, + "url": { + "type": "string", + "title": "URL", + "description": "The URL to the SWID file.", + "format": "iri-reference" + } + } + }, + "attachment": { + "type": "object", + "title": "Attachment", + "description": "Specifies the metadata and content for an attachment.", + "required": [ + "content" + ], + "additionalProperties": false, + "properties": { + "contentType": { + "type": "string", + "title": "Content-Type", + "description": "Specifies the content type of the text. Defaults to text/plain if not specified.", + "default": "text/plain" + }, + "encoding": { + "type": "string", + "title": "Encoding", + "description": "Specifies the optional encoding the text is represented in.", + "enum": [ + "base64" + ] + }, + "content": { + "type": "string", + "title": "Attachment Text", + "description": "The attachment data. Proactive controls such as input validation and sanitization should be employed to prevent misuse of attachment text." + } + } + }, + "hash": { + "type": "object", + "title": "Hash Objects", + "required": [ + "alg", + "content" + ], + "additionalProperties": false, + "properties": { + "alg": { + "$ref": "#/definitions/hash-alg" + }, + "content": { + "$ref": "#/definitions/hash-content" + } + } + }, + "hash-alg": { + "type": "string", + "enum": [ + "MD5", + "SHA-1", + "SHA-256", + "SHA-384", + "SHA-512", + "SHA3-256", + "SHA3-384", + "SHA3-512", + "BLAKE2b-256", + "BLAKE2b-384", + "BLAKE2b-512", + "BLAKE3" + ], + "title": "Hash Algorithm" + }, + "hash-content": { + "type": "string", + "title": "Hash Content (value)", + "examples": ["3942447fac867ae5cdb3229b658f4d48"], + "pattern": "^([a-fA-F0-9]{32}|[a-fA-F0-9]{40}|[a-fA-F0-9]{64}|[a-fA-F0-9]{96}|[a-fA-F0-9]{128})$" + }, + "license": { + "type": "object", + "title": "License Object", + "oneOf": [ + { + "required": ["id"] + }, + { + "required": ["name"] + } + ], + "additionalProperties": false, + "properties": { + "id": { + "$ref": "spdx.SNAPSHOT.schema.json", + "title": "License ID (SPDX)", + "description": "A valid SPDX license ID", + "examples": ["Apache-2.0"] + }, + "name": { + "type": "string", + "title": "License Name", + "description": "If SPDX does not define the license used, this field may be used to provide the license name", + "examples": ["Acme Software License"] + }, + "text": { + "title": "License text", + "description": "An optional way to include the textual content of a license.", + "$ref": "#/definitions/attachment" + }, + "url": { + "type": "string", + "title": "License URL", + "description": "The URL to the license file. If specified, a 'license' externalReference should also be specified for completeness", + "examples": ["https://www.apache.org/licenses/LICENSE-2.0.txt"], + "format": "iri-reference" + } + } + }, + "licenseChoice": { + "type": "object", + "title": "License(s)", + "additionalProperties": false, + "properties": { + "license": { + "$ref": "#/definitions/license" + }, + "expression": { + "type": "string", + "title": "SPDX License Expression", + "examples": [ + "Apache-2.0 AND (MIT OR GPL-2.0-only)", + "GPL-3.0-only WITH Classpath-exception-2.0" + ] + } + }, + "oneOf":[ + { + "required": ["license"] + }, + { + "required": ["expression"] + } + ] + }, + "commit": { + "type": "object", + "title": "Commit", + "description": "Specifies an individual commit", + "additionalProperties": false, + "properties": { + "uid": { + "type": "string", + "title": "UID", + "description": "A unique identifier of the commit. This may be version control specific. For example, Subversion uses revision numbers whereas git uses commit hashes." + }, + "url": { + "type": "string", + "title": "URL", + "description": "The URL to the commit. This URL will typically point to a commit in a version control system.", + "format": "iri-reference" + }, + "author": { + "title": "Author", + "description": "The author who created the changes in the commit", + "$ref": "#/definitions/identifiableAction" + }, + "committer": { + "title": "Committer", + "description": "The person who committed or pushed the commit", + "$ref": "#/definitions/identifiableAction" + }, + "message": { + "type": "string", + "title": "Message", + "description": "The text description of the contents of the commit" + } + } + }, + "patch": { + "type": "object", + "title": "Patch", + "description": "Specifies an individual patch", + "required": [ + "type" + ], + "additionalProperties": false, + "properties": { + "type": { + "type": "string", + "enum": [ + "unofficial", + "monkey", + "backport", + "cherry-pick" + ], + "title": "Type", + "description": "Specifies the purpose for the patch including the resolution of defects, security issues, or new behavior or functionality.\n\n* __unofficial__ = A patch which is not developed by the creators or maintainers of the software being patched. Refer to [https://en.wikipedia.org/wiki/Unofficial_patch](https://en.wikipedia.org/wiki/Unofficial_patch)\n* __monkey__ = A patch which dynamically modifies runtime behavior. Refer to [https://en.wikipedia.org/wiki/Monkey_patch](https://en.wikipedia.org/wiki/Monkey_patch)\n* __backport__ = A patch which takes code from a newer version of software and applies it to older versions of the same software. Refer to [https://en.wikipedia.org/wiki/Backporting](https://en.wikipedia.org/wiki/Backporting)\n* __cherry-pick__ = A patch created by selectively applying commits from other versions or branches of the same software." + }, + "diff": { + "title": "Diff", + "description": "The patch file (or diff) that show changes. Refer to [https://en.wikipedia.org/wiki/Diff](https://en.wikipedia.org/wiki/Diff)", + "$ref": "#/definitions/diff" + }, + "resolves": { + "type": "array", + "additionalItems": false, + "items": {"$ref": "#/definitions/issue"}, + "title": "Resolves", + "description": "A collection of issues the patch resolves" + } + } + }, + "diff": { + "type": "object", + "title": "Diff", + "description": "The patch file (or diff) that show changes. Refer to https://en.wikipedia.org/wiki/Diff", + "additionalProperties": false, + "properties": { + "text": { + "title": "Diff text", + "description": "Specifies the optional text of the diff", + "$ref": "#/definitions/attachment" + }, + "url": { + "type": "string", + "title": "URL", + "description": "Specifies the URL to the diff", + "format": "iri-reference" + } + } + }, + "issue": { + "type": "object", + "title": "Diff", + "description": "An individual issue that has been resolved.", + "required": [ + "type" + ], + "additionalProperties": false, + "properties": { + "type": { + "type": "string", + "enum": [ + "defect", + "enhancement", + "security" + ], + "title": "Type", + "description": "Specifies the type of issue" + }, + "id": { + "type": "string", + "title": "ID", + "description": "The identifier of the issue assigned by the source of the issue" + }, + "name": { + "type": "string", + "title": "Name", + "description": "The name of the issue" + }, + "description": { + "type": "string", + "title": "Description", + "description": "A description of the issue" + }, + "source": { + "type": "object", + "title": "Source", + "description": "The source of the issue where it is documented", + "additionalProperties": false, + "properties": { + "name": { + "type": "string", + "title": "Name", + "description": "The name of the source. For example 'National Vulnerability Database', 'NVD', and 'Apache'" + }, + "url": { + "type": "string", + "title": "URL", + "description": "The url of the issue documentation as provided by the source", + "format": "iri-reference" + } + } + }, + "references": { + "type": "array", + "items": { + "type": "string", + "format": "iri-reference" + }, + "title": "References", + "description": "A collection of URL's for reference. Multiple URLs are allowed.", + "examples": ["https://example.com"] + } + } + }, + "identifiableAction": { + "type": "object", + "title": "Identifiable Action", + "description": "Specifies an individual commit", + "additionalProperties": false, + "properties": { + "timestamp": { + "type": "string", + "format": "date-time", + "title": "Timestamp", + "description": "The timestamp in which the action occurred" + }, + "name": { + "type": "string", + "title": "Name", + "description": "The name of the individual who performed the action" + }, + "email": { + "type": "string", + "format": "idn-email", + "title": "E-mail", + "description": "The email address of the individual who performed the action" + } + } + }, + "externalReference": { + "type": "object", + "title": "External Reference", + "description": "Specifies an individual external reference", + "required": [ + "url", + "type" + ], + "additionalProperties": false, + "properties": { + "url": { + "type": "string", + "title": "URL", + "description": "The URL to the external reference", + "format": "iri-reference" + }, + "comment": { + "type": "string", + "title": "Comment", + "description": "An optional comment describing the external reference" + }, + "type": { + "type": "string", + "title": "Type", + "description": "Specifies the type of external reference. There are built-in types to describe common references. If a type does not exist for the reference being referred to, use the \"other\" type.", + "enum": [ + "vcs", + "issue-tracker", + "website", + "advisories", + "bom", + "mailing-list", + "social", + "chat", + "documentation", + "support", + "distribution", + "license", + "build-meta", + "build-system", + "release-notes", + "other" + ] + }, + "hashes": { + "type": "array", + "additionalItems": false, + "items": {"$ref": "#/definitions/hash"}, + "title": "Hashes", + "description": "The hashes of the external reference (if applicable)." + } + } + }, + "dependency": { + "type": "object", + "title": "Dependency", + "description": "Defines the direct dependencies of a component. Components that do not have their own dependencies MUST be declared as empty elements within the graph. Components that are not represented in the dependency graph MAY have unknown dependencies. It is RECOMMENDED that implementations assume this to be opaque and not an indicator of a component being dependency-free.", + "required": [ + "ref" + ], + "additionalProperties": false, + "properties": { + "ref": { + "$ref": "#/definitions/refType", + "title": "Reference", + "description": "References a component by the components bom-ref attribute" + }, + "dependsOn": { + "type": "array", + "uniqueItems": true, + "additionalItems": false, + "items": { + "$ref": "#/definitions/refType" + }, + "title": "Depends On", + "description": "The bom-ref identifiers of the components that are dependencies of this dependency object." + } + } + }, + "service": { + "type": "object", + "title": "Service Object", + "required": [ + "name" + ], + "additionalProperties": false, + "properties": { + "bom-ref": { + "$ref": "#/definitions/refType", + "title": "BOM Reference", + "description": "An optional identifier which can be used to reference the service elsewhere in the BOM. Every bom-ref MUST be unique within the BOM." + }, + "provider": { + "title": "Provider", + "description": "The organization that provides the service.", + "$ref": "#/definitions/organizationalEntity" + }, + "group": { + "type": "string", + "title": "Service Group", + "description": "The grouping name, namespace, or identifier. This will often be a shortened, single name of the company or project that produced the service or domain name. Whitespace and special characters should be avoided.", + "examples": ["com.acme"] + }, + "name": { + "type": "string", + "title": "Service Name", + "description": "The name of the service. This will often be a shortened, single name of the service.", + "examples": ["ticker-service"] + }, + "version": { + "type": "string", + "title": "Service Version", + "description": "The service version.", + "examples": ["1.0.0"] + }, + "description": { + "type": "string", + "title": "Service Description", + "description": "Specifies a description for the service" + }, + "endpoints": { + "type": "array", + "items": { + "type": "string", + "format": "iri-reference" + }, + "title": "Endpoints", + "description": "The endpoint URIs of the service. Multiple endpoints are allowed.", + "examples": ["https://example.com/api/v1/ticker"] + }, + "authenticated": { + "type": "boolean", + "title": "Authentication Required", + "description": "A boolean value indicating if the service requires authentication. A value of true indicates the service requires authentication prior to use. A value of false indicates the service does not require authentication." + }, + "x-trust-boundary": { + "type": "boolean", + "title": "Crosses Trust Boundary", + "description": "A boolean value indicating if use of the service crosses a trust zone or boundary. A value of true indicates that by using the service, a trust boundary is crossed. A value of false indicates that by using the service, a trust boundary is not crossed." + }, + "data": { + "type": "array", + "additionalItems": false, + "items": {"$ref": "#/definitions/dataClassification"}, + "title": "Data Classification", + "description": "Specifies the data classification." + }, + "licenses": { + "type": "array", + "additionalItems": false, + "items": {"$ref": "#/definitions/licenseChoice"}, + "title": "Component License(s)" + }, + "externalReferences": { + "type": "array", + "additionalItems": false, + "items": {"$ref": "#/definitions/externalReference"}, + "title": "External References", + "description": "External references provide a way to document systems, sites, and information that may be relevant but which are not included with the BOM." + }, + "services": { + "type": "array", + "additionalItems": false, + "items": {"$ref": "#/definitions/service"}, + "uniqueItems": true, + "title": "Services", + "description": "A list of services included or deployed behind the parent service. This is not a dependency tree. It provides a way to specify a hierarchical representation of service assemblies." + }, + "releaseNotes": { + "$ref": "#/definitions/releaseNotes", + "title": "Release notes", + "description": "Specifies optional release notes." + }, + "properties": { + "type": "array", + "title": "Properties", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL.", + "additionalItems": false, + "items": {"$ref": "#/definitions/property"} + }, + "signature": { + "$ref": "#/definitions/signature", + "title": "Signature", + "description": "Enveloped signature in [JSON Signature Format (JSF)](https://cyberphone.github.io/doc/security/jsf.html)." + } + } + }, + "dataClassification": { + "type": "object", + "title": "Hash Objects", + "required": [ + "flow", + "classification" + ], + "additionalProperties": false, + "properties": { + "flow": { + "$ref": "#/definitions/dataFlow", + "title": "Directional Flow", + "description": "Specifies the flow direction of the data. Direction is relative to the service. Inbound flow states that data enters the service. Outbound flow states that data leaves the service. Bi-directional states that data flows both ways, and unknown states that the direction is not known." + }, + "classification": { + "type": "string", + "title": "Classification", + "description": "Data classification tags data according to its type, sensitivity, and value if altered, stolen, or destroyed." + } + } + }, + "dataFlow": { + "type": "string", + "enum": [ + "inbound", + "outbound", + "bi-directional", + "unknown" + ], + "title": "Data flow direction", + "description": "Specifies the flow direction of the data. Direction is relative to the service. Inbound flow states that data enters the service. Outbound flow states that data leaves the service. Bi-directional states that data flows both ways, and unknown states that the direction is not known." + }, + + "copyright": { + "type": "object", + "title": "Copyright", + "required": [ + "text" + ], + "additionalProperties": false, + "properties": { + "text": { + "type": "string", + "title": "Copyright Text" + } + } + }, + + "componentEvidence": { + "type": "object", + "title": "Evidence", + "description": "Provides the ability to document evidence collected through various forms of extraction or analysis.", + "additionalProperties": false, + "properties": { + "licenses": { + "type": "array", + "additionalItems": false, + "items": {"$ref": "#/definitions/licenseChoice"}, + "title": "Component License(s)" + }, + "copyright": { + "type": "array", + "additionalItems": false, + "items": {"$ref": "#/definitions/copyright"}, + "title": "Copyright" + } + } + }, + "compositions": { + "type": "object", + "title": "Compositions", + "required": [ + "aggregate" + ], + "additionalProperties": false, + "properties": { + "aggregate": { + "$ref": "#/definitions/aggregateType", + "title": "Aggregate", + "description": "Specifies an aggregate type that describe how complete a relationship is." + }, + "assemblies": { + "type": "array", + "uniqueItems": true, + "items": { + "type": "string" + }, + "title": "BOM references", + "description": "The bom-ref identifiers of the components or services being described. Assemblies refer to nested relationships whereby a constituent part may include other constituent parts. References do not cascade to child parts. References are explicit for the specified constituent part only." + }, + "dependencies": { + "type": "array", + "uniqueItems": true, + "items": { + "type": "string" + }, + "title": "BOM references", + "description": "The bom-ref identifiers of the components or services being described. Dependencies refer to a relationship whereby an independent constituent part requires another independent constituent part. References do not cascade to transitive dependencies. References are explicit for the specified dependency only." + }, + "signature": { + "$ref": "#/definitions/signature", + "title": "Signature", + "description": "Enveloped signature in [JSON Signature Format (JSF)](https://cyberphone.github.io/doc/security/jsf.html)." + } + } + }, + "aggregateType": { + "type": "string", + "default": "not_specified", + "enum": [ + "complete", + "incomplete", + "incomplete_first_party_only", + "incomplete_third_party_only", + "unknown", + "not_specified" + ] + }, + "property": { + "type": "object", + "title": "Lightweight name-value pair", + "properties": { + "name": { + "type": "string", + "title": "Name", + "description": "The name of the property. Duplicate names are allowed, each potentially having a different value." + }, + "value": { + "type": "string", + "title": "Value", + "description": "The value of the property." + } + } + }, + "localeType": { + "type": "string", + "pattern": "^([a-z]{2})(-[A-Z]{2})?$", + "title": "Locale", + "description": "Defines a syntax for representing two character language code (ISO-639) followed by an optional two character country code. The language code MUST be lower case. If the country code is specified, the country code MUST be upper case. The language code and country code MUST be separated by a minus sign. Examples: en, en-US, fr, fr-CA" + }, + "releaseType": { + "type": "string", + "examples": [ + "major", + "minor", + "patch", + "pre-release", + "internal" + ], + "description": "The software versioning type. It is RECOMMENDED that the release type use one of 'major', 'minor', 'patch', 'pre-release', or 'internal'. Representing all possible software release types is not practical, so standardizing on the recommended values, whenever possible, is strongly encouraged.\n\n* __major__ = A major release may contain significant changes or may introduce breaking changes.\n* __minor__ = A minor release, also known as an update, may contain a smaller number of changes than major releases.\n* __patch__ = Patch releases are typically unplanned and may resolve defects or important security issues.\n* __pre-release__ = A pre-release may include alpha, beta, or release candidates and typically have limited support. They provide the ability to preview a release prior to its general availability.\n* __internal__ = Internal releases are not for public consumption and are intended to be used exclusively by the project or manufacturer that produced it." + }, + "note": { + "type": "object", + "title": "Note", + "description": "A note containing the locale and content.", + "required": [ + "text" + ], + "additionalProperties": false, + "properties": { + "locale": { + "$ref": "#/definitions/localeType", + "title": "Locale", + "description": "The ISO-639 (or higher) language code and optional ISO-3166 (or higher) country code. Examples include: \"en\", \"en-US\", \"fr\" and \"fr-CA\"" + }, + "text": { + "title": "Release note content", + "description": "Specifies the full content of the release note.", + "$ref": "#/definitions/attachment" + } + } + }, + "releaseNotes": { + "type": "object", + "title": "Release notes", + "required": [ + "type" + ], + "additionalProperties": false, + "properties": { + "type": { + "$ref": "#/definitions/releaseType", + "title": "Type", + "description": "The software versioning type the release note describes." + }, + "title": { + "type": "string", + "title": "Title", + "description": "The title of the release." + }, + "featuredImage": { + "type": "string", + "format": "iri-reference", + "title": "Featured image", + "description": "The URL to an image that may be prominently displayed with the release note." + }, + "socialImage": { + "type": "string", + "format": "iri-reference", + "title": "Social image", + "description": "The URL to an image that may be used in messaging on social media platforms." + }, + "description": { + "type": "string", + "title": "Description", + "description": "A short description of the release." + }, + "timestamp": { + "type": "string", + "format": "date-time", + "title": "Timestamp", + "description": "The date and time (timestamp) when the release note was created." + }, + "aliases": { + "type": "array", + "items": { + "type": "string" + }, + "title": "Aliases", + "description": "One or more alternate names the release may be referred to. This may include unofficial terms used by development and marketing teams (e.g. code names)." + }, + "tags": { + "type": "array", + "items": { + "type": "string" + }, + "title": "Tags", + "description": "One or more tags that may aid in search or retrieval of the release note." + }, + "resolves": { + "type": "array", + "additionalItems": false, + "items": {"$ref": "#/definitions/issue"}, + "title": "Resolves", + "description": "A collection of issues that have been resolved." + }, + "notes": { + "type": "array", + "additionalItems": false, + "items": {"$ref": "#/definitions/note"}, + "title": "Notes", + "description": "Zero or more release notes containing the locale and content. Multiple note objects may be specified to support release notes in a wide variety of languages." + }, + "properties": { + "type": "array", + "title": "Properties", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL.", + "additionalItems": false, + "items": {"$ref": "#/definitions/property"} + } + } + }, + "advisory": { + "type": "object", + "title": "Advisory", + "description": "Title and location where advisory information can be obtained. An advisory is a notification of a threat to a component, service, or system.", + "required": ["url"], + "additionalProperties": false, + "properties": { + "title": { + "type": "string", + "title": "Title", + "description": "An optional name of the advisory." + }, + "url": { + "type": "string", + "title": "URL", + "format": "iri-reference", + "description": "Location where the advisory can be obtained." + } + } + }, + "cwe": { + "type": "integer", + "minimum": 1, + "title": "CWE", + "description": "Integer representation of a Common Weaknesses Enumerations (CWE). For example 399 (of https://cwe.mitre.org/data/definitions/399.html)" + }, + "severity": { + "type": "string", + "title": "Severity", + "description": "Textual representation of the severity of the vulnerability adopted by the analysis method. If the analysis method uses values other than what is provided, the user is expected to translate appropriately.", + "enum": [ + "critical", + "high", + "medium", + "low", + "info", + "none", + "unknown" + ] + }, + "scoreMethod": { + "type": "string", + "title": "Method", + "description": "Specifies the severity or risk scoring methodology or standard used.\n\n* CVSSv2 - [Common Vulnerability Scoring System v2](https://www.first.org/cvss/v2/)\n* CVSSv3 - [Common Vulnerability Scoring System v3](https://www.first.org/cvss/v3-0/)\n* CVSSv31 - [Common Vulnerability Scoring System v3.1](https://www.first.org/cvss/v3-1/)\n* OWASP - [OWASP Risk Rating Methodology](https://owasp.org/www-community/OWASP_Risk_Rating_Methodology)", + "enum": [ + "CVSSv2", + "CVSSv3", + "CVSSv31", + "OWASP", + "other" + ] + }, + "impactAnalysisState": { + "type": "string", + "title": "Impact Analysis State", + "description": "Declares the current state of an occurrence of a vulnerability, after automated or manual analysis. \n\n* __resolved__ = the vulnerability has been remediated. \n* __resolved\\_with\\_pedigree__ = the vulnerability has been remediated and evidence of the changes are provided in the affected components pedigree containing verifiable commit history and/or diff(s). \n* __exploitable__ = the vulnerability may be directly or indirectly exploitable. \n* __in\\_triage__ = the vulnerability is being investigated. \n* __false\\_positive__ = the vulnerability is not specific to the component or service and was falsely identified or associated. \n* __not\\_affected__ = the component or service is not affected by the vulnerability. Justification should be specified for all not_affected cases.", + "enum": [ + "resolved", + "resolved_with_pedigree", + "exploitable", + "in_triage", + "false_positive", + "not_affected" + ] + }, + "impactAnalysisJustification": { + "type": "string", + "title": "Impact Analysis Justification", + "description": "The rationale of why the impact analysis state was asserted. \n\n* __code\\_not\\_present__ = the code has been removed or tree-shaked. \n* __code\\_not\\_reachable__ = the vulnerable code is not invoked at runtime. \n* __requires\\_configuration__ = exploitability requires a configurable option to be set/unset. \n* __requires\\_dependency__ = exploitability requires a dependency that is not present. \n* __requires\\_environment__ = exploitability requires a certain environment which is not present. \n* __protected\\_by\\_compiler__ = exploitability requires a compiler flag to be set/unset. \n* __protected\\_at\\_runtime__ = exploits are prevented at runtime. \n* __protected\\_at\\_perimeter__ = attacks are blocked at physical, logical, or network perimeter. \n* __protected\\_by\\_mitigating\\_control__ = preventative measures have been implemented that reduce the likelihood and/or impact of the vulnerability.", + "enum": [ + "code_not_present", + "code_not_reachable", + "requires_configuration", + "requires_dependency", + "requires_environment", + "protected_by_compiler", + "protected_at_runtime", + "protected_at_perimeter", + "protected_by_mitigating_control" + ] + }, + "rating": { + "type": "object", + "title": "Rating", + "description": "Defines the severity or risk ratings of a vulnerability.", + "additionalProperties": false, + "properties": { + "source": { + "$ref": "#/definitions/vulnerabilitySource", + "description": "The source that calculated the severity or risk rating of the vulnerability." + }, + "score": { + "type": "number", + "title": "Score", + "description": "The numerical score of the rating." + }, + "severity": { + "$ref": "#/definitions/severity", + "description": "Textual representation of the severity that corresponds to the numerical score of the rating." + }, + "method": { + "$ref": "#/definitions/scoreMethod" + }, + "vector": { + "type": "string", + "title": "Vector", + "description": "Textual representation of the metric values used to score the vulnerability" + }, + "justification": { + "type": "string", + "title": "Justification", + "description": "An optional reason for rating the vulnerability as it was" + } + } + }, + "vulnerabilitySource": { + "type": "object", + "title": "Source", + "description": "The source of vulnerability information. This is often the organization that published the vulnerability.", + "additionalProperties": false, + "properties": { + "url": { + "type": "string", + "title": "URL", + "description": "The url of the vulnerability documentation as provided by the source.", + "examples": [ + "https://nvd.nist.gov/vuln/detail/CVE-2021-39182" + ] + }, + "name": { + "type": "string", + "title": "Name", + "description": "The name of the source.", + "examples": [ + "NVD", + "National Vulnerability Database", + "OSS Index", + "VulnDB", + "GitHub Advisories" + ] + } + } + }, + "vulnerability": { + "type": "object", + "title": "Vulnerability", + "description": "Defines a weakness in an component or service that could be exploited or triggered by a threat source.", + "additionalProperties": false, + "properties": { + "bom-ref": { + "$ref": "#/definitions/refType", + "title": "BOM Reference", + "description": "An optional identifier which can be used to reference the vulnerability elsewhere in the BOM. Every bom-ref MUST be unique within the BOM." + }, + "id": { + "type": "string", + "title": "ID", + "description": "The identifier that uniquely identifies the vulnerability.", + "examples": [ + "CVE-2021-39182", + "GHSA-35m5-8cvj-8783", + "SNYK-PYTHON-ENROCRYPT-1912876" + ] + }, + "source": { + "$ref": "#/definitions/vulnerabilitySource", + "description": "The source that published the vulnerability." + }, + "references": { + "type": "array", + "title": "References", + "description": "Zero or more pointers to vulnerabilities that are the equivalent of the vulnerability specified. Often times, the same vulnerability may exist in multiple sources of vulnerability intelligence, but have different identifiers. References provide a way to correlate vulnerabilities across multiple sources of vulnerability intelligence.", + "additionalItems": false, + "items": { + "required": [ + "id", + "source" + ], + "additionalProperties": false, + "properties": { + "id": { + "type": "string", + "title": "ID", + "description": "An identifier that uniquely identifies the vulnerability.", + "examples": [ + "CVE-2021-39182", + "GHSA-35m5-8cvj-8783", + "SNYK-PYTHON-ENROCRYPT-1912876" + ] + }, + "source": { + "$ref": "#/definitions/vulnerabilitySource", + "description": "The source that published the vulnerability." + } + } + } + }, + "ratings": { + "type": "array", + "title": "Ratings", + "description": "List of vulnerability ratings", + "additionalItems": false, + "items": { + "$ref": "#/definitions/rating" + } + }, + "cwes": { + "type": "array", + "title": "CWEs", + "description": "List of Common Weaknesses Enumerations (CWEs) codes that describes this vulnerability. For example 399 (of https://cwe.mitre.org/data/definitions/399.html)", + "examples": ["399"], + "additionalItems": false, + "items": { + "$ref": "#/definitions/cwe" + } + }, + "description": { + "type": "string", + "title": "Description", + "description": "A description of the vulnerability as provided by the source." + }, + "detail": { + "type": "string", + "title": "Details", + "description": "If available, an in-depth description of the vulnerability as provided by the source organization. Details often include examples, proof-of-concepts, and other information useful in understanding root cause." + }, + "recommendation": { + "type": "string", + "title": "Details", + "description": "Recommendations of how the vulnerability can be remediated or mitigated." + }, + "advisories": { + "type": "array", + "title": "Advisories", + "description": "Published advisories of the vulnerability if provided.", + "additionalItems": false, + "items": { + "$ref": "#/definitions/advisory" + } + }, + "created": { + "type": "string", + "format": "date-time", + "title": "Created", + "description": "The date and time (timestamp) when the vulnerability record was created in the vulnerability database." + }, + "published": { + "type": "string", + "format": "date-time", + "title": "Published", + "description": "The date and time (timestamp) when the vulnerability record was first published." + }, + "updated": { + "type": "string", + "format": "date-time", + "title": "Updated", + "description": "The date and time (timestamp) when the vulnerability record was last updated." + }, + "credits": { + "type": "object", + "title": "Credits", + "description": "Individuals or organizations credited with the discovery of the vulnerability.", + "additionalProperties": false, + "properties": { + "organizations": { + "type": "array", + "title": "Organizations", + "description": "The organizations credited with vulnerability discovery.", + "additionalItems": false, + "items": { + "$ref": "#/definitions/organizationalEntity" + } + }, + "individuals": { + "type": "array", + "title": "Individuals", + "description": "The individuals, not associated with organizations, that are credited with vulnerability discovery.", + "additionalItems": false, + "items": { + "$ref": "#/definitions/organizationalContact" + } + } + } + }, + "tools": { + "type": "array", + "title": "Creation Tools", + "description": "The tool(s) used to identify, confirm, or score the vulnerability.", + "additionalItems": false, + "items": {"$ref": "#/definitions/tool"} + }, + "analysis": { + "type": "object", + "title": "Impact Analysis", + "description": "An assessment of the impact and exploitability of the vulnerability.", + "additionalProperties": false, + "properties": { + "state": { + "$ref": "#/definitions/impactAnalysisState" + }, + "justification": { + "$ref": "#/definitions/impactAnalysisJustification" + }, + "response": { + "type": "array", + "title": "Response", + "description": "A response to the vulnerability by the manufacturer, supplier, or project responsible for the affected component or service. More than one response is allowed. Responses are strongly encouraged for vulnerabilities where the analysis state is exploitable.", + "additionalItems": false, + "items": { + "type": "string", + "enum": [ + "can_not_fix", + "will_not_fix", + "update", + "rollback", + "workaround_available" + ] + } + }, + "detail": { + "type": "string", + "title": "Detail", + "description": "Detailed description of the impact including methods used during assessment. If a vulnerability is not exploitable, this field should include specific details on why the component or service is not impacted by this vulnerability." + } + } + }, + "affects": { + "type": "array", + "uniqueItems": true, + "additionalItems": false, + "items": { + "required": [ + "ref" + ], + "additionalProperties": false, + "properties": { + "ref": { + "$ref": "#/definitions/refType", + "title": "Reference", + "description": "References a component or service by the objects bom-ref" + }, + "versions": { + "type": "array", + "title": "Versions", + "description": "Zero or more individual versions or range of versions.", + "additionalItems": false, + "items": { + "oneOf": [ + { + "required": ["version"] + }, + { + "required": ["range"] + } + ], + "additionalProperties": false, + "properties": { + "version": { + "description": "A single version of a component or service.", + "$ref": "#/definitions/version" + }, + "range": { + "description": "A version range specified in Package URL Version Range syntax (vers) which is defined at https://github.com/package-url/purl-spec/VERSION-RANGE-SPEC.rst", + "$ref": "#/definitions/version" + }, + "status": { + "description": "The vulnerability status for the version or range of versions.", + "$ref": "#/definitions/affectedStatus", + "default": "affected" + } + } + } + } + } + }, + "title": "Affects", + "description": "The components or services that are affected by the vulnerability." + }, + "properties": { + "type": "array", + "title": "Properties", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL.", + "additionalItems": false, + "items": { + "$ref": "#/definitions/property" + } + } + } + }, + "affectedStatus": { + "description": "The vulnerability status of a given version or range of versions of a product. The statuses 'affected' and 'unaffected' indicate that the version is affected or unaffected by the vulnerability. The status 'unknown' indicates that it is unknown or unspecified whether the given version is affected. There can be many reasons for an 'unknown' status, including that an investigation has not been undertaken or that a vendor has not disclosed the status.", + "type": "string", + "enum": [ + "affected", + "unaffected", + "unknown" + ] + }, + "version": { + "description": "A single version of a component or service.", + "type": "string", + "minLength": 1, + "maxLength": 1024 + }, + "range": { + "description": "A version range specified in Package URL Version Range syntax (vers) which is defined at https://github.com/package-url/purl-spec/VERSION-RANGE-SPEC.rst", + "type": "string", + "minLength": 1, + "maxLength": 1024 + }, + "signature": { + "$ref": "jsf-0.82.schema.json#/definitions/signature", + "title": "Signature", + "description": "Enveloped signature in [JSON Signature Format (JSF)](https://cyberphone.github.io/doc/security/jsf.html)." + } + } +} diff --git a/res/bom-1.4.SNAPSHOT.xsd b/res/bom-1.4.SNAPSHOT.xsd new file mode 100644 index 000000000..ba2fb3b0b --- /dev/null +++ b/res/bom-1.4.SNAPSHOT.xsd @@ -0,0 +1,2407 @@ + + + + + + + + + CycloneDX Software Bill of Materials Standard + https://cyclonedx.org/ + Apache License, Version 2.0 + + + + + + Identifier-DataType for interlinked elements. + + + + + + + + + The date and time (timestamp) when the BOM was created. + + + + + The tool(s) used in the creation of the BOM. + + + + + + + + + + The person(s) who created the BOM. Authors are common in BOMs created through + manual processes. BOMs created through automated means may not have authors. + + + + + + + + + + The component that the BOM describes. + + + + + The organization that manufactured the component that the BOM describes. + + + + + The organization that supplied the component that the BOM describes. The + supplier may often be the manufacturer, but may also be a distributor or repackager. + + + + + + Provides the ability to document properties in a key/value store. + This provides flexibility to include data not officially supported in the standard + without having to use additional namespaces or create extensions. Property names + of interest to the general public are encouraged to be registered in the + CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. + Formal registration is OPTIONAL. + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + The name of the organization + + + + + The URL of the organization. Multiple URLs are allowed. + + + + + A contact person at the organization. Multiple contacts are allowed. + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + Information about the automated or manual tool used + + + + + The name of the vendor who created the tool + + + + + The name of the tool + + + + + The version of the tool + + + + + + + + + + + + Provides the ability to document external references related to the tool. + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + The name of the contact + + + + + The email address of the contact. + + + + + The phone number of the contact. + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + The organization that supplied the component. The supplier may often + be the manufacturer, but may also be a distributor or repackager. + + + + + The person(s) or organization(s) that authored the component + + + + + The person(s) or organization(s) that published the component + + + + + The grouping name or identifier. This will often be a shortened, single + name of the company or project that produced the component, or the source package or + domain name. Whitespace and special characters should be avoided. Examples include: + apache, org.apache.commons, and apache.org. + + + + + The name of the component. This will often be a shortened, single name + of the component. Examples: commons-lang3 and jquery + + + + + The component version. The version should ideally comply with semantic versioning + but is not enforced. + + + + + Specifies a description for the component + + + + + Specifies the scope of the component. If scope is not specified, 'required' + scope SHOULD be assumed by the consumer of the BOM. + + + + + + + + + + + + + A copyright notice informing users of the underlying claims to + copyright ownership in a published work. + + + + + + Specifies a well-formed CPE name that conforms to the CPE 2.2 or 2.3 specification. See https://nvd.nist.gov/products/cpe + + + + + + + Specifies the package-url (purl). The purl, if specified, MUST be valid and conform + to the specification defined at: https://github.com/package-url/purl-spec + + + + + + + Specifies metadata and content for ISO-IEC 19770-2 Software Identification (SWID) Tags. + + + + + + + DEPRECATED - DO NOT USE. This will be removed in a future version. Use the pedigree + element instead to supply information on exactly how the component was modified. + A boolean value indicating if the component has been modified from the original. + A value of true indicates the component is a derivative of the original. + A value of false indicates the component has not been modified from the original. + + + + + + + Component pedigree is a way to document complex supply chain scenarios where components are + created, distributed, modified, redistributed, combined with other components, etc. + + + + + + Provides the ability to document external references related to the + component or to the project the component describes. + + + + + Provides the ability to document properties in a key/value store. + This provides flexibility to include data not officially supported in the standard + without having to use additional namespaces or create extensions. Property names + of interest to the general public are encouraged to be registered in the + CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. + Formal registration is OPTIONAL. + + + + + + A list of software and hardware components included in the parent component. This is not a + dependency tree. It provides a way to specify a hierarchical representation of component + assemblies, similar to system -> subsystem -> parts assembly in physical supply chains. + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + + Provides the ability to document evidence collected through various forms of extraction or analysis. + + + + + Specifies optional release notes. + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + Specifies the type of component. For software components, classify as application if no more + specific appropriate classification is available or cannot be determined for the component. + + + + + + + The OPTIONAL mime-type of the component. When used on file components, the mime-type + can provide additional context about the kind of file being represented such as an image, + font, or executable. Some library or framework components may also have an associated mime-type. + + + + + + + An optional identifier which can be used to reference the component elsewhere in the BOM. + Uniqueness is enforced within all elements and children of the root-level bom element. + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + + A valid SPDX license ID + + + + + If SPDX does not define the license used, this field may be used to provide the license name + + + + + + Specifies the optional full text of the attachment + + + + + The URL to the attachment file. If the attachment is a license or BOM, + an externalReference should also be specified for completeness. + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + + + + The attachment data. Proactive controls such as input validation and sanitization should be employed to prevent misuse of attachment text. + + + + Specifies the content type of the text. Defaults to text/plain + if not specified. + + + + + + Specifies the optional encoding the text is represented in + + + + + + + + + + Specifies the file hash of the component + + + + + + Specifies the algorithm used to create the hash + + + + + + + + + + + The component is required for runtime + + + + + The component is optional at runtime. Optional components are components that + are not capable of being called due to them not be installed or otherwise accessible by any means. + Components that are installed but due to configuration or other restrictions are prohibited from + being called must be scoped as 'required'. + + + + + Components that are excluded provide the ability to document component usage + for test and other non-runtime purposes. Excluded components are not reachable within a call + graph at runtime. + + + + + + + + + + A software application. Refer to https://en.wikipedia.org/wiki/Application_software + for information about applications. + + + + + A software framework. Refer to https://en.wikipedia.org/wiki/Software_framework + for information on how frameworks vary slightly from libraries. + + + + + A software library. Refer to https://en.wikipedia.org/wiki/Library_(computing) + for information about libraries. All third-party and open source reusable components will likely + be a library. If the library also has key features of a framework, then it should be classified + as a framework. If not, or is unknown, then specifying library is recommended. + + + + + A packaging and/or runtime format, not specific to any particular technology, + which isolates software inside the container from software outside of a container through + virtualization technology. Refer to https://en.wikipedia.org/wiki/OS-level_virtualization + + + + + A software operating system without regard to deployment model + (i.e. installed on physical hardware, virtual machine, image, etc) Refer to + https://en.wikipedia.org/wiki/Operating_system + + + + + A hardware device such as a processor, or chip-set. A hardware device + containing firmware SHOULD include a component for the physical hardware itself, and another + component of type 'firmware' or 'operating-system' (whichever is relevant), describing + information about the software running on the device. + + + + + A special type of software that provides low-level control over a devices + hardware. Refer to https://en.wikipedia.org/wiki/Firmware + + + + + A computer file. Refer to https://en.wikipedia.org/wiki/Computer_file + for information about files. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Define the format for acceptable CPE URIs. Supports CPE 2.2 and CPE 2.3 formats. + Refer to https://nvd.nist.gov/products/cpe for official specification. + + + + + + + + + + + + Specifies the full content of the SWID tag. + + + + + The URL to the SWID file. + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + Maps to the tagId of a SoftwareIdentity. + + + + + Maps to the name of a SoftwareIdentity. + + + + + Maps to the version of a SoftwareIdentity. + + + + + Maps to the tagVersion of a SoftwareIdentity. + + + + + Maps to the patch of a SoftwareIdentity. + + + + + + + + Defines a string representation of a UUID conforming to RFC 4122. + + + + + + + + + + + + Version Control System + + + + + Issue or defect tracking system, or an Application Lifecycle Management (ALM) system + + + + + Website + + + + + Security advisories + + + + + Bill-of-material document (CycloneDX, SPDX, SWID, etc) + + + + + Mailing list or discussion group + + + + + Social media account + + + + + Real-time chat platform + + + + + Documentation, guides, or how-to instructions + + + + + Community or commercial support + + + + + Direct or repository download location + + + + + The URL to the license file. If a license URL has been defined in the license + node, it should also be defined as an external reference for completeness + + + + + Build-system specific meta file (i.e. pom.xml, package.json, .nuspec, etc) + + + + + URL to an automated build system + + + + + URL to release notes + + + + + Use this if no other types accurately describe the purpose of the external reference + + + + + + + + + External references provide a way to document systems, sites, and information that may be relevant + but which are not included with the BOM. + + + + + + Zero or more external references can be defined + + + + + + + + + + The URL to the external reference + + + + + An optional comment describing the external reference + + + + + + + + + + + + + Specifies the type of external reference. There are built-in types to describe common + references. If a type does not exist for the reference being referred to, use the "other" type. + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + Zero or more commits can be specified. + + + + + Specifies an individual commit. + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + + + + A unique identifier of the commit. This may be version control + specific. For example, Subversion uses revision numbers whereas git uses commit hashes. + + + + + + The URL to the commit. This URL will typically point to a commit + in a version control system. + + + + + + The author who created the changes in the commit + + + + + The person who committed or pushed the commit + + + + + The text description of the contents of the commit + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + + Zero or more patches can be specified. + + + + + Specifies an individual patch. + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + + + + The patch file (or diff) that show changes. + Refer to https://en.wikipedia.org/wiki/Diff + + + + + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + Specifies the purpose for the patch including the resolution of defects, + security issues, or new behavior or functionality + + + + + + + + + A patch which is not developed by the creators or maintainers of the software + being patched. Refer to https://en.wikipedia.org/wiki/Unofficial_patch + + + + + A patch which dynamically modifies runtime behavior. + Refer to https://en.wikipedia.org/wiki/Monkey_patch + + + + + A patch which takes code from a newer version of software and applies + it to older versions of the same software. Refer to https://en.wikipedia.org/wiki/Backporting + + + + + A patch created by selectively applying commits from other versions or + branches of the same software. + + + + + + + + + + A fault, flaw, or bug in software + + + + + A new feature or behavior in software + + + + + A special type of defect which impacts security + + + + + + + + + + Specifies the optional text of the diff + + + + + Specifies the URL to the diff + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + + + An individual issue that has been resolved. + + + + + + The identifier of the issue assigned by the source of the issue + + + + + The name of the issue + + + + + A description of the issue + + + + + + + The source of the issue where it is documented. + + + + + + + The name of the source. For example "National Vulnerability Database", + "NVD", and "Apache" + + + + + + + The url of the issue documentation as provided by the source + + + + + + + + + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + Specifies the type of issue + + + + + + + + + The timestamp in which the action occurred + + + + + The name of the individual who performed the action + + + + + The email address of the individual who performed the action + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + + + Component pedigree is a way to document complex supply chain scenarios where components are created, + distributed, modified, redistributed, combined with other components, etc. Pedigree supports viewing + this complex chain from the beginning, the end, or anywhere in the middle. It also provides a way to + document variants where the exact relation may not be known. + + + + + + Describes zero or more components in which a component is derived + from. This is commonly used to describe forks from existing projects where the forked version + contains a ancestor node containing the original component it was forked from. For example, + Component A is the original component. Component B is the component being used and documented + in the BOM. However, Component B contains a pedigree node with a single ancestor documenting + Component A - the original component from which Component B is derived from. + + + + + + Descendants are the exact opposite of ancestors. This provides a + way to document all forks (and their forks) of an original or root component. + + + + + + Variants describe relations where the relationship between the + components are not known. For example, if Component A contains nearly identical code to + Component B. They are both related, but it is unclear if one is derived from the other, + or if they share a common ancestor. + + + + + + A list of zero or more commits which provide a trail describing + how the component deviates from an ancestor, descendant, or variant. + + + + + A list of zero or more patches describing how the component + deviates from an ancestor, descendant, or variant. Patches may be complimentary to commits + or may be used in place of commits. + + + + + Notes, observations, and other non-structured commentary + describing the components pedigree. + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + + + + + + References a component or service by the its bom-ref attribute + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + Components that do not have their own dependencies MUST be declared as empty + elements within the graph. Components that are not represented in the dependency graph MAY + have unknown dependencies. It is RECOMMENDED that implementations assume this to be opaque + and not an indicator of a component being dependency-free. + + + + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + The organization that provides the service. + + + + + The grouping name, namespace, or identifier. This will often be a shortened, + single name of the company or project that produced the service or domain name. + Whitespace and special characters should be avoided. + + + + + The name of the service. This will often be a shortened, single name + of the service. + + + + + The service version. + + + + + Specifies a description for the service. + + + + + + + + A service endpoint URI. + + + + + + + + A boolean value indicating if the service requires authentication. + A value of true indicates the service requires authentication prior to use. + A value of false indicates the service does not require authentication. + + + + + A boolean value indicating if use of the service crosses a trust zone or boundary. + A value of true indicates that by using the service, a trust boundary is crossed. + A value of false indicates that by using the service, a trust boundary is not crossed. + + + + + + + + Specifies the data classification. + + + + + + + + + Provides the ability to document external references related to the service. + + + + + Provides the ability to document properties in a key/value store. + This provides flexibility to include data not officially supported in the standard + without having to use additional namespaces or create extensions. Property names + of interest to the general public are encouraged to be registered in the + CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. + Formal registration is OPTIONAL. + + + + + + A list of services included or deployed behind the parent service. This is not a dependency + tree. It provides a way to specify a hierarchical representation of service assemblies. + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + + Specifies optional release notes. + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + An optional identifier which can be used to reference the service elsewhere in the BOM. + Uniqueness is enforced within all elements and children of the root-level bom element. + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + Specifies the data classification. + + + + + + Specifies the flow direction of the data. + + + + + + + + + Specifies the flow direction of the data. Valid values are: + inbound, outbound, bi-directional, and unknown. Direction is relative to the service. + Inbound flow states that data enters the service. Outbound flow states that data + leaves the service. Bi-directional states that data flows both ways, and unknown + states that the direction is not known. + + + + + + + + + + + + + + + A valid SPDX license expression. + Refer to https://spdx.org/specifications for syntax requirements + + + + + + + + + + + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + Specifies an aggregate type that describe how complete a relationship is. + + + + + + The bom-ref identifiers of the components or services being described. Assemblies refer to + nested relationships whereby a constituent part may include other constituent parts. References + do not cascade to child parts. References are explicit for the specified constituent part only. + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + + + The bom-ref identifiers of the components or services being described. Dependencies refer to a + relationship whereby an independent constituent part requires another independent constituent + part. References do not cascade to transitive dependencies. References are explicit for the + specified dependency only. + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + + + + + + + The relationship is complete. No further relationships including constituent components, services, or dependencies exist. + + + + + The relationship is incomplete. Additional relationships exist and may include constituent components, services, or dependencies. + + + + + The relationship is incomplete. Only relationships for first-party components, services, or their dependencies are represented. + + + + + The relationship is incomplete. Only relationships for third-party components, services, or their dependencies are represented. + + + + + The relationship may be complete or incomplete. This usually signifies a 'best-effort' to obtain constituent components, services, or dependencies but the completeness is inconclusive. + + + + + The relationship completeness is not specified. + + + + + + + + + Defines a syntax for representing two character language code (ISO-639) followed by an optional two + character country code. The language code MUST be lower case. If the country code is specified, the + country code MUST be upper case. The language code and country code MUST be separated by a minus sign. + Examples: en, en-US, fr, fr-CA + + + + + + + + + + + + The software versioning type. It is RECOMMENDED that the release type use one + of 'major', 'minor', 'patch', 'pre-release', or 'internal'. Representing all possible software + release types is not practical, so standardizing on the recommended values, whenever possible, + is strongly encouraged. + * major = A major release may contain significant changes or may introduce breaking changes. + * minor = A minor release, also known as an update, may contain a smaller number of changes than major releases. + * patch = Patch releases are typically unplanned and may resolve defects or important security issues. + * pre-release = A pre-release may include alpha, beta, or release candidates and typically have + limited support. They provide the ability to preview a release prior to its general availability. + * internal = Internal releases are not for public consumption and are intended to be used exclusively + by the project or manufacturer that produced it. + + + + + + The title of the release. + + + + + The URL to an image that may be prominently displayed with the release note. + + + + + The URL to an image that may be used in messaging on social media platforms. + + + + + A short description of the release. + + + + + The date and time (timestamp) when the release note was created. + + + + + + + + One or more alternate names the release may be referred to. This may + include unofficial terms used by development and marketing teams (e.g. code names). + + + + + + + + + + + One or more tags that may aid in search or retrieval of the release note. + + + + + + + + A collection of issues that have been resolved. + + + + + + + + + + + + + Zero or more release notes containing the locale and content. Multiple + note elements may be specified to support release notes in a wide variety of languages. + + + + + + The ISO-639 (or higher) language code and optional ISO-3166 + (or higher) country code. Examples include: "en", "en-US", "fr" and "fr-CA". + + + + + Specifies the full content of the release note. + + + + + + + + + + + Provides the ability to document properties in a key/value store. + This provides flexibility to include data not officially supported in the standard + without having to use additional namespaces or create extensions. Property names + of interest to the general public are encouraged to be registered in the + CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. + Formal registration is OPTIONAL. + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + References a component or service by the its bom-ref attribute + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + Specifies an individual property with a name and value. + + + + + + The name of the property. Duplicate names are allowed, each potentially having a different value. + + + + + + + + + + + Defines a weakness in an component or service that could be exploited or triggered by a threat source. + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + The identifier that uniquely identifies the vulnerability. For example: + CVE-2021-39182, GHSA-35m5-8cvj-8783, and SNYK-PYTHON-ENROCRYPT-1912876. + + + + + The source that published the vulnerability. + + + + + Zero or more pointers to vulnerabilities that are the equivalent of the + vulnerability specified. Often times, the same vulnerability may exist in multiple sources of + vulnerability intelligence, but have different identifiers. References provide a way to + correlate vulnerabilities across multiple sources of vulnerability intelligence. + + + + + + A pointer to a vulnerability that is the equivalent of the + vulnerability specified. + + + + + + The identifier that uniquely identifies the vulnerability. For example: + CVE-2021-39182, GHSA-35m5-8cvj-8783, and SNYK-PYTHON-ENROCRYPT-1912876. + + + + + The source that published the vulnerability. + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + + List of vulnerability ratings. + + + + + + + + + + + + List of Common Weaknesses Enumerations (CWEs) codes that describes this vulnerability. + For example 399 (of https://cwe.mitre.org/data/definitions/399.html) + + + + + + + + + + A description of the vulnerability as provided by the source. + + + + + If available, an in-depth description of the vulnerability as provided by the + source organization. Details often include examples, proof-of-concepts, and other information + useful in understanding root cause. + + + + + Recommendations of how the vulnerability can be remediated or mitigated. + + + + + + + Published advisories of the vulnerability if provided. + + + + + + + + + + The date and time (timestamp) when the vulnerability record was created in the vulnerability database. + + + + + The date and time (timestamp) when the vulnerability record was first published. + + + + + The date and time (timestamp) when the vulnerability record was last updated. + + + + + Individuals or organizations credited with the discovery of the vulnerability. + + + + + + The organizations credited with vulnerability discovery. + + + + + + + + + + The individuals, not associated with organizations, that are credited with vulnerability discovery. + + + + + + + + + + + + + The tool(s) used to identify, confirm, or score the vulnerability. + + + + + + + + + + + + An assessment of the impact and exploitability of the vulnerability. + + + + + + + Declares the current state of an occurrence of a vulnerability, after automated or manual analysis. + + + + + + + The rationale of why the impact analysis state was asserted. + + + + + + A response to the vulnerability by the manufacturer, supplier, or + project responsible for the affected component or service. More than one response + is allowed. Responses are strongly encouraged for vulnerabilities where the analysis + state is exploitable. + + + + + + + + + + + Detailed description of the impact including methods used during assessment. + If a vulnerability is not exploitable, this field should include specific details + on why the component or service is not impacted by this vulnerability. + + + + + + + + + The components or services that are affected by the vulnerability. + + + + + + + + + References a component or service by the objects bom-ref. + + + + + Zero or more individual versions or range of versions. + + + + + + + + + + A single version of a component or service. + + + + + A version range specified in Package URL Version Range syntax (vers) which is defined at https://github.com/package-url/purl-spec/VERSION-RANGE-SPEC.rst + + + + + + + The vulnerability status for the version or range of versions. + + + + + + + + + + + + + + + + + + + + An optional identifier which can be used to reference the vulnerability elsewhere in the BOM. + Uniqueness is enforced within all elements and children of the root-level bom element. + + + + + + + + + + The name of the source. + For example: NVD, National Vulnerability Database, OSS Index, VulnDB, and GitHub Advisories + + + + + + The url of the vulnerability documentation as provided by the source. + For example: https://nvd.nist.gov/vuln/detail/CVE-2021-39182 + + + + + + + + + + The source that calculated the severity or risk rating of the vulnerability. + + + + + The numerical score of the rating. + + + + + Textual representation of the severity that corresponds to the numerical score of the rating. + + + + + The risk scoring methodology/standard used. + + + + + Textual representation of the metric values used to score the vulnerability. + + + + + An optional reason for rating the vulnerability as it was. + + + + + + + + + + An optional name of the advisory. + + + + + Location where the advisory can be obtained. + + + + + + + + + Textual representation of the severity of the vulnerability adopted by the analysis method. If the + analysis method uses values other than what is provided, the user is expected to translate appropriately. + + + + + + + + + + + + + + + + + Declares the current state of an occurrence of a vulnerability, after automated or manual analysis. + + + + + + + The vulnerability has been remediated. + + + + + + + The vulnerability has been remediated and evidence of the changes are provided in the affected + components pedigree containing verifiable commit history and/or diff(s). + + + + + + + The vulnerability may be directly or indirectly exploitable. + + + + + + + The vulnerability is being investigated. + + + + + + + The vulnerability is not specific to the component or service and was falsely identified or associated. + + + + + + + The component or service is not affected by the vulnerability. Justification should be specified + for all not_affected cases. + + + + + + + + + + The rationale of why the impact analysis state was asserted. + + + + + + + The code has been removed or tree-shaked. + + + + + + + The vulnerable code is not invoked at runtime. + + + + + + + Exploitability requires a configurable option to be set/unset. + + + + + + + Exploitability requires a dependency that is not present. + + + + + + + Exploitability requires a certain environment which is not present. + + + + + + + Exploitability requires a compiler flag to be set/unset. + + + + + + + Exploits are prevented at runtime. + + + + + + + Attacks are blocked at physical, logical, or network perimeter. + + + + + + + Preventative measures have been implemented that reduce the likelihood and/or impact of the vulnerability. + + + + + + + + + + Specifies the severity or risk scoring methodology or standard used. + + + + + + + The rating is based on CVSS v2 standard + https://www.first.org/cvss/v2/ + + + + + + + The rating is based on CVSS v3.0 standard + https://www.first.org/cvss/v3-0/ + + + + + + + The rating is based on CVSS v3.1 standard + https://www.first.org/cvss/v3-1/ + + + + + + + The rating is based on OWASP Risk Rating + https://owasp.org/www-community/OWASP_Risk_Rating_Methodology + + + + + + + Use this if the risk scoring methodology is not based on any of the options above + + + + + + + + + + The rationale of why the impact analysis state was asserted. + + + + + + + + + + + + + + + The vulnerability status of a given version or range of versions of a product. The statuses + 'affected' and 'unaffected' indicate that the version is affected or unaffected by the vulnerability. + The status 'unknown' indicates that it is unknown or unspecified whether the given version is affected. + There can be many reasons for an 'unknown' status, including that an investigation has not been + undertaken or that a vendor has not disclosed the status. + + + + + + + + + + + + + + + + Provides additional information about a BOM. + + + + + A list of software and hardware components. + + + + + A list of services. This may include microservices, function-as-a-service, and other types of network or intra-process services. + + + + + Provides the ability to document external references related to the BOM or + to the project the BOM describes. + + + + + Provides the ability to document dependency relationships. + + + + + Compositions describe constituent parts (including components, services, and dependency relationships) and their completeness. + + + + + Provides the ability to document properties in a key/value store. + This provides flexibility to include data not officially supported in the standard + without having to use additional namespaces or create extensions. Property names + of interest to the general public are encouraged to be registered in the + CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. + Formal registration is OPTIONAL. + + + + + Vulnerabilities identified in components or services. + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + Whenever an existing BOM is modified, either manually or through automated + processes, the version of the BOM SHOULD be incremented by 1. When a system is presented with + multiple BOMs with identical serial numbers, the system SHOULD use the most recent version of the BOM. + The default version is '1'. + + + + + Every BOM generated SHOULD have a unique serial number, even if the contents of + the BOM have not changed over time. If specified, the serial number MUST conform to RFC-4122. + Use of serial numbers are RECOMMENDED. + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + diff --git a/res/spdx.SNAPSHOT.schema.json b/res/spdx.SNAPSHOT.schema.json new file mode 100644 index 000000000..af6d696d5 --- /dev/null +++ b/res/spdx.SNAPSHOT.schema.json @@ -0,0 +1,507 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "http://cyclonedx.org/schema/spdx.schema.json", + "$comment": "v1.0-3.12", + "type": "string", + "enum": [ + "AFL-2.0", + "AAL", + "Adobe-2006", + "AFL-3.0", + "ADSL", + "0BSD", + "Afmparse", + "AFL-1.2", + "AGPL-1.0-or-later", + "AFL-2.1", + "AFL-1.1", + "AGPL-1.0", + "Adobe-Glyph", + "AMDPLPA", + "Aladdin", + "ANTLR-PD", + "AML", + "Apache-1.0", + "ANTLR-PD-fallback", + "Abstyles", + "AGPL-1.0-only", + "APAFML", + "APSL-1.0", + "APSL-1.1", + "APSL-2.0", + "AGPL-3.0-only", + "Apache-1.1", + "Apache-2.0", + "APL-1.0", + "Bahyph", + "Artistic-1.0", + "AMPAS", + "Barr", + "AGPL-3.0-or-later", + "BlueOak-1.0.0", + "Beerware", + "Artistic-1.0-cl8", + "blessing", + "Borceux", + "BSD-2-Clause-NetBSD", + "BSD-1-Clause", + "BSD-2-Clause-Patent", + "BitTorrent-1.0", + "BSD-2-Clause-FreeBSD", + "BSD-3-Clause-Attribution", + "BSD-2-Clause", + "APSL-1.2", + "BSD-3-Clause-LBNL", + "Artistic-2.0", + "BSD-3-Clause-No-Nuclear-License-2014", + "BSD-3-Clause-Modification", + "BSD-4-Clause-Shortened", + "BSD-3-Clause", + "BSD-3-Clause-Open-MPI", + "BitTorrent-1.1", + "BSD-3-Clause-No-Nuclear-Warranty", + "BSD-Source-Code", + "BSD-Protection", + "AGPL-3.0", + "BUSL-1.1", + "Artistic-1.0-Perl", + "BSL-1.0", + "BSD-2-Clause-Views", + "CAL-1.0-Combined-Work-Exception", + "CATOSL-1.1", + "bzip2-1.0.5", + "bzip2-1.0.6", + "CC-BY-2.5", + "CC-BY-3.0-AT", + "C-UDA-1.0", + "CC-BY-3.0-US", + "CC-BY-1.0", + "CC-BY-NC-1.0", + "CC-BY-NC-2.0", + "CC-BY-NC-2.5", + "CC-BY-2.0", + "CC-BY-NC-4.0", + "CC-BY-NC-ND-1.0", + "CC-BY-NC-ND-2.0", + "CC-BY-NC-3.0", + "CC-BY-NC-ND-3.0-IGO", + "CC-BY-NC-ND-3.0", + "BSD-3-Clause-No-Nuclear-License", + "CC-BY-NC-ND-4.0", + "CC-BY-NC-SA-2.0", + "CC-BY-NC-SA-2.5", + "CC-BY-NC-SA-3.0", + "CC-BY-NC-SA-4.0", + "CC-BY-ND-1.0", + "BSD-3-Clause-Clear", + "CC-BY-ND-2.5", + "CC-BY-ND-3.0", + "CC-BY-ND-4.0", + "CC-BY-SA-1.0", + "CC-BY-SA-2.0-UK", + "CC-BY-SA-2.0", + "CC-BY-SA-2.1-JP", + "CC-BY-ND-2.0", + "CC-BY-SA-3.0-AT", + "CC-BY-SA-3.0", + "CC-BY-SA-4.0", + "CC-BY-SA-2.5", + "CC-BY-3.0", + "CDDL-1.0", + "CC0-1.0", + "CC-BY-NC-ND-2.5", + "CC-BY-NC-SA-1.0", + "Caldera", + "CDLA-Permissive-1.0", + "CC-BY-4.0", + "CC-PDDC", + "BSD-4-Clause-UC", + "BSD-4-Clause", + "CAL-1.0", + "CDDL-1.1", + "CERN-OHL-1.2", + "CERN-OHL-1.1", + "CERN-OHL-P-2.0", + "CERN-OHL-S-2.0", + "CECILL-1.1", + "CECILL-2.0", + "CECILL-1.0", + "CNRI-Python", + "CNRI-Python-GPL-Compatible", + "copyleft-next-0.3.0", + "CPAL-1.0", + "copyleft-next-0.3.1", + "CPL-1.0", + "ClArtistic", + "CECILL-C", + "CNRI-Jython", + "Condor-1.1", + "CPOL-1.02", + "curl", + "diffmark", + "Crossword", + "Dotseqn", + "DOC", + "DSDP", + "DRL-1.0", + "ECL-1.0", + "ECL-2.0", + "eCos-2.0", + "CrystalStacker", + "CERN-OHL-W-2.0", + "D-FSL-1.0", + "eGenix", + "EPICS", + "Entessa", + "EPL-1.0", + "EFL-2.0", + "CUA-OPL-1.0", + "etalab-2.0", + "EUPL-1.0", + "ErlPL-1.1", + "EUDatagrid", + "EUPL-1.1", + "Cube", + "dvipdfm", + "FreeBSD-DOC", + "Eurosym", + "FSFAP", + "FreeImage", + "FSFULLR", + "FSFUL", + "GD", + "GFDL-1.1-invariants-only", + "EUPL-1.2", + "EPL-2.0", + "GFDL-1.1-no-invariants-or-later", + "GFDL-1.1-only", + "GFDL-1.1-or-later", + "GFDL-1.1", + "FTL", + "GFDL-1.2-invariants-or-later", + "GFDL-1.1-invariants-or-later", + "GFDL-1.2-invariants-only", + "GFDL-1.2-only", + "GFDL-1.2-or-later", + "GFDL-1.2", + "GFDL-1.2-no-invariants-only", + "GFDL-1.3-invariants-only", + "GFDL-1.3-no-invariants-only", + "GFDL-1.3-invariants-or-later", + "GFDL-1.2-no-invariants-or-later", + "Fair", + "Frameworx-1.0", + "Giftware", + "GFDL-1.1-no-invariants-only", + "GL2PS", + "Glulxe", + "Glide", + "gnuplot", + "GLWTPL", + "GPL-1.0-only", + "GPL-1.0-or-later", + "GPL-1.0", + "GFDL-1.3-only", + "GPL-2.0-only", + "GPL-2.0-or-later", + "GPL-2.0-with-autoconf-exception", + "GPL-2.0+", + "GFDL-1.3", + "GPL-1.0+", + "CDLA-Sharing-1.0", + "GPL-2.0-with-classpath-exception", + "GPL-2.0-with-GCC-exception", + "GPL-2.0-with-bison-exception", + "GPL-2.0-with-font-exception", + "GPL-2.0", + "CECILL-2.1", + "GPL-3.0", + "GPL-3.0+", + "GPL-3.0-with-autoconf-exception", + "GPL-3.0-only", + "Hippocratic-2.1", + "HPND", + "HTMLTIDY", + "GPL-3.0-with-GCC-exception", + "HaskellReport", + "GPL-3.0-or-later", + "ICU", + "ImageMagick", + "iMatix", + "IBM-pibs", + "Intel-ACPI", + "Intel", + "Info-ZIP", + "IPA", + "IJG", + "ISC", + "JasPer-2.0", + "JPNIC", + "JSON", + "LAL-1.2", + "LAL-1.3", + "Latex2e", + "Leptonica", + "HPND-sell-variant", + "LGPL-2.0-only", + "LGPL-2.0-or-later", + "Imlib2", + "IPL-1.0", + "LGPL-2.1-only", + "LGPL-2.1-or-later", + "LGPL-2.0+", + "LGPL-2.0", + "CECILL-B", + "LGPL-3.0-or-later", + "LGPL-3.0-only", + "LGPLLR", + "libpng-2.0", + "Libpng", + "libselinux-1.0", + "LGPL-3.0+", + "EFL-1.0", + "libtiff", + "GFDL-1.3-no-invariants-or-later", + "LiLiQ-Rplus-1.1", + "LiLiQ-R-1.1", + "LPL-1.0", + "LiLiQ-P-1.1", + "Linux-OpenIB", + "LPPL-1.0", + "LPPL-1.2", + "LPPL-1.3a", + "LPL-1.02", + "LPPL-1.3c", + "MakeIndex", + "LGPL-2.1+", + "LPPL-1.1", + "MIT-CMU", + "MirOS", + "MIT-advertising", + "MIT-Modern-Variant", + "MIT", + "MIT-enna", + "MIT-open-group", + "MIT-feh", + "MITNFA", + "MPL-1.0", + "mpich2", + "MPL-2.0", + "MPL-2.0-no-copyleft-exception", + "MS-RL", + "MTLL", + "MPL-1.1", + "MulanPSL-2.0", + "Motosoto", + "Mup", + "MulanPSL-1.0", + "NAIST-2003", + "Naumen", + "Multics", + "NBPL-1.0", + "NCSA", + "Net-SNMP", + "NetCDF", + "NASA-1.3", + "NGPL", + "NIST-PD-fallback", + "NIST-PD", + "Newsletr", + "NLPL", + "Nokia", + "NOSL", + "Noweb", + "NLOD-1.0", + "NPL-1.0", + "NCGL-UK-2.0", + "NRL", + "NTP-0", + "NTP", + "GFDL-1.3-or-later", + "Nunit", + "O-UDA-1.0", + "NPL-1.1", + "OCCT-PL", + "ODC-By-1.0", + "OFL-1.0-no-RFN", + "OCLC-2.0", + "OFL-1.0-RFN", + "OFL-1.0", + "OFL-1.1-no-RFN", + "OFL-1.1-RFN", + "OFL-1.1", + "OGDL-Taiwan-1.0", + "OGC-1.0", + "OGL-UK-1.0", + "OGL-UK-2.0", + "OGL-UK-3.0", + "OGTSL", + "OLDAP-1.1", + "OLDAP-1.2", + "OLDAP-1.3", + "OGL-Canada-2.0", + "OLDAP-2.0.1", + "OLDAP-2.0", + "OLDAP-2.1", + "OLDAP-2.2.1", + "OLDAP-2.2.2", + "OLDAP-2.2", + "ODbL-1.0", + "OLDAP-2.4", + "OLDAP-1.4", + "OLDAP-2.3", + "OLDAP-2.7", + "OLDAP-2.8", + "OML", + "OpenSSL", + "OLDAP-2.6", + "OPL-1.0", + "OSL-1.0", + "OSL-1.1", + "OSL-2.0", + "OSET-PL-2.1", + "OSL-2.1", + "Parity-6.0.0", + "Parity-7.0.0", + "PDDL-1.0", + "PHP-3.0", + "OSL-3.0", + "Plexus", + "MS-PL", + "PolyForm-Small-Business-1.0.0", + "PolyForm-Noncommercial-1.0.0", + "PSF-2.0", + "psfrag", + "PostgreSQL", + "psutils", + "Qhull", + "QPL-1.0", + "Rdisc", + "Python-2.0", + "RPL-1.1", + "RPL-1.5", + "RHeCos-1.1", + "RSA-MD", + "RSCPL", + "Ruby", + "SAX-PD", + "Saxpath", + "SCEA", + "Sendmail-8.23", + "Sendmail", + "SGI-B-1.0", + "SGI-B-1.1", + "SGI-B-2.0", + "SHL-0.5", + "SHL-0.51", + "SimPL-2.0", + "SISSL-1.2", + "SISSL", + "Sleepycat", + "SMLNJ", + "SMPPL", + "SNIA", + "Spencer-86", + "Spencer-94", + "Spencer-99", + "SPL-1.0", + "SSH-OpenSSH", + "PHP-3.01", + "SSH-short", + "MIT-0", + "RPSL-1.0", + "SWL", + "SugarCRM-1.1.3", + "TCL", + "TCP-wrappers", + "SSPL-1.0", + "TMate", + "TOSL", + "TORQUE-1.1", + "TAPR-OHL-1.0", + "UCL-1.0", + "Unicode-DFS-2015", + "Unicode-DFS-2016", + "Unicode-TOU", + "TU-Berlin-1.0", + "UPL-1.0", + "Unlicense", + "VOSTROM", + "Vim", + "VSL-1.0", + "W3C-20150513", + "W3C", + "W3C-19980720", + "Wsuipa", + "Watcom-1.0", + "WTFPL", + "X11", + "Xerox", + "XFree86-1.1", + "xinetd", + "Xnet", + "xpp", + "XSkat", + "YPL-1.0", + "YPL-1.1", + "Zed", + "Zend-2.0", + "TU-Berlin-2.0", + "Zimbra-1.4", + "zlib-acknowledgement", + "Zlib", + "ZPL-1.1", + "ZPL-2.0", + "ZPL-2.1", + "wxWindows", + "Zimbra-1.3", + "gSOAP-1.3b", + "Interbase-1.0", + "LGPL-2.1", + "LGPL-3.0", + "NPOSL-3.0", + "OLDAP-2.5", + "StandardML-NJ", + "389-exception", + "Autoconf-exception-2.0", + "Autoconf-exception-3.0", + "Bison-exception-2.2", + "Bootloader-exception", + "Classpath-exception-2.0", + "CLISP-exception-2.0", + "DigiRule-FOSS-exception", + "eCos-exception-2.0", + "Fawkes-Runtime-exception", + "FLTK-exception", + "Font-exception-2.0", + "freertos-exception-2.0", + "GCC-exception-2.0", + "GCC-exception-3.1", + "gnu-javamail-exception", + "GPL-3.0-linking-exception", + "GPL-3.0-linking-source-exception", + "GPL-CC-1.0", + "i2p-gpl-java-exception", + "LGPL-3.0-linking-exception", + "Libtool-exception", + "Linux-syscall-note", + "LLVM-exception", + "LZMA-exception", + "mif-exception", + "Nokia-Qt-exception-1.1", + "OCaml-LGPL-linking-exception", + "OCCT-exception-1.0", + "OpenJDK-assembly-exception-1.0", + "openvpn-openssl-exception", + "PS-or-PDF-font-exception-20170817", + "Qt-GPL-exception-1.0", + "Qt-LGPL-exception-1.1", + "Qwt-exception-1.0", + "SHL-2.0", + "SHL-2.1", + "Swift-exception", + "u-boot-exception-2.0", + "Universal-FOSS-exception-1.0", + "WxWindows-exception-3.1" + ] +} diff --git a/res/spdx.SNAPSHOT.xsd b/res/spdx.SNAPSHOT.xsd new file mode 100644 index 000000000..b45e2de06 --- /dev/null +++ b/res/spdx.SNAPSHOT.xsd @@ -0,0 +1,2509 @@ + + + + + + + + + Academic Free License v2.0 + + + + + Attribution Assurance License + + + + + Adobe Systems Incorporated Source Code License Agreement + + + + + Academic Free License v3.0 + + + + + Amazon Digital Services License + + + + + BSD Zero Clause License + + + + + Afmparse License + + + + + Academic Free License v1.2 + + + + + Affero General Public License v1.0 or later + + + + + Academic Free License v2.1 + + + + + Academic Free License v1.1 + + + + + Affero General Public License v1.0 + + + + + Adobe Glyph List License + + + + + AMD's plpa_map.c License + + + + + Aladdin Free Public License + + + + + ANTLR Software Rights Notice + + + + + Apple MIT License + + + + + Apache License 1.0 + + + + + ANTLR Software Rights Notice with license fallback + + + + + Abstyles License + + + + + Affero General Public License v1.0 only + + + + + Adobe Postscript AFM License + + + + + Apple Public Source License 1.0 + + + + + Apple Public Source License 1.1 + + + + + Apple Public Source License 2.0 + + + + + GNU Affero General Public License v3.0 only + + + + + Apache License 1.1 + + + + + Apache License 2.0 + + + + + Adaptive Public License 1.0 + + + + + Bahyph License + + + + + Artistic License 1.0 + + + + + Academy of Motion Picture Arts and Sciences BSD + + + + + Barr License + + + + + GNU Affero General Public License v3.0 or later + + + + + Blue Oak Model License 1.0.0 + + + + + Beerware License + + + + + Artistic License 1.0 w/clause 8 + + + + + SQLite Blessing + + + + + Borceux license + + + + + BSD 2-Clause NetBSD License + + + + + BSD 1-Clause License + + + + + BSD-2-Clause Plus Patent License + + + + + BitTorrent Open Source License v1.0 + + + + + BSD 2-Clause FreeBSD License + + + + + BSD with attribution + + + + + BSD 2-Clause "Simplified" License + + + + + Apple Public Source License 1.2 + + + + + Lawrence Berkeley National Labs BSD variant license + + + + + Artistic License 2.0 + + + + + BSD 3-Clause No Nuclear License 2014 + + + + + BSD 3-Clause Modification + + + + + BSD 4 Clause Shortened + + + + + BSD 3-Clause "New" or "Revised" License + + + + + BSD 3-Clause Open MPI variant + + + + + BitTorrent Open Source License v1.1 + + + + + BSD 3-Clause No Nuclear Warranty + + + + + BSD Source Code Attribution + + + + + BSD Protection License + + + + + GNU Affero General Public License v3.0 + + + + + Business Source License 1.1 + + + + + Artistic License 1.0 (Perl) + + + + + Boost Software License 1.0 + + + + + BSD 2-Clause with views sentence + + + + + Cryptographic Autonomy License 1.0 (Combined Work Exception) + + + + + Computer Associates Trusted Open Source License 1.1 + + + + + bzip2 and libbzip2 License v1.0.5 + + + + + bzip2 and libbzip2 License v1.0.6 + + + + + Creative Commons Attribution 2.5 Generic + + + + + Creative Commons Attribution 3.0 Austria + + + + + Computational Use of Data Agreement v1.0 + + + + + Creative Commons Attribution 3.0 United States + + + + + Creative Commons Attribution 1.0 Generic + + + + + Creative Commons Attribution Non Commercial 1.0 Generic + + + + + Creative Commons Attribution Non Commercial 2.0 Generic + + + + + Creative Commons Attribution Non Commercial 2.5 Generic + + + + + Creative Commons Attribution 2.0 Generic + + + + + Creative Commons Attribution Non Commercial 4.0 International + + + + + Creative Commons Attribution Non Commercial No Derivatives 1.0 Generic + + + + + Creative Commons Attribution Non Commercial No Derivatives 2.0 Generic + + + + + Creative Commons Attribution Non Commercial 3.0 Unported + + + + + Creative Commons Attribution Non Commercial No Derivatives 3.0 IGO + + + + + Creative Commons Attribution Non Commercial No Derivatives 3.0 Unported + + + + + BSD 3-Clause No Nuclear License + + + + + Creative Commons Attribution Non Commercial No Derivatives 4.0 International + + + + + Creative Commons Attribution Non Commercial Share Alike 2.0 Generic + + + + + Creative Commons Attribution Non Commercial Share Alike 2.5 Generic + + + + + Creative Commons Attribution Non Commercial Share Alike 3.0 Unported + + + + + Creative Commons Attribution Non Commercial Share Alike 4.0 International + + + + + Creative Commons Attribution No Derivatives 1.0 Generic + + + + + BSD 3-Clause Clear License + + + + + Creative Commons Attribution No Derivatives 2.5 Generic + + + + + Creative Commons Attribution No Derivatives 3.0 Unported + + + + + Creative Commons Attribution No Derivatives 4.0 International + + + + + Creative Commons Attribution Share Alike 1.0 Generic + + + + + Creative Commons Attribution Share Alike 2.0 England and Wales + + + + + Creative Commons Attribution Share Alike 2.0 Generic + + + + + Creative Commons Attribution Share Alike 2.1 Japan + + + + + Creative Commons Attribution No Derivatives 2.0 Generic + + + + + Creative Commons Attribution-Share Alike 3.0 Austria + + + + + Creative Commons Attribution Share Alike 3.0 Unported + + + + + Creative Commons Attribution Share Alike 4.0 International + + + + + Creative Commons Attribution Share Alike 2.5 Generic + + + + + Creative Commons Attribution 3.0 Unported + + + + + Common Development and Distribution License 1.0 + + + + + Creative Commons Zero v1.0 Universal + + + + + Creative Commons Attribution Non Commercial No Derivatives 2.5 Generic + + + + + Creative Commons Attribution Non Commercial Share Alike 1.0 Generic + + + + + Caldera License + + + + + Community Data License Agreement Permissive 1.0 + + + + + Creative Commons Attribution 4.0 International + + + + + Creative Commons Public Domain Dedication and Certification + + + + + BSD-4-Clause (University of California-Specific) + + + + + BSD 4-Clause "Original" or "Old" License + + + + + Cryptographic Autonomy License 1.0 + + + + + Common Development and Distribution License 1.1 + + + + + CERN Open Hardware Licence v1.2 + + + + + CERN Open Hardware Licence v1.1 + + + + + CERN Open Hardware Licence Version 2 - Permissive + + + + + CERN Open Hardware Licence Version 2 - Strongly Reciprocal + + + + + CeCILL Free Software License Agreement v1.1 + + + + + CeCILL Free Software License Agreement v2.0 + + + + + CeCILL Free Software License Agreement v1.0 + + + + + CNRI Python License + + + + + CNRI Python Open Source GPL Compatible License Agreement + + + + + copyleft-next 0.3.0 + + + + + Common Public Attribution License 1.0 + + + + + copyleft-next 0.3.1 + + + + + Common Public License 1.0 + + + + + Clarified Artistic License + + + + + CeCILL-C Free Software License Agreement + + + + + CNRI Jython License + + + + + Condor Public License v1.1 + + + + + Code Project Open License 1.02 + + + + + curl License + + + + + diffmark license + + + + + Crossword License + + + + + Dotseqn License + + + + + DOC License + + + + + DSDP License + + + + + Detection Rule License 1.0 + + + + + Educational Community License v1.0 + + + + + Educational Community License v2.0 + + + + + eCos license version 2.0 + + + + + CrystalStacker License + + + + + CERN Open Hardware Licence Version 2 - Weakly Reciprocal + + + + + Deutsche Freie Software Lizenz + + + + + eGenix.com Public License 1.1.0 + + + + + EPICS Open License + + + + + Entessa Public License v1.0 + + + + + Eclipse Public License 1.0 + + + + + Eiffel Forum License v2.0 + + + + + CUA Office Public License v1.0 + + + + + Etalab Open License 2.0 + + + + + European Union Public License 1.0 + + + + + Erlang Public License v1.1 + + + + + EU DataGrid Software License + + + + + European Union Public License 1.1 + + + + + Cube License + + + + + dvipdfm License + + + + + FreeBSD Documentation License + + + + + Eurosym License + + + + + FSF All Permissive License + + + + + FreeImage Public License v1.0 + + + + + FSF Unlimited License (with License Retention) + + + + + FSF Unlimited License + + + + + GD License + + + + + GNU Free Documentation License v1.1 only - invariants + + + + + European Union Public License 1.2 + + + + + Eclipse Public License 2.0 + + + + + GNU Free Documentation License v1.1 or later - no invariants + + + + + GNU Free Documentation License v1.1 only + + + + + GNU Free Documentation License v1.1 or later + + + + + GNU Free Documentation License v1.1 + + + + + Freetype Project License + + + + + GNU Free Documentation License v1.2 or later - invariants + + + + + GNU Free Documentation License v1.1 or later - invariants + + + + + GNU Free Documentation License v1.2 only - invariants + + + + + GNU Free Documentation License v1.2 only + + + + + GNU Free Documentation License v1.2 or later + + + + + GNU Free Documentation License v1.2 + + + + + GNU Free Documentation License v1.2 only - no invariants + + + + + GNU Free Documentation License v1.3 only - invariants + + + + + GNU Free Documentation License v1.3 only - no invariants + + + + + GNU Free Documentation License v1.3 or later - invariants + + + + + GNU Free Documentation License v1.2 or later - no invariants + + + + + Fair License + + + + + Frameworx Open License 1.0 + + + + + Giftware License + + + + + GNU Free Documentation License v1.1 only - no invariants + + + + + GL2PS License + + + + + Glulxe License + + + + + 3dfx Glide License + + + + + gnuplot License + + + + + Good Luck With That Public License + + + + + GNU General Public License v1.0 only + + + + + GNU General Public License v1.0 or later + + + + + GNU General Public License v1.0 only + + + + + GNU Free Documentation License v1.3 only + + + + + GNU General Public License v2.0 only + + + + + GNU General Public License v2.0 or later + + + + + GNU General Public License v2.0 w/Autoconf exception + + + + + GNU General Public License v2.0 or later + + + + + GNU Free Documentation License v1.3 + + + + + GNU General Public License v1.0 or later + + + + + Community Data License Agreement Sharing 1.0 + + + + + GNU General Public License v2.0 w/Classpath exception + + + + + GNU General Public License v2.0 w/GCC Runtime Library exception + + + + + GNU General Public License v2.0 w/Bison exception + + + + + GNU General Public License v2.0 w/Font exception + + + + + GNU General Public License v2.0 only + + + + + CeCILL Free Software License Agreement v2.1 + + + + + GNU General Public License v3.0 only + + + + + GNU General Public License v3.0 or later + + + + + GNU General Public License v3.0 w/Autoconf exception + + + + + GNU General Public License v3.0 only + + + + + Hippocratic License 2.1 + + + + + Historical Permission Notice and Disclaimer + + + + + HTML Tidy License + + + + + GNU General Public License v3.0 w/GCC Runtime Library exception + + + + + Haskell Language Report License + + + + + GNU General Public License v3.0 or later + + + + + ICU License + + + + + ImageMagick License + + + + + iMatix Standard Function Library Agreement + + + + + IBM PowerPC Initialization and Boot Software + + + + + Intel ACPI Software License Agreement + + + + + Intel Open Source License + + + + + Info-ZIP License + + + + + IPA Font License + + + + + Independent JPEG Group License + + + + + ISC License + + + + + JasPer License + + + + + Japan Network Information Center License + + + + + JSON License + + + + + Licence Art Libre 1.2 + + + + + Licence Art Libre 1.3 + + + + + Latex2e License + + + + + Leptonica License + + + + + Historical Permission Notice and Disclaimer - sell variant + + + + + GNU Library General Public License v2 only + + + + + GNU Library General Public License v2 or later + + + + + Imlib2 License + + + + + IBM Public License v1.0 + + + + + GNU Lesser General Public License v2.1 only + + + + + GNU Lesser General Public License v2.1 or later + + + + + GNU Library General Public License v2 or later + + + + + GNU Library General Public License v2 only + + + + + CeCILL-B Free Software License Agreement + + + + + GNU Lesser General Public License v3.0 or later + + + + + GNU Lesser General Public License v3.0 only + + + + + Lesser General Public License For Linguistic Resources + + + + + PNG Reference Library version 2 + + + + + libpng License + + + + + libselinux public domain notice + + + + + GNU Lesser General Public License v3.0 or later + + + + + Eiffel Forum License v1.0 + + + + + libtiff License + + + + + GNU Free Documentation License v1.3 or later - no invariants + + + + + Licence Libre du Québec – Réciprocité forte version 1.1 + + + + + Licence Libre du Québec – Réciprocité version 1.1 + + + + + Lucent Public License Version 1.0 + + + + + Licence Libre du Québec – Permissive version 1.1 + + + + + Linux Kernel Variant of OpenIB.org license + + + + + LaTeX Project Public License v1.0 + + + + + LaTeX Project Public License v1.2 + + + + + LaTeX Project Public License v1.3a + + + + + Lucent Public License v1.02 + + + + + LaTeX Project Public License v1.3c + + + + + MakeIndex License + + + + + GNU Library General Public License v2.1 or later + + + + + LaTeX Project Public License v1.1 + + + + + CMU License + + + + + The MirOS Licence + + + + + Enlightenment License (e16) + + + + + MIT License Modern Variant + + + + + MIT License + + + + + enna License + + + + + MIT Open Group variant + + + + + feh License + + + + + MIT +no-false-attribs license + + + + + Mozilla Public License 1.0 + + + + + mpich2 License + + + + + Mozilla Public License 2.0 + + + + + Mozilla Public License 2.0 (no copyleft exception) + + + + + Microsoft Reciprocal License + + + + + Matrix Template Library License + + + + + Mozilla Public License 1.1 + + + + + Mulan Permissive Software License, Version 2 + + + + + Motosoto License + + + + + Mup License + + + + + Mulan Permissive Software License, Version 1 + + + + + Nara Institute of Science and Technology License (2003) + + + + + Naumen Public License + + + + + Multics License + + + + + Net Boolean Public License v1 + + + + + University of Illinois/NCSA Open Source License + + + + + Net-SNMP License + + + + + NetCDF license + + + + + NASA Open Source Agreement 1.3 + + + + + Nethack General Public License + + + + + NIST Public Domain Notice with license fallback + + + + + NIST Public Domain Notice + + + + + Newsletr License + + + + + No Limit Public License + + + + + Nokia Open Source License + + + + + Netizen Open Source License + + + + + Noweb License + + + + + Norwegian Licence for Open Government Data + + + + + Netscape Public License v1.0 + + + + + Non-Commercial Government Licence + + + + + NRL License + + + + + NTP No Attribution + + + + + NTP License + + + + + GNU Free Documentation License v1.3 or later + + + + + Nunit License + + + + + Open Use of Data Agreement v1.0 + + + + + Netscape Public License v1.1 + + + + + Open CASCADE Technology Public License + + + + + Open Data Commons Attribution License v1.0 + + + + + SIL Open Font License 1.0 with no Reserved Font Name + + + + + OCLC Research Public License 2.0 + + + + + SIL Open Font License 1.0 with Reserved Font Name + + + + + SIL Open Font License 1.0 + + + + + SIL Open Font License 1.1 with no Reserved Font Name + + + + + SIL Open Font License 1.1 with Reserved Font Name + + + + + SIL Open Font License 1.1 + + + + + Taiwan Open Government Data License, version 1.0 + + + + + OGC Software License, Version 1.0 + + + + + Open Government Licence v1.0 + + + + + Open Government Licence v2.0 + + + + + Open Government Licence v3.0 + + + + + Open Group Test Suite License + + + + + Open LDAP Public License v1.1 + + + + + Open LDAP Public License v1.2 + + + + + Open LDAP Public License v1.3 + + + + + Open Government Licence - Canada + + + + + Open LDAP Public License v2.0.1 + + + + + Open LDAP Public License v2.0 (or possibly 2.0A and 2.0B) + + + + + Open LDAP Public License v2.1 + + + + + Open LDAP Public License v2.2.1 + + + + + Open LDAP Public License 2.2.2 + + + + + Open LDAP Public License v2.2 + + + + + Open Data Commons Open Database License v1.0 + + + + + Open LDAP Public License v2.4 + + + + + Open LDAP Public License v1.4 + + + + + Open LDAP Public License v2.3 + + + + + Open LDAP Public License v2.7 + + + + + Open LDAP Public License v2.8 + + + + + Open Market License + + + + + OpenSSL License + + + + + Open LDAP Public License v2.6 + + + + + Open Public License v1.0 + + + + + Open Software License 1.0 + + + + + Open Software License 1.1 + + + + + Open Software License 2.0 + + + + + OSET Public License version 2.1 + + + + + Open Software License 2.1 + + + + + The Parity Public License 6.0.0 + + + + + The Parity Public License 7.0.0 + + + + + Open Data Commons Public Domain Dedication & License 1.0 + + + + + PHP License v3.0 + + + + + Open Software License 3.0 + + + + + Plexus Classworlds License + + + + + Microsoft Public License + + + + + PolyForm Small Business License 1.0.0 + + + + + PolyForm Noncommercial License 1.0.0 + + + + + Python Software Foundation License 2.0 + + + + + psfrag License + + + + + PostgreSQL License + + + + + psutils License + + + + + Qhull License + + + + + Q Public License 1.0 + + + + + Rdisc License + + + + + Python License 2.0 + + + + + Reciprocal Public License 1.1 + + + + + Reciprocal Public License 1.5 + + + + + Red Hat eCos Public License v1.1 + + + + + RSA Message-Digest License + + + + + Ricoh Source Code Public License + + + + + Ruby License + + + + + Sax Public Domain Notice + + + + + Saxpath License + + + + + SCEA Shared Source License + + + + + Sendmail License 8.23 + + + + + Sendmail License + + + + + SGI Free Software License B v1.0 + + + + + SGI Free Software License B v1.1 + + + + + SGI Free Software License B v2.0 + + + + + Solderpad Hardware License v0.5 + + + + + Solderpad Hardware License, Version 0.51 + + + + + Simple Public License 2.0 + + + + + Sun Industry Standards Source License v1.2 + + + + + Sun Industry Standards Source License v1.1 + + + + + Sleepycat License + + + + + Standard ML of New Jersey License + + + + + Secure Messaging Protocol Public License + + + + + SNIA Public License 1.1 + + + + + Spencer License 86 + + + + + Spencer License 94 + + + + + Spencer License 99 + + + + + Sun Public License v1.0 + + + + + SSH OpenSSH license + + + + + PHP License v3.01 + + + + + SSH short notice + + + + + MIT No Attribution + + + + + RealNetworks Public Source License v1.0 + + + + + Scheme Widget Library (SWL) Software License Agreement + + + + + SugarCRM Public License v1.1.3 + + + + + TCL/TK License + + + + + TCP Wrappers License + + + + + Server Side Public License, v 1 + + + + + TMate Open Source License + + + + + Trusster Open Source License + + + + + TORQUE v2.5+ Software License v1.1 + + + + + TAPR Open Hardware License v1.0 + + + + + Upstream Compatibility License v1.0 + + + + + Unicode License Agreement - Data Files and Software (2015) + + + + + Unicode License Agreement - Data Files and Software (2016) + + + + + Unicode Terms of Use + + + + + Technische Universitaet Berlin License 1.0 + + + + + Universal Permissive License v1.0 + + + + + The Unlicense + + + + + VOSTROM Public License for Open Source + + + + + Vim License + + + + + Vovida Software License v1.0 + + + + + W3C Software Notice and Document License (2015-05-13) + + + + + W3C Software Notice and License (2002-12-31) + + + + + W3C Software Notice and License (1998-07-20) + + + + + Wsuipa License + + + + + Sybase Open Watcom Public License 1.0 + + + + + Do What The F*ck You Want To Public License + + + + + X11 License + + + + + Xerox License + + + + + XFree86 License 1.1 + + + + + xinetd License + + + + + X.Net License + + + + + XPP License + + + + + XSkat License + + + + + Yahoo! Public License v1.0 + + + + + Yahoo! Public License v1.1 + + + + + Zed License + + + + + Zend License v2.0 + + + + + Technische Universitaet Berlin License 2.0 + + + + + Zimbra Public License v1.4 + + + + + zlib/libpng License with Acknowledgement + + + + + zlib License + + + + + Zope Public License 1.1 + + + + + Zope Public License 2.0 + + + + + Zope Public License 2.1 + + + + + wxWindows Library License + + + + + Zimbra Public License v1.3 + + + + + gSOAP Public License v1.3b + + + + + Interbase Public License v1.0 + + + + + GNU Lesser General Public License v2.1 only + + + + + GNU Lesser General Public License v3.0 only + + + + + Non-Profit Open Software License 3.0 + + + + + Open LDAP Public License v2.5 + + + + + Standard ML of New Jersey License + + + + + + 389 Directory Server Exception + + + + + Autoconf exception 2.0 + + + + + Autoconf exception 3.0 + + + + + Bison exception 2.2 + + + + + Bootloader Distribution Exception + + + + + Classpath exception 2.0 + + + + + CLISP exception 2.0 + + + + + DigiRule FOSS License Exception + + + + + eCos exception 2.0 + + + + + Fawkes Runtime Exception + + + + + FLTK exception + + + + + Font exception 2.0 + + + + + FreeRTOS Exception 2.0 + + + + + GCC Runtime Library exception 2.0 + + + + + GCC Runtime Library exception 3.1 + + + + + GNU JavaMail exception + + + + + GPL-3.0 Linking Exception + + + + + GPL-3.0 Linking Exception (with Corresponding Source) + + + + + GPL Cooperation Commitment 1.0 + + + + + i2p GPL+Java Exception + + + + + LGPL-3.0 Linking Exception + + + + + Libtool Exception + + + + + Linux Syscall Note + + + + + LLVM Exception + + + + + LZMA exception + + + + + Macros and Inline Functions Exception + + + + + Nokia Qt LGPL exception 1.1 + + + + + OCaml LGPL Linking Exception + + + + + Open CASCADE Exception 1.0 + + + + + OpenJDK Assembly exception 1.0 + + + + + OpenVPN OpenSSL Exception + + + + + PS/PDF font exception (2017-08-17) + + + + + Qt GPL exception 1.0 + + + + + Qt LGPL exception 1.1 + + + + + Qwt exception 1.0 + + + + + Solderpad Hardware License v2.0 + + + + + Solderpad Hardware License v2.1 + + + + + Swift Exception + + + + + U-Boot exception 2.0 + + + + + Universal FOSS Exception, Version 1.0 + + + + + WxWindows Library Exception 3.1 + + + + + + \ No newline at end of file diff --git a/src/enums/AttachmentEncoding.ts b/src/enums/AttachmentEncoding.ts new file mode 100644 index 000000000..4d4827341 --- /dev/null +++ b/src/enums/AttachmentEncoding.ts @@ -0,0 +1,3 @@ +export enum AttachmentEncoding { + Base64 = "base64", +} \ No newline at end of file diff --git a/src/enums/ComponentScope.ts b/src/enums/ComponentScope.ts new file mode 100644 index 000000000..5b73c2fe5 --- /dev/null +++ b/src/enums/ComponentScope.ts @@ -0,0 +1,5 @@ +export enum ComponentScope { + Required = "required", + Optional = "optional", + Excluded = "excluded", +} \ No newline at end of file diff --git a/src/enums/ComponentType.ts b/src/enums/ComponentType.ts new file mode 100644 index 000000000..995860340 --- /dev/null +++ b/src/enums/ComponentType.ts @@ -0,0 +1,10 @@ +export enum ComponentType { + Application = "application", + Framework = "framework", + Library = "library", + container = "container", + OperatingSystem = "operating-system", + Device = "device", + Firmware = "firmware", + File = "file", +} \ No newline at end of file diff --git a/src/enums/ExternalReferenceType.ts b/src/enums/ExternalReferenceType.ts new file mode 100644 index 000000000..7f465f139 --- /dev/null +++ b/src/enums/ExternalReferenceType.ts @@ -0,0 +1,18 @@ +export enum ExternalReferenceType { + VCS = "vcs", + IssueTracker = "issue-tracker", + Website= "website", + Advisories = "advisories", + BOM = "bom", + MailingList = "mailing-list", + Social = "social", + Chat = "chat", + Documentation = "documentation", + Support = "support", + Distribution = "distribution", + License = "license", + BuildMeta = "build-meta", + BuildSystem = "build-system", + ReleaseNotes = "release-notes", + Other = "other", +} \ No newline at end of file diff --git a/src/enums/HashAlogorithms.ts b/src/enums/HashAlogorithms.ts new file mode 100644 index 000000000..059119b73 --- /dev/null +++ b/src/enums/HashAlogorithms.ts @@ -0,0 +1,14 @@ +export enum HashAlgorithm { + MD5 = "MD5", + "SHA-1" = "SHA-1", + "SHA-256" = "SHA-256", + "SHA-384" = "SHA-384", + "SHA-512" = "SHA-512", + "SHA3-256" = "SHA3-256", + "SHA3-384" = "SHA3-384", + "SHA3-512" = "SHA3-512", + "BLAKE2b-256" = "BLAKE2b-256", + "BLAKE2b-384" = "BLAKE2b-384", + "BLAKE2b-512" = "BLAKE2b-512", + BLAKE3 = "BLAKE3", +} \ No newline at end of file diff --git a/src/models/Attachment.ts b/src/models/Attachment.ts new file mode 100644 index 000000000..27a5816c4 --- /dev/null +++ b/src/models/Attachment.ts @@ -0,0 +1,11 @@ +import {AttachmentEncoding} from "../enums/AttachmentEncoding"; + +export class Attachment { + contentType: string | null = null + content: string + encoding: AttachmentEncoding | null = null + + constructor(content:string) { + this.content = content + } +} diff --git a/src/models/Bom.ts b/src/models/Bom.ts new file mode 100644 index 000000000..16093f8bb --- /dev/null +++ b/src/models/Bom.ts @@ -0,0 +1,46 @@ +import {Metadata} from "./Metadata" +import {ComponentRepository} from "./Component" + +const SerialNumberRegExp = /^urn:uuid:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/ + +export class Bom { + + // bomFormat is not part of model, it is a runtime information + // specVersion is not part of model, it is a runtime information + + metadata = new Metadata() + components = new ComponentRepository() + + /** positive integer */ + #version: number = 1 + /** @type {number} positive integer */ + get version(): number { + return this.#version + } + /** @param {number} value positive integer */ + set version(value: number) { + if (!Number.isInteger(value)) { + throw new TypeError(`${value} is not integer`) + } + if (value < 1) { + throw new RangeError(`${value} must be >= 1`) + } + this.#version = value + } + + #serialNumber: string | null = null + get serialNumber(): string | null { + return this.#serialNumber + } + set serialNumber(value: string | null) { + if (value !== null && !Bom.isEligibleSerialNumber(value)) { + throw new RangeError(`${value} is no eligible SerialNumber`) + } + this.#serialNumber = value + } + + static isEligibleSerialNumber(value: string | any): boolean { + return typeof value == 'string' && + SerialNumberRegExp.test(value) + } +} diff --git a/src/models/BomRef.ts b/src/models/BomRef.ts new file mode 100644 index 000000000..ab65cca9e --- /dev/null +++ b/src/models/BomRef.ts @@ -0,0 +1,6 @@ +export class BomRef { + value: string | null = null +} + +export class BomRefRepository extends Set { +} diff --git a/src/models/Component.ts b/src/models/Component.ts new file mode 100644 index 000000000..cd46f74be --- /dev/null +++ b/src/models/Component.ts @@ -0,0 +1,39 @@ +import {ComponentType} from "../enums/ComponentType"; +import {BomRef} from "./BomRef"; +import {HashRepository} from "./Hash"; +import {OrganizationalEntity} from "./OrganizationalEntity"; +import {ExternalReferenceRepository} from "./ExternalReference"; +import {LicenseRepository} from "./License"; +import {ComponentScope} from "../enums/ComponentScope"; +import {PackageURL} from 'packageurl-js'; +import {SWID} from "./SWID"; + +export class Component { + readonly bomRef = new BomRef() + type: ComponentType + name: string + + author: string | null = null + copyright: string | null = null + cpe: string | null = null + description: string | null = null + externalReferences = new ExternalReferenceRepository() // TODO + group: string | null = null + hashes = new HashRepository() + licenses = new LicenseRepository() + publisher: string | null = null + purl: PackageURL | null = null + scope: ComponentScope | null = null + supplier: OrganizationalEntity | null = null + swid: SWID | null = null + version: string | null = null + + + constructor(type: ComponentType, name: string) { + this.type = type + this.name = name + } +} + +export class ComponentRepository extends Set { +} diff --git a/src/models/ExternalReference.ts b/src/models/ExternalReference.ts new file mode 100644 index 000000000..5b7c4f56e --- /dev/null +++ b/src/models/ExternalReference.ts @@ -0,0 +1,15 @@ +import {ExternalReferenceType} from "../enums/ExternalReferenceType"; + +export class ExternalReference { + url: URL + type: ExternalReferenceType + comment: string | null = null + + constructor(url: URL, type: ExternalReferenceType) { + this.url = url + this.type = type + } +} + +export class ExternalReferenceRepository extends Set { +} diff --git a/src/models/Hash.ts b/src/models/Hash.ts new file mode 100644 index 000000000..0c3980944 --- /dev/null +++ b/src/models/Hash.ts @@ -0,0 +1,14 @@ +import {HashAlgorithm} from "../enums/HashAlogorithms"; + +// no regex for the ashContent in here. It applies at runtime of a normalization/serialization process. +export type HashContent = string + +export type Hash = [ + // order matters: it must reflect key, value of HashRepository - + // this way a HashRepository can be constructed from multiple Hash objects. + algorithm: HashAlgorithm, + content: HashContent +] + +export class HashRepository extends Map { +} diff --git a/src/models/License.ts b/src/models/License.ts new file mode 100644 index 000000000..87136dd52 --- /dev/null +++ b/src/models/License.ts @@ -0,0 +1,33 @@ +export class LicenseExpression { + value: string + + constructor(value: string) { + this.value = value + } +} + + +export class NamedLicense { + name: string + text: string | null = null + url: URL | null = null + + constructor(name: string) { + this.name = name + } +} + +export class SpdxLicense { + id: string // todo spdx enum + text: string | null = null + url: URL | null = null + + constructor(id: string) { + this.id = id + } +} + +export type LicenseChoice = NamedLicense | SpdxLicense | LicenseExpression + +export class LicenseRepository extends Set { +} diff --git a/src/models/Metadata.ts b/src/models/Metadata.ts new file mode 100644 index 000000000..1a26c7146 --- /dev/null +++ b/src/models/Metadata.ts @@ -0,0 +1,13 @@ +import {Component} from "./Component"; +import {ToolRepository} from "./Tool" +import {OrganizationalEntity} from "./OrganizationalEntity"; +import {OrganizationalContactRepository} from "./OrganizationalContact"; + +export class Metadata { + timestamp: Date | null = null + tools = new ToolRepository() + authors = new OrganizationalContactRepository() + component: Component | null = null + manufacture: OrganizationalEntity | null = null + supplier: OrganizationalEntity | null = null +} diff --git a/src/models/OrganizationalContact.ts b/src/models/OrganizationalContact.ts new file mode 100644 index 000000000..a420e7504 --- /dev/null +++ b/src/models/OrganizationalContact.ts @@ -0,0 +1,8 @@ +export class OrganizationalContact { + name: string | null = null + email: string | null = null + phone: string | null = null +} + +export class OrganizationalContactRepository extends Set { +} diff --git a/src/models/OrganizationalEntity.ts b/src/models/OrganizationalEntity.ts new file mode 100644 index 000000000..ef249127a --- /dev/null +++ b/src/models/OrganizationalEntity.ts @@ -0,0 +1,10 @@ +import {OrganizationalContactRepository} from "./OrganizationalContact"; + +export class OrganizationalEntity { + name: string | null = null + url = new Set() + contact = new OrganizationalContactRepository() +} + +export class OrganizationalEntityRepository extends Set { +} diff --git a/src/models/SWID.ts b/src/models/SWID.ts new file mode 100644 index 000000000..b98d55e14 --- /dev/null +++ b/src/models/SWID.ts @@ -0,0 +1,35 @@ +import {Attachment} from "./Attachment"; + +export class SWID { + tagId: string + name: string + version: string | null = null + #tagVersion: number | null = null + patch: boolean | null = null + text: Attachment | null = null + url: URL | null = null + + constructor(tagId: string, name: string) { + this.tagId = tagId + this.name = name + } + + /** @type {(number|null)} positive integer ur null */ + get tagVersion(): number | null { + return this.#tagVersion + } + + /** @param {(number|null)} value positive integer ur null */ + set tagVersion(value: number | null) { + if (value !== null) { + if (!Number.isInteger(value)) { + throw new TypeError(`${value} is not integer`) + } + if (value < 1) { + throw new RangeError(`${value} must be >= 1`) + } + } + this.#tagVersion = value + } + +} diff --git a/src/models/Tool.ts b/src/models/Tool.ts new file mode 100644 index 000000000..a5ecced7d --- /dev/null +++ b/src/models/Tool.ts @@ -0,0 +1,11 @@ +import {HashRepository} from "./Hash"; + +export class Tool { + vendor: string | null = null + name: string | null = null + version: string | null = null + hashes = new HashRepository() +} + +export class ToolRepository extends Set { +} diff --git a/tsconfig.json b/tsconfig.json new file mode 100644 index 000000000..08c668360 --- /dev/null +++ b/tsconfig.json @@ -0,0 +1,103 @@ +{ + "compilerOptions": { + /* Visit https://aka.ms/tsconfig.json to read more about this file */ + + /* Projects */ + // "incremental": true, /* Enable incremental compilation */ + // "composite": true, /* Enable constraints that allow a TypeScript project to be used with project references. */ + // "tsBuildInfoFile": "./", /* Specify the folder for .tsbuildinfo incremental compilation files. */ + // "disableSourceOfProjectReferenceRedirect": true, /* Disable preferring source files instead of declaration files when referencing composite projects */ + // "disableSolutionSearching": true, /* Opt a project out of multi-project reference checking when editing. */ + // "disableReferencedProjectLoad": true, /* Reduce the number of projects loaded automatically by TypeScript. */ + + /* Language and Environment */ + "target": "ESNext", /* Set the JavaScript language version for emitted JavaScript and include compatible library declarations. */ + // "lib": [], /* Specify a set of bundled library declaration files that describe the target runtime environment. */ + // "jsx": "preserve", /* Specify what JSX code is generated. */ + // "experimentalDecorators": true, /* Enable experimental support for TC39 stage 2 draft decorators. */ + // "emitDecoratorMetadata": true, /* Emit design-type metadata for decorated declarations in source files. */ + // "jsxFactory": "", /* Specify the JSX factory function used when targeting React JSX emit, e.g. 'React.createElement' or 'h' */ + // "jsxFragmentFactory": "", /* Specify the JSX Fragment reference used for fragments when targeting React JSX emit e.g. 'React.Fragment' or 'Fragment'. */ + // "jsxImportSource": "", /* Specify module specifier used to import the JSX factory functions when using `jsx: react-jsx*`.` */ + // "reactNamespace": "", /* Specify the object invoked for `createElement`. This only applies when targeting `react` JSX emit. */ + // "noLib": true, /* Disable including any library files, including the default lib.d.ts. */ + // "useDefineForClassFields": true, /* Emit ECMAScript-standard-compliant class fields. */ + + /* Modules */ + "module": "ESNext", /* Specify what module code is generated. */ + "rootDir": "./", /* Specify the root folder within your source files. */ + "moduleResolution": "node", /* Specify how TypeScript looks up a file from a given module specifier. */ + // "baseUrl": "./", /* Specify the base directory to resolve non-relative module names. */ + // "paths": {}, /* Specify a set of entries that re-map imports to additional lookup locations. */ + // "rootDirs": [], /* Allow multiple folders to be treated as one when resolving modules. */ + // "typeRoots": [], /* Specify multiple folders that act like `./node_modules/@types`. */ + // "types": [], /* Specify type package names to be included without being referenced in a source file. */ + // "allowUmdGlobalAccess": true, /* Allow accessing UMD globals from modules. */ + // "resolveJsonModule": true, /* Enable importing .json files */ + // "noResolve": true, /* Disallow `import`s, `require`s or ``s from expanding the number of files TypeScript should add to a project. */ + + /* JavaScript Support */ + // "allowJs": true, /* Allow JavaScript files to be a part of your program. Use the `checkJS` option to get errors from these files. */ + // "checkJs": true, /* Enable error reporting in type-checked JavaScript files. */ + // "maxNodeModuleJsDepth": 1, /* Specify the maximum folder depth used for checking JavaScript files from `node_modules`. Only applicable with `allowJs`. */ + + /* Emit */ + "declaration": true, /* Generate .d.ts files from TypeScript and JavaScript files in your project. */ + "declarationMap": true, /* Create sourcemaps for d.ts files. */ + // "emitDeclarationOnly": true, /* Only output d.ts files and not JavaScript files. */ + "sourceMap": true, /* Create source map files for emitted JavaScript files. */ + // "outFile": "./", /* Specify a file that bundles all outputs into one JavaScript file. If `declaration` is true, also designates a file that bundles all .d.ts output. */ + "outDir": "./dist/", /* Specify an output folder for all emitted files. */ + // "removeComments": true, /* Disable emitting comments. */ + // "noEmit": true, /* Disable emitting files from a compilation. */ + // "importHelpers": true, /* Allow importing helper functions from tslib once per project, instead of including them per-file. */ + // "importsNotUsedAsValues": "remove", /* Specify emit/checking behavior for imports that are only used for types */ + // "downlevelIteration": true, /* Emit more compliant, but verbose and less performant JavaScript for iteration. */ + // "sourceRoot": "", /* Specify the root path for debuggers to find the reference source code. */ + // "mapRoot": "", /* Specify the location where debugger should locate map files instead of generated locations. */ + // "inlineSourceMap": true, /* Include sourcemap files inside the emitted JavaScript. */ + // "inlineSources": true, /* Include source code in the sourcemaps inside the emitted JavaScript. */ + // "emitBOM": true, /* Emit a UTF-8 Byte Order Mark (BOM) in the beginning of output files. */ + // "newLine": "crlf", /* Set the newline character for emitting files. */ + // "stripInternal": true, /* Disable emitting declarations that have `@internal` in their JSDoc comments. */ + // "noEmitHelpers": true, /* Disable generating custom helper functions like `__extends` in compiled output. */ + // "noEmitOnError": true, /* Disable emitting files if any type checking errors are reported. */ + // "preserveConstEnums": true, /* Disable erasing `const enum` declarations in generated code. */ + // "declarationDir": "./", /* Specify the output directory for generated declaration files. */ + // "preserveValueImports": true, /* Preserve unused imported values in the JavaScript output that would otherwise be removed. */ + + /* Interop Constraints */ + // "isolatedModules": true, /* Ensure that each file can be safely transpiled without relying on other imports. */ + // "allowSyntheticDefaultImports": true, /* Allow 'import x from y' when a module doesn't have a default export. */ + "esModuleInterop": true, /* Emit additional JavaScript to ease support for importing CommonJS modules. This enables `allowSyntheticDefaultImports` for type compatibility. */ + // "preserveSymlinks": true, /* Disable resolving symlinks to their realpath. This correlates to the same flag in node. */ + "forceConsistentCasingInFileNames": true, /* Ensure that casing is correct in imports. */ + + /* Type Checking */ + "strict": true, /* Enable all strict type-checking options. */ + // "noImplicitAny": true, /* Enable error reporting for expressions and declarations with an implied `any` type.. */ + "strictNullChecks": true, /* When type checking, take into account `null` and `undefined`. */ + "strictFunctionTypes": true, /* When assigning functions, check to ensure parameters and the return values are subtype-compatible. */ + "strictBindCallApply": true, /* Check that the arguments for `bind`, `call`, and `apply` methods match the original function. */ + "strictPropertyInitialization": true, /* Check for class properties that are declared but not set in the constructor. */ + "noImplicitThis": true, /* Enable error reporting when `this` is given the type `any`. */ + // "useUnknownInCatchVariables": true, /* Type catch clause variables as 'unknown' instead of 'any'. */ + "alwaysStrict": true, /* Ensure 'use strict' is always emitted. */ + // "noUnusedLocals": true, /* Enable error reporting when a local variables aren't read. */ + // "noUnusedParameters": true, /* Raise an error when a function parameter isn't read */ + // "exactOptionalPropertyTypes": true, /* Interpret optional property types as written, rather than adding 'undefined'. */ + // "noImplicitReturns": true, /* Enable error reporting for codepaths that do not explicitly return in a function. */ + // "noFallthroughCasesInSwitch": true, /* Enable error reporting for fallthrough cases in switch statements. */ + // "noUncheckedIndexedAccess": true, /* Include 'undefined' in index signature results */ + // "noImplicitOverride": true, /* Ensure overriding members in derived classes are marked with an override modifier. */ + // "noPropertyAccessFromIndexSignature": true, /* Enforces using indexed accessors for keys declared using an indexed type */ + // "allowUnusedLabels": true, /* Disable error reporting for unused labels. */ + "allowUnreachableCode": false, /* Disable error reporting for unreachable code. */ + + /* Completeness */ + // "skipDefaultLibCheck": true, /* Skip type checking .d.ts files that are included with TypeScript. */ + "skipLibCheck": false /* Skip type checking all .d.ts files. */ + }, + "include": ["src/**/*"], + "exclude": ["node_modules", "**/*.spec.ts"] +} From a29cd9f7f8ea3496b0db85ee94de9c5b2acf18f2 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sun, 6 Mar 2022 13:20:08 +0100 Subject: [PATCH 002/233] wip Signed-off-by: Jan Kowalleck --- tsconfig.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tsconfig.json b/tsconfig.json index 08c668360..38b4e31a5 100644 --- a/tsconfig.json +++ b/tsconfig.json @@ -58,7 +58,7 @@ // "inlineSourceMap": true, /* Include sourcemap files inside the emitted JavaScript. */ // "inlineSources": true, /* Include source code in the sourcemaps inside the emitted JavaScript. */ // "emitBOM": true, /* Emit a UTF-8 Byte Order Mark (BOM) in the beginning of output files. */ - // "newLine": "crlf", /* Set the newline character for emitting files. */ + "newLine": "lf", /* Set the newline character for emitting files. */ // "stripInternal": true, /* Disable emitting declarations that have `@internal` in their JSDoc comments. */ // "noEmitHelpers": true, /* Disable generating custom helper functions like `__extends` in compiled output. */ // "noEmitOnError": true, /* Disable emitting files if any type checking errors are reported. */ From a5a628578e9e0b48a4d8e9ae9024eef3c772c1c3 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sun, 6 Mar 2022 13:43:56 +0100 Subject: [PATCH 003/233] wip Signed-off-by: Jan Kowalleck --- src/models/Hash.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/models/Hash.ts b/src/models/Hash.ts index 0c3980944..a4ad999bb 100644 --- a/src/models/Hash.ts +++ b/src/models/Hash.ts @@ -4,7 +4,7 @@ import {HashAlgorithm} from "../enums/HashAlogorithms"; export type HashContent = string export type Hash = [ - // order matters: it must reflect key, value of HashRepository - + // order matters: it must reflect [key, value] of HashRepository - // this way a HashRepository can be constructed from multiple Hash objects. algorithm: HashAlgorithm, content: HashContent From b150b92f6739661e4703b766ab6d71c0ab15fd9e Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sun, 6 Mar 2022 13:56:53 +0100 Subject: [PATCH 004/233] wip Signed-off-by: Jan Kowalleck --- res/.gitattributes | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/res/.gitattributes b/res/.gitattributes index f72bcfb68..037071b63 100644 --- a/res/.gitattributes +++ b/res/.gitattributes @@ -4,4 +4,4 @@ # specs are vendored for offline use *.xsd linguist-vendored -*.schema.json linguist-vendored \ No newline at end of file +*.schema.json linguist-vendored From 3729da03979ca712c0d497c6fab9155bb8d74b98 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sun, 6 Mar 2022 14:08:22 +0100 Subject: [PATCH 005/233] wip Signed-off-by: Jan Kowalleck --- .editorconfig | 7 ++++++- src/enums/AttachmentEncoding.ts | 2 +- src/enums/ComponentScope.ts | 2 +- src/enums/ComponentType.ts | 2 +- src/enums/ExternalReferenceType.ts | 2 +- src/enums/HashAlogorithms.ts | 2 +- src/models/Component.ts | 4 +--- src/models/License.ts | 3 +-- src/models/SWID.ts | 4 ++-- 9 files changed, 15 insertions(+), 13 deletions(-) diff --git a/.editorconfig b/.editorconfig index 0bb108a18..8a3267dcd 100644 --- a/.editorconfig +++ b/.editorconfig @@ -1,3 +1,5 @@ +# EditorConfig is awesome: https://EditorConfig.org + root = true [*] @@ -8,5 +10,8 @@ insert_final_newline = true # trailing white spaces are used for linebreaks in paragraphs. trim_trailing_whitespace = false -[*.ts] +[*.{ts,js}] charset = utf-8 +end_of_line = lf +trim_trailing_whitespace = true +insert_final_newline = true diff --git a/src/enums/AttachmentEncoding.ts b/src/enums/AttachmentEncoding.ts index 4d4827341..75834233b 100644 --- a/src/enums/AttachmentEncoding.ts +++ b/src/enums/AttachmentEncoding.ts @@ -1,3 +1,3 @@ export enum AttachmentEncoding { Base64 = "base64", -} \ No newline at end of file +} diff --git a/src/enums/ComponentScope.ts b/src/enums/ComponentScope.ts index 5b73c2fe5..fb9d11fdc 100644 --- a/src/enums/ComponentScope.ts +++ b/src/enums/ComponentScope.ts @@ -2,4 +2,4 @@ export enum ComponentScope { Required = "required", Optional = "optional", Excluded = "excluded", -} \ No newline at end of file +} diff --git a/src/enums/ComponentType.ts b/src/enums/ComponentType.ts index 995860340..14824113e 100644 --- a/src/enums/ComponentType.ts +++ b/src/enums/ComponentType.ts @@ -7,4 +7,4 @@ export enum ComponentType { Device = "device", Firmware = "firmware", File = "file", -} \ No newline at end of file +} diff --git a/src/enums/ExternalReferenceType.ts b/src/enums/ExternalReferenceType.ts index 7f465f139..e0da07015 100644 --- a/src/enums/ExternalReferenceType.ts +++ b/src/enums/ExternalReferenceType.ts @@ -15,4 +15,4 @@ export enum ExternalReferenceType { BuildSystem = "build-system", ReleaseNotes = "release-notes", Other = "other", -} \ No newline at end of file +} diff --git a/src/enums/HashAlogorithms.ts b/src/enums/HashAlogorithms.ts index 059119b73..90682d632 100644 --- a/src/enums/HashAlogorithms.ts +++ b/src/enums/HashAlogorithms.ts @@ -11,4 +11,4 @@ export enum HashAlgorithm { "BLAKE2b-384" = "BLAKE2b-384", "BLAKE2b-512" = "BLAKE2b-512", BLAKE3 = "BLAKE3", -} \ No newline at end of file +} diff --git a/src/models/Component.ts b/src/models/Component.ts index cd46f74be..d553edc6a 100644 --- a/src/models/Component.ts +++ b/src/models/Component.ts @@ -12,12 +12,11 @@ export class Component { readonly bomRef = new BomRef() type: ComponentType name: string - author: string | null = null copyright: string | null = null cpe: string | null = null description: string | null = null - externalReferences = new ExternalReferenceRepository() // TODO + externalReferences = new ExternalReferenceRepository() group: string | null = null hashes = new HashRepository() licenses = new LicenseRepository() @@ -28,7 +27,6 @@ export class Component { swid: SWID | null = null version: string | null = null - constructor(type: ComponentType, name: string) { this.type = type this.name = name diff --git a/src/models/License.ts b/src/models/License.ts index 87136dd52..291c7a6ea 100644 --- a/src/models/License.ts +++ b/src/models/License.ts @@ -6,7 +6,6 @@ export class LicenseExpression { } } - export class NamedLicense { name: string text: string | null = null @@ -18,7 +17,7 @@ export class NamedLicense { } export class SpdxLicense { - id: string // todo spdx enum + id: string // @TODO: have dynamic SPDX enum basec on json schema file -- use json import feature of nodejs? text: string | null = null url: URL | null = null diff --git a/src/models/SWID.ts b/src/models/SWID.ts index b98d55e14..4d49ffd57 100644 --- a/src/models/SWID.ts +++ b/src/models/SWID.ts @@ -4,7 +4,6 @@ export class SWID { tagId: string name: string version: string | null = null - #tagVersion: number | null = null patch: boolean | null = null text: Attachment | null = null url: URL | null = null @@ -14,11 +13,12 @@ export class SWID { this.name = name } + /** integer ur nul */ + #tagVersion: number | null = null /** @type {(number|null)} positive integer ur null */ get tagVersion(): number | null { return this.#tagVersion } - /** @param {(number|null)} value positive integer ur null */ set tagVersion(value: number | null) { if (value !== null) { From 1702b61eb9db43a09298d2bd9ad9530891d7cfd4 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sat, 26 Mar 2022 10:22:16 +0100 Subject: [PATCH 006/233] wip Signed-off-by: Jan Kowalleck --- .npmignore | 2 +- src/models/Bom.ts | 18 ++++++++---------- src/models/SWID.ts | 20 ++++++++------------ src/types.ts | 8 ++++++++ 4 files changed, 25 insertions(+), 23 deletions(-) create mode 100644 src/types.ts diff --git a/.npmignore b/.npmignore index 2ae0e76f0..7f7721e56 100644 --- a/.npmignore +++ b/.npmignore @@ -7,7 +7,7 @@ # this file is part of the license !/NOTICE -# do not ignore the results - these are intended to be shipped +# never ignore the results - these are intended to be shipped !/dist/ # ??? should the src/ and tests/ and build-related files be ignored? diff --git a/src/models/Bom.ts b/src/models/Bom.ts index 16093f8bb..672e9dcb3 100644 --- a/src/models/Bom.ts +++ b/src/models/Bom.ts @@ -1,5 +1,6 @@ import {Metadata} from "./Metadata" import {ComponentRepository} from "./Component" +import {PositiveInteger, isPositiveInteger} from "../types" const SerialNumberRegExp = /^urn:uuid:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/ @@ -12,18 +13,15 @@ export class Bom { components = new ComponentRepository() /** positive integer */ - #version: number = 1 - /** @type {number} positive integer */ - get version(): number { + #version: PositiveInteger = 1 + /** @type {PositiveInteger} positive integer */ + get version(): PositiveInteger { return this.#version } - /** @param {number} value positive integer */ - set version(value: number) { - if (!Number.isInteger(value)) { - throw new TypeError(`${value} is not integer`) - } - if (value < 1) { - throw new RangeError(`${value} must be >= 1`) + /** @param {PositiveInteger} value positive integer */ + set version(value: PositiveInteger) { + if (!isPositiveInteger(value)) { + throw new RangeError(`${value} is not PositiveInteger`) } this.#version = value } diff --git a/src/models/SWID.ts b/src/models/SWID.ts index 4d49ffd57..2e7a3a035 100644 --- a/src/models/SWID.ts +++ b/src/models/SWID.ts @@ -1,4 +1,5 @@ import {Attachment} from "./Attachment"; +import {PositiveInteger, isPositiveInteger} from "../types" export class SWID { tagId: string @@ -14,20 +15,15 @@ export class SWID { } /** integer ur nul */ - #tagVersion: number | null = null - /** @type {(number|null)} positive integer ur null */ - get tagVersion(): number | null { + #tagVersion: PositiveInteger | null = null + /** @type {(PositiveInteger|null)} positive integer or null */ + get tagVersion(): PositiveInteger | null { return this.#tagVersion } - /** @param {(number|null)} value positive integer ur null */ - set tagVersion(value: number | null) { - if (value !== null) { - if (!Number.isInteger(value)) { - throw new TypeError(`${value} is not integer`) - } - if (value < 1) { - throw new RangeError(`${value} must be >= 1`) - } + /** @param {(PositiveInteger|null)} value positive integer or null */ + set tagVersion(value: PositiveInteger | null) { + if (value !== null && !isPositiveInteger(value)) { + throw new TypeError(`${value} is not PositiveInteger or null`) } this.#tagVersion = value } diff --git a/src/types.ts b/src/types.ts new file mode 100644 index 000000000..9289db725 --- /dev/null +++ b/src/types.ts @@ -0,0 +1,8 @@ + +export type PositiveInteger = number + +export function isPositiveInteger(value: any): value is PositiveInteger +{ + return Number.isInteger(value) + && value > 0 +} From 0793f5bd30d84e8765a86414ef08eabdcd7f0a08 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sat, 26 Mar 2022 10:24:31 +0100 Subject: [PATCH 007/233] wip Signed-off-by: Jan Kowalleck --- package-lock.json | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/package-lock.json b/package-lock.json index 00436ddaf..ce26fe746 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,9 +1,12 @@ { - "name": "cyclonedx-javascript-library", + "name": "@cyclonedx/cyclonedx-library", + "version": "0.0.1-alpha", "lockfileVersion": 2, "requires": true, "packages": { "": { + "name": "@cyclonedx/cyclonedx-library", + "version": "0.0.1-alpha", "dependencies": { "packageurl-js": "^0.0.5" }, @@ -17,9 +20,9 @@ "integrity": "sha512-BISQVKLiu7EsWF5Qhx8OvX6K5vOfFcYuQBggFfrF2dHu+/Z2snuabilb0EyLvHZH0XXqbEz20pqFRonTt8z6QA==" }, "node_modules/typescript": { - "version": "4.6.2", - "resolved": "https://registry.npmjs.org/typescript/-/typescript-4.6.2.tgz", - "integrity": "sha512-HM/hFigTBHZhLXshn9sN37H085+hQGeJHJ/X7LpBWLID/fbc2acUMfU+lGD98X81sKP+pFa9f0DZmCwB9GnbAg==", + "version": "4.6.3", + "resolved": "https://registry.npmjs.org/typescript/-/typescript-4.6.3.tgz", + "integrity": "sha512-yNIatDa5iaofVozS/uQJEl3JRWLKKGJKh6Yaiv0GLGSuhpFJe7P3SbHZ8/yjAHRQwKRoA6YZqlfjXWmVzoVSMw==", "dev": true, "bin": { "tsc": "bin/tsc", @@ -37,9 +40,9 @@ "integrity": "sha512-BISQVKLiu7EsWF5Qhx8OvX6K5vOfFcYuQBggFfrF2dHu+/Z2snuabilb0EyLvHZH0XXqbEz20pqFRonTt8z6QA==" }, "typescript": { - "version": "4.6.2", - "resolved": "https://registry.npmjs.org/typescript/-/typescript-4.6.2.tgz", - "integrity": "sha512-HM/hFigTBHZhLXshn9sN37H085+hQGeJHJ/X7LpBWLID/fbc2acUMfU+lGD98X81sKP+pFa9f0DZmCwB9GnbAg==", + "version": "4.6.3", + "resolved": "https://registry.npmjs.org/typescript/-/typescript-4.6.3.tgz", + "integrity": "sha512-yNIatDa5iaofVozS/uQJEl3JRWLKKGJKh6Yaiv0GLGSuhpFJe7P3SbHZ8/yjAHRQwKRoA6YZqlfjXWmVzoVSMw==", "dev": true } } From cd31bc205bcbca21170629c839c6cb150b98ae1c Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sat, 26 Mar 2022 10:37:04 +0100 Subject: [PATCH 008/233] wip Signed-off-by: Jan Kowalleck --- .npmignore | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.npmignore b/.npmignore index 7f7721e56..3294d135f 100644 --- a/.npmignore +++ b/.npmignore @@ -11,5 +11,6 @@ !/dist/ # ??? should the src/ and tests/ and build-related files be ignored? -# i think not, as typescript-users would love to have it. -# !!! see how other projects do it. +# I think not, as TypeScript-users would love to have sources (and tests), +# so they can compile into the desired target themselves. +# Conclusion: have sources shipped, as long as they have value downstream! From 48803521283cadeb52bd86965bd47ab0b360f3ad Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sat, 26 Mar 2022 10:38:09 +0100 Subject: [PATCH 009/233] wip Signed-off-by: Jan Kowalleck --- .npmignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.npmignore b/.npmignore index 3294d135f..0cb29b188 100644 --- a/.npmignore +++ b/.npmignore @@ -3,6 +3,7 @@ # project internals can be ignored /CODEOWNERS +/CONTRIBUTING.* # this file is part of the license !/NOTICE From 37e12466288c759568d5025f1f072fad65a27dac Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sat, 26 Mar 2022 10:41:04 +0100 Subject: [PATCH 010/233] wip Signed-off-by: Jan Kowalleck --- .npmignore | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/.npmignore b/.npmignore index 0cb29b188..37f1828af 100644 --- a/.npmignore +++ b/.npmignore @@ -1,3 +1,5 @@ +# nodeignore - test with `` + # ignore dot-files/-folders .* @@ -12,6 +14,10 @@ !/dist/ # ??? should the src/ and tests/ and build-related files be ignored? -# I think not, as TypeScript-users would love to have sources (and tests), +# Sources are not to be excluded, as TypeScript-users would love to have sources (and tests), # so they can compile into the desired target themselves. +# Tests, on he other hand, do not provide value downstream. # Conclusion: have sources shipped, as long as they have value downstream! +!/src/ +!/tsconfig.json +/tests/ From a96a5cdd284cd572ed4971ce1eaad8306366c107 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sat, 26 Mar 2022 12:15:48 +0100 Subject: [PATCH 011/233] wip Signed-off-by: Jan Kowalleck --- .github/workflows/nodejs.yml | 8 +++++++- .github/workflows/release.yml | 2 +- .npmignore | 2 +- package-lock.json | 13 +++++++++++++ package.json | 5 +++++ src/enums/index.ts | 8 ++++++++ src/index.ts | 3 +++ src/models/index.ts | 12 ++++++++++++ tests/testFoo.js | 3 +++ tsconfig.json | 6 +++--- 10 files changed, 56 insertions(+), 6 deletions(-) create mode 100644 src/enums/index.ts create mode 100644 src/index.ts create mode 100644 src/models/index.ts create mode 100644 tests/testFoo.js diff --git a/.github/workflows/nodejs.yml b/.github/workflows/nodejs.yml index 182c3b06c..17ad4ea23 100644 --- a/.github/workflows/nodejs.yml +++ b/.github/workflows/nodejs.yml @@ -30,5 +30,11 @@ jobs: cache-dependency-path: "**/package-lock.json" - name: install project run: npm ci - - name: run lint + - name: lint run: npm run lint + - name: clean + run: npm run clean + - name: build + run: npm run build + - name: test + run: npm run test diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 506652627..b3d9cec3d 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -10,4 +10,4 @@ on: env: NODE_ACTIVE_LTS: "16" -jobs: # TODO write workflow +jobs: # TODO write workflow thar cleans and builds diff --git a/.npmignore b/.npmignore index 37f1828af..e2ea42cd7 100644 --- a/.npmignore +++ b/.npmignore @@ -1,4 +1,4 @@ -# nodeignore - test with `` +# nodeignore - test with `npm pack` # ignore dot-files/-folders .* diff --git a/package-lock.json b/package-lock.json index ce26fe746..af7a4e6f6 100644 --- a/package-lock.json +++ b/package-lock.json @@ -11,9 +11,16 @@ "packageurl-js": "^0.0.5" }, "devDependencies": { + "@types/node": "^17.0.23", "typescript": "^4.6" } }, + "node_modules/@types/node": { + "version": "17.0.23", + "resolved": "https://registry.npmjs.org/@types/node/-/node-17.0.23.tgz", + "integrity": "sha512-UxDxWn7dl97rKVeVS61vErvw086aCYhDLyvRQZ5Rk65rZKepaFdm53GeqXaKBuOhED4e9uWq34IC3TdSdJJ2Gw==", + "dev": true + }, "node_modules/packageurl-js": { "version": "0.0.5", "resolved": "https://registry.npmjs.org/packageurl-js/-/packageurl-js-0.0.5.tgz", @@ -34,6 +41,12 @@ } }, "dependencies": { + "@types/node": { + "version": "17.0.23", + "resolved": "https://registry.npmjs.org/@types/node/-/node-17.0.23.tgz", + "integrity": "sha512-UxDxWn7dl97rKVeVS61vErvw086aCYhDLyvRQZ5Rk65rZKepaFdm53GeqXaKBuOhED4e9uWq34IC3TdSdJJ2Gw==", + "dev": true + }, "packageurl-js": { "version": "0.0.5", "resolved": "https://registry.npmjs.org/packageurl-js/-/packageurl-js-0.0.5.tgz", diff --git a/package.json b/package.json index 6ebbe6153..8455bd3b0 100644 --- a/package.json +++ b/package.json @@ -1,14 +1,19 @@ { "name": "@cyclonedx/cyclonedx-library", + "type": "commonjs", "version": "0.0.1-alpha", "dependencies": { "packageurl-js": "^0.0.5" }, "devDependencies": { + "@types/node": "^17.0.23", "typescript": "^4.6" }, + "main": "dist/index.js", + "types": "dist/index.d.ts", "scripts": { "lint": "tsc --noEmit", + "clean": "tsc --build --clean", "build": "tsc --build", "test": "echo 'todo: test dist/'" } diff --git a/src/enums/index.ts b/src/enums/index.ts new file mode 100644 index 000000000..bff8b48fa --- /dev/null +++ b/src/enums/index.ts @@ -0,0 +1,8 @@ +export * from "./AttachmentEncoding"; +export * from "./ComponentScope"; +export * from "./ComponentType"; +export * from "./ExternalReferenceType"; +export * from "./HashAlogorithms"; + + + diff --git a/src/index.ts b/src/index.ts new file mode 100644 index 000000000..2e1d780fd --- /dev/null +++ b/src/index.ts @@ -0,0 +1,3 @@ +export * as enums from "./enums"; +export * as models from "./models" +export * as types from "./types" diff --git a/src/models/index.ts b/src/models/index.ts new file mode 100644 index 000000000..5a17cad3f --- /dev/null +++ b/src/models/index.ts @@ -0,0 +1,12 @@ +export * from "./Attachment" +export * from "./Bom" +export * from "./BomRef" +export * from "./Component" +export * from "./ExternalReference" +export * from "./Hash" +export * from "./License" +export * from "./Metadata" +export * from "./OrganizationalContact" +export * from "./OrganizationalEntity" +export * from "./SWID" +export * from "./Tool" diff --git a/tests/testFoo.js b/tests/testFoo.js new file mode 100644 index 000000000..0b2cdc477 --- /dev/null +++ b/tests/testFoo.js @@ -0,0 +1,3 @@ +// test that require works as expected +const sut = require("../") +console.log(sut.enums.HashAlgorithm.MD5) diff --git a/tsconfig.json b/tsconfig.json index 38b4e31a5..a8c96d1c3 100644 --- a/tsconfig.json +++ b/tsconfig.json @@ -24,9 +24,9 @@ // "useDefineForClassFields": true, /* Emit ECMAScript-standard-compliant class fields. */ /* Modules */ - "module": "ESNext", /* Specify what module code is generated. */ - "rootDir": "./", /* Specify the root folder within your source files. */ - "moduleResolution": "node", /* Specify how TypeScript looks up a file from a given module specifier. */ + "module": "CommonJS", /* Specify what module code is generated. */ + "rootDir": "./src/", /* Specify the root folder within your source files. */ + "moduleResolution": "Node", /* Specify how TypeScript looks up a file from a given module specifier. */ // "baseUrl": "./", /* Specify the base directory to resolve non-relative module names. */ // "paths": {}, /* Specify a set of entries that re-map imports to additional lookup locations. */ // "rootDirs": [], /* Allow multiple folders to be treated as one when resolving modules. */ From 49dae58cf883e20c8a4e6ba3b1a851dcdc6ec1be Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sat, 26 Mar 2022 12:44:01 +0100 Subject: [PATCH 012/233] wip Signed-off-by: Jan Kowalleck --- .github/workflows/nodejs.yml | 2 -- tests/README.md | 3 +++ tsconfig.json | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) create mode 100644 tests/README.md diff --git a/.github/workflows/nodejs.yml b/.github/workflows/nodejs.yml index 17ad4ea23..4e96c416f 100644 --- a/.github/workflows/nodejs.yml +++ b/.github/workflows/nodejs.yml @@ -30,8 +30,6 @@ jobs: cache-dependency-path: "**/package-lock.json" - name: install project run: npm ci - - name: lint - run: npm run lint - name: clean run: npm run clean - name: build diff --git a/tests/README.md b/tests/README.md new file mode 100644 index 000000000..4c79a5983 --- /dev/null +++ b/tests/README.md @@ -0,0 +1,3 @@ +# Tests + +Tests are written in plain javascript, and they are intended to test the build target(`dist/`). diff --git a/tsconfig.json b/tsconfig.json index a8c96d1c3..ccca9280b 100644 --- a/tsconfig.json +++ b/tsconfig.json @@ -67,7 +67,7 @@ // "preserveValueImports": true, /* Preserve unused imported values in the JavaScript output that would otherwise be removed. */ /* Interop Constraints */ - // "isolatedModules": true, /* Ensure that each file can be safely transpiled without relying on other imports. */ + "isolatedModules": true, /* Ensure that each file can be safely transpiled without relying on other imports. */ // "allowSyntheticDefaultImports": true, /* Allow 'import x from y' when a module doesn't have a default export. */ "esModuleInterop": true, /* Emit additional JavaScript to ease support for importing CommonJS modules. This enables `allowSyntheticDefaultImports` for type compatibility. */ // "preserveSymlinks": true, /* Disable resolving symlinks to their realpath. This correlates to the same flag in node. */ From f2b0a5fea447e9c637c13fff27b29782a2cddbd7 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sat, 26 Mar 2022 12:45:17 +0100 Subject: [PATCH 013/233] wip Signed-off-by: Jan Kowalleck --- tests/README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/README.md b/tests/README.md index 4c79a5983..ba0ee2eec 100644 --- a/tests/README.md +++ b/tests/README.md @@ -1,3 +1,4 @@ # Tests -Tests are written in plain javascript, and they are intended to test the build target(`dist/`). +Tests are written in plain JavaScript, and +they are intended to test the build target(`dist/`) - instead of the source(`src/`). From 22c5f0b984e63ad35bbc4e236bcf5cbeb8ac01fd Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sat, 26 Mar 2022 12:45:45 +0100 Subject: [PATCH 014/233] wip Signed-off-by: Jan Kowalleck --- tests/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/README.md b/tests/README.md index ba0ee2eec..9da211655 100644 --- a/tests/README.md +++ b/tests/README.md @@ -1,4 +1,4 @@ # Tests Tests are written in plain JavaScript, and -they are intended to test the build target(`dist/`) - instead of the source(`src/`). +they are intended to test the build result(`dist/`) - instead of the source(`src/`). From 6ace92da79a02f1d04a24fd096e9546d34a2d83f Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sat, 26 Mar 2022 12:48:48 +0100 Subject: [PATCH 015/233] wip Signed-off-by: Jan Kowalleck --- package-lock.json | 13 ------------- package.json | 1 - 2 files changed, 14 deletions(-) diff --git a/package-lock.json b/package-lock.json index af7a4e6f6..ce26fe746 100644 --- a/package-lock.json +++ b/package-lock.json @@ -11,16 +11,9 @@ "packageurl-js": "^0.0.5" }, "devDependencies": { - "@types/node": "^17.0.23", "typescript": "^4.6" } }, - "node_modules/@types/node": { - "version": "17.0.23", - "resolved": "https://registry.npmjs.org/@types/node/-/node-17.0.23.tgz", - "integrity": "sha512-UxDxWn7dl97rKVeVS61vErvw086aCYhDLyvRQZ5Rk65rZKepaFdm53GeqXaKBuOhED4e9uWq34IC3TdSdJJ2Gw==", - "dev": true - }, "node_modules/packageurl-js": { "version": "0.0.5", "resolved": "https://registry.npmjs.org/packageurl-js/-/packageurl-js-0.0.5.tgz", @@ -41,12 +34,6 @@ } }, "dependencies": { - "@types/node": { - "version": "17.0.23", - "resolved": "https://registry.npmjs.org/@types/node/-/node-17.0.23.tgz", - "integrity": "sha512-UxDxWn7dl97rKVeVS61vErvw086aCYhDLyvRQZ5Rk65rZKepaFdm53GeqXaKBuOhED4e9uWq34IC3TdSdJJ2Gw==", - "dev": true - }, "packageurl-js": { "version": "0.0.5", "resolved": "https://registry.npmjs.org/packageurl-js/-/packageurl-js-0.0.5.tgz", diff --git a/package.json b/package.json index 8455bd3b0..23205bdf2 100644 --- a/package.json +++ b/package.json @@ -6,7 +6,6 @@ "packageurl-js": "^0.0.5" }, "devDependencies": { - "@types/node": "^17.0.23", "typescript": "^4.6" }, "main": "dist/index.js", From af86dc0f6d9f0e77a50ee4399dec4114551deba9 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sat, 26 Mar 2022 13:02:32 +0100 Subject: [PATCH 016/233] wip Signed-off-by: Jan Kowalleck --- README.md | 28 ++++++++++++++++++++++++++-- 1 file changed, 26 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 4cb70a08b..e8192ef64 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,26 @@ -# cyclonedx-javascript-library -core functionality of CDX for JavaScript (node or web-browser) +# CycloneDX JavaScript library + +Core functionality of CDX for JavaScript (node or web-browser), +written in TypeScript and transpiled to the target. + +## Setup + +Install dependencies: +```shell +npm ci +``` + +## Build + +Build the JavaScript: +```shell +npm run clean && \ +npm run build +``` + +## Test + +Run the tests: +```shell +npm run test +``` From 75a76730246e8307395973d6d18ff1eb1362f993 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sat, 26 Mar 2022 13:13:18 +0100 Subject: [PATCH 017/233] wip Signed-off-by: Jan Kowalleck --- .npmignore | 144 ++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 143 insertions(+), 1 deletion(-) diff --git a/.npmignore b/.npmignore index e2ea42cd7..671f1a61d 100644 --- a/.npmignore +++ b/.npmignore @@ -1,4 +1,145 @@ # nodeignore - test with `npm pack` +# content: +# 1. general excludes +# 2. some custom overrides + + +### region https://github.com/github/gitignore/blob/main/Node.gitignore + +# Logs +logs +*.log +npm-debug.log* +yarn-debug.log* +yarn-error.log* +lerna-debug.log* +.pnpm-debug.log* + +# Diagnostic reports (https://nodejs.org/api/report.html) +report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json + +# Runtime data +pids +*.pid +*.seed +*.pid.lock + +# Directory for instrumented libs generated by jscoverage/JSCover +lib-cov + +# Coverage directory used by tools like istanbul +coverage +*.lcov + +# nyc test coverage +.nyc_output + +# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files) +.grunt + +# Bower dependency directory (https://bower.io/) +bower_components + +# node-waf configuration +.lock-wscript + +# Compiled binary addons (https://nodejs.org/api/addons.html) +build/Release + +# Dependency directories +node_modules/ +jspm_packages/ + +# Snowpack dependency directory (https://snowpack.dev/) +web_modules/ + +# TypeScript cache +*.tsbuildinfo + +# Optional npm cache directory +.npm + +# Optional eslint cache +.eslintcache + +# Optional stylelint cache +.stylelintcache + +# Microbundle cache +.rpt2_cache/ +.rts2_cache_cjs/ +.rts2_cache_es/ +.rts2_cache_umd/ + +# Optional REPL history +.node_repl_history + +# Output of 'npm pack' +*.tgz + +# Yarn Integrity file +.yarn-integrity + +# dotenv environment variable files +.env +.env.development.local +.env.test.local +.env.production.local +.env.local + +# parcel-bundler cache (https://parceljs.org/) +.cache +.parcel-cache + +# Next.js build output +.next +out + +# Nuxt.js build / generate output +.nuxt +dist + +# Gatsby files +.cache/ +# Comment in the public line in if your project uses Gatsby and not Next.js +# https://nextjs.org/blog/next-9-1#public-directory-support +# public + +# vuepress build output +.vuepress/dist + +# vuepress v2.x temp and cache directory +.temp +.cache + +# Docusaurus cache and generated files +.docusaurus + +# Serverless directories +.serverless/ + +# FuseBox cache +.fusebox/ + +# DynamoDB Local files +.dynamodb/ + +# TernJS port file +.tern-port + +# Stores VSCode versions used for testing VSCode extensions +.vscode-test + +# yarn v2 +.yarn/cache +.yarn/unplugged +.yarn/build-state.yml +.yarn/install-state.gz +.pnp.* + + + +#### customs and additions below # ignore dot-files/-folders .* @@ -7,7 +148,8 @@ /CODEOWNERS /CONTRIBUTING.* -# this file is part of the license +# these files are part of the license +!/LICENSE !/NOTICE # never ignore the results - these are intended to be shipped From fd6dcb45106a54d6ecdefb94b5283db02b117689 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Fri, 1 Apr 2022 09:21:58 +0200 Subject: [PATCH 018/233] wip Signed-off-by: Jan Kowalleck --- .npmignore | 1 + README.md | 28 ++++++++++++++++++++++++---- examples/e1.js | 5 +++++ 3 files changed, 30 insertions(+), 4 deletions(-) create mode 100644 examples/e1.js diff --git a/.npmignore b/.npmignore index 671f1a61d..116aaf400 100644 --- a/.npmignore +++ b/.npmignore @@ -163,3 +163,4 @@ dist !/src/ !/tsconfig.json /tests/ +/examples/ diff --git a/README.md b/README.md index e8192ef64..a9e118ec6 100644 --- a/README.md +++ b/README.md @@ -1,16 +1,36 @@ # CycloneDX JavaScript library Core functionality of CDX for JavaScript (node or web-browser), -written in TypeScript and transpiled to the target. +written in TypeScript and compiled to the target. -## Setup +## Usage + +### Install + +```shell +npm i -S @cyclonedx/cyclonedx-library +``` + +### Programmatic + +Example 1: +```javascript +const cdx = require('@cyclonedx/cyclonedx-library') +let bom = new cdx.models.Bom() +bom.components.add( + new cdx.models.Component(cdx.enums.ComponentType.Library, 'myComponent')) +``` + +## Development + +### Set up the project Install dependencies: ```shell npm ci ``` -## Build +### Build from source Build the JavaScript: ```shell @@ -18,7 +38,7 @@ npm run clean && \ npm run build ``` -## Test +### Test the build result Run the tests: ```shell diff --git a/examples/e1.js b/examples/e1.js new file mode 100644 index 000000000..7458ecb0d --- /dev/null +++ b/examples/e1.js @@ -0,0 +1,5 @@ +const cdx = require('../') + +let bom = new cdx.models.Bom() +bom.components.add( + new cdx.models.Component(cdx.enums.ComponentType.Library, 'myComponent')) From 3fb3fb78bdbb7ea857f58a69989a52672ca3ddf3 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Tue, 29 Mar 2022 20:30:53 +0200 Subject: [PATCH 019/233] tests Signed-off-by: Jan Kowalleck --- .gitignore | 3 +- .mocharc.js | 5 + .npmignore | 3 + package-lock.json | 1593 ++++++++++++++++- package.json | 5 +- {tests => test}/README.md | 0 .../integration/enums/HashAlogorithms.test.js | 3 + {tests => test}/testFoo.js | 0 test/unit/modules/Bom.spec.js | 42 + 9 files changed, 1650 insertions(+), 4 deletions(-) create mode 100644 .mocharc.js rename {tests => test}/README.md (100%) create mode 100644 test/integration/enums/HashAlogorithms.test.js rename {tests => test}/testFoo.js (100%) create mode 100644 test/unit/modules/Bom.spec.js diff --git a/.gitignore b/.gitignore index 0790dce15..a9d9a8d87 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,5 @@ - +/.*.cache/ +/report/ ### https://github.com/github/gitignore/blob/main/Node.gitignore diff --git a/.mocharc.js b/.mocharc.js new file mode 100644 index 000000000..ed7bfae99 --- /dev/null +++ b/.mocharc.js @@ -0,0 +1,5 @@ +module.exports = { +// mocha config +// read: https://mochajs.org/#configuring-mocha-nodejs + recursive: true, +} diff --git a/.npmignore b/.npmignore index 116aaf400..4011776ac 100644 --- a/.npmignore +++ b/.npmignore @@ -164,3 +164,6 @@ dist !/tsconfig.json /tests/ /examples/ + +/.*.cache/ +/report/ diff --git a/package-lock.json b/package-lock.json index ce26fe746..ab7244896 100644 --- a/package-lock.json +++ b/package-lock.json @@ -11,7 +11,677 @@ "packageurl-js": "^0.0.5" }, "devDependencies": { - "typescript": "^4.6" + "mocha": "9.2.2", + "typescript": "4.6.3" + } + }, + "node_modules/@ungap/promise-all-settled": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/@ungap/promise-all-settled/-/promise-all-settled-1.1.2.tgz", + "integrity": "sha512-sL/cEvJWAnClXw0wHk85/2L0G6Sj8UB0Ctc1TEMbKSsmpRosqhwj9gWgFRZSrBr2f9tiXISwNhCPmlfqUqyb9Q==", + "dev": true + }, + "node_modules/ansi-colors": { + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/ansi-colors/-/ansi-colors-4.1.1.tgz", + "integrity": "sha512-JoX0apGbHaUJBNl6yF+p6JAFYZ666/hhCGKN5t9QFjbJQKUU/g8MNbFDbvfrgKXvI1QpZplPOnwIo99lX/AAmA==", + "dev": true, + "engines": { + "node": ">=6" + } + }, + "node_modules/ansi-regex": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", + "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==", + "dev": true, + "engines": { + "node": ">=8" + } + }, + "node_modules/ansi-styles": { + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz", + "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==", + "dev": true, + "dependencies": { + "color-convert": "^2.0.1" + }, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/chalk/ansi-styles?sponsor=1" + } + }, + "node_modules/anymatch": { + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/anymatch/-/anymatch-3.1.2.tgz", + "integrity": "sha512-P43ePfOAIupkguHUycrc4qJ9kz8ZiuOUijaETwX7THt0Y/GNK7v0aa8rY816xWjZ7rJdA5XdMcpVFTKMq+RvWg==", + "dev": true, + "dependencies": { + "normalize-path": "^3.0.0", + "picomatch": "^2.0.4" + }, + "engines": { + "node": ">= 8" + } + }, + "node_modules/argparse": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz", + "integrity": "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==", + "dev": true + }, + "node_modules/balanced-match": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz", + "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==", + "dev": true + }, + "node_modules/binary-extensions": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.2.0.tgz", + "integrity": "sha512-jDctJ/IVQbZoJykoeHbhXpOlNBqGNcwXJKJog42E5HDPUwQTSdjCHdihjj0DlnheQ7blbT6dHOafNAiS8ooQKA==", + "dev": true, + "engines": { + "node": ">=8" + } + }, + "node_modules/brace-expansion": { + "version": "1.1.11", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==", + "dev": true, + "dependencies": { + "balanced-match": "^1.0.0", + "concat-map": "0.0.1" + } + }, + "node_modules/braces": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz", + "integrity": "sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==", + "dev": true, + "dependencies": { + "fill-range": "^7.0.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/browser-stdout": { + "version": "1.3.1", + "resolved": "https://registry.npmjs.org/browser-stdout/-/browser-stdout-1.3.1.tgz", + "integrity": "sha512-qhAVI1+Av2X7qelOfAIYwXONood6XlZE/fXaBSmW/T5SzLAmCgzi+eiWE7fUvbHaeNBQH13UftjpXxsfLkMpgw==", + "dev": true + }, + "node_modules/camelcase": { + "version": "6.3.0", + "resolved": "https://registry.npmjs.org/camelcase/-/camelcase-6.3.0.tgz", + "integrity": "sha512-Gmy6FhYlCY7uOElZUSbxo2UCDH8owEk996gkbrpsgGtrJLM3J7jGxl9Ic7Qwwj4ivOE5AWZWRMecDdF7hqGjFA==", + "dev": true, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/chalk": { + "version": "4.1.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", + "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", + "dev": true, + "dependencies": { + "ansi-styles": "^4.1.0", + "supports-color": "^7.1.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/chalk?sponsor=1" + } + }, + "node_modules/chalk/node_modules/supports-color": { + "version": "7.2.0", + "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", + "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==", + "dev": true, + "dependencies": { + "has-flag": "^4.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/chokidar": { + "version": "3.5.3", + "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-3.5.3.tgz", + "integrity": "sha512-Dr3sfKRP6oTcjf2JmUmFJfeVMvXBdegxB0iVQ5eb2V10uFJUCAS8OByZdVAyVb8xXNz3GjjTgj9kLWsZTqE6kw==", + "dev": true, + "funding": [ + { + "type": "individual", + "url": "https://paulmillr.com/funding/" + } + ], + "dependencies": { + "anymatch": "~3.1.2", + "braces": "~3.0.2", + "glob-parent": "~5.1.2", + "is-binary-path": "~2.1.0", + "is-glob": "~4.0.1", + "normalize-path": "~3.0.0", + "readdirp": "~3.6.0" + }, + "engines": { + "node": ">= 8.10.0" + }, + "optionalDependencies": { + "fsevents": "~2.3.2" + } + }, + "node_modules/cliui": { + "version": "7.0.4", + "resolved": "https://registry.npmjs.org/cliui/-/cliui-7.0.4.tgz", + "integrity": "sha512-OcRE68cOsVMXp1Yvonl/fzkQOyjLSu/8bhPDfQt0e0/Eb283TKP20Fs2MqoPsr9SwA595rRCA+QMzYc9nBP+JQ==", + "dev": true, + "dependencies": { + "string-width": "^4.2.0", + "strip-ansi": "^6.0.0", + "wrap-ansi": "^7.0.0" + } + }, + "node_modules/color-convert": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz", + "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==", + "dev": true, + "dependencies": { + "color-name": "~1.1.4" + }, + "engines": { + "node": ">=7.0.0" + } + }, + "node_modules/color-name": { + "version": "1.1.4", + "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz", + "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==", + "dev": true + }, + "node_modules/concat-map": { + "version": "0.0.1", + "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz", + "integrity": "sha1-2Klr13/Wjfd5OnMDajug1UBdR3s=", + "dev": true + }, + "node_modules/debug": { + "version": "4.3.3", + "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.3.tgz", + "integrity": "sha512-/zxw5+vh1Tfv+4Qn7a5nsbcJKPaSvCDhojn6FEl9vupwK2VCSDtEiEtqr8DFtzYFOdz63LBkxec7DYuc2jon6Q==", + "dev": true, + "dependencies": { + "ms": "2.1.2" + }, + "engines": { + "node": ">=6.0" + }, + "peerDependenciesMeta": { + "supports-color": { + "optional": true + } + } + }, + "node_modules/debug/node_modules/ms": { + "version": "2.1.2", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==", + "dev": true + }, + "node_modules/decamelize": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/decamelize/-/decamelize-4.0.0.tgz", + "integrity": "sha512-9iE1PgSik9HeIIw2JO94IidnE3eBoQrFJ3w7sFuzSX4DpmZ3v5sZpUiV5Swcf6mQEF+Y0ru8Neo+p+nyh2J+hQ==", + "dev": true, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/diff": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/diff/-/diff-5.0.0.tgz", + "integrity": "sha512-/VTCrvm5Z0JGty/BWHljh+BAiw3IK+2j87NGMu8Nwc/f48WoDAC395uomO9ZD117ZOBaHmkX1oyLvkVM/aIT3w==", + "dev": true, + "engines": { + "node": ">=0.3.1" + } + }, + "node_modules/emoji-regex": { + "version": "8.0.0", + "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz", + "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==", + "dev": true + }, + "node_modules/escalade": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/escalade/-/escalade-3.1.1.tgz", + "integrity": "sha512-k0er2gUkLf8O0zKJiAhmkTnJlTvINGv7ygDNPbeIsX/TJjGJZHuh9B2UxbsaEkmlEo9MfhrSzmhIlhRlI2GXnw==", + "dev": true, + "engines": { + "node": ">=6" + } + }, + "node_modules/escape-string-regexp": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-4.0.0.tgz", + "integrity": "sha512-TtpcNJ3XAzx3Gq8sWRzJaVajRs0uVxA2YAkdb1jm2YkPz4G6egUFAyA3n5vtEIZefPk5Wa4UXbKuS5fKkJWdgA==", + "dev": true, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/fill-range": { + "version": "7.0.1", + "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz", + "integrity": "sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==", + "dev": true, + "dependencies": { + "to-regex-range": "^5.0.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/find-up": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/find-up/-/find-up-5.0.0.tgz", + "integrity": "sha512-78/PXT1wlLLDgTzDs7sjq9hzz0vXD+zn+7wypEe4fXQxCmdmqfGsEPQxmiCSQI3ajFV91bVSsvNtrJRiW6nGng==", + "dev": true, + "dependencies": { + "locate-path": "^6.0.0", + "path-exists": "^4.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/flat": { + "version": "5.0.2", + "resolved": "https://registry.npmjs.org/flat/-/flat-5.0.2.tgz", + "integrity": "sha512-b6suED+5/3rTpUBdG1gupIl8MPFCAMA0QXwmljLhvCUKcUvdE4gWky9zpuGCcXHOsz4J9wPGNWq6OKpmIzz3hQ==", + "dev": true, + "bin": { + "flat": "cli.js" + } + }, + "node_modules/fs.realpath": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz", + "integrity": "sha1-FQStJSMVjKpA20onh8sBQRmU6k8=", + "dev": true + }, + "node_modules/fsevents": { + "version": "2.3.2", + "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.2.tgz", + "integrity": "sha512-xiqMQR4xAeHTuB9uWm+fFRcIOgKBMiOBP+eXiyT7jsgVCq1bkVygt00oASowB7EdtpOHaaPgKt812P9ab+DDKA==", + "dev": true, + "hasInstallScript": true, + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": "^8.16.0 || ^10.6.0 || >=11.0.0" + } + }, + "node_modules/get-caller-file": { + "version": "2.0.5", + "resolved": "https://registry.npmjs.org/get-caller-file/-/get-caller-file-2.0.5.tgz", + "integrity": "sha512-DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg==", + "dev": true, + "engines": { + "node": "6.* || 8.* || >= 10.*" + } + }, + "node_modules/glob": { + "version": "7.2.0", + "resolved": "https://registry.npmjs.org/glob/-/glob-7.2.0.tgz", + "integrity": "sha512-lmLf6gtyrPq8tTjSmrO94wBeQbFR3HbLHbuyD69wuyQkImp2hWqMGB47OX65FBkPffO641IP9jWa1z4ivqG26Q==", + "dev": true, + "dependencies": { + "fs.realpath": "^1.0.0", + "inflight": "^1.0.4", + "inherits": "2", + "minimatch": "^3.0.4", + "once": "^1.3.0", + "path-is-absolute": "^1.0.0" + }, + "engines": { + "node": "*" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + } + }, + "node_modules/glob-parent": { + "version": "5.1.2", + "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz", + "integrity": "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==", + "dev": true, + "dependencies": { + "is-glob": "^4.0.1" + }, + "engines": { + "node": ">= 6" + } + }, + "node_modules/glob/node_modules/minimatch": { + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==", + "dev": true, + "dependencies": { + "brace-expansion": "^1.1.7" + }, + "engines": { + "node": "*" + } + }, + "node_modules/growl": { + "version": "1.10.5", + "resolved": "https://registry.npmjs.org/growl/-/growl-1.10.5.tgz", + "integrity": "sha512-qBr4OuELkhPenW6goKVXiv47US3clb3/IbuWF9KNKEijAy9oeHxU9IgzjvJhHkUzhaj7rOUD7+YGWqUjLp5oSA==", + "dev": true, + "engines": { + "node": ">=4.x" + } + }, + "node_modules/has-flag": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz", + "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==", + "dev": true, + "engines": { + "node": ">=8" + } + }, + "node_modules/he": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/he/-/he-1.2.0.tgz", + "integrity": "sha512-F/1DnUGPopORZi0ni+CvrCgHQ5FyEAHRLSApuYWMmrbSwoN2Mn/7k+Gl38gJnR7yyDZk6WLXwiGod1JOWNDKGw==", + "dev": true, + "bin": { + "he": "bin/he" + } + }, + "node_modules/inflight": { + "version": "1.0.6", + "resolved": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz", + "integrity": "sha1-Sb1jMdfQLQwJvJEKEHW6gWW1bfk=", + "dev": true, + "dependencies": { + "once": "^1.3.0", + "wrappy": "1" + } + }, + "node_modules/inherits": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", + "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==", + "dev": true + }, + "node_modules/is-binary-path": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/is-binary-path/-/is-binary-path-2.1.0.tgz", + "integrity": "sha512-ZMERYes6pDydyuGidse7OsHxtbI7WVeUEozgR/g7rd0xUimYNlvZRE/K2MgZTjWy725IfelLeVcEM97mmtRGXw==", + "dev": true, + "dependencies": { + "binary-extensions": "^2.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/is-extglob": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz", + "integrity": "sha1-qIwCU1eR8C7TfHahueqXc8gz+MI=", + "dev": true, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/is-fullwidth-code-point": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz", + "integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==", + "dev": true, + "engines": { + "node": ">=8" + } + }, + "node_modules/is-glob": { + "version": "4.0.3", + "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz", + "integrity": "sha512-xelSayHH36ZgE7ZWhli7pW34hNbNl8Ojv5KVmkJD4hBdD3th8Tfk9vYasLM+mXWOZhFkgZfxhLSnrwRr4elSSg==", + "dev": true, + "dependencies": { + "is-extglob": "^2.1.1" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/is-number": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz", + "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==", + "dev": true, + "engines": { + "node": ">=0.12.0" + } + }, + "node_modules/is-plain-obj": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/is-plain-obj/-/is-plain-obj-2.1.0.tgz", + "integrity": "sha512-YWnfyRwxL/+SsrWYfOpUtz5b3YD+nyfkHvjbcanzk8zgyO4ASD67uVMRt8k5bM4lLMDnXfriRhOpemw+NfT1eA==", + "dev": true, + "engines": { + "node": ">=8" + } + }, + "node_modules/is-unicode-supported": { + "version": "0.1.0", + "resolved": "https://registry.npmjs.org/is-unicode-supported/-/is-unicode-supported-0.1.0.tgz", + "integrity": "sha512-knxG2q4UC3u8stRGyAVJCOdxFmv5DZiRcdlIaAQXAbSfJya+OhopNotLQrstBhququ4ZpuKbDc/8S6mgXgPFPw==", + "dev": true, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/isexe": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz", + "integrity": "sha1-6PvzdNxVb/iUehDcsFctYz8s+hA=", + "dev": true + }, + "node_modules/js-yaml": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz", + "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==", + "dev": true, + "dependencies": { + "argparse": "^2.0.1" + }, + "bin": { + "js-yaml": "bin/js-yaml.js" + } + }, + "node_modules/locate-path": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-6.0.0.tgz", + "integrity": "sha512-iPZK6eYjbxRu3uB4/WZ3EsEIMJFMqAoopl3R+zuq0UjcAm/MO6KCweDgPfP3elTztoKP3KtnVHxTn2NHBSDVUw==", + "dev": true, + "dependencies": { + "p-locate": "^5.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/log-symbols": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/log-symbols/-/log-symbols-4.1.0.tgz", + "integrity": "sha512-8XPvpAA8uyhfteu8pIvQxpJZ7SYYdpUivZpGy6sFsBuKRY/7rQGavedeB8aK+Zkyq6upMFVL/9AW6vOYzfRyLg==", + "dev": true, + "dependencies": { + "chalk": "^4.1.0", + "is-unicode-supported": "^0.1.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/minimatch": { + "version": "4.2.1", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-4.2.1.tgz", + "integrity": "sha512-9Uq1ChtSZO+Mxa/CL1eGizn2vRn3MlLgzhT0Iz8zaY8NdvxvB0d5QdPFmCKf7JKA9Lerx5vRrnwO03jsSfGG9g==", + "dev": true, + "dependencies": { + "brace-expansion": "^1.1.7" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/mocha": { + "version": "9.2.2", + "resolved": "https://registry.npmjs.org/mocha/-/mocha-9.2.2.tgz", + "integrity": "sha512-L6XC3EdwT6YrIk0yXpavvLkn8h+EU+Y5UcCHKECyMbdUIxyMuZj4bX4U9e1nvnvUUvQVsV2VHQr5zLdcUkhW/g==", + "dev": true, + "dependencies": { + "@ungap/promise-all-settled": "1.1.2", + "ansi-colors": "4.1.1", + "browser-stdout": "1.3.1", + "chokidar": "3.5.3", + "debug": "4.3.3", + "diff": "5.0.0", + "escape-string-regexp": "4.0.0", + "find-up": "5.0.0", + "glob": "7.2.0", + "growl": "1.10.5", + "he": "1.2.0", + "js-yaml": "4.1.0", + "log-symbols": "4.1.0", + "minimatch": "4.2.1", + "ms": "2.1.3", + "nanoid": "3.3.1", + "serialize-javascript": "6.0.0", + "strip-json-comments": "3.1.1", + "supports-color": "8.1.1", + "which": "2.0.2", + "workerpool": "6.2.0", + "yargs": "16.2.0", + "yargs-parser": "20.2.4", + "yargs-unparser": "2.0.0" + }, + "bin": { + "_mocha": "bin/_mocha", + "mocha": "bin/mocha" + }, + "engines": { + "node": ">= 12.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/mochajs" + } + }, + "node_modules/ms": { + "version": "2.1.3", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", + "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==", + "dev": true + }, + "node_modules/nanoid": { + "version": "3.3.1", + "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.1.tgz", + "integrity": "sha512-n6Vs/3KGyxPQd6uO0eH4Bv0ojGSUvuLlIHtC3Y0kEO23YRge8H9x1GCzLn28YX0H66pMkxuaeESFq4tKISKwdw==", + "dev": true, + "bin": { + "nanoid": "bin/nanoid.cjs" + }, + "engines": { + "node": "^10 || ^12 || ^13.7 || ^14 || >=15.0.1" + } + }, + "node_modules/normalize-path": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/normalize-path/-/normalize-path-3.0.0.tgz", + "integrity": "sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA==", + "dev": true, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/once": { + "version": "1.4.0", + "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz", + "integrity": "sha1-WDsap3WWHUsROsF9nFC6753Xa9E=", + "dev": true, + "dependencies": { + "wrappy": "1" + } + }, + "node_modules/p-limit": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-3.1.0.tgz", + "integrity": "sha512-TYOanM3wGwNGsZN2cVTYPArw454xnXj5qmWF1bEoAc4+cU/ol7GVh7odevjp1FNHduHc3KZMcFduxU5Xc6uJRQ==", + "dev": true, + "dependencies": { + "yocto-queue": "^0.1.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/p-locate": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-5.0.0.tgz", + "integrity": "sha512-LaNjtRWUBY++zB5nE/NwcaoMylSPk+S+ZHNB1TzdbMJMny6dynpAGt7X/tl/QYq3TIeE6nxHppbo2LGymrG5Pw==", + "dev": true, + "dependencies": { + "p-limit": "^3.0.2" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" } }, "node_modules/packageurl-js": { @@ -19,6 +689,160 @@ "resolved": "https://registry.npmjs.org/packageurl-js/-/packageurl-js-0.0.5.tgz", "integrity": "sha512-BISQVKLiu7EsWF5Qhx8OvX6K5vOfFcYuQBggFfrF2dHu+/Z2snuabilb0EyLvHZH0XXqbEz20pqFRonTt8z6QA==" }, + "node_modules/path-exists": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz", + "integrity": "sha512-ak9Qy5Q7jYb2Wwcey5Fpvg2KoAc/ZIhLSLOSBmRmygPsGwkVVt0fZa0qrtMz+m6tJTAHfZQ8FnmB4MG4LWy7/w==", + "dev": true, + "engines": { + "node": ">=8" + } + }, + "node_modules/path-is-absolute": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz", + "integrity": "sha1-F0uSaHNVNP+8es5r9TpanhtcX18=", + "dev": true, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/picomatch": { + "version": "2.3.1", + "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz", + "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==", + "dev": true, + "engines": { + "node": ">=8.6" + }, + "funding": { + "url": "https://github.com/sponsors/jonschlinkert" + } + }, + "node_modules/randombytes": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/randombytes/-/randombytes-2.1.0.tgz", + "integrity": "sha512-vYl3iOX+4CKUWuxGi9Ukhie6fsqXqS9FE2Zaic4tNFD2N2QQaXOMFbuKK4QmDHC0JO6B1Zp41J0LpT0oR68amQ==", + "dev": true, + "dependencies": { + "safe-buffer": "^5.1.0" + } + }, + "node_modules/readdirp": { + "version": "3.6.0", + "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-3.6.0.tgz", + "integrity": "sha512-hOS089on8RduqdbhvQ5Z37A0ESjsqz6qnRcffsMU3495FuTdqSm+7bhJ29JvIOsBDEEnan5DPu9t3To9VRlMzA==", + "dev": true, + "dependencies": { + "picomatch": "^2.2.1" + }, + "engines": { + "node": ">=8.10.0" + } + }, + "node_modules/require-directory": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz", + "integrity": "sha1-jGStX9MNqxyXbiNE/+f3kqam30I=", + "dev": true, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/safe-buffer": { + "version": "5.2.1", + "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz", + "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==", + "dev": true, + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/feross" + }, + { + "type": "patreon", + "url": "https://www.patreon.com/feross" + }, + { + "type": "consulting", + "url": "https://feross.org/support" + } + ] + }, + "node_modules/serialize-javascript": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-6.0.0.tgz", + "integrity": "sha512-Qr3TosvguFt8ePWqsvRfrKyQXIiW+nGbYpy8XK24NQHE83caxWt+mIymTT19DGFbNWNLfEwsrkSmN64lVWB9ag==", + "dev": true, + "dependencies": { + "randombytes": "^2.1.0" + } + }, + "node_modules/string-width": { + "version": "4.2.3", + "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", + "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==", + "dev": true, + "dependencies": { + "emoji-regex": "^8.0.0", + "is-fullwidth-code-point": "^3.0.0", + "strip-ansi": "^6.0.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/strip-ansi": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", + "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==", + "dev": true, + "dependencies": { + "ansi-regex": "^5.0.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/strip-json-comments": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-3.1.1.tgz", + "integrity": "sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig==", + "dev": true, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/supports-color": { + "version": "8.1.1", + "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-8.1.1.tgz", + "integrity": "sha512-MpUEN2OodtUzxvKQl72cUF7RQ5EiHsGvSsVG0ia9c5RbWGL2CI4C7EpPS8UTBIplnlzZiNuV56w+FuNxy3ty2Q==", + "dev": true, + "dependencies": { + "has-flag": "^4.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/supports-color?sponsor=1" + } + }, + "node_modules/to-regex-range": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz", + "integrity": "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==", + "dev": true, + "dependencies": { + "is-number": "^7.0.0" + }, + "engines": { + "node": ">=8.0" + } + }, "node_modules/typescript": { "version": "4.6.3", "resolved": "https://registry.npmjs.org/typescript/-/typescript-4.6.3.tgz", @@ -31,19 +855,786 @@ "engines": { "node": ">=4.2.0" } + }, + "node_modules/which": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/which/-/which-2.0.2.tgz", + "integrity": "sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA==", + "dev": true, + "dependencies": { + "isexe": "^2.0.0" + }, + "bin": { + "node-which": "bin/node-which" + }, + "engines": { + "node": ">= 8" + } + }, + "node_modules/workerpool": { + "version": "6.2.0", + "resolved": "https://registry.npmjs.org/workerpool/-/workerpool-6.2.0.tgz", + "integrity": "sha512-Rsk5qQHJ9eowMH28Jwhe8HEbmdYDX4lwoMWshiCXugjtHqMD9ZbiqSDLxcsfdqsETPzVUtX5s1Z5kStiIM6l4A==", + "dev": true + }, + "node_modules/wrap-ansi": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz", + "integrity": "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==", + "dev": true, + "dependencies": { + "ansi-styles": "^4.0.0", + "string-width": "^4.1.0", + "strip-ansi": "^6.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/wrap-ansi?sponsor=1" + } + }, + "node_modules/wrappy": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz", + "integrity": "sha1-tSQ9jz7BqjXxNkYFvA0QNuMKtp8=", + "dev": true + }, + "node_modules/y18n": { + "version": "5.0.8", + "resolved": "https://registry.npmjs.org/y18n/-/y18n-5.0.8.tgz", + "integrity": "sha512-0pfFzegeDWJHJIAmTLRP2DwHjdF5s7jo9tuztdQxAhINCdvS+3nGINqPd00AphqJR/0LhANUS6/+7SCb98YOfA==", + "dev": true, + "engines": { + "node": ">=10" + } + }, + "node_modules/yargs": { + "version": "16.2.0", + "resolved": "https://registry.npmjs.org/yargs/-/yargs-16.2.0.tgz", + "integrity": "sha512-D1mvvtDG0L5ft/jGWkLpG1+m0eQxOfaBvTNELraWj22wSVUMWxZUvYgJYcKh6jGGIkJFhH4IZPQhR4TKpc8mBw==", + "dev": true, + "dependencies": { + "cliui": "^7.0.2", + "escalade": "^3.1.1", + "get-caller-file": "^2.0.5", + "require-directory": "^2.1.1", + "string-width": "^4.2.0", + "y18n": "^5.0.5", + "yargs-parser": "^20.2.2" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/yargs-parser": { + "version": "20.2.4", + "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-20.2.4.tgz", + "integrity": "sha512-WOkpgNhPTlE73h4VFAFsOnomJVaovO8VqLDzy5saChRBFQFBoMYirowyW+Q9HB4HFF4Z7VZTiG3iSzJJA29yRA==", + "dev": true, + "engines": { + "node": ">=10" + } + }, + "node_modules/yargs-unparser": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/yargs-unparser/-/yargs-unparser-2.0.0.tgz", + "integrity": "sha512-7pRTIA9Qc1caZ0bZ6RYRGbHJthJWuakf+WmHK0rVeLkNrrGhfoabBNdue6kdINI6r4if7ocq9aD/n7xwKOdzOA==", + "dev": true, + "dependencies": { + "camelcase": "^6.0.0", + "decamelize": "^4.0.0", + "flat": "^5.0.2", + "is-plain-obj": "^2.1.0" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/yocto-queue": { + "version": "0.1.0", + "resolved": "https://registry.npmjs.org/yocto-queue/-/yocto-queue-0.1.0.tgz", + "integrity": "sha512-rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q==", + "dev": true, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } } }, "dependencies": { + "@ungap/promise-all-settled": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/@ungap/promise-all-settled/-/promise-all-settled-1.1.2.tgz", + "integrity": "sha512-sL/cEvJWAnClXw0wHk85/2L0G6Sj8UB0Ctc1TEMbKSsmpRosqhwj9gWgFRZSrBr2f9tiXISwNhCPmlfqUqyb9Q==", + "dev": true + }, + "ansi-colors": { + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/ansi-colors/-/ansi-colors-4.1.1.tgz", + "integrity": "sha512-JoX0apGbHaUJBNl6yF+p6JAFYZ666/hhCGKN5t9QFjbJQKUU/g8MNbFDbvfrgKXvI1QpZplPOnwIo99lX/AAmA==", + "dev": true + }, + "ansi-regex": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", + "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==", + "dev": true + }, + "ansi-styles": { + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz", + "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==", + "dev": true, + "requires": { + "color-convert": "^2.0.1" + } + }, + "anymatch": { + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/anymatch/-/anymatch-3.1.2.tgz", + "integrity": "sha512-P43ePfOAIupkguHUycrc4qJ9kz8ZiuOUijaETwX7THt0Y/GNK7v0aa8rY816xWjZ7rJdA5XdMcpVFTKMq+RvWg==", + "dev": true, + "requires": { + "normalize-path": "^3.0.0", + "picomatch": "^2.0.4" + } + }, + "argparse": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz", + "integrity": "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==", + "dev": true + }, + "balanced-match": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz", + "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==", + "dev": true + }, + "binary-extensions": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.2.0.tgz", + "integrity": "sha512-jDctJ/IVQbZoJykoeHbhXpOlNBqGNcwXJKJog42E5HDPUwQTSdjCHdihjj0DlnheQ7blbT6dHOafNAiS8ooQKA==", + "dev": true + }, + "brace-expansion": { + "version": "1.1.11", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==", + "dev": true, + "requires": { + "balanced-match": "^1.0.0", + "concat-map": "0.0.1" + } + }, + "braces": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz", + "integrity": "sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==", + "dev": true, + "requires": { + "fill-range": "^7.0.1" + } + }, + "browser-stdout": { + "version": "1.3.1", + "resolved": "https://registry.npmjs.org/browser-stdout/-/browser-stdout-1.3.1.tgz", + "integrity": "sha512-qhAVI1+Av2X7qelOfAIYwXONood6XlZE/fXaBSmW/T5SzLAmCgzi+eiWE7fUvbHaeNBQH13UftjpXxsfLkMpgw==", + "dev": true + }, + "camelcase": { + "version": "6.3.0", + "resolved": "https://registry.npmjs.org/camelcase/-/camelcase-6.3.0.tgz", + "integrity": "sha512-Gmy6FhYlCY7uOElZUSbxo2UCDH8owEk996gkbrpsgGtrJLM3J7jGxl9Ic7Qwwj4ivOE5AWZWRMecDdF7hqGjFA==", + "dev": true + }, + "chalk": { + "version": "4.1.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", + "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", + "dev": true, + "requires": { + "ansi-styles": "^4.1.0", + "supports-color": "^7.1.0" + }, + "dependencies": { + "supports-color": { + "version": "7.2.0", + "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", + "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==", + "dev": true, + "requires": { + "has-flag": "^4.0.0" + } + } + } + }, + "chokidar": { + "version": "3.5.3", + "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-3.5.3.tgz", + "integrity": "sha512-Dr3sfKRP6oTcjf2JmUmFJfeVMvXBdegxB0iVQ5eb2V10uFJUCAS8OByZdVAyVb8xXNz3GjjTgj9kLWsZTqE6kw==", + "dev": true, + "requires": { + "anymatch": "~3.1.2", + "braces": "~3.0.2", + "fsevents": "~2.3.2", + "glob-parent": "~5.1.2", + "is-binary-path": "~2.1.0", + "is-glob": "~4.0.1", + "normalize-path": "~3.0.0", + "readdirp": "~3.6.0" + } + }, + "cliui": { + "version": "7.0.4", + "resolved": "https://registry.npmjs.org/cliui/-/cliui-7.0.4.tgz", + "integrity": "sha512-OcRE68cOsVMXp1Yvonl/fzkQOyjLSu/8bhPDfQt0e0/Eb283TKP20Fs2MqoPsr9SwA595rRCA+QMzYc9nBP+JQ==", + "dev": true, + "requires": { + "string-width": "^4.2.0", + "strip-ansi": "^6.0.0", + "wrap-ansi": "^7.0.0" + } + }, + "color-convert": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz", + "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==", + "dev": true, + "requires": { + "color-name": "~1.1.4" + } + }, + "color-name": { + "version": "1.1.4", + "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz", + "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==", + "dev": true + }, + "concat-map": { + "version": "0.0.1", + "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz", + "integrity": "sha1-2Klr13/Wjfd5OnMDajug1UBdR3s=", + "dev": true + }, + "debug": { + "version": "4.3.3", + "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.3.tgz", + "integrity": "sha512-/zxw5+vh1Tfv+4Qn7a5nsbcJKPaSvCDhojn6FEl9vupwK2VCSDtEiEtqr8DFtzYFOdz63LBkxec7DYuc2jon6Q==", + "dev": true, + "requires": { + "ms": "2.1.2" + }, + "dependencies": { + "ms": { + "version": "2.1.2", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==", + "dev": true + } + } + }, + "decamelize": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/decamelize/-/decamelize-4.0.0.tgz", + "integrity": "sha512-9iE1PgSik9HeIIw2JO94IidnE3eBoQrFJ3w7sFuzSX4DpmZ3v5sZpUiV5Swcf6mQEF+Y0ru8Neo+p+nyh2J+hQ==", + "dev": true + }, + "diff": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/diff/-/diff-5.0.0.tgz", + "integrity": "sha512-/VTCrvm5Z0JGty/BWHljh+BAiw3IK+2j87NGMu8Nwc/f48WoDAC395uomO9ZD117ZOBaHmkX1oyLvkVM/aIT3w==", + "dev": true + }, + "emoji-regex": { + "version": "8.0.0", + "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz", + "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==", + "dev": true + }, + "escalade": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/escalade/-/escalade-3.1.1.tgz", + "integrity": "sha512-k0er2gUkLf8O0zKJiAhmkTnJlTvINGv7ygDNPbeIsX/TJjGJZHuh9B2UxbsaEkmlEo9MfhrSzmhIlhRlI2GXnw==", + "dev": true + }, + "escape-string-regexp": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-4.0.0.tgz", + "integrity": "sha512-TtpcNJ3XAzx3Gq8sWRzJaVajRs0uVxA2YAkdb1jm2YkPz4G6egUFAyA3n5vtEIZefPk5Wa4UXbKuS5fKkJWdgA==", + "dev": true + }, + "fill-range": { + "version": "7.0.1", + "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz", + "integrity": "sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==", + "dev": true, + "requires": { + "to-regex-range": "^5.0.1" + } + }, + "find-up": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/find-up/-/find-up-5.0.0.tgz", + "integrity": "sha512-78/PXT1wlLLDgTzDs7sjq9hzz0vXD+zn+7wypEe4fXQxCmdmqfGsEPQxmiCSQI3ajFV91bVSsvNtrJRiW6nGng==", + "dev": true, + "requires": { + "locate-path": "^6.0.0", + "path-exists": "^4.0.0" + } + }, + "flat": { + "version": "5.0.2", + "resolved": "https://registry.npmjs.org/flat/-/flat-5.0.2.tgz", + "integrity": "sha512-b6suED+5/3rTpUBdG1gupIl8MPFCAMA0QXwmljLhvCUKcUvdE4gWky9zpuGCcXHOsz4J9wPGNWq6OKpmIzz3hQ==", + "dev": true + }, + "fs.realpath": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz", + "integrity": "sha1-FQStJSMVjKpA20onh8sBQRmU6k8=", + "dev": true + }, + "fsevents": { + "version": "2.3.2", + "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.2.tgz", + "integrity": "sha512-xiqMQR4xAeHTuB9uWm+fFRcIOgKBMiOBP+eXiyT7jsgVCq1bkVygt00oASowB7EdtpOHaaPgKt812P9ab+DDKA==", + "dev": true, + "optional": true + }, + "get-caller-file": { + "version": "2.0.5", + "resolved": "https://registry.npmjs.org/get-caller-file/-/get-caller-file-2.0.5.tgz", + "integrity": "sha512-DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg==", + "dev": true + }, + "glob": { + "version": "7.2.0", + "resolved": "https://registry.npmjs.org/glob/-/glob-7.2.0.tgz", + "integrity": "sha512-lmLf6gtyrPq8tTjSmrO94wBeQbFR3HbLHbuyD69wuyQkImp2hWqMGB47OX65FBkPffO641IP9jWa1z4ivqG26Q==", + "dev": true, + "requires": { + "fs.realpath": "^1.0.0", + "inflight": "^1.0.4", + "inherits": "2", + "minimatch": "^3.0.4", + "once": "^1.3.0", + "path-is-absolute": "^1.0.0" + }, + "dependencies": { + "minimatch": { + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==", + "dev": true, + "requires": { + "brace-expansion": "^1.1.7" + } + } + } + }, + "glob-parent": { + "version": "5.1.2", + "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz", + "integrity": "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==", + "dev": true, + "requires": { + "is-glob": "^4.0.1" + } + }, + "growl": { + "version": "1.10.5", + "resolved": "https://registry.npmjs.org/growl/-/growl-1.10.5.tgz", + "integrity": "sha512-qBr4OuELkhPenW6goKVXiv47US3clb3/IbuWF9KNKEijAy9oeHxU9IgzjvJhHkUzhaj7rOUD7+YGWqUjLp5oSA==", + "dev": true + }, + "has-flag": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz", + "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==", + "dev": true + }, + "he": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/he/-/he-1.2.0.tgz", + "integrity": "sha512-F/1DnUGPopORZi0ni+CvrCgHQ5FyEAHRLSApuYWMmrbSwoN2Mn/7k+Gl38gJnR7yyDZk6WLXwiGod1JOWNDKGw==", + "dev": true + }, + "inflight": { + "version": "1.0.6", + "resolved": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz", + "integrity": "sha1-Sb1jMdfQLQwJvJEKEHW6gWW1bfk=", + "dev": true, + "requires": { + "once": "^1.3.0", + "wrappy": "1" + } + }, + "inherits": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", + "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==", + "dev": true + }, + "is-binary-path": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/is-binary-path/-/is-binary-path-2.1.0.tgz", + "integrity": "sha512-ZMERYes6pDydyuGidse7OsHxtbI7WVeUEozgR/g7rd0xUimYNlvZRE/K2MgZTjWy725IfelLeVcEM97mmtRGXw==", + "dev": true, + "requires": { + "binary-extensions": "^2.0.0" + } + }, + "is-extglob": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz", + "integrity": "sha1-qIwCU1eR8C7TfHahueqXc8gz+MI=", + "dev": true + }, + "is-fullwidth-code-point": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz", + "integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==", + "dev": true + }, + "is-glob": { + "version": "4.0.3", + "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz", + "integrity": "sha512-xelSayHH36ZgE7ZWhli7pW34hNbNl8Ojv5KVmkJD4hBdD3th8Tfk9vYasLM+mXWOZhFkgZfxhLSnrwRr4elSSg==", + "dev": true, + "requires": { + "is-extglob": "^2.1.1" + } + }, + "is-number": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz", + "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==", + "dev": true + }, + "is-plain-obj": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/is-plain-obj/-/is-plain-obj-2.1.0.tgz", + "integrity": "sha512-YWnfyRwxL/+SsrWYfOpUtz5b3YD+nyfkHvjbcanzk8zgyO4ASD67uVMRt8k5bM4lLMDnXfriRhOpemw+NfT1eA==", + "dev": true + }, + "is-unicode-supported": { + "version": "0.1.0", + "resolved": "https://registry.npmjs.org/is-unicode-supported/-/is-unicode-supported-0.1.0.tgz", + "integrity": "sha512-knxG2q4UC3u8stRGyAVJCOdxFmv5DZiRcdlIaAQXAbSfJya+OhopNotLQrstBhququ4ZpuKbDc/8S6mgXgPFPw==", + "dev": true + }, + "isexe": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz", + "integrity": "sha1-6PvzdNxVb/iUehDcsFctYz8s+hA=", + "dev": true + }, + "js-yaml": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz", + "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==", + "dev": true, + "requires": { + "argparse": "^2.0.1" + } + }, + "locate-path": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-6.0.0.tgz", + "integrity": "sha512-iPZK6eYjbxRu3uB4/WZ3EsEIMJFMqAoopl3R+zuq0UjcAm/MO6KCweDgPfP3elTztoKP3KtnVHxTn2NHBSDVUw==", + "dev": true, + "requires": { + "p-locate": "^5.0.0" + } + }, + "log-symbols": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/log-symbols/-/log-symbols-4.1.0.tgz", + "integrity": "sha512-8XPvpAA8uyhfteu8pIvQxpJZ7SYYdpUivZpGy6sFsBuKRY/7rQGavedeB8aK+Zkyq6upMFVL/9AW6vOYzfRyLg==", + "dev": true, + "requires": { + "chalk": "^4.1.0", + "is-unicode-supported": "^0.1.0" + } + }, + "minimatch": { + "version": "4.2.1", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-4.2.1.tgz", + "integrity": "sha512-9Uq1ChtSZO+Mxa/CL1eGizn2vRn3MlLgzhT0Iz8zaY8NdvxvB0d5QdPFmCKf7JKA9Lerx5vRrnwO03jsSfGG9g==", + "dev": true, + "requires": { + "brace-expansion": "^1.1.7" + } + }, + "mocha": { + "version": "9.2.2", + "resolved": "https://registry.npmjs.org/mocha/-/mocha-9.2.2.tgz", + "integrity": "sha512-L6XC3EdwT6YrIk0yXpavvLkn8h+EU+Y5UcCHKECyMbdUIxyMuZj4bX4U9e1nvnvUUvQVsV2VHQr5zLdcUkhW/g==", + "dev": true, + "requires": { + "@ungap/promise-all-settled": "1.1.2", + "ansi-colors": "4.1.1", + "browser-stdout": "1.3.1", + "chokidar": "3.5.3", + "debug": "4.3.3", + "diff": "5.0.0", + "escape-string-regexp": "4.0.0", + "find-up": "5.0.0", + "glob": "7.2.0", + "growl": "1.10.5", + "he": "1.2.0", + "js-yaml": "4.1.0", + "log-symbols": "4.1.0", + "minimatch": "4.2.1", + "ms": "2.1.3", + "nanoid": "3.3.1", + "serialize-javascript": "6.0.0", + "strip-json-comments": "3.1.1", + "supports-color": "8.1.1", + "which": "2.0.2", + "workerpool": "6.2.0", + "yargs": "16.2.0", + "yargs-parser": "20.2.4", + "yargs-unparser": "2.0.0" + } + }, + "ms": { + "version": "2.1.3", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", + "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==", + "dev": true + }, + "nanoid": { + "version": "3.3.1", + "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.1.tgz", + "integrity": "sha512-n6Vs/3KGyxPQd6uO0eH4Bv0ojGSUvuLlIHtC3Y0kEO23YRge8H9x1GCzLn28YX0H66pMkxuaeESFq4tKISKwdw==", + "dev": true + }, + "normalize-path": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/normalize-path/-/normalize-path-3.0.0.tgz", + "integrity": "sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA==", + "dev": true + }, + "once": { + "version": "1.4.0", + "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz", + "integrity": "sha1-WDsap3WWHUsROsF9nFC6753Xa9E=", + "dev": true, + "requires": { + "wrappy": "1" + } + }, + "p-limit": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-3.1.0.tgz", + "integrity": "sha512-TYOanM3wGwNGsZN2cVTYPArw454xnXj5qmWF1bEoAc4+cU/ol7GVh7odevjp1FNHduHc3KZMcFduxU5Xc6uJRQ==", + "dev": true, + "requires": { + "yocto-queue": "^0.1.0" + } + }, + "p-locate": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-5.0.0.tgz", + "integrity": "sha512-LaNjtRWUBY++zB5nE/NwcaoMylSPk+S+ZHNB1TzdbMJMny6dynpAGt7X/tl/QYq3TIeE6nxHppbo2LGymrG5Pw==", + "dev": true, + "requires": { + "p-limit": "^3.0.2" + } + }, "packageurl-js": { "version": "0.0.5", "resolved": "https://registry.npmjs.org/packageurl-js/-/packageurl-js-0.0.5.tgz", "integrity": "sha512-BISQVKLiu7EsWF5Qhx8OvX6K5vOfFcYuQBggFfrF2dHu+/Z2snuabilb0EyLvHZH0XXqbEz20pqFRonTt8z6QA==" }, + "path-exists": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz", + "integrity": "sha512-ak9Qy5Q7jYb2Wwcey5Fpvg2KoAc/ZIhLSLOSBmRmygPsGwkVVt0fZa0qrtMz+m6tJTAHfZQ8FnmB4MG4LWy7/w==", + "dev": true + }, + "path-is-absolute": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz", + "integrity": "sha1-F0uSaHNVNP+8es5r9TpanhtcX18=", + "dev": true + }, + "picomatch": { + "version": "2.3.1", + "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz", + "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==", + "dev": true + }, + "randombytes": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/randombytes/-/randombytes-2.1.0.tgz", + "integrity": "sha512-vYl3iOX+4CKUWuxGi9Ukhie6fsqXqS9FE2Zaic4tNFD2N2QQaXOMFbuKK4QmDHC0JO6B1Zp41J0LpT0oR68amQ==", + "dev": true, + "requires": { + "safe-buffer": "^5.1.0" + } + }, + "readdirp": { + "version": "3.6.0", + "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-3.6.0.tgz", + "integrity": "sha512-hOS089on8RduqdbhvQ5Z37A0ESjsqz6qnRcffsMU3495FuTdqSm+7bhJ29JvIOsBDEEnan5DPu9t3To9VRlMzA==", + "dev": true, + "requires": { + "picomatch": "^2.2.1" + } + }, + "require-directory": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz", + "integrity": "sha1-jGStX9MNqxyXbiNE/+f3kqam30I=", + "dev": true + }, + "safe-buffer": { + "version": "5.2.1", + "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz", + "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==", + "dev": true + }, + "serialize-javascript": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-6.0.0.tgz", + "integrity": "sha512-Qr3TosvguFt8ePWqsvRfrKyQXIiW+nGbYpy8XK24NQHE83caxWt+mIymTT19DGFbNWNLfEwsrkSmN64lVWB9ag==", + "dev": true, + "requires": { + "randombytes": "^2.1.0" + } + }, + "string-width": { + "version": "4.2.3", + "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", + "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==", + "dev": true, + "requires": { + "emoji-regex": "^8.0.0", + "is-fullwidth-code-point": "^3.0.0", + "strip-ansi": "^6.0.1" + } + }, + "strip-ansi": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", + "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==", + "dev": true, + "requires": { + "ansi-regex": "^5.0.1" + } + }, + "strip-json-comments": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-3.1.1.tgz", + "integrity": "sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig==", + "dev": true + }, + "supports-color": { + "version": "8.1.1", + "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-8.1.1.tgz", + "integrity": "sha512-MpUEN2OodtUzxvKQl72cUF7RQ5EiHsGvSsVG0ia9c5RbWGL2CI4C7EpPS8UTBIplnlzZiNuV56w+FuNxy3ty2Q==", + "dev": true, + "requires": { + "has-flag": "^4.0.0" + } + }, + "to-regex-range": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz", + "integrity": "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==", + "dev": true, + "requires": { + "is-number": "^7.0.0" + } + }, "typescript": { "version": "4.6.3", "resolved": "https://registry.npmjs.org/typescript/-/typescript-4.6.3.tgz", "integrity": "sha512-yNIatDa5iaofVozS/uQJEl3JRWLKKGJKh6Yaiv0GLGSuhpFJe7P3SbHZ8/yjAHRQwKRoA6YZqlfjXWmVzoVSMw==", "dev": true + }, + "which": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/which/-/which-2.0.2.tgz", + "integrity": "sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA==", + "dev": true, + "requires": { + "isexe": "^2.0.0" + } + }, + "workerpool": { + "version": "6.2.0", + "resolved": "https://registry.npmjs.org/workerpool/-/workerpool-6.2.0.tgz", + "integrity": "sha512-Rsk5qQHJ9eowMH28Jwhe8HEbmdYDX4lwoMWshiCXugjtHqMD9ZbiqSDLxcsfdqsETPzVUtX5s1Z5kStiIM6l4A==", + "dev": true + }, + "wrap-ansi": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz", + "integrity": "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==", + "dev": true, + "requires": { + "ansi-styles": "^4.0.0", + "string-width": "^4.1.0", + "strip-ansi": "^6.0.0" + } + }, + "wrappy": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz", + "integrity": "sha1-tSQ9jz7BqjXxNkYFvA0QNuMKtp8=", + "dev": true + }, + "y18n": { + "version": "5.0.8", + "resolved": "https://registry.npmjs.org/y18n/-/y18n-5.0.8.tgz", + "integrity": "sha512-0pfFzegeDWJHJIAmTLRP2DwHjdF5s7jo9tuztdQxAhINCdvS+3nGINqPd00AphqJR/0LhANUS6/+7SCb98YOfA==", + "dev": true + }, + "yargs": { + "version": "16.2.0", + "resolved": "https://registry.npmjs.org/yargs/-/yargs-16.2.0.tgz", + "integrity": "sha512-D1mvvtDG0L5ft/jGWkLpG1+m0eQxOfaBvTNELraWj22wSVUMWxZUvYgJYcKh6jGGIkJFhH4IZPQhR4TKpc8mBw==", + "dev": true, + "requires": { + "cliui": "^7.0.2", + "escalade": "^3.1.1", + "get-caller-file": "^2.0.5", + "require-directory": "^2.1.1", + "string-width": "^4.2.0", + "y18n": "^5.0.5", + "yargs-parser": "^20.2.2" + } + }, + "yargs-parser": { + "version": "20.2.4", + "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-20.2.4.tgz", + "integrity": "sha512-WOkpgNhPTlE73h4VFAFsOnomJVaovO8VqLDzy5saChRBFQFBoMYirowyW+Q9HB4HFF4Z7VZTiG3iSzJJA29yRA==", + "dev": true + }, + "yargs-unparser": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/yargs-unparser/-/yargs-unparser-2.0.0.tgz", + "integrity": "sha512-7pRTIA9Qc1caZ0bZ6RYRGbHJthJWuakf+WmHK0rVeLkNrrGhfoabBNdue6kdINI6r4if7ocq9aD/n7xwKOdzOA==", + "dev": true, + "requires": { + "camelcase": "^6.0.0", + "decamelize": "^4.0.0", + "flat": "^5.0.2", + "is-plain-obj": "^2.1.0" + } + }, + "yocto-queue": { + "version": "0.1.0", + "resolved": "https://registry.npmjs.org/yocto-queue/-/yocto-queue-0.1.0.tgz", + "integrity": "sha512-rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q==", + "dev": true } } } diff --git a/package.json b/package.json index 23205bdf2..d287540ed 100644 --- a/package.json +++ b/package.json @@ -6,7 +6,8 @@ "packageurl-js": "^0.0.5" }, "devDependencies": { - "typescript": "^4.6" + "mocha": "9.2.2", + "typescript": "4.6.3" }, "main": "dist/index.js", "types": "dist/index.d.ts", @@ -14,6 +15,6 @@ "lint": "tsc --noEmit", "clean": "tsc --build --clean", "build": "tsc --build", - "test": "echo 'todo: test dist/'" + "test": "mocha" } } diff --git a/tests/README.md b/test/README.md similarity index 100% rename from tests/README.md rename to test/README.md diff --git a/test/integration/enums/HashAlogorithms.test.js b/test/integration/enums/HashAlogorithms.test.js new file mode 100644 index 000000000..2da4a037d --- /dev/null +++ b/test/integration/enums/HashAlogorithms.test.js @@ -0,0 +1,3 @@ +describe('all values from spec1.4 are available', () => { + // TODO +}) diff --git a/tests/testFoo.js b/test/testFoo.js similarity index 100% rename from tests/testFoo.js rename to test/testFoo.js diff --git a/test/unit/modules/Bom.spec.js b/test/unit/modules/Bom.spec.js new file mode 100644 index 000000000..28104664e --- /dev/null +++ b/test/unit/modules/Bom.spec.js @@ -0,0 +1,42 @@ +const assert = require('assert'); +const {models: {Bom, Metadata, ComponentRepository}} = require("../../../"); + +describe('BOM', () => { + + it('construct with basic properties', () => { + const bom = new Bom() + + assert.ok(bom.metadata instanceof Metadata) + assert.ok(bom.components instanceof ComponentRepository) + assert.strictEqual(bom.version, 1) + assert.strictEqual(bom.serialNumber, null) + }) + + describe('can set version', () => { + [3, 6.0].forEach(newVersion => { + it(`for: ${newVersion}`, () => { + const bom = new Bom() + assert.notStrictEqual(bom.version, newVersion) + + bom.version = newVersion + + assert.strictEqual(bom.version, newVersion) + }) + }) + }) + + describe('cannot set version', () => { + [0, -1, 3.5, -3.5, 'foo', '3', true, false, null, undefined, ['list'], {'ob': 'ject'}].forEach(newVersion => { + it(`for: ${newVersion}`, () => { + const bom = new Bom() + assert.notStrictEqual(bom.version, newVersion) + + assert.throws(() => { + bom.version = newVersion + }, new RegExp('not PositiveInteger')) + }) + }) + }) + + +}) From 2777f4e2be6febd55eab816e75ef9ba8fb70ab3e Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Fri, 1 Apr 2022 09:30:54 +0200 Subject: [PATCH 020/233] wip Signed-off-by: Jan Kowalleck --- test/unit/modules/Bom.spec.js | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/test/unit/modules/Bom.spec.js b/test/unit/modules/Bom.spec.js index 28104664e..ba8412d66 100644 --- a/test/unit/modules/Bom.spec.js +++ b/test/unit/modules/Bom.spec.js @@ -1,13 +1,22 @@ const assert = require('assert'); -const {models: {Bom, Metadata, ComponentRepository}} = require("../../../"); +const {models: {Bom, Metadata, ComponentRepository, ToolRepository, OrganizationalContactRepository}} = require("../../../"); describe('BOM', () => { - it('construct with basic properties', () => { + it('construct with empty properties', () => { const bom = new Bom() assert.ok(bom.metadata instanceof Metadata) + assert.strictEqual(bom.metadata.timestamp, null) + assert.ok(bom.metadata.tools instanceof ToolRepository) + assert.strictEqual(bom.metadata.tools.size, 0) + assert.ok(bom.metadata.authors instanceof OrganizationalContactRepository) + assert.strictEqual(bom.metadata.authors.size, 0) + assert.strictEqual(bom.metadata.component, null) + assert.strictEqual(bom.metadata.supplier, null) + assert.strictEqual(bom.metadata.manufacture, null) assert.ok(bom.components instanceof ComponentRepository) + assert.equal(bom.components.size, 0) assert.strictEqual(bom.version, 1) assert.strictEqual(bom.serialNumber, null) }) From 4b1720e2150de970f1f2a692a40970fd8836a1ed Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Fri, 1 Apr 2022 09:33:46 +0200 Subject: [PATCH 021/233] wip Signed-off-by: Jan Kowalleck --- test/unit/modules/Bom.spec.js | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/test/unit/modules/Bom.spec.js b/test/unit/modules/Bom.spec.js index ba8412d66..57c376b57 100644 --- a/test/unit/modules/Bom.spec.js +++ b/test/unit/modules/Bom.spec.js @@ -1,5 +1,7 @@ const assert = require('assert'); -const {models: {Bom, Metadata, ComponentRepository, ToolRepository, OrganizationalContactRepository}} = require("../../../"); +const {models: { + Bom, Metadata, ComponentRepository, ToolRepository, OrganizationalContactRepository +}} = require("../../../"); describe('BOM', () => { @@ -35,7 +37,14 @@ describe('BOM', () => { }) describe('cannot set version', () => { - [0, -1, 3.5, -3.5, 'foo', '3', true, false, null, undefined, ['list'], {'ob': 'ject'}].forEach(newVersion => { + [ + 0, -1, 3.5, -3.5, + 'foo', '3', + true, false, + null, undefined, + ['list'], + {'ob': 'ject'} + ].forEach(newVersion => { it(`for: ${newVersion}`, () => { const bom = new Bom() assert.notStrictEqual(bom.version, newVersion) @@ -47,5 +56,4 @@ describe('BOM', () => { }) }) - }) From d7aaae936946deb61046ad3449cc618e597543a5 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Fri, 1 Apr 2022 09:36:40 +0200 Subject: [PATCH 022/233] wip Signed-off-by: Jan Kowalleck --- .github/workflows/nodejs.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/nodejs.yml b/.github/workflows/nodejs.yml index 4e96c416f..55e44c2bd 100644 --- a/.github/workflows/nodejs.yml +++ b/.github/workflows/nodejs.yml @@ -13,8 +13,8 @@ env: NODE_ACTIVE_LTS: "16" jobs: - lint: - name: Lint + test: + name: build & test timeout-minutes: 30 runs-on: "ubuntu-latest" steps: From 6a2e530b599f5d08e9bfdeb5921df8faf2304d0b Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Fri, 1 Apr 2022 09:37:08 +0200 Subject: [PATCH 023/233] wip Signed-off-by: Jan Kowalleck --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index b3d9cec3d..0ad94e730 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -10,4 +10,4 @@ on: env: NODE_ACTIVE_LTS: "16" -jobs: # TODO write workflow thar cleans and builds +jobs: # TODO write workflow thar cleans and builds and releases From e9dd3d659893acd128aca2640d1ca7b6ba212c8b Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Fri, 1 Apr 2022 09:39:08 +0200 Subject: [PATCH 024/233] wip Signed-off-by: Jan Kowalleck --- .github/workflows/nodejs.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/nodejs.yml b/.github/workflows/nodejs.yml index 55e44c2bd..e20223693 100644 --- a/.github/workflows/nodejs.yml +++ b/.github/workflows/nodejs.yml @@ -4,7 +4,7 @@ name: Node CI on: push: - branches: ["master"] + branches: ["master", "1.0-dev"] pull_request: workflow_dispatch: From 524141cf64203e8743ae2fb759766512e316d7a6 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Fri, 1 Apr 2022 09:42:22 +0200 Subject: [PATCH 025/233] wip Signed-off-by: Jan Kowalleck --- .github/workflows/nodejs.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/nodejs.yml b/.github/workflows/nodejs.yml index e20223693..37d6b8fcc 100644 --- a/.github/workflows/nodejs.yml +++ b/.github/workflows/nodejs.yml @@ -4,6 +4,7 @@ name: Node CI on: push: + # TODO: remove 1.0-dev after dev-merge branches: ["master", "1.0-dev"] pull_request: workflow_dispatch: @@ -16,6 +17,8 @@ jobs: test: name: build & test timeout-minutes: 30 + # TODO: make it a matrix of all supported node versions + # -- the build may happen in a separate latest-node version run runs-on: "ubuntu-latest" steps: - name: Checkout From 6b622b0146124b938fcf5d79043d61b8d73f3c94 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Fri, 1 Apr 2022 09:43:40 +0200 Subject: [PATCH 026/233] wip Signed-off-by: Jan Kowalleck --- test/testFoo.js | 3 --- 1 file changed, 3 deletions(-) delete mode 100644 test/testFoo.js diff --git a/test/testFoo.js b/test/testFoo.js deleted file mode 100644 index 0b2cdc477..000000000 --- a/test/testFoo.js +++ /dev/null @@ -1,3 +0,0 @@ -// test that require works as expected -const sut = require("../") -console.log(sut.enums.HashAlgorithm.MD5) From f8d704b8dbbfd47be40565ba63949a76bdef8745 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Fri, 1 Apr 2022 09:54:10 +0200 Subject: [PATCH 027/233] wip Signed-off-by: Jan Kowalleck --- src/models/Bom.ts | 3 --- src/models/SWID.ts | 5 +---- 2 files changed, 1 insertion(+), 7 deletions(-) diff --git a/src/models/Bom.ts b/src/models/Bom.ts index 672e9dcb3..4cc09c9b6 100644 --- a/src/models/Bom.ts +++ b/src/models/Bom.ts @@ -12,13 +12,10 @@ export class Bom { metadata = new Metadata() components = new ComponentRepository() - /** positive integer */ #version: PositiveInteger = 1 - /** @type {PositiveInteger} positive integer */ get version(): PositiveInteger { return this.#version } - /** @param {PositiveInteger} value positive integer */ set version(value: PositiveInteger) { if (!isPositiveInteger(value)) { throw new RangeError(`${value} is not PositiveInteger`) diff --git a/src/models/SWID.ts b/src/models/SWID.ts index 2e7a3a035..b4eccb3ca 100644 --- a/src/models/SWID.ts +++ b/src/models/SWID.ts @@ -14,16 +14,13 @@ export class SWID { this.name = name } - /** integer ur nul */ #tagVersion: PositiveInteger | null = null - /** @type {(PositiveInteger|null)} positive integer or null */ get tagVersion(): PositiveInteger | null { return this.#tagVersion } - /** @param {(PositiveInteger|null)} value positive integer or null */ set tagVersion(value: PositiveInteger | null) { if (value !== null && !isPositiveInteger(value)) { - throw new TypeError(`${value} is not PositiveInteger or null`) + throw new TypeError(`${value} is not PositiveInteger nor null`) } this.#tagVersion = value } From 59433f8ce4c9423aa772af87bdfb87346211f7c2 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Fri, 1 Apr 2022 20:33:51 +0200 Subject: [PATCH 028/233] wip Signed-off-by: Jan Kowalleck --- .editorconfig | 10 ++++++++++ src/index.ts | 4 ++-- test/unit/modules/Bom.spec.js | 2 +- 3 files changed, 13 insertions(+), 3 deletions(-) diff --git a/.editorconfig b/.editorconfig index 8a3267dcd..1689365cf 100644 --- a/.editorconfig +++ b/.editorconfig @@ -13,5 +13,15 @@ trim_trailing_whitespace = false [*.{ts,js}] charset = utf-8 end_of_line = lf +indent_style = space +indent_size = 4 +trim_trailing_whitespace = true +insert_final_newline = true + +[*.{json,cjson,cjsn}] +charset = utf-8 +end_of_line = lf +indent_style = space +indent_size = 2 trim_trailing_whitespace = true insert_final_newline = true diff --git a/src/index.ts b/src/index.ts index 2e1d780fd..381622476 100644 --- a/src/index.ts +++ b/src/index.ts @@ -1,3 +1,3 @@ -export * as enums from "./enums"; -export * as models from "./models" +export * as enums from "./enums/"; +export * as models from "./models/" export * as types from "./types" diff --git a/test/unit/modules/Bom.spec.js b/test/unit/modules/Bom.spec.js index 57c376b57..757c8a84c 100644 --- a/test/unit/modules/Bom.spec.js +++ b/test/unit/modules/Bom.spec.js @@ -1,7 +1,7 @@ const assert = require('assert'); const {models: { Bom, Metadata, ComponentRepository, ToolRepository, OrganizationalContactRepository -}} = require("../../../"); +}} = require('../../../'); describe('BOM', () => { From cd2d87067772acc3daca275d33cdfe050f106da2 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Fri, 1 Apr 2022 20:42:23 +0200 Subject: [PATCH 029/233] wip Signed-off-by: Jan Kowalleck --- src/enums/SpdxId.ts | 4 ++++ src/models/License.ts | 6 ++++-- 2 files changed, 8 insertions(+), 2 deletions(-) create mode 100644 src/enums/SpdxId.ts diff --git a/src/enums/SpdxId.ts b/src/enums/SpdxId.ts new file mode 100644 index 000000000..489a17b5b --- /dev/null +++ b/src/enums/SpdxId.ts @@ -0,0 +1,4 @@ +// this type is currently a draft. it will most likely change or be removed. +export enum SpdxId { + // @TODO read all the values from `../../res/spdx.SNAPSHOT.schema.json` +} diff --git a/src/models/License.ts b/src/models/License.ts index 291c7a6ea..b5aa151f5 100644 --- a/src/models/License.ts +++ b/src/models/License.ts @@ -1,3 +1,5 @@ +import {SpdxId} from '../enums/SpdxId' + export class LicenseExpression { value: string @@ -17,11 +19,11 @@ export class NamedLicense { } export class SpdxLicense { - id: string // @TODO: have dynamic SPDX enum basec on json schema file -- use json import feature of nodejs? + id: SpdxId text: string | null = null url: URL | null = null - constructor(id: string) { + constructor(id: SpdxId) { this.id = id } } From 7843dc300019a090c6a812f51ead18b3befc8bf4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 2 Apr 2022 17:00:41 +0200 Subject: [PATCH 030/233] Bump packageurl-js from 0.0.5 to 0.0.6 (#9) Bumps [packageurl-js](https://github.com/package-url/packageurl-js) from 0.0.5 to 0.0.6. - [Release notes](https://github.com/package-url/packageurl-js/releases) - [Changelog](https://github.com/package-url/packageurl-js/blob/master/CHANGELOG.md) - [Commits](https://github.com/package-url/packageurl-js/compare/v0.0.5...v0.0.6) --- updated-dependencies: - dependency-name: packageurl-js dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Jan Kowalleck --- package-lock.json | 14 +++++++------- package.json | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/package-lock.json b/package-lock.json index ab7244896..38da9b35d 100644 --- a/package-lock.json +++ b/package-lock.json @@ -8,7 +8,7 @@ "name": "@cyclonedx/cyclonedx-library", "version": "0.0.1-alpha", "dependencies": { - "packageurl-js": "^0.0.5" + "packageurl-js": "^0.0.6" }, "devDependencies": { "mocha": "9.2.2", @@ -685,9 +685,9 @@ } }, "node_modules/packageurl-js": { - "version": "0.0.5", - "resolved": "https://registry.npmjs.org/packageurl-js/-/packageurl-js-0.0.5.tgz", - "integrity": "sha512-BISQVKLiu7EsWF5Qhx8OvX6K5vOfFcYuQBggFfrF2dHu+/Z2snuabilb0EyLvHZH0XXqbEz20pqFRonTt8z6QA==" + "version": "0.0.6", + "resolved": "https://registry.npmjs.org/packageurl-js/-/packageurl-js-0.0.6.tgz", + "integrity": "sha512-XtwEbLN9FXkojPymZ6VVhW7HrBrUZmNexAG43P5HF7lqbFVOTgZ5OQ7OTaIF4uZ6Z4vkWP1N4ze0X3XLX/pqvA==" }, "node_modules/path-exists": { "version": "4.0.0", @@ -1448,9 +1448,9 @@ } }, "packageurl-js": { - "version": "0.0.5", - "resolved": "https://registry.npmjs.org/packageurl-js/-/packageurl-js-0.0.5.tgz", - "integrity": "sha512-BISQVKLiu7EsWF5Qhx8OvX6K5vOfFcYuQBggFfrF2dHu+/Z2snuabilb0EyLvHZH0XXqbEz20pqFRonTt8z6QA==" + "version": "0.0.6", + "resolved": "https://registry.npmjs.org/packageurl-js/-/packageurl-js-0.0.6.tgz", + "integrity": "sha512-XtwEbLN9FXkojPymZ6VVhW7HrBrUZmNexAG43P5HF7lqbFVOTgZ5OQ7OTaIF4uZ6Z4vkWP1N4ze0X3XLX/pqvA==" }, "path-exists": { "version": "4.0.0", diff --git a/package.json b/package.json index d287540ed..8bf3422a7 100644 --- a/package.json +++ b/package.json @@ -3,7 +3,7 @@ "type": "commonjs", "version": "0.0.1-alpha", "dependencies": { - "packageurl-js": "^0.0.5" + "packageurl-js": "^0.0.6" }, "devDependencies": { "mocha": "9.2.2", From 5b46e84eda2cc353326b607d159fbc745b77b00f Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sat, 2 Apr 2022 21:30:55 +0200 Subject: [PATCH 031/233] spdx foo Signed-off-by: Jan Kowalleck --- .mocharc.js | 4 ++ src/enums/SpdxId.ts | 4 -- src/index.ts | 1 + src/models/License.ts | 17 +++++- src/spdx.ts | 23 ++++++++ src/types.ts | 2 +- test/_data/spdx.js | 13 +++++ .../enums/HashAlogorithms.test.js | 0 test/functional/spdx.test.js | 38 ++++++++++++++ test/unit/spdx.spec.js | 52 +++++++++++++++++++ tsconfig.json | 18 ++++--- 11 files changed, 158 insertions(+), 14 deletions(-) delete mode 100644 src/enums/SpdxId.ts create mode 100644 src/spdx.ts create mode 100644 test/_data/spdx.js rename test/{integration => functional}/enums/HashAlogorithms.test.js (100%) create mode 100644 test/functional/spdx.test.js create mode 100644 test/unit/spdx.spec.js diff --git a/.mocharc.js b/.mocharc.js index ed7bfae99..458f6804b 100644 --- a/.mocharc.js +++ b/.mocharc.js @@ -2,4 +2,8 @@ module.exports = { // mocha config // read: https://mochajs.org/#configuring-mocha-nodejs recursive: true, + extension: [ + "spec.js", + "test.js" + ] } diff --git a/src/enums/SpdxId.ts b/src/enums/SpdxId.ts deleted file mode 100644 index 489a17b5b..000000000 --- a/src/enums/SpdxId.ts +++ /dev/null @@ -1,4 +0,0 @@ -// this type is currently a draft. it will most likely change or be removed. -export enum SpdxId { - // @TODO read all the values from `../../res/spdx.SNAPSHOT.schema.json` -} diff --git a/src/index.ts b/src/index.ts index 381622476..252782e98 100644 --- a/src/index.ts +++ b/src/index.ts @@ -1,3 +1,4 @@ export * as enums from "./enums/"; export * as models from "./models/" +export * as spdx from "./spdx" export * as types from "./types" diff --git a/src/models/License.ts b/src/models/License.ts index b5aa151f5..d2c74bdf4 100644 --- a/src/models/License.ts +++ b/src/models/License.ts @@ -1,4 +1,4 @@ -import {SpdxId} from '../enums/SpdxId' +import {SpdxId, isSpdxId} from '../spdx' export class LicenseExpression { value: string @@ -19,13 +19,26 @@ export class NamedLicense { } export class SpdxLicense { - id: SpdxId text: string | null = null url: URL | null = null constructor(id: SpdxId) { this.id = id } + + #id!: SpdxId + get id(): SpdxId + { + return this.#id + } + set id(value: SpdxId) + { + if (!isSpdxId(value)) { + throw new RangeError(`Unknown SpdxId: ${value}`) + } + this.#id = value + } + } export type LicenseChoice = NamedLicense | SpdxLicense | LicenseExpression diff --git a/src/spdx.ts b/src/spdx.ts new file mode 100644 index 000000000..440cca7d3 --- /dev/null +++ b/src/spdx.ts @@ -0,0 +1,23 @@ +// @ts-ignore this works as long as the paths are available in dist dir +import {default as spdxSpec} from "../res/spdx.SNAPSHOT.schema.json" + +const _spdxSpecEnum: Array = spdxSpec.enum +const spdxIds: Set = new Set(_spdxSpecEnum) +const spdxLowerToActual: Map = new Map(_spdxSpecEnum.map( + function (spdxId: string): [string, string] { + return [spdxId.toLowerCase(), spdxId]; + } +)) + +export type SpdxId = string + +export function isSpdxId(value: any): value is SpdxId { + return spdxIds.has(value) +} + +export function fixupSpdxId(value: any): SpdxId | undefined { + return typeof value === 'string' + ? spdxLowerToActual.get(value.toLowerCase()) + : undefined +} + diff --git a/src/types.ts b/src/types.ts index 9289db725..ea711b709 100644 --- a/src/types.ts +++ b/src/types.ts @@ -1,5 +1,5 @@ -export type PositiveInteger = number +export declare type PositiveInteger = number export function isPositiveInteger(value: any): value is PositiveInteger { diff --git a/test/_data/spdx.js b/test/_data/spdx.js new file mode 100644 index 000000000..3c7811c3f --- /dev/null +++ b/test/_data/spdx.js @@ -0,0 +1,13 @@ +const assert = require('assert'); +const fs = require('fs') + +const spdxSpecEnum = JSON.parse( + fs.readFileSync(`${__dirname}/../../res/spdx.SNAPSHOT.schema.json`) +).enum +assert.ok(spdxSpecEnum instanceof Array) +assert.notEqual(spdxSpecEnum.length, 0) +spdxSpecEnum.forEach(value => assert.strictEqual(typeof value, 'string')) + +module.exports = { + spdxSpecEnum: spdxSpecEnum +} diff --git a/test/integration/enums/HashAlogorithms.test.js b/test/functional/enums/HashAlogorithms.test.js similarity index 100% rename from test/integration/enums/HashAlogorithms.test.js rename to test/functional/enums/HashAlogorithms.test.js diff --git a/test/functional/spdx.test.js b/test/functional/spdx.test.js new file mode 100644 index 000000000..b81a0f047 --- /dev/null +++ b/test/functional/spdx.test.js @@ -0,0 +1,38 @@ +const assert = require('assert'); +const {spdxSpecEnum} = require('../_data/spdx') +const {spdx} = require('../../'); + +describe('isSpdxId()', () => { + + const knownSpdxIds = [ + ...spdxSpecEnum + ] + + describe('knows', () => { + knownSpdxIds.forEach(value => { + it(`${value}`, () => { + assert.strictEqual(spdx.isSpdxId(value), true) + }) + }) + }) + +}) + +describe('fixupSpdxId()', () => { + + const expectedFixed = new Map([ + ...spdxSpecEnum.map(v => [v, v]), + ...spdxSpecEnum.map(v => [v.toLowerCase(), v]), + ...spdxSpecEnum.map(v => [v.toUpperCase(), v]), + ]) + + describe('transform', () => { + expectedFixed.forEach((expected, value) => { + it(`${value} -> ${expected}`, () => { + assert.strictEqual(spdx.fixupSpdxId(value), expected) + }) + }) + }) + +}) + diff --git a/test/unit/spdx.spec.js b/test/unit/spdx.spec.js new file mode 100644 index 000000000..c9120ed1a --- /dev/null +++ b/test/unit/spdx.spec.js @@ -0,0 +1,52 @@ +const assert = require('assert'); +const {spdx} = require('../../'); + +describe('isSpdxId()', () => { + + const knownSpdxIds = ["MIT", "Apache-2.0"] + + describe('is true', () => { + knownSpdxIds.forEach(value => { + it(`for: ${value}`, () => { + assert.strictEqual(spdx.isSpdxId(value), true) + }) + }) + }) + + describe('is false', () => { + [null, undefined, 'fooBarbaz', 'mit'].forEach(value => { + it(`for: ${value}`, () => { + assert.strictEqual(spdx.isSpdxId(value), false) + }) + }) + }) + +}) + +describe('fixupSpdxId()', () => { + + const expectedFixed = new Map([ + ["MIT", "MIT"], + ["mit", "MIT"], + ["Apache-2.0", "Apache-2.0"], + ["ApAcHe-2.0", "Apache-2.0"], + ["apache-2.0", "Apache-2.0"] + ]) + + describe('transform', () => { + expectedFixed.forEach((expected, value) => { + it(`${value} -> ${expected}`, () => { + assert.strictEqual(spdx.fixupSpdxId(value), expected) + }) + }) + }) + + describe('miss', () => { + [undefined, null, 'fooBarbaz'].forEach((value, expected) => { + it(`${value}`, () => { + assert.strictEqual(spdx.fixupSpdxId(value), undefined) + }) + }) + }) +}) + diff --git a/tsconfig.json b/tsconfig.json index ccca9280b..aa467566d 100644 --- a/tsconfig.json +++ b/tsconfig.json @@ -1,6 +1,7 @@ { + "$schema": "https://json.schemastore.org/tsconfig", "compilerOptions": { - /* Visit https://aka.ms/tsconfig.json to read more about this file */ + /* Visit https://aka.ms/tsconfig.resolveJsonModule to read more about this file */ /* Projects */ // "incremental": true, /* Enable incremental compilation */ @@ -25,7 +26,7 @@ /* Modules */ "module": "CommonJS", /* Specify what module code is generated. */ - "rootDir": "./src/", /* Specify the root folder within your source files. */ + "rootDir": "src", /* Specify the root folder within your source files. */ "moduleResolution": "Node", /* Specify how TypeScript looks up a file from a given module specifier. */ // "baseUrl": "./", /* Specify the base directory to resolve non-relative module names. */ // "paths": {}, /* Specify a set of entries that re-map imports to additional lookup locations. */ @@ -33,7 +34,7 @@ // "typeRoots": [], /* Specify multiple folders that act like `./node_modules/@types`. */ // "types": [], /* Specify type package names to be included without being referenced in a source file. */ // "allowUmdGlobalAccess": true, /* Allow accessing UMD globals from modules. */ - // "resolveJsonModule": true, /* Enable importing .json files */ + "resolveJsonModule": true, /* Enable importing .json files */ // "noResolve": true, /* Disallow `import`s, `require`s or ``s from expanding the number of files TypeScript should add to a project. */ /* JavaScript Support */ @@ -68,7 +69,7 @@ /* Interop Constraints */ "isolatedModules": true, /* Ensure that each file can be safely transpiled without relying on other imports. */ - // "allowSyntheticDefaultImports": true, /* Allow 'import x from y' when a module doesn't have a default export. */ + "allowSyntheticDefaultImports": true, /* Allow 'import x from y' when a module doesn't have a default export. */ "esModuleInterop": true, /* Emit additional JavaScript to ease support for importing CommonJS modules. This enables `allowSyntheticDefaultImports` for type compatibility. */ // "preserveSymlinks": true, /* Disable resolving symlinks to their realpath. This correlates to the same flag in node. */ "forceConsistentCasingInFileNames": true, /* Ensure that casing is correct in imports. */ @@ -95,9 +96,12 @@ "allowUnreachableCode": false, /* Disable error reporting for unreachable code. */ /* Completeness */ - // "skipDefaultLibCheck": true, /* Skip type checking .d.ts files that are included with TypeScript. */ + "skipDefaultLibCheck": false, /* Skip type checking .d.ts files that are included with TypeScript. */ "skipLibCheck": false /* Skip type checking all .d.ts files. */ }, - "include": ["src/**/*"], - "exclude": ["node_modules", "**/*.spec.ts"] + "include": ["src/**/*.ts"], + "exclude": [ + "node_modules", + "**/*.spec.ts", "**/*.test.ts" + ], } From 678efe6a33191a4335cfebc3bb2e68f30e965dac Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sat, 2 Apr 2022 21:41:16 +0200 Subject: [PATCH 032/233] spdx foo Signed-off-by: Jan Kowalleck --- test/_data/spdx.js | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/test/_data/spdx.js b/test/_data/spdx.js index 3c7811c3f..9f1d1e0de 100644 --- a/test/_data/spdx.js +++ b/test/_data/spdx.js @@ -1,13 +1,13 @@ const assert = require('assert'); const fs = require('fs') +const path = require('path') + +const spdxSpecEnum = JSON.parse(fs.readFileSync(path.join( + __dirname, '../../', 'res/spdx.SNAPSHOT.schema.json' +))).enum -const spdxSpecEnum = JSON.parse( - fs.readFileSync(`${__dirname}/../../res/spdx.SNAPSHOT.schema.json`) -).enum assert.ok(spdxSpecEnum instanceof Array) assert.notEqual(spdxSpecEnum.length, 0) spdxSpecEnum.forEach(value => assert.strictEqual(typeof value, 'string')) -module.exports = { - spdxSpecEnum: spdxSpecEnum -} +exports.spdxSpecEnum = spdxSpecEnum From 4e48c5e3b3b1748ceb0feab78f538615f99ce266 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sat, 2 Apr 2022 21:43:43 +0200 Subject: [PATCH 033/233] wip Signed-off-by: Jan Kowalleck --- README.md | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index a9e118ec6..d870362e0 100644 --- a/README.md +++ b/README.md @@ -3,15 +3,13 @@ Core functionality of CDX for JavaScript (node or web-browser), written in TypeScript and compiled to the target. -## Usage - -### Install +## Install ```shell npm i -S @cyclonedx/cyclonedx-library ``` -### Programmatic +## Usage Example 1: ```javascript @@ -21,7 +19,7 @@ bom.components.add( new cdx.models.Component(cdx.enums.ComponentType.Library, 'myComponent')) ``` -## Development +## Development ### Set up the project From cd0206b13173deb96783d25c914e788d491e329f Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sat, 2 Apr 2022 21:55:44 +0200 Subject: [PATCH 034/233] wip Signed-off-by: Jan Kowalleck --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 8bf3422a7..cdf4ba9b8 100644 --- a/package.json +++ b/package.json @@ -13,7 +13,7 @@ "types": "dist/index.d.ts", "scripts": { "lint": "tsc --noEmit", - "clean": "tsc --build --clean", + "clean": "node -r fs -e 'fs.rmSync(\"dist\",{recursive:true,force:true})'", "build": "tsc --build", "test": "mocha" } From 10bc6378f2d006ea5af0859fdfb37cb0e1468ca5 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sat, 2 Apr 2022 21:58:01 +0200 Subject: [PATCH 035/233] wip Signed-off-by: Jan Kowalleck --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index d870362e0..356ad5a08 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ # CycloneDX JavaScript library -Core functionality of CDX for JavaScript (node or web-browser), -written in TypeScript and compiled to the target. +Core functionality of CDX for _JavaScript_ (node or web-browser), +written in _TypeScript_ and compiled to the target. ## Install From 945e375c6888f17ac4995397deddcf251fcd27d5 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sat, 2 Apr 2022 23:21:31 +0200 Subject: [PATCH 036/233] wip Signed-off-by: Jan Kowalleck --- test/_data/spdx.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/_data/spdx.js b/test/_data/spdx.js index 9f1d1e0de..2c0f52cee 100644 --- a/test/_data/spdx.js +++ b/test/_data/spdx.js @@ -2,7 +2,7 @@ const assert = require('assert'); const fs = require('fs') const path = require('path') -const spdxSpecEnum = JSON.parse(fs.readFileSync(path.join( +const spdxSpecEnum = JSON.parse(fs.readFileSync(path.resolve( __dirname, '../../', 'res/spdx.SNAPSHOT.schema.json' ))).enum From 5c12c3c5413d69327dfeea2f682c89e87724e7ae Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sun, 3 Apr 2022 00:43:29 +0200 Subject: [PATCH 037/233] [DRAFT] compiled for browser (#10) * wip * wip * wip * wip Signed-off-by: Jan Kowalleck --- .github/workflows/nodejs.yml | 2 - .gitignore | 4 + .npmignore | 2 + README.md | 29 +- examples/README.md | 4 + examples/e1.js | 5 - examples/node.js | 9 + examples/web-browser.html | 10 + package-lock.json | 2164 +++++++++++++++++++++++++++++++++- package.json | 15 +- tsconfig.json | 2 +- webpack.config.js | 15 + 12 files changed, 2238 insertions(+), 23 deletions(-) create mode 100644 examples/README.md delete mode 100644 examples/e1.js create mode 100644 examples/node.js create mode 100644 examples/web-browser.html create mode 100644 webpack.config.js diff --git a/.github/workflows/nodejs.yml b/.github/workflows/nodejs.yml index 37d6b8fcc..6b8edbf36 100644 --- a/.github/workflows/nodejs.yml +++ b/.github/workflows/nodejs.yml @@ -33,8 +33,6 @@ jobs: cache-dependency-path: "**/package-lock.json" - name: install project run: npm ci - - name: clean - run: npm run clean - name: build run: npm run build - name: test diff --git a/.gitignore b/.gitignore index a9d9a8d87..9756e4e51 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,10 @@ /.*.cache/ /report/ +/dist/ +/dist.node/ +/dist.web/ + ### https://github.com/github/gitignore/blob/main/Node.gitignore # Logs diff --git a/.npmignore b/.npmignore index 4011776ac..8a7fc0ff6 100644 --- a/.npmignore +++ b/.npmignore @@ -154,6 +154,8 @@ dist # never ignore the results - these are intended to be shipped !/dist/ +!/dist.node/ +!/dist.web/ # ??? should the src/ and tests/ and build-related files be ignored? # Sources are not to be excluded, as TypeScript-users would love to have sources (and tests), diff --git a/README.md b/README.md index 356ad5a08..25d0e17d9 100644 --- a/README.md +++ b/README.md @@ -11,12 +11,32 @@ npm i -S @cyclonedx/cyclonedx-library ## Usage -Example 1: +As node module: ```javascript -const cdx = require('@cyclonedx/cyclonedx-library') -let bom = new cdx.models.Bom() +const CycloneDX_library = require('@cyclonedx/cyclonedx-library') + +let bom = new CycloneDX_library.models.Bom() bom.components.add( - new cdx.models.Component(cdx.enums.ComponentType.Library, 'myComponent')) + new CycloneDX_library.models.Component( + CycloneDX_library.enums.ComponentType.Library, + 'myComponent' + ) +) +``` + +In web-browser: +```html + + + + test + + + +

Library is available as CycloneDX_library.

+ + + ``` ## Development @@ -32,7 +52,6 @@ npm ci Build the JavaScript: ```shell -npm run clean && \ npm run build ``` diff --git a/examples/README.md b/examples/README.md new file mode 100644 index 000000000..b5d3aff08 --- /dev/null +++ b/examples/README.md @@ -0,0 +1,4 @@ +# Examples + +* [`node.js`](node.js) showcases the usage in node. +* [`web-browser.html`](web-browser.html) showcases the usage in a web-browser. diff --git a/examples/e1.js b/examples/e1.js deleted file mode 100644 index 7458ecb0d..000000000 --- a/examples/e1.js +++ /dev/null @@ -1,5 +0,0 @@ -const cdx = require('../') - -let bom = new cdx.models.Bom() -bom.components.add( - new cdx.models.Component(cdx.enums.ComponentType.Library, 'myComponent')) diff --git a/examples/node.js b/examples/node.js new file mode 100644 index 000000000..8d99c1c13 --- /dev/null +++ b/examples/node.js @@ -0,0 +1,9 @@ +const CycloneDX_library = require('../') + +let bom = new CycloneDX_library.models.Bom() +bom.components.add( + new CycloneDX_library.models.Component( + CycloneDX_library.enums.ComponentType.Library, + 'myComponent' + ) +) diff --git a/examples/web-browser.html b/examples/web-browser.html new file mode 100644 index 000000000..b80ff05b9 --- /dev/null +++ b/examples/web-browser.html @@ -0,0 +1,10 @@ + + + + test + + + +

Library is available as CycloneDX_library.

+ + diff --git a/package-lock.json b/package-lock.json index 38da9b35d..786415253 100644 --- a/package-lock.json +++ b/package-lock.json @@ -12,15 +12,304 @@ }, "devDependencies": { "mocha": "9.2.2", - "typescript": "4.6.3" + "typescript": "4.6.3", + "webpack": "^5.71.0", + "webpack-cli": "^4.9.2" } }, + "node_modules/@discoveryjs/json-ext": { + "version": "0.5.7", + "resolved": "https://registry.npmjs.org/@discoveryjs/json-ext/-/json-ext-0.5.7.tgz", + "integrity": "sha512-dBVuXR082gk3jsFp7Rd/JI4kytwGHecnCoTtXFb7DB6CNHp4rg5k1bhg0nWdLGLnOV71lmDzGQaLMy8iPLY0pw==", + "dev": true, + "engines": { + "node": ">=10.0.0" + } + }, + "node_modules/@types/eslint": { + "version": "8.4.1", + "resolved": "https://registry.npmjs.org/@types/eslint/-/eslint-8.4.1.tgz", + "integrity": "sha512-GE44+DNEyxxh2Kc6ro/VkIj+9ma0pO0bwv9+uHSyBrikYOHr8zYcdPvnBOp1aw8s+CjRvuSx7CyWqRrNFQ59mA==", + "dev": true, + "dependencies": { + "@types/estree": "*", + "@types/json-schema": "*" + } + }, + "node_modules/@types/eslint-scope": { + "version": "3.7.3", + "resolved": "https://registry.npmjs.org/@types/eslint-scope/-/eslint-scope-3.7.3.tgz", + "integrity": "sha512-PB3ldyrcnAicT35TWPs5IcwKD8S333HMaa2VVv4+wdvebJkjWuW/xESoB8IwRcog8HYVYamb1g/R31Qv5Bx03g==", + "dev": true, + "dependencies": { + "@types/eslint": "*", + "@types/estree": "*" + } + }, + "node_modules/@types/estree": { + "version": "0.0.51", + "resolved": "https://registry.npmjs.org/@types/estree/-/estree-0.0.51.tgz", + "integrity": "sha512-CuPgU6f3eT/XgKKPqKd/gLZV1Xmvf1a2R5POBOGQa6uv82xpls89HU5zKeVoyR8XzHd1RGNOlQlvUe3CFkjWNQ==", + "dev": true + }, + "node_modules/@types/json-schema": { + "version": "7.0.11", + "resolved": "https://registry.npmjs.org/@types/json-schema/-/json-schema-7.0.11.tgz", + "integrity": "sha512-wOuvG1SN4Us4rez+tylwwwCV1psiNVOkJeM3AUWUNWg/jDQY2+HE/444y5gc+jBmRqASOm2Oeh5c1axHobwRKQ==", + "dev": true + }, + "node_modules/@types/node": { + "version": "17.0.23", + "resolved": "https://registry.npmjs.org/@types/node/-/node-17.0.23.tgz", + "integrity": "sha512-UxDxWn7dl97rKVeVS61vErvw086aCYhDLyvRQZ5Rk65rZKepaFdm53GeqXaKBuOhED4e9uWq34IC3TdSdJJ2Gw==", + "dev": true + }, "node_modules/@ungap/promise-all-settled": { "version": "1.1.2", "resolved": "https://registry.npmjs.org/@ungap/promise-all-settled/-/promise-all-settled-1.1.2.tgz", "integrity": "sha512-sL/cEvJWAnClXw0wHk85/2L0G6Sj8UB0Ctc1TEMbKSsmpRosqhwj9gWgFRZSrBr2f9tiXISwNhCPmlfqUqyb9Q==", "dev": true }, + "node_modules/@webassemblyjs/ast": { + "version": "1.11.1", + "resolved": "https://registry.npmjs.org/@webassemblyjs/ast/-/ast-1.11.1.tgz", + "integrity": "sha512-ukBh14qFLjxTQNTXocdyksN5QdM28S1CxHt2rdskFyL+xFV7VremuBLVbmCePj+URalXBENx/9Lm7lnhihtCSw==", + "dev": true, + "dependencies": { + "@webassemblyjs/helper-numbers": "1.11.1", + "@webassemblyjs/helper-wasm-bytecode": "1.11.1" + } + }, + "node_modules/@webassemblyjs/floating-point-hex-parser": { + "version": "1.11.1", + "resolved": "https://registry.npmjs.org/@webassemblyjs/floating-point-hex-parser/-/floating-point-hex-parser-1.11.1.tgz", + "integrity": "sha512-iGRfyc5Bq+NnNuX8b5hwBrRjzf0ocrJPI6GWFodBFzmFnyvrQ83SHKhmilCU/8Jv67i4GJZBMhEzltxzcNagtQ==", + "dev": true + }, + "node_modules/@webassemblyjs/helper-api-error": { + "version": "1.11.1", + "resolved": "https://registry.npmjs.org/@webassemblyjs/helper-api-error/-/helper-api-error-1.11.1.tgz", + "integrity": "sha512-RlhS8CBCXfRUR/cwo2ho9bkheSXG0+NwooXcc3PAILALf2QLdFyj7KGsKRbVc95hZnhnERon4kW/D3SZpp6Tcg==", + "dev": true + }, + "node_modules/@webassemblyjs/helper-buffer": { + "version": "1.11.1", + "resolved": "https://registry.npmjs.org/@webassemblyjs/helper-buffer/-/helper-buffer-1.11.1.tgz", + "integrity": "sha512-gwikF65aDNeeXa8JxXa2BAk+REjSyhrNC9ZwdT0f8jc4dQQeDQ7G4m0f2QCLPJiMTTO6wfDmRmj/pW0PsUvIcA==", + "dev": true + }, + "node_modules/@webassemblyjs/helper-numbers": { + "version": "1.11.1", + "resolved": "https://registry.npmjs.org/@webassemblyjs/helper-numbers/-/helper-numbers-1.11.1.tgz", + "integrity": "sha512-vDkbxiB8zfnPdNK9Rajcey5C0w+QJugEglN0of+kmO8l7lDb77AnlKYQF7aarZuCrv+l0UvqL+68gSDr3k9LPQ==", + "dev": true, + "dependencies": { + "@webassemblyjs/floating-point-hex-parser": "1.11.1", + "@webassemblyjs/helper-api-error": "1.11.1", + "@xtuc/long": "4.2.2" + } + }, + "node_modules/@webassemblyjs/helper-wasm-bytecode": { + "version": "1.11.1", + "resolved": "https://registry.npmjs.org/@webassemblyjs/helper-wasm-bytecode/-/helper-wasm-bytecode-1.11.1.tgz", + "integrity": "sha512-PvpoOGiJwXeTrSf/qfudJhwlvDQxFgelbMqtq52WWiXC6Xgg1IREdngmPN3bs4RoO83PnL/nFrxucXj1+BX62Q==", + "dev": true + }, + "node_modules/@webassemblyjs/helper-wasm-section": { + "version": "1.11.1", + "resolved": "https://registry.npmjs.org/@webassemblyjs/helper-wasm-section/-/helper-wasm-section-1.11.1.tgz", + "integrity": "sha512-10P9No29rYX1j7F3EVPX3JvGPQPae+AomuSTPiF9eBQeChHI6iqjMIwR9JmOJXwpnn/oVGDk7I5IlskuMwU/pg==", + "dev": true, + "dependencies": { + "@webassemblyjs/ast": "1.11.1", + "@webassemblyjs/helper-buffer": "1.11.1", + "@webassemblyjs/helper-wasm-bytecode": "1.11.1", + "@webassemblyjs/wasm-gen": "1.11.1" + } + }, + "node_modules/@webassemblyjs/ieee754": { + "version": "1.11.1", + "resolved": "https://registry.npmjs.org/@webassemblyjs/ieee754/-/ieee754-1.11.1.tgz", + "integrity": "sha512-hJ87QIPtAMKbFq6CGTkZYJivEwZDbQUgYd3qKSadTNOhVY7p+gfP6Sr0lLRVTaG1JjFj+r3YchoqRYxNH3M0GQ==", + "dev": true, + "dependencies": { + "@xtuc/ieee754": "^1.2.0" + } + }, + "node_modules/@webassemblyjs/leb128": { + "version": "1.11.1", + "resolved": "https://registry.npmjs.org/@webassemblyjs/leb128/-/leb128-1.11.1.tgz", + "integrity": "sha512-BJ2P0hNZ0u+Th1YZXJpzW6miwqQUGcIHT1G/sf72gLVD9DZ5AdYTqPNbHZh6K1M5VmKvFXwGSWZADz+qBWxeRw==", + "dev": true, + "dependencies": { + "@xtuc/long": "4.2.2" + } + }, + "node_modules/@webassemblyjs/utf8": { + "version": "1.11.1", + "resolved": "https://registry.npmjs.org/@webassemblyjs/utf8/-/utf8-1.11.1.tgz", + "integrity": "sha512-9kqcxAEdMhiwQkHpkNiorZzqpGrodQQ2IGrHHxCy+Ozng0ofyMA0lTqiLkVs1uzTRejX+/O0EOT7KxqVPuXosQ==", + "dev": true + }, + "node_modules/@webassemblyjs/wasm-edit": { + "version": "1.11.1", + "resolved": "https://registry.npmjs.org/@webassemblyjs/wasm-edit/-/wasm-edit-1.11.1.tgz", + "integrity": "sha512-g+RsupUC1aTHfR8CDgnsVRVZFJqdkFHpsHMfJuWQzWU3tvnLC07UqHICfP+4XyL2tnr1amvl1Sdp06TnYCmVkA==", + "dev": true, + "dependencies": { + "@webassemblyjs/ast": "1.11.1", + "@webassemblyjs/helper-buffer": "1.11.1", + "@webassemblyjs/helper-wasm-bytecode": "1.11.1", + "@webassemblyjs/helper-wasm-section": "1.11.1", + "@webassemblyjs/wasm-gen": "1.11.1", + "@webassemblyjs/wasm-opt": "1.11.1", + "@webassemblyjs/wasm-parser": "1.11.1", + "@webassemblyjs/wast-printer": "1.11.1" + } + }, + "node_modules/@webassemblyjs/wasm-gen": { + "version": "1.11.1", + "resolved": "https://registry.npmjs.org/@webassemblyjs/wasm-gen/-/wasm-gen-1.11.1.tgz", + "integrity": "sha512-F7QqKXwwNlMmsulj6+O7r4mmtAlCWfO/0HdgOxSklZfQcDu0TpLiD1mRt/zF25Bk59FIjEuGAIyn5ei4yMfLhA==", + "dev": true, + "dependencies": { + "@webassemblyjs/ast": "1.11.1", + "@webassemblyjs/helper-wasm-bytecode": "1.11.1", + "@webassemblyjs/ieee754": "1.11.1", + "@webassemblyjs/leb128": "1.11.1", + "@webassemblyjs/utf8": "1.11.1" + } + }, + "node_modules/@webassemblyjs/wasm-opt": { + "version": "1.11.1", + "resolved": "https://registry.npmjs.org/@webassemblyjs/wasm-opt/-/wasm-opt-1.11.1.tgz", + "integrity": "sha512-VqnkNqnZlU5EB64pp1l7hdm3hmQw7Vgqa0KF/KCNO9sIpI6Fk6brDEiX+iCOYrvMuBWDws0NkTOxYEb85XQHHw==", + "dev": true, + "dependencies": { + "@webassemblyjs/ast": "1.11.1", + "@webassemblyjs/helper-buffer": "1.11.1", + "@webassemblyjs/wasm-gen": "1.11.1", + "@webassemblyjs/wasm-parser": "1.11.1" + } + }, + "node_modules/@webassemblyjs/wasm-parser": { + "version": "1.11.1", + "resolved": "https://registry.npmjs.org/@webassemblyjs/wasm-parser/-/wasm-parser-1.11.1.tgz", + "integrity": "sha512-rrBujw+dJu32gYB7/Lup6UhdkPx9S9SnobZzRVL7VcBH9Bt9bCBLEuX/YXOOtBsOZ4NQrRykKhffRWHvigQvOA==", + "dev": true, + "dependencies": { + "@webassemblyjs/ast": "1.11.1", + "@webassemblyjs/helper-api-error": "1.11.1", + "@webassemblyjs/helper-wasm-bytecode": "1.11.1", + "@webassemblyjs/ieee754": "1.11.1", + "@webassemblyjs/leb128": "1.11.1", + "@webassemblyjs/utf8": "1.11.1" + } + }, + "node_modules/@webassemblyjs/wast-printer": { + "version": "1.11.1", + "resolved": "https://registry.npmjs.org/@webassemblyjs/wast-printer/-/wast-printer-1.11.1.tgz", + "integrity": "sha512-IQboUWM4eKzWW+N/jij2sRatKMh99QEelo3Eb2q0qXkvPRISAj8Qxtmw5itwqK+TTkBuUIE45AxYPToqPtL5gg==", + "dev": true, + "dependencies": { + "@webassemblyjs/ast": "1.11.1", + "@xtuc/long": "4.2.2" + } + }, + "node_modules/@webpack-cli/configtest": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/@webpack-cli/configtest/-/configtest-1.1.1.tgz", + "integrity": "sha512-1FBc1f9G4P/AxMqIgfZgeOTuRnwZMten8E7zap5zgpPInnCrP8D4Q81+4CWIch8i/Nf7nXjP0v6CjjbHOrXhKg==", + "dev": true, + "peerDependencies": { + "webpack": "4.x.x || 5.x.x", + "webpack-cli": "4.x.x" + } + }, + "node_modules/@webpack-cli/info": { + "version": "1.4.1", + "resolved": "https://registry.npmjs.org/@webpack-cli/info/-/info-1.4.1.tgz", + "integrity": "sha512-PKVGmazEq3oAo46Q63tpMr4HipI3OPfP7LiNOEJg963RMgT0rqheag28NCML0o3GIzA3DmxP1ZIAv9oTX1CUIA==", + "dev": true, + "dependencies": { + "envinfo": "^7.7.3" + }, + "peerDependencies": { + "webpack-cli": "4.x.x" + } + }, + "node_modules/@webpack-cli/serve": { + "version": "1.6.1", + "resolved": "https://registry.npmjs.org/@webpack-cli/serve/-/serve-1.6.1.tgz", + "integrity": "sha512-gNGTiTrjEVQ0OcVnzsRSqTxaBSr+dmTfm+qJsCDluky8uhdLWep7Gcr62QsAKHTMxjCS/8nEITsmFAhfIx+QSw==", + "dev": true, + "peerDependencies": { + "webpack-cli": "4.x.x" + }, + "peerDependenciesMeta": { + "webpack-dev-server": { + "optional": true + } + } + }, + "node_modules/@xtuc/ieee754": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/@xtuc/ieee754/-/ieee754-1.2.0.tgz", + "integrity": "sha512-DX8nKgqcGwsc0eJSqYt5lwP4DH5FlHnmuWWBRy7X0NcaGR0ZtuyeESgMwTYVEtxmsNGY+qit4QYT/MIYTOTPeA==", + "dev": true + }, + "node_modules/@xtuc/long": { + "version": "4.2.2", + "resolved": "https://registry.npmjs.org/@xtuc/long/-/long-4.2.2.tgz", + "integrity": "sha512-NuHqBY1PB/D8xU6s/thBgOAiAP7HOYDQ32+BFZILJ8ivkUkAHQnWfn6WhL79Owj1qmUnoN/YPhktdIoucipkAQ==", + "dev": true + }, + "node_modules/acorn": { + "version": "8.7.0", + "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.7.0.tgz", + "integrity": "sha512-V/LGr1APy+PXIwKebEWrkZPwoeoF+w1jiOBUmuxuiUIaOHtob8Qc9BTrYo7VuI5fR8tqsy+buA2WFooR5olqvQ==", + "dev": true, + "bin": { + "acorn": "bin/acorn" + }, + "engines": { + "node": ">=0.4.0" + } + }, + "node_modules/acorn-import-assertions": { + "version": "1.8.0", + "resolved": "https://registry.npmjs.org/acorn-import-assertions/-/acorn-import-assertions-1.8.0.tgz", + "integrity": "sha512-m7VZ3jwz4eK6A4Vtt8Ew1/mNbP24u0FhdyfA7fSvnJR6LMdfOYnmuIrrJAgrYfYJ10F/otaHTtrtrtmHdMNzEw==", + "dev": true, + "peerDependencies": { + "acorn": "^8" + } + }, + "node_modules/ajv": { + "version": "6.12.6", + "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", + "integrity": "sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==", + "dev": true, + "dependencies": { + "fast-deep-equal": "^3.1.1", + "fast-json-stable-stringify": "^2.0.0", + "json-schema-traverse": "^0.4.1", + "uri-js": "^4.2.2" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/epoberezkin" + } + }, + "node_modules/ajv-keywords": { + "version": "3.5.2", + "resolved": "https://registry.npmjs.org/ajv-keywords/-/ajv-keywords-3.5.2.tgz", + "integrity": "sha512-5p6WTN0DdTGVQk6VjcEju19IgaHudalcfabD7yhDGeA6bcQnmL+CpveLJq/3hvfwd1aof6L386Ougkx6RfyMIQ==", + "dev": true, + "peerDependencies": { + "ajv": "^6.9.1" + } + }, "node_modules/ansi-colors": { "version": "4.1.1", "resolved": "https://registry.npmjs.org/ansi-colors/-/ansi-colors-4.1.1.tgz", @@ -116,6 +405,41 @@ "integrity": "sha512-qhAVI1+Av2X7qelOfAIYwXONood6XlZE/fXaBSmW/T5SzLAmCgzi+eiWE7fUvbHaeNBQH13UftjpXxsfLkMpgw==", "dev": true }, + "node_modules/browserslist": { + "version": "4.20.2", + "resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.20.2.tgz", + "integrity": "sha512-CQOBCqp/9pDvDbx3xfMi+86pr4KXIf2FDkTTdeuYw8OxS9t898LA1Khq57gtufFILXpfgsSx5woNgsBgvGjpsA==", + "dev": true, + "funding": [ + { + "type": "opencollective", + "url": "https://opencollective.com/browserslist" + }, + { + "type": "tidelift", + "url": "https://tidelift.com/funding/github/npm/browserslist" + } + ], + "dependencies": { + "caniuse-lite": "^1.0.30001317", + "electron-to-chromium": "^1.4.84", + "escalade": "^3.1.1", + "node-releases": "^2.0.2", + "picocolors": "^1.0.0" + }, + "bin": { + "browserslist": "cli.js" + }, + "engines": { + "node": "^6 || ^7 || ^8 || ^9 || ^10 || ^11 || ^12 || >=13.7" + } + }, + "node_modules/buffer-from": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.2.tgz", + "integrity": "sha512-E+XQCRwSbaaiChtv6k6Dwgc+bx+Bs6vuKJHHl5kox/BaKbhiXzqQOwK4cO22yElGp2OCmjwVhT3HmxgyPGnJfQ==", + "dev": true + }, "node_modules/camelcase": { "version": "6.3.0", "resolved": "https://registry.npmjs.org/camelcase/-/camelcase-6.3.0.tgz", @@ -128,6 +452,22 @@ "url": "https://github.com/sponsors/sindresorhus" } }, + "node_modules/caniuse-lite": { + "version": "1.0.30001324", + "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001324.tgz", + "integrity": "sha512-/eYp1J6zYh1alySQB4uzYFkLmxxI8tk0kxldbNHXp8+v+rdMKdUBNjRLz7T7fz6Iox+1lIdYpc7rq6ZcXfTukg==", + "dev": true, + "funding": [ + { + "type": "opencollective", + "url": "https://opencollective.com/browserslist" + }, + { + "type": "tidelift", + "url": "https://tidelift.com/funding/github/npm/caniuse-lite" + } + ] + }, "node_modules/chalk": { "version": "4.1.2", "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", @@ -183,6 +523,15 @@ "fsevents": "~2.3.2" } }, + "node_modules/chrome-trace-event": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/chrome-trace-event/-/chrome-trace-event-1.0.3.tgz", + "integrity": "sha512-p3KULyQg4S7NIHixdwbGX+nFHkoBiA4YQmyWtjb8XngSKV124nJmRysgAeujbUVb15vh+RvFUfCPqU7rXk+hZg==", + "dev": true, + "engines": { + "node": ">=6.0" + } + }, "node_modules/cliui": { "version": "7.0.4", "resolved": "https://registry.npmjs.org/cliui/-/cliui-7.0.4.tgz", @@ -194,6 +543,20 @@ "wrap-ansi": "^7.0.0" } }, + "node_modules/clone-deep": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/clone-deep/-/clone-deep-4.0.1.tgz", + "integrity": "sha512-neHB9xuzh/wk0dIHweyAXv2aPGZIVk3pLMe+/RNzINf17fe0OG96QroktYAUm7SM1PBnzTabaLboqqxDyMU+SQ==", + "dev": true, + "dependencies": { + "is-plain-object": "^2.0.4", + "kind-of": "^6.0.2", + "shallow-clone": "^3.0.0" + }, + "engines": { + "node": ">=6" + } + }, "node_modules/color-convert": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz", @@ -212,12 +575,38 @@ "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==", "dev": true }, + "node_modules/colorette": { + "version": "2.0.16", + "resolved": "https://registry.npmjs.org/colorette/-/colorette-2.0.16.tgz", + "integrity": "sha512-hUewv7oMjCp+wkBv5Rm0v87eJhq4woh5rSR+42YSQJKecCqgIqNkZ6lAlQms/BwHPJA5NKMRlpxPRv0n8HQW6g==", + "dev": true + }, + "node_modules/commander": { + "version": "2.20.3", + "resolved": "https://registry.npmjs.org/commander/-/commander-2.20.3.tgz", + "integrity": "sha512-GpVkmM8vF2vQUkj2LvZmD35JxeJOLCwJ9cUkugyk2nuhbv3+mJvpLYYt+0+USMxE+oj+ey/lJEnhZw75x/OMcQ==", + "dev": true + }, "node_modules/concat-map": { "version": "0.0.1", "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz", "integrity": "sha1-2Klr13/Wjfd5OnMDajug1UBdR3s=", "dev": true }, + "node_modules/cross-spawn": { + "version": "7.0.3", + "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz", + "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==", + "dev": true, + "dependencies": { + "path-key": "^3.1.0", + "shebang-command": "^2.0.0", + "which": "^2.0.1" + }, + "engines": { + "node": ">= 8" + } + }, "node_modules/debug": { "version": "4.3.3", "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.3.tgz", @@ -262,12 +651,49 @@ "node": ">=0.3.1" } }, + "node_modules/electron-to-chromium": { + "version": "1.4.103", + "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.4.103.tgz", + "integrity": "sha512-c/uKWR1Z/W30Wy/sx3dkZoj4BijbXX85QKWu9jJfjho3LBAXNEGAEW3oWiGb+dotA6C6BzCTxL2/aLes7jlUeg==", + "dev": true + }, "node_modules/emoji-regex": { "version": "8.0.0", "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz", "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==", "dev": true }, + "node_modules/enhanced-resolve": { + "version": "5.9.2", + "resolved": "https://registry.npmjs.org/enhanced-resolve/-/enhanced-resolve-5.9.2.tgz", + "integrity": "sha512-GIm3fQfwLJ8YZx2smuHpBKkXC1yOk+OBEmKckVyL0i/ea8mqDEykK3ld5dgH1QYPNyT/lIllxV2LULnxCHaHkA==", + "dev": true, + "dependencies": { + "graceful-fs": "^4.2.4", + "tapable": "^2.2.0" + }, + "engines": { + "node": ">=10.13.0" + } + }, + "node_modules/envinfo": { + "version": "7.8.1", + "resolved": "https://registry.npmjs.org/envinfo/-/envinfo-7.8.1.tgz", + "integrity": "sha512-/o+BXHmB7ocbHEAs6F2EnG0ogybVVUdkRunTT2glZU9XAaGmhqskrvKwqXuDfNjEO0LZKWdejEEpnq8aM0tOaw==", + "dev": true, + "bin": { + "envinfo": "dist/cli.js" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/es-module-lexer": { + "version": "0.9.3", + "resolved": "https://registry.npmjs.org/es-module-lexer/-/es-module-lexer-0.9.3.tgz", + "integrity": "sha512-1HQ2M2sPtxwnvOvT1ZClHyQDiggdNjURWpY2we6aMKCQiUVxTmVs2UYPLIrD84sS+kMdUwfBSylbJPwNnBrnHQ==", + "dev": true + }, "node_modules/escalade": { "version": "3.1.1", "resolved": "https://registry.npmjs.org/escalade/-/escalade-3.1.1.tgz", @@ -289,6 +715,99 @@ "url": "https://github.com/sponsors/sindresorhus" } }, + "node_modules/eslint-scope": { + "version": "5.1.1", + "resolved": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-5.1.1.tgz", + "integrity": "sha512-2NxwbF/hZ0KpepYN0cNbo+FN6XoK7GaHlQhgx/hIZl6Va0bF45RQOOwhLIy8lQDbuCiadSLCBnH2CFYquit5bw==", + "dev": true, + "dependencies": { + "esrecurse": "^4.3.0", + "estraverse": "^4.1.1" + }, + "engines": { + "node": ">=8.0.0" + } + }, + "node_modules/esrecurse": { + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/esrecurse/-/esrecurse-4.3.0.tgz", + "integrity": "sha512-KmfKL3b6G+RXvP8N1vr3Tq1kL/oCFgn2NYXEtqP8/L3pKapUA4G8cFVaoF3SU323CD4XypR/ffioHmkti6/Tag==", + "dev": true, + "dependencies": { + "estraverse": "^5.2.0" + }, + "engines": { + "node": ">=4.0" + } + }, + "node_modules/esrecurse/node_modules/estraverse": { + "version": "5.3.0", + "resolved": "https://registry.npmjs.org/estraverse/-/estraverse-5.3.0.tgz", + "integrity": "sha512-MMdARuVEQziNTeJD8DgMqmhwR11BRQ/cBP+pLtYdSTnf3MIO8fFeiINEbX36ZdNlfU/7A9f3gUw49B3oQsvwBA==", + "dev": true, + "engines": { + "node": ">=4.0" + } + }, + "node_modules/estraverse": { + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/estraverse/-/estraverse-4.3.0.tgz", + "integrity": "sha512-39nnKffWz8xN1BU/2c79n9nB9HDzo0niYUqx6xyqUnyoAnQyyWpOTdZEeiCch8BBu515t4wp9ZmgVfVhn9EBpw==", + "dev": true, + "engines": { + "node": ">=4.0" + } + }, + "node_modules/events": { + "version": "3.3.0", + "resolved": "https://registry.npmjs.org/events/-/events-3.3.0.tgz", + "integrity": "sha512-mQw+2fkQbALzQ7V0MY0IqdnXNOeTtP4r0lN9z7AAawCXgqea7bDii20AYrIBrFd/Hx0M2Ocz6S111CaFkUcb0Q==", + "dev": true, + "engines": { + "node": ">=0.8.x" + } + }, + "node_modules/execa": { + "version": "5.1.1", + "resolved": "https://registry.npmjs.org/execa/-/execa-5.1.1.tgz", + "integrity": "sha512-8uSpZZocAZRBAPIEINJj3Lo9HyGitllczc27Eh5YYojjMFMn8yHMDMaUHE2Jqfq05D/wucwI4JGURyXt1vchyg==", + "dev": true, + "dependencies": { + "cross-spawn": "^7.0.3", + "get-stream": "^6.0.0", + "human-signals": "^2.1.0", + "is-stream": "^2.0.0", + "merge-stream": "^2.0.0", + "npm-run-path": "^4.0.1", + "onetime": "^5.1.2", + "signal-exit": "^3.0.3", + "strip-final-newline": "^2.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sindresorhus/execa?sponsor=1" + } + }, + "node_modules/fast-deep-equal": { + "version": "3.1.3", + "resolved": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz", + "integrity": "sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q==", + "dev": true + }, + "node_modules/fast-json-stable-stringify": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/fast-json-stable-stringify/-/fast-json-stable-stringify-2.1.0.tgz", + "integrity": "sha512-lhd/wF+Lk98HZoTCtlVraHtfh5XYijIjalXck7saUtuanSDyLMxnHhSXEDJqHxD7msR8D0uCmqlkwjCV8xvwHw==", + "dev": true + }, + "node_modules/fastest-levenshtein": { + "version": "1.0.12", + "resolved": "https://registry.npmjs.org/fastest-levenshtein/-/fastest-levenshtein-1.0.12.tgz", + "integrity": "sha512-On2N+BpYJ15xIC974QNVuYGMOlEVt4s0EOI3wwMqOmK1fdDY+FN/zltPV8vosq4ad4c/gJ1KHScUn/6AWIgiow==", + "dev": true + }, "node_modules/fill-range": { "version": "7.0.1", "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz", @@ -346,6 +865,12 @@ "node": "^8.16.0 || ^10.6.0 || >=11.0.0" } }, + "node_modules/function-bind": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.1.tgz", + "integrity": "sha512-yIovAzMX49sF8Yl58fSCWJ5svSLuaibPxXQJFLmBObTuCr0Mf1KiPopGM9NiFjiYBCbfaa2Fh6breQ6ANVTI0A==", + "dev": true + }, "node_modules/get-caller-file": { "version": "2.0.5", "resolved": "https://registry.npmjs.org/get-caller-file/-/get-caller-file-2.0.5.tgz", @@ -355,6 +880,18 @@ "node": "6.* || 8.* || >= 10.*" } }, + "node_modules/get-stream": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-6.0.1.tgz", + "integrity": "sha512-ts6Wi+2j3jQjqi70w5AlN8DFnkSwC+MqmxEzdEALB2qXZYV3X/b1CTfgPLGJNMeAWxdPfU8FO1ms3NUfaHCPYg==", + "dev": true, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, "node_modules/glob": { "version": "7.2.0", "resolved": "https://registry.npmjs.org/glob/-/glob-7.2.0.tgz", @@ -387,6 +924,12 @@ "node": ">= 6" } }, + "node_modules/glob-to-regexp": { + "version": "0.4.1", + "resolved": "https://registry.npmjs.org/glob-to-regexp/-/glob-to-regexp-0.4.1.tgz", + "integrity": "sha512-lkX1HJXwyMcprw/5YUZc2s7DrpAiHB21/V+E1rHUrVNokkvB6bqMzT0VfV6/86ZNabt1k14YOIaT7nDvOX3Iiw==", + "dev": true + }, "node_modules/glob/node_modules/minimatch": { "version": "3.1.2", "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", @@ -399,6 +942,12 @@ "node": "*" } }, + "node_modules/graceful-fs": { + "version": "4.2.9", + "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.9.tgz", + "integrity": "sha512-NtNxqUcXgpW2iMrfqSfR73Glt39K+BLwWsPs94yR63v45T0Wbej7eRmL5cWfwEgqXnmjQp3zaJTshdRW/qC2ZQ==", + "dev": true + }, "node_modules/growl": { "version": "1.10.5", "resolved": "https://registry.npmjs.org/growl/-/growl-1.10.5.tgz", @@ -408,6 +957,18 @@ "node": ">=4.x" } }, + "node_modules/has": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/has/-/has-1.0.3.tgz", + "integrity": "sha512-f2dvO0VU6Oej7RkWJGrehjbzMAjFp5/VKPp5tTpWIV4JHHZK1/BxbFRtf/siA2SWTe09caDmVtYYzWEIbBS4zw==", + "dev": true, + "dependencies": { + "function-bind": "^1.1.1" + }, + "engines": { + "node": ">= 0.4.0" + } + }, "node_modules/has-flag": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz", @@ -426,6 +987,34 @@ "he": "bin/he" } }, + "node_modules/human-signals": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/human-signals/-/human-signals-2.1.0.tgz", + "integrity": "sha512-B4FFZ6q/T2jhhksgkbEW3HBvWIfDW85snkQgawt07S7J5QXTk6BkNV+0yAeZrM5QpMAdYlocGoljn0sJ/WQkFw==", + "dev": true, + "engines": { + "node": ">=10.17.0" + } + }, + "node_modules/import-local": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/import-local/-/import-local-3.1.0.tgz", + "integrity": "sha512-ASB07uLtnDs1o6EHjKpX34BKYDSqnFerfTOJL2HvMqF70LnxpjkzDB8J44oT9pu4AMPkQwf8jl6szgvNd2tRIg==", + "dev": true, + "dependencies": { + "pkg-dir": "^4.2.0", + "resolve-cwd": "^3.0.0" + }, + "bin": { + "import-local-fixture": "fixtures/cli.js" + }, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, "node_modules/inflight": { "version": "1.0.6", "resolved": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz", @@ -442,10 +1031,19 @@ "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==", "dev": true }, - "node_modules/is-binary-path": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/is-binary-path/-/is-binary-path-2.1.0.tgz", - "integrity": "sha512-ZMERYes6pDydyuGidse7OsHxtbI7WVeUEozgR/g7rd0xUimYNlvZRE/K2MgZTjWy725IfelLeVcEM97mmtRGXw==", + "node_modules/interpret": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/interpret/-/interpret-2.2.0.tgz", + "integrity": "sha512-Ju0Bz/cEia55xDwUWEa8+olFpCiQoypjnQySseKtmjNrnps3P+xfpUmGr90T7yjlVJmOtybRvPXhKMbHr+fWnw==", + "dev": true, + "engines": { + "node": ">= 0.10" + } + }, + "node_modules/is-binary-path": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/is-binary-path/-/is-binary-path-2.1.0.tgz", + "integrity": "sha512-ZMERYes6pDydyuGidse7OsHxtbI7WVeUEozgR/g7rd0xUimYNlvZRE/K2MgZTjWy725IfelLeVcEM97mmtRGXw==", "dev": true, "dependencies": { "binary-extensions": "^2.0.0" @@ -454,6 +1052,18 @@ "node": ">=8" } }, + "node_modules/is-core-module": { + "version": "2.8.1", + "resolved": "https://registry.npmjs.org/is-core-module/-/is-core-module-2.8.1.tgz", + "integrity": "sha512-SdNCUs284hr40hFTFP6l0IfZ/RSrMXF3qgoRHd3/79unUTvrFO/JoXwkGm+5J/Oe3E/b5GsnG330uUNgRpu1PA==", + "dev": true, + "dependencies": { + "has": "^1.0.3" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, "node_modules/is-extglob": { "version": "2.1.1", "resolved": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz", @@ -502,6 +1112,30 @@ "node": ">=8" } }, + "node_modules/is-plain-object": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/is-plain-object/-/is-plain-object-2.0.4.tgz", + "integrity": "sha512-h5PpgXkWitc38BBMYawTYMWJHFZJVnBquFE57xFpjB8pJFiF6gZ+bU+WyI/yqXiFR5mdLsgYNaPe8uao6Uv9Og==", + "dev": true, + "dependencies": { + "isobject": "^3.0.1" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/is-stream": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/is-stream/-/is-stream-2.0.1.tgz", + "integrity": "sha512-hFoiJiTl63nn+kstHGBtewWSKnQLpyb155KHheA1l39uvtO9nWIop1p3udqPcUd/xbF1VLMO4n7OI6p7RbngDg==", + "dev": true, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, "node_modules/is-unicode-supported": { "version": "0.1.0", "resolved": "https://registry.npmjs.org/is-unicode-supported/-/is-unicode-supported-0.1.0.tgz", @@ -520,6 +1154,29 @@ "integrity": "sha1-6PvzdNxVb/iUehDcsFctYz8s+hA=", "dev": true }, + "node_modules/isobject": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/isobject/-/isobject-3.0.1.tgz", + "integrity": "sha1-TkMekrEalzFjaqH5yNHMvP2reN8=", + "dev": true, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/jest-worker": { + "version": "27.5.1", + "resolved": "https://registry.npmjs.org/jest-worker/-/jest-worker-27.5.1.tgz", + "integrity": "sha512-7vuh85V5cdDofPyxn58nrPjBktZo0u9x1g8WtjQol+jZDaE+fhN+cIvTj11GndBnMnyfrUOG1sZQxCdjKh+DKg==", + "dev": true, + "dependencies": { + "@types/node": "*", + "merge-stream": "^2.0.0", + "supports-color": "^8.0.0" + }, + "engines": { + "node": ">= 10.13.0" + } + }, "node_modules/js-yaml": { "version": "4.1.0", "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz", @@ -532,6 +1189,36 @@ "js-yaml": "bin/js-yaml.js" } }, + "node_modules/json-parse-better-errors": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/json-parse-better-errors/-/json-parse-better-errors-1.0.2.tgz", + "integrity": "sha512-mrqyZKfX5EhL7hvqcV6WG1yYjnjeuYDzDhhcAAUrq8Po85NBQBJP+ZDUT75qZQ98IkUoBqdkExkukOU7Ts2wrw==", + "dev": true + }, + "node_modules/json-schema-traverse": { + "version": "0.4.1", + "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz", + "integrity": "sha512-xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg==", + "dev": true + }, + "node_modules/kind-of": { + "version": "6.0.3", + "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-6.0.3.tgz", + "integrity": "sha512-dcS1ul+9tmeD95T+x28/ehLgd9mENa3LsvDTtzm3vyBEO7RPptvAD+t44WVXaUjTBRcrpFeFlC8WCruUR456hw==", + "dev": true, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/loader-runner": { + "version": "4.2.0", + "resolved": "https://registry.npmjs.org/loader-runner/-/loader-runner-4.2.0.tgz", + "integrity": "sha512-92+huvxMvYlMzMt0iIOukcwYBFpkYJdpl2xsZ7LrlayO7E8SOv+JJUEK17B/dJIHAOLMfh2dZZ/Y18WgmGtYNw==", + "dev": true, + "engines": { + "node": ">=6.11.5" + } + }, "node_modules/locate-path": { "version": "6.0.0", "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-6.0.0.tgz", @@ -563,6 +1250,42 @@ "url": "https://github.com/sponsors/sindresorhus" } }, + "node_modules/merge-stream": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/merge-stream/-/merge-stream-2.0.0.tgz", + "integrity": "sha512-abv/qOcuPfk3URPfDzmZU1LKmuw8kT+0nIHvKrKgFrwifol/doWcdA4ZqsWQ8ENrFKkd67Mfpo/LovbIUsbt3w==", + "dev": true + }, + "node_modules/mime-db": { + "version": "1.52.0", + "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz", + "integrity": "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==", + "dev": true, + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/mime-types": { + "version": "2.1.35", + "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz", + "integrity": "sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==", + "dev": true, + "dependencies": { + "mime-db": "1.52.0" + }, + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/mimic-fn": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/mimic-fn/-/mimic-fn-2.1.0.tgz", + "integrity": "sha512-OqbOk5oEQeAZ8WXWydlu9HJjz9WVdEIvamMCcXmuqUYjTknH/sqsWvhQ3vgwKFRR1HpjvNBKQ37nbJgYzGqGcg==", + "dev": true, + "engines": { + "node": ">=6" + } + }, "node_modules/minimatch": { "version": "4.2.1", "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-4.2.1.tgz", @@ -636,6 +1359,18 @@ "node": "^10 || ^12 || ^13.7 || ^14 || >=15.0.1" } }, + "node_modules/neo-async": { + "version": "2.6.2", + "resolved": "https://registry.npmjs.org/neo-async/-/neo-async-2.6.2.tgz", + "integrity": "sha512-Yd3UES5mWCSqR+qNT93S3UoYUkqAZ9lLg8a7g9rimsWmYGK8cVToA4/sF3RrshdyV3sAGMXVUmpMYOw+dLpOuw==", + "dev": true + }, + "node_modules/node-releases": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/node-releases/-/node-releases-2.0.2.tgz", + "integrity": "sha512-XxYDdcQ6eKqp/YjI+tb2C5WM2LgjnZrfYg4vgQt49EK268b6gYCHsBLrK2qvJo4FmCtqmKezb0WZFK4fkrZNsg==", + "dev": true + }, "node_modules/normalize-path": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/normalize-path/-/normalize-path-3.0.0.tgz", @@ -645,6 +1380,18 @@ "node": ">=0.10.0" } }, + "node_modules/npm-run-path": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/npm-run-path/-/npm-run-path-4.0.1.tgz", + "integrity": "sha512-S48WzZW777zhNIrn7gxOlISNAqi9ZC/uQFnRdbeIHhZhCA6UqpkOT8T1G7BvfdgP4Er8gF4sUbaS0i7QvIfCWw==", + "dev": true, + "dependencies": { + "path-key": "^3.0.0" + }, + "engines": { + "node": ">=8" + } + }, "node_modules/once": { "version": "1.4.0", "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz", @@ -654,6 +1401,21 @@ "wrappy": "1" } }, + "node_modules/onetime": { + "version": "5.1.2", + "resolved": "https://registry.npmjs.org/onetime/-/onetime-5.1.2.tgz", + "integrity": "sha512-kbpaSSGJTWdAY5KPVeMOKXSrPtr8C8C7wodJbcsd51jRnmD+GZu8Y0VoU6Dm5Z4vWr0Ig/1NKuWRKf7j5aaYSg==", + "dev": true, + "dependencies": { + "mimic-fn": "^2.1.0" + }, + "engines": { + "node": ">=6" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, "node_modules/p-limit": { "version": "3.1.0", "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-3.1.0.tgz", @@ -684,6 +1446,15 @@ "url": "https://github.com/sponsors/sindresorhus" } }, + "node_modules/p-try": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/p-try/-/p-try-2.2.0.tgz", + "integrity": "sha512-R4nPAVTAU0B9D35/Gk3uJf/7XYbQcyohSKdvAxIRSNghFl4e71hVoGnBNQz9cWaXxO2I10KTC+3jMdvvoKw6dQ==", + "dev": true, + "engines": { + "node": ">=6" + } + }, "node_modules/packageurl-js": { "version": "0.0.6", "resolved": "https://registry.npmjs.org/packageurl-js/-/packageurl-js-0.0.6.tgz", @@ -707,6 +1478,27 @@ "node": ">=0.10.0" } }, + "node_modules/path-key": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/path-key/-/path-key-3.1.1.tgz", + "integrity": "sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q==", + "dev": true, + "engines": { + "node": ">=8" + } + }, + "node_modules/path-parse": { + "version": "1.0.7", + "resolved": "https://registry.npmjs.org/path-parse/-/path-parse-1.0.7.tgz", + "integrity": "sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw==", + "dev": true + }, + "node_modules/picocolors": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/picocolors/-/picocolors-1.0.0.tgz", + "integrity": "sha512-1fygroTLlHu66zi26VoTDv8yRgm0Fccecssto+MhsZ0D/DGW2sm8E8AjW7NU5VVTRt5GxbeZ5qBuJr+HyLYkjQ==", + "dev": true + }, "node_modules/picomatch": { "version": "2.3.1", "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz", @@ -719,6 +1511,79 @@ "url": "https://github.com/sponsors/jonschlinkert" } }, + "node_modules/pkg-dir": { + "version": "4.2.0", + "resolved": "https://registry.npmjs.org/pkg-dir/-/pkg-dir-4.2.0.tgz", + "integrity": "sha512-HRDzbaKjC+AOWVXxAU/x54COGeIv9eb+6CkDSQoNTt4XyWoIJvuPsXizxu/Fr23EiekbtZwmh1IcIG/l/a10GQ==", + "dev": true, + "dependencies": { + "find-up": "^4.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/pkg-dir/node_modules/find-up": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz", + "integrity": "sha512-PpOwAdQ/YlXQ2vj8a3h8IipDuYRi3wceVQQGYWxNINccq40Anw7BlsEXCMbt1Zt+OLA6Fq9suIpIWD0OsnISlw==", + "dev": true, + "dependencies": { + "locate-path": "^5.0.0", + "path-exists": "^4.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/pkg-dir/node_modules/locate-path": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz", + "integrity": "sha512-t7hw9pI+WvuwNJXwk5zVHpyhIqzg2qTlklJOf0mVxGSbe3Fp2VieZcduNYjaLDoy6p9uGpQEGWG87WpMKlNq8g==", + "dev": true, + "dependencies": { + "p-locate": "^4.1.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/pkg-dir/node_modules/p-limit": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", + "integrity": "sha512-//88mFWSJx8lxCzwdAABTJL2MyWB12+eIY7MDL2SqLmAkeKU9qxRvWuSyTjm3FUmpBEMuFfckAIqEaVGUDxb6w==", + "dev": true, + "dependencies": { + "p-try": "^2.0.0" + }, + "engines": { + "node": ">=6" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/pkg-dir/node_modules/p-locate": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz", + "integrity": "sha512-R79ZZ/0wAxKGu3oYMlz8jy/kbhsNrS7SKZ7PxEHBgJ5+F2mtFW2fK2cOtBh1cHYkQsbzFV7I+EoRKe6Yt0oK7A==", + "dev": true, + "dependencies": { + "p-limit": "^2.2.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/punycode": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.1.1.tgz", + "integrity": "sha512-XRsRjdf+j5ml+y/6GKHPZbrF/8p2Yga0JPtdqTIY2Xe5ohJPD9saDJJLPvp9+NSBprVvevdXZybnj2cv8OEd0A==", + "dev": true, + "engines": { + "node": ">=6" + } + }, "node_modules/randombytes": { "version": "2.1.0", "resolved": "https://registry.npmjs.org/randombytes/-/randombytes-2.1.0.tgz", @@ -740,6 +1605,18 @@ "node": ">=8.10.0" } }, + "node_modules/rechoir": { + "version": "0.7.1", + "resolved": "https://registry.npmjs.org/rechoir/-/rechoir-0.7.1.tgz", + "integrity": "sha512-/njmZ8s1wVeR6pjTZ+0nCnv8SpZNRMT2D1RLOJQESlYFDBvwpTA4KWJpZ+sBJ4+vhjILRcK7JIFdGCdxEAAitg==", + "dev": true, + "dependencies": { + "resolve": "^1.9.0" + }, + "engines": { + "node": ">= 0.10" + } + }, "node_modules/require-directory": { "version": "2.1.1", "resolved": "https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz", @@ -749,6 +1626,44 @@ "node": ">=0.10.0" } }, + "node_modules/resolve": { + "version": "1.22.0", + "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.22.0.tgz", + "integrity": "sha512-Hhtrw0nLeSrFQ7phPp4OOcVjLPIeMnRlr5mcnVuMe7M/7eBn98A3hmFRLoFo3DLZkivSYwhRUJTyPyWAk56WLw==", + "dev": true, + "dependencies": { + "is-core-module": "^2.8.1", + "path-parse": "^1.0.7", + "supports-preserve-symlinks-flag": "^1.0.0" + }, + "bin": { + "resolve": "bin/resolve" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/resolve-cwd": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/resolve-cwd/-/resolve-cwd-3.0.0.tgz", + "integrity": "sha512-OrZaX2Mb+rJCpH/6CpSqt9xFVpN++x01XnN2ie9g6P5/3xelLAkXWVADpdz1IHD/KFfEXyE6V0U01OQ3UO2rEg==", + "dev": true, + "dependencies": { + "resolve-from": "^5.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/resolve-from": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/resolve-from/-/resolve-from-5.0.0.tgz", + "integrity": "sha512-qYg9KP24dD5qka9J47d0aVky0N+b4fTU89LN9iDnjB5waksiC49rvMB0PrUJQGoTmH50XPiqOvAjDfaijGxYZw==", + "dev": true, + "engines": { + "node": ">=8" + } + }, "node_modules/safe-buffer": { "version": "5.2.1", "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz", @@ -769,6 +1684,24 @@ } ] }, + "node_modules/schema-utils": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-3.1.1.tgz", + "integrity": "sha512-Y5PQxS4ITlC+EahLuXaY86TXfR7Dc5lw294alXOq86JAHCihAIZfqv8nNCWvaEJvaC51uN9hbLGeV0cFBdH+Fw==", + "dev": true, + "dependencies": { + "@types/json-schema": "^7.0.8", + "ajv": "^6.12.5", + "ajv-keywords": "^3.5.2" + }, + "engines": { + "node": ">= 10.13.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/webpack" + } + }, "node_modules/serialize-javascript": { "version": "6.0.0", "resolved": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-6.0.0.tgz", @@ -778,6 +1711,64 @@ "randombytes": "^2.1.0" } }, + "node_modules/shallow-clone": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/shallow-clone/-/shallow-clone-3.0.1.tgz", + "integrity": "sha512-/6KqX+GVUdqPuPPd2LxDDxzX6CAbjJehAAOKlNpqqUpAqPM6HeL8f+o3a+JsyGjn2lv0WY8UsTgUJjU9Ok55NA==", + "dev": true, + "dependencies": { + "kind-of": "^6.0.2" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/shebang-command": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz", + "integrity": "sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA==", + "dev": true, + "dependencies": { + "shebang-regex": "^3.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/shebang-regex": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-3.0.0.tgz", + "integrity": "sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==", + "dev": true, + "engines": { + "node": ">=8" + } + }, + "node_modules/signal-exit": { + "version": "3.0.7", + "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.7.tgz", + "integrity": "sha512-wnD2ZE+l+SPC/uoS0vXeE9L1+0wuaMqKlfz9AMUo38JsyLSBWSFcHR1Rri62LZc12vLr1gb3jl7iwQhgwpAbGQ==", + "dev": true + }, + "node_modules/source-map": { + "version": "0.6.1", + "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", + "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==", + "dev": true, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/source-map-support": { + "version": "0.5.21", + "resolved": "https://registry.npmjs.org/source-map-support/-/source-map-support-0.5.21.tgz", + "integrity": "sha512-uBHU3L3czsIyYXKX88fdrGovxdSCoTGDRZ6SYXtSRxLZUzHg5P/66Ht6uoUlHu9EZod+inXhKo3qQgwXUT/y1w==", + "dev": true, + "dependencies": { + "buffer-from": "^1.0.0", + "source-map": "^0.6.0" + } + }, "node_modules/string-width": { "version": "4.2.3", "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", @@ -804,6 +1795,15 @@ "node": ">=8" } }, + "node_modules/strip-final-newline": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/strip-final-newline/-/strip-final-newline-2.0.0.tgz", + "integrity": "sha512-BrpvfNAE3dcvq7ll3xVumzjKjZQ5tI1sEUIKr3Uoks0XUl45St3FlatVqef9prk4jRDzhW6WZg+3bk93y6pLjA==", + "dev": true, + "engines": { + "node": ">=6" + } + }, "node_modules/strip-json-comments": { "version": "3.1.1", "resolved": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-3.1.1.tgz", @@ -831,6 +1831,88 @@ "url": "https://github.com/chalk/supports-color?sponsor=1" } }, + "node_modules/supports-preserve-symlinks-flag": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/supports-preserve-symlinks-flag/-/supports-preserve-symlinks-flag-1.0.0.tgz", + "integrity": "sha512-ot0WnXS9fgdkgIcePe6RHNk1WA8+muPa6cSjeR3V8K27q9BB1rTE3R1p7Hv0z1ZyAc8s6Vvv8DIyWf681MAt0w==", + "dev": true, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/tapable": { + "version": "2.2.1", + "resolved": "https://registry.npmjs.org/tapable/-/tapable-2.2.1.tgz", + "integrity": "sha512-GNzQvQTOIP6RyTfE2Qxb8ZVlNmw0n88vp1szwWRimP02mnTsx3Wtn5qRdqY9w2XduFNUgvOwhNnQsjwCp+kqaQ==", + "dev": true, + "engines": { + "node": ">=6" + } + }, + "node_modules/terser": { + "version": "5.12.1", + "resolved": "https://registry.npmjs.org/terser/-/terser-5.12.1.tgz", + "integrity": "sha512-NXbs+7nisos5E+yXwAD+y7zrcTkMqb0dEJxIGtSKPdCBzopf7ni4odPul2aechpV7EXNvOudYOX2bb5tln1jbQ==", + "dev": true, + "dependencies": { + "acorn": "^8.5.0", + "commander": "^2.20.0", + "source-map": "~0.7.2", + "source-map-support": "~0.5.20" + }, + "bin": { + "terser": "bin/terser" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/terser-webpack-plugin": { + "version": "5.3.1", + "resolved": "https://registry.npmjs.org/terser-webpack-plugin/-/terser-webpack-plugin-5.3.1.tgz", + "integrity": "sha512-GvlZdT6wPQKbDNW/GDQzZFg/j4vKU96yl2q6mcUkzKOgW4gwf1Z8cZToUCrz31XHlPWH8MVb1r2tFtdDtTGJ7g==", + "dev": true, + "dependencies": { + "jest-worker": "^27.4.5", + "schema-utils": "^3.1.1", + "serialize-javascript": "^6.0.0", + "source-map": "^0.6.1", + "terser": "^5.7.2" + }, + "engines": { + "node": ">= 10.13.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/webpack" + }, + "peerDependencies": { + "webpack": "^5.1.0" + }, + "peerDependenciesMeta": { + "@swc/core": { + "optional": true + }, + "esbuild": { + "optional": true + }, + "uglify-js": { + "optional": true + } + } + }, + "node_modules/terser/node_modules/source-map": { + "version": "0.7.3", + "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.7.3.tgz", + "integrity": "sha512-CkCj6giN3S+n9qrYiBTX5gystlENnRW5jZeNLHpe6aue+SrHcG5VYwujhW9s4dY31mEGsxBDrHR6oI69fTXsaQ==", + "dev": true, + "engines": { + "node": ">= 8" + } + }, "node_modules/to-regex-range": { "version": "5.0.1", "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz", @@ -856,6 +1938,149 @@ "node": ">=4.2.0" } }, + "node_modules/uri-js": { + "version": "4.4.1", + "resolved": "https://registry.npmjs.org/uri-js/-/uri-js-4.4.1.tgz", + "integrity": "sha512-7rKUyy33Q1yc98pQ1DAmLtwX109F7TIfWlW1Ydo8Wl1ii1SeHieeh0HHfPeL2fMXK6z0s8ecKs9frCuLJvndBg==", + "dev": true, + "dependencies": { + "punycode": "^2.1.0" + } + }, + "node_modules/watchpack": { + "version": "2.3.1", + "resolved": "https://registry.npmjs.org/watchpack/-/watchpack-2.3.1.tgz", + "integrity": "sha512-x0t0JuydIo8qCNctdDrn1OzH/qDzk2+rdCOC3YzumZ42fiMqmQ7T3xQurykYMhYfHaPHTp4ZxAx2NfUo1K6QaA==", + "dev": true, + "dependencies": { + "glob-to-regexp": "^0.4.1", + "graceful-fs": "^4.1.2" + }, + "engines": { + "node": ">=10.13.0" + } + }, + "node_modules/webpack": { + "version": "5.71.0", + "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.71.0.tgz", + "integrity": "sha512-g4dFT7CFG8LY0iU5G8nBL6VlkT21Z7dcYDpJAEJV5Q1WLb9UwnFbrem1k7K52ILqEmomN7pnzWFxxE6SlDY56A==", + "dev": true, + "dependencies": { + "@types/eslint-scope": "^3.7.3", + "@types/estree": "^0.0.51", + "@webassemblyjs/ast": "1.11.1", + "@webassemblyjs/wasm-edit": "1.11.1", + "@webassemblyjs/wasm-parser": "1.11.1", + "acorn": "^8.4.1", + "acorn-import-assertions": "^1.7.6", + "browserslist": "^4.14.5", + "chrome-trace-event": "^1.0.2", + "enhanced-resolve": "^5.9.2", + "es-module-lexer": "^0.9.0", + "eslint-scope": "5.1.1", + "events": "^3.2.0", + "glob-to-regexp": "^0.4.1", + "graceful-fs": "^4.2.9", + "json-parse-better-errors": "^1.0.2", + "loader-runner": "^4.2.0", + "mime-types": "^2.1.27", + "neo-async": "^2.6.2", + "schema-utils": "^3.1.0", + "tapable": "^2.1.1", + "terser-webpack-plugin": "^5.1.3", + "watchpack": "^2.3.1", + "webpack-sources": "^3.2.3" + }, + "bin": { + "webpack": "bin/webpack.js" + }, + "engines": { + "node": ">=10.13.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/webpack" + }, + "peerDependenciesMeta": { + "webpack-cli": { + "optional": true + } + } + }, + "node_modules/webpack-cli": { + "version": "4.9.2", + "resolved": "https://registry.npmjs.org/webpack-cli/-/webpack-cli-4.9.2.tgz", + "integrity": "sha512-m3/AACnBBzK/kMTcxWHcZFPrw/eQuY4Df1TxvIWfWM2x7mRqBQCqKEd96oCUa9jkapLBaFfRce33eGDb4Pr7YQ==", + "dev": true, + "dependencies": { + "@discoveryjs/json-ext": "^0.5.0", + "@webpack-cli/configtest": "^1.1.1", + "@webpack-cli/info": "^1.4.1", + "@webpack-cli/serve": "^1.6.1", + "colorette": "^2.0.14", + "commander": "^7.0.0", + "execa": "^5.0.0", + "fastest-levenshtein": "^1.0.12", + "import-local": "^3.0.2", + "interpret": "^2.2.0", + "rechoir": "^0.7.0", + "webpack-merge": "^5.7.3" + }, + "bin": { + "webpack-cli": "bin/cli.js" + }, + "engines": { + "node": ">=10.13.0" + }, + "peerDependencies": { + "webpack": "4.x.x || 5.x.x" + }, + "peerDependenciesMeta": { + "@webpack-cli/generators": { + "optional": true + }, + "@webpack-cli/migrate": { + "optional": true + }, + "webpack-bundle-analyzer": { + "optional": true + }, + "webpack-dev-server": { + "optional": true + } + } + }, + "node_modules/webpack-cli/node_modules/commander": { + "version": "7.2.0", + "resolved": "https://registry.npmjs.org/commander/-/commander-7.2.0.tgz", + "integrity": "sha512-QrWXB+ZQSVPmIWIhtEO9H+gwHaMGYiF5ChvoJ+K9ZGHG/sVsa6yiesAD1GC/x46sET00Xlwo1u49RVVVzvcSkw==", + "dev": true, + "engines": { + "node": ">= 10" + } + }, + "node_modules/webpack-merge": { + "version": "5.8.0", + "resolved": "https://registry.npmjs.org/webpack-merge/-/webpack-merge-5.8.0.tgz", + "integrity": "sha512-/SaI7xY0831XwP6kzuwhKWVKDP9t1QY1h65lAFLbZqMPIuYcD9QAW4u9STIbU9kaJbPBB/geU/gLr1wDjOhQ+Q==", + "dev": true, + "dependencies": { + "clone-deep": "^4.0.1", + "wildcard": "^2.0.0" + }, + "engines": { + "node": ">=10.0.0" + } + }, + "node_modules/webpack-sources": { + "version": "3.2.3", + "resolved": "https://registry.npmjs.org/webpack-sources/-/webpack-sources-3.2.3.tgz", + "integrity": "sha512-/DyMEOrDgLKKIG0fmvtz+4dUX/3Ghozwgm6iPp8KRhvn+eQf9+Q7GWxVNMk3+uCPWfdXYC4ExGBckIXdFEfH1w==", + "dev": true, + "engines": { + "node": ">=10.13.0" + } + }, "node_modules/which": { "version": "2.0.2", "resolved": "https://registry.npmjs.org/which/-/which-2.0.2.tgz", @@ -871,6 +2096,12 @@ "node": ">= 8" } }, + "node_modules/wildcard": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/wildcard/-/wildcard-2.0.0.tgz", + "integrity": "sha512-JcKqAHLPxcdb9KM49dufGXn2x3ssnfjbcaQdLlfZsL9rH9wgDQjUtDxbo8NE0F6SFvydeu1VhZe7hZuHsB2/pw==", + "dev": true + }, "node_modules/workerpool": { "version": "6.2.0", "resolved": "https://registry.npmjs.org/workerpool/-/workerpool-6.2.0.tgz", @@ -965,12 +2196,269 @@ } }, "dependencies": { + "@discoveryjs/json-ext": { + "version": "0.5.7", + "resolved": "https://registry.npmjs.org/@discoveryjs/json-ext/-/json-ext-0.5.7.tgz", + "integrity": "sha512-dBVuXR082gk3jsFp7Rd/JI4kytwGHecnCoTtXFb7DB6CNHp4rg5k1bhg0nWdLGLnOV71lmDzGQaLMy8iPLY0pw==", + "dev": true + }, + "@types/eslint": { + "version": "8.4.1", + "resolved": "https://registry.npmjs.org/@types/eslint/-/eslint-8.4.1.tgz", + "integrity": "sha512-GE44+DNEyxxh2Kc6ro/VkIj+9ma0pO0bwv9+uHSyBrikYOHr8zYcdPvnBOp1aw8s+CjRvuSx7CyWqRrNFQ59mA==", + "dev": true, + "requires": { + "@types/estree": "*", + "@types/json-schema": "*" + } + }, + "@types/eslint-scope": { + "version": "3.7.3", + "resolved": "https://registry.npmjs.org/@types/eslint-scope/-/eslint-scope-3.7.3.tgz", + "integrity": "sha512-PB3ldyrcnAicT35TWPs5IcwKD8S333HMaa2VVv4+wdvebJkjWuW/xESoB8IwRcog8HYVYamb1g/R31Qv5Bx03g==", + "dev": true, + "requires": { + "@types/eslint": "*", + "@types/estree": "*" + } + }, + "@types/estree": { + "version": "0.0.51", + "resolved": "https://registry.npmjs.org/@types/estree/-/estree-0.0.51.tgz", + "integrity": "sha512-CuPgU6f3eT/XgKKPqKd/gLZV1Xmvf1a2R5POBOGQa6uv82xpls89HU5zKeVoyR8XzHd1RGNOlQlvUe3CFkjWNQ==", + "dev": true + }, + "@types/json-schema": { + "version": "7.0.11", + "resolved": "https://registry.npmjs.org/@types/json-schema/-/json-schema-7.0.11.tgz", + "integrity": "sha512-wOuvG1SN4Us4rez+tylwwwCV1psiNVOkJeM3AUWUNWg/jDQY2+HE/444y5gc+jBmRqASOm2Oeh5c1axHobwRKQ==", + "dev": true + }, + "@types/node": { + "version": "17.0.23", + "resolved": "https://registry.npmjs.org/@types/node/-/node-17.0.23.tgz", + "integrity": "sha512-UxDxWn7dl97rKVeVS61vErvw086aCYhDLyvRQZ5Rk65rZKepaFdm53GeqXaKBuOhED4e9uWq34IC3TdSdJJ2Gw==", + "dev": true + }, "@ungap/promise-all-settled": { "version": "1.1.2", "resolved": "https://registry.npmjs.org/@ungap/promise-all-settled/-/promise-all-settled-1.1.2.tgz", "integrity": "sha512-sL/cEvJWAnClXw0wHk85/2L0G6Sj8UB0Ctc1TEMbKSsmpRosqhwj9gWgFRZSrBr2f9tiXISwNhCPmlfqUqyb9Q==", "dev": true }, + "@webassemblyjs/ast": { + "version": "1.11.1", + "resolved": "https://registry.npmjs.org/@webassemblyjs/ast/-/ast-1.11.1.tgz", + "integrity": "sha512-ukBh14qFLjxTQNTXocdyksN5QdM28S1CxHt2rdskFyL+xFV7VremuBLVbmCePj+URalXBENx/9Lm7lnhihtCSw==", + "dev": true, + "requires": { + "@webassemblyjs/helper-numbers": "1.11.1", + "@webassemblyjs/helper-wasm-bytecode": "1.11.1" + } + }, + "@webassemblyjs/floating-point-hex-parser": { + "version": "1.11.1", + "resolved": "https://registry.npmjs.org/@webassemblyjs/floating-point-hex-parser/-/floating-point-hex-parser-1.11.1.tgz", + "integrity": "sha512-iGRfyc5Bq+NnNuX8b5hwBrRjzf0ocrJPI6GWFodBFzmFnyvrQ83SHKhmilCU/8Jv67i4GJZBMhEzltxzcNagtQ==", + "dev": true + }, + "@webassemblyjs/helper-api-error": { + "version": "1.11.1", + "resolved": "https://registry.npmjs.org/@webassemblyjs/helper-api-error/-/helper-api-error-1.11.1.tgz", + "integrity": "sha512-RlhS8CBCXfRUR/cwo2ho9bkheSXG0+NwooXcc3PAILALf2QLdFyj7KGsKRbVc95hZnhnERon4kW/D3SZpp6Tcg==", + "dev": true + }, + "@webassemblyjs/helper-buffer": { + "version": "1.11.1", + "resolved": "https://registry.npmjs.org/@webassemblyjs/helper-buffer/-/helper-buffer-1.11.1.tgz", + "integrity": "sha512-gwikF65aDNeeXa8JxXa2BAk+REjSyhrNC9ZwdT0f8jc4dQQeDQ7G4m0f2QCLPJiMTTO6wfDmRmj/pW0PsUvIcA==", + "dev": true + }, + "@webassemblyjs/helper-numbers": { + "version": "1.11.1", + "resolved": "https://registry.npmjs.org/@webassemblyjs/helper-numbers/-/helper-numbers-1.11.1.tgz", + "integrity": "sha512-vDkbxiB8zfnPdNK9Rajcey5C0w+QJugEglN0of+kmO8l7lDb77AnlKYQF7aarZuCrv+l0UvqL+68gSDr3k9LPQ==", + "dev": true, + "requires": { + "@webassemblyjs/floating-point-hex-parser": "1.11.1", + "@webassemblyjs/helper-api-error": "1.11.1", + "@xtuc/long": "4.2.2" + } + }, + "@webassemblyjs/helper-wasm-bytecode": { + "version": "1.11.1", + "resolved": "https://registry.npmjs.org/@webassemblyjs/helper-wasm-bytecode/-/helper-wasm-bytecode-1.11.1.tgz", + "integrity": "sha512-PvpoOGiJwXeTrSf/qfudJhwlvDQxFgelbMqtq52WWiXC6Xgg1IREdngmPN3bs4RoO83PnL/nFrxucXj1+BX62Q==", + "dev": true + }, + "@webassemblyjs/helper-wasm-section": { + "version": "1.11.1", + "resolved": "https://registry.npmjs.org/@webassemblyjs/helper-wasm-section/-/helper-wasm-section-1.11.1.tgz", + "integrity": "sha512-10P9No29rYX1j7F3EVPX3JvGPQPae+AomuSTPiF9eBQeChHI6iqjMIwR9JmOJXwpnn/oVGDk7I5IlskuMwU/pg==", + "dev": true, + "requires": { + "@webassemblyjs/ast": "1.11.1", + "@webassemblyjs/helper-buffer": "1.11.1", + "@webassemblyjs/helper-wasm-bytecode": "1.11.1", + "@webassemblyjs/wasm-gen": "1.11.1" + } + }, + "@webassemblyjs/ieee754": { + "version": "1.11.1", + "resolved": "https://registry.npmjs.org/@webassemblyjs/ieee754/-/ieee754-1.11.1.tgz", + "integrity": "sha512-hJ87QIPtAMKbFq6CGTkZYJivEwZDbQUgYd3qKSadTNOhVY7p+gfP6Sr0lLRVTaG1JjFj+r3YchoqRYxNH3M0GQ==", + "dev": true, + "requires": { + "@xtuc/ieee754": "^1.2.0" + } + }, + "@webassemblyjs/leb128": { + "version": "1.11.1", + "resolved": "https://registry.npmjs.org/@webassemblyjs/leb128/-/leb128-1.11.1.tgz", + "integrity": "sha512-BJ2P0hNZ0u+Th1YZXJpzW6miwqQUGcIHT1G/sf72gLVD9DZ5AdYTqPNbHZh6K1M5VmKvFXwGSWZADz+qBWxeRw==", + "dev": true, + "requires": { + "@xtuc/long": "4.2.2" + } + }, + "@webassemblyjs/utf8": { + "version": "1.11.1", + "resolved": "https://registry.npmjs.org/@webassemblyjs/utf8/-/utf8-1.11.1.tgz", + "integrity": "sha512-9kqcxAEdMhiwQkHpkNiorZzqpGrodQQ2IGrHHxCy+Ozng0ofyMA0lTqiLkVs1uzTRejX+/O0EOT7KxqVPuXosQ==", + "dev": true + }, + "@webassemblyjs/wasm-edit": { + "version": "1.11.1", + "resolved": "https://registry.npmjs.org/@webassemblyjs/wasm-edit/-/wasm-edit-1.11.1.tgz", + "integrity": "sha512-g+RsupUC1aTHfR8CDgnsVRVZFJqdkFHpsHMfJuWQzWU3tvnLC07UqHICfP+4XyL2tnr1amvl1Sdp06TnYCmVkA==", + "dev": true, + "requires": { + "@webassemblyjs/ast": "1.11.1", + "@webassemblyjs/helper-buffer": "1.11.1", + "@webassemblyjs/helper-wasm-bytecode": "1.11.1", + "@webassemblyjs/helper-wasm-section": "1.11.1", + "@webassemblyjs/wasm-gen": "1.11.1", + "@webassemblyjs/wasm-opt": "1.11.1", + "@webassemblyjs/wasm-parser": "1.11.1", + "@webassemblyjs/wast-printer": "1.11.1" + } + }, + "@webassemblyjs/wasm-gen": { + "version": "1.11.1", + "resolved": "https://registry.npmjs.org/@webassemblyjs/wasm-gen/-/wasm-gen-1.11.1.tgz", + "integrity": "sha512-F7QqKXwwNlMmsulj6+O7r4mmtAlCWfO/0HdgOxSklZfQcDu0TpLiD1mRt/zF25Bk59FIjEuGAIyn5ei4yMfLhA==", + "dev": true, + "requires": { + "@webassemblyjs/ast": "1.11.1", + "@webassemblyjs/helper-wasm-bytecode": "1.11.1", + "@webassemblyjs/ieee754": "1.11.1", + "@webassemblyjs/leb128": "1.11.1", + "@webassemblyjs/utf8": "1.11.1" + } + }, + "@webassemblyjs/wasm-opt": { + "version": "1.11.1", + "resolved": "https://registry.npmjs.org/@webassemblyjs/wasm-opt/-/wasm-opt-1.11.1.tgz", + "integrity": "sha512-VqnkNqnZlU5EB64pp1l7hdm3hmQw7Vgqa0KF/KCNO9sIpI6Fk6brDEiX+iCOYrvMuBWDws0NkTOxYEb85XQHHw==", + "dev": true, + "requires": { + "@webassemblyjs/ast": "1.11.1", + "@webassemblyjs/helper-buffer": "1.11.1", + "@webassemblyjs/wasm-gen": "1.11.1", + "@webassemblyjs/wasm-parser": "1.11.1" + } + }, + "@webassemblyjs/wasm-parser": { + "version": "1.11.1", + "resolved": "https://registry.npmjs.org/@webassemblyjs/wasm-parser/-/wasm-parser-1.11.1.tgz", + "integrity": "sha512-rrBujw+dJu32gYB7/Lup6UhdkPx9S9SnobZzRVL7VcBH9Bt9bCBLEuX/YXOOtBsOZ4NQrRykKhffRWHvigQvOA==", + "dev": true, + "requires": { + "@webassemblyjs/ast": "1.11.1", + "@webassemblyjs/helper-api-error": "1.11.1", + "@webassemblyjs/helper-wasm-bytecode": "1.11.1", + "@webassemblyjs/ieee754": "1.11.1", + "@webassemblyjs/leb128": "1.11.1", + "@webassemblyjs/utf8": "1.11.1" + } + }, + "@webassemblyjs/wast-printer": { + "version": "1.11.1", + "resolved": "https://registry.npmjs.org/@webassemblyjs/wast-printer/-/wast-printer-1.11.1.tgz", + "integrity": "sha512-IQboUWM4eKzWW+N/jij2sRatKMh99QEelo3Eb2q0qXkvPRISAj8Qxtmw5itwqK+TTkBuUIE45AxYPToqPtL5gg==", + "dev": true, + "requires": { + "@webassemblyjs/ast": "1.11.1", + "@xtuc/long": "4.2.2" + } + }, + "@webpack-cli/configtest": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/@webpack-cli/configtest/-/configtest-1.1.1.tgz", + "integrity": "sha512-1FBc1f9G4P/AxMqIgfZgeOTuRnwZMten8E7zap5zgpPInnCrP8D4Q81+4CWIch8i/Nf7nXjP0v6CjjbHOrXhKg==", + "dev": true, + "requires": {} + }, + "@webpack-cli/info": { + "version": "1.4.1", + "resolved": "https://registry.npmjs.org/@webpack-cli/info/-/info-1.4.1.tgz", + "integrity": "sha512-PKVGmazEq3oAo46Q63tpMr4HipI3OPfP7LiNOEJg963RMgT0rqheag28NCML0o3GIzA3DmxP1ZIAv9oTX1CUIA==", + "dev": true, + "requires": { + "envinfo": "^7.7.3" + } + }, + "@webpack-cli/serve": { + "version": "1.6.1", + "resolved": "https://registry.npmjs.org/@webpack-cli/serve/-/serve-1.6.1.tgz", + "integrity": "sha512-gNGTiTrjEVQ0OcVnzsRSqTxaBSr+dmTfm+qJsCDluky8uhdLWep7Gcr62QsAKHTMxjCS/8nEITsmFAhfIx+QSw==", + "dev": true, + "requires": {} + }, + "@xtuc/ieee754": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/@xtuc/ieee754/-/ieee754-1.2.0.tgz", + "integrity": "sha512-DX8nKgqcGwsc0eJSqYt5lwP4DH5FlHnmuWWBRy7X0NcaGR0ZtuyeESgMwTYVEtxmsNGY+qit4QYT/MIYTOTPeA==", + "dev": true + }, + "@xtuc/long": { + "version": "4.2.2", + "resolved": "https://registry.npmjs.org/@xtuc/long/-/long-4.2.2.tgz", + "integrity": "sha512-NuHqBY1PB/D8xU6s/thBgOAiAP7HOYDQ32+BFZILJ8ivkUkAHQnWfn6WhL79Owj1qmUnoN/YPhktdIoucipkAQ==", + "dev": true + }, + "acorn": { + "version": "8.7.0", + "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.7.0.tgz", + "integrity": "sha512-V/LGr1APy+PXIwKebEWrkZPwoeoF+w1jiOBUmuxuiUIaOHtob8Qc9BTrYo7VuI5fR8tqsy+buA2WFooR5olqvQ==", + "dev": true + }, + "acorn-import-assertions": { + "version": "1.8.0", + "resolved": "https://registry.npmjs.org/acorn-import-assertions/-/acorn-import-assertions-1.8.0.tgz", + "integrity": "sha512-m7VZ3jwz4eK6A4Vtt8Ew1/mNbP24u0FhdyfA7fSvnJR6LMdfOYnmuIrrJAgrYfYJ10F/otaHTtrtrtmHdMNzEw==", + "dev": true, + "requires": {} + }, + "ajv": { + "version": "6.12.6", + "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", + "integrity": "sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==", + "dev": true, + "requires": { + "fast-deep-equal": "^3.1.1", + "fast-json-stable-stringify": "^2.0.0", + "json-schema-traverse": "^0.4.1", + "uri-js": "^4.2.2" + } + }, + "ajv-keywords": { + "version": "3.5.2", + "resolved": "https://registry.npmjs.org/ajv-keywords/-/ajv-keywords-3.5.2.tgz", + "integrity": "sha512-5p6WTN0DdTGVQk6VjcEju19IgaHudalcfabD7yhDGeA6bcQnmL+CpveLJq/3hvfwd1aof6L386Ougkx6RfyMIQ==", + "dev": true, + "requires": {} + }, "ansi-colors": { "version": "4.1.1", "resolved": "https://registry.npmjs.org/ansi-colors/-/ansi-colors-4.1.1.tgz", @@ -1045,12 +2533,37 @@ "integrity": "sha512-qhAVI1+Av2X7qelOfAIYwXONood6XlZE/fXaBSmW/T5SzLAmCgzi+eiWE7fUvbHaeNBQH13UftjpXxsfLkMpgw==", "dev": true }, + "browserslist": { + "version": "4.20.2", + "resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.20.2.tgz", + "integrity": "sha512-CQOBCqp/9pDvDbx3xfMi+86pr4KXIf2FDkTTdeuYw8OxS9t898LA1Khq57gtufFILXpfgsSx5woNgsBgvGjpsA==", + "dev": true, + "requires": { + "caniuse-lite": "^1.0.30001317", + "electron-to-chromium": "^1.4.84", + "escalade": "^3.1.1", + "node-releases": "^2.0.2", + "picocolors": "^1.0.0" + } + }, + "buffer-from": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.2.tgz", + "integrity": "sha512-E+XQCRwSbaaiChtv6k6Dwgc+bx+Bs6vuKJHHl5kox/BaKbhiXzqQOwK4cO22yElGp2OCmjwVhT3HmxgyPGnJfQ==", + "dev": true + }, "camelcase": { "version": "6.3.0", "resolved": "https://registry.npmjs.org/camelcase/-/camelcase-6.3.0.tgz", "integrity": "sha512-Gmy6FhYlCY7uOElZUSbxo2UCDH8owEk996gkbrpsgGtrJLM3J7jGxl9Ic7Qwwj4ivOE5AWZWRMecDdF7hqGjFA==", "dev": true }, + "caniuse-lite": { + "version": "1.0.30001324", + "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001324.tgz", + "integrity": "sha512-/eYp1J6zYh1alySQB4uzYFkLmxxI8tk0kxldbNHXp8+v+rdMKdUBNjRLz7T7fz6Iox+1lIdYpc7rq6ZcXfTukg==", + "dev": true + }, "chalk": { "version": "4.1.2", "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", @@ -1088,6 +2601,12 @@ "readdirp": "~3.6.0" } }, + "chrome-trace-event": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/chrome-trace-event/-/chrome-trace-event-1.0.3.tgz", + "integrity": "sha512-p3KULyQg4S7NIHixdwbGX+nFHkoBiA4YQmyWtjb8XngSKV124nJmRysgAeujbUVb15vh+RvFUfCPqU7rXk+hZg==", + "dev": true + }, "cliui": { "version": "7.0.4", "resolved": "https://registry.npmjs.org/cliui/-/cliui-7.0.4.tgz", @@ -1099,6 +2618,17 @@ "wrap-ansi": "^7.0.0" } }, + "clone-deep": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/clone-deep/-/clone-deep-4.0.1.tgz", + "integrity": "sha512-neHB9xuzh/wk0dIHweyAXv2aPGZIVk3pLMe+/RNzINf17fe0OG96QroktYAUm7SM1PBnzTabaLboqqxDyMU+SQ==", + "dev": true, + "requires": { + "is-plain-object": "^2.0.4", + "kind-of": "^6.0.2", + "shallow-clone": "^3.0.0" + } + }, "color-convert": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz", @@ -1114,12 +2644,35 @@ "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==", "dev": true }, + "colorette": { + "version": "2.0.16", + "resolved": "https://registry.npmjs.org/colorette/-/colorette-2.0.16.tgz", + "integrity": "sha512-hUewv7oMjCp+wkBv5Rm0v87eJhq4woh5rSR+42YSQJKecCqgIqNkZ6lAlQms/BwHPJA5NKMRlpxPRv0n8HQW6g==", + "dev": true + }, + "commander": { + "version": "2.20.3", + "resolved": "https://registry.npmjs.org/commander/-/commander-2.20.3.tgz", + "integrity": "sha512-GpVkmM8vF2vQUkj2LvZmD35JxeJOLCwJ9cUkugyk2nuhbv3+mJvpLYYt+0+USMxE+oj+ey/lJEnhZw75x/OMcQ==", + "dev": true + }, "concat-map": { "version": "0.0.1", "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz", "integrity": "sha1-2Klr13/Wjfd5OnMDajug1UBdR3s=", "dev": true }, + "cross-spawn": { + "version": "7.0.3", + "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz", + "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==", + "dev": true, + "requires": { + "path-key": "^3.1.0", + "shebang-command": "^2.0.0", + "which": "^2.0.1" + } + }, "debug": { "version": "4.3.3", "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.3.tgz", @@ -1149,12 +2702,40 @@ "integrity": "sha512-/VTCrvm5Z0JGty/BWHljh+BAiw3IK+2j87NGMu8Nwc/f48WoDAC395uomO9ZD117ZOBaHmkX1oyLvkVM/aIT3w==", "dev": true }, + "electron-to-chromium": { + "version": "1.4.103", + "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.4.103.tgz", + "integrity": "sha512-c/uKWR1Z/W30Wy/sx3dkZoj4BijbXX85QKWu9jJfjho3LBAXNEGAEW3oWiGb+dotA6C6BzCTxL2/aLes7jlUeg==", + "dev": true + }, "emoji-regex": { "version": "8.0.0", "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz", "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==", "dev": true }, + "enhanced-resolve": { + "version": "5.9.2", + "resolved": "https://registry.npmjs.org/enhanced-resolve/-/enhanced-resolve-5.9.2.tgz", + "integrity": "sha512-GIm3fQfwLJ8YZx2smuHpBKkXC1yOk+OBEmKckVyL0i/ea8mqDEykK3ld5dgH1QYPNyT/lIllxV2LULnxCHaHkA==", + "dev": true, + "requires": { + "graceful-fs": "^4.2.4", + "tapable": "^2.2.0" + } + }, + "envinfo": { + "version": "7.8.1", + "resolved": "https://registry.npmjs.org/envinfo/-/envinfo-7.8.1.tgz", + "integrity": "sha512-/o+BXHmB7ocbHEAs6F2EnG0ogybVVUdkRunTT2glZU9XAaGmhqskrvKwqXuDfNjEO0LZKWdejEEpnq8aM0tOaw==", + "dev": true + }, + "es-module-lexer": { + "version": "0.9.3", + "resolved": "https://registry.npmjs.org/es-module-lexer/-/es-module-lexer-0.9.3.tgz", + "integrity": "sha512-1HQ2M2sPtxwnvOvT1ZClHyQDiggdNjURWpY2we6aMKCQiUVxTmVs2UYPLIrD84sS+kMdUwfBSylbJPwNnBrnHQ==", + "dev": true + }, "escalade": { "version": "3.1.1", "resolved": "https://registry.npmjs.org/escalade/-/escalade-3.1.1.tgz", @@ -1167,6 +2748,80 @@ "integrity": "sha512-TtpcNJ3XAzx3Gq8sWRzJaVajRs0uVxA2YAkdb1jm2YkPz4G6egUFAyA3n5vtEIZefPk5Wa4UXbKuS5fKkJWdgA==", "dev": true }, + "eslint-scope": { + "version": "5.1.1", + "resolved": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-5.1.1.tgz", + "integrity": "sha512-2NxwbF/hZ0KpepYN0cNbo+FN6XoK7GaHlQhgx/hIZl6Va0bF45RQOOwhLIy8lQDbuCiadSLCBnH2CFYquit5bw==", + "dev": true, + "requires": { + "esrecurse": "^4.3.0", + "estraverse": "^4.1.1" + } + }, + "esrecurse": { + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/esrecurse/-/esrecurse-4.3.0.tgz", + "integrity": "sha512-KmfKL3b6G+RXvP8N1vr3Tq1kL/oCFgn2NYXEtqP8/L3pKapUA4G8cFVaoF3SU323CD4XypR/ffioHmkti6/Tag==", + "dev": true, + "requires": { + "estraverse": "^5.2.0" + }, + "dependencies": { + "estraverse": { + "version": "5.3.0", + "resolved": "https://registry.npmjs.org/estraverse/-/estraverse-5.3.0.tgz", + "integrity": "sha512-MMdARuVEQziNTeJD8DgMqmhwR11BRQ/cBP+pLtYdSTnf3MIO8fFeiINEbX36ZdNlfU/7A9f3gUw49B3oQsvwBA==", + "dev": true + } + } + }, + "estraverse": { + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/estraverse/-/estraverse-4.3.0.tgz", + "integrity": "sha512-39nnKffWz8xN1BU/2c79n9nB9HDzo0niYUqx6xyqUnyoAnQyyWpOTdZEeiCch8BBu515t4wp9ZmgVfVhn9EBpw==", + "dev": true + }, + "events": { + "version": "3.3.0", + "resolved": "https://registry.npmjs.org/events/-/events-3.3.0.tgz", + "integrity": "sha512-mQw+2fkQbALzQ7V0MY0IqdnXNOeTtP4r0lN9z7AAawCXgqea7bDii20AYrIBrFd/Hx0M2Ocz6S111CaFkUcb0Q==", + "dev": true + }, + "execa": { + "version": "5.1.1", + "resolved": "https://registry.npmjs.org/execa/-/execa-5.1.1.tgz", + "integrity": "sha512-8uSpZZocAZRBAPIEINJj3Lo9HyGitllczc27Eh5YYojjMFMn8yHMDMaUHE2Jqfq05D/wucwI4JGURyXt1vchyg==", + "dev": true, + "requires": { + "cross-spawn": "^7.0.3", + "get-stream": "^6.0.0", + "human-signals": "^2.1.0", + "is-stream": "^2.0.0", + "merge-stream": "^2.0.0", + "npm-run-path": "^4.0.1", + "onetime": "^5.1.2", + "signal-exit": "^3.0.3", + "strip-final-newline": "^2.0.0" + } + }, + "fast-deep-equal": { + "version": "3.1.3", + "resolved": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz", + "integrity": "sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q==", + "dev": true + }, + "fast-json-stable-stringify": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/fast-json-stable-stringify/-/fast-json-stable-stringify-2.1.0.tgz", + "integrity": "sha512-lhd/wF+Lk98HZoTCtlVraHtfh5XYijIjalXck7saUtuanSDyLMxnHhSXEDJqHxD7msR8D0uCmqlkwjCV8xvwHw==", + "dev": true + }, + "fastest-levenshtein": { + "version": "1.0.12", + "resolved": "https://registry.npmjs.org/fastest-levenshtein/-/fastest-levenshtein-1.0.12.tgz", + "integrity": "sha512-On2N+BpYJ15xIC974QNVuYGMOlEVt4s0EOI3wwMqOmK1fdDY+FN/zltPV8vosq4ad4c/gJ1KHScUn/6AWIgiow==", + "dev": true + }, "fill-range": { "version": "7.0.1", "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz", @@ -1205,12 +2860,24 @@ "dev": true, "optional": true }, + "function-bind": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.1.tgz", + "integrity": "sha512-yIovAzMX49sF8Yl58fSCWJ5svSLuaibPxXQJFLmBObTuCr0Mf1KiPopGM9NiFjiYBCbfaa2Fh6breQ6ANVTI0A==", + "dev": true + }, "get-caller-file": { "version": "2.0.5", "resolved": "https://registry.npmjs.org/get-caller-file/-/get-caller-file-2.0.5.tgz", "integrity": "sha512-DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg==", "dev": true }, + "get-stream": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-6.0.1.tgz", + "integrity": "sha512-ts6Wi+2j3jQjqi70w5AlN8DFnkSwC+MqmxEzdEALB2qXZYV3X/b1CTfgPLGJNMeAWxdPfU8FO1ms3NUfaHCPYg==", + "dev": true + }, "glob": { "version": "7.2.0", "resolved": "https://registry.npmjs.org/glob/-/glob-7.2.0.tgz", @@ -1245,12 +2912,33 @@ "is-glob": "^4.0.1" } }, + "glob-to-regexp": { + "version": "0.4.1", + "resolved": "https://registry.npmjs.org/glob-to-regexp/-/glob-to-regexp-0.4.1.tgz", + "integrity": "sha512-lkX1HJXwyMcprw/5YUZc2s7DrpAiHB21/V+E1rHUrVNokkvB6bqMzT0VfV6/86ZNabt1k14YOIaT7nDvOX3Iiw==", + "dev": true + }, + "graceful-fs": { + "version": "4.2.9", + "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.9.tgz", + "integrity": "sha512-NtNxqUcXgpW2iMrfqSfR73Glt39K+BLwWsPs94yR63v45T0Wbej7eRmL5cWfwEgqXnmjQp3zaJTshdRW/qC2ZQ==", + "dev": true + }, "growl": { "version": "1.10.5", "resolved": "https://registry.npmjs.org/growl/-/growl-1.10.5.tgz", "integrity": "sha512-qBr4OuELkhPenW6goKVXiv47US3clb3/IbuWF9KNKEijAy9oeHxU9IgzjvJhHkUzhaj7rOUD7+YGWqUjLp5oSA==", "dev": true }, + "has": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/has/-/has-1.0.3.tgz", + "integrity": "sha512-f2dvO0VU6Oej7RkWJGrehjbzMAjFp5/VKPp5tTpWIV4JHHZK1/BxbFRtf/siA2SWTe09caDmVtYYzWEIbBS4zw==", + "dev": true, + "requires": { + "function-bind": "^1.1.1" + } + }, "has-flag": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz", @@ -1263,6 +2951,22 @@ "integrity": "sha512-F/1DnUGPopORZi0ni+CvrCgHQ5FyEAHRLSApuYWMmrbSwoN2Mn/7k+Gl38gJnR7yyDZk6WLXwiGod1JOWNDKGw==", "dev": true }, + "human-signals": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/human-signals/-/human-signals-2.1.0.tgz", + "integrity": "sha512-B4FFZ6q/T2jhhksgkbEW3HBvWIfDW85snkQgawt07S7J5QXTk6BkNV+0yAeZrM5QpMAdYlocGoljn0sJ/WQkFw==", + "dev": true + }, + "import-local": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/import-local/-/import-local-3.1.0.tgz", + "integrity": "sha512-ASB07uLtnDs1o6EHjKpX34BKYDSqnFerfTOJL2HvMqF70LnxpjkzDB8J44oT9pu4AMPkQwf8jl6szgvNd2tRIg==", + "dev": true, + "requires": { + "pkg-dir": "^4.2.0", + "resolve-cwd": "^3.0.0" + } + }, "inflight": { "version": "1.0.6", "resolved": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz", @@ -1279,6 +2983,12 @@ "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==", "dev": true }, + "interpret": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/interpret/-/interpret-2.2.0.tgz", + "integrity": "sha512-Ju0Bz/cEia55xDwUWEa8+olFpCiQoypjnQySseKtmjNrnps3P+xfpUmGr90T7yjlVJmOtybRvPXhKMbHr+fWnw==", + "dev": true + }, "is-binary-path": { "version": "2.1.0", "resolved": "https://registry.npmjs.org/is-binary-path/-/is-binary-path-2.1.0.tgz", @@ -1288,6 +2998,15 @@ "binary-extensions": "^2.0.0" } }, + "is-core-module": { + "version": "2.8.1", + "resolved": "https://registry.npmjs.org/is-core-module/-/is-core-module-2.8.1.tgz", + "integrity": "sha512-SdNCUs284hr40hFTFP6l0IfZ/RSrMXF3qgoRHd3/79unUTvrFO/JoXwkGm+5J/Oe3E/b5GsnG330uUNgRpu1PA==", + "dev": true, + "requires": { + "has": "^1.0.3" + } + }, "is-extglob": { "version": "2.1.1", "resolved": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz", @@ -1321,6 +3040,21 @@ "integrity": "sha512-YWnfyRwxL/+SsrWYfOpUtz5b3YD+nyfkHvjbcanzk8zgyO4ASD67uVMRt8k5bM4lLMDnXfriRhOpemw+NfT1eA==", "dev": true }, + "is-plain-object": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/is-plain-object/-/is-plain-object-2.0.4.tgz", + "integrity": "sha512-h5PpgXkWitc38BBMYawTYMWJHFZJVnBquFE57xFpjB8pJFiF6gZ+bU+WyI/yqXiFR5mdLsgYNaPe8uao6Uv9Og==", + "dev": true, + "requires": { + "isobject": "^3.0.1" + } + }, + "is-stream": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/is-stream/-/is-stream-2.0.1.tgz", + "integrity": "sha512-hFoiJiTl63nn+kstHGBtewWSKnQLpyb155KHheA1l39uvtO9nWIop1p3udqPcUd/xbF1VLMO4n7OI6p7RbngDg==", + "dev": true + }, "is-unicode-supported": { "version": "0.1.0", "resolved": "https://registry.npmjs.org/is-unicode-supported/-/is-unicode-supported-0.1.0.tgz", @@ -1333,6 +3067,23 @@ "integrity": "sha1-6PvzdNxVb/iUehDcsFctYz8s+hA=", "dev": true }, + "isobject": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/isobject/-/isobject-3.0.1.tgz", + "integrity": "sha1-TkMekrEalzFjaqH5yNHMvP2reN8=", + "dev": true + }, + "jest-worker": { + "version": "27.5.1", + "resolved": "https://registry.npmjs.org/jest-worker/-/jest-worker-27.5.1.tgz", + "integrity": "sha512-7vuh85V5cdDofPyxn58nrPjBktZo0u9x1g8WtjQol+jZDaE+fhN+cIvTj11GndBnMnyfrUOG1sZQxCdjKh+DKg==", + "dev": true, + "requires": { + "@types/node": "*", + "merge-stream": "^2.0.0", + "supports-color": "^8.0.0" + } + }, "js-yaml": { "version": "4.1.0", "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz", @@ -1342,6 +3093,30 @@ "argparse": "^2.0.1" } }, + "json-parse-better-errors": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/json-parse-better-errors/-/json-parse-better-errors-1.0.2.tgz", + "integrity": "sha512-mrqyZKfX5EhL7hvqcV6WG1yYjnjeuYDzDhhcAAUrq8Po85NBQBJP+ZDUT75qZQ98IkUoBqdkExkukOU7Ts2wrw==", + "dev": true + }, + "json-schema-traverse": { + "version": "0.4.1", + "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz", + "integrity": "sha512-xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg==", + "dev": true + }, + "kind-of": { + "version": "6.0.3", + "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-6.0.3.tgz", + "integrity": "sha512-dcS1ul+9tmeD95T+x28/ehLgd9mENa3LsvDTtzm3vyBEO7RPptvAD+t44WVXaUjTBRcrpFeFlC8WCruUR456hw==", + "dev": true + }, + "loader-runner": { + "version": "4.2.0", + "resolved": "https://registry.npmjs.org/loader-runner/-/loader-runner-4.2.0.tgz", + "integrity": "sha512-92+huvxMvYlMzMt0iIOukcwYBFpkYJdpl2xsZ7LrlayO7E8SOv+JJUEK17B/dJIHAOLMfh2dZZ/Y18WgmGtYNw==", + "dev": true + }, "locate-path": { "version": "6.0.0", "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-6.0.0.tgz", @@ -1361,6 +3136,33 @@ "is-unicode-supported": "^0.1.0" } }, + "merge-stream": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/merge-stream/-/merge-stream-2.0.0.tgz", + "integrity": "sha512-abv/qOcuPfk3URPfDzmZU1LKmuw8kT+0nIHvKrKgFrwifol/doWcdA4ZqsWQ8ENrFKkd67Mfpo/LovbIUsbt3w==", + "dev": true + }, + "mime-db": { + "version": "1.52.0", + "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz", + "integrity": "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==", + "dev": true + }, + "mime-types": { + "version": "2.1.35", + "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz", + "integrity": "sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==", + "dev": true, + "requires": { + "mime-db": "1.52.0" + } + }, + "mimic-fn": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/mimic-fn/-/mimic-fn-2.1.0.tgz", + "integrity": "sha512-OqbOk5oEQeAZ8WXWydlu9HJjz9WVdEIvamMCcXmuqUYjTknH/sqsWvhQ3vgwKFRR1HpjvNBKQ37nbJgYzGqGcg==", + "dev": true + }, "minimatch": { "version": "4.2.1", "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-4.2.1.tgz", @@ -1414,12 +3216,33 @@ "integrity": "sha512-n6Vs/3KGyxPQd6uO0eH4Bv0ojGSUvuLlIHtC3Y0kEO23YRge8H9x1GCzLn28YX0H66pMkxuaeESFq4tKISKwdw==", "dev": true }, + "neo-async": { + "version": "2.6.2", + "resolved": "https://registry.npmjs.org/neo-async/-/neo-async-2.6.2.tgz", + "integrity": "sha512-Yd3UES5mWCSqR+qNT93S3UoYUkqAZ9lLg8a7g9rimsWmYGK8cVToA4/sF3RrshdyV3sAGMXVUmpMYOw+dLpOuw==", + "dev": true + }, + "node-releases": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/node-releases/-/node-releases-2.0.2.tgz", + "integrity": "sha512-XxYDdcQ6eKqp/YjI+tb2C5WM2LgjnZrfYg4vgQt49EK268b6gYCHsBLrK2qvJo4FmCtqmKezb0WZFK4fkrZNsg==", + "dev": true + }, "normalize-path": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/normalize-path/-/normalize-path-3.0.0.tgz", "integrity": "sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA==", "dev": true }, + "npm-run-path": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/npm-run-path/-/npm-run-path-4.0.1.tgz", + "integrity": "sha512-S48WzZW777zhNIrn7gxOlISNAqi9ZC/uQFnRdbeIHhZhCA6UqpkOT8T1G7BvfdgP4Er8gF4sUbaS0i7QvIfCWw==", + "dev": true, + "requires": { + "path-key": "^3.0.0" + } + }, "once": { "version": "1.4.0", "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz", @@ -1429,6 +3252,15 @@ "wrappy": "1" } }, + "onetime": { + "version": "5.1.2", + "resolved": "https://registry.npmjs.org/onetime/-/onetime-5.1.2.tgz", + "integrity": "sha512-kbpaSSGJTWdAY5KPVeMOKXSrPtr8C8C7wodJbcsd51jRnmD+GZu8Y0VoU6Dm5Z4vWr0Ig/1NKuWRKf7j5aaYSg==", + "dev": true, + "requires": { + "mimic-fn": "^2.1.0" + } + }, "p-limit": { "version": "3.1.0", "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-3.1.0.tgz", @@ -1447,6 +3279,12 @@ "p-limit": "^3.0.2" } }, + "p-try": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/p-try/-/p-try-2.2.0.tgz", + "integrity": "sha512-R4nPAVTAU0B9D35/Gk3uJf/7XYbQcyohSKdvAxIRSNghFl4e71hVoGnBNQz9cWaXxO2I10KTC+3jMdvvoKw6dQ==", + "dev": true + }, "packageurl-js": { "version": "0.0.6", "resolved": "https://registry.npmjs.org/packageurl-js/-/packageurl-js-0.0.6.tgz", @@ -1464,12 +3302,84 @@ "integrity": "sha1-F0uSaHNVNP+8es5r9TpanhtcX18=", "dev": true }, + "path-key": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/path-key/-/path-key-3.1.1.tgz", + "integrity": "sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q==", + "dev": true + }, + "path-parse": { + "version": "1.0.7", + "resolved": "https://registry.npmjs.org/path-parse/-/path-parse-1.0.7.tgz", + "integrity": "sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw==", + "dev": true + }, + "picocolors": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/picocolors/-/picocolors-1.0.0.tgz", + "integrity": "sha512-1fygroTLlHu66zi26VoTDv8yRgm0Fccecssto+MhsZ0D/DGW2sm8E8AjW7NU5VVTRt5GxbeZ5qBuJr+HyLYkjQ==", + "dev": true + }, "picomatch": { "version": "2.3.1", "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz", "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==", "dev": true }, + "pkg-dir": { + "version": "4.2.0", + "resolved": "https://registry.npmjs.org/pkg-dir/-/pkg-dir-4.2.0.tgz", + "integrity": "sha512-HRDzbaKjC+AOWVXxAU/x54COGeIv9eb+6CkDSQoNTt4XyWoIJvuPsXizxu/Fr23EiekbtZwmh1IcIG/l/a10GQ==", + "dev": true, + "requires": { + "find-up": "^4.0.0" + }, + "dependencies": { + "find-up": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz", + "integrity": "sha512-PpOwAdQ/YlXQ2vj8a3h8IipDuYRi3wceVQQGYWxNINccq40Anw7BlsEXCMbt1Zt+OLA6Fq9suIpIWD0OsnISlw==", + "dev": true, + "requires": { + "locate-path": "^5.0.0", + "path-exists": "^4.0.0" + } + }, + "locate-path": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz", + "integrity": "sha512-t7hw9pI+WvuwNJXwk5zVHpyhIqzg2qTlklJOf0mVxGSbe3Fp2VieZcduNYjaLDoy6p9uGpQEGWG87WpMKlNq8g==", + "dev": true, + "requires": { + "p-locate": "^4.1.0" + } + }, + "p-limit": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", + "integrity": "sha512-//88mFWSJx8lxCzwdAABTJL2MyWB12+eIY7MDL2SqLmAkeKU9qxRvWuSyTjm3FUmpBEMuFfckAIqEaVGUDxb6w==", + "dev": true, + "requires": { + "p-try": "^2.0.0" + } + }, + "p-locate": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz", + "integrity": "sha512-R79ZZ/0wAxKGu3oYMlz8jy/kbhsNrS7SKZ7PxEHBgJ5+F2mtFW2fK2cOtBh1cHYkQsbzFV7I+EoRKe6Yt0oK7A==", + "dev": true, + "requires": { + "p-limit": "^2.2.0" + } + } + } + }, + "punycode": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.1.1.tgz", + "integrity": "sha512-XRsRjdf+j5ml+y/6GKHPZbrF/8p2Yga0JPtdqTIY2Xe5ohJPD9saDJJLPvp9+NSBprVvevdXZybnj2cv8OEd0A==", + "dev": true + }, "randombytes": { "version": "2.1.0", "resolved": "https://registry.npmjs.org/randombytes/-/randombytes-2.1.0.tgz", @@ -1488,18 +3398,64 @@ "picomatch": "^2.2.1" } }, + "rechoir": { + "version": "0.7.1", + "resolved": "https://registry.npmjs.org/rechoir/-/rechoir-0.7.1.tgz", + "integrity": "sha512-/njmZ8s1wVeR6pjTZ+0nCnv8SpZNRMT2D1RLOJQESlYFDBvwpTA4KWJpZ+sBJ4+vhjILRcK7JIFdGCdxEAAitg==", + "dev": true, + "requires": { + "resolve": "^1.9.0" + } + }, "require-directory": { "version": "2.1.1", "resolved": "https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz", "integrity": "sha1-jGStX9MNqxyXbiNE/+f3kqam30I=", "dev": true }, + "resolve": { + "version": "1.22.0", + "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.22.0.tgz", + "integrity": "sha512-Hhtrw0nLeSrFQ7phPp4OOcVjLPIeMnRlr5mcnVuMe7M/7eBn98A3hmFRLoFo3DLZkivSYwhRUJTyPyWAk56WLw==", + "dev": true, + "requires": { + "is-core-module": "^2.8.1", + "path-parse": "^1.0.7", + "supports-preserve-symlinks-flag": "^1.0.0" + } + }, + "resolve-cwd": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/resolve-cwd/-/resolve-cwd-3.0.0.tgz", + "integrity": "sha512-OrZaX2Mb+rJCpH/6CpSqt9xFVpN++x01XnN2ie9g6P5/3xelLAkXWVADpdz1IHD/KFfEXyE6V0U01OQ3UO2rEg==", + "dev": true, + "requires": { + "resolve-from": "^5.0.0" + } + }, + "resolve-from": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/resolve-from/-/resolve-from-5.0.0.tgz", + "integrity": "sha512-qYg9KP24dD5qka9J47d0aVky0N+b4fTU89LN9iDnjB5waksiC49rvMB0PrUJQGoTmH50XPiqOvAjDfaijGxYZw==", + "dev": true + }, "safe-buffer": { "version": "5.2.1", "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz", "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==", "dev": true }, + "schema-utils": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-3.1.1.tgz", + "integrity": "sha512-Y5PQxS4ITlC+EahLuXaY86TXfR7Dc5lw294alXOq86JAHCihAIZfqv8nNCWvaEJvaC51uN9hbLGeV0cFBdH+Fw==", + "dev": true, + "requires": { + "@types/json-schema": "^7.0.8", + "ajv": "^6.12.5", + "ajv-keywords": "^3.5.2" + } + }, "serialize-javascript": { "version": "6.0.0", "resolved": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-6.0.0.tgz", @@ -1509,6 +3465,52 @@ "randombytes": "^2.1.0" } }, + "shallow-clone": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/shallow-clone/-/shallow-clone-3.0.1.tgz", + "integrity": "sha512-/6KqX+GVUdqPuPPd2LxDDxzX6CAbjJehAAOKlNpqqUpAqPM6HeL8f+o3a+JsyGjn2lv0WY8UsTgUJjU9Ok55NA==", + "dev": true, + "requires": { + "kind-of": "^6.0.2" + } + }, + "shebang-command": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz", + "integrity": "sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA==", + "dev": true, + "requires": { + "shebang-regex": "^3.0.0" + } + }, + "shebang-regex": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-3.0.0.tgz", + "integrity": "sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==", + "dev": true + }, + "signal-exit": { + "version": "3.0.7", + "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.7.tgz", + "integrity": "sha512-wnD2ZE+l+SPC/uoS0vXeE9L1+0wuaMqKlfz9AMUo38JsyLSBWSFcHR1Rri62LZc12vLr1gb3jl7iwQhgwpAbGQ==", + "dev": true + }, + "source-map": { + "version": "0.6.1", + "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", + "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==", + "dev": true + }, + "source-map-support": { + "version": "0.5.21", + "resolved": "https://registry.npmjs.org/source-map-support/-/source-map-support-0.5.21.tgz", + "integrity": "sha512-uBHU3L3czsIyYXKX88fdrGovxdSCoTGDRZ6SYXtSRxLZUzHg5P/66Ht6uoUlHu9EZod+inXhKo3qQgwXUT/y1w==", + "dev": true, + "requires": { + "buffer-from": "^1.0.0", + "source-map": "^0.6.0" + } + }, "string-width": { "version": "4.2.3", "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", @@ -1529,6 +3531,12 @@ "ansi-regex": "^5.0.1" } }, + "strip-final-newline": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/strip-final-newline/-/strip-final-newline-2.0.0.tgz", + "integrity": "sha512-BrpvfNAE3dcvq7ll3xVumzjKjZQ5tI1sEUIKr3Uoks0XUl45St3FlatVqef9prk4jRDzhW6WZg+3bk93y6pLjA==", + "dev": true + }, "strip-json-comments": { "version": "3.1.1", "resolved": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-3.1.1.tgz", @@ -1544,6 +3552,51 @@ "has-flag": "^4.0.0" } }, + "supports-preserve-symlinks-flag": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/supports-preserve-symlinks-flag/-/supports-preserve-symlinks-flag-1.0.0.tgz", + "integrity": "sha512-ot0WnXS9fgdkgIcePe6RHNk1WA8+muPa6cSjeR3V8K27q9BB1rTE3R1p7Hv0z1ZyAc8s6Vvv8DIyWf681MAt0w==", + "dev": true + }, + "tapable": { + "version": "2.2.1", + "resolved": "https://registry.npmjs.org/tapable/-/tapable-2.2.1.tgz", + "integrity": "sha512-GNzQvQTOIP6RyTfE2Qxb8ZVlNmw0n88vp1szwWRimP02mnTsx3Wtn5qRdqY9w2XduFNUgvOwhNnQsjwCp+kqaQ==", + "dev": true + }, + "terser": { + "version": "5.12.1", + "resolved": "https://registry.npmjs.org/terser/-/terser-5.12.1.tgz", + "integrity": "sha512-NXbs+7nisos5E+yXwAD+y7zrcTkMqb0dEJxIGtSKPdCBzopf7ni4odPul2aechpV7EXNvOudYOX2bb5tln1jbQ==", + "dev": true, + "requires": { + "acorn": "^8.5.0", + "commander": "^2.20.0", + "source-map": "~0.7.2", + "source-map-support": "~0.5.20" + }, + "dependencies": { + "source-map": { + "version": "0.7.3", + "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.7.3.tgz", + "integrity": "sha512-CkCj6giN3S+n9qrYiBTX5gystlENnRW5jZeNLHpe6aue+SrHcG5VYwujhW9s4dY31mEGsxBDrHR6oI69fTXsaQ==", + "dev": true + } + } + }, + "terser-webpack-plugin": { + "version": "5.3.1", + "resolved": "https://registry.npmjs.org/terser-webpack-plugin/-/terser-webpack-plugin-5.3.1.tgz", + "integrity": "sha512-GvlZdT6wPQKbDNW/GDQzZFg/j4vKU96yl2q6mcUkzKOgW4gwf1Z8cZToUCrz31XHlPWH8MVb1r2tFtdDtTGJ7g==", + "dev": true, + "requires": { + "jest-worker": "^27.4.5", + "schema-utils": "^3.1.1", + "serialize-javascript": "^6.0.0", + "source-map": "^0.6.1", + "terser": "^5.7.2" + } + }, "to-regex-range": { "version": "5.0.1", "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz", @@ -1559,6 +3612,101 @@ "integrity": "sha512-yNIatDa5iaofVozS/uQJEl3JRWLKKGJKh6Yaiv0GLGSuhpFJe7P3SbHZ8/yjAHRQwKRoA6YZqlfjXWmVzoVSMw==", "dev": true }, + "uri-js": { + "version": "4.4.1", + "resolved": "https://registry.npmjs.org/uri-js/-/uri-js-4.4.1.tgz", + "integrity": "sha512-7rKUyy33Q1yc98pQ1DAmLtwX109F7TIfWlW1Ydo8Wl1ii1SeHieeh0HHfPeL2fMXK6z0s8ecKs9frCuLJvndBg==", + "dev": true, + "requires": { + "punycode": "^2.1.0" + } + }, + "watchpack": { + "version": "2.3.1", + "resolved": "https://registry.npmjs.org/watchpack/-/watchpack-2.3.1.tgz", + "integrity": "sha512-x0t0JuydIo8qCNctdDrn1OzH/qDzk2+rdCOC3YzumZ42fiMqmQ7T3xQurykYMhYfHaPHTp4ZxAx2NfUo1K6QaA==", + "dev": true, + "requires": { + "glob-to-regexp": "^0.4.1", + "graceful-fs": "^4.1.2" + } + }, + "webpack": { + "version": "5.71.0", + "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.71.0.tgz", + "integrity": "sha512-g4dFT7CFG8LY0iU5G8nBL6VlkT21Z7dcYDpJAEJV5Q1WLb9UwnFbrem1k7K52ILqEmomN7pnzWFxxE6SlDY56A==", + "dev": true, + "requires": { + "@types/eslint-scope": "^3.7.3", + "@types/estree": "^0.0.51", + "@webassemblyjs/ast": "1.11.1", + "@webassemblyjs/wasm-edit": "1.11.1", + "@webassemblyjs/wasm-parser": "1.11.1", + "acorn": "^8.4.1", + "acorn-import-assertions": "^1.7.6", + "browserslist": "^4.14.5", + "chrome-trace-event": "^1.0.2", + "enhanced-resolve": "^5.9.2", + "es-module-lexer": "^0.9.0", + "eslint-scope": "5.1.1", + "events": "^3.2.0", + "glob-to-regexp": "^0.4.1", + "graceful-fs": "^4.2.9", + "json-parse-better-errors": "^1.0.2", + "loader-runner": "^4.2.0", + "mime-types": "^2.1.27", + "neo-async": "^2.6.2", + "schema-utils": "^3.1.0", + "tapable": "^2.1.1", + "terser-webpack-plugin": "^5.1.3", + "watchpack": "^2.3.1", + "webpack-sources": "^3.2.3" + } + }, + "webpack-cli": { + "version": "4.9.2", + "resolved": "https://registry.npmjs.org/webpack-cli/-/webpack-cli-4.9.2.tgz", + "integrity": "sha512-m3/AACnBBzK/kMTcxWHcZFPrw/eQuY4Df1TxvIWfWM2x7mRqBQCqKEd96oCUa9jkapLBaFfRce33eGDb4Pr7YQ==", + "dev": true, + "requires": { + "@discoveryjs/json-ext": "^0.5.0", + "@webpack-cli/configtest": "^1.1.1", + "@webpack-cli/info": "^1.4.1", + "@webpack-cli/serve": "^1.6.1", + "colorette": "^2.0.14", + "commander": "^7.0.0", + "execa": "^5.0.0", + "fastest-levenshtein": "^1.0.12", + "import-local": "^3.0.2", + "interpret": "^2.2.0", + "rechoir": "^0.7.0", + "webpack-merge": "^5.7.3" + }, + "dependencies": { + "commander": { + "version": "7.2.0", + "resolved": "https://registry.npmjs.org/commander/-/commander-7.2.0.tgz", + "integrity": "sha512-QrWXB+ZQSVPmIWIhtEO9H+gwHaMGYiF5ChvoJ+K9ZGHG/sVsa6yiesAD1GC/x46sET00Xlwo1u49RVVVzvcSkw==", + "dev": true + } + } + }, + "webpack-merge": { + "version": "5.8.0", + "resolved": "https://registry.npmjs.org/webpack-merge/-/webpack-merge-5.8.0.tgz", + "integrity": "sha512-/SaI7xY0831XwP6kzuwhKWVKDP9t1QY1h65lAFLbZqMPIuYcD9QAW4u9STIbU9kaJbPBB/geU/gLr1wDjOhQ+Q==", + "dev": true, + "requires": { + "clone-deep": "^4.0.1", + "wildcard": "^2.0.0" + } + }, + "webpack-sources": { + "version": "3.2.3", + "resolved": "https://registry.npmjs.org/webpack-sources/-/webpack-sources-3.2.3.tgz", + "integrity": "sha512-/DyMEOrDgLKKIG0fmvtz+4dUX/3Ghozwgm6iPp8KRhvn+eQf9+Q7GWxVNMk3+uCPWfdXYC4ExGBckIXdFEfH1w==", + "dev": true + }, "which": { "version": "2.0.2", "resolved": "https://registry.npmjs.org/which/-/which-2.0.2.tgz", @@ -1568,6 +3716,12 @@ "isexe": "^2.0.0" } }, + "wildcard": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/wildcard/-/wildcard-2.0.0.tgz", + "integrity": "sha512-JcKqAHLPxcdb9KM49dufGXn2x3ssnfjbcaQdLlfZsL9rH9wgDQjUtDxbo8NE0F6SFvydeu1VhZe7hZuHsB2/pw==", + "dev": true + }, "workerpool": { "version": "6.2.0", "resolved": "https://registry.npmjs.org/workerpool/-/workerpool-6.2.0.tgz", diff --git a/package.json b/package.json index cdf4ba9b8..c84a62c05 100644 --- a/package.json +++ b/package.json @@ -7,14 +7,19 @@ }, "devDependencies": { "mocha": "9.2.2", - "typescript": "4.6.3" + "typescript": "4.6.3", + "webpack": "^5.71.0", + "webpack-cli": "^4.9.2" }, - "main": "dist/index.js", - "types": "dist/index.d.ts", + "main": "dist.node/index.js", + "types": "dist.node/index.d.ts", "scripts": { "lint": "tsc --noEmit", - "clean": "node -r fs -e 'fs.rmSync(\"dist\",{recursive:true,force:true})'", - "build": "tsc --build", + "build": "npm run build:node && npm run build:web", + "prebuild:node": "node -r fs -e 'fs.rmSync(\"dist.node\",{recursive:true,force:true})'", + "build:node": "tsc --build", + "prebuild:web": "node -r fs -e 'fs.rmSync(\"dist.web\",{recursive:true,force:true})'", + "build:web": "webpack", "test": "mocha" } } diff --git a/tsconfig.json b/tsconfig.json index aa467566d..99d14c477 100644 --- a/tsconfig.json +++ b/tsconfig.json @@ -48,7 +48,7 @@ // "emitDeclarationOnly": true, /* Only output d.ts files and not JavaScript files. */ "sourceMap": true, /* Create source map files for emitted JavaScript files. */ // "outFile": "./", /* Specify a file that bundles all outputs into one JavaScript file. If `declaration` is true, also designates a file that bundles all .d.ts output. */ - "outDir": "./dist/", /* Specify an output folder for all emitted files. */ + "outDir": "./dist.node/", /* Specify an output folder for all emitted files. */ // "removeComments": true, /* Disable emitting comments. */ // "noEmit": true, /* Disable emitting files from a compilation. */ // "importHelpers": true, /* Allow importing helper functions from tslib once per project, instead of including them per-file. */ diff --git a/webpack.config.js b/webpack.config.js new file mode 100644 index 000000000..30ad363a5 --- /dev/null +++ b/webpack.config.js @@ -0,0 +1,15 @@ +const path = require('path'); + +module.exports = { + target: 'web', + mode: 'production', + entry: path.resolve(__dirname, 'dist.node/index.js'), + output: { + filename: 'CycloneDX_library.js', + path: path.resolve(__dirname, 'dist.web'), + library: 'CycloneDX_library', + libraryTarget: 'umd', + globalObject: 'this', + umdNamedDefine: true, + }, +}; From 2052d273d1c5d2252134d3bb9a3e5eb61b817a8a Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sun, 3 Apr 2022 11:14:04 +0200 Subject: [PATCH 038/233] wip (#11) Signed-off-by: Jan Kowalleck --- README.md | 13 ++- examples/node.js | 8 +- examples/web-browser.html | 4 +- package-lock.json | 151 ++++++++++++++++++++++++----- package.json | 6 +- src/enums/ExternalReferenceType.ts | 2 +- src/models/Attachment.ts | 4 +- src/models/Bom.ts | 2 +- src/models/Component.ts | 17 ++-- src/models/ExternalReference.ts | 2 +- src/models/Hash.ts | 2 +- src/models/License.ts | 2 +- src/models/SWID.ts | 2 +- src/types.ts | 4 +- test/README.md | 13 ++- test/unit/modules/Bom.spec.js | 11 +-- webpack.config.js | 51 ++++++++-- 17 files changed, 218 insertions(+), 76 deletions(-) diff --git a/README.md b/README.md index 25d0e17d9..5b5eb6420 100644 --- a/README.md +++ b/README.md @@ -13,12 +13,12 @@ npm i -S @cyclonedx/cyclonedx-library As node module: ```javascript -const CycloneDX_library = require('@cyclonedx/cyclonedx-library') +const cdx = require('@cyclonedx/cyclonedx-library') -let bom = new CycloneDX_library.models.Bom() +let bom = new cdx.models.Bom() bom.components.add( - new CycloneDX_library.models.Component( - CycloneDX_library.enums.ComponentType.Library, + new cdx.models.Component( + cdx.enums.ComponentType.Library, 'myComponent' ) ) @@ -29,14 +29,13 @@ In web-browser: - test - + example +

Library is available as CycloneDX_library.

- ``` ## Development diff --git a/examples/node.js b/examples/node.js index 8d99c1c13..5efe70278 100644 --- a/examples/node.js +++ b/examples/node.js @@ -1,9 +1,9 @@ -const CycloneDX_library = require('../') +const cdx = require('../') -let bom = new CycloneDX_library.models.Bom() +let bom = new cdx.models.Bom() bom.components.add( - new CycloneDX_library.models.Component( - CycloneDX_library.enums.ComponentType.Library, + new cdx.models.Component( + cdx.enums.ComponentType.Library, 'myComponent' ) ) diff --git a/examples/web-browser.html b/examples/web-browser.html index b80ff05b9..07ecf6b9e 100644 --- a/examples/web-browser.html +++ b/examples/web-browser.html @@ -1,8 +1,8 @@ - test - + example +

Library is available as CycloneDX_library.

diff --git a/package-lock.json b/package-lock.json index 786415253..f376467c5 100644 --- a/package-lock.json +++ b/package-lock.json @@ -8,13 +8,15 @@ "name": "@cyclonedx/cyclonedx-library", "version": "0.0.1-alpha", "dependencies": { + "deepmerge": "^4.2.2", "packageurl-js": "^0.0.6" }, "devDependencies": { "mocha": "9.2.2", + "ts-loader": "9.2.8", "typescript": "4.6.3", - "webpack": "^5.71.0", - "webpack-cli": "^4.9.2" + "webpack": "5.71.0", + "webpack-cli": "4.9.2" } }, "node_modules/@discoveryjs/json-ext": { @@ -642,6 +644,14 @@ "url": "https://github.com/sponsors/sindresorhus" } }, + "node_modules/deepmerge": { + "version": "4.2.2", + "resolved": "https://registry.npmjs.org/deepmerge/-/deepmerge-4.2.2.tgz", + "integrity": "sha512-FJ3UgI4gIl+PHZm53knsuSFpE+nESMr7M4v9QcgB7S63Kj/6WqMiFQJpBBYz1Pt+66bZpP3Q7Lye0Oo9MPKEdg==", + "engines": { + "node": ">=0.10.0" + } + }, "node_modules/diff": { "version": "5.0.0", "resolved": "https://registry.npmjs.org/diff/-/diff-5.0.0.tgz", @@ -851,20 +861,6 @@ "integrity": "sha1-FQStJSMVjKpA20onh8sBQRmU6k8=", "dev": true }, - "node_modules/fsevents": { - "version": "2.3.2", - "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.2.tgz", - "integrity": "sha512-xiqMQR4xAeHTuB9uWm+fFRcIOgKBMiOBP+eXiyT7jsgVCq1bkVygt00oASowB7EdtpOHaaPgKt812P9ab+DDKA==", - "dev": true, - "hasInstallScript": true, - "optional": true, - "os": [ - "darwin" - ], - "engines": { - "node": "^8.16.0 || ^10.6.0 || >=11.0.0" - } - }, "node_modules/function-bind": { "version": "1.1.1", "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.1.tgz", @@ -1250,12 +1246,37 @@ "url": "https://github.com/sponsors/sindresorhus" } }, + "node_modules/lru-cache": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz", + "integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==", + "dev": true, + "dependencies": { + "yallist": "^4.0.0" + }, + "engines": { + "node": ">=10" + } + }, "node_modules/merge-stream": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/merge-stream/-/merge-stream-2.0.0.tgz", "integrity": "sha512-abv/qOcuPfk3URPfDzmZU1LKmuw8kT+0nIHvKrKgFrwifol/doWcdA4ZqsWQ8ENrFKkd67Mfpo/LovbIUsbt3w==", "dev": true }, + "node_modules/micromatch": { + "version": "4.0.5", + "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.5.tgz", + "integrity": "sha512-DMy+ERcEW2q8Z2Po+WNXuw3c5YaUSFjAO5GsJqfEl7UjvtIuFKO6ZrKvcItdy98dwFI2N1tg3zNIdKaQT+aNdA==", + "dev": true, + "dependencies": { + "braces": "^3.0.2", + "picomatch": "^2.3.1" + }, + "engines": { + "node": ">=8.6" + } + }, "node_modules/mime-db": { "version": "1.52.0", "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz", @@ -1702,6 +1723,21 @@ "url": "https://opencollective.com/webpack" } }, + "node_modules/semver": { + "version": "7.3.5", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.3.5.tgz", + "integrity": "sha512-PoeGJYh8HK4BTO/a9Tf6ZG3veo/A7ZVsYrSA6J8ny9nb3B1VrpkuN+z9OE5wfE5p6H4LchYZsegiQgbJD94ZFQ==", + "dev": true, + "dependencies": { + "lru-cache": "^6.0.0" + }, + "bin": { + "semver": "bin/semver.js" + }, + "engines": { + "node": ">=10" + } + }, "node_modules/serialize-javascript": { "version": "6.0.0", "resolved": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-6.0.0.tgz", @@ -1925,6 +1961,25 @@ "node": ">=8.0" } }, + "node_modules/ts-loader": { + "version": "9.2.8", + "resolved": "https://registry.npmjs.org/ts-loader/-/ts-loader-9.2.8.tgz", + "integrity": "sha512-gxSak7IHUuRtwKf3FIPSW1VpZcqF9+MBrHOvBp9cjHh+525SjtCIJKVGjRKIAfxBwDGDGCFF00rTfzB1quxdSw==", + "dev": true, + "dependencies": { + "chalk": "^4.1.0", + "enhanced-resolve": "^5.0.0", + "micromatch": "^4.0.0", + "semver": "^7.3.4" + }, + "engines": { + "node": ">=12.0.0" + }, + "peerDependencies": { + "typescript": "*", + "webpack": "^5.0.0" + } + }, "node_modules/typescript": { "version": "4.6.3", "resolved": "https://registry.npmjs.org/typescript/-/typescript-4.6.3.tgz", @@ -2140,6 +2195,12 @@ "node": ">=10" } }, + "node_modules/yallist": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz", + "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==", + "dev": true + }, "node_modules/yargs": { "version": "16.2.0", "resolved": "https://registry.npmjs.org/yargs/-/yargs-16.2.0.tgz", @@ -2696,6 +2757,11 @@ "integrity": "sha512-9iE1PgSik9HeIIw2JO94IidnE3eBoQrFJ3w7sFuzSX4DpmZ3v5sZpUiV5Swcf6mQEF+Y0ru8Neo+p+nyh2J+hQ==", "dev": true }, + "deepmerge": { + "version": "4.2.2", + "resolved": "https://registry.npmjs.org/deepmerge/-/deepmerge-4.2.2.tgz", + "integrity": "sha512-FJ3UgI4gIl+PHZm53knsuSFpE+nESMr7M4v9QcgB7S63Kj/6WqMiFQJpBBYz1Pt+66bZpP3Q7Lye0Oo9MPKEdg==" + }, "diff": { "version": "5.0.0", "resolved": "https://registry.npmjs.org/diff/-/diff-5.0.0.tgz", @@ -2853,13 +2919,6 @@ "integrity": "sha1-FQStJSMVjKpA20onh8sBQRmU6k8=", "dev": true }, - "fsevents": { - "version": "2.3.2", - "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.2.tgz", - "integrity": "sha512-xiqMQR4xAeHTuB9uWm+fFRcIOgKBMiOBP+eXiyT7jsgVCq1bkVygt00oASowB7EdtpOHaaPgKt812P9ab+DDKA==", - "dev": true, - "optional": true - }, "function-bind": { "version": "1.1.1", "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.1.tgz", @@ -3136,12 +3195,31 @@ "is-unicode-supported": "^0.1.0" } }, + "lru-cache": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz", + "integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==", + "dev": true, + "requires": { + "yallist": "^4.0.0" + } + }, "merge-stream": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/merge-stream/-/merge-stream-2.0.0.tgz", "integrity": "sha512-abv/qOcuPfk3URPfDzmZU1LKmuw8kT+0nIHvKrKgFrwifol/doWcdA4ZqsWQ8ENrFKkd67Mfpo/LovbIUsbt3w==", "dev": true }, + "micromatch": { + "version": "4.0.5", + "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.5.tgz", + "integrity": "sha512-DMy+ERcEW2q8Z2Po+WNXuw3c5YaUSFjAO5GsJqfEl7UjvtIuFKO6ZrKvcItdy98dwFI2N1tg3zNIdKaQT+aNdA==", + "dev": true, + "requires": { + "braces": "^3.0.2", + "picomatch": "^2.3.1" + } + }, "mime-db": { "version": "1.52.0", "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz", @@ -3456,6 +3534,15 @@ "ajv-keywords": "^3.5.2" } }, + "semver": { + "version": "7.3.5", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.3.5.tgz", + "integrity": "sha512-PoeGJYh8HK4BTO/a9Tf6ZG3veo/A7ZVsYrSA6J8ny9nb3B1VrpkuN+z9OE5wfE5p6H4LchYZsegiQgbJD94ZFQ==", + "dev": true, + "requires": { + "lru-cache": "^6.0.0" + } + }, "serialize-javascript": { "version": "6.0.0", "resolved": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-6.0.0.tgz", @@ -3606,6 +3693,18 @@ "is-number": "^7.0.0" } }, + "ts-loader": { + "version": "9.2.8", + "resolved": "https://registry.npmjs.org/ts-loader/-/ts-loader-9.2.8.tgz", + "integrity": "sha512-gxSak7IHUuRtwKf3FIPSW1VpZcqF9+MBrHOvBp9cjHh+525SjtCIJKVGjRKIAfxBwDGDGCFF00rTfzB1quxdSw==", + "dev": true, + "requires": { + "chalk": "^4.1.0", + "enhanced-resolve": "^5.0.0", + "micromatch": "^4.0.0", + "semver": "^7.3.4" + } + }, "typescript": { "version": "4.6.3", "resolved": "https://registry.npmjs.org/typescript/-/typescript-4.6.3.tgz", @@ -3751,6 +3850,12 @@ "integrity": "sha512-0pfFzegeDWJHJIAmTLRP2DwHjdF5s7jo9tuztdQxAhINCdvS+3nGINqPd00AphqJR/0LhANUS6/+7SCb98YOfA==", "dev": true }, + "yallist": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz", + "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==", + "dev": true + }, "yargs": { "version": "16.2.0", "resolved": "https://registry.npmjs.org/yargs/-/yargs-16.2.0.tgz", diff --git a/package.json b/package.json index c84a62c05..cb5cf2e8b 100644 --- a/package.json +++ b/package.json @@ -3,13 +3,15 @@ "type": "commonjs", "version": "0.0.1-alpha", "dependencies": { + "deepmerge": "^4.2.2", "packageurl-js": "^0.0.6" }, "devDependencies": { "mocha": "9.2.2", + "ts-loader": "9.2.8", "typescript": "4.6.3", - "webpack": "^5.71.0", - "webpack-cli": "^4.9.2" + "webpack": "5.71.0", + "webpack-cli": "4.9.2" }, "main": "dist.node/index.js", "types": "dist.node/index.d.ts", diff --git a/src/enums/ExternalReferenceType.ts b/src/enums/ExternalReferenceType.ts index e0da07015..51363bed6 100644 --- a/src/enums/ExternalReferenceType.ts +++ b/src/enums/ExternalReferenceType.ts @@ -1,7 +1,7 @@ export enum ExternalReferenceType { VCS = "vcs", IssueTracker = "issue-tracker", - Website= "website", + Website = "website", Advisories = "advisories", BOM = "bom", MailingList = "mailing-list", diff --git a/src/models/Attachment.ts b/src/models/Attachment.ts index 27a5816c4..917d293a7 100644 --- a/src/models/Attachment.ts +++ b/src/models/Attachment.ts @@ -1,11 +1,11 @@ -import {AttachmentEncoding} from "../enums/AttachmentEncoding"; +import {AttachmentEncoding} from "../enums/" export class Attachment { contentType: string | null = null content: string encoding: AttachmentEncoding | null = null - constructor(content:string) { + constructor(content: string) { this.content = content } } diff --git a/src/models/Bom.ts b/src/models/Bom.ts index 4cc09c9b6..14b925421 100644 --- a/src/models/Bom.ts +++ b/src/models/Bom.ts @@ -1,6 +1,6 @@ import {Metadata} from "./Metadata" import {ComponentRepository} from "./Component" -import {PositiveInteger, isPositiveInteger} from "../types" +import {isPositiveInteger, PositiveInteger} from "../types" const SerialNumberRegExp = /^urn:uuid:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/ diff --git a/src/models/Component.ts b/src/models/Component.ts index d553edc6a..759ce0481 100644 --- a/src/models/Component.ts +++ b/src/models/Component.ts @@ -1,12 +1,11 @@ -import {ComponentType} from "../enums/ComponentType"; -import {BomRef} from "./BomRef"; -import {HashRepository} from "./Hash"; -import {OrganizationalEntity} from "./OrganizationalEntity"; -import {ExternalReferenceRepository} from "./ExternalReference"; -import {LicenseRepository} from "./License"; -import {ComponentScope} from "../enums/ComponentScope"; -import {PackageURL} from 'packageurl-js'; -import {SWID} from "./SWID"; +import {ComponentScope, ComponentType} from "../enums/" +import {BomRef} from "./BomRef" +import {HashRepository} from "./Hash" +import {OrganizationalEntity} from "./OrganizationalEntity" +import {ExternalReferenceRepository} from "./ExternalReference" +import {LicenseRepository} from "./License" +import {PackageURL} from 'packageurl-js' +import {SWID} from "./SWID" export class Component { readonly bomRef = new BomRef() diff --git a/src/models/ExternalReference.ts b/src/models/ExternalReference.ts index 5b7c4f56e..cfabdf32d 100644 --- a/src/models/ExternalReference.ts +++ b/src/models/ExternalReference.ts @@ -1,4 +1,4 @@ -import {ExternalReferenceType} from "../enums/ExternalReferenceType"; +import {ExternalReferenceType} from "../enums/" export class ExternalReference { url: URL diff --git a/src/models/Hash.ts b/src/models/Hash.ts index a4ad999bb..1b7b153c1 100644 --- a/src/models/Hash.ts +++ b/src/models/Hash.ts @@ -1,4 +1,4 @@ -import {HashAlgorithm} from "../enums/HashAlogorithms"; +import {HashAlgorithm} from "../enums/"; // no regex for the ashContent in here. It applies at runtime of a normalization/serialization process. export type HashContent = string diff --git a/src/models/License.ts b/src/models/License.ts index d2c74bdf4..5e0f81c8e 100644 --- a/src/models/License.ts +++ b/src/models/License.ts @@ -1,4 +1,4 @@ -import {SpdxId, isSpdxId} from '../spdx' +import {isSpdxId, SpdxId} from '../spdx' export class LicenseExpression { value: string diff --git a/src/models/SWID.ts b/src/models/SWID.ts index b4eccb3ca..3e656b92d 100644 --- a/src/models/SWID.ts +++ b/src/models/SWID.ts @@ -1,5 +1,5 @@ import {Attachment} from "./Attachment"; -import {PositiveInteger, isPositiveInteger} from "../types" +import {isPositiveInteger, PositiveInteger} from "../types" export class SWID { tagId: string diff --git a/src/types.ts b/src/types.ts index ea711b709..284237f94 100644 --- a/src/types.ts +++ b/src/types.ts @@ -1,8 +1,6 @@ - export declare type PositiveInteger = number -export function isPositiveInteger(value: any): value is PositiveInteger -{ +export function isPositiveInteger(value: any): value is PositiveInteger { return Number.isInteger(value) && value > 0 } diff --git a/test/README.md b/test/README.md index 9da211655..98269a451 100644 --- a/test/README.md +++ b/test/README.md @@ -1,4 +1,15 @@ # Tests Tests are written in plain JavaScript, and -they are intended to test the build result(`dist/`) - instead of the source(`src/`). +they are intended to test the build result(`dist.node/` & `dist.web/`), +instead of the source(`src/`). + +## run node tests + +```shell +npm run test +``` + +## run browser tests + +_TODO:_ generate mocha for browser and run it in a headless env. diff --git a/test/unit/modules/Bom.spec.js b/test/unit/modules/Bom.spec.js index 757c8a84c..450d723d6 100644 --- a/test/unit/modules/Bom.spec.js +++ b/test/unit/modules/Bom.spec.js @@ -1,6 +1,6 @@ const assert = require('assert'); const {models: { - Bom, Metadata, ComponentRepository, ToolRepository, OrganizationalContactRepository + Bom, Metadata, ComponentRepository, }} = require('../../../'); describe('BOM', () => { @@ -9,14 +9,7 @@ describe('BOM', () => { const bom = new Bom() assert.ok(bom.metadata instanceof Metadata) - assert.strictEqual(bom.metadata.timestamp, null) - assert.ok(bom.metadata.tools instanceof ToolRepository) - assert.strictEqual(bom.metadata.tools.size, 0) - assert.ok(bom.metadata.authors instanceof OrganizationalContactRepository) - assert.strictEqual(bom.metadata.authors.size, 0) - assert.strictEqual(bom.metadata.component, null) - assert.strictEqual(bom.metadata.supplier, null) - assert.strictEqual(bom.metadata.manufacture, null) + assert.deepStrictEqual(bom.metadata, new Metadata()) assert.ok(bom.components instanceof ComponentRepository) assert.equal(bom.components.size, 0) assert.strictEqual(bom.version, 1) diff --git a/webpack.config.js b/webpack.config.js index 30ad363a5..bcc4f1870 100644 --- a/webpack.config.js +++ b/webpack.config.js @@ -1,15 +1,50 @@ const path = require('path'); +const merge = require('deepmerge') -module.exports = { +// see https://webpack.js.org/guides/author-libraries/ + +const configBase = { target: 'web', - mode: 'production', - entry: path.resolve(__dirname, 'dist.node/index.js'), + // mode: '', + module: { + rules: [ + { + test: /\.tsx?$/, + use: 'ts-loader', + exclude: /node_modules/, + }, + ], + }, + resolve: { + extensions: ['.tsx', '.ts'], + }, + entry: path.resolve(__dirname, 'src/index.ts'), output: { - filename: 'CycloneDX_library.js', path: path.resolve(__dirname, 'dist.web'), - library: 'CycloneDX_library', - libraryTarget: 'umd', - globalObject: 'this', - umdNamedDefine: true, + // filename: '', + library: { + name: 'CycloneDX_library', + type: 'umd', + }, + }, + externals: { + 'packageurl-js': 'PackageURL', }, }; + + +module.exports = [ + merge(configBase, { + mode: 'production', + output: { + filename: 'lib.js', + }, + }), + merge(configBase, { + mode: 'development', + devtool: 'source-map', + output: { + filename: 'lib.dev.js', + }, + }), +] From 2a3abe5fa506096965766ed8250d3efd7021fecc Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sun, 3 Apr 2022 11:17:36 +0200 Subject: [PATCH 039/233] wip Signed-off-by: Jan Kowalleck --- package.json | 1 + 1 file changed, 1 insertion(+) diff --git a/package.json b/package.json index cb5cf2e8b..2c8be349d 100644 --- a/package.json +++ b/package.json @@ -16,6 +16,7 @@ "main": "dist.node/index.js", "types": "dist.node/index.d.ts", "scripts": { + "prepare": "npm run build", "lint": "tsc --noEmit", "build": "npm run build:node && npm run build:web", "prebuild:node": "node -r fs -e 'fs.rmSync(\"dist.node\",{recursive:true,force:true})'", From f30882a49c8ac177233df0975a704e691104c92a Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sun, 3 Apr 2022 11:25:02 +0200 Subject: [PATCH 040/233] wip Signed-off-by: Jan Kowalleck --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 2c8be349d..a80a02bc4 100644 --- a/package.json +++ b/package.json @@ -16,7 +16,7 @@ "main": "dist.node/index.js", "types": "dist.node/index.d.ts", "scripts": { - "prepare": "npm run build", + "prepublish": "npm run build", "lint": "tsc --noEmit", "build": "npm run build:node && npm run build:web", "prebuild:node": "node -r fs -e 'fs.rmSync(\"dist.node\",{recursive:true,force:true})'", From 0ed671087b8f0c299882b1e9806470f064d84e34 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sun, 3 Apr 2022 11:27:12 +0200 Subject: [PATCH 041/233] wip Signed-off-by: Jan Kowalleck --- package-lock.json | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/package-lock.json b/package-lock.json index f376467c5..bc4f7205d 100644 --- a/package-lock.json +++ b/package-lock.json @@ -861,6 +861,20 @@ "integrity": "sha1-FQStJSMVjKpA20onh8sBQRmU6k8=", "dev": true }, + "node_modules/fsevents": { + "version": "2.3.2", + "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.2.tgz", + "integrity": "sha512-xiqMQR4xAeHTuB9uWm+fFRcIOgKBMiOBP+eXiyT7jsgVCq1bkVygt00oASowB7EdtpOHaaPgKt812P9ab+DDKA==", + "dev": true, + "hasInstallScript": true, + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": "^8.16.0 || ^10.6.0 || >=11.0.0" + } + }, "node_modules/function-bind": { "version": "1.1.1", "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.1.tgz", @@ -2919,6 +2933,13 @@ "integrity": "sha1-FQStJSMVjKpA20onh8sBQRmU6k8=", "dev": true }, + "fsevents": { + "version": "2.3.2", + "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.2.tgz", + "integrity": "sha512-xiqMQR4xAeHTuB9uWm+fFRcIOgKBMiOBP+eXiyT7jsgVCq1bkVygt00oASowB7EdtpOHaaPgKt812P9ab+DDKA==", + "dev": true, + "optional": true + }, "function-bind": { "version": "1.1.1", "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.1.tgz", From 7cb33f2c98fae93674409f17c31583ea3518a54e Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sun, 3 Apr 2022 11:31:54 +0200 Subject: [PATCH 042/233] wip Signed-off-by: Jan Kowalleck --- .npmignore | 3 +++ README.md | 6 ++++++ 2 files changed, 9 insertions(+) diff --git a/.npmignore b/.npmignore index 8a7fc0ff6..714fe68af 100644 --- a/.npmignore +++ b/.npmignore @@ -164,6 +164,9 @@ dist # Conclusion: have sources shipped, as long as they have value downstream! !/src/ !/tsconfig.json +!/webpack.config.js + +/test/ /tests/ /examples/ diff --git a/README.md b/README.md index 5b5eb6420..691f8b2fa 100644 --- a/README.md +++ b/README.md @@ -5,10 +5,16 @@ written in _TypeScript_ and compiled to the target. ## Install +This package and the resulting dist sources are available as npm package: ```shell npm i -S @cyclonedx/cyclonedx-library ``` +However, you can install the package from source, which will compile the dist automatically on installation: +```shell +npm i -S git@github.com:CycloneDX/cyclonedx-javascript-library.git +``` + ## Usage As node module: From 7694f501695e776ab8be80274263cb0c52783512 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sun, 3 Apr 2022 11:36:29 +0200 Subject: [PATCH 043/233] wip Signed-off-by: Jan Kowalleck --- README.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 691f8b2fa..beba2e4fa 100644 --- a/README.md +++ b/README.md @@ -5,12 +5,13 @@ written in _TypeScript_ and compiled to the target. ## Install -This package and the resulting dist sources are available as npm package: +This package and the build results are available as npm package: ```shell npm i -S @cyclonedx/cyclonedx-library ``` -However, you can install the package from source, which will compile the dist automatically on installation: +However, you can install the package from source, +which will build automatically on installation: ```shell npm i -S git@github.com:CycloneDX/cyclonedx-javascript-library.git ``` @@ -53,6 +54,8 @@ Install dependencies: npm ci ``` +The setup will also build the project. + ### Build from source Build the JavaScript: From e9782ed05ca6e720bb07adb6f3bfcc476138b938 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sun, 3 Apr 2022 11:42:12 +0200 Subject: [PATCH 044/233] wip Signed-off-by: Jan Kowalleck --- package-lock.json | 6 ++++-- package.json | 2 +- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/package-lock.json b/package-lock.json index bc4f7205d..8bbb492fa 100644 --- a/package-lock.json +++ b/package-lock.json @@ -8,10 +8,10 @@ "name": "@cyclonedx/cyclonedx-library", "version": "0.0.1-alpha", "dependencies": { - "deepmerge": "^4.2.2", "packageurl-js": "^0.0.6" }, "devDependencies": { + "deepmerge": "4.2.2", "mocha": "9.2.2", "ts-loader": "9.2.8", "typescript": "4.6.3", @@ -648,6 +648,7 @@ "version": "4.2.2", "resolved": "https://registry.npmjs.org/deepmerge/-/deepmerge-4.2.2.tgz", "integrity": "sha512-FJ3UgI4gIl+PHZm53knsuSFpE+nESMr7M4v9QcgB7S63Kj/6WqMiFQJpBBYz1Pt+66bZpP3Q7Lye0Oo9MPKEdg==", + "dev": true, "engines": { "node": ">=0.10.0" } @@ -2774,7 +2775,8 @@ "deepmerge": { "version": "4.2.2", "resolved": "https://registry.npmjs.org/deepmerge/-/deepmerge-4.2.2.tgz", - "integrity": "sha512-FJ3UgI4gIl+PHZm53knsuSFpE+nESMr7M4v9QcgB7S63Kj/6WqMiFQJpBBYz1Pt+66bZpP3Q7Lye0Oo9MPKEdg==" + "integrity": "sha512-FJ3UgI4gIl+PHZm53knsuSFpE+nESMr7M4v9QcgB7S63Kj/6WqMiFQJpBBYz1Pt+66bZpP3Q7Lye0Oo9MPKEdg==", + "dev": true }, "diff": { "version": "5.0.0", diff --git a/package.json b/package.json index a80a02bc4..fd1ee7833 100644 --- a/package.json +++ b/package.json @@ -3,10 +3,10 @@ "type": "commonjs", "version": "0.0.1-alpha", "dependencies": { - "deepmerge": "^4.2.2", "packageurl-js": "^0.0.6" }, "devDependencies": { + "deepmerge": "4.2.2", "mocha": "9.2.2", "ts-loader": "9.2.8", "typescript": "4.6.3", From f84ecf071813fde0df4d83d09e975bb46fbc5aaa Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sun, 3 Apr 2022 11:44:24 +0200 Subject: [PATCH 045/233] wip Signed-off-by: Jan Kowalleck --- .github/workflows/nodejs.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/nodejs.yml b/.github/workflows/nodejs.yml index 6b8edbf36..53c414c48 100644 --- a/.github/workflows/nodejs.yml +++ b/.github/workflows/nodejs.yml @@ -32,7 +32,7 @@ jobs: cache: "npm" cache-dependency-path: "**/package-lock.json" - name: install project - run: npm ci + run: npm ci --ignore-scripts - name: build run: npm run build - name: test From 07846eb39a73e49afaacb8bf5f6d7205fae7a470 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sun, 3 Apr 2022 18:32:18 +0200 Subject: [PATCH 046/233] wip Signed-off-by: Jan Kowalleck --- test/unit/modules/Bom.spec.js | 4 ++-- test/unit/spdx.spec.js | 13 ++++++++----- 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/test/unit/modules/Bom.spec.js b/test/unit/modules/Bom.spec.js index 450d723d6..1dbaf3ded 100644 --- a/test/unit/modules/Bom.spec.js +++ b/test/unit/modules/Bom.spec.js @@ -1,6 +1,6 @@ const assert = require('assert'); -const {models: { - Bom, Metadata, ComponentRepository, +const {models:{ + Bom, ComponentRepository, Metadata }} = require('../../../'); describe('BOM', () => { diff --git a/test/unit/spdx.spec.js b/test/unit/spdx.spec.js index c9120ed1a..df2e746ed 100644 --- a/test/unit/spdx.spec.js +++ b/test/unit/spdx.spec.js @@ -1,5 +1,7 @@ const assert = require('assert'); -const {spdx} = require('../../'); +const {spdx:{ + fixupSpdxId, isSpdxId +}} = require('../../'); describe('isSpdxId()', () => { @@ -8,7 +10,7 @@ describe('isSpdxId()', () => { describe('is true', () => { knownSpdxIds.forEach(value => { it(`for: ${value}`, () => { - assert.strictEqual(spdx.isSpdxId(value), true) + assert.strictEqual(isSpdxId(value), true) }) }) }) @@ -16,7 +18,7 @@ describe('isSpdxId()', () => { describe('is false', () => { [null, undefined, 'fooBarbaz', 'mit'].forEach(value => { it(`for: ${value}`, () => { - assert.strictEqual(spdx.isSpdxId(value), false) + assert.strictEqual(isSpdxId(value), false) }) }) }) @@ -36,7 +38,7 @@ describe('fixupSpdxId()', () => { describe('transform', () => { expectedFixed.forEach((expected, value) => { it(`${value} -> ${expected}`, () => { - assert.strictEqual(spdx.fixupSpdxId(value), expected) + assert.strictEqual(fixupSpdxId(value), expected) }) }) }) @@ -44,9 +46,10 @@ describe('fixupSpdxId()', () => { describe('miss', () => { [undefined, null, 'fooBarbaz'].forEach((value, expected) => { it(`${value}`, () => { - assert.strictEqual(spdx.fixupSpdxId(value), undefined) + assert.strictEqual(fixupSpdxId(value), undefined) }) }) }) + }) From 0a5937fc5f59588aaeef6afae4aa9bfb5aad9ba0 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sun, 3 Apr 2022 19:29:14 +0200 Subject: [PATCH 047/233] split build and test (#12) * wip Signed-off-by: Jan Kowalleck * wip Signed-off-by: Jan Kowalleck --- .github/workflows/nodejs.yml | 63 ++++++++++++++++++++++++++++++------ package-lock.json | 4 +++ package.json | 27 +++++++++++++++- 3 files changed, 84 insertions(+), 10 deletions(-) diff --git a/.github/workflows/nodejs.yml b/.github/workflows/nodejs.yml index 53c414c48..a6c281644 100644 --- a/.github/workflows/nodejs.yml +++ b/.github/workflows/nodejs.yml @@ -14,12 +14,15 @@ env: NODE_ACTIVE_LTS: "16" jobs: - test: - name: build & test - timeout-minutes: 30 - # TODO: make it a matrix of all supported node versions - # -- the build may happen in a separate latest-node version run + build: + name: build for ${{ matrix.target }} runs-on: "ubuntu-latest" + timeout-minutes: 30 + strategy: + matrix: + target: + - node + - web steps: - name: Checkout # see https://github.com/actions/checkout @@ -31,9 +34,51 @@ jobs: node-version: ${{ env.NODE_ACTIVE_LTS }} cache: "npm" cache-dependency-path: "**/package-lock.json" - - name: install project + - name: setup project + run: npm ci --ignore-scripts + - name: build ${{ matrix.target }} + run: npm run build:${{ matrix.target }} + - name: artifact build result + # see https://github.com/actions/upload-artifact + uses: actions/upload-artifact@v3 + with: + name: dist.${{ matrix.target }} + path: dist.${{ matrix.target }} + if-no-files-found: error + test: + needs: [ build ] + name: test (node${{ matrix.node-version }}, ${{ matrix.os }}) + runs-on: ${{ matrix.os }} + strategy: + matrix: + node-version: + # action based on https://github.com/actions/node-versions/releases + # see also: https://nodejs.org/en/about/releases/ + - "17" # current + - "16" # active LTS + - "14" + - "12" + - "12.0.0" # lowest supported + os: [ "ubuntu-latest", "macos-latest", "windows-latest" ] + timeout-minutes: 30 + steps: + - name: Checkout + # see https://github.com/actions/checkout + uses: actions/checkout@v3 + - name: Setup Node.js ${{ env.NODE_ACTIVE_LTS }} + # see https://github.com/actions/setup-node + uses: actions/setup-node@v3 + with: + node-version: ${{ matrix.node-version }} + cache: "npm" + cache-dependency-path: "**/package-lock.json" + - name: setup project run: npm ci --ignore-scripts - - name: build - run: npm run build + - name: fetch build artifact + # see https://github.com/actions/download-artifact + uses: actions/download-artifact@v3 + with: + name: dist.node + path: dist.node - name: test - run: npm run test + run: npm test diff --git a/package-lock.json b/package-lock.json index 8bbb492fa..aed7c4da1 100644 --- a/package-lock.json +++ b/package-lock.json @@ -7,6 +7,7 @@ "": { "name": "@cyclonedx/cyclonedx-library", "version": "0.0.1-alpha", + "license": "Apache-2.0", "dependencies": { "packageurl-js": "^0.0.6" }, @@ -17,6 +18,9 @@ "typescript": "4.6.3", "webpack": "5.71.0", "webpack-cli": "4.9.2" + }, + "engines": { + "node": ">=12.0.0" } }, "node_modules/@discoveryjs/json-ext": { diff --git a/package.json b/package.json index fd1ee7833..2e98a1708 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,25 @@ { "name": "@cyclonedx/cyclonedx-library", - "type": "commonjs", "version": "0.0.1-alpha", + "description": "Core functionality of CDX for JavaScript (node or web-browser)", + "repository": { + "type": "git", + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library" + }, + "bugs": { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues" + }, + "license": "Apache-2.0", + "author": "Jan Kowalleck", + "contributors": [ + { + "name": "Jan Kowalleck" + } + ], + "type": "commonjs", + "engines": { + "node": ">=12.0.0" + }, "dependencies": { "packageurl-js": "^0.0.6" }, @@ -13,8 +31,15 @@ "webpack": "5.71.0", "webpack-cli": "4.9.2" }, + "browser": "dist.web/lib.js", "main": "dist.node/index.js", "types": "dist.node/index.d.ts", + "directories": { + "lib": "dist.node", + "doc": "docs", + "example": "examples", + "test": "test" + }, "scripts": { "prepublish": "npm run build", "lint": "tsc --noEmit", From 09a5c7881f81880377986a7a38f28cfdf95723cc Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sun, 3 Apr 2022 20:57:55 +0200 Subject: [PATCH 048/233] wip Signed-off-by: Jan Kowalleck --- README.md | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index beba2e4fa..7b3eafc50 100644 --- a/README.md +++ b/README.md @@ -1,16 +1,16 @@ # CycloneDX JavaScript library -Core functionality of CDX for _JavaScript_ (node or web-browser), +Core functionality of [CycloneDX] for _JavaScript_ (node or web-browser), written in _TypeScript_ and compiled to the target. -## Install +## Install This package and the build results are available as npm package: ```shell npm i -S @cyclonedx/cyclonedx-library ``` -However, you can install the package from source, +However, you can install the package from source, which will build automatically on installation: ```shell npm i -S git@github.com:CycloneDX/cyclonedx-javascript-library.git @@ -67,5 +67,7 @@ npm run build Run the tests: ```shell -npm run test +npm test ``` + +[CycloneDX]: https://cyclonedx.org/ From 7873dca3565cf2c57ee6e51eab5638c62cd5c469 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sun, 3 Apr 2022 21:09:52 +0200 Subject: [PATCH 049/233] wip Signed-off-by: Jan Kowalleck --- .github/workflows/nodejs.yml | 4 ++-- package.json | 2 +- tsconfig.json | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/nodejs.yml b/.github/workflows/nodejs.yml index a6c281644..95790a625 100644 --- a/.github/workflows/nodejs.yml +++ b/.github/workflows/nodejs.yml @@ -54,11 +54,11 @@ jobs: node-version: # action based on https://github.com/actions/node-versions/releases # see also: https://nodejs.org/en/about/releases/ + - "18" - "17" # current - "16" # active LTS - "14" - - "12" - - "12.0.0" # lowest supported + - "14.0.0" # lowest supported os: [ "ubuntu-latest", "macos-latest", "windows-latest" ] timeout-minutes: 30 steps: diff --git a/package.json b/package.json index 2e98a1708..1a9a13116 100644 --- a/package.json +++ b/package.json @@ -18,7 +18,7 @@ ], "type": "commonjs", "engines": { - "node": ">=12.0.0" + "node": ">=14.0.0" }, "dependencies": { "packageurl-js": "^0.0.6" diff --git a/tsconfig.json b/tsconfig.json index 99d14c477..6fba1ead4 100644 --- a/tsconfig.json +++ b/tsconfig.json @@ -12,7 +12,7 @@ // "disableReferencedProjectLoad": true, /* Reduce the number of projects loaded automatically by TypeScript. */ /* Language and Environment */ - "target": "ESNext", /* Set the JavaScript language version for emitted JavaScript and include compatible library declarations. */ + "target": "ES2020", /* Set the JavaScript language version for emitted JavaScript and include compatible library declarations. */ // "lib": [], /* Specify a set of bundled library declaration files that describe the target runtime environment. */ // "jsx": "preserve", /* Specify what JSX code is generated. */ // "experimentalDecorators": true, /* Enable experimental support for TC39 stage 2 draft decorators. */ From f9702917ea9129688625beaac5a19e981ecd655a Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sun, 3 Apr 2022 21:12:13 +0200 Subject: [PATCH 050/233] wip Signed-off-by: Jan Kowalleck --- tsconfig.json | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tsconfig.json b/tsconfig.json index 6fba1ead4..ee2517465 100644 --- a/tsconfig.json +++ b/tsconfig.json @@ -12,6 +12,7 @@ // "disableReferencedProjectLoad": true, /* Reduce the number of projects loaded automatically by TypeScript. */ /* Language and Environment */ + /* check compat: https://node.green/ */ "target": "ES2020", /* Set the JavaScript language version for emitted JavaScript and include compatible library declarations. */ // "lib": [], /* Specify a set of bundled library declaration files that describe the target runtime environment. */ // "jsx": "preserve", /* Specify what JSX code is generated. */ @@ -25,6 +26,7 @@ // "useDefineForClassFields": true, /* Emit ECMAScript-standard-compliant class fields. */ /* Modules */ + /* check compat: https://node.green/ */ "module": "CommonJS", /* Specify what module code is generated. */ "rootDir": "src", /* Specify the root folder within your source files. */ "moduleResolution": "Node", /* Specify how TypeScript looks up a file from a given module specifier. */ From 654e81c230bcd72650e6a7a481bc7595338391b4 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sun, 3 Apr 2022 21:14:59 +0200 Subject: [PATCH 051/233] wip Signed-off-by: Jan Kowalleck --- .github/workflows/nodejs.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/nodejs.yml b/.github/workflows/nodejs.yml index 95790a625..c6c3ca2e8 100644 --- a/.github/workflows/nodejs.yml +++ b/.github/workflows/nodejs.yml @@ -19,6 +19,7 @@ jobs: runs-on: "ubuntu-latest" timeout-minutes: 30 strategy: + fail-fast: false matrix: target: - node @@ -50,11 +51,11 @@ jobs: name: test (node${{ matrix.node-version }}, ${{ matrix.os }}) runs-on: ${{ matrix.os }} strategy: + fail-fast: false matrix: node-version: # action based on https://github.com/actions/node-versions/releases # see also: https://nodejs.org/en/about/releases/ - - "18" - "17" # current - "16" # active LTS - "14" From 71a604b9b057b7187d6bd607030aed0d2d9a967d Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Wed, 6 Apr 2022 21:10:42 +0200 Subject: [PATCH 052/233] wip Signed-off-by: Jan Kowalleck --- package-lock.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package-lock.json b/package-lock.json index aed7c4da1..d593a37d4 100644 --- a/package-lock.json +++ b/package-lock.json @@ -20,7 +20,7 @@ "webpack-cli": "4.9.2" }, "engines": { - "node": ">=12.0.0" + "node": ">=14.0.0" } }, "node_modules/@discoveryjs/json-ext": { From d69e610e13993ad4acf0893c9d0aa987a159e916 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Wed, 6 Apr 2022 21:15:56 +0200 Subject: [PATCH 053/233] wip Signed-off-by: Jan Kowalleck --- tsconfig.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tsconfig.json b/tsconfig.json index ee2517465..97b7f059a 100644 --- a/tsconfig.json +++ b/tsconfig.json @@ -40,7 +40,7 @@ // "noResolve": true, /* Disallow `import`s, `require`s or ``s from expanding the number of files TypeScript should add to a project. */ /* JavaScript Support */ - // "allowJs": true, /* Allow JavaScript files to be a part of your program. Use the `checkJS` option to get errors from these files. */ + "allowJs": false, /* Allow JavaScript files to be a part of your program. Use the `checkJS` option to get errors from these files. */ // "checkJs": true, /* Enable error reporting in type-checked JavaScript files. */ // "maxNodeModuleJsDepth": 1, /* Specify the maximum folder depth used for checking JavaScript files from `node_modules`. Only applicable with `allowJs`. */ From 0185ff8e409b1b1a1ef9db5ae484e4ec13d8ac71 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 9 Apr 2022 14:11:52 +0200 Subject: [PATCH 054/233] Bump webpack from 5.71.0 to 5.72.0 (#14) Bumps [webpack](https://github.com/webpack/webpack) from 5.71.0 to 5.72.0. - [Release notes](https://github.com/webpack/webpack/releases) - [Commits](https://github.com/webpack/webpack/compare/v5.71.0...v5.72.0) --- updated-dependencies: - dependency-name: webpack dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Jan Kowalleck --- package-lock.json | 14 +++++++------- package.json | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/package-lock.json b/package-lock.json index d593a37d4..91bc81859 100644 --- a/package-lock.json +++ b/package-lock.json @@ -16,7 +16,7 @@ "mocha": "9.2.2", "ts-loader": "9.2.8", "typescript": "4.6.3", - "webpack": "5.71.0", + "webpack": "5.72.0", "webpack-cli": "4.9.2" }, "engines": { @@ -2035,9 +2035,9 @@ } }, "node_modules/webpack": { - "version": "5.71.0", - "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.71.0.tgz", - "integrity": "sha512-g4dFT7CFG8LY0iU5G8nBL6VlkT21Z7dcYDpJAEJV5Q1WLb9UwnFbrem1k7K52ILqEmomN7pnzWFxxE6SlDY56A==", + "version": "5.72.0", + "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.72.0.tgz", + "integrity": "sha512-qmSmbspI0Qo5ld49htys8GY9XhS9CGqFoHTsOVAnjBdg0Zn79y135R+k4IR4rKK6+eKaabMhJwiVB7xw0SJu5w==", "dev": true, "dependencies": { "@types/eslint-scope": "^3.7.3", @@ -3758,9 +3758,9 @@ } }, "webpack": { - "version": "5.71.0", - "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.71.0.tgz", - "integrity": "sha512-g4dFT7CFG8LY0iU5G8nBL6VlkT21Z7dcYDpJAEJV5Q1WLb9UwnFbrem1k7K52ILqEmomN7pnzWFxxE6SlDY56A==", + "version": "5.72.0", + "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.72.0.tgz", + "integrity": "sha512-qmSmbspI0Qo5ld49htys8GY9XhS9CGqFoHTsOVAnjBdg0Zn79y135R+k4IR4rKK6+eKaabMhJwiVB7xw0SJu5w==", "dev": true, "requires": { "@types/eslint-scope": "^3.7.3", diff --git a/package.json b/package.json index 1a9a13116..078aab68f 100644 --- a/package.json +++ b/package.json @@ -28,7 +28,7 @@ "mocha": "9.2.2", "ts-loader": "9.2.8", "typescript": "4.6.3", - "webpack": "5.71.0", + "webpack": "5.72.0", "webpack-cli": "4.9.2" }, "browser": "dist.web/lib.js", From 5f61a65bff68eaae7e8316d1548364d5b3f2bf21 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sun, 10 Apr 2022 09:49:40 +0200 Subject: [PATCH 055/233] Feat/serialize json (#15) * wip Signed-off-by: Jan Kowalleck * wip Signed-off-by: Jan Kowalleck * wip Signed-off-by: Jan Kowalleck * wip Signed-off-by: Jan Kowalleck * wip Signed-off-by: Jan Kowalleck * wip Signed-off-by: Jan Kowalleck * wip Signed-off-by: Jan Kowalleck * wip Signed-off-by: Jan Kowalleck * wip Signed-off-by: Jan Kowalleck * wip Signed-off-by: Jan Kowalleck * wip Signed-off-by: Jan Kowalleck * wip Signed-off-by: Jan Kowalleck * wip Signed-off-by: Jan Kowalleck * wip Signed-off-by: Jan Kowalleck * wip Signed-off-by: Jan Kowalleck * wip Signed-off-by: Jan Kowalleck * wip Signed-off-by: Jan Kowalleck * wip Signed-off-by: Jan Kowalleck * wip Signed-off-by: Jan Kowalleck * wip Signed-off-by: Jan Kowalleck --- .mocharc.js | 8 +- README.md | 25 +- examples/node.js | 16 +- examples/web-browser.html | 26 +- package.json | 4 +- src/SPDX.ts | 24 ++ ...hmentEncoding.ts => attachmentEncoding.ts} | 0 .../{ComponentScope.ts => componentScope.ts} | 0 .../{ComponentType.ts => componentType.ts} | 2 +- ...erenceType.ts => externalReferenceType.ts} | 0 .../{HashAlogorithms.ts => hashAlogorithm.ts} | 0 src/enums/index.ts | 13 +- src/factories/licenseFactory.ts | 4 + src/index.ts | 10 +- src/models/SWID.ts | 2 +- src/models/{Attachment.ts => attachment.ts} | 0 src/models/{Bom.ts => bom.ts} | 15 +- src/models/{BomRef.ts => bomRef.ts} | 0 src/models/{Component.ts => component.ts} | 14 +- ...ernalReference.ts => externalReference.ts} | 0 src/models/{Hash.ts => hash.ts} | 0 src/models/index.ts | 22 +- src/models/{License.ts => license.ts} | 7 +- src/models/{Metadata.ts => metadata.ts} | 8 +- ...nalContact.ts => organizationalContact.ts} | 0 ...ionalEntity.ts => organizationalEntity.ts} | 2 +- src/models/{Tool.ts => tool.ts} | 2 +- src/serialize/JSON.ts | 355 ++++++++++++++++++ src/serialize/index.ts | 3 + src/serialize/serializer.ts | 5 + src/spdx.ts | 23 -- src/spec.ts | 129 +++++++ src/types.ts | 4 + test/README.md | 5 + test/_data/enumLoader.js | 10 + test/_data/serialize.js | 104 +++++ test/_data/serializeResults/.editorconfig | 8 + test/_data/serializeResults/.gitattributes | 1 + .../serializeResults/complex-spec1.4.txt | 124 ++++++ test/functional/enums/HashAlogorithms.test.js | 20 +- test/functional/spdx.test.js | 38 +- test/integration/serialize.JSON.test.js | 34 ++ .../Bom.spec.js => models.bom.spec.js} | 33 +- test/unit/spdx.spec.js | 60 +-- 44 files changed, 1006 insertions(+), 154 deletions(-) create mode 100644 src/SPDX.ts rename src/enums/{AttachmentEncoding.ts => attachmentEncoding.ts} (100%) rename src/enums/{ComponentScope.ts => componentScope.ts} (100%) rename src/enums/{ComponentType.ts => componentType.ts} (88%) rename src/enums/{ExternalReferenceType.ts => externalReferenceType.ts} (100%) rename src/enums/{HashAlogorithms.ts => hashAlogorithm.ts} (100%) create mode 100644 src/factories/licenseFactory.ts rename src/models/{Attachment.ts => attachment.ts} (100%) rename src/models/{Bom.ts => bom.ts} (65%) rename src/models/{BomRef.ts => bomRef.ts} (100%) rename src/models/{Component.ts => component.ts} (79%) rename src/models/{ExternalReference.ts => externalReference.ts} (100%) rename src/models/{Hash.ts => hash.ts} (100%) rename src/models/{License.ts => license.ts} (75%) rename src/models/{Metadata.ts => metadata.ts} (59%) rename src/models/{OrganizationalContact.ts => organizationalContact.ts} (100%) rename src/models/{OrganizationalEntity.ts => organizationalEntity.ts} (78%) rename src/models/{Tool.ts => tool.ts} (84%) create mode 100644 src/serialize/JSON.ts create mode 100644 src/serialize/index.ts create mode 100644 src/serialize/serializer.ts delete mode 100644 src/spdx.ts create mode 100644 src/spec.ts create mode 100644 test/_data/enumLoader.js create mode 100644 test/_data/serialize.js create mode 100644 test/_data/serializeResults/.editorconfig create mode 100644 test/_data/serializeResults/.gitattributes create mode 100644 test/_data/serializeResults/complex-spec1.4.txt create mode 100644 test/integration/serialize.JSON.test.js rename test/unit/{modules/Bom.spec.js => models.bom.spec.js} (66%) diff --git a/.mocharc.js b/.mocharc.js index 458f6804b..7e7aad24a 100644 --- a/.mocharc.js +++ b/.mocharc.js @@ -3,7 +3,9 @@ module.exports = { // read: https://mochajs.org/#configuring-mocha-nodejs recursive: true, extension: [ - "spec.js", - "test.js" - ] + "spec.js", "test.js", + "spec.cjs", "test.cjs", + "spec.mjs", "test.mjs", + ], + ui: 'tdd', } diff --git a/README.md b/README.md index 7b3eafc50..d985c3292 100644 --- a/README.md +++ b/README.md @@ -22,10 +22,10 @@ As node module: ```javascript const cdx = require('@cyclonedx/cyclonedx-library') -let bom = new cdx.models.Bom() +const bom = new cdx.models.Bom() bom.components.add( - new cdx.models.Component( - cdx.enums.ComponentType.Library, + new cdx.Models.Component( + cdx.Enums.ComponentType.Library, 'myComponent' ) ) @@ -36,12 +36,21 @@ In web-browser: - example - + + - -

Library is available as CycloneDX_library.

- ``` diff --git a/examples/node.js b/examples/node.js index 5efe70278..af97feded 100644 --- a/examples/node.js +++ b/examples/node.js @@ -1,9 +1,19 @@ +/** Example how to serialize a Bom to JSON. */ + const cdx = require('../') +// full Library is available as `cdx`, now -let bom = new cdx.models.Bom() +const bom = new cdx.Models.Bom() bom.components.add( - new cdx.models.Component( - cdx.enums.ComponentType.Library, + new cdx.Models.Component( + cdx.Enums.ComponentType.Library, 'myComponent' ) ) + +const serializer = new cdx.Serialize.JSON.Serializer( + new cdx.Serialize.JSON.Normalize.Factory( + cdx.Spec.Spec1_4)) +const serialized = serializer.serialize(bom) + +console.log(serialized) diff --git a/examples/web-browser.html b/examples/web-browser.html index 07ecf6b9e..55a973a52 100644 --- a/examples/web-browser.html +++ b/examples/web-browser.html @@ -2,9 +2,31 @@ example - + + -

Library is available as CycloneDX_library.

+

see console log output for result.

diff --git a/package.json b/package.json index 078aab68f..3dcd45d7c 100644 --- a/package.json +++ b/package.json @@ -48,6 +48,8 @@ "build:node": "tsc --build", "prebuild:web": "node -r fs -e 'fs.rmSync(\"dist.web\",{recursive:true,force:true})'", "build:web": "webpack", - "test": "mocha" + "test": "npm run test:node && npm run test:web", + "test:node" : "mocha", + "test:web" : "node -e 'console.log(\"todo: write web test\")'" } } diff --git a/src/SPDX.ts b/src/SPDX.ts new file mode 100644 index 000000000..70db35366 --- /dev/null +++ b/src/SPDX.ts @@ -0,0 +1,24 @@ +// @ts-ignore this works as long as the paths are available in dist dir +import {default as _spdxSpec} from "../res/spdx.SNAPSHOT.schema.json" + +export type SpdxId = string + +const _spdxSpecEnum: ReadonlyArray = _spdxSpec.enum + +const spdxIds: ReadonlySet = new Set(_spdxSpecEnum) + +const spdxLowerToActual: ReadonlyMap = new Map( + _spdxSpecEnum.map(spdxId => [spdxId.toLowerCase(), spdxId]) +) + +export function isSpdxId(value: SpdxId | any): value is SpdxId { + return spdxIds.has(value) +} + +/** Try to convert a string to `SpdxId`. */ +export function fixupSpdxId(value: string | any): SpdxId | undefined { + return typeof value === 'string' + ? spdxLowerToActual.get(value.toLowerCase()) + : undefined +} + diff --git a/src/enums/AttachmentEncoding.ts b/src/enums/attachmentEncoding.ts similarity index 100% rename from src/enums/AttachmentEncoding.ts rename to src/enums/attachmentEncoding.ts diff --git a/src/enums/ComponentScope.ts b/src/enums/componentScope.ts similarity index 100% rename from src/enums/ComponentScope.ts rename to src/enums/componentScope.ts diff --git a/src/enums/ComponentType.ts b/src/enums/componentType.ts similarity index 88% rename from src/enums/ComponentType.ts rename to src/enums/componentType.ts index 14824113e..853304ff2 100644 --- a/src/enums/ComponentType.ts +++ b/src/enums/componentType.ts @@ -2,7 +2,7 @@ export enum ComponentType { Application = "application", Framework = "framework", Library = "library", - container = "container", + Container = "container", OperatingSystem = "operating-system", Device = "device", Firmware = "firmware", diff --git a/src/enums/ExternalReferenceType.ts b/src/enums/externalReferenceType.ts similarity index 100% rename from src/enums/ExternalReferenceType.ts rename to src/enums/externalReferenceType.ts diff --git a/src/enums/HashAlogorithms.ts b/src/enums/hashAlogorithm.ts similarity index 100% rename from src/enums/HashAlogorithms.ts rename to src/enums/hashAlogorithm.ts diff --git a/src/enums/index.ts b/src/enums/index.ts index bff8b48fa..debecd438 100644 --- a/src/enums/index.ts +++ b/src/enums/index.ts @@ -1,8 +1,5 @@ -export * from "./AttachmentEncoding"; -export * from "./ComponentScope"; -export * from "./ComponentType"; -export * from "./ExternalReferenceType"; -export * from "./HashAlogorithms"; - - - +export * from "./attachmentEncoding" +export * from "./componentScope" +export * from "./componentType" +export * from "./externalReferenceType" +export * from "./hashAlogorithm" diff --git a/src/factories/licenseFactory.ts b/src/factories/licenseFactory.ts new file mode 100644 index 000000000..8ecc9ad5f --- /dev/null +++ b/src/factories/licenseFactory.ts @@ -0,0 +1,4 @@ + +export class LicenseFactory { + // TODO have proper factory, that makes the correct license object, based on the string input +} diff --git a/src/index.ts b/src/index.ts index 252782e98..dc86de79b 100644 --- a/src/index.ts +++ b/src/index.ts @@ -1,4 +1,6 @@ -export * as enums from "./enums/"; -export * as models from "./models/" -export * as spdx from "./spdx" -export * as types from "./types" +export * as Enums from "./enums/" +export * as Models from "./models/" +export * as Serialize from "./serialize/" +export * as SPDX from "./SPDX" +export * as Spec from "./spec" +export * as Types from "./types" diff --git a/src/models/SWID.ts b/src/models/SWID.ts index 3e656b92d..df3ec560f 100644 --- a/src/models/SWID.ts +++ b/src/models/SWID.ts @@ -1,4 +1,4 @@ -import {Attachment} from "./Attachment"; +import {Attachment} from "./attachment"; import {isPositiveInteger, PositiveInteger} from "../types" export class SWID { diff --git a/src/models/Attachment.ts b/src/models/attachment.ts similarity index 100% rename from src/models/Attachment.ts rename to src/models/attachment.ts diff --git a/src/models/Bom.ts b/src/models/bom.ts similarity index 65% rename from src/models/Bom.ts rename to src/models/bom.ts index 14b925421..373c06ad2 100644 --- a/src/models/Bom.ts +++ b/src/models/bom.ts @@ -1,13 +1,13 @@ -import {Metadata} from "./Metadata" -import {ComponentRepository} from "./Component" +import {Metadata} from "./metadata" +import {ComponentRepository} from "./component" import {isPositiveInteger, PositiveInteger} from "../types" const SerialNumberRegExp = /^urn:uuid:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/ export class Bom { - // bomFormat is not part of model, it is a runtime information - // specVersion is not part of model, it is a runtime information + // property `bomFormat` is not part of model, it is a runtime information + // property `specVersion` is not part of model, it is a runtime information metadata = new Metadata() components = new ComponentRepository() @@ -34,8 +34,9 @@ export class Bom { this.#serialNumber = value } - static isEligibleSerialNumber(value: string | any): boolean { - return typeof value == 'string' && - SerialNumberRegExp.test(value) + private static isEligibleSerialNumber(value: string | any): boolean { + // this method might be moved to the Spec, as the spec defines valid values in general. + return typeof value == 'string' + && SerialNumberRegExp.test(value) } } diff --git a/src/models/BomRef.ts b/src/models/bomRef.ts similarity index 100% rename from src/models/BomRef.ts rename to src/models/bomRef.ts diff --git a/src/models/Component.ts b/src/models/component.ts similarity index 79% rename from src/models/Component.ts rename to src/models/component.ts index 759ce0481..ee4c96f70 100644 --- a/src/models/Component.ts +++ b/src/models/component.ts @@ -1,12 +1,14 @@ import {ComponentScope, ComponentType} from "../enums/" -import {BomRef} from "./BomRef" -import {HashRepository} from "./Hash" -import {OrganizationalEntity} from "./OrganizationalEntity" -import {ExternalReferenceRepository} from "./ExternalReference" -import {LicenseRepository} from "./License" -import {PackageURL} from 'packageurl-js' +import {BomRef} from "./bomRef" +import {HashRepository} from "./hash" +import {OrganizationalEntity} from "./organizationalEntity" +import {ExternalReferenceRepository} from "./externalReference" +import {LicenseRepository} from "./license" import {SWID} from "./SWID" +import {PackageURL} from 'packageurl-js' + + export class Component { readonly bomRef = new BomRef() type: ComponentType diff --git a/src/models/ExternalReference.ts b/src/models/externalReference.ts similarity index 100% rename from src/models/ExternalReference.ts rename to src/models/externalReference.ts diff --git a/src/models/Hash.ts b/src/models/hash.ts similarity index 100% rename from src/models/Hash.ts rename to src/models/hash.ts diff --git a/src/models/index.ts b/src/models/index.ts index 5a17cad3f..0eb1e6a88 100644 --- a/src/models/index.ts +++ b/src/models/index.ts @@ -1,12 +1,12 @@ -export * from "./Attachment" -export * from "./Bom" -export * from "./BomRef" -export * from "./Component" -export * from "./ExternalReference" -export * from "./Hash" -export * from "./License" -export * from "./Metadata" -export * from "./OrganizationalContact" -export * from "./OrganizationalEntity" +export * from "./attachment" +export * from "./bom" +export * from "./bomRef" +export * from "./component" +export * from "./externalReference" +export * from "./hash" +export * from "./license" +export * from "./metadata" +export * from "./organizationalContact" +export * from "./organizationalEntity" export * from "./SWID" -export * from "./Tool" +export * from "./tool" diff --git a/src/models/License.ts b/src/models/license.ts similarity index 75% rename from src/models/License.ts rename to src/models/license.ts index 5e0f81c8e..5500443d7 100644 --- a/src/models/License.ts +++ b/src/models/license.ts @@ -1,4 +1,4 @@ -import {isSpdxId, SpdxId} from '../spdx' +import {isSpdxId, SpdxId} from '../SPDX' export class LicenseExpression { value: string @@ -41,7 +41,8 @@ export class SpdxLicense { } -export type LicenseChoice = NamedLicense | SpdxLicense | LicenseExpression +export type DisjunctiveLicense = NamedLicense | SpdxLicense +export type License = DisjunctiveLicense | LicenseExpression -export class LicenseRepository extends Set { +export class LicenseRepository extends Set { } diff --git a/src/models/Metadata.ts b/src/models/metadata.ts similarity index 59% rename from src/models/Metadata.ts rename to src/models/metadata.ts index 1a26c7146..838dc04f7 100644 --- a/src/models/Metadata.ts +++ b/src/models/metadata.ts @@ -1,7 +1,7 @@ -import {Component} from "./Component"; -import {ToolRepository} from "./Tool" -import {OrganizationalEntity} from "./OrganizationalEntity"; -import {OrganizationalContactRepository} from "./OrganizationalContact"; +import {Component} from "./component"; +import {ToolRepository} from "./tool" +import {OrganizationalEntity} from "./organizationalEntity"; +import {OrganizationalContactRepository} from "./organizationalContact"; export class Metadata { timestamp: Date | null = null diff --git a/src/models/OrganizationalContact.ts b/src/models/organizationalContact.ts similarity index 100% rename from src/models/OrganizationalContact.ts rename to src/models/organizationalContact.ts diff --git a/src/models/OrganizationalEntity.ts b/src/models/organizationalEntity.ts similarity index 78% rename from src/models/OrganizationalEntity.ts rename to src/models/organizationalEntity.ts index ef249127a..a087fee09 100644 --- a/src/models/OrganizationalEntity.ts +++ b/src/models/organizationalEntity.ts @@ -1,4 +1,4 @@ -import {OrganizationalContactRepository} from "./OrganizationalContact"; +import {OrganizationalContactRepository} from "./organizationalContact"; export class OrganizationalEntity { name: string | null = null diff --git a/src/models/Tool.ts b/src/models/tool.ts similarity index 84% rename from src/models/Tool.ts rename to src/models/tool.ts index a5ecced7d..ce9292ba4 100644 --- a/src/models/Tool.ts +++ b/src/models/tool.ts @@ -1,4 +1,4 @@ -import {HashRepository} from "./Hash"; +import {HashRepository} from "./hash"; export class Tool { vendor: string | null = null diff --git a/src/serialize/JSON.ts b/src/serialize/JSON.ts new file mode 100644 index 000000000..7a222e599 --- /dev/null +++ b/src/serialize/JSON.ts @@ -0,0 +1,355 @@ +import * as Models from "../models"; +import {Protocol as SpecProtocol, Version as SpecVersion, Format, UnsupportedFormatError} from "../spec"; +import {Protocol as SerializerProtocol} from "./serializer"; + + +const JsonSchemaUrl: ReadonlyMap = new Map([ + [SpecVersion.v1_0, undefined], + [SpecVersion.v1_1, undefined], + [SpecVersion.v1_2, 'http://cyclonedx.org/schema/bom-1.2.schema.json'], + [SpecVersion.v1_3, 'http://cyclonedx.org/schema/bom-1.3.schema.json'], + [SpecVersion.v1_4, 'http://cyclonedx.org/schema/bom-1.4.schema.json'], +]) + +class UnsupportedFormat extends Error {} + +export class Serializer implements SerializerProtocol { + #normalizerFactory: Normalize.Factory + + /** + * @throws {UnsupportedFormatError} if spec does not support JSON format. + */ + constructor(normalizerFactory: Normalize.Factory) { + if (!normalizerFactory.spec.supportsFormat(Format.JSON)) + { + throw new UnsupportedFormatError('Spec does not support JSON format.') + } + this.#normalizerFactory = normalizerFactory + } + + serialize(bom: Models.Bom): string { + // @TODO bom-refs values make unique ... + return JSON.stringify( + { + '$schema': JsonSchemaUrl.get(this.#normalizerFactory.spec.version), + ...this.#normalizerFactory.makeForBom().normalize(bom) + }, + null, + 4 + ) + } +} + + +export namespace Normalize { + + export class Factory { + readonly spec: SpecProtocol + + constructor(spec: SpecProtocol) { + this.spec = spec + } + + makeForBom(): BomNormalizer { + return new BomNormalizer(this) + } + + makeForMetadata(): MetadataNormalizer { + return new MetadataNormalizer(this) + } + + makeForComponent(): ComponentNormalizer { + return new ComponentNormalizer(this) + } + + makeForTool(): ToolNormalizer { + return new ToolNormalizer(this) + } + + makeForOrganizationalContact(): OrganizationalContactNormalizer { + return new OrganizationalContactNormalizer(this) + } + + makeForOrganizationalEntity(): OrganizationalEntityNormalizer { + return new OrganizationalEntityNormalizer(this) + } + + makeForHash(): HashNormalizer { + return new HashNormalizer(this) + } + + makeForLicense(): LicenseNormalizer { + return new LicenseNormalizer(this) + } + + makeForSWID(): SWIDNormalizer { + return new SWIDNormalizer(this) + } + + makeForExternalReference(): ExternalReferenceNormalizer { + return new ExternalReferenceNormalizer(this) + } + + makeForAttachment(): AttachmentNormalizer { + return new AttachmentNormalizer(this) + } + } + + + export interface Protocol { + normalize(data: any): object | undefined + } + + + abstract class Base implements Protocol { + protected factory: Factory + + constructor(factory: Factory) { + this.factory = factory + } + + abstract normalize(data: any): object | undefined + } + + + export class BomNormalizer extends Base { + normalize(data: Models.Bom): object { + return { + bomFormat: 'CycloneDX', + specVersion: this.factory.spec.version, + version: data.version, + serialNumber: data.serialNumber || undefined, + metadata: this.factory.makeForMetadata().normalize(data.metadata), + components: data.components.size > 0 + ? this.factory.makeForComponent().normalizeIter(data.components) + // spec < 1.4 requires `component` to be array + : [], + } + } + } + + + export class MetadataNormalizer extends Base { + normalize(data: Models.Metadata): object { + const toolNormalizer = this.factory.makeForTool() + const orgContactNormalizer = this.factory.makeForOrganizationalContact() + const orgEntityNormalizer = this.factory.makeForOrganizationalEntity() + return { + timestamp: data.timestamp?.toISOString(), + tools: data.tools.size > 0 + ? Array.from(data.tools, t => toolNormalizer.normalize(t)) + : undefined, + authors: data.authors.size > 0 + ? Array.from(data.authors, a => orgContactNormalizer.normalize(a)) + : undefined, + component: data.component + ? this.factory.makeForComponent().normalize(data.component) + : undefined, + manufacture: data.manufacture + ? orgEntityNormalizer.normalize(data.manufacture) + : undefined, + supplier: data.supplier + ? orgEntityNormalizer.normalize(data.supplier) + : undefined, + } + } + } + + + export class ToolNormalizer extends Base { + normalize(data: Models.Tool): object { + const hashNormalizer = this.factory.makeForHash() + return { + vendor: data.vendor || undefined, + name: data.name || undefined, + version: data.version || undefined, + hashes: data.hashes.size > 0 + ? hashNormalizer.normalizeIter(data.hashes) + : undefined, + } + } + } + + + export class HashNormalizer extends Base { + normalize([algorithm, content]: Models.Hash): object | undefined { + return this.factory.spec.supportsHashAlgorithm(algorithm) + ? { + alg: algorithm, + content: content, + } : undefined + } + + normalizeIter(data: Iterable): Array { + return Array.from(data, h => this.normalize(h)) + .filter(h => undefined !== h) as Array + } + } + + + export class OrganizationalContactNormalizer extends Base { + normalize(data: Models.OrganizationalContact): object { + return { + name: data.name || undefined, + // email must conform to https://datatracker.ietf.org/doc/html/rfc6531 + email: data.email || undefined, + phone: data.phone || undefined, + } + } + } + + + export class OrganizationalEntityNormalizer extends Base { + normalize(data: Models.OrganizationalEntity): object { + const contactNormalizer = this.factory.makeForOrganizationalContact() + return { + name: data.name || undefined, + url: data.url.size > 0 + // must comply to https://datatracker.ietf.org/doc/html/rfc3987 + ? Array.from(data.url, u => u.toString()) + : undefined, + contact: data.contact.size > 0 + ? Array.from(data.contact, c => contactNormalizer.normalize(c)) + : undefined, + } + } + } + + + export class ComponentNormalizer extends Base { + + normalize(data: Models.Component): object | undefined { + return this.factory.spec.supportsComponentType(data.type) + ? { + type: data.type, + name: data.name, + group: data.group || undefined, + // version fallback to string for spec < 1.4 + version: data.version || '', + 'bom-ref': data.bomRef.value || undefined, + supplier: data.supplier + ? this.factory.makeForOrganizationalEntity().normalize(data.supplier) + : undefined, + author: data.author || undefined, + publisher: data.publisher || undefined, + description: data.description || undefined, + scope: data.scope || undefined, + hashes: data.hashes.size > 0 + ? this.factory.makeForHash().normalizeIter(data.hashes) + : undefined, + licenses: data.licenses.size > 0 + ? this.factory.makeForLicense().normalizeIter(data.licenses) + : undefined, + copyright: data.copyright || undefined, + cpe: data.cpe || undefined, + purl: data.purl?.toString(), + swid: data.swid + ? this.factory.makeForSWID().normalize(data.swid) + : undefined, + externalReferences: data.externalReferences.size > 0 + ? this.factory.makeForExternalReference().normalizeIter(data.externalReferences) + : undefined, + } : undefined + } + + normalizeIter(data: Iterable): Array { + return Array.from(data, c => this.normalize(c)) + .filter(c => undefined !== c) as Array + } + + } + + class LicenseNormalizer extends Base { + + normalize(data: Models.License): object | undefined { + switch (true) { + case data instanceof Models.NamedLicense: + return this.normalizeNamedLicense(data) + case data instanceof Models.SpdxLicense: + return this.normalizeSpdxLicense(data) + case data instanceof Models.LicenseExpression: + return this.normalizeLicenseExpression(data) + default: + throw new RangeError(`unexpected LicenseChoice: ${data}`) as never + } + } + + private normalizeNamedLicense = (data: Models.NamedLicense): object => ({ + license: { + name: data.name, + text: data.text || undefined, + url: data.url?.toString(), + } + }); + + private normalizeSpdxLicense = (data: Models.SpdxLicense): object => ({ + license: { + id: data.id, + text: data.text || undefined, + url: data.url?.toString(), + } + }); + + private normalizeLicenseExpression = (data: Models.LicenseExpression): object => ({ + expression: data.value, + }); + + normalizeIter(data: Iterable): Array { + return Array.from(data, c => this.normalize(c)) + .filter(c => undefined !== c) as Array + } + } + + class SWIDNormalizer extends Base { + + normalize(data: Models.SWID): object { + return { + tagId: data.tagId, + name: data.name, + version: data.version || undefined, + tagVersion: null === data.tagVersion + ? undefined + : data.tagVersion, + patch: null === data.patch + ? undefined + : data.patch, + text: data.text + ? this.factory.makeForAttachment().normalize(data.text) + : undefined, + url: data.url?.toString(), + } + } + + } + + class ExternalReferenceNormalizer extends Base { + + normalize(data: Models.ExternalReference): object | undefined { + return this.factory.spec.supportsExternalReferenceType(data.type) + ? { + url: data.url.toString(), + type: data.type, + comment: data.comment || undefined, + } : undefined + } + + normalizeIter(data: Iterable): Array { + return Array.from(data, r => this.normalize(r)) + .filter(r => undefined !== r) as Array + } + + } + + class AttachmentNormalizer extends Base { + + normalize(data: Models.Attachment): object { + return { + content: data.content, + contentType: data.contentType || undefined, + encoding: data.encoding || undefined, + } + } + + } + +} diff --git a/src/serialize/index.ts b/src/serialize/index.ts new file mode 100644 index 000000000..2a49f4fe4 --- /dev/null +++ b/src/serialize/index.ts @@ -0,0 +1,3 @@ +export * as Serializer from './serializer' +export * as JSON from './JSON' + diff --git a/src/serialize/serializer.ts b/src/serialize/serializer.ts new file mode 100644 index 000000000..ac9e4cd84 --- /dev/null +++ b/src/serialize/serializer.ts @@ -0,0 +1,5 @@ +import {Bom} from "../models"; + +export interface Protocol { + serialize(bom: Bom): string +} diff --git a/src/spdx.ts b/src/spdx.ts deleted file mode 100644 index 440cca7d3..000000000 --- a/src/spdx.ts +++ /dev/null @@ -1,23 +0,0 @@ -// @ts-ignore this works as long as the paths are available in dist dir -import {default as spdxSpec} from "../res/spdx.SNAPSHOT.schema.json" - -const _spdxSpecEnum: Array = spdxSpec.enum -const spdxIds: Set = new Set(_spdxSpecEnum) -const spdxLowerToActual: Map = new Map(_spdxSpecEnum.map( - function (spdxId: string): [string, string] { - return [spdxId.toLowerCase(), spdxId]; - } -)) - -export type SpdxId = string - -export function isSpdxId(value: any): value is SpdxId { - return spdxIds.has(value) -} - -export function fixupSpdxId(value: any): SpdxId | undefined { - return typeof value === 'string' - ? spdxLowerToActual.get(value.toLowerCase()) - : undefined -} - diff --git a/src/spec.ts b/src/spec.ts new file mode 100644 index 000000000..5006f411e --- /dev/null +++ b/src/spec.ts @@ -0,0 +1,129 @@ +import {ComponentType, ExternalReferenceType, HashAlgorithm} from "./enums/"; + + +export enum Version { + v1_4 = '1.4', + v1_3 = '1.3', + v1_2 = '1.2', + v1_1 = '1.1', + v1_0 = '1.0', +} + + +export enum Format { + JSON = 'json', + XML = 'xml', +} + +export class UnsupportedFormatError extends Error {} + + +export interface Protocol { + readonly version: Version + + supportsFormat(f: Format | any): boolean + + supportsComponentType(ct: ComponentType | any): boolean; + + supportsHashAlgorithm(ha: HashAlgorithm | any): boolean; + + supportsExternalReferenceType(ert: ExternalReferenceType | any): boolean; +} + +class Spec implements Protocol { + + readonly #version: Version + readonly #supportedFormats: ReadonlySet + readonly #supportedComponentTypes: ReadonlySet + readonly #supportedHashAlgorithms: ReadonlySet + readonly #supportedExternalReferenceTypes: ReadonlySet + + constructor( + version: Version, + supportedFormats: Iterable, + supportedComponentTypes: Iterable, + supportedHashAlgorithms: Iterable, + supportedExternalReferenceTypes: Iterable + ) { + this.#version = version + this.#supportedFormats = new Set(supportedFormats) + this.#supportedComponentTypes = new Set(supportedComponentTypes) + this.#supportedHashAlgorithms = new Set(supportedHashAlgorithms) + this.#supportedExternalReferenceTypes = new Set(supportedExternalReferenceTypes) + } + + get version(): Version { + return this.#version + } + + supportsFormat(f: Format | any): boolean { + return this.#supportedFormats.has(f) + } + + supportsComponentType(ct: ComponentType | any): boolean { + return this.#supportedComponentTypes.has(ct) + } + + supportsHashAlgorithm(ha: HashAlgorithm | any): boolean { + return this.#supportedHashAlgorithms.has(ha) + } + + supportsExternalReferenceType(ert: ExternalReferenceType | any): boolean { + return this.#supportedExternalReferenceTypes.has(ert) + } + +} + + +// @TODO add the other versions + +/** Specification v1.4 */ +export const Spec1_4: Protocol = Object.freeze(new Spec( + Version.v1_4, + [ + Format.XML, + Format.JSON, + ], + [ + ComponentType.Application, + ComponentType.Framework, + ComponentType.Library, + ComponentType.Container, + ComponentType.OperatingSystem, + ComponentType.Device, + ComponentType.Firmware, + ComponentType.File, + ], + [ + HashAlgorithm.MD5, + HashAlgorithm["SHA-1"], + HashAlgorithm["SHA-256"], + HashAlgorithm["SHA-384"], + HashAlgorithm["SHA-512"], + HashAlgorithm["SHA3-256"], + HashAlgorithm["SHA3-384"], + HashAlgorithm["SHA3-512"], + HashAlgorithm["BLAKE2b-256"], + HashAlgorithm["BLAKE2b-384"], + HashAlgorithm["BLAKE2b-512"], + HashAlgorithm.BLAKE3, + ], + [ + ExternalReferenceType.VCS, + ExternalReferenceType.IssueTracker, + ExternalReferenceType.Website, + ExternalReferenceType.Advisories, + ExternalReferenceType.BOM, + ExternalReferenceType.MailingList, + ExternalReferenceType.Social, + ExternalReferenceType.Chat, + ExternalReferenceType.Documentation, + ExternalReferenceType.Support, + ExternalReferenceType.Distribution, + ExternalReferenceType.License, + ExternalReferenceType.BuildMeta, + ExternalReferenceType.BuildSystem, + ExternalReferenceType.ReleaseNotes, + ExternalReferenceType.Other, + ] +)) diff --git a/src/types.ts b/src/types.ts index 284237f94..4bcf3f52a 100644 --- a/src/types.ts +++ b/src/types.ts @@ -1,3 +1,7 @@ +/** + * Integer > 0 + * @see isPositiveInteger() + */ export declare type PositiveInteger = number export function isPositiveInteger(value: any): value is PositiveInteger { diff --git a/test/README.md b/test/README.md index 98269a451..80f3960ad 100644 --- a/test/README.md +++ b/test/README.md @@ -4,6 +4,11 @@ Tests are written in plain JavaScript, and they are intended to test the build result(`dist.node/` & `dist.web/`), instead of the source(`src/`). +## write tests + +Test files must follow the pattern `**.{spec,test}.{c,m}?js`, +to be picked up. + ## run node tests ```shell diff --git a/test/_data/enumLoader.js b/test/_data/enumLoader.js new file mode 100644 index 000000000..0a192fe5e --- /dev/null +++ b/test/_data/enumLoader.js @@ -0,0 +1,10 @@ +const fs = require("fs") +const path = require("path") + +const resPath = path.resolve(__dirname, '../../res/') + +module.exports = (resourceFile, definitionName) => JSON.parse( + fs.readFileSync( + path.resolve(resPath, resourceFile) + ) +).definitions[definitionName].enum diff --git a/test/_data/serialize.js b/test/_data/serialize.js new file mode 100644 index 000000000..82705d69b --- /dev/null +++ b/test/_data/serialize.js @@ -0,0 +1,104 @@ +const fs = require('fs') +const path = require('path') + +const {PackageURL} = require("packageurl-js") + +const {Enums, Models, Spec} = require('../../') + +/** + * @param {string} purpose + * @param {Spec.Version} spec + * @return {string} + */ +function serializeResults(purpose, spec) { + return fs.readFileSync( + path.resolve(__dirname, 'serializeResults', `${purpose}-spec${spec}.txt`) + ).toString() +} + +module.exports.serializeResults = serializeResults + +/** + * @return {Models.Bom} + */ +function createComplexStructure() { + const bom = new Models.Bom() + bom.version = 7 + bom.serialNumber = 'urn:uuid:12345678-1234-1234-1234-123456789012' + bom.metadata.timestamp = new Date('2001-05-23T13:37:42.000Z') + bom.metadata.tools.add((function (tool) { + tool.vendor = 'tool vendor' + tool.name = 'tool name' + tool.version = '0.8.15' + tool.hashes.set(Enums.HashAlgorithm.MD5, 'f32a26e2a3a8aa338cd77b6e1263c535') + return tool + })(new Models.Tool())) + bom.metadata.authors.add((function (author) { + author.name = 'Jane "the-author" Doe' + author.email = 'cdx-author@mailinator.com' + author.pone = '555-1234567890' + return author + })(new Models.OrganizationalContact())) + bom.metadata.component = new Models.Component(Enums.ComponentType.Library, 'Root Component') + bom.metadata.component.bomRef.value = 'dummy.metadata.component' + bom.metadata.manufacture = new Models.OrganizationalEntity() + bom.metadata.manufacture.name = 'meta manufacture' + bom.metadata.manufacture.url.add(new URL('https://meta-manufacture.xmpl')) + bom.metadata.supplier = new Models.OrganizationalEntity() + bom.metadata.supplier.name = 'meta supplier' + bom.metadata.supplier.url.add(new URL('https://meta-supplier.xmpl')) + bom.metadata.supplier.contact.add((function (contact) { + contact.name = 'John "the-supplier" Doe' + contact.email = 'cdx-supplier@mailinator.com' + contact.pone = '555-0123456789' + return contact + })(new Models.OrganizationalContact())) + bom.components.add((function (component) { + component.bomRef.value = 'dummy-component' + component.author = "component's author" + component.copyright = '(c) acme' + component.description = 'this is a test component' + component.externalReferences.add((function (ref) { + ref.comment = 'testing' + return ref + })(new Models.ExternalReference(new URL('https://localhost/acme'), Enums.ExternalReferenceType.Website))) + component.group = 'acme' + component.hashes.set(Enums.HashAlgorithm['SHA-1'], 'e6f36746ccba42c288acf906e636bb278eaeb7e8') + component.licenses.add((function (license) { + license.text = `Some\nlicense\ntext.` + license.url = new URL('https://localhost/license') + return license + })(new Models.NamedLicense('some other'))) + component.licenses.add((function (license) { + license.text = `MIT License\n...\nTHE SOFTWARE IS PROVIDED "AS IS"...` + license.url = new URL('https://spdx.org/licenses/MIT.html') + return license + })(new Models.SpdxLicense('MIT'))) + component.licenses.add(new Models.LicenseExpression('MIT or other')) + component.publisher = 'the publisher' + component.purl = new PackageURL('npm', 'acme', 'dummy-component', '1337-beta') + component.scope = Enums.ComponentScope.Required + component.supplier = new Models.OrganizationalEntity() + component.supplier.name = 'Component Supplier' + component.supplier.url.add(new URL('https://localhost/componentSupplier')) + component.supplier.contact.add((function (contact){ + contact.name = 'Franz' + contact.email = 'franz-aus-bayern@komplett.verwahrlosten.taxi' + contact.phone = '555-732378879' + return contact + })(new Models.OrganizationalContact())) + component.swid = new Models.SWID('some-tag', 'dummy-component') + component.swid.version = '1337-beta' + component.swid.path = true + component.swid.text = new Models.Attachment('some context') + component.swid.text.contentType = 'some context type' + component.swid.text.encoding = Enums.AttachmentEncoding.Base64 + component.swid.url = new URL('https://localhost/swid') + component.version = '1337-beta' + return component + })(new Models.Component(Enums.ComponentType.Library, 'dummy-component'))) + + return bom +} + +module.exports.createComplexStructure = createComplexStructure diff --git a/test/_data/serializeResults/.editorconfig b/test/_data/serializeResults/.editorconfig new file mode 100644 index 000000000..2f021be91 --- /dev/null +++ b/test/_data/serializeResults/.editorconfig @@ -0,0 +1,8 @@ +# data in this dir is to be treated as is - like binary +root = true + +[*.txt] +charset = utf-8 +insert_final_newline = false +trim_trailing_whitespace = false +indent_size = 0 diff --git a/test/_data/serializeResults/.gitattributes b/test/_data/serializeResults/.gitattributes new file mode 100644 index 000000000..50ba71811 --- /dev/null +++ b/test/_data/serializeResults/.gitattributes @@ -0,0 +1 @@ +*.txt binary eol=lf diff --git a/test/_data/serializeResults/complex-spec1.4.txt b/test/_data/serializeResults/complex-spec1.4.txt new file mode 100644 index 000000000..9f33dd6b3 --- /dev/null +++ b/test/_data/serializeResults/complex-spec1.4.txt @@ -0,0 +1,124 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.4", + "version": 7, + "serialNumber": "urn:uuid:12345678-1234-1234-1234-123456789012", + "metadata": { + "timestamp": "2001-05-23T13:37:42.000Z", + "tools": [ + { + "vendor": "tool vendor", + "name": "tool name", + "version": "0.8.15", + "hashes": [ + { + "alg": "MD5", + "content": "f32a26e2a3a8aa338cd77b6e1263c535" + } + ] + } + ], + "authors": [ + { + "name": "Jane \"the-author\" Doe", + "email": "cdx-author@mailinator.com" + } + ], + "component": { + "type": "library", + "name": "Root Component", + "version": "", + "bom-ref": "dummy.metadata.component" + }, + "manufacture": { + "name": "meta manufacture", + "url": [ + "https://meta-manufacture.xmpl/" + ] + }, + "supplier": { + "name": "meta supplier", + "url": [ + "https://meta-supplier.xmpl/" + ], + "contact": [ + { + "name": "John \"the-supplier\" Doe", + "email": "cdx-supplier@mailinator.com" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "dummy-component", + "group": "acme", + "version": "1337-beta", + "bom-ref": "dummy-component", + "supplier": { + "name": "Component Supplier", + "url": [ + "https://localhost/componentSupplier" + ], + "contact": [ + { + "name": "Franz", + "email": "franz-aus-bayern@komplett.verwahrlosten.taxi", + "phone": "555-732378879" + } + ] + }, + "author": "component's author", + "publisher": "the publisher", + "description": "this is a test component", + "scope": "required", + "hashes": [ + { + "alg": "SHA-1", + "content": "e6f36746ccba42c288acf906e636bb278eaeb7e8" + } + ], + "licenses": [ + { + "license": { + "name": "some other", + "text": "Some\nlicense\ntext.", + "url": "https://localhost/license" + } + }, + { + "license": { + "id": "MIT", + "text": "MIT License\n...\nTHE SOFTWARE IS PROVIDED \"AS IS\"...", + "url": "https://spdx.org/licenses/MIT.html" + } + }, + { + "expression": "MIT or other" + } + ], + "copyright": "(c) acme", + "purl": "pkg:npm/acme/dummy-component@1337-beta", + "swid": { + "tagId": "some-tag", + "name": "dummy-component", + "version": "1337-beta", + "text": { + "content": "some context", + "contentType": "some context type", + "encoding": "base64" + }, + "url": "https://localhost/swid" + }, + "externalReferences": [ + { + "url": "https://localhost/acme", + "type": "website", + "comment": "testing" + } + ] + } + ] +} \ No newline at end of file diff --git a/test/functional/enums/HashAlogorithms.test.js b/test/functional/enums/HashAlogorithms.test.js index 2da4a037d..f4db98541 100644 --- a/test/functional/enums/HashAlogorithms.test.js +++ b/test/functional/enums/HashAlogorithms.test.js @@ -1,3 +1,19 @@ -describe('all values from spec1.4 are available', () => { - // TODO +const assert = require('assert'); +const {suite, test} = require('mocha'); +const enumLoader = require('../../_data/enumLoader') + +const {HashAlgorithm} = require('../../../').Enums + +suite('all values from SPEC are available', () => { + suite('from spec 1.4', () => { + enumLoader( + 'bom-1.4.SNAPSHOT.schema.json', + 'hash-alg' + ).forEach(expected => + test(`${expected}`, () => { + assert.ok(HashAlgorithm.hasOwnProperty(expected)) + assert.strictEqual(HashAlgorithm[expected], expected) + }) + ) + }) }) diff --git a/test/functional/spdx.test.js b/test/functional/spdx.test.js index b81a0f047..59c0fbbea 100644 --- a/test/functional/spdx.test.js +++ b/test/functional/spdx.test.js @@ -1,24 +1,26 @@ const assert = require('assert'); +const {suite, test} = require('mocha'); + const {spdxSpecEnum} = require('../_data/spdx') -const {spdx} = require('../../'); +const {SPDX} = require('../../'); -describe('isSpdxId()', () => { +suite('isSpdxId()', () => { - const knownSpdxIds = [ + const knownSpdxIds = Object.freeze([ ...spdxSpecEnum - ] - - describe('knows', () => { - knownSpdxIds.forEach(value => { - it(`${value}`, () => { - assert.strictEqual(spdx.isSpdxId(value), true) - }) - }) + ]) + + suite('knows', () => { + knownSpdxIds.forEach(value => + test(`${value}`, () => + assert.strictEqual(SPDX.isSpdxId(value), true) + ) + ) }) }) -describe('fixupSpdxId()', () => { +suite('fixupSpdxId()', () => { const expectedFixed = new Map([ ...spdxSpecEnum.map(v => [v, v]), @@ -26,12 +28,12 @@ describe('fixupSpdxId()', () => { ...spdxSpecEnum.map(v => [v.toUpperCase(), v]), ]) - describe('transform', () => { - expectedFixed.forEach((expected, value) => { - it(`${value} -> ${expected}`, () => { - assert.strictEqual(spdx.fixupSpdxId(value), expected) - }) - }) + suite('transform', () => { + expectedFixed.forEach((expected, value) => + test(`${value} -> ${expected}`, () => + assert.strictEqual(SPDX.fixupSpdxId(value), expected) + ) + ) }) }) diff --git a/test/integration/serialize.JSON.test.js b/test/integration/serialize.JSON.test.js new file mode 100644 index 000000000..df3d1959a --- /dev/null +++ b/test/integration/serialize.JSON.test.js @@ -0,0 +1,34 @@ +const assert = require('assert'); +const {describe, beforeEach, afterEach, it} = require('mocha'); +const {createComplexStructure, serializeResults} = require('../_data/serialize') + +const JsonSerialize = require('../../').Serialize.JSON +const {Spec} = require('../../') + +describe('JSON serialize', () => { + + [ + // TODO add other versions + Spec.Spec1_4, + ].forEach(spec => describe(`complex with spec v${spec.version}`, () => { + const serializer = new JsonSerialize.Serializer(new JsonSerialize.Normalize.Factory(spec)) + + beforeEach(function () { + this.bom = createComplexStructure() + }) + + afterEach(function () { + delete this.bom + }) + + it('can serialize', function () { + const serialized = serializer.serialize(this.bom) + + // TODO: outsource this content + assert.strictEqual(serialized, serializeResults('complex', spec.version)) + }) + + // TODO add more tests + })) + +}) diff --git a/test/unit/modules/Bom.spec.js b/test/unit/models.bom.spec.js similarity index 66% rename from test/unit/modules/Bom.spec.js rename to test/unit/models.bom.spec.js index 1dbaf3ded..a81b905f3 100644 --- a/test/unit/modules/Bom.spec.js +++ b/test/unit/models.bom.spec.js @@ -1,11 +1,11 @@ const assert = require('assert'); -const {models:{ - Bom, ComponentRepository, Metadata -}} = require('../../../'); +const {suite, test} = require('mocha'); -describe('BOM', () => { +const {Bom, ComponentRepository, Metadata} = require('../../').Models; - it('construct with empty properties', () => { +suite('BOM', () => { + + test('construct with empty properties', () => { const bom = new Bom() assert.ok(bom.metadata instanceof Metadata) @@ -16,9 +16,9 @@ describe('BOM', () => { assert.strictEqual(bom.serialNumber, null) }) - describe('can set version', () => { - [3, 6.0].forEach(newVersion => { - it(`for: ${newVersion}`, () => { + suite('can set version', () => + [3, 6.0].forEach(newVersion => + test(`for: ${newVersion}`, () => { const bom = new Bom() assert.notStrictEqual(bom.version, newVersion) @@ -26,19 +26,18 @@ describe('BOM', () => { assert.strictEqual(bom.version, newVersion) }) - }) - }) + ) + ) - describe('cannot set version', () => { + suite('cannot set version', () => [ 0, -1, 3.5, -3.5, 'foo', '3', true, false, null, undefined, - ['list'], - {'ob': 'ject'} - ].forEach(newVersion => { - it(`for: ${newVersion}`, () => { + [], {} + ].forEach(newVersion => + test(`for: ${newVersion}`, () => { const bom = new Bom() assert.notStrictEqual(bom.version, newVersion) @@ -46,7 +45,7 @@ describe('BOM', () => { bom.version = newVersion }, new RegExp('not PositiveInteger')) }) - }) - }) + ) + ) }) diff --git a/test/unit/spdx.spec.js b/test/unit/spdx.spec.js index df2e746ed..da909c0d7 100644 --- a/test/unit/spdx.spec.js +++ b/test/unit/spdx.spec.js @@ -1,31 +1,31 @@ const assert = require('assert'); -const {spdx:{ - fixupSpdxId, isSpdxId -}} = require('../../'); +const {suite, test} = require('mocha'); -describe('isSpdxId()', () => { +const {fixupSpdxId, isSpdxId} = require('../../').SPDX; - const knownSpdxIds = ["MIT", "Apache-2.0"] +suite('isSpdxId()', () => { - describe('is true', () => { - knownSpdxIds.forEach(value => { - it(`for: ${value}`, () => { + const knownSpdxIds = Object.freeze(["MIT", "Apache-2.0"]) + + suite('is true', () => + knownSpdxIds.forEach(value => + test(`for: ${value}`, () => assert.strictEqual(isSpdxId(value), true) - }) - }) - }) + ) + ) + ) - describe('is false', () => { - [null, undefined, 'fooBarbaz', 'mit'].forEach(value => { - it(`for: ${value}`, () => { + suite('is false', () => + [null, undefined, 'fooBarbaz', 'mit'].forEach(value => + test(`for: ${value}`, () => assert.strictEqual(isSpdxId(value), false) - }) - }) - }) + ) + ) + ) }) -describe('fixupSpdxId()', () => { +suite('fixupSpdxId()', () => { const expectedFixed = new Map([ ["MIT", "MIT"], @@ -35,21 +35,21 @@ describe('fixupSpdxId()', () => { ["apache-2.0", "Apache-2.0"] ]) - describe('transform', () => { - expectedFixed.forEach((expected, value) => { - it(`${value} -> ${expected}`, () => { + suite('transform', () => + expectedFixed.forEach((expected, value) => + test(`${value} => ${expected}`, () => assert.strictEqual(fixupSpdxId(value), expected) - }) - }) - }) + ) + ) + ) - describe('miss', () => { - [undefined, null, 'fooBarbaz'].forEach((value, expected) => { - it(`${value}`, () => { + suite('miss', () => + [undefined, null, 'fooBarbaz'].forEach((value, expected) => + test(`${value}`, () => assert.strictEqual(fixupSpdxId(value), undefined) - }) - }) - }) + ) + ) + ) }) From f0a332cd1e6d841a803dbfbc371ade043df0e9e3 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sun, 10 Apr 2022 09:52:11 +0200 Subject: [PATCH 056/233] wip Signed-off-by: Jan Kowalleck --- .github/workflows/nodejs.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/nodejs.yml b/.github/workflows/nodejs.yml index c6c3ca2e8..33b32ba93 100644 --- a/.github/workflows/nodejs.yml +++ b/.github/workflows/nodejs.yml @@ -4,8 +4,7 @@ name: Node CI on: push: - # TODO: remove 1.0-dev after dev-merge - branches: ["master", "1.0-dev"] + branches: [ master ] pull_request: workflow_dispatch: From 400679bb729b26a4361ac0c3b59acdcb67332380 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sun, 10 Apr 2022 14:57:36 +0200 Subject: [PATCH 057/233] WIP Signed-off-by: Jan Kowalleck --- test/_data/serialize.js | 2 +- test/_data/serializeResults/complex-spec1.4.txt | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/test/_data/serialize.js b/test/_data/serialize.js index 82705d69b..846d0bfd6 100644 --- a/test/_data/serialize.js +++ b/test/_data/serialize.js @@ -89,7 +89,7 @@ function createComplexStructure() { })(new Models.OrganizationalContact())) component.swid = new Models.SWID('some-tag', 'dummy-component') component.swid.version = '1337-beta' - component.swid.path = true + component.swid.patch = true component.swid.text = new Models.Attachment('some context') component.swid.text.contentType = 'some context type' component.swid.text.encoding = Enums.AttachmentEncoding.Base64 diff --git a/test/_data/serializeResults/complex-spec1.4.txt b/test/_data/serializeResults/complex-spec1.4.txt index 9f33dd6b3..f944c887b 100644 --- a/test/_data/serializeResults/complex-spec1.4.txt +++ b/test/_data/serializeResults/complex-spec1.4.txt @@ -105,6 +105,7 @@ "tagId": "some-tag", "name": "dummy-component", "version": "1337-beta", + "patch": true, "text": { "content": "some context", "contentType": "some context type", From c6cb0929bf9a3d9c69b5e4a6fb3babb980125a3f Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sun, 10 Apr 2022 15:05:05 +0200 Subject: [PATCH 058/233] WIP Signed-off-by: Jan Kowalleck --- test/_data/serialize.js | 10 +- test/_data/serializeResults/.editorconfig | 8 -- test/_data/serializeResults/.gitattributes | 1 - .../serializeResults/complex-spec1.4.json | 125 ++++++++++++++++++ .../serializeResults/complex-spec1.4.txt | 125 ------------------ test/integration/serialize.JSON.test.js | 5 +- 6 files changed, 135 insertions(+), 139 deletions(-) delete mode 100644 test/_data/serializeResults/.editorconfig delete mode 100644 test/_data/serializeResults/.gitattributes create mode 100644 test/_data/serializeResults/complex-spec1.4.json delete mode 100644 test/_data/serializeResults/complex-spec1.4.txt diff --git a/test/_data/serialize.js b/test/_data/serialize.js index 846d0bfd6..ec0bd8ffe 100644 --- a/test/_data/serialize.js +++ b/test/_data/serialize.js @@ -8,12 +8,14 @@ const {Enums, Models, Spec} = require('../../') /** * @param {string} purpose * @param {Spec.Version} spec + * @param {string} format + * @param {BufferEncoding} [encoding] * @return {string} */ -function serializeResults(purpose, spec) { +function serializeResults(purpose, spec, format, encoding='utf-8') { return fs.readFileSync( - path.resolve(__dirname, 'serializeResults', `${purpose}-spec${spec}.txt`) - ).toString() + path.resolve(__dirname, 'serializeResults', `${purpose}-spec${spec}.${format}`) + ).toString(encoding) } module.exports.serializeResults = serializeResults @@ -81,7 +83,7 @@ function createComplexStructure() { component.supplier = new Models.OrganizationalEntity() component.supplier.name = 'Component Supplier' component.supplier.url.add(new URL('https://localhost/componentSupplier')) - component.supplier.contact.add((function (contact){ + component.supplier.contact.add((function (contact) { contact.name = 'Franz' contact.email = 'franz-aus-bayern@komplett.verwahrlosten.taxi' contact.phone = '555-732378879' diff --git a/test/_data/serializeResults/.editorconfig b/test/_data/serializeResults/.editorconfig deleted file mode 100644 index 2f021be91..000000000 --- a/test/_data/serializeResults/.editorconfig +++ /dev/null @@ -1,8 +0,0 @@ -# data in this dir is to be treated as is - like binary -root = true - -[*.txt] -charset = utf-8 -insert_final_newline = false -trim_trailing_whitespace = false -indent_size = 0 diff --git a/test/_data/serializeResults/.gitattributes b/test/_data/serializeResults/.gitattributes deleted file mode 100644 index 50ba71811..000000000 --- a/test/_data/serializeResults/.gitattributes +++ /dev/null @@ -1 +0,0 @@ -*.txt binary eol=lf diff --git a/test/_data/serializeResults/complex-spec1.4.json b/test/_data/serializeResults/complex-spec1.4.json new file mode 100644 index 000000000..8b861d888 --- /dev/null +++ b/test/_data/serializeResults/complex-spec1.4.json @@ -0,0 +1,125 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.4", + "version": 7, + "serialNumber": "urn:uuid:12345678-1234-1234-1234-123456789012", + "metadata": { + "timestamp": "2001-05-23T13:37:42.000Z", + "tools": [ + { + "vendor": "tool vendor", + "name": "tool name", + "version": "0.8.15", + "hashes": [ + { + "alg": "MD5", + "content": "f32a26e2a3a8aa338cd77b6e1263c535" + } + ] + } + ], + "authors": [ + { + "name": "Jane \"the-author\" Doe", + "email": "cdx-author@mailinator.com" + } + ], + "component": { + "type": "library", + "name": "Root Component", + "version": "", + "bom-ref": "dummy.metadata.component" + }, + "manufacture": { + "name": "meta manufacture", + "url": [ + "https://meta-manufacture.xmpl/" + ] + }, + "supplier": { + "name": "meta supplier", + "url": [ + "https://meta-supplier.xmpl/" + ], + "contact": [ + { + "name": "John \"the-supplier\" Doe", + "email": "cdx-supplier@mailinator.com" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "dummy-component", + "group": "acme", + "version": "1337-beta", + "bom-ref": "dummy-component", + "supplier": { + "name": "Component Supplier", + "url": [ + "https://localhost/componentSupplier" + ], + "contact": [ + { + "name": "Franz", + "email": "franz-aus-bayern@komplett.verwahrlosten.taxi", + "phone": "555-732378879" + } + ] + }, + "author": "component's author", + "publisher": "the publisher", + "description": "this is a test component", + "scope": "required", + "hashes": [ + { + "alg": "SHA-1", + "content": "e6f36746ccba42c288acf906e636bb278eaeb7e8" + } + ], + "licenses": [ + { + "license": { + "name": "some other", + "text": "Some\nlicense\ntext.", + "url": "https://localhost/license" + } + }, + { + "license": { + "id": "MIT", + "text": "MIT License\n...\nTHE SOFTWARE IS PROVIDED \"AS IS\"...", + "url": "https://spdx.org/licenses/MIT.html" + } + }, + { + "expression": "MIT or other" + } + ], + "copyright": "(c) acme", + "purl": "pkg:npm/acme/dummy-component@1337-beta", + "swid": { + "tagId": "some-tag", + "name": "dummy-component", + "version": "1337-beta", + "patch": true, + "text": { + "content": "some context", + "contentType": "some context type", + "encoding": "base64" + }, + "url": "https://localhost/swid" + }, + "externalReferences": [ + { + "url": "https://localhost/acme", + "type": "website", + "comment": "testing" + } + ] + } + ] +} diff --git a/test/_data/serializeResults/complex-spec1.4.txt b/test/_data/serializeResults/complex-spec1.4.txt deleted file mode 100644 index f944c887b..000000000 --- a/test/_data/serializeResults/complex-spec1.4.txt +++ /dev/null @@ -1,125 +0,0 @@ -{ - "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", - "bomFormat": "CycloneDX", - "specVersion": "1.4", - "version": 7, - "serialNumber": "urn:uuid:12345678-1234-1234-1234-123456789012", - "metadata": { - "timestamp": "2001-05-23T13:37:42.000Z", - "tools": [ - { - "vendor": "tool vendor", - "name": "tool name", - "version": "0.8.15", - "hashes": [ - { - "alg": "MD5", - "content": "f32a26e2a3a8aa338cd77b6e1263c535" - } - ] - } - ], - "authors": [ - { - "name": "Jane \"the-author\" Doe", - "email": "cdx-author@mailinator.com" - } - ], - "component": { - "type": "library", - "name": "Root Component", - "version": "", - "bom-ref": "dummy.metadata.component" - }, - "manufacture": { - "name": "meta manufacture", - "url": [ - "https://meta-manufacture.xmpl/" - ] - }, - "supplier": { - "name": "meta supplier", - "url": [ - "https://meta-supplier.xmpl/" - ], - "contact": [ - { - "name": "John \"the-supplier\" Doe", - "email": "cdx-supplier@mailinator.com" - } - ] - } - }, - "components": [ - { - "type": "library", - "name": "dummy-component", - "group": "acme", - "version": "1337-beta", - "bom-ref": "dummy-component", - "supplier": { - "name": "Component Supplier", - "url": [ - "https://localhost/componentSupplier" - ], - "contact": [ - { - "name": "Franz", - "email": "franz-aus-bayern@komplett.verwahrlosten.taxi", - "phone": "555-732378879" - } - ] - }, - "author": "component's author", - "publisher": "the publisher", - "description": "this is a test component", - "scope": "required", - "hashes": [ - { - "alg": "SHA-1", - "content": "e6f36746ccba42c288acf906e636bb278eaeb7e8" - } - ], - "licenses": [ - { - "license": { - "name": "some other", - "text": "Some\nlicense\ntext.", - "url": "https://localhost/license" - } - }, - { - "license": { - "id": "MIT", - "text": "MIT License\n...\nTHE SOFTWARE IS PROVIDED \"AS IS\"...", - "url": "https://spdx.org/licenses/MIT.html" - } - }, - { - "expression": "MIT or other" - } - ], - "copyright": "(c) acme", - "purl": "pkg:npm/acme/dummy-component@1337-beta", - "swid": { - "tagId": "some-tag", - "name": "dummy-component", - "version": "1337-beta", - "patch": true, - "text": { - "content": "some context", - "contentType": "some context type", - "encoding": "base64" - }, - "url": "https://localhost/swid" - }, - "externalReferences": [ - { - "url": "https://localhost/acme", - "type": "website", - "comment": "testing" - } - ] - } - ] -} \ No newline at end of file diff --git a/test/integration/serialize.JSON.test.js b/test/integration/serialize.JSON.test.js index df3d1959a..024ea814d 100644 --- a/test/integration/serialize.JSON.test.js +++ b/test/integration/serialize.JSON.test.js @@ -25,7 +25,10 @@ describe('JSON serialize', () => { const serialized = serializer.serialize(this.bom) // TODO: outsource this content - assert.strictEqual(serialized, serializeResults('complex', spec.version)) + assert.deepStrictEqual( + JSON.parse(serialized), + JSON.parse(serializeResults('complex', spec.version, 'json')) + ) }) // TODO add more tests From 086e46d7f24f0cf5803f628d1c7f7ac9432bdaba Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sun, 10 Apr 2022 15:05:54 +0200 Subject: [PATCH 059/233] WIP Signed-off-by: Jan Kowalleck --- test/integration/serialize.JSON.test.js | 1 - 1 file changed, 1 deletion(-) diff --git a/test/integration/serialize.JSON.test.js b/test/integration/serialize.JSON.test.js index 024ea814d..cc7546d15 100644 --- a/test/integration/serialize.JSON.test.js +++ b/test/integration/serialize.JSON.test.js @@ -24,7 +24,6 @@ describe('JSON serialize', () => { it('can serialize', function () { const serialized = serializer.serialize(this.bom) - // TODO: outsource this content assert.deepStrictEqual( JSON.parse(serialized), JSON.parse(serializeResults('complex', spec.version, 'json')) From c444a9a957b3bf90d160d5b2f7980e586fe32653 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sun, 10 Apr 2022 15:13:47 +0200 Subject: [PATCH 060/233] WIP Signed-off-by: Jan Kowalleck --- src/models/license.ts | 4 ++-- src/serialize/JSON.ts | 8 ++++++-- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/src/models/license.ts b/src/models/license.ts index 5500443d7..288a3bb63 100644 --- a/src/models/license.ts +++ b/src/models/license.ts @@ -10,7 +10,7 @@ export class LicenseExpression { export class NamedLicense { name: string - text: string | null = null + text: string | null = null // TODO / FIXME: text is attachment url: URL | null = null constructor(name: string) { @@ -19,7 +19,7 @@ export class NamedLicense { } export class SpdxLicense { - text: string | null = null + text: string | null = null // TODO / FIXME: text is atyachment url: URL | null = null constructor(id: SpdxId) { diff --git a/src/serialize/JSON.ts b/src/serialize/JSON.ts index 7a222e599..f90c162f3 100644 --- a/src/serialize/JSON.ts +++ b/src/serialize/JSON.ts @@ -277,7 +277,9 @@ export namespace Normalize { private normalizeNamedLicense = (data: Models.NamedLicense): object => ({ license: { name: data.name, - text: data.text || undefined, + text: data.text + ? this.factory.makeForAttachment().normalize(data.text) + > undefined, url: data.url?.toString(), } }); @@ -285,7 +287,9 @@ export namespace Normalize { private normalizeSpdxLicense = (data: Models.SpdxLicense): object => ({ license: { id: data.id, - text: data.text || undefined, + text: data.text + ? this.factory.makeForAttachment().normalize(data.text) + > undefined, url: data.url?.toString(), } }); From b1620ef61830c95519e3448b0727db4fe37c7a88 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sun, 10 Apr 2022 21:04:31 +0200 Subject: [PATCH 061/233] WIP Signed-off-by: Jan Kowalleck --- src/models/license.ts | 5 +++-- src/serialize/JSON.ts | 4 ++-- test/_data/serialize.js | 10 +++++++--- test/_data/serializeResults/complex-spec1.4.json | 14 +++++++++++--- 4 files changed, 23 insertions(+), 10 deletions(-) diff --git a/src/models/license.ts b/src/models/license.ts index 288a3bb63..84213b20f 100644 --- a/src/models/license.ts +++ b/src/models/license.ts @@ -1,4 +1,5 @@ import {isSpdxId, SpdxId} from '../SPDX' +import {Attachment} from './attachment' export class LicenseExpression { value: string @@ -10,7 +11,7 @@ export class LicenseExpression { export class NamedLicense { name: string - text: string | null = null // TODO / FIXME: text is attachment + text: Attachment | null = null url: URL | null = null constructor(name: string) { @@ -19,7 +20,7 @@ export class NamedLicense { } export class SpdxLicense { - text: string | null = null // TODO / FIXME: text is atyachment + text: Attachment | null = null url: URL | null = null constructor(id: SpdxId) { diff --git a/src/serialize/JSON.ts b/src/serialize/JSON.ts index f90c162f3..27ababf41 100644 --- a/src/serialize/JSON.ts +++ b/src/serialize/JSON.ts @@ -279,7 +279,7 @@ export namespace Normalize { name: data.name, text: data.text ? this.factory.makeForAttachment().normalize(data.text) - > undefined, + : undefined, url: data.url?.toString(), } }); @@ -289,7 +289,7 @@ export namespace Normalize { id: data.id, text: data.text ? this.factory.makeForAttachment().normalize(data.text) - > undefined, + : undefined, url: data.url?.toString(), } }); diff --git a/test/_data/serialize.js b/test/_data/serialize.js index ec0bd8ffe..ca0ebb3aa 100644 --- a/test/_data/serialize.js +++ b/test/_data/serialize.js @@ -67,16 +67,20 @@ function createComplexStructure() { component.group = 'acme' component.hashes.set(Enums.HashAlgorithm['SHA-1'], 'e6f36746ccba42c288acf906e636bb278eaeb7e8') component.licenses.add((function (license) { - license.text = `Some\nlicense\ntext.` + license.text = new Models.Attachment('U29tZQpsaWNlbnNlCnRleHQu') + license.text.contentType = 'text/plain' + license.text.encoding = Enums.AttachmentEncoding.Base64 license.url = new URL('https://localhost/license') return license })(new Models.NamedLicense('some other'))) component.licenses.add((function (license) { - license.text = `MIT License\n...\nTHE SOFTWARE IS PROVIDED "AS IS"...` + license.text = new Models.Attachment('TUlUIExpY2Vuc2UKLi4uClRIRSBTT0ZUV0FSRSBJUyBQUk9WSURFRCAiQVMgSVMiLi4u') + license.text.contentType = 'text/plain' + license.text.encoding = Enums.AttachmentEncoding.Base64 license.url = new URL('https://spdx.org/licenses/MIT.html') return license })(new Models.SpdxLicense('MIT'))) - component.licenses.add(new Models.LicenseExpression('MIT or other')) + component.licenses.add(new Models.LicenseExpression('(MIT or Apache-2.0)')) component.publisher = 'the publisher' component.purl = new PackageURL('npm', 'acme', 'dummy-component', '1337-beta') component.scope = Enums.ComponentScope.Required diff --git a/test/_data/serializeResults/complex-spec1.4.json b/test/_data/serializeResults/complex-spec1.4.json index 8b861d888..50041b76e 100644 --- a/test/_data/serializeResults/complex-spec1.4.json +++ b/test/_data/serializeResults/complex-spec1.4.json @@ -84,19 +84,27 @@ { "license": { "name": "some other", - "text": "Some\nlicense\ntext.", + "text": { + "content": "U29tZQpsaWNlbnNlCnRleHQu", + "contentType": "text/plain", + "encoding": "base64" + }, "url": "https://localhost/license" } }, { "license": { "id": "MIT", - "text": "MIT License\n...\nTHE SOFTWARE IS PROVIDED \"AS IS\"...", + "text": { + "content": "TUlUIExpY2Vuc2UKLi4uClRIRSBTT0ZUV0FSRSBJUyBQUk9WSURFRCAiQVMgSVMiLi4u", + "contentType": "text/plain", + "encoding": "base64" + }, "url": "https://spdx.org/licenses/MIT.html" } }, { - "expression": "MIT or other" + "expression": "(MIT or Apache-2.0)" } ], "copyright": "(c) acme", From f3bb641faa4161ceaa04ced85197bae85301f111 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sun, 10 Apr 2022 21:08:53 +0200 Subject: [PATCH 062/233] WIP Signed-off-by: Jan Kowalleck --- res/jsf-0.82.schema.json | 244 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 244 insertions(+) create mode 100644 res/jsf-0.82.schema.json diff --git a/res/jsf-0.82.schema.json b/res/jsf-0.82.schema.json new file mode 100644 index 000000000..20f16f9c3 --- /dev/null +++ b/res/jsf-0.82.schema.json @@ -0,0 +1,244 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "http://cyclonedx.org/schema/jsf-0.82.schema.json", + "type": "object", + "title": "JSON Signature Format (JSF) standard", + "$comment" : "JSON Signature Format schema is published under the terms of the Apache License 2.0. JSF was developed by Anders Rundgren (anders.rundgren.net@gmail.com) as a part of the OpenKeyStore project. This schema supports the entirely of the JSF standard excluding 'extensions'.", + "definitions": { + "signature": { + "type": "object", + "title": "Signature", + "oneOf": [ + { + "additionalProperties": false, + "properties": { + "signers": { + "type": "array", + "title": "Signature", + "description": "Unique top level property for Multiple Signatures. (multisignature)", + "additionalItems": false, + "items": {"$ref": "#/definitions/signer"} + } + } + }, + { + "additionalProperties": false, + "properties": { + "chain": { + "type": "array", + "title": "Signature", + "description": "Unique top level property for Signature Chains. (signaturechain)", + "additionalItems": false, + "items": {"$ref": "#/definitions/signer"} + } + } + }, + { + "title": "Signature", + "description": "Unique top level property for simple signatures. (signaturecore)", + "$ref": "#/definitions/signer" + } + ] + }, + "signer": { + "type": "object", + "title": "Signature", + "required": [ + "algorithm", + "value" + ], + "additionalProperties": false, + "properties": { + "algorithm": { + "oneOf": [ + { + "type": "string", + "title": "Algorithm", + "description": "Signature algorithm. The currently recognized JWA [RFC7518] and RFC8037 [RFC8037] asymmetric key algorithms. Note: Unlike RFC8037 [RFC8037] JSF requires explicit Ed* algorithm names instead of \"EdDSA\".", + "enum": [ + "RS256", + "RS384", + "RS512", + "PS256", + "PS384", + "PS512", + "ES256", + "ES384", + "ES512", + "Ed25519", + "Ed448", + "HS256", + "HS384", + "HS512" + ] + }, + { + "type": "string", + "title": "Algorithm", + "description": "Signature algorithm. Note: If proprietary signature algorithms are added, they must be expressed as URIs.", + "format": "uri" + } + ] + }, + "keyId": { + "type": "string", + "title": "Key ID", + "description": "Optional. Application specific string identifying the signature key." + }, + "publicKey": { + "title": "Public key", + "description": "Optional. Public key object.", + "$ref": "#/definitions/publicKey" + }, + "certificatePath": { + "type": "array", + "title": "Certificate path", + "description": "Optional. Sorted array of X.509 [RFC5280] certificates, where the first element must contain the signature certificate. The certificate path must be contiguous but is not required to be complete.", + "additionalItems": false, + "items": { + "type": "string" + } + }, + "excludes": { + "type": "array", + "title": "Excludes", + "description": "Optional. Array holding the names of one or more application level properties that must be excluded from the signature process. Note that the \"excludes\" property itself, must also be excluded from the signature process. Since both the \"excludes\" property and the associated data it points to are unsigned, a conforming JSF implementation must provide options for specifying which properties to accept.", + "additionalItems": false, + "items": { + "type": "string" + } + }, + "value": { + "type": "string", + "title": "Signature", + "description": "The signature data. Note that the binary representation must follow the JWA [RFC7518] specifications." + } + } + }, + "keyType": { + "type": "string", + "title": "Key type", + "description": "Key type indicator.", + "enum": [ + "EC", + "OKP", + "RSA" + ] + }, + "publicKey": { + "title": "Public key", + "description": "Optional. Public key object.", + "type": "object", + "required": [ + "kty" + ], + "additionalProperties": true, + "properties": { + "kty": { + "$ref": "#/definitions/keyType" + } + }, + "allOf": [ + { + "if": { + "properties": { "kty": { "const": "EC" } } + }, + "then": { + "required": [ + "kty", + "crv", + "x", + "y" + ], + "additionalProperties": false, + "properties": { + "kty": { + "$ref": "#/definitions/keyType" + }, + "crv": { + "type": "string", + "title": "Curve name", + "description": "EC curve name.", + "enum": [ + "P-256", + "P-384", + "P-521" + ] + }, + "x": { + "type": "string", + "title": "Coordinate", + "description": "EC curve point X. The length of this field must be the full size of a coordinate for the curve specified in the \"crv\" parameter. For example, if the value of \"crv\" is \"P-521\", the decoded argument must be 66 bytes." + }, + "y": { + "type": "string", + "title": "Coordinate", + "description": "EC curve point Y. The length of this field must be the full size of a coordinate for the curve specified in the \"crv\" parameter. For example, if the value of \"crv\" is \"P-256\", the decoded argument must be 32 bytes." + } + } + } + }, + { + "if": { + "properties": { "kty": { "const": "OKP" } } + }, + "then": { + "required": [ + "kty", + "crv", + "x" + ], + "additionalProperties": false, + "properties": { + "kty": { + "$ref": "#/definitions/keyType" + }, + "crv": { + "type": "string", + "title": "Curve name", + "description": "EdDSA curve name.", + "enum": [ + "Ed25519", + "Ed448" + ] + }, + "x": { + "type": "string", + "title": "Coordinate", + "description": "EdDSA curve point X. The length of this field must be the full size of a coordinate for the curve specified in the \"crv\" parameter. For example, if the value of \"crv\" is \"Ed25519\", the decoded argument must be 32 bytes." + } + } + } + }, + { + "if": { + "properties": { "kty": { "const": "RSA" } } + }, + "then": { + "required": [ + "kty", + "n", + "e" + ], + "additionalProperties": false, + "properties": { + "kty": { + "$ref": "#/definitions/keyType" + }, + "n": { + "type": "string", + "title": "Modulus", + "description": "RSA modulus." + }, + "e": { + "type": "string", + "title": "Exponent", + "description": "RSA exponent." + } + } + } + } + ] + } + } +} From 255620d4934602f9c33f0ff9bb223eee19ffcbdf Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Mon, 11 Apr 2022 21:20:50 +0200 Subject: [PATCH 063/233] test ubuntu only. should be good for now Signed-off-by: Jan Kowalleck --- .github/workflows/nodejs.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/nodejs.yml b/.github/workflows/nodejs.yml index 33b32ba93..bc548c7d7 100644 --- a/.github/workflows/nodejs.yml +++ b/.github/workflows/nodejs.yml @@ -59,7 +59,10 @@ jobs: - "16" # active LTS - "14" - "14.0.0" # lowest supported - os: [ "ubuntu-latest", "macos-latest", "windows-latest" ] + os: + - ubuntu-latest + # - macos-latest + # - windows-latest timeout-minutes: 30 steps: - name: Checkout From 8f7d6c56523ef57f6563fadc57660fffb77f4986 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Tue, 12 Apr 2022 20:37:26 +0200 Subject: [PATCH 064/233] WIP Signed-off-by: Jan Kowalleck --- res/.editorconfig | 1 + res/.gitattributes | 1 - res/README.md | 27 + res/bom-1.0.SNAPSHOT.xsd | 247 ++ res/bom-1.1.SNAPSHOT.xsd | 731 ++++++ res/bom-1.2-strict.SNAPSHOT.schema.json | 1026 ++++++++ res/bom-1.2.SNAPSHOT.schema.json | 997 ++++++++ res/bom-1.2.SNAPSHOT.xsd | 1418 +++++++++++ res/bom-1.3-strict.SNAPSHOT.schema.json | 1085 +++++++++ res/bom-1.3.SNAPSHOT.schema.json | 1054 +++++++++ res/bom-1.3.SNAPSHOT.xsd | 1631 +++++++++++++ res/spdx.SNAPSHOT.schema.json | 916 ++++---- res/spdx.SNAPSHOT.xsd | 2086 +++++++++-------- src/index.ts | 2 +- src/models/bom.ts | 22 +- src/models/component.ts | 20 +- src/serialize/JSON.ts | 17 +- src/spec.ts | 167 +- src/types/CPE.ts | 12 + src/types/MimeType.ts | 8 + src/{types.ts => types/PositiveInteger.ts} | 0 src/types/UrnUuid.ts | 12 + src/types/index.ts | 4 + test/_data/serialize.js | 1 + .../serializeResults/complex-spec1.2.json | 134 ++ .../serializeResults/complex-spec1.3.json | 134 ++ .../serializeResults/complex-spec1.4.json | 1 + test/integration/serialize.JSON.test.js | 3 +- 28 files changed, 10280 insertions(+), 1477 deletions(-) create mode 100644 res/README.md create mode 100644 res/bom-1.0.SNAPSHOT.xsd create mode 100644 res/bom-1.1.SNAPSHOT.xsd create mode 100644 res/bom-1.2-strict.SNAPSHOT.schema.json create mode 100644 res/bom-1.2.SNAPSHOT.schema.json create mode 100644 res/bom-1.2.SNAPSHOT.xsd create mode 100644 res/bom-1.3-strict.SNAPSHOT.schema.json create mode 100644 res/bom-1.3.SNAPSHOT.schema.json create mode 100644 res/bom-1.3.SNAPSHOT.xsd create mode 100644 src/types/CPE.ts create mode 100644 src/types/MimeType.ts rename src/{types.ts => types/PositiveInteger.ts} (100%) create mode 100644 src/types/UrnUuid.ts create mode 100644 src/types/index.ts create mode 100644 test/_data/serializeResults/complex-spec1.2.json create mode 100644 test/_data/serializeResults/complex-spec1.3.json diff --git a/res/.editorconfig b/res/.editorconfig index f78a1069c..4396f3c5e 100644 --- a/res/.editorconfig +++ b/res/.editorconfig @@ -8,3 +8,4 @@ trim_trailing_whitespace = false indent_size = 2 indent_style = space trim_trailing_whitespace = false + diff --git a/res/.gitattributes b/res/.gitattributes index 037071b63..41a9eb424 100644 --- a/res/.gitattributes +++ b/res/.gitattributes @@ -1,4 +1,3 @@ - # snapshots are vendored for offline use *.SNAPSHOT.* linguist-vendored diff --git a/res/README.md b/res/README.md new file mode 100644 index 000000000..d2a5fdf99 --- /dev/null +++ b/res/README.md @@ -0,0 +1,27 @@ +# Resources + +These resources are shipped with the library. + +## Schema files + +some schema for offline use. +original sources: https://github.com/CycloneDX/specification/tree/master/schema + +Currently using version +[82bf9e30ba3fd6413e72a0e66adce2cdf3354f32](https://github.com/CycloneDX/specification/tree/82bf9e30ba3fd6413e72a0e66adce2cdf3354f32) + +| file | note | +| --- | --- | +| [`bom-1.0.SNAPSHOT.xsd`](bom-1.0.SNAPSHOT.xsd) | `http://cyclonedx.org/schema/spdx` was replaced with `spdx.SNAPSHOT.xsd` | +| [`bom-1.1.SNAPSHOT.xsd`](bom-1.1.SNAPSHOT.xsd) | `http://cyclonedx.org/schema/spdx` was replaced with `spdx.SNAPSHOT.xsd` | +| [`bom-1.2.SNAPSHOT.xsd`](bom-1.2.SNAPSHOT.xsd) | `http://cyclonedx.org/schema/spdx` was replaced with `spdx.SNAPSHOT.xsd` | +| [`bom-1.3.SNAPSHOT.xsd`](bom-1.3.SNAPSHOT.xsd) | `http://cyclonedx.org/schema/spdx` was replaced with `spdx.SNAPSHOT.xsd` | +| [`bom-1.4.SNAPSHOT.xsd`](bom-1.4.SNAPSHOT.xsd) | `http://cyclonedx.org/schema/spdx` was replaced with `spdx.SNAPSHOT.xsd` | +| [`bom-1.2.SNAPSHOT.schema.json`](bom-1.2.SNAPSHOT.schema.json) | `spdx.schema.json` was replaced with `spdx.SNAPSHOT.schema.json` | +| [`bom-1.3.SNAPSHOT.schema.json`](bom-1.3.SNAPSHOT.schema.json) | `spdx.schema.json` was replaced with `spdx.SNAPSHOT.schema.json` | +| [`bom-1.4.SNAPSHOT.schema.json`](bom-1.4.SNAPSHOT.schema.json) | `spdx.schema.json` was replaced with `spdx.SNAPSHOT.schema.json` | +| [`bom-1.2-strict.SNAPSHOT.schema.json`](bom-1.2-strict.SNAPSHOT.schema.json) | `spdx.schema.json` was replaced with `spdx.SNAPSHOT.schema.json` | +| [`bom-1.3-strict.SNAPSHOT.schema.json`](bom-1.3-strict.SNAPSHOT.schema.json) | `spdx.schema.json` was replaced with `spdx.SNAPSHOT.schema.json` | +| [`spdx.SNAPSHOT.xsd`](spdx.SNAPSHOT.xsd) | | +| [`spdx.SNAPSHOT.schema.json`](spdx.SNAPSHOT.schema.json) | | +| [`jsf-0.82.schema.json`](jsf-0.82.schema.json) | | diff --git a/res/bom-1.0.SNAPSHOT.xsd b/res/bom-1.0.SNAPSHOT.xsd new file mode 100644 index 000000000..64d0e33f9 --- /dev/null +++ b/res/bom-1.0.SNAPSHOT.xsd @@ -0,0 +1,247 @@ + + + + + + + + + + The person(s) or organization(s) that published the component + + + + + The grouping name or identifier. This will often be a shortened, single + name of the company or project that produced the component, or the source package or + domain name. Whitespace and special characters should be avoided. Examples include: + apache, org.apache.commons, and apache.org. + + + + + The name of the component. This will often be a shortened, single name + of the component. Examples: commons-lang3 and jquery + + + + + The component version. The version should ideally comply with semantic versioning + but is not enforced. + + + + + Specifies a description for the component + + + + + Specifies the scope of the component. If scope is not specified, 'runtime' + scope will be assumed. + + + + + + + + + + + + + + + + + + + A valid SPDX license ID + + + + + If SPDX does not define the license used, this field may be used to provide the license name + + + + + + + + + + + + An optional copyright notice informing users of the underlying claims to copyright ownership in a published work. + + + + + Specifies a well-formed CPE name. See https://nvd.nist.gov/products/cpe + + + + + + Specifies the package-url (PURL). The purl, if specified, must be valid and conform + to the specification defined at: https://github.com/package-url/purl-spec + + + + + + + A boolean value indicating is the component has been modified from the original. + A value of true indicates the component is a derivative of the original. + A value of false indicates the component has not been modified from the original. + + + + + + + Specifies optional sub-components. This is not a dependency tree. It simply provides + an optional way to group large sets of components together. + + + + + + + + + + + + + Specifies the type of component. Software applications, libraries, frameworks, and + other dependencies should be classified as 'application'. + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + Specifies the file hash of the component + + + + + + Specifies the algorithm used to create hash + + + + + + + + + + + The component is required for runtime + + + + + The component is optional at runtime. Optional components are components that + are not capable of being called due to them not be installed or otherwise accessible by any means. + Components that are installed but due to configuration or other restrictions are prohibited from + being called must be scoped as 'required'. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Define the format for acceptable CPE URIs. Supports CPE 2.2 and CPE 2.3 formats. Refer to https://nvd.nist.gov/products/cpe for official specification. + + + + + + + + + + + + + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + The version allows component publishers/authors to make changes to existing + BOMs to update various aspects of the document such as description or licenses. When a system + is presented with multiiple BOMs for the same component, the system should use the most recent + version of the BOM. The default version is '1' and should be incremented for each version of the + BOM that is published. Each version of a component should have a unique BOM and if no changes are + made to the BOMs, then each BOM will have a version of '1'. + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + \ No newline at end of file diff --git a/res/bom-1.1.SNAPSHOT.xsd b/res/bom-1.1.SNAPSHOT.xsd new file mode 100644 index 000000000..8ddbaf62d --- /dev/null +++ b/res/bom-1.1.SNAPSHOT.xsd @@ -0,0 +1,731 @@ + + + + + + + + + CycloneDX Software Bill-of-Material Specification + https://cyclonedx.org/ + Apache License, Version 2.0 + + Steve Springett + + + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + The person(s) or organization(s) that published the component + + + + + The grouping name or identifier. This will often be a shortened, single + name of the company or project that produced the component, or the source package or + domain name. Whitespace and special characters should be avoided. Examples include: + apache, org.apache.commons, and apache.org. + + + + + The name of the component. This will often be a shortened, single name + of the component. Examples: commons-lang3 and jquery + + + + + The component version. The version should ideally comply with semantic versioning + but is not enforced. + + + + + Specifies a description for the component + + + + + Specifies the scope of the component. If scope is not specified, 'runtime' + scope should be assumed by the consumer of the BOM + + + + + + + + + + + + + + + + A valid SPDX license expression. + Refer to https://spdx.org/specifications for syntax requirements + + + + + + + + An optional copyright notice informing users of the underlying claims to + copyright ownership in a published work. + + + + + + DEPRECATED - DO NOT USE. This will be removed in a future version. + Specifies a well-formed CPE name. See https://nvd.nist.gov/products/cpe + + + + + + + Specifies the package-url (PURL). The purl, if specified, must be valid and conform + to the specification defined at: https://github.com/package-url/purl-spec + + + + + + + DEPRECATED - DO NOT USE. This will be removed in a future version. Use the pedigree + element instead to supply information on exactly how the component was modified. + A boolean value indicating is the component has been modified from the original. + A value of true indicates the component is a derivative of the original. + A value of false indicates the component has not been modified from the original. + + + + + + + Component pedigree is a way to document complex supply chain scenarios where components are + created, distributed, modified, redistributed, combined with other components, etc. + + + + + + Provides the ability to document external references related to the + component or to the project the component describes. + + + + + + Specifies optional sub-components. This is not a dependency tree. It provides a way + to specify a hierarchical representation of component assemblies, similar to + system -> subsystem -> parts assembly in physical supply chains. + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + Specifies the type of component. For software components, classify as application if no more + specific appropriate classification is available or cannot be determined for the component. + Valid choices are: application, framework, library, operating-system, device, or file + Refer to the bom:classification documentation for information describing each one + + + + + + + An optional identifier which can be used to reference the component elsewhere in the BOM. + Uniqueness is enforced within all elements and children of the root-level bom element. + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + + A valid SPDX license ID + + + + + If SPDX does not define the license used, this field may be used to provide the license name + + + + + + Specifies the optional full text of the license + + + + + The URL to the license file. If specified, a 'license' + externalReference should also be specified for completeness. + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + + + + Specifies attributes of the license text + + + + Specifies the content type of the license text. Defaults to text/plain + if not specified. + + + + + + Specifies the optional encoding the license text is represented in + + + + + + + + + + Specifies the file hash of the component + + + + + + Specifies the algorithm used to create the hash + + + + + + + + + + + The component is required for runtime + + + + + The component is optional at runtime. Optional components are components that + are not capable of being called due to them not be installed or otherwise accessible by any means. + Components that are installed but due to configuration or other restrictions are prohibited from + being called must be scoped as 'required'. + + + + + Components that are excluded provide the ability to document component usage + for test and other non-runtime purposes. Excluded components are not reachable within a call + graph at runtime. + + + + + + + + + + A software application. Refer to https://en.wikipedia.org/wiki/Application_software + for information about applications. + + + + + A software framework. Refer to https://en.wikipedia.org/wiki/Software_framework + for information on how frameworks vary slightly from libraries. + + + + + A software library. Refer to https://en.wikipedia.org/wiki/Library_(computing) + for information about libraries. All third-party and open source reusable components will likely + be a library. If the library also has key features of a framework, then it should be classified + as a framework. If not, or is unknown, then specifying library is recommended. + + + + + A software operating system without regard to deployment model + (i.e. installed on physical hardware, virtual machine, container image, etc) Refer to + https://en.wikipedia.org/wiki/Operating_system + + + + + A hardware device such as a processor, or chip-set. A hardware device + containing firmware should include a component for the physical hardware itself, and another + component of type 'application' or 'operating-system' (whichever is relevant), describing + information about the firmware. + + + + + A computer file. Refer to https://en.wikipedia.org/wiki/Computer_file + for information about files. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Define the format for acceptable CPE URIs. Supports CPE 2.2 and CPE 2.3 formats. + Refer to https://nvd.nist.gov/products/cpe for official specification. + + + + + + + + + + + Defines a string representation of a UUID conforming to RFC 4122. + + + + + + + + + + + + Version Control System + + + + + Issue or defect tracking system, or an Application Lifecycle Management (ALM) system + + + + + Website + + + + + Security advisories + + + + + Bill-of-material document (CycloneDX, SPDX, SWID, etc) + + + + + Mailing list or discussion group + + + + + Social media account + + + + + Real-time chat platform + + + + + Documentation, guides, or how-to instructions + + + + + Community or commercial support + + + + + Direct or repository download location + + + + + The URL to the license file. If a license URL has been defined in the license + node, it should also be defined as an external reference for completeness + + + + + Build-system specific meta file (i.e. pom.xml, package.json, .nuspec, etc) + + + + + URL to an automated build system + + + + + Use this if no other types accurately describe the purpose of the external reference + + + + + + + + + External references provide a way to document systems, sites, and information that may be relevant + but which are not included with the BOM. + + + + + + Zero or more external references can be defined + + + + + + + + + + The URL to the external reference + + + + + An optional comment describing the external reference + + + + + + Specifies the type of external reference. There are built-in types to describe common + references. If a type does not exist for the reference being referred to, use the "other" type. + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + Zero or more commits can be specified. + + + + + Specifies an individual commit. + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + + + + A unique identifier of the commit. This may be version control + specific. For example, Subversion uses revision numbers whereas git uses commit hashes. + + + + + + The URL to the commit. This URL will typically point to a commit + in a version control system. + + + + + + The author who created the changes in the commit + + + + + The person who committed or pushed the commit + + + + + The text description of the contents of the commit + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + + + + The timestamp in which the action occurred + + + + + The name of the individual who performed the action + + + + + The email address of the individual who performed the action + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + + + Component pedigree is a way to document complex supply chain scenarios where components are created, + distributed, modified, redistributed, combined with other components, etc. Pedigree supports viewing + this complex chain from the beginning, the end, or anywhere in the middle. It also provides a way to + document variants where the exact relation may not be known. + + + + + + Describes zero or more components in which a component is derived + from. This is commonly used to describe forks from existing projects where the forked version + contains a ancestor node containing the original component it was forked from. For example, + Component A is the original component. Component B is the component being used and documented + in the BOM. However, Component B contains a pedigree node with a single ancestor documenting + Component A - the original component from which Component B is derived from. + + + + + + Descendants are the exact opposite of ancestors. This provides a + way to document all forks (and their forks) of an original or root component. + + + + + + Variants describe relations where the relationship between the + components are not known. For example, if Component A contains nearly identical code to + Component B. They are both related, but it is unclear if one is derived from the other, + or if they share a common ancestor. + + + + + + A list of zero or more commits which provide a trail describing + how the component deviates from an ancestor, descendant, or variant. + + + + + Notes, observations, and other non-structured commentary + describing the components pedigree. + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + + + + + + Provides the ability to document external references related to the BOM or + to the project the BOM describes. + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + The version allows component publishers/authors to make changes to existing + BOMs to update various aspects of the document such as description or licenses. When a system + is presented with multiple BOMs for the same component, the system should use the most recent + version of the BOM. The default version is '1' and should be incremented for each version of the + BOM that is published. Each version of a component should have a unique BOM and if no changes are + made to the BOMs, then each BOM will have a version of '1'. + + + + + Every BOM generated should have a unique serial number, even if the contents + of the BOM being generated have not changed over time. The process or tool responsible for + creating the BOM should create random UUID's for every BOM generated. + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + \ No newline at end of file diff --git a/res/bom-1.2-strict.SNAPSHOT.schema.json b/res/bom-1.2-strict.SNAPSHOT.schema.json new file mode 100644 index 000000000..627b886a4 --- /dev/null +++ b/res/bom-1.2-strict.SNAPSHOT.schema.json @@ -0,0 +1,1026 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "http://cyclonedx.org/schema/bom-1.2b.schema.json", + "type": "object", + "title": "CycloneDX Software Bill-of-Material Specification", + "$comment" : "CycloneDX JSON schema is published under the terms of the Apache License 2.0.", + "required": [ + "bomFormat", + "specVersion", + "version" + ], + "additionalProperties": false, + "properties": { + "$schema": { + "type": "string", + "enum": [ + "http://cyclonedx.org/schema/bom-1.2a.schema.json" + ] + }, + "bomFormat": { + "$id": "#/properties/bomFormat", + "type": "string", + "title": "BOM Format", + "description": "Specifies the format of the BOM. This helps to identify the file as CycloneDX since BOMs do not have a filename convention nor does JSON schema support namespaces.", + "enum": [ + "CycloneDX" + ] + }, + "specVersion": { + "$id": "#/properties/specVersion", + "type": "string", + "title": "CycloneDX Specification Version", + "description": "The version of the CycloneDX specification a BOM is written to (starting at version 1.2)", + "examples": ["1.2"] + }, + "serialNumber": { + "$id": "#/properties/serialNumber", + "type": "string", + "title": "BOM Serial Number", + "description": "Every BOM generated should have a unique serial number, even if the contents of the BOM being generated have not changed over time. The process or tool responsible for creating the BOM should create random UUID's for every BOM generated.", + "default": "", + "examples": ["urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79"], + "pattern": "^urn:uuid:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$" + }, + "version": { + "$id": "#/properties/version", + "type": "integer", + "title": "BOM Version", + "description": "The version allows component publishers/authors to make changes to existing BOMs to update various aspects of the document such as description or licenses. When a system is presented with multiple BOMs for the same component, the system should use the most recent version of the BOM. The default version is '1' and should be incremented for each version of the BOM that is published. Each version of a component should have a unique BOM and if no changes are made to the BOMs, then each BOM will have a version of '1'.", + "default": 1, + "examples": [1] + }, + "metadata": { + "$id": "#/properties/metadata", + "$ref": "#/definitions/metadata", + "title": "BOM Metadata", + "description": "Provides additional information about a BOM." + }, + "components": { + "$id": "#/properties/components", + "type": "array", + "items": {"$ref": "#/definitions/component"}, + "uniqueItems": true, + "title": "Components" + }, + "services": { + "$id": "#/properties/services", + "type": "array", + "items": {"$ref": "#/definitions/service"}, + "uniqueItems": true, + "title": "Services" + }, + "externalReferences": { + "$id": "#/properties/externalReferences", + "type": "array", + "items": {"$ref": "#/definitions/externalReference"}, + "title": "External References", + "description": "External references provide a way to document systems, sites, and information that may be relevant but which are not included with the BOM." + }, + "dependencies": { + "$id": "#/properties/dependencies", + "type": "array", + "items": {"$ref": "#/definitions/dependency"}, + "uniqueItems": true, + "title": "Dependencies", + "description": "Provides the ability to document dependency relationships." + } + }, + "definitions": { + "metadata": { + "type": "object", + "title": "BOM Metadata Object", + "additionalProperties": false, + "properties": { + "timestamp": { + "type": "string", + "format": "date-time", + "title": "Timestamp", + "description": "The date and time (timestamp) when the document was created." + }, + "tools": { + "type": "array", + "title": "Creation Tools", + "description": "The tool(s) used in the creation of the BOM.", + "items": {"$ref": "#/definitions/tool"} + }, + "authors" :{ + "type": "array", + "title": "Authors", + "description": "The person(s) who created the BOM. Authors are common in BOMs created through manual processes. BOMs created through automated means may not have authors.", + "items": {"$ref": "#/definitions/organizationalContact"} + }, + "component": { + "title": "Component", + "description": "The component that the BOM describes.", + "$ref": "#/definitions/component" + }, + "manufacture": { + "title": "Manufacture", + "description": "The organization that manufactured the component that the BOM describes.", + "$ref": "#/definitions/organizationalEntity" + }, + "supplier": { + "title": "Supplier", + "description": " The organization that supplied the component that the BOM describes. The supplier may often be the manufacture, but may also be a distributor or repackager.", + "$ref": "#/definitions/organizationalEntity" + } + } + }, + "tool": { + "type": "object", + "title": "Tool", + "description": "The tool used to create the BOM.", + "additionalProperties": false, + "properties": { + "vendor": { + "type": "string", + "format": "string", + "title": "Tool Vendor", + "description": "The date and time (timestamp) when the document was created." + }, + "name": { + "type": "string", + "format": "string", + "title": "Tool Name", + "description": "The date and time (timestamp) when the document was created." + }, + "version": { + "type": "string", + "format": "string", + "title": "Tool Version", + "description": "The date and time (timestamp) when the document was created." + }, + "hashes": { + "$id": "#/definitions/tool/properties/hashes", + "type": "array", + "items": {"$ref": "#/definitions/hash"}, + "title": "Hashes", + "description": "The hashes of the tool (if applicable)." + } + } + }, + "organizationalEntity": { + "type": "object", + "title": "Organizational Entity Object", + "description": "", + "additionalProperties": false, + "properties": { + "name": { + "type": "string", + "title": "Name", + "description": "The name of the organization", + "default": "", + "examples": [ + "Example Inc." + ], + "pattern": "^(.*)$" + }, + "url": { + "type": "array", + "title": "URL", + "description": "The URL of the organization. Multiple URLs are allowed.", + "default": "", + "examples": ["https://example.com"], + "pattern": "^(.*)$" + }, + "contact": { + "type": "array", + "title": "Contact", + "description": "A contact at the organization. Multiple contacts are allowed.", + "items": {"$ref": "#/definitions/organizationalContact"} + } + } + }, + "organizationalContact": { + "type": "object", + "title": "Organizational Contact Object", + "description": "", + "additionalProperties": false, + "properties": { + "name": { + "type": "string", + "title": "Name", + "description": "The name of a contact", + "default": "", + "examples": ["Contact name"], + "pattern": "^(.*)$" + }, + "email": { + "type": "string", + "title": "Email Address", + "description": "The email address of the contact. Multiple email addresses are allowed.", + "default": "", + "examples": ["firstname.lastname@example.com"], + "pattern": "^(.*)$" + }, + "phone": { + "type": "string", + "title": "Phone", + "description": "The phone number of the contact. Multiple phone numbers are allowed.", + "default": "", + "examples": ["800-555-1212"], + "pattern": "^(.*)$" + } + } + }, + "component": { + "type": "object", + "title": "Component Object", + "required": [ + "type", + "name", + "version" + ], + "additionalProperties": false, + "properties": { + "type": { + "type": "string", + "enum": [ + "application", + "framework", + "library", + "container", + "operating-system", + "device", + "firmware", + "file" + ], + "title": "Component Type", + "description": "Specifies the type of component. For software components, classify as application if no more specific appropriate classification is available or cannot be determined for the component.", + "default": "", + "examples": ["library"], + "pattern": "^(.*)$" + }, + "mime-type": { + "type": "string", + "title": "Mime-Type", + "description": "The optional mime-type of the component. When used on file components, the mime-type can provide additional context about the kind of file being represented such as an image, font, or executable. Some library or framework components may also have an associated mime-type.", + "default": "", + "examples": ["image/jpeg"], + "pattern": "^[-+a-z0-9.]+/[-+a-z0-9.]+$" + }, + "bom-ref": { + "type": "string", + "title": "BOM Reference", + "description": "An optional identifier which can be used to reference the component elsewhere in the BOM. Every bom-ref should be unique.", + "default": "", + "pattern": "^(.*)$" + }, + "supplier": { + "title": "Component Supplier", + "description": " The organization that supplied the component. The supplier may often be the manufacture, but may also be a distributor or repackager.", + "$ref": "#/definitions/organizationalEntity" + }, + "author": { + "type": "string", + "title": "Component Author", + "description": "The person(s) or organization(s) that authored the component", + "default": "", + "examples": ["Acme Inc"], + "pattern": "^(.*)$" + }, + "publisher": { + "type": "string", + "title": "Component Publisher", + "description": "The person(s) or organization(s) that published the component", + "default": "", + "examples": ["Acme Inc"], + "pattern": "^(.*)$" + }, + "group": { + "type": "string", + "title": "Component Group", + "description": "The grouping name or identifier. This will often be a shortened, single name of the company or project that produced the component, or the source package or domain name. Whitespace and special characters should be avoided. Examples include: apache, org.apache.commons, and apache.org.", + "default": "", + "examples": ["com.acme"], + "pattern": "^(.*)$" + }, + "name": { + "type": "string", + "title": "Component Name", + "description": "The name of the component. This will often be a shortened, single name of the component. Examples: commons-lang3 and jquery", + "default": "", + "examples": ["tomcat-catalina"], + "pattern": "^(.*)$" + }, + "version": { + "type": "string", + "title": "Component Version", + "description": "The component version. The version should ideally comply with semantic versioning but is not enforced.", + "default": "", + "examples": ["9.0.14"], + "pattern": "^(.*)$" + }, + "description": { + "type": "string", + "title": "Component Description", + "description": "Specifies a description for the component", + "default": "", + "pattern": "^(.*)$" + }, + "scope": { + "type": "string", + "enum": [ + "required", + "optional", + "excluded" + ], + "title": "Component Scope", + "description": "Specifies the scope of the component. If scope is not specified, 'required' scope should be assumed by the consumer of the BOM", + "default": "required", + "pattern": "^(.*)$" + }, + "hashes": { + "type": "array", + "title": "Component Hashes", + "items": {"$ref": "#/definitions/hash"} + }, + "licenses": { + "type": "array", + "title": "Component License(s)", + "items": { + "additionalProperties": false, + "properties": { + "license": { + "$ref": "#/definitions/license" + }, + "expression": { + "type": "string", + "title": "SPDX License Expression", + "examples": [ + "Apache-2.0 AND (MIT OR GPL-2.0-only)", + "GPL-3.0-only WITH Classpath-exception-2.0" + ], + "pattern": "^(.*)$" + } + }, + "oneOf":[ + { + "required": ["license"] + }, + { + "required": ["expression"] + } + ] + } + }, + "copyright": { + "type": "string", + "title": "Component Copyright", + "description": "An optional copyright notice informing users of the underlying claims to copyright ownership in a published work.", + "examples": ["Acme Inc"], + "pattern": "^(.*)$" + }, + "cpe": { + "type": "string", + "title": "Component Common Platform Enumeration (CPE)", + "description": "DEPRECATED - DO NOT USE. This will be removed in a future version. Specifies a well-formed CPE name. See https://nvd.nist.gov/products/cpe", + "examples": ["cpe:2.3:a:acme:component_framework:-:*:*:*:*:*:*:*"], + "pattern": "^(.*)$" + }, + "purl": { + "type": "string", + "title": "Component Package URL (purl)", + "default": "", + "examples": ["pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar"], + "pattern": "^(.*)$" + }, + "swid": { + "$ref": "#/definitions/swid", + "title": "SWID Tag", + "description": "Specifies metadata and content for ISO-IEC 19770-2 Software Identification (SWID) Tags." + }, + "modified": { + "type": "boolean", + "title": "Component Modified From Original", + "description": "DEPRECATED - DO NOT USE. This will be removed in a future version. Use the pedigree element instead to supply information on exactly how the component was modified. A boolean value indicating is the component has been modified from the original. A value of true indicates the component is a derivative of the original. A value of false indicates the component has not been modified from the original." + }, + "pedigree": { + "type": "object", + "title": "Component Pedigree", + "description": "Component pedigree is a way to document complex supply chain scenarios where components are created, distributed, modified, redistributed, combined with other components, etc. Pedigree supports viewing this complex chain from the beginning, the end, or anywhere in the middle. It also provides a way to document variants where the exact relation may not be known.", + "additionalProperties": false, + "properties": { + "ancestors": { + "type": "array", + "title": "Ancestors", + "description": "Describes zero or more components in which a component is derived from. This is commonly used to describe forks from existing projects where the forked version contains a ancestor node containing the original component it was forked from. For example, Component A is the original component. Component B is the component being used and documented in the BOM. However, Component B contains a pedigree node with a single ancestor documenting Component A - the original component from which Component B is derived from.", + "items": {"$ref": "#/definitions/component"} + }, + "descendants": { + "type": "array", + "title": "Descendants", + "description": "Descendants are the exact opposite of ancestors. This provides a way to document all forks (and their forks) of an original or root component.", + "items": {"$ref": "#/definitions/component"} + }, + "variants": { + "type": "array", + "title": "Variants", + "description": "Variants describe relations where the relationship between the components are not known. For example, if Component A contains nearly identical code to Component B. They are both related, but it is unclear if one is derived from the other, or if they share a common ancestor.", + "items": {"$ref": "#/definitions/component"} + }, + "commits": { + "type": "array", + "title": "Commits", + "description": "A list of zero or more commits which provide a trail describing how the component deviates from an ancestor, descendant, or variant.", + "items": {"$ref": "#/definitions/commit"} + }, + "patches": { + "type": "array", + "title": "Patches", + "description": ">A list of zero or more patches describing how the component deviates from an ancestor, descendant, or variant. Patches may be complimentary to commits or may be used in place of commits.", + "items": {"$ref": "#/definitions/patch"} + }, + "notes": { + "type": "string", + "title": "Notes", + "description": "Notes, observations, and other non-structured commentary describing the components pedigree.", + "pattern": "^(.*)$" + } + } + }, + "externalReferences": { + "type": "array", + "items": {"$ref": "#/definitions/externalReference"}, + "title": "External References" + }, + "components": { + "$id": "#/definitions/component/properties/components", + "type": "array", + "items": {"$ref": "#/definitions/component"}, + "uniqueItems": true, + "title": "Components" + } + } + }, + "swid": { + "type": "object", + "title": "SWID Tag", + "description": "Specifies metadata and content for ISO-IEC 19770-2 Software Identification (SWID) Tags.", + "required": [ + "tagId", + "name" + ], + "additionalProperties": false, + "properties": { + "tagId": { + "type": "string", + "title": "Tag ID", + "description": "Maps to the tagId of a SoftwareIdentity." + }, + "name": { + "type": "string", + "title": "Name", + "description": "Maps to the name of a SoftwareIdentity." + }, + "version": { + "type": "string", + "title": "Version", + "default": "0.0", + "description": "Maps to the version of a SoftwareIdentity." + }, + "tagVersion": { + "type": "integer", + "title": "Tag Version", + "default": 0, + "description": "Maps to the tagVersion of a SoftwareIdentity." + }, + "patch": { + "type": "boolean", + "title": "Patch", + "default": false, + "description": "Maps to the patch of a SoftwareIdentity." + }, + "text": { + "title": "Attachment text", + "description": "Specifies the metadata and content of the SWID tag.", + "$ref": "#/definitions/attachment" + }, + "url": { + "type": "string", + "title": "URL", + "default": "The URL to the SWID file.", + "pattern": "^(.*)$" + } + } + }, + "attachment": { + "type": "object", + "title": "Attachment", + "description": "Specifies the metadata and content for an attachment.", + "required": [ + "content" + ], + "additionalProperties": false, + "properties": { + "contentType": { + "type": "string", + "title": "Content-Type", + "description": "Specifies the content type of the text. Defaults to text/plain if not specified.", + "default": "text/plain" + }, + "encoding": { + "type": "string", + "title": "Encoding", + "description": "Specifies the optional encoding the text is represented in.", + "enum": [ + "base64" + ], + "default": "", + "pattern": "^(.*)$" + }, + "content": { + "type": "string", + "title": "Attachment Text", + "description": "The attachment data" + } + } + }, + "hash": { + "type": "object", + "title": "Hash Objects", + "required": [ + "alg", + "content" + ], + "additionalProperties": false, + "properties": { + "alg": { + "$ref": "#/definitions/hash-alg" + }, + "content": { + "$ref": "#/definitions/hash-content" + } + } + }, + "hash-alg": { + "type": "string", + "enum": [ + "MD5", + "SHA-1", + "SHA-256", + "SHA-384", + "SHA-512", + "SHA3-256", + "SHA3-384", + "SHA3-512", + "BLAKE2b-256", + "BLAKE2b-384", + "BLAKE2b-512", + "BLAKE3" + ], + "title": "Hash Algorithm", + "default": "", + "pattern": "^(.*)$" + }, + "hash-content": { + "type": "string", + "title": "Hash Content (value)", + "default": "", + "examples": ["3942447fac867ae5cdb3229b658f4d48"], + "pattern": "^([a-fA-F0-9]{32}|[a-fA-F0-9]{40}|[a-fA-F0-9]{64}|[a-fA-F0-9]{96}|[a-fA-F0-9]{128})$" + }, + "license": { + "type": "object", + "title": "License Object", + "oneOf": [ + { + "required": ["id"] + }, + { + "required": ["name"] + } + ], + "additionalProperties": false, + "properties": { + "id": { + "$ref": "spdx.SNAPSHOT.schema.json", + "title": "License ID (SPDX)", + "description": "A valid SPDX license ID", + "examples": ["Apache-2.0"] + }, + "name": { + "type": "string", + "title": "License Name", + "description": "If SPDX does not define the license used, this field may be used to provide the license name", + "default": "", + "examples": ["Acme Software License"], + "pattern": "^(.*)$" + }, + "text": { + "title": "License text", + "description": "An optional way to include the textual content of a license.", + "$ref": "#/definitions/attachment" + }, + "url": { + "type": "string", + "title": "License URL", + "description": "The URL to the license file. If specified, a 'license' externalReference should also be specified for completeness", + "examples": ["https://www.apache.org/licenses/LICENSE-2.0.txt"], + "pattern": "^(.*)$" + } + } + }, + "commit": { + "type": "object", + "title": "Commit", + "description": "Specifies an individual commit", + "additionalProperties": false, + "properties": { + "uid": { + "type": "string", + "title": "UID", + "description": "A unique identifier of the commit. This may be version control specific. For example, Subversion uses revision numbers whereas git uses commit hashes.", + "pattern": "^(.*)$" + }, + "url": { + "type": "string", + "title": "URL", + "description": "The URL to the commit. This URL will typically point to a commit in a version control system.", + "format": "iri-reference" + }, + "author": { + "title": "Author", + "description": "The author who created the changes in the commit", + "$ref": "#/definitions/identifiableAction" + }, + "committer": { + "title": "Committer", + "description": "The person who committed or pushed the commit", + "$ref": "#/definitions/identifiableAction" + }, + "message": { + "type": "string", + "title": "Message", + "description": "The text description of the contents of the commit", + "pattern": "^(.*)$" + } + } + }, + "patch": { + "type": "object", + "title": "Patch", + "description": "Specifies an individual patch", + "required": [ + "type" + ], + "additionalProperties": false, + "properties": { + "type": { + "type": "string", + "enum": [ + "unofficial", + "monkey", + "backport", + "cherry-pick" + ], + "title": "Type", + "description": "Specifies the purpose for the patch including the resolution of defects, security issues, or new behavior or functionality" + }, + "diff": { + "title": "Diff", + "description": "The patch file (or diff) that show changes. Refer to https://en.wikipedia.org/wiki/Diff", + "$ref": "#/definitions/diff" + }, + "resolves": { + "type": "array", + "items": {"$ref": "#/definitions/issue"}, + "title": "Resolves", + "description": "A collection of issues the patch resolves" + } + } + }, + "diff": { + "type": "object", + "title": "Diff", + "description": "The patch file (or diff) that show changes. Refer to https://en.wikipedia.org/wiki/Diff", + "additionalProperties": false, + "properties": { + "text": { + "title": "Diff text", + "description": "Specifies the optional text of the diff", + "$ref": "#/definitions/attachment" + }, + "url": { + "type": "string", + "title": "URL", + "description": "Specifies the URL to the diff", + "pattern": "^(.*)$" + } + } + }, + "issue": { + "type": "object", + "title": "Diff", + "description": "The patch file (or diff) that show changes. Refer to https://en.wikipedia.org/wiki/Diff", + "required": [ + "type" + ], + "additionalProperties": false, + "properties": { + "type": { + "type": "string", + "enum": [ + "defect", + "enhancement", + "security" + ], + "title": "Type", + "description": "Specifies the type of issue" + }, + "id": { + "type": "string", + "title": "ID", + "description": "The identifier of the issue assigned by the source of the issue", + "pattern": "^(.*)$" + }, + "name": { + "type": "string", + "title": "Name", + "description": "The name of the issue", + "pattern": "^(.*)$" + }, + "description": { + "type": "string", + "title": "Description", + "description": "A description of the issue", + "pattern": "^(.*)$" + }, + "source": { + "type": "object", + "title": "Source", + "description": "The source of the issue where it is documented", + "additionalProperties": false, + "properties": { + "name": { + "type": "string", + "title": "Name", + "description": "The name of the source. For example 'National Vulnerability Database', 'NVD', and 'Apache'", + "pattern": "^(.*)$" + }, + "url": { + "type": "string", + "title": "URL", + "description": "The url of the issue documentation as provided by the source", + "pattern": "^(.*)$" + } + } + }, + "references": { + "type": "array", + "title": "References", + "description": "A collection of URL's for reference. Multiple URLs are allowed.", + "default": "", + "examples": ["https://example.com"], + "pattern": "^(.*)$" + } + } + }, + "identifiableAction": { + "type": "object", + "title": "Identifiable Action", + "description": "Specifies an individual commit", + "additionalProperties": false, + "properties": { + "timestamp": { + "type": "string", + "format": "date-time", + "title": "Timestamp", + "description": "The timestamp in which the action occurred" + }, + "name": { + "type": "string", + "title": "Name", + "description": "The name of the individual who performed the action", + "pattern": "^(.*)$" + }, + "email": { + "type": "string", + "format": "idn-email", + "title": "E-mail", + "description": "The email address of the individual who performed the action" + } + } + }, + "externalReference": { + "type": "object", + "title": "External Reference", + "description": "Specifies an individual external reference", + "required": [ + "url", + "type" + ], + "additionalProperties": false, + "properties": { + "url": { + "type": "string", + "title": "URL", + "description": "The URL to the external reference", + "pattern": "^(.*)$" + }, + "comment": { + "type": "string", + "title": "Comment", + "description": "An optional comment describing the external reference", + "pattern": "^(.*)$" + }, + "type": { + "type": "string", + "title": "Type", + "description": "Specifies the type of external reference. There are built-in types to describe common references. If a type does not exist for the reference being referred to, use the \"other\" type.", + "enum": [ + "vcs", + "issue-tracker", + "website", + "advisories", + "bom", + "mailing-list", + "social", + "chat", + "documentation", + "support", + "distribution", + "license", + "build-meta", + "build-system", + "other" + ] + } + } + }, + "dependency": { + "type": "object", + "title": "Dependency", + "description": "Defines the direct dependencies of a component. Components that do not have their own dependencies MUST be declared as empty elements within the graph. Components that are not represented in the dependency graph MAY have unknown dependencies. It is RECOMMENDED that implementations assume this to be opaque and not an indicator of a component being dependency-free.", + "required": [ + "ref" + ], + "additionalProperties": false, + "properties": { + "ref": { + "type": "string", + "format": "string", + "title": "Reference", + "description": "References a component by the components bom-ref attribute" + }, + "dependsOn": { + "type": "array", + "uniqueItems": true, + "items": { + "type": "string" + }, + "title": "Depends On", + "description": "The bom-ref identifiers of the components that are dependencies of this dependency object." + } + } + }, + "service": { + "type": "object", + "title": "Service Object", + "required": [ + "name" + ], + "additionalProperties": false, + "properties": { + "bom-ref": { + "type": "string", + "title": "BOM Reference", + "description": "An optional identifier which can be used to reference the service elsewhere in the BOM. Every bom-ref should be unique.", + "default": "", + "pattern": "^(.*)$" + }, + "provider": { + "title": "Provider", + "description": "The organization that provides the service.", + "$ref": "#/definitions/organizationalEntity" + }, + "group": { + "type": "string", + "title": "Service Group", + "description": "The grouping name, namespace, or identifier. This will often be a shortened, single name of the company or project that produced the service or domain name. Whitespace and special characters should be avoided.", + "default": "", + "examples": ["com.acme"], + "pattern": "^(.*)$" + }, + "name": { + "type": "string", + "title": "Service Name", + "description": "The name of the service. This will often be a shortened, single name of the service.", + "default": "", + "examples": ["ticker-service"], + "pattern": "^(.*)$" + }, + "version": { + "type": "string", + "title": "Service Version", + "description": "The service version.", + "default": "", + "examples": ["1.0.0"], + "pattern": "^(.*)$" + }, + "description": { + "type": "string", + "title": "Service Description", + "description": "Specifies a description for the service", + "default": "", + "pattern": "^(.*)$" + }, + "endpoints": { + "type": "array", + "title": "Endpoints", + "description": "The endpoint URIs of the service. Multiple endpoints are allowed.", + "default": "", + "examples": ["https://example.com/api/v1/ticker"], + "pattern": "^(.*)$" + }, + "authenticated": { + "type": "boolean", + "title": "Authentication Required", + "description": "A boolean value indicating if the service requires authentication. A value of true indicates the service requires authentication prior to use. A value of false indicates the service does not require authentication." + }, + "x-trust-boundary": { + "type": "boolean", + "title": "Crosses Trust Boundary", + "description": "A boolean value indicating if use of the service crosses a trust zone or boundary. A value of true indicates that by using the service, a trust boundary is crossed. A value of false indicates that by using the service, a trust boundary is not crossed." + }, + "data": { + "type": "array", + "items": {"$ref": "#/definitions/dataClassification"}, + "title": "Data Classification", + "description": "Specifies the data classification." + }, + "licenses": { + "type": "array", + "title": "Component License(s)", + "items": { + "additionalProperties": false, + "properties": { + "license": { + "$ref": "#/definitions/license" + }, + "expression": { + "type": "string", + "title": "SPDX License Expression", + "examples": [ + "Apache-2.0 AND (MIT OR GPL-2.0-only)", + "GPL-3.0-only WITH Classpath-exception-2.0" + ], + "pattern": "^(.*)$" + } + }, + "oneOf":[ + { + "required": ["license"] + }, + { + "required": ["expression"] + } + ] + } + }, + "externalReferences": { + "type": "array", + "items": {"$ref": "#/definitions/externalReference"}, + "title": "External References" + }, + "services": { + "$id": "#/definitions/service/properties/services", + "type": "array", + "items": {"$ref": "#/definitions/service"}, + "uniqueItems": true, + "title": "Services" + } + } + }, + "dataClassification": { + "type": "object", + "title": "Hash Objects", + "required": [ + "flow", + "classification" + ], + "additionalProperties": false, + "properties": { + "flow": { + "$ref": "#/definitions/dataFlow" + }, + "classification": { + "type": "string" + } + } + }, + "dataFlow": { + "type": "string", + "enum": [ + "inbound", + "outbound", + "bi-directional", + "unknown" + ], + "title": "Data flow direction", + "default": "", + "pattern": "^(.*)$" + } + } +} diff --git a/res/bom-1.2.SNAPSHOT.schema.json b/res/bom-1.2.SNAPSHOT.schema.json new file mode 100644 index 000000000..f09a681cd --- /dev/null +++ b/res/bom-1.2.SNAPSHOT.schema.json @@ -0,0 +1,997 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "http://cyclonedx.org/schema/bom-1.2b.schema.json", + "type": "object", + "title": "CycloneDX Software Bill-of-Material Specification", + "$comment" : "CycloneDX JSON schema is published under the terms of the Apache License 2.0.", + "required": [ + "bomFormat", + "specVersion", + "version" + ], + "properties": { + "bomFormat": { + "$id": "#/properties/bomFormat", + "type": "string", + "title": "BOM Format", + "description": "Specifies the format of the BOM. This helps to identify the file as CycloneDX since BOMs do not have a filename convention nor does JSON schema support namespaces.", + "enum": [ + "CycloneDX" + ] + }, + "specVersion": { + "$id": "#/properties/specVersion", + "type": "string", + "title": "CycloneDX Specification Version", + "description": "The version of the CycloneDX specification a BOM is written to (starting at version 1.2)", + "examples": ["1.2"] + }, + "serialNumber": { + "$id": "#/properties/serialNumber", + "type": "string", + "title": "BOM Serial Number", + "description": "Every BOM generated should have a unique serial number, even if the contents of the BOM being generated have not changed over time. The process or tool responsible for creating the BOM should create random UUID's for every BOM generated.", + "default": "", + "examples": ["urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79"], + "pattern": "^urn:uuid:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$" + }, + "version": { + "$id": "#/properties/version", + "type": "integer", + "title": "BOM Version", + "description": "The version allows component publishers/authors to make changes to existing BOMs to update various aspects of the document such as description or licenses. When a system is presented with multiple BOMs for the same component, the system should use the most recent version of the BOM. The default version is '1' and should be incremented for each version of the BOM that is published. Each version of a component should have a unique BOM and if no changes are made to the BOMs, then each BOM will have a version of '1'.", + "default": 1, + "examples": [1] + }, + "metadata": { + "$id": "#/properties/metadata", + "$ref": "#/definitions/metadata", + "title": "BOM Metadata", + "description": "Provides additional information about a BOM." + }, + "components": { + "$id": "#/properties/components", + "type": "array", + "items": {"$ref": "#/definitions/component"}, + "uniqueItems": true, + "title": "Components" + }, + "services": { + "$id": "#/properties/services", + "type": "array", + "items": {"$ref": "#/definitions/service"}, + "uniqueItems": true, + "title": "Services" + }, + "externalReferences": { + "$id": "#/properties/externalReferences", + "type": "array", + "items": {"$ref": "#/definitions/externalReference"}, + "title": "External References", + "description": "External references provide a way to document systems, sites, and information that may be relevant but which are not included with the BOM." + }, + "dependencies": { + "$id": "#/properties/dependencies", + "type": "array", + "items": {"$ref": "#/definitions/dependency"}, + "uniqueItems": true, + "title": "Dependencies", + "description": "Provides the ability to document dependency relationships." + } + }, + "definitions": { + "metadata": { + "type": "object", + "title": "BOM Metadata Object", + "properties": { + "timestamp": { + "type": "string", + "format": "date-time", + "title": "Timestamp", + "description": "The date and time (timestamp) when the document was created." + }, + "tools": { + "type": "array", + "title": "Creation Tools", + "description": "The tool(s) used in the creation of the BOM.", + "items": {"$ref": "#/definitions/tool"} + }, + "authors" :{ + "type": "array", + "title": "Authors", + "description": "The person(s) who created the BOM. Authors are common in BOMs created through manual processes. BOMs created through automated means may not have authors.", + "items": {"$ref": "#/definitions/organizationalContact"} + }, + "component": { + "title": "Component", + "description": "The component that the BOM describes.", + "$ref": "#/definitions/component" + }, + "manufacture": { + "title": "Manufacture", + "description": "The organization that manufactured the component that the BOM describes.", + "$ref": "#/definitions/organizationalEntity" + }, + "supplier": { + "title": "Supplier", + "description": " The organization that supplied the component that the BOM describes. The supplier may often be the manufacture, but may also be a distributor or repackager.", + "$ref": "#/definitions/organizationalEntity" + } + } + }, + "tool": { + "type": "object", + "title": "Tool", + "description": "The tool used to create the BOM.", + "properties": { + "vendor": { + "type": "string", + "format": "string", + "title": "Tool Vendor", + "description": "The date and time (timestamp) when the document was created." + }, + "name": { + "type": "string", + "format": "string", + "title": "Tool Name", + "description": "The date and time (timestamp) when the document was created." + }, + "version": { + "type": "string", + "format": "string", + "title": "Tool Version", + "description": "The date and time (timestamp) when the document was created." + }, + "hashes": { + "$id": "#/definitions/tool/properties/hashes", + "type": "array", + "items": {"$ref": "#/definitions/hash"}, + "title": "Hashes", + "description": "The hashes of the tool (if applicable)." + } + } + }, + "organizationalEntity": { + "type": "object", + "title": "Organizational Entity Object", + "description": "", + "properties": { + "name": { + "type": "string", + "title": "Name", + "description": "The name of the organization", + "default": "", + "examples": [ + "Example Inc." + ], + "pattern": "^(.*)$" + }, + "url": { + "type": "array", + "title": "URL", + "description": "The URL of the organization. Multiple URLs are allowed.", + "default": "", + "examples": ["https://example.com"], + "pattern": "^(.*)$" + }, + "contact": { + "type": "array", + "title": "Contact", + "description": "A contact at the organization. Multiple contacts are allowed.", + "items": {"$ref": "#/definitions/organizationalContact"} + } + } + }, + "organizationalContact": { + "type": "object", + "title": "Organizational Contact Object", + "description": "", + "properties": { + "name": { + "type": "string", + "title": "Name", + "description": "The name of a contact", + "default": "", + "examples": ["Contact name"], + "pattern": "^(.*)$" + }, + "email": { + "type": "string", + "title": "Email Address", + "description": "The email address of the contact. Multiple email addresses are allowed.", + "default": "", + "examples": ["firstname.lastname@example.com"], + "pattern": "^(.*)$" + }, + "phone": { + "type": "string", + "title": "Phone", + "description": "The phone number of the contact. Multiple phone numbers are allowed.", + "default": "", + "examples": ["800-555-1212"], + "pattern": "^(.*)$" + } + } + }, + "component": { + "type": "object", + "title": "Component Object", + "required": [ + "type", + "name", + "version" + ], + "properties": { + "type": { + "type": "string", + "enum": [ + "application", + "framework", + "library", + "container", + "operating-system", + "device", + "firmware", + "file" + ], + "title": "Component Type", + "description": "Specifies the type of component. For software components, classify as application if no more specific appropriate classification is available or cannot be determined for the component.", + "default": "", + "examples": ["library"], + "pattern": "^(.*)$" + }, + "mime-type": { + "type": "string", + "title": "Mime-Type", + "description": "The optional mime-type of the component. When used on file components, the mime-type can provide additional context about the kind of file being represented such as an image, font, or executable. Some library or framework components may also have an associated mime-type.", + "default": "", + "examples": ["image/jpeg"], + "pattern": "^[-+a-z0-9.]+/[-+a-z0-9.]+$" + }, + "bom-ref": { + "type": "string", + "title": "BOM Reference", + "description": "An optional identifier which can be used to reference the component elsewhere in the BOM. Every bom-ref should be unique.", + "default": "", + "pattern": "^(.*)$" + }, + "supplier": { + "title": "Component Supplier", + "description": " The organization that supplied the component. The supplier may often be the manufacture, but may also be a distributor or repackager.", + "$ref": "#/definitions/organizationalEntity" + }, + "author": { + "type": "string", + "title": "Component Author", + "description": "The person(s) or organization(s) that authored the component", + "default": "", + "examples": ["Acme Inc"], + "pattern": "^(.*)$" + }, + "publisher": { + "type": "string", + "title": "Component Publisher", + "description": "The person(s) or organization(s) that published the component", + "default": "", + "examples": ["Acme Inc"], + "pattern": "^(.*)$" + }, + "group": { + "type": "string", + "title": "Component Group", + "description": "The grouping name or identifier. This will often be a shortened, single name of the company or project that produced the component, or the source package or domain name. Whitespace and special characters should be avoided. Examples include: apache, org.apache.commons, and apache.org.", + "default": "", + "examples": ["com.acme"], + "pattern": "^(.*)$" + }, + "name": { + "type": "string", + "title": "Component Name", + "description": "The name of the component. This will often be a shortened, single name of the component. Examples: commons-lang3 and jquery", + "default": "", + "examples": ["tomcat-catalina"], + "pattern": "^(.*)$" + }, + "version": { + "type": "string", + "title": "Component Version", + "description": "The component version. The version should ideally comply with semantic versioning but is not enforced.", + "default": "", + "examples": ["9.0.14"], + "pattern": "^(.*)$" + }, + "description": { + "type": "string", + "title": "Component Description", + "description": "Specifies a description for the component", + "default": "", + "pattern": "^(.*)$" + }, + "scope": { + "type": "string", + "enum": [ + "required", + "optional", + "excluded" + ], + "title": "Component Scope", + "description": "Specifies the scope of the component. If scope is not specified, 'required' scope should be assumed by the consumer of the BOM", + "default": "required", + "pattern": "^(.*)$" + }, + "hashes": { + "type": "array", + "title": "Component Hashes", + "items": {"$ref": "#/definitions/hash"} + }, + "licenses": { + "type": "array", + "title": "Component License(s)", + "items": { + "properties": { + "license": { + "$ref": "#/definitions/license" + }, + "expression": { + "type": "string", + "title": "SPDX License Expression", + "examples": [ + "Apache-2.0 AND (MIT OR GPL-2.0-only)", + "GPL-3.0-only WITH Classpath-exception-2.0" + ], + "pattern": "^(.*)$" + } + }, + "oneOf":[ + { + "required": ["license"] + }, + { + "required": ["expression"] + } + ] + } + }, + "copyright": { + "type": "string", + "title": "Component Copyright", + "description": "An optional copyright notice informing users of the underlying claims to copyright ownership in a published work.", + "examples": ["Acme Inc"], + "pattern": "^(.*)$" + }, + "cpe": { + "type": "string", + "title": "Component Common Platform Enumeration (CPE)", + "description": "DEPRECATED - DO NOT USE. This will be removed in a future version. Specifies a well-formed CPE name. See https://nvd.nist.gov/products/cpe", + "examples": ["cpe:2.3:a:acme:component_framework:-:*:*:*:*:*:*:*"], + "pattern": "^(.*)$" + }, + "purl": { + "type": "string", + "title": "Component Package URL (purl)", + "default": "", + "examples": ["pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar"], + "pattern": "^(.*)$" + }, + "swid": { + "$ref": "#/definitions/swid", + "title": "SWID Tag", + "description": "Specifies metadata and content for ISO-IEC 19770-2 Software Identification (SWID) Tags." + }, + "modified": { + "type": "boolean", + "title": "Component Modified From Original", + "description": "DEPRECATED - DO NOT USE. This will be removed in a future version. Use the pedigree element instead to supply information on exactly how the component was modified. A boolean value indicating is the component has been modified from the original. A value of true indicates the component is a derivative of the original. A value of false indicates the component has not been modified from the original." + }, + "pedigree": { + "type": "object", + "title": "Component Pedigree", + "description": "Component pedigree is a way to document complex supply chain scenarios where components are created, distributed, modified, redistributed, combined with other components, etc. Pedigree supports viewing this complex chain from the beginning, the end, or anywhere in the middle. It also provides a way to document variants where the exact relation may not be known.", + "properties": { + "ancestors": { + "type": "array", + "title": "Ancestors", + "description": "Describes zero or more components in which a component is derived from. This is commonly used to describe forks from existing projects where the forked version contains a ancestor node containing the original component it was forked from. For example, Component A is the original component. Component B is the component being used and documented in the BOM. However, Component B contains a pedigree node with a single ancestor documenting Component A - the original component from which Component B is derived from.", + "items": {"$ref": "#/definitions/component"} + }, + "descendants": { + "type": "array", + "title": "Descendants", + "description": "Descendants are the exact opposite of ancestors. This provides a way to document all forks (and their forks) of an original or root component.", + "items": {"$ref": "#/definitions/component"} + }, + "variants": { + "type": "array", + "title": "Variants", + "description": "Variants describe relations where the relationship between the components are not known. For example, if Component A contains nearly identical code to Component B. They are both related, but it is unclear if one is derived from the other, or if they share a common ancestor.", + "items": {"$ref": "#/definitions/component"} + }, + "commits": { + "type": "array", + "title": "Commits", + "description": "A list of zero or more commits which provide a trail describing how the component deviates from an ancestor, descendant, or variant.", + "items": {"$ref": "#/definitions/commit"} + }, + "patches": { + "type": "array", + "title": "Patches", + "description": ">A list of zero or more patches describing how the component deviates from an ancestor, descendant, or variant. Patches may be complimentary to commits or may be used in place of commits.", + "items": {"$ref": "#/definitions/patch"} + }, + "notes": { + "type": "string", + "title": "Notes", + "description": "Notes, observations, and other non-structured commentary describing the components pedigree.", + "pattern": "^(.*)$" + } + } + }, + "externalReferences": { + "type": "array", + "items": {"$ref": "#/definitions/externalReference"}, + "title": "External References" + }, + "components": { + "$id": "#/definitions/component/properties/components", + "type": "array", + "items": {"$ref": "#/definitions/component"}, + "uniqueItems": true, + "title": "Components" + } + } + }, + "swid": { + "type": "object", + "title": "SWID Tag", + "description": "Specifies metadata and content for ISO-IEC 19770-2 Software Identification (SWID) Tags.", + "required": [ + "tagId", + "name" + ], + "properties": { + "tagId": { + "type": "string", + "title": "Tag ID", + "description": "Maps to the tagId of a SoftwareIdentity." + }, + "name": { + "type": "string", + "title": "Name", + "description": "Maps to the name of a SoftwareIdentity." + }, + "version": { + "type": "string", + "title": "Version", + "default": "0.0", + "description": "Maps to the version of a SoftwareIdentity." + }, + "tagVersion": { + "type": "integer", + "title": "Tag Version", + "default": 0, + "description": "Maps to the tagVersion of a SoftwareIdentity." + }, + "patch": { + "type": "boolean", + "title": "Patch", + "default": false, + "description": "Maps to the patch of a SoftwareIdentity." + }, + "text": { + "title": "Attachment text", + "description": "Specifies the metadata and content of the SWID tag.", + "$ref": "#/definitions/attachment" + }, + "url": { + "type": "string", + "title": "URL", + "default": "The URL to the SWID file.", + "pattern": "^(.*)$" + } + } + }, + "attachment": { + "type": "object", + "title": "Attachment", + "description": "Specifies the metadata and content for an attachment.", + "required": [ + "content" + ], + "properties": { + "contentType": { + "type": "string", + "title": "Content-Type", + "description": "Specifies the content type of the text. Defaults to text/plain if not specified.", + "default": "text/plain" + }, + "encoding": { + "type": "string", + "title": "Encoding", + "description": "Specifies the optional encoding the text is represented in.", + "enum": [ + "base64" + ], + "default": "", + "pattern": "^(.*)$" + }, + "content": { + "type": "string", + "title": "Attachment Text", + "description": "The attachment data" + } + } + }, + "hash": { + "type": "object", + "title": "Hash Objects", + "required": [ + "alg", + "content" + ], + "properties": { + "alg": { + "$ref": "#/definitions/hash-alg" + }, + "content": { + "$ref": "#/definitions/hash-content" + } + } + }, + "hash-alg": { + "type": "string", + "enum": [ + "MD5", + "SHA-1", + "SHA-256", + "SHA-384", + "SHA-512", + "SHA3-256", + "SHA3-384", + "SHA3-512", + "BLAKE2b-256", + "BLAKE2b-384", + "BLAKE2b-512", + "BLAKE3" + ], + "title": "Hash Algorithm", + "default": "", + "pattern": "^(.*)$" + }, + "hash-content": { + "type": "string", + "title": "Hash Content (value)", + "default": "", + "examples": ["3942447fac867ae5cdb3229b658f4d48"], + "pattern": "^([a-fA-F0-9]{32}|[a-fA-F0-9]{40}|[a-fA-F0-9]{64}|[a-fA-F0-9]{96}|[a-fA-F0-9]{128})$" + }, + "license": { + "type": "object", + "title": "License Object", + "oneOf": [ + { + "required": ["id"] + }, + { + "required": ["name"] + } + ], + "properties": { + "id": { + "$ref": "spdx.SNAPSHOT.schema.json", + "title": "License ID (SPDX)", + "description": "A valid SPDX license ID", + "examples": ["Apache-2.0"] + }, + "name": { + "type": "string", + "title": "License Name", + "description": "If SPDX does not define the license used, this field may be used to provide the license name", + "default": "", + "examples": ["Acme Software License"], + "pattern": "^(.*)$" + }, + "text": { + "title": "License text", + "description": "An optional way to include the textual content of a license.", + "$ref": "#/definitions/attachment" + }, + "url": { + "type": "string", + "title": "License URL", + "description": "The URL to the license file. If specified, a 'license' externalReference should also be specified for completeness", + "examples": ["https://www.apache.org/licenses/LICENSE-2.0.txt"], + "pattern": "^(.*)$" + } + } + }, + "commit": { + "type": "object", + "title": "Commit", + "description": "Specifies an individual commit", + "properties": { + "uid": { + "type": "string", + "title": "UID", + "description": "A unique identifier of the commit. This may be version control specific. For example, Subversion uses revision numbers whereas git uses commit hashes.", + "pattern": "^(.*)$" + }, + "url": { + "type": "string", + "title": "URL", + "description": "The URL to the commit. This URL will typically point to a commit in a version control system.", + "format": "iri-reference" + }, + "author": { + "title": "Author", + "description": "The author who created the changes in the commit", + "$ref": "#/definitions/identifiableAction" + }, + "committer": { + "title": "Committer", + "description": "The person who committed or pushed the commit", + "$ref": "#/definitions/identifiableAction" + }, + "message": { + "type": "string", + "title": "Message", + "description": "The text description of the contents of the commit", + "pattern": "^(.*)$" + } + } + }, + "patch": { + "type": "object", + "title": "Patch", + "description": "Specifies an individual patch", + "required": [ + "type" + ], + "properties": { + "type": { + "type": "string", + "enum": [ + "unofficial", + "monkey", + "backport", + "cherry-pick" + ], + "title": "Type", + "description": "Specifies the purpose for the patch including the resolution of defects, security issues, or new behavior or functionality" + }, + "diff": { + "title": "Diff", + "description": "The patch file (or diff) that show changes. Refer to https://en.wikipedia.org/wiki/Diff", + "$ref": "#/definitions/diff" + }, + "resolves": { + "type": "array", + "items": {"$ref": "#/definitions/issue"}, + "title": "Resolves", + "description": "A collection of issues the patch resolves" + } + } + }, + "diff": { + "type": "object", + "title": "Diff", + "description": "The patch file (or diff) that show changes. Refer to https://en.wikipedia.org/wiki/Diff", + "properties": { + "text": { + "title": "Diff text", + "description": "Specifies the optional text of the diff", + "$ref": "#/definitions/attachment" + }, + "url": { + "type": "string", + "title": "URL", + "description": "Specifies the URL to the diff", + "pattern": "^(.*)$" + } + } + }, + "issue": { + "type": "object", + "title": "Diff", + "description": "The patch file (or diff) that show changes. Refer to https://en.wikipedia.org/wiki/Diff", + "required": [ + "type" + ], + "properties": { + "type": { + "type": "string", + "enum": [ + "defect", + "enhancement", + "security" + ], + "title": "Type", + "description": "Specifies the type of issue" + }, + "id": { + "type": "string", + "title": "ID", + "description": "The identifier of the issue assigned by the source of the issue", + "pattern": "^(.*)$" + }, + "name": { + "type": "string", + "title": "Name", + "description": "The name of the issue", + "pattern": "^(.*)$" + }, + "description": { + "type": "string", + "title": "Description", + "description": "A description of the issue", + "pattern": "^(.*)$" + }, + "source": { + "type": "object", + "title": "Source", + "description": "The source of the issue where it is documented", + "properties": { + "name": { + "type": "string", + "title": "Name", + "description": "The name of the source. For example 'National Vulnerability Database', 'NVD', and 'Apache'", + "pattern": "^(.*)$" + }, + "url": { + "type": "string", + "title": "URL", + "description": "The url of the issue documentation as provided by the source", + "pattern": "^(.*)$" + } + } + }, + "references": { + "type": "array", + "title": "References", + "description": "A collection of URL's for reference. Multiple URLs are allowed.", + "default": "", + "examples": ["https://example.com"], + "pattern": "^(.*)$" + } + } + }, + "identifiableAction": { + "type": "object", + "title": "Identifiable Action", + "description": "Specifies an individual commit", + "properties": { + "timestamp": { + "type": "string", + "format": "date-time", + "title": "Timestamp", + "description": "The timestamp in which the action occurred" + }, + "name": { + "type": "string", + "title": "Name", + "description": "The name of the individual who performed the action", + "pattern": "^(.*)$" + }, + "email": { + "type": "string", + "format": "idn-email", + "title": "E-mail", + "description": "The email address of the individual who performed the action" + } + } + }, + "externalReference": { + "type": "object", + "title": "External Reference", + "description": "Specifies an individual external reference", + "required": [ + "url", + "type" + ], + "properties": { + "url": { + "type": "string", + "title": "URL", + "description": "The URL to the external reference", + "pattern": "^(.*)$" + }, + "comment": { + "type": "string", + "title": "Comment", + "description": "An optional comment describing the external reference", + "pattern": "^(.*)$" + }, + "type": { + "type": "string", + "title": "Type", + "description": "Specifies the type of external reference. There are built-in types to describe common references. If a type does not exist for the reference being referred to, use the \"other\" type.", + "enum": [ + "vcs", + "issue-tracker", + "website", + "advisories", + "bom", + "mailing-list", + "social", + "chat", + "documentation", + "support", + "distribution", + "license", + "build-meta", + "build-system", + "other" + ] + } + } + }, + "dependency": { + "type": "object", + "title": "Dependency", + "description": "Defines the direct dependencies of a component. Components that do not have their own dependencies MUST be declared as empty elements within the graph. Components that are not represented in the dependency graph MAY have unknown dependencies. It is RECOMMENDED that implementations assume this to be opaque and not an indicator of a component being dependency-free.", + "required": [ + "ref" + ], + "properties": { + "ref": { + "type": "string", + "format": "string", + "title": "Reference", + "description": "References a component by the components bom-ref attribute" + }, + "dependsOn": { + "type": "array", + "uniqueItems": true, + "items": { + "type": "string" + }, + "title": "Depends On", + "description": "The bom-ref identifiers of the components that are dependencies of this dependency object." + } + } + }, + "service": { + "type": "object", + "title": "Service Object", + "required": [ + "name" + ], + "properties": { + "bom-ref": { + "type": "string", + "title": "BOM Reference", + "description": "An optional identifier which can be used to reference the service elsewhere in the BOM. Every bom-ref should be unique.", + "default": "", + "pattern": "^(.*)$" + }, + "provider": { + "title": "Provider", + "description": "The organization that provides the service.", + "$ref": "#/definitions/organizationalEntity" + }, + "group": { + "type": "string", + "title": "Service Group", + "description": "The grouping name, namespace, or identifier. This will often be a shortened, single name of the company or project that produced the service or domain name. Whitespace and special characters should be avoided.", + "default": "", + "examples": ["com.acme"], + "pattern": "^(.*)$" + }, + "name": { + "type": "string", + "title": "Service Name", + "description": "The name of the service. This will often be a shortened, single name of the service.", + "default": "", + "examples": ["ticker-service"], + "pattern": "^(.*)$" + }, + "version": { + "type": "string", + "title": "Service Version", + "description": "The service version.", + "default": "", + "examples": ["1.0.0"], + "pattern": "^(.*)$" + }, + "description": { + "type": "string", + "title": "Service Description", + "description": "Specifies a description for the service", + "default": "", + "pattern": "^(.*)$" + }, + "endpoints": { + "type": "array", + "title": "Endpoints", + "description": "The endpoint URIs of the service. Multiple endpoints are allowed.", + "default": "", + "examples": ["https://example.com/api/v1/ticker"], + "pattern": "^(.*)$" + }, + "authenticated": { + "type": "boolean", + "title": "Authentication Required", + "description": "A boolean value indicating if the service requires authentication. A value of true indicates the service requires authentication prior to use. A value of false indicates the service does not require authentication." + }, + "x-trust-boundary": { + "type": "boolean", + "title": "Crosses Trust Boundary", + "description": "A boolean value indicating if use of the service crosses a trust zone or boundary. A value of true indicates that by using the service, a trust boundary is crossed. A value of false indicates that by using the service, a trust boundary is not crossed." + }, + "data": { + "type": "array", + "items": {"$ref": "#/definitions/dataClassification"}, + "title": "Data Classification", + "description": "Specifies the data classification." + }, + "licenses": { + "type": "array", + "title": "Component License(s)", + "items": { + "properties": { + "license": { + "$ref": "#/definitions/license" + }, + "expression": { + "type": "string", + "title": "SPDX License Expression", + "examples": [ + "Apache-2.0 AND (MIT OR GPL-2.0-only)", + "GPL-3.0-only WITH Classpath-exception-2.0" + ], + "pattern": "^(.*)$" + } + }, + "oneOf":[ + { + "required": ["license"] + }, + { + "required": ["expression"] + } + ] + } + }, + "externalReferences": { + "type": "array", + "items": {"$ref": "#/definitions/externalReference"}, + "title": "External References" + }, + "services": { + "$id": "#/definitions/service/properties/services", + "type": "array", + "items": {"$ref": "#/definitions/service"}, + "uniqueItems": true, + "title": "Services" + } + } + }, + "dataClassification": { + "type": "object", + "title": "Hash Objects", + "required": [ + "flow", + "classification" + ], + "properties": { + "flow": { + "$ref": "#/definitions/dataFlow" + }, + "classification": { + "type": "string" + } + } + }, + "dataFlow": { + "type": "string", + "enum": [ + "inbound", + "outbound", + "bi-directional", + "unknown" + ], + "title": "Data flow direction", + "default": "", + "pattern": "^(.*)$" + } + } +} diff --git a/res/bom-1.2.SNAPSHOT.xsd b/res/bom-1.2.SNAPSHOT.xsd new file mode 100644 index 000000000..26c06f854 --- /dev/null +++ b/res/bom-1.2.SNAPSHOT.xsd @@ -0,0 +1,1418 @@ + + + + + + + + + CycloneDX Software Bill-of-Material Specification + https://cyclonedx.org/ + Apache License, Version 2.0 + + Steve Springett + + + + + + + + + The date and time (timestamp) when the document was created. + + + + + The tool(s) used in the creation of the BOM. + + + + + + + + + + The person(s) who created the BOM. Authors are common in BOMs created through + manual processes. BOMs created through automated means may not have authors. + + + + + + + + + + The component that the BOM describes. + + + + + The organization that manufactured the component that the BOM describes. + + + + + The organization that supplied the component that the BOM describes. The + supplier may often be the manufacture, but may also be a distributor or repackager. + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + The name of the organization + + + + + The URL of the organization. Multiple URLs are allowed. + + + + + A contact person at the organization. Multiple contacts are allowed. + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + Specifies a tool (manual or automated). + + + + + The vendor of the tool used to create the BOM. + + + + + The name of the tool used to create the BOM. + + + + + The version of the tool used to create the BOM. + + + + + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + The name of the contact + + + + + The email address of the contact. Multiple email addresses are allowed. + + + + + The phone number of the contact. Multiple phone numbers are allowed. + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + The organization that supplied the component. The supplier may often + be the manufacture, but may also be a distributor or repackager. + + + + + The person(s) or organization(s) that authored the component + + + + + The person(s) or organization(s) that published the component + + + + + The grouping name or identifier. This will often be a shortened, single + name of the company or project that produced the component, or the source package or + domain name. Whitespace and special characters should be avoided. Examples include: + apache, org.apache.commons, and apache.org. + + + + + The name of the component. This will often be a shortened, single name + of the component. Examples: commons-lang3 and jquery + + + + + The component version. The version should ideally comply with semantic versioning + but is not enforced. + + + + + Specifies a description for the component + + + + + Specifies the scope of the component. If scope is not specified, 'runtime' + scope should be assumed by the consumer of the BOM + + + + + + + + + + + + + + + + A valid SPDX license expression. + Refer to https://spdx.org/specifications for syntax requirements + + + + + + + + An optional copyright notice informing users of the underlying claims to + copyright ownership in a published work. + + + + + + DEPRECATED - DO NOT USE. This will be removed in a future version. + Specifies a well-formed CPE name. See https://nvd.nist.gov/products/cpe + + + + + + + Specifies the package-url (PURL). The purl, if specified, must be valid and conform + to the specification defined at: https://github.com/package-url/purl-spec + + + + + + + Specifies metadata and content for ISO-IEC 19770-2 Software Identification (SWID) Tags. + + + + + + + DEPRECATED - DO NOT USE. This will be removed in a future version. Use the pedigree + element instead to supply information on exactly how the component was modified. + A boolean value indicating is the component has been modified from the original. + A value of true indicates the component is a derivative of the original. + A value of false indicates the component has not been modified from the original. + + + + + + + Component pedigree is a way to document complex supply chain scenarios where components are + created, distributed, modified, redistributed, combined with other components, etc. + + + + + + Provides the ability to document external references related to the + component or to the project the component describes. + + + + + + Specifies optional sub-components. This is not a dependency tree. It provides a way + to specify a hierarchical representation of component assemblies, similar to + system -> subsystem -> parts assembly in physical supply chains. + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + Specifies the type of component. For software components, classify as application if no more + specific appropriate classification is available or cannot be determined for the component. + + + + + + + The optional mime-type of the component. When used on file components, the mime-type + can provide additional context about the kind of file being represented such as an image, + font, or executable. Some library or framework components may also have an associated mime-type. + + + + + + + An optional identifier which can be used to reference the component elsewhere in the BOM. + Uniqueness is enforced within all elements and children of the root-level bom element. + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + + A valid SPDX license ID + + + + + If SPDX does not define the license used, this field may be used to provide the license name + + + + + + Specifies the optional full text of the attachment + + + + + The URL to the attachment file. If the attachment is a license or BOM, + an externalReference should also be specified for completeness. + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + + + + Specifies attributes of the text + + + + Specifies the content type of the text. Defaults to text/plain + if not specified. + + + + + + Specifies the optional encoding the text is represented in + + + + + + + + + + Specifies the file hash of the component + + + + + + Specifies the algorithm used to create the hash + + + + + + + + + + + The component is required for runtime + + + + + The component is optional at runtime. Optional components are components that + are not capable of being called due to them not be installed or otherwise accessible by any means. + Components that are installed but due to configuration or other restrictions are prohibited from + being called must be scoped as 'required'. + + + + + Components that are excluded provide the ability to document component usage + for test and other non-runtime purposes. Excluded components are not reachable within a call + graph at runtime. + + + + + + + + + + A software application. Refer to https://en.wikipedia.org/wiki/Application_software + for information about applications. + + + + + A software framework. Refer to https://en.wikipedia.org/wiki/Software_framework + for information on how frameworks vary slightly from libraries. + + + + + A software library. Refer to https://en.wikipedia.org/wiki/Library_(computing) + for information about libraries. All third-party and open source reusable components will likely + be a library. If the library also has key features of a framework, then it should be classified + as a framework. If not, or is unknown, then specifying library is recommended. + + + + + A packaging and/or runtime format, not specific to any particular technology, + which isolates software inside the container from software outside of a container through + virtualization technology. Refer to https://en.wikipedia.org/wiki/OS-level_virtualization + + + + + A software operating system without regard to deployment model + (i.e. installed on physical hardware, virtual machine, image, etc) Refer to + https://en.wikipedia.org/wiki/Operating_system + + + + + A hardware device such as a processor, or chip-set. A hardware device + containing firmware should include a component for the physical hardware itself, and another + component of type 'firmware' or 'operating-system' (whichever is relevant), describing + information about the software running on the device. + + + + + A special type of software that provides low-level control over a devices + hardware. Refer to https://en.wikipedia.org/wiki/Firmware + + + + + A computer file. Refer to https://en.wikipedia.org/wiki/Computer_file + for information about files. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Define the format for acceptable CPE URIs. Supports CPE 2.2 and CPE 2.3 formats. + Refer to https://nvd.nist.gov/products/cpe for official specification. + + + + + + + + + + + + Specifies the full content of the SWID tag. + + + + + The URL to the SWID file. + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + Maps to the tagId of a SoftwareIdentity. + + + + + Maps to the name of a SoftwareIdentity. + + + + + Maps to the version of a SoftwareIdentity. + + + + + Maps to the tagVersion of a SoftwareIdentity. + + + + + Maps to the patch of a SoftwareIdentity. + + + + + + + + Defines a string representation of a UUID conforming to RFC 4122. + + + + + + + + + + + + Version Control System + + + + + Issue or defect tracking system, or an Application Lifecycle Management (ALM) system + + + + + Website + + + + + Security advisories + + + + + Bill-of-material document (CycloneDX, SPDX, SWID, etc) + + + + + Mailing list or discussion group + + + + + Social media account + + + + + Real-time chat platform + + + + + Documentation, guides, or how-to instructions + + + + + Community or commercial support + + + + + Direct or repository download location + + + + + The URL to the license file. If a license URL has been defined in the license + node, it should also be defined as an external reference for completeness + + + + + Build-system specific meta file (i.e. pom.xml, package.json, .nuspec, etc) + + + + + URL to an automated build system + + + + + Use this if no other types accurately describe the purpose of the external reference + + + + + + + + + External references provide a way to document systems, sites, and information that may be relevant + but which are not included with the BOM. + + + + + + Zero or more external references can be defined + + + + + + + + + + The URL to the external reference + + + + + An optional comment describing the external reference + + + + + + Specifies the type of external reference. There are built-in types to describe common + references. If a type does not exist for the reference being referred to, use the "other" type. + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + Zero or more commits can be specified. + + + + + Specifies an individual commit. + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + + + + A unique identifier of the commit. This may be version control + specific. For example, Subversion uses revision numbers whereas git uses commit hashes. + + + + + + The URL to the commit. This URL will typically point to a commit + in a version control system. + + + + + + The author who created the changes in the commit + + + + + The person who committed or pushed the commit + + + + + The text description of the contents of the commit + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + + Zero or more patches can be specified. + + + + + Specifies an individual patch. + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + + + + The patch file (or diff) that show changes. + Refer to https://en.wikipedia.org/wiki/Diff + + + + + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + Specifies the purpose for the patch including the resolution of defects, + security issues, or new behavior or functionality + + + + + + + + + A patch which is not developed by the creators or maintainers of the software + being patched. Refer to https://en.wikipedia.org/wiki/Unofficial_patch + + + + + A patch which dynamically modifies runtime behavior. + Refer to https://en.wikipedia.org/wiki/Monkey_patch + + + + + A patch which takes code from a newer version of software and applies + it to older versions of the same software. Refer to https://en.wikipedia.org/wiki/Backporting + + + + + A patch created by selectively applying commits from other versions or + branches of the same software. + + + + + + + + + + A fault, flaw, or bug in software + + + + + A new feature or behavior in software + + + + + A special type of defect which impacts security + + + + + + + + + + Specifies the optional text of the diff + + + + + Specifies the URL to the diff + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + + + + The identifier of the issue assigned by the source of the issue + + + + + The name of the issue + + + + + A description of the issue + + + + + + + The source of the issue where it is documented. + + + + + + + The name of the source. For example "National Vulnerability Database", + "NVD", and "Apache" + + + + + + + The url of the issue documentation as provided by the source + + + + + + + + + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + Specifies the type of issue + + + + + + + + + The timestamp in which the action occurred + + + + + The name of the individual who performed the action + + + + + The email address of the individual who performed the action + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + + + Component pedigree is a way to document complex supply chain scenarios where components are created, + distributed, modified, redistributed, combined with other components, etc. Pedigree supports viewing + this complex chain from the beginning, the end, or anywhere in the middle. It also provides a way to + document variants where the exact relation may not be known. + + + + + + Describes zero or more components in which a component is derived + from. This is commonly used to describe forks from existing projects where the forked version + contains a ancestor node containing the original component it was forked from. For example, + Component A is the original component. Component B is the component being used and documented + in the BOM. However, Component B contains a pedigree node with a single ancestor documenting + Component A - the original component from which Component B is derived from. + + + + + + Descendants are the exact opposite of ancestors. This provides a + way to document all forks (and their forks) of an original or root component. + + + + + + Variants describe relations where the relationship between the + components are not known. For example, if Component A contains nearly identical code to + Component B. They are both related, but it is unclear if one is derived from the other, + or if they share a common ancestor. + + + + + + A list of zero or more commits which provide a trail describing + how the component deviates from an ancestor, descendant, or variant. + + + + + A list of zero or more patches describing how the component + deviates from an ancestor, descendant, or variant. Patches may be complimentary to commits + or may be used in place of commits. + + + + + Notes, observations, and other non-structured commentary + describing the components pedigree. + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + + + + + + References a component or service by the its bom-ref attribute + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + Components that do not have their own dependencies MUST be declared as empty + elements within the graph. Components that are not represented in the dependency graph MAY + have unknown dependencies. It is RECOMMENDED that implementations assume this to be opaque + and not an indicator of a component being dependency-free. + + + + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + The organization that provides the service. + + + + + The grouping name, namespace, or identifier. This will often be a shortened, + single name of the company or project that produced the service or domain name. + Whitespace and special characters should be avoided. + + + + + The name of the service. This will often be a shortened, single name + of the service. + + + + + The service version. + + + + + Specifies a description for the service. + + + + + + + + A service endpoint URI. + + + + + + + + A boolean value indicating if the service requires authentication. + A value of true indicates the service requires authentication prior to use. + A value of false indicates the service does not require authentication. + + + + + A boolean value indicating if use of the service crosses a trust zone or boundary. + A value of true indicates that by using the service, a trust boundary is crossed. + A value of false indicates that by using the service, a trust boundary is not crossed. + + + + + + + + Specifies the data classification. + + + + + + + + + + + + A valid SPDX license expression. + Refer to https://spdx.org/specifications for syntax requirements + + + + + + + + Provides the ability to document external references related to the service. + + + + + + Specifies optional sub-service. This is not a dependency tree. It provides a way + to specify a hierarchical representation of service assemblies, similar to + system -> subsystem -> parts assembly in physical supply chains. + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + An optional identifier which can be used to reference the service elsewhere in the BOM. + Uniqueness is enforced within all elements and children of the root-level bom element. + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + Specifies the data classification. + + + + + + Specifies the flow direction of the data. + + + + + + + + + Specifies the flow direction of the data. Valid values are: + inbound, outbound, bi-directional, and unknown. Direction is relative to the service. + Inbound flow states that data enters the service. Outbound flow states that data + leaves the service. Bi-directional states that data flows both ways, and unknown + states that the direction is not known. + + + + + + + + + + + + + + + Provides additional information about a BOM. + + + + + Provides the ability to document a list of components. + + + + + Provides the ability to document a list of external services. + + + + + Provides the ability to document external references related to the BOM or + to the project the BOM describes. + + + + + Provides the ability to document dependency relationships. + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + The version allows component publishers/authors to make changes to existing + BOMs to update various aspects of the document such as description or licenses. When a system + is presented with multiple BOMs for the same component, the system should use the most recent + version of the BOM. The default version is '1' and should be incremented for each version of the + BOM that is published. Each version of a component should have a unique BOM and if no changes are + made to the BOMs, then each BOM will have a version of '1'. + + + + + Every BOM generated should have a unique serial number, even if the contents + of the BOM being generated have not changed over time. The process or tool responsible for + creating the BOM should create random UUID's for every BOM generated. + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + diff --git a/res/bom-1.3-strict.SNAPSHOT.schema.json b/res/bom-1.3-strict.SNAPSHOT.schema.json new file mode 100644 index 000000000..3428f6a3f --- /dev/null +++ b/res/bom-1.3-strict.SNAPSHOT.schema.json @@ -0,0 +1,1085 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "http://cyclonedx.org/schema/bom-1.3a.schema.json", + "type": "object", + "title": "CycloneDX Software Bill-of-Material Specification", + "$comment" : "CycloneDX JSON schema is published under the terms of the Apache License 2.0.", + "required": [ + "bomFormat", + "specVersion", + "version" + ], + "additionalProperties": false, + "properties": { + "$schema": { + "type": "string", + "enum": [ + "http://cyclonedx.org/schema/bom-1.3.schema.json" + ] + }, + "bomFormat": { + "$id": "#/properties/bomFormat", + "type": "string", + "title": "BOM Format", + "description": "Specifies the format of the BOM. This helps to identify the file as CycloneDX since BOMs do not have a filename convention nor does JSON schema support namespaces.", + "enum": [ + "CycloneDX" + ] + }, + "specVersion": { + "$id": "#/properties/specVersion", + "type": "string", + "title": "CycloneDX Specification Version", + "description": "The version of the CycloneDX specification a BOM is written to (starting at version 1.2)", + "examples": ["1.3"] + }, + "serialNumber": { + "$id": "#/properties/serialNumber", + "type": "string", + "title": "BOM Serial Number", + "description": "Every BOM generated should have a unique serial number, even if the contents of the BOM being generated have not changed over time. The process or tool responsible for creating the BOM should create random UUID's for every BOM generated.", + "examples": ["urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79"], + "pattern": "^urn:uuid:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$" + }, + "version": { + "$id": "#/properties/version", + "type": "integer", + "title": "BOM Version", + "description": "The version allows component publishers/authors to make changes to existing BOMs to update various aspects of the document such as description or licenses. When a system is presented with multiple BOMs for the same component, the system should use the most recent version of the BOM. The default version is '1' and should be incremented for each version of the BOM that is published. Each version of a component should have a unique BOM and if no changes are made to the BOMs, then each BOM will have a version of '1'.", + "default": 1, + "examples": [1] + }, + "metadata": { + "$id": "#/properties/metadata", + "$ref": "#/definitions/metadata", + "title": "BOM Metadata", + "description": "Provides additional information about a BOM." + }, + "components": { + "$id": "#/properties/components", + "type": "array", + "items": {"$ref": "#/definitions/component"}, + "uniqueItems": true, + "title": "Components" + }, + "services": { + "$id": "#/properties/services", + "type": "array", + "items": {"$ref": "#/definitions/service"}, + "uniqueItems": true, + "title": "Services" + }, + "externalReferences": { + "$id": "#/properties/externalReferences", + "type": "array", + "items": {"$ref": "#/definitions/externalReference"}, + "title": "External References", + "description": "External references provide a way to document systems, sites, and information that may be relevant but which are not included with the BOM." + }, + "dependencies": { + "$id": "#/properties/dependencies", + "type": "array", + "items": {"$ref": "#/definitions/dependency"}, + "uniqueItems": true, + "title": "Dependencies", + "description": "Provides the ability to document dependency relationships." + }, + "compositions": { + "$id": "#/properties/compositions", + "type": "array", + "items": {"$ref": "#/definitions/compositions"}, + "uniqueItems": true, + "title": "Compositions", + "description": "Compositions describe constituent parts (including components, services, and dependency relationships) and their completeness." + } + }, + "definitions": { + "metadata": { + "type": "object", + "title": "BOM Metadata Object", + "additionalProperties": false, + "properties": { + "timestamp": { + "type": "string", + "format": "date-time", + "title": "Timestamp", + "description": "The date and time (timestamp) when the document was created." + }, + "tools": { + "type": "array", + "title": "Creation Tools", + "description": "The tool(s) used in the creation of the BOM.", + "items": {"$ref": "#/definitions/tool"} + }, + "authors" :{ + "type": "array", + "title": "Authors", + "description": "The person(s) who created the BOM. Authors are common in BOMs created through manual processes. BOMs created through automated means may not have authors.", + "items": {"$ref": "#/definitions/organizationalContact"} + }, + "component": { + "title": "Component", + "description": "The component that the BOM describes.", + "$ref": "#/definitions/component" + }, + "manufacture": { + "title": "Manufacture", + "description": "The organization that manufactured the component that the BOM describes.", + "$ref": "#/definitions/organizationalEntity" + }, + "supplier": { + "title": "Supplier", + "description": " The organization that supplied the component that the BOM describes. The supplier may often be the manufacturer, but may also be a distributor or repackager.", + "$ref": "#/definitions/organizationalEntity" + }, + "licenses": { + "type": "array", + "title": "BOM License(s)", + "items": {"$ref": "#/definitions/licenseChoice"} + }, + "properties": { + "type": "array", + "title": "Properties", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values.", + "items": {"$ref": "#/definitions/property"} + } + } + }, + "tool": { + "type": "object", + "title": "Tool", + "description": "The tool used to create the BOM.", + "additionalProperties": false, + "properties": { + "vendor": { + "type": "string", + "title": "Tool Vendor", + "description": "The date and time (timestamp) when the document was created." + }, + "name": { + "type": "string", + "title": "Tool Name", + "description": "The date and time (timestamp) when the document was created." + }, + "version": { + "type": "string", + "title": "Tool Version", + "description": "The date and time (timestamp) when the document was created." + }, + "hashes": { + "$id": "#/definitions/tool/properties/hashes", + "type": "array", + "items": {"$ref": "#/definitions/hash"}, + "title": "Hashes", + "description": "The hashes of the tool (if applicable)." + } + } + }, + "organizationalEntity": { + "type": "object", + "title": "Organizational Entity Object", + "description": "", + "additionalProperties": false, + "properties": { + "name": { + "type": "string", + "title": "Name", + "description": "The name of the organization", + "examples": [ + "Example Inc." + ] + }, + "url": { + "type": "array", + "items": { + "type": "string", + "format": "iri-reference" + }, + "title": "URL", + "description": "The URL of the organization. Multiple URLs are allowed.", + "examples": ["https://example.com"] + }, + "contact": { + "type": "array", + "title": "Contact", + "description": "A contact at the organization. Multiple contacts are allowed.", + "items": {"$ref": "#/definitions/organizationalContact"} + } + } + }, + "organizationalContact": { + "type": "object", + "title": "Organizational Contact Object", + "description": "", + "additionalProperties": false, + "properties": { + "name": { + "type": "string", + "title": "Name", + "description": "The name of a contact", + "examples": ["Contact name"] + }, + "email": { + "type": "string", + "title": "Email Address", + "description": "The email address of the contact.", + "examples": ["firstname.lastname@example.com"] + }, + "phone": { + "type": "string", + "title": "Phone", + "description": "The phone number of the contact.", + "examples": ["800-555-1212"] + } + } + }, + "component": { + "type": "object", + "title": "Component Object", + "required": [ + "type", + "name", + "version" + ], + "additionalProperties": false, + "properties": { + "type": { + "type": "string", + "enum": [ + "application", + "framework", + "library", + "container", + "operating-system", + "device", + "firmware", + "file" + ], + "title": "Component Type", + "description": "Specifies the type of component. For software components, classify as application if no more specific appropriate classification is available or cannot be determined for the component.", + "examples": ["library"] + }, + "mime-type": { + "type": "string", + "title": "Mime-Type", + "description": "The optional mime-type of the component. When used on file components, the mime-type can provide additional context about the kind of file being represented such as an image, font, or executable. Some library or framework components may also have an associated mime-type.", + "examples": ["image/jpeg"], + "pattern": "^[-+a-z0-9.]+/[-+a-z0-9.]+$" + }, + "bom-ref": { + "type": "string", + "title": "BOM Reference", + "description": "An optional identifier which can be used to reference the component elsewhere in the BOM. Every bom-ref should be unique." + }, + "supplier": { + "title": "Component Supplier", + "description": " The organization that supplied the component. The supplier may often be the manufacturer, but may also be a distributor or repackager.", + "$ref": "#/definitions/organizationalEntity" + }, + "author": { + "type": "string", + "title": "Component Author", + "description": "The person(s) or organization(s) that authored the component", + "examples": ["Acme Inc"] + }, + "publisher": { + "type": "string", + "title": "Component Publisher", + "description": "The person(s) or organization(s) that published the component", + "examples": ["Acme Inc"] + }, + "group": { + "type": "string", + "title": "Component Group", + "description": "The grouping name or identifier. This will often be a shortened, single name of the company or project that produced the component, or the source package or domain name. Whitespace and special characters should be avoided. Examples include: apache, org.apache.commons, and apache.org.", + "examples": ["com.acme"] + }, + "name": { + "type": "string", + "title": "Component Name", + "description": "The name of the component. This will often be a shortened, single name of the component. Examples: commons-lang3 and jquery", + "examples": ["tomcat-catalina"] + }, + "version": { + "type": "string", + "title": "Component Version", + "description": "The component version. The version should ideally comply with semantic versioning but is not enforced.", + "examples": ["9.0.14"] + }, + "description": { + "type": "string", + "title": "Component Description", + "description": "Specifies a description for the component" + }, + "scope": { + "type": "string", + "enum": [ + "required", + "optional", + "excluded" + ], + "title": "Component Scope", + "description": "Specifies the scope of the component. If scope is not specified, 'required' scope should be assumed by the consumer of the BOM", + "default": "required" + }, + "hashes": { + "type": "array", + "title": "Component Hashes", + "items": {"$ref": "#/definitions/hash"} + }, + "licenses": { + "type": "array", + "items": {"$ref": "#/definitions/licenseChoice"}, + "title": "Component License(s)" + }, + "copyright": { + "type": "string", + "title": "Component Copyright", + "description": "An optional copyright notice informing users of the underlying claims to copyright ownership in a published work.", + "examples": ["Acme Inc"] + }, + "cpe": { + "type": "string", + "title": "Component Common Platform Enumeration (CPE)", + "description": "DEPRECATED - DO NOT USE. This will be removed in a future version. Specifies a well-formed CPE name. See https://nvd.nist.gov/products/cpe", + "examples": ["cpe:2.3:a:acme:component_framework:-:*:*:*:*:*:*:*"] + }, + "purl": { + "type": "string", + "title": "Component Package URL (purl)", + "examples": ["pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar"] + }, + "swid": { + "$ref": "#/definitions/swid", + "title": "SWID Tag", + "description": "Specifies metadata and content for ISO-IEC 19770-2 Software Identification (SWID) Tags." + }, + "modified": { + "type": "boolean", + "title": "Component Modified From Original", + "description": "DEPRECATED - DO NOT USE. This will be removed in a future version. Use the pedigree element instead to supply information on exactly how the component was modified. A boolean value indicating is the component has been modified from the original. A value of true indicates the component is a derivative of the original. A value of false indicates the component has not been modified from the original." + }, + "pedigree": { + "type": "object", + "title": "Component Pedigree", + "description": "Component pedigree is a way to document complex supply chain scenarios where components are created, distributed, modified, redistributed, combined with other components, etc. Pedigree supports viewing this complex chain from the beginning, the end, or anywhere in the middle. It also provides a way to document variants where the exact relation may not be known.", + "additionalProperties": false, + "properties": { + "ancestors": { + "type": "array", + "title": "Ancestors", + "description": "Describes zero or more components in which a component is derived from. This is commonly used to describe forks from existing projects where the forked version contains a ancestor node containing the original component it was forked from. For example, Component A is the original component. Component B is the component being used and documented in the BOM. However, Component B contains a pedigree node with a single ancestor documenting Component A - the original component from which Component B is derived from.", + "items": {"$ref": "#/definitions/component"} + }, + "descendants": { + "type": "array", + "title": "Descendants", + "description": "Descendants are the exact opposite of ancestors. This provides a way to document all forks (and their forks) of an original or root component.", + "items": {"$ref": "#/definitions/component"} + }, + "variants": { + "type": "array", + "title": "Variants", + "description": "Variants describe relations where the relationship between the components are not known. For example, if Component A contains nearly identical code to Component B. They are both related, but it is unclear if one is derived from the other, or if they share a common ancestor.", + "items": {"$ref": "#/definitions/component"} + }, + "commits": { + "type": "array", + "title": "Commits", + "description": "A list of zero or more commits which provide a trail describing how the component deviates from an ancestor, descendant, or variant.", + "items": {"$ref": "#/definitions/commit"} + }, + "patches": { + "type": "array", + "title": "Patches", + "description": ">A list of zero or more patches describing how the component deviates from an ancestor, descendant, or variant. Patches may be complimentary to commits or may be used in place of commits.", + "items": {"$ref": "#/definitions/patch"} + }, + "notes": { + "type": "string", + "title": "Notes", + "description": "Notes, observations, and other non-structured commentary describing the components pedigree." + } + } + }, + "externalReferences": { + "type": "array", + "items": {"$ref": "#/definitions/externalReference"}, + "title": "External References" + }, + "components": { + "$id": "#/definitions/component/properties/components", + "type": "array", + "items": {"$ref": "#/definitions/component"}, + "uniqueItems": true, + "title": "Components" + }, + "evidence": { + "$ref": "#/definitions/componentEvidence", + "title": "Evidence", + "description": "Provides the ability to document evidence collected through various forms of extraction or analysis." + }, + "properties": { + "type": "array", + "title": "Properties", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values.", + "items": {"$ref": "#/definitions/property"} + } + } + }, + "swid": { + "type": "object", + "title": "SWID Tag", + "description": "Specifies metadata and content for ISO-IEC 19770-2 Software Identification (SWID) Tags.", + "required": [ + "tagId", + "name" + ], + "additionalProperties": false, + "properties": { + "tagId": { + "type": "string", + "title": "Tag ID", + "description": "Maps to the tagId of a SoftwareIdentity." + }, + "name": { + "type": "string", + "title": "Name", + "description": "Maps to the name of a SoftwareIdentity." + }, + "version": { + "type": "string", + "title": "Version", + "default": "0.0", + "description": "Maps to the version of a SoftwareIdentity." + }, + "tagVersion": { + "type": "integer", + "title": "Tag Version", + "default": 0, + "description": "Maps to the tagVersion of a SoftwareIdentity." + }, + "patch": { + "type": "boolean", + "title": "Patch", + "default": false, + "description": "Maps to the patch of a SoftwareIdentity." + }, + "text": { + "title": "Attachment text", + "description": "Specifies the metadata and content of the SWID tag.", + "$ref": "#/definitions/attachment" + }, + "url": { + "type": "string", + "title": "URL", + "description": "The URL to the SWID file.", + "format": "iri-reference" + } + } + }, + "attachment": { + "type": "object", + "title": "Attachment", + "description": "Specifies the metadata and content for an attachment.", + "required": [ + "content" + ], + "additionalProperties": false, + "properties": { + "contentType": { + "type": "string", + "title": "Content-Type", + "description": "Specifies the content type of the text. Defaults to text/plain if not specified.", + "default": "text/plain" + }, + "encoding": { + "type": "string", + "title": "Encoding", + "description": "Specifies the optional encoding the text is represented in.", + "enum": [ + "base64" + ] + }, + "content": { + "type": "string", + "title": "Attachment Text", + "description": "The attachment data" + } + } + }, + "hash": { + "type": "object", + "title": "Hash Objects", + "required": [ + "alg", + "content" + ], + "additionalProperties": false, + "properties": { + "alg": { + "$ref": "#/definitions/hash-alg" + }, + "content": { + "$ref": "#/definitions/hash-content" + } + } + }, + "hash-alg": { + "type": "string", + "enum": [ + "MD5", + "SHA-1", + "SHA-256", + "SHA-384", + "SHA-512", + "SHA3-256", + "SHA3-384", + "SHA3-512", + "BLAKE2b-256", + "BLAKE2b-384", + "BLAKE2b-512", + "BLAKE3" + ], + "title": "Hash Algorithm" + }, + "hash-content": { + "type": "string", + "title": "Hash Content (value)", + "examples": ["3942447fac867ae5cdb3229b658f4d48"], + "pattern": "^([a-fA-F0-9]{32}|[a-fA-F0-9]{40}|[a-fA-F0-9]{64}|[a-fA-F0-9]{96}|[a-fA-F0-9]{128})$" + }, + "license": { + "type": "object", + "title": "License Object", + "oneOf": [ + { + "required": ["id"] + }, + { + "required": ["name"] + } + ], + "additionalProperties": false, + "properties": { + "id": { + "$ref": "spdx.SNAPSHOT.schema.json", + "title": "License ID (SPDX)", + "description": "A valid SPDX license ID", + "examples": ["Apache-2.0"] + }, + "name": { + "type": "string", + "title": "License Name", + "description": "If SPDX does not define the license used, this field may be used to provide the license name", + "examples": ["Acme Software License"] + }, + "text": { + "title": "License text", + "description": "An optional way to include the textual content of a license.", + "$ref": "#/definitions/attachment" + }, + "url": { + "type": "string", + "title": "License URL", + "description": "The URL to the license file. If specified, a 'license' externalReference should also be specified for completeness", + "examples": ["https://www.apache.org/licenses/LICENSE-2.0.txt"], + "format": "iri-reference" + } + } + }, + "licenseChoice": { + "type": "object", + "title": "License(s)", + "additionalProperties": false, + "properties": { + "license": { + "$ref": "#/definitions/license" + }, + "expression": { + "type": "string", + "title": "SPDX License Expression", + "examples": [ + "Apache-2.0 AND (MIT OR GPL-2.0-only)", + "GPL-3.0-only WITH Classpath-exception-2.0" + ] + } + }, + "oneOf":[ + { + "required": ["license"] + }, + { + "required": ["expression"] + } + ] + }, + "commit": { + "type": "object", + "title": "Commit", + "description": "Specifies an individual commit", + "additionalProperties": false, + "properties": { + "uid": { + "type": "string", + "title": "UID", + "description": "A unique identifier of the commit. This may be version control specific. For example, Subversion uses revision numbers whereas git uses commit hashes." + }, + "url": { + "type": "string", + "title": "URL", + "description": "The URL to the commit. This URL will typically point to a commit in a version control system.", + "format": "iri-reference" + }, + "author": { + "title": "Author", + "description": "The author who created the changes in the commit", + "$ref": "#/definitions/identifiableAction" + }, + "committer": { + "title": "Committer", + "description": "The person who committed or pushed the commit", + "$ref": "#/definitions/identifiableAction" + }, + "message": { + "type": "string", + "title": "Message", + "description": "The text description of the contents of the commit" + } + } + }, + "patch": { + "type": "object", + "title": "Patch", + "description": "Specifies an individual patch", + "required": [ + "type" + ], + "additionalProperties": false, + "properties": { + "type": { + "type": "string", + "enum": [ + "unofficial", + "monkey", + "backport", + "cherry-pick" + ], + "title": "Type", + "description": "Specifies the purpose for the patch including the resolution of defects, security issues, or new behavior or functionality" + }, + "diff": { + "title": "Diff", + "description": "The patch file (or diff) that show changes. Refer to https://en.wikipedia.org/wiki/Diff", + "$ref": "#/definitions/diff" + }, + "resolves": { + "type": "array", + "items": {"$ref": "#/definitions/issue"}, + "title": "Resolves", + "description": "A collection of issues the patch resolves" + } + } + }, + "diff": { + "type": "object", + "title": "Diff", + "description": "The patch file (or diff) that show changes. Refer to https://en.wikipedia.org/wiki/Diff", + "additionalProperties": false, + "properties": { + "text": { + "title": "Diff text", + "description": "Specifies the optional text of the diff", + "$ref": "#/definitions/attachment" + }, + "url": { + "type": "string", + "title": "URL", + "description": "Specifies the URL to the diff", + "format": "iri-reference" + } + } + }, + "issue": { + "type": "object", + "title": "Diff", + "description": "The patch file (or diff) that show changes. Refer to https://en.wikipedia.org/wiki/Diff", + "required": [ + "type" + ], + "additionalProperties": false, + "properties": { + "type": { + "type": "string", + "enum": [ + "defect", + "enhancement", + "security" + ], + "title": "Type", + "description": "Specifies the type of issue" + }, + "id": { + "type": "string", + "title": "ID", + "description": "The identifier of the issue assigned by the source of the issue" + }, + "name": { + "type": "string", + "title": "Name", + "description": "The name of the issue" + }, + "description": { + "type": "string", + "title": "Description", + "description": "A description of the issue" + }, + "source": { + "type": "object", + "title": "Source", + "description": "The source of the issue where it is documented", + "additionalProperties": false, + "properties": { + "name": { + "type": "string", + "title": "Name", + "description": "The name of the source. For example 'National Vulnerability Database', 'NVD', and 'Apache'" + }, + "url": { + "type": "string", + "title": "URL", + "description": "The url of the issue documentation as provided by the source", + "format": "iri-reference" + } + } + }, + "references": { + "type": "array", + "items": { + "type": "string", + "format": "iri-reference" + }, + "title": "References", + "description": "A collection of URL's for reference. Multiple URLs are allowed.", + "examples": ["https://example.com"] + } + } + }, + "identifiableAction": { + "type": "object", + "title": "Identifiable Action", + "description": "Specifies an individual commit", + "additionalProperties": false, + "properties": { + "timestamp": { + "type": "string", + "format": "date-time", + "title": "Timestamp", + "description": "The timestamp in which the action occurred" + }, + "name": { + "type": "string", + "title": "Name", + "description": "The name of the individual who performed the action" + }, + "email": { + "type": "string", + "format": "idn-email", + "title": "E-mail", + "description": "The email address of the individual who performed the action" + } + } + }, + "externalReference": { + "type": "object", + "title": "External Reference", + "description": "Specifies an individual external reference", + "required": [ + "url", + "type" + ], + "additionalProperties": false, + "properties": { + "url": { + "type": "string", + "title": "URL", + "description": "The URL to the external reference", + "format": "iri-reference" + }, + "comment": { + "type": "string", + "title": "Comment", + "description": "An optional comment describing the external reference" + }, + "type": { + "type": "string", + "title": "Type", + "description": "Specifies the type of external reference. There are built-in types to describe common references. If a type does not exist for the reference being referred to, use the \"other\" type.", + "enum": [ + "vcs", + "issue-tracker", + "website", + "advisories", + "bom", + "mailing-list", + "social", + "chat", + "documentation", + "support", + "distribution", + "license", + "build-meta", + "build-system", + "other" + ] + }, + "hashes": { + "$id": "#/definitions/externalReference/properties/hashes", + "type": "array", + "items": {"$ref": "#/definitions/hash"}, + "title": "Hashes", + "description": "The hashes of the external reference (if applicable)." + } + } + }, + "dependency": { + "type": "object", + "title": "Dependency", + "description": "Defines the direct dependencies of a component. Components that do not have their own dependencies MUST be declared as empty elements within the graph. Components that are not represented in the dependency graph MAY have unknown dependencies. It is RECOMMENDED that implementations assume this to be opaque and not an indicator of a component being dependency-free.", + "required": [ + "ref" + ], + "additionalProperties": false, + "properties": { + "ref": { + "type": "string", + "title": "Reference", + "description": "References a component by the components bom-ref attribute" + }, + "dependsOn": { + "type": "array", + "uniqueItems": true, + "items": { + "type": "string" + }, + "title": "Depends On", + "description": "The bom-ref identifiers of the components that are dependencies of this dependency object." + } + } + }, + "service": { + "type": "object", + "title": "Service Object", + "required": [ + "name" + ], + "additionalProperties": false, + "properties": { + "bom-ref": { + "type": "string", + "title": "BOM Reference", + "description": "An optional identifier which can be used to reference the service elsewhere in the BOM. Every bom-ref should be unique." + }, + "provider": { + "title": "Provider", + "description": "The organization that provides the service.", + "$ref": "#/definitions/organizationalEntity" + }, + "group": { + "type": "string", + "title": "Service Group", + "description": "The grouping name, namespace, or identifier. This will often be a shortened, single name of the company or project that produced the service or domain name. Whitespace and special characters should be avoided.", + "examples": ["com.acme"] + }, + "name": { + "type": "string", + "title": "Service Name", + "description": "The name of the service. This will often be a shortened, single name of the service.", + "examples": ["ticker-service"] + }, + "version": { + "type": "string", + "title": "Service Version", + "description": "The service version.", + "examples": ["1.0.0"] + }, + "description": { + "type": "string", + "title": "Service Description", + "description": "Specifies a description for the service" + }, + "endpoints": { + "type": "array", + "items": { + "type": "string", + "format": "iri-reference" + }, + "title": "Endpoints", + "description": "The endpoint URIs of the service. Multiple endpoints are allowed.", + "examples": ["https://example.com/api/v1/ticker"] + }, + "authenticated": { + "type": "boolean", + "title": "Authentication Required", + "description": "A boolean value indicating if the service requires authentication. A value of true indicates the service requires authentication prior to use. A value of false indicates the service does not require authentication." + }, + "x-trust-boundary": { + "type": "boolean", + "title": "Crosses Trust Boundary", + "description": "A boolean value indicating if use of the service crosses a trust zone or boundary. A value of true indicates that by using the service, a trust boundary is crossed. A value of false indicates that by using the service, a trust boundary is not crossed." + }, + "data": { + "type": "array", + "items": {"$ref": "#/definitions/dataClassification"}, + "title": "Data Classification", + "description": "Specifies the data classification." + }, + "licenses": { + "type": "array", + "items": {"$ref": "#/definitions/licenseChoice"}, + "title": "Component License(s)" + }, + "externalReferences": { + "type": "array", + "items": {"$ref": "#/definitions/externalReference"}, + "title": "External References" + }, + "services": { + "$id": "#/definitions/service/properties/services", + "type": "array", + "items": {"$ref": "#/definitions/service"}, + "uniqueItems": true, + "title": "Services" + }, + "properties": { + "type": "array", + "title": "Properties", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values.", + "items": {"$ref": "#/definitions/property"} + } + } + }, + "dataClassification": { + "type": "object", + "title": "Hash Objects", + "required": [ + "flow", + "classification" + ], + "additionalProperties": false, + "properties": { + "flow": { + "$ref": "#/definitions/dataFlow" + }, + "classification": { + "type": "string" + } + } + }, + "dataFlow": { + "type": "string", + "enum": [ + "inbound", + "outbound", + "bi-directional", + "unknown" + ], + "title": "Data flow direction" + }, + + "copyright": { + "type": "object", + "title": "Copyright", + "required": [ + "text" + ], + "additionalProperties": false, + "properties": { + "text": { + "type": "string", + "title": "Copyright Text" + } + } + }, + + "componentEvidence": { + "type": "object", + "title": "Evidence", + "description": "Provides the ability to document evidence collected through various forms of extraction or analysis.", + "additionalProperties": false, + "properties": { + "licenses": { + "type": "array", + "items": {"$ref": "#/definitions/licenseChoice"}, + "title": "Component License(s)" + }, + "copyright": { + "type": "array", + "items": {"$ref": "#/definitions/copyright"}, + "title": "Copyright" + } + } + }, + "compositions": { + "type": "object", + "title": "Compositions", + "required": [ + "aggregate" + ], + "additionalProperties": false, + "properties": { + "aggregate": { + "$ref": "#/definitions/aggregateType", + "title": "Aggregate", + "description": "Specifies an aggregate type that describe how complete a relationship is." + }, + "assemblies": { + "type": "array", + "uniqueItems": true, + "items": { + "type": "string" + }, + "title": "BOM references", + "description": "The bom-ref identifiers of the components or services being described. Assemblies refer to nested relationships whereby a constituent part may include other constituent parts. References do not cascade to child parts. References are explicit for the specified constituent part only." + }, + "dependencies": { + "type": "array", + "uniqueItems": true, + "items": { + "type": "string" + }, + "title": "BOM references", + "description": "The bom-ref identifiers of the components or services being described. Dependencies refer to a relationship whereby an independent constituent part requires another independent constituent part. References do not cascade to transitive dependencies. References are explicit for the specified dependency only." + } + } + }, + "aggregateType": { + "type": "string", + "default": "not_specified", + "enum": [ + "complete", + "incomplete", + "incomplete_first_party_only", + "incomplete_third_party_only", + "unknown", + "not_specified" + ] + }, + "property": { + "type": "object", + "title": "Lightweight name-value pair", + "properties": { + "name": { + "type": "string", + "title": "Name", + "description": "The name of the property. Duplicate names are allowed, each potentially having a different value." + }, + "value": { + "type": "string", + "title": "Value", + "description": "The value of the property." + } + } + } + } +} diff --git a/res/bom-1.3.SNAPSHOT.schema.json b/res/bom-1.3.SNAPSHOT.schema.json new file mode 100644 index 000000000..915ff2a9e --- /dev/null +++ b/res/bom-1.3.SNAPSHOT.schema.json @@ -0,0 +1,1054 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "http://cyclonedx.org/schema/bom-1.3a.schema.json", + "type": "object", + "title": "CycloneDX Software Bill-of-Material Specification", + "$comment" : "CycloneDX JSON schema is published under the terms of the Apache License 2.0.", + "required": [ + "bomFormat", + "specVersion", + "version" + ], + "properties": { + "bomFormat": { + "$id": "#/properties/bomFormat", + "type": "string", + "title": "BOM Format", + "description": "Specifies the format of the BOM. This helps to identify the file as CycloneDX since BOMs do not have a filename convention nor does JSON schema support namespaces.", + "enum": [ + "CycloneDX" + ] + }, + "specVersion": { + "$id": "#/properties/specVersion", + "type": "string", + "title": "CycloneDX Specification Version", + "description": "The version of the CycloneDX specification a BOM is written to (starting at version 1.2)", + "examples": ["1.3"] + }, + "serialNumber": { + "$id": "#/properties/serialNumber", + "type": "string", + "title": "BOM Serial Number", + "description": "Every BOM generated should have a unique serial number, even if the contents of the BOM being generated have not changed over time. The process or tool responsible for creating the BOM should create random UUID's for every BOM generated.", + "examples": ["urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79"], + "pattern": "^urn:uuid:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$" + }, + "version": { + "$id": "#/properties/version", + "type": "integer", + "title": "BOM Version", + "description": "The version allows component publishers/authors to make changes to existing BOMs to update various aspects of the document such as description or licenses. When a system is presented with multiple BOMs for the same component, the system should use the most recent version of the BOM. The default version is '1' and should be incremented for each version of the BOM that is published. Each version of a component should have a unique BOM and if no changes are made to the BOMs, then each BOM will have a version of '1'.", + "default": 1, + "examples": [1] + }, + "metadata": { + "$id": "#/properties/metadata", + "$ref": "#/definitions/metadata", + "title": "BOM Metadata", + "description": "Provides additional information about a BOM." + }, + "components": { + "$id": "#/properties/components", + "type": "array", + "items": {"$ref": "#/definitions/component"}, + "uniqueItems": true, + "title": "Components" + }, + "services": { + "$id": "#/properties/services", + "type": "array", + "items": {"$ref": "#/definitions/service"}, + "uniqueItems": true, + "title": "Services" + }, + "externalReferences": { + "$id": "#/properties/externalReferences", + "type": "array", + "items": {"$ref": "#/definitions/externalReference"}, + "title": "External References", + "description": "External references provide a way to document systems, sites, and information that may be relevant but which are not included with the BOM." + }, + "dependencies": { + "$id": "#/properties/dependencies", + "type": "array", + "items": {"$ref": "#/definitions/dependency"}, + "uniqueItems": true, + "title": "Dependencies", + "description": "Provides the ability to document dependency relationships." + }, + "compositions": { + "$id": "#/properties/compositions", + "type": "array", + "items": {"$ref": "#/definitions/compositions"}, + "uniqueItems": true, + "title": "Compositions", + "description": "Compositions describe constituent parts (including components, services, and dependency relationships) and their completeness." + } + }, + "definitions": { + "metadata": { + "type": "object", + "title": "BOM Metadata Object", + "properties": { + "timestamp": { + "type": "string", + "format": "date-time", + "title": "Timestamp", + "description": "The date and time (timestamp) when the document was created." + }, + "tools": { + "type": "array", + "title": "Creation Tools", + "description": "The tool(s) used in the creation of the BOM.", + "items": {"$ref": "#/definitions/tool"} + }, + "authors" :{ + "type": "array", + "title": "Authors", + "description": "The person(s) who created the BOM. Authors are common in BOMs created through manual processes. BOMs created through automated means may not have authors.", + "items": {"$ref": "#/definitions/organizationalContact"} + }, + "component": { + "title": "Component", + "description": "The component that the BOM describes.", + "$ref": "#/definitions/component" + }, + "manufacture": { + "title": "Manufacture", + "description": "The organization that manufactured the component that the BOM describes.", + "$ref": "#/definitions/organizationalEntity" + }, + "supplier": { + "title": "Supplier", + "description": " The organization that supplied the component that the BOM describes. The supplier may often be the manufacturer, but may also be a distributor or repackager.", + "$ref": "#/definitions/organizationalEntity" + }, + "licenses": { + "type": "array", + "title": "BOM License(s)", + "items": {"$ref": "#/definitions/licenseChoice"} + }, + "properties": { + "type": "array", + "title": "Properties", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values.", + "items": {"$ref": "#/definitions/property"} + } + } + }, + "tool": { + "type": "object", + "title": "Tool", + "description": "The tool used to create the BOM.", + "properties": { + "vendor": { + "type": "string", + "title": "Tool Vendor", + "description": "The date and time (timestamp) when the document was created." + }, + "name": { + "type": "string", + "title": "Tool Name", + "description": "The date and time (timestamp) when the document was created." + }, + "version": { + "type": "string", + "title": "Tool Version", + "description": "The date and time (timestamp) when the document was created." + }, + "hashes": { + "$id": "#/definitions/tool/properties/hashes", + "type": "array", + "items": {"$ref": "#/definitions/hash"}, + "title": "Hashes", + "description": "The hashes of the tool (if applicable)." + } + } + }, + "organizationalEntity": { + "type": "object", + "title": "Organizational Entity Object", + "description": "", + "properties": { + "name": { + "type": "string", + "title": "Name", + "description": "The name of the organization", + "examples": [ + "Example Inc." + ] + }, + "url": { + "type": "array", + "items": { + "type": "string", + "format": "iri-reference" + }, + "title": "URL", + "description": "The URL of the organization. Multiple URLs are allowed.", + "examples": ["https://example.com"] + }, + "contact": { + "type": "array", + "title": "Contact", + "description": "A contact at the organization. Multiple contacts are allowed.", + "items": {"$ref": "#/definitions/organizationalContact"} + } + } + }, + "organizationalContact": { + "type": "object", + "title": "Organizational Contact Object", + "description": "", + "properties": { + "name": { + "type": "string", + "title": "Name", + "description": "The name of a contact", + "examples": ["Contact name"] + }, + "email": { + "type": "string", + "title": "Email Address", + "description": "The email address of the contact.", + "examples": ["firstname.lastname@example.com"] + }, + "phone": { + "type": "string", + "title": "Phone", + "description": "The phone number of the contact.", + "examples": ["800-555-1212"] + } + } + }, + "component": { + "type": "object", + "title": "Component Object", + "required": [ + "type", + "name", + "version" + ], + "properties": { + "type": { + "type": "string", + "enum": [ + "application", + "framework", + "library", + "container", + "operating-system", + "device", + "firmware", + "file" + ], + "title": "Component Type", + "description": "Specifies the type of component. For software components, classify as application if no more specific appropriate classification is available or cannot be determined for the component.", + "examples": ["library"] + }, + "mime-type": { + "type": "string", + "title": "Mime-Type", + "description": "The optional mime-type of the component. When used on file components, the mime-type can provide additional context about the kind of file being represented such as an image, font, or executable. Some library or framework components may also have an associated mime-type.", + "examples": ["image/jpeg"], + "pattern": "^[-+a-z0-9.]+/[-+a-z0-9.]+$" + }, + "bom-ref": { + "type": "string", + "title": "BOM Reference", + "description": "An optional identifier which can be used to reference the component elsewhere in the BOM. Every bom-ref should be unique." + }, + "supplier": { + "title": "Component Supplier", + "description": " The organization that supplied the component. The supplier may often be the manufacturer, but may also be a distributor or repackager.", + "$ref": "#/definitions/organizationalEntity" + }, + "author": { + "type": "string", + "title": "Component Author", + "description": "The person(s) or organization(s) that authored the component", + "examples": ["Acme Inc"] + }, + "publisher": { + "type": "string", + "title": "Component Publisher", + "description": "The person(s) or organization(s) that published the component", + "examples": ["Acme Inc"] + }, + "group": { + "type": "string", + "title": "Component Group", + "description": "The grouping name or identifier. This will often be a shortened, single name of the company or project that produced the component, or the source package or domain name. Whitespace and special characters should be avoided. Examples include: apache, org.apache.commons, and apache.org.", + "examples": ["com.acme"] + }, + "name": { + "type": "string", + "title": "Component Name", + "description": "The name of the component. This will often be a shortened, single name of the component. Examples: commons-lang3 and jquery", + "examples": ["tomcat-catalina"] + }, + "version": { + "type": "string", + "title": "Component Version", + "description": "The component version. The version should ideally comply with semantic versioning but is not enforced.", + "examples": ["9.0.14"] + }, + "description": { + "type": "string", + "title": "Component Description", + "description": "Specifies a description for the component" + }, + "scope": { + "type": "string", + "enum": [ + "required", + "optional", + "excluded" + ], + "title": "Component Scope", + "description": "Specifies the scope of the component. If scope is not specified, 'required' scope should be assumed by the consumer of the BOM", + "default": "required" + }, + "hashes": { + "type": "array", + "title": "Component Hashes", + "items": {"$ref": "#/definitions/hash"} + }, + "licenses": { + "type": "array", + "items": {"$ref": "#/definitions/licenseChoice"}, + "title": "Component License(s)" + }, + "copyright": { + "type": "string", + "title": "Component Copyright", + "description": "An optional copyright notice informing users of the underlying claims to copyright ownership in a published work.", + "examples": ["Acme Inc"] + }, + "cpe": { + "type": "string", + "title": "Component Common Platform Enumeration (CPE)", + "description": "DEPRECATED - DO NOT USE. This will be removed in a future version. Specifies a well-formed CPE name. See https://nvd.nist.gov/products/cpe", + "examples": ["cpe:2.3:a:acme:component_framework:-:*:*:*:*:*:*:*"] + }, + "purl": { + "type": "string", + "title": "Component Package URL (purl)", + "examples": ["pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar"] + }, + "swid": { + "$ref": "#/definitions/swid", + "title": "SWID Tag", + "description": "Specifies metadata and content for ISO-IEC 19770-2 Software Identification (SWID) Tags." + }, + "modified": { + "type": "boolean", + "title": "Component Modified From Original", + "description": "DEPRECATED - DO NOT USE. This will be removed in a future version. Use the pedigree element instead to supply information on exactly how the component was modified. A boolean value indicating is the component has been modified from the original. A value of true indicates the component is a derivative of the original. A value of false indicates the component has not been modified from the original." + }, + "pedigree": { + "type": "object", + "title": "Component Pedigree", + "description": "Component pedigree is a way to document complex supply chain scenarios where components are created, distributed, modified, redistributed, combined with other components, etc. Pedigree supports viewing this complex chain from the beginning, the end, or anywhere in the middle. It also provides a way to document variants where the exact relation may not be known.", + "properties": { + "ancestors": { + "type": "array", + "title": "Ancestors", + "description": "Describes zero or more components in which a component is derived from. This is commonly used to describe forks from existing projects where the forked version contains a ancestor node containing the original component it was forked from. For example, Component A is the original component. Component B is the component being used and documented in the BOM. However, Component B contains a pedigree node with a single ancestor documenting Component A - the original component from which Component B is derived from.", + "items": {"$ref": "#/definitions/component"} + }, + "descendants": { + "type": "array", + "title": "Descendants", + "description": "Descendants are the exact opposite of ancestors. This provides a way to document all forks (and their forks) of an original or root component.", + "items": {"$ref": "#/definitions/component"} + }, + "variants": { + "type": "array", + "title": "Variants", + "description": "Variants describe relations where the relationship between the components are not known. For example, if Component A contains nearly identical code to Component B. They are both related, but it is unclear if one is derived from the other, or if they share a common ancestor.", + "items": {"$ref": "#/definitions/component"} + }, + "commits": { + "type": "array", + "title": "Commits", + "description": "A list of zero or more commits which provide a trail describing how the component deviates from an ancestor, descendant, or variant.", + "items": {"$ref": "#/definitions/commit"} + }, + "patches": { + "type": "array", + "title": "Patches", + "description": ">A list of zero or more patches describing how the component deviates from an ancestor, descendant, or variant. Patches may be complimentary to commits or may be used in place of commits.", + "items": {"$ref": "#/definitions/patch"} + }, + "notes": { + "type": "string", + "title": "Notes", + "description": "Notes, observations, and other non-structured commentary describing the components pedigree." + } + } + }, + "externalReferences": { + "type": "array", + "items": {"$ref": "#/definitions/externalReference"}, + "title": "External References" + }, + "components": { + "$id": "#/definitions/component/properties/components", + "type": "array", + "items": {"$ref": "#/definitions/component"}, + "uniqueItems": true, + "title": "Components" + }, + "evidence": { + "$ref": "#/definitions/componentEvidence", + "title": "Evidence", + "description": "Provides the ability to document evidence collected through various forms of extraction or analysis." + }, + "properties": { + "type": "array", + "title": "Properties", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values.", + "items": {"$ref": "#/definitions/property"} + } + } + }, + "swid": { + "type": "object", + "title": "SWID Tag", + "description": "Specifies metadata and content for ISO-IEC 19770-2 Software Identification (SWID) Tags.", + "required": [ + "tagId", + "name" + ], + "properties": { + "tagId": { + "type": "string", + "title": "Tag ID", + "description": "Maps to the tagId of a SoftwareIdentity." + }, + "name": { + "type": "string", + "title": "Name", + "description": "Maps to the name of a SoftwareIdentity." + }, + "version": { + "type": "string", + "title": "Version", + "default": "0.0", + "description": "Maps to the version of a SoftwareIdentity." + }, + "tagVersion": { + "type": "integer", + "title": "Tag Version", + "default": 0, + "description": "Maps to the tagVersion of a SoftwareIdentity." + }, + "patch": { + "type": "boolean", + "title": "Patch", + "default": false, + "description": "Maps to the patch of a SoftwareIdentity." + }, + "text": { + "title": "Attachment text", + "description": "Specifies the metadata and content of the SWID tag.", + "$ref": "#/definitions/attachment" + }, + "url": { + "type": "string", + "title": "URL", + "description": "The URL to the SWID file.", + "format": "iri-reference" + } + } + }, + "attachment": { + "type": "object", + "title": "Attachment", + "description": "Specifies the metadata and content for an attachment.", + "required": [ + "content" + ], + "properties": { + "contentType": { + "type": "string", + "title": "Content-Type", + "description": "Specifies the content type of the text. Defaults to text/plain if not specified.", + "default": "text/plain" + }, + "encoding": { + "type": "string", + "title": "Encoding", + "description": "Specifies the optional encoding the text is represented in.", + "enum": [ + "base64" + ] + }, + "content": { + "type": "string", + "title": "Attachment Text", + "description": "The attachment data" + } + } + }, + "hash": { + "type": "object", + "title": "Hash Objects", + "required": [ + "alg", + "content" + ], + "properties": { + "alg": { + "$ref": "#/definitions/hash-alg" + }, + "content": { + "$ref": "#/definitions/hash-content" + } + } + }, + "hash-alg": { + "type": "string", + "enum": [ + "MD5", + "SHA-1", + "SHA-256", + "SHA-384", + "SHA-512", + "SHA3-256", + "SHA3-384", + "SHA3-512", + "BLAKE2b-256", + "BLAKE2b-384", + "BLAKE2b-512", + "BLAKE3" + ], + "title": "Hash Algorithm" + }, + "hash-content": { + "type": "string", + "title": "Hash Content (value)", + "examples": ["3942447fac867ae5cdb3229b658f4d48"], + "pattern": "^([a-fA-F0-9]{32}|[a-fA-F0-9]{40}|[a-fA-F0-9]{64}|[a-fA-F0-9]{96}|[a-fA-F0-9]{128})$" + }, + "license": { + "type": "object", + "title": "License Object", + "oneOf": [ + { + "required": ["id"] + }, + { + "required": ["name"] + } + ], + "properties": { + "id": { + "$ref": "spdx.SNAPSHOT.schema.json", + "title": "License ID (SPDX)", + "description": "A valid SPDX license ID", + "examples": ["Apache-2.0"] + }, + "name": { + "type": "string", + "title": "License Name", + "description": "If SPDX does not define the license used, this field may be used to provide the license name", + "examples": ["Acme Software License"] + }, + "text": { + "title": "License text", + "description": "An optional way to include the textual content of a license.", + "$ref": "#/definitions/attachment" + }, + "url": { + "type": "string", + "title": "License URL", + "description": "The URL to the license file. If specified, a 'license' externalReference should also be specified for completeness", + "examples": ["https://www.apache.org/licenses/LICENSE-2.0.txt"], + "format": "iri-reference" + } + } + }, + "licenseChoice": { + "type": "object", + "title": "License(s)", + "properties": { + "license": { + "$ref": "#/definitions/license" + }, + "expression": { + "type": "string", + "title": "SPDX License Expression", + "examples": [ + "Apache-2.0 AND (MIT OR GPL-2.0-only)", + "GPL-3.0-only WITH Classpath-exception-2.0" + ] + } + }, + "oneOf":[ + { + "required": ["license"] + }, + { + "required": ["expression"] + } + ] + }, + "commit": { + "type": "object", + "title": "Commit", + "description": "Specifies an individual commit", + "properties": { + "uid": { + "type": "string", + "title": "UID", + "description": "A unique identifier of the commit. This may be version control specific. For example, Subversion uses revision numbers whereas git uses commit hashes." + }, + "url": { + "type": "string", + "title": "URL", + "description": "The URL to the commit. This URL will typically point to a commit in a version control system.", + "format": "iri-reference" + }, + "author": { + "title": "Author", + "description": "The author who created the changes in the commit", + "$ref": "#/definitions/identifiableAction" + }, + "committer": { + "title": "Committer", + "description": "The person who committed or pushed the commit", + "$ref": "#/definitions/identifiableAction" + }, + "message": { + "type": "string", + "title": "Message", + "description": "The text description of the contents of the commit" + } + } + }, + "patch": { + "type": "object", + "title": "Patch", + "description": "Specifies an individual patch", + "required": [ + "type" + ], + "properties": { + "type": { + "type": "string", + "enum": [ + "unofficial", + "monkey", + "backport", + "cherry-pick" + ], + "title": "Type", + "description": "Specifies the purpose for the patch including the resolution of defects, security issues, or new behavior or functionality" + }, + "diff": { + "title": "Diff", + "description": "The patch file (or diff) that show changes. Refer to https://en.wikipedia.org/wiki/Diff", + "$ref": "#/definitions/diff" + }, + "resolves": { + "type": "array", + "items": {"$ref": "#/definitions/issue"}, + "title": "Resolves", + "description": "A collection of issues the patch resolves" + } + } + }, + "diff": { + "type": "object", + "title": "Diff", + "description": "The patch file (or diff) that show changes. Refer to https://en.wikipedia.org/wiki/Diff", + "properties": { + "text": { + "title": "Diff text", + "description": "Specifies the optional text of the diff", + "$ref": "#/definitions/attachment" + }, + "url": { + "type": "string", + "title": "URL", + "description": "Specifies the URL to the diff", + "format": "iri-reference" + } + } + }, + "issue": { + "type": "object", + "title": "Diff", + "description": "The patch file (or diff) that show changes. Refer to https://en.wikipedia.org/wiki/Diff", + "required": [ + "type" + ], + "properties": { + "type": { + "type": "string", + "enum": [ + "defect", + "enhancement", + "security" + ], + "title": "Type", + "description": "Specifies the type of issue" + }, + "id": { + "type": "string", + "title": "ID", + "description": "The identifier of the issue assigned by the source of the issue" + }, + "name": { + "type": "string", + "title": "Name", + "description": "The name of the issue" + }, + "description": { + "type": "string", + "title": "Description", + "description": "A description of the issue" + }, + "source": { + "type": "object", + "title": "Source", + "description": "The source of the issue where it is documented", + "properties": { + "name": { + "type": "string", + "title": "Name", + "description": "The name of the source. For example 'National Vulnerability Database', 'NVD', and 'Apache'" + }, + "url": { + "type": "string", + "title": "URL", + "description": "The url of the issue documentation as provided by the source", + "format": "iri-reference" + } + } + }, + "references": { + "type": "array", + "items": { + "type": "string", + "format": "iri-reference" + }, + "title": "References", + "description": "A collection of URL's for reference. Multiple URLs are allowed.", + "examples": ["https://example.com"] + } + } + }, + "identifiableAction": { + "type": "object", + "title": "Identifiable Action", + "description": "Specifies an individual commit", + "properties": { + "timestamp": { + "type": "string", + "format": "date-time", + "title": "Timestamp", + "description": "The timestamp in which the action occurred" + }, + "name": { + "type": "string", + "title": "Name", + "description": "The name of the individual who performed the action" + }, + "email": { + "type": "string", + "format": "idn-email", + "title": "E-mail", + "description": "The email address of the individual who performed the action" + } + } + }, + "externalReference": { + "type": "object", + "title": "External Reference", + "description": "Specifies an individual external reference", + "required": [ + "url", + "type" + ], + "properties": { + "url": { + "type": "string", + "title": "URL", + "description": "The URL to the external reference", + "format": "iri-reference" + }, + "comment": { + "type": "string", + "title": "Comment", + "description": "An optional comment describing the external reference" + }, + "type": { + "type": "string", + "title": "Type", + "description": "Specifies the type of external reference. There are built-in types to describe common references. If a type does not exist for the reference being referred to, use the \"other\" type.", + "enum": [ + "vcs", + "issue-tracker", + "website", + "advisories", + "bom", + "mailing-list", + "social", + "chat", + "documentation", + "support", + "distribution", + "license", + "build-meta", + "build-system", + "other" + ] + }, + "hashes": { + "$id": "#/definitions/externalReference/properties/hashes", + "type": "array", + "items": {"$ref": "#/definitions/hash"}, + "title": "Hashes", + "description": "The hashes of the external reference (if applicable)." + } + } + }, + "dependency": { + "type": "object", + "title": "Dependency", + "description": "Defines the direct dependencies of a component. Components that do not have their own dependencies MUST be declared as empty elements within the graph. Components that are not represented in the dependency graph MAY have unknown dependencies. It is RECOMMENDED that implementations assume this to be opaque and not an indicator of a component being dependency-free.", + "required": [ + "ref" + ], + "properties": { + "ref": { + "type": "string", + "title": "Reference", + "description": "References a component by the components bom-ref attribute" + }, + "dependsOn": { + "type": "array", + "uniqueItems": true, + "items": { + "type": "string" + }, + "title": "Depends On", + "description": "The bom-ref identifiers of the components that are dependencies of this dependency object." + } + } + }, + "service": { + "type": "object", + "title": "Service Object", + "required": [ + "name" + ], + "properties": { + "bom-ref": { + "type": "string", + "title": "BOM Reference", + "description": "An optional identifier which can be used to reference the service elsewhere in the BOM. Every bom-ref should be unique." + }, + "provider": { + "title": "Provider", + "description": "The organization that provides the service.", + "$ref": "#/definitions/organizationalEntity" + }, + "group": { + "type": "string", + "title": "Service Group", + "description": "The grouping name, namespace, or identifier. This will often be a shortened, single name of the company or project that produced the service or domain name. Whitespace and special characters should be avoided.", + "examples": ["com.acme"] + }, + "name": { + "type": "string", + "title": "Service Name", + "description": "The name of the service. This will often be a shortened, single name of the service.", + "examples": ["ticker-service"] + }, + "version": { + "type": "string", + "title": "Service Version", + "description": "The service version.", + "examples": ["1.0.0"] + }, + "description": { + "type": "string", + "title": "Service Description", + "description": "Specifies a description for the service" + }, + "endpoints": { + "type": "array", + "items": { + "type": "string", + "format": "iri-reference" + }, + "title": "Endpoints", + "description": "The endpoint URIs of the service. Multiple endpoints are allowed.", + "examples": ["https://example.com/api/v1/ticker"] + }, + "authenticated": { + "type": "boolean", + "title": "Authentication Required", + "description": "A boolean value indicating if the service requires authentication. A value of true indicates the service requires authentication prior to use. A value of false indicates the service does not require authentication." + }, + "x-trust-boundary": { + "type": "boolean", + "title": "Crosses Trust Boundary", + "description": "A boolean value indicating if use of the service crosses a trust zone or boundary. A value of true indicates that by using the service, a trust boundary is crossed. A value of false indicates that by using the service, a trust boundary is not crossed." + }, + "data": { + "type": "array", + "items": {"$ref": "#/definitions/dataClassification"}, + "title": "Data Classification", + "description": "Specifies the data classification." + }, + "licenses": { + "type": "array", + "items": {"$ref": "#/definitions/licenseChoice"}, + "title": "Component License(s)" + }, + "externalReferences": { + "type": "array", + "items": {"$ref": "#/definitions/externalReference"}, + "title": "External References" + }, + "services": { + "$id": "#/definitions/service/properties/services", + "type": "array", + "items": {"$ref": "#/definitions/service"}, + "uniqueItems": true, + "title": "Services" + }, + "properties": { + "type": "array", + "title": "Properties", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values.", + "items": {"$ref": "#/definitions/property"} + } + } + }, + "dataClassification": { + "type": "object", + "title": "Hash Objects", + "required": [ + "flow", + "classification" + ], + "properties": { + "flow": { + "$ref": "#/definitions/dataFlow" + }, + "classification": { + "type": "string" + } + } + }, + "dataFlow": { + "type": "string", + "enum": [ + "inbound", + "outbound", + "bi-directional", + "unknown" + ], + "title": "Data flow direction" + }, + + "copyright": { + "type": "object", + "title": "Copyright", + "required": [ + "text" + ], + "properties": { + "text": { + "type": "string", + "title": "Copyright Text" + } + } + }, + + "componentEvidence": { + "type": "object", + "title": "Evidence", + "description": "Provides the ability to document evidence collected through various forms of extraction or analysis.", + "properties": { + "licenses": { + "type": "array", + "items": {"$ref": "#/definitions/licenseChoice"}, + "title": "Component License(s)" + }, + "copyright": { + "type": "array", + "items": {"$ref": "#/definitions/copyright"}, + "title": "Copyright" + } + } + }, + "compositions": { + "type": "object", + "title": "Compositions", + "required": [ + "aggregate" + ], + "properties": { + "aggregate": { + "$ref": "#/definitions/aggregateType", + "title": "Aggregate", + "description": "Specifies an aggregate type that describe how complete a relationship is." + }, + "assemblies": { + "type": "array", + "uniqueItems": true, + "items": { + "type": "string" + }, + "title": "BOM references", + "description": "The bom-ref identifiers of the components or services being described. Assemblies refer to nested relationships whereby a constituent part may include other constituent parts. References do not cascade to child parts. References are explicit for the specified constituent part only." + }, + "dependencies": { + "type": "array", + "uniqueItems": true, + "items": { + "type": "string" + }, + "title": "BOM references", + "description": "The bom-ref identifiers of the components or services being described. Dependencies refer to a relationship whereby an independent constituent part requires another independent constituent part. References do not cascade to transitive dependencies. References are explicit for the specified dependency only." + } + } + }, + "aggregateType": { + "type": "string", + "default": "not_specified", + "enum": [ + "complete", + "incomplete", + "incomplete_first_party_only", + "incomplete_third_party_only", + "unknown", + "not_specified" + ] + }, + "property": { + "type": "object", + "title": "Lightweight name-value pair", + "properties": { + "name": { + "type": "string", + "title": "Name", + "description": "The name of the property. Duplicate names are allowed, each potentially having a different value." + }, + "value": { + "type": "string", + "title": "Value", + "description": "The value of the property." + } + } + } + } +} diff --git a/res/bom-1.3.SNAPSHOT.xsd b/res/bom-1.3.SNAPSHOT.xsd new file mode 100644 index 000000000..4b46a8444 --- /dev/null +++ b/res/bom-1.3.SNAPSHOT.xsd @@ -0,0 +1,1631 @@ + + + + + + + + + CycloneDX Software Bill-of-Material Specification + https://cyclonedx.org/ + Apache License, Version 2.0 + + + + + + + + The date and time (timestamp) when the document was created. + + + + + The tool(s) used in the creation of the BOM. + + + + + + + + + + The person(s) who created the BOM. Authors are common in BOMs created through + manual processes. BOMs created through automated means may not have authors. + + + + + + + + + + The component that the BOM describes. + + + + + The organization that manufactured the component that the BOM describes. + + + + + The organization that supplied the component that the BOM describes. The + supplier may often be the manufacturer, but may also be a distributor or repackager. + + + + + + Provides the ability to document properties in a key/value store. + This provides flexibility to include data not officially supported in the standard + without having to use additional namespaces or create extensions. + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + The name of the organization + + + + + The URL of the organization. Multiple URLs are allowed. + + + + + A contact person at the organization. Multiple contacts are allowed. + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + Specifies a tool (manual or automated). + + + + + The vendor of the tool used to create the BOM. + + + + + The name of the tool used to create the BOM. + + + + + The version of the tool used to create the BOM. + + + + + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + The name of the contact + + + + + The email address of the contact. + + + + + The phone number of the contact. + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + The organization that supplied the component. The supplier may often + be the manufacturer, but may also be a distributor or repackager. + + + + + The person(s) or organization(s) that authored the component + + + + + The person(s) or organization(s) that published the component + + + + + The grouping name or identifier. This will often be a shortened, single + name of the company or project that produced the component, or the source package or + domain name. Whitespace and special characters should be avoided. Examples include: + apache, org.apache.commons, and apache.org. + + + + + The name of the component. This will often be a shortened, single name + of the component. Examples: commons-lang3 and jquery + + + + + The component version. The version should ideally comply with semantic versioning + but is not enforced. + + + + + Specifies a description for the component + + + + + Specifies the scope of the component. If scope is not specified, 'runtime' + scope should be assumed by the consumer of the BOM + + + + + + + + + + + + + An optional copyright notice informing users of the underlying claims to + copyright ownership in a published work. + + + + + + DEPRECATED - DO NOT USE. This will be removed in a future version. + Specifies a well-formed CPE name. See https://nvd.nist.gov/products/cpe + + + + + + + Specifies the package-url (PURL). The purl, if specified, must be valid and conform + to the specification defined at: https://github.com/package-url/purl-spec + + + + + + + Specifies metadata and content for ISO-IEC 19770-2 Software Identification (SWID) Tags. + + + + + + + DEPRECATED - DO NOT USE. This will be removed in a future version. Use the pedigree + element instead to supply information on exactly how the component was modified. + A boolean value indicating is the component has been modified from the original. + A value of true indicates the component is a derivative of the original. + A value of false indicates the component has not been modified from the original. + + + + + + + Component pedigree is a way to document complex supply chain scenarios where components are + created, distributed, modified, redistributed, combined with other components, etc. + + + + + + Provides the ability to document external references related to the + component or to the project the component describes. + + + + + Provides the ability to document properties in a key/value store. + This provides flexibility to include data not officially supported in the standard + without having to use additional namespaces or create extensions. + + + + + + Specifies optional sub-components. This is not a dependency tree. It provides a way + to specify a hierarchical representation of component assemblies, similar to + system -> subsystem -> parts assembly in physical supply chains. + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + + Provides the ability to document evidence collected through various forms of extraction or analysis. + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + Specifies the type of component. For software components, classify as application if no more + specific appropriate classification is available or cannot be determined for the component. + + + + + + + The optional mime-type of the component. When used on file components, the mime-type + can provide additional context about the kind of file being represented such as an image, + font, or executable. Some library or framework components may also have an associated mime-type. + + + + + + + An optional identifier which can be used to reference the component elsewhere in the BOM. + Uniqueness is enforced within all elements and children of the root-level bom element. + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + + A valid SPDX license ID + + + + + If SPDX does not define the license used, this field may be used to provide the license name + + + + + + Specifies the optional full text of the attachment + + + + + The URL to the attachment file. If the attachment is a license or BOM, + an externalReference should also be specified for completeness. + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + + + + Specifies attributes of the text + + + + Specifies the content type of the text. Defaults to text/plain + if not specified. + + + + + + Specifies the optional encoding the text is represented in + + + + + + + + + + Specifies the file hash of the component + + + + + + Specifies the algorithm used to create the hash + + + + + + + + + + + The component is required for runtime + + + + + The component is optional at runtime. Optional components are components that + are not capable of being called due to them not be installed or otherwise accessible by any means. + Components that are installed but due to configuration or other restrictions are prohibited from + being called must be scoped as 'required'. + + + + + Components that are excluded provide the ability to document component usage + for test and other non-runtime purposes. Excluded components are not reachable within a call + graph at runtime. + + + + + + + + + + A software application. Refer to https://en.wikipedia.org/wiki/Application_software + for information about applications. + + + + + A software framework. Refer to https://en.wikipedia.org/wiki/Software_framework + for information on how frameworks vary slightly from libraries. + + + + + A software library. Refer to https://en.wikipedia.org/wiki/Library_(computing) + for information about libraries. All third-party and open source reusable components will likely + be a library. If the library also has key features of a framework, then it should be classified + as a framework. If not, or is unknown, then specifying library is recommended. + + + + + A packaging and/or runtime format, not specific to any particular technology, + which isolates software inside the container from software outside of a container through + virtualization technology. Refer to https://en.wikipedia.org/wiki/OS-level_virtualization + + + + + A software operating system without regard to deployment model + (i.e. installed on physical hardware, virtual machine, image, etc) Refer to + https://en.wikipedia.org/wiki/Operating_system + + + + + A hardware device such as a processor, or chip-set. A hardware device + containing firmware should include a component for the physical hardware itself, and another + component of type 'firmware' or 'operating-system' (whichever is relevant), describing + information about the software running on the device. + + + + + A special type of software that provides low-level control over a devices + hardware. Refer to https://en.wikipedia.org/wiki/Firmware + + + + + A computer file. Refer to https://en.wikipedia.org/wiki/Computer_file + for information about files. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Define the format for acceptable CPE URIs. Supports CPE 2.2 and CPE 2.3 formats. + Refer to https://nvd.nist.gov/products/cpe for official specification. + + + + + + + + + + + + Specifies the full content of the SWID tag. + + + + + The URL to the SWID file. + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + Maps to the tagId of a SoftwareIdentity. + + + + + Maps to the name of a SoftwareIdentity. + + + + + Maps to the version of a SoftwareIdentity. + + + + + Maps to the tagVersion of a SoftwareIdentity. + + + + + Maps to the patch of a SoftwareIdentity. + + + + + + + + Defines a string representation of a UUID conforming to RFC 4122. + + + + + + + + + + + + Version Control System + + + + + Issue or defect tracking system, or an Application Lifecycle Management (ALM) system + + + + + Website + + + + + Security advisories + + + + + Bill-of-material document (CycloneDX, SPDX, SWID, etc) + + + + + Mailing list or discussion group + + + + + Social media account + + + + + Real-time chat platform + + + + + Documentation, guides, or how-to instructions + + + + + Community or commercial support + + + + + Direct or repository download location + + + + + The URL to the license file. If a license URL has been defined in the license + node, it should also be defined as an external reference for completeness + + + + + Build-system specific meta file (i.e. pom.xml, package.json, .nuspec, etc) + + + + + URL to an automated build system + + + + + Use this if no other types accurately describe the purpose of the external reference + + + + + + + + + External references provide a way to document systems, sites, and information that may be relevant + but which are not included with the BOM. + + + + + + Zero or more external references can be defined + + + + + + + + + + The URL to the external reference + + + + + An optional comment describing the external reference + + + + + + + + + + + + + Specifies the type of external reference. There are built-in types to describe common + references. If a type does not exist for the reference being referred to, use the "other" type. + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + Zero or more commits can be specified. + + + + + Specifies an individual commit. + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + + + + A unique identifier of the commit. This may be version control + specific. For example, Subversion uses revision numbers whereas git uses commit hashes. + + + + + + The URL to the commit. This URL will typically point to a commit + in a version control system. + + + + + + The author who created the changes in the commit + + + + + The person who committed or pushed the commit + + + + + The text description of the contents of the commit + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + + Zero or more patches can be specified. + + + + + Specifies an individual patch. + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + + + + The patch file (or diff) that show changes. + Refer to https://en.wikipedia.org/wiki/Diff + + + + + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + Specifies the purpose for the patch including the resolution of defects, + security issues, or new behavior or functionality + + + + + + + + + A patch which is not developed by the creators or maintainers of the software + being patched. Refer to https://en.wikipedia.org/wiki/Unofficial_patch + + + + + A patch which dynamically modifies runtime behavior. + Refer to https://en.wikipedia.org/wiki/Monkey_patch + + + + + A patch which takes code from a newer version of software and applies + it to older versions of the same software. Refer to https://en.wikipedia.org/wiki/Backporting + + + + + A patch created by selectively applying commits from other versions or + branches of the same software. + + + + + + + + + + A fault, flaw, or bug in software + + + + + A new feature or behavior in software + + + + + A special type of defect which impacts security + + + + + + + + + + Specifies the optional text of the diff + + + + + Specifies the URL to the diff + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + + + + The identifier of the issue assigned by the source of the issue + + + + + The name of the issue + + + + + A description of the issue + + + + + + + The source of the issue where it is documented. + + + + + + + The name of the source. For example "National Vulnerability Database", + "NVD", and "Apache" + + + + + + + The url of the issue documentation as provided by the source + + + + + + + + + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + Specifies the type of issue + + + + + + + + + The timestamp in which the action occurred + + + + + The name of the individual who performed the action + + + + + The email address of the individual who performed the action + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + + + Component pedigree is a way to document complex supply chain scenarios where components are created, + distributed, modified, redistributed, combined with other components, etc. Pedigree supports viewing + this complex chain from the beginning, the end, or anywhere in the middle. It also provides a way to + document variants where the exact relation may not be known. + + + + + + Describes zero or more components in which a component is derived + from. This is commonly used to describe forks from existing projects where the forked version + contains a ancestor node containing the original component it was forked from. For example, + Component A is the original component. Component B is the component being used and documented + in the BOM. However, Component B contains a pedigree node with a single ancestor documenting + Component A - the original component from which Component B is derived from. + + + + + + Descendants are the exact opposite of ancestors. This provides a + way to document all forks (and their forks) of an original or root component. + + + + + + Variants describe relations where the relationship between the + components are not known. For example, if Component A contains nearly identical code to + Component B. They are both related, but it is unclear if one is derived from the other, + or if they share a common ancestor. + + + + + + A list of zero or more commits which provide a trail describing + how the component deviates from an ancestor, descendant, or variant. + + + + + A list of zero or more patches describing how the component + deviates from an ancestor, descendant, or variant. Patches may be complimentary to commits + or may be used in place of commits. + + + + + Notes, observations, and other non-structured commentary + describing the components pedigree. + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + + + + + + References a component or service by the its bom-ref attribute + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + Components that do not have their own dependencies MUST be declared as empty + elements within the graph. Components that are not represented in the dependency graph MAY + have unknown dependencies. It is RECOMMENDED that implementations assume this to be opaque + and not an indicator of a component being dependency-free. + + + + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + The organization that provides the service. + + + + + The grouping name, namespace, or identifier. This will often be a shortened, + single name of the company or project that produced the service or domain name. + Whitespace and special characters should be avoided. + + + + + The name of the service. This will often be a shortened, single name + of the service. + + + + + The service version. + + + + + Specifies a description for the service. + + + + + + + + A service endpoint URI. + + + + + + + + A boolean value indicating if the service requires authentication. + A value of true indicates the service requires authentication prior to use. + A value of false indicates the service does not require authentication. + + + + + A boolean value indicating if use of the service crosses a trust zone or boundary. + A value of true indicates that by using the service, a trust boundary is crossed. + A value of false indicates that by using the service, a trust boundary is not crossed. + + + + + + + + Specifies the data classification. + + + + + + + + + Provides the ability to document external references related to the service. + + + + + Provides the ability to document properties in a key/value store. + This provides flexibility to include data not officially supported in the standard + without having to use additional namespaces or create extensions. + + + + + + Specifies optional sub-service. This is not a dependency tree. It provides a way + to specify a hierarchical representation of service assemblies, similar to + system -> subsystem -> parts assembly in physical supply chains. + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + An optional identifier which can be used to reference the service elsewhere in the BOM. + Uniqueness is enforced within all elements and children of the root-level bom element. + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + Specifies the data classification. + + + + + + Specifies the flow direction of the data. + + + + + + + + + Specifies the flow direction of the data. Valid values are: + inbound, outbound, bi-directional, and unknown. Direction is relative to the service. + Inbound flow states that data enters the service. Outbound flow states that data + leaves the service. Bi-directional states that data flows both ways, and unknown + states that the direction is not known. + + + + + + + + + + + + + + + A valid SPDX license expression. + Refer to https://spdx.org/specifications for syntax requirements + + + + + + + + + + + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + Specifies an aggregate type that describe how complete a relationship is. + + + + + + The bom-ref identifiers of the components or services being described. Assemblies refer to + nested relationships whereby a constituent part may include other constituent parts. References + do not cascade to child parts. References are explicit for the specified constituent part only. + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + + + The bom-ref identifiers of the components or services being described. Dependencies refer to a + relationship whereby an independent constituent part requires another independent constituent + part. References do not cascade to transitive dependencies. References are explicit for the + specified dependency only. + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + + + + + + + + The relationship is complete. No further relationships including constituent components, services, or dependencies exist. + + + + + The relationship is incomplete. Additional relationships exist and may include constituent components, services, or dependencies. + + + + + The relationship is incomplete. Only relationships for first-party components, services, or their dependencies are represented. + + + + + The relationship is incomplete. Only relationships for third-party components, services, or their dependencies are represented. + + + + + The relationship may be complete or incomplete. This usually signifies a 'best-effort' to obtain constituent components, services, or dependencies but the completeness is inconclusive. + + + + + The relationship completeness is not specified. + + + + + + + + + References a component or service by the its bom-ref attribute + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + Specifies an individual property with a name and value. + + + + + + The name of the property. Duplicate names are allowed, each potentially having a different value. + + + + + + + + + + + + Provides additional information about a BOM. + + + + + Provides the ability to document a list of components. + + + + + Provides the ability to document a list of external services. + + + + + Provides the ability to document external references related to the BOM or + to the project the BOM describes. + + + + + Provides the ability to document dependency relationships. + + + + + Compositions describe constituent parts (including components, services, and dependency relationships) and their completeness. + + + + + Provides the ability to document properties in a name-value store. + This provides flexibility to include data not officially supported in the standard + without having to use additional namespaces or create extensions. Unlike key-value + stores, properties support duplicate names, each potentially having different values. + + + + + + Allows any undeclared elements as long as the elements are placed in a different namespace. + + + + + + + The version allows component publishers/authors to make changes to existing + BOMs to update various aspects of the document such as description or licenses. When a system + is presented with multiple BOMs for the same component, the system should use the most recent + version of the BOM. The default version is '1' and should be incremented for each version of the + BOM that is published. Each version of a component should have a unique BOM and if no changes are + made to the BOMs, then each BOM will have a version of '1'. + + + + + Every BOM generated should have a unique serial number, even if the contents + of the BOM being generated have not changed over time. The process or tool responsible for + creating the BOM should create random UUID's for every BOM generated. + + + + + User-defined attributes may be used on this element as long as they + do not have the same name as an existing attribute used by the schema. + + + + + + + + + diff --git a/res/spdx.SNAPSHOT.schema.json b/res/spdx.SNAPSHOT.schema.json index af6d696d5..61017db67 100644 --- a/res/spdx.SNAPSHOT.schema.json +++ b/res/spdx.SNAPSHOT.schema.json @@ -1,507 +1,533 @@ { "$schema": "http://json-schema.org/draft-07/schema#", "$id": "http://cyclonedx.org/schema/spdx.schema.json", - "$comment": "v1.0-3.12", + "$comment": "v1.0-3.16", "type": "string", "enum": [ - "AFL-2.0", - "AAL", - "Adobe-2006", - "AFL-3.0", - "ADSL", - "0BSD", - "Afmparse", - "AFL-1.2", - "AGPL-1.0-or-later", - "AFL-2.1", + "Interbase-1.0", + "Mup", + "GPL-2.0-with-autoconf-exception", + "OLDAP-2.1", + "CC-BY-NC-SA-3.0-IGO", + "LGPL-2.0+", + "xpp", + "OFL-1.1", + "CNRI-Python", + "Linux-man-pages-copyleft", + "OLDAP-2.2", + "OSL-1.1", + "EPL-2.0", "AFL-1.1", - "AGPL-1.0", - "Adobe-Glyph", - "AMDPLPA", - "Aladdin", - "ANTLR-PD", - "AML", - "Apache-1.0", - "ANTLR-PD-fallback", - "Abstyles", - "AGPL-1.0-only", - "APAFML", - "APSL-1.0", - "APSL-1.1", - "APSL-2.0", - "AGPL-3.0-only", - "Apache-1.1", - "Apache-2.0", - "APL-1.0", - "Bahyph", - "Artistic-1.0", - "AMPAS", - "Barr", - "AGPL-3.0-or-later", - "BlueOak-1.0.0", - "Beerware", - "Artistic-1.0-cl8", - "blessing", - "Borceux", - "BSD-2-Clause-NetBSD", + "AGPL-1.0-or-later", + "GLWTPL", + "MIT-Modern-Variant", "BSD-1-Clause", + "SGI-B-1.0", + "OML", + "psfrag", + "Artistic-1.0", + "CC-PDDC", + "eGenix", + "EUPL-1.1", + "Sendmail", + "PSF-2.0", + "OGL-UK-1.0", + "MTLL", + "NAIST-2003", + "ANTLR-PD-fallback", + "PostgreSQL", + "OSL-1.0", + "NGPL", + "CC-BY-NC-ND-4.0", + "CPOL-1.02", + "FSFULLR", + "GFDL-1.2-no-invariants-only", + "Net-SNMP", + "ADSL", + "Sendmail-8.23", + "CNRI-Jython", + "RPL-1.5", "BSD-2-Clause-Patent", - "BitTorrent-1.0", - "BSD-2-Clause-FreeBSD", - "BSD-3-Clause-Attribution", - "BSD-2-Clause", + "OFL-1.1-no-RFN", "APSL-1.2", - "BSD-3-Clause-LBNL", - "Artistic-2.0", - "BSD-3-Clause-No-Nuclear-License-2014", - "BSD-3-Clause-Modification", - "BSD-4-Clause-Shortened", - "BSD-3-Clause", - "BSD-3-Clause-Open-MPI", - "BitTorrent-1.1", - "BSD-3-Clause-No-Nuclear-Warranty", - "BSD-Source-Code", - "BSD-Protection", - "AGPL-3.0", - "BUSL-1.1", - "Artistic-1.0-Perl", - "BSL-1.0", - "BSD-2-Clause-Views", - "CAL-1.0-Combined-Work-Exception", - "CATOSL-1.1", - "bzip2-1.0.5", - "bzip2-1.0.6", - "CC-BY-2.5", - "CC-BY-3.0-AT", - "C-UDA-1.0", - "CC-BY-3.0-US", - "CC-BY-1.0", - "CC-BY-NC-1.0", + "OLDAP-2.4", + "MPL-2.0-no-copyleft-exception", + "ISC", + "CC-BY-SA-2.5", + "Sleepycat", + "CUA-OPL-1.0", + "Frameworx-1.0", + "CPAL-1.0", + "NLOD-2.0", "CC-BY-NC-2.0", + "GFDL-1.1-no-invariants-or-later", + "CC-BY-2.5", + "Newsletr", + "Parity-7.0.0", + "Leptonica", + "MIT-CMU", + "APAFML", "CC-BY-NC-2.5", - "CC-BY-2.0", - "CC-BY-NC-4.0", - "CC-BY-NC-ND-1.0", - "CC-BY-NC-ND-2.0", - "CC-BY-NC-3.0", + "CAL-1.0-Combined-Work-Exception", + "BSD-4-Clause-Shortened", + "NPL-1.1", + "Qhull", + "CECILL-C", + "GPL-1.0-only", + "CC-BY-NC-ND-3.0-DE", + "CC-BY-NC-SA-3.0", + "CC-BY-NC-SA-1.0", + "MIT-open-group", + "Multics", + "SWL", + "GPL-1.0+", + "GPL-3.0-or-later", + "DOC", + "PHP-3.0", + "SISSL-1.2", + "CDL-1.0", + "LPL-1.0", + "RHeCos-1.1", + "LAL-1.3", + "CC-BY-SA-3.0-DE", + "CDLA-Permissive-1.0", + "gnuplot", + "App-s2p", + "iMatix", + "MS-PL", + "eCos-2.0", + "BSD-3-Clause", "CC-BY-NC-ND-3.0-IGO", + "ICU", + "AGPL-3.0-or-later", + "CC-BY-SA-2.1-JP", + "CC-BY-NC-SA-4.0", + "Unlicense", + "CC-BY-NC-3.0-DE", + "OLDAP-1.4", + "CERN-OHL-W-2.0", + "SugarCRM-1.1.3", + "IPA", + "AFL-2.0", + "Unicode-DFS-2016", "CC-BY-NC-ND-3.0", - "BSD-3-Clause-No-Nuclear-License", - "CC-BY-NC-ND-4.0", + "CERN-OHL-P-2.0", + "CC-BY-NC-3.0", + "COIL-1.0", + "CAL-1.0", + "LiLiQ-P-1.1", + "OFL-1.1-RFN", + "LPL-1.02", + "OLDAP-1.3", + "OGDL-Taiwan-1.0", "CC-BY-NC-SA-2.0", - "CC-BY-NC-SA-2.5", - "CC-BY-NC-SA-3.0", - "CC-BY-NC-SA-4.0", - "CC-BY-ND-1.0", + "Python-2.0", + "NTP-0", + "FSFAP", + "ErlPL-1.1", + "Barr", + "CC-BY-3.0-US", + "BSD-3-Clause-No-Nuclear-License-2014", + "NLPL", "BSD-3-Clause-Clear", - "CC-BY-ND-2.5", - "CC-BY-ND-3.0", - "CC-BY-ND-4.0", - "CC-BY-SA-1.0", - "CC-BY-SA-2.0-UK", - "CC-BY-SA-2.0", - "CC-BY-SA-2.1-JP", - "CC-BY-ND-2.0", - "CC-BY-SA-3.0-AT", - "CC-BY-SA-3.0", - "CC-BY-SA-4.0", - "CC-BY-SA-2.5", - "CC-BY-3.0", + "SGI-B-1.1", + "PDDL-1.0", "CDDL-1.0", - "CC0-1.0", - "CC-BY-NC-ND-2.5", - "CC-BY-NC-SA-1.0", - "Caldera", - "CDLA-Permissive-1.0", - "CC-BY-4.0", - "CC-PDDC", - "BSD-4-Clause-UC", - "BSD-4-Clause", - "CAL-1.0", - "CDDL-1.1", - "CERN-OHL-1.2", - "CERN-OHL-1.1", - "CERN-OHL-P-2.0", - "CERN-OHL-S-2.0", - "CECILL-1.1", - "CECILL-2.0", + "LGPL-2.1-or-later", + "BlueOak-1.0.0", + "CC-BY-NC-SA-2.0-FR", + "FDK-AAC", + "StandardML-NJ", + "AGPL-1.0-only", "CECILL-1.0", - "CNRI-Python", - "CNRI-Python-GPL-Compatible", - "copyleft-next-0.3.0", - "CPAL-1.0", - "copyleft-next-0.3.1", - "CPL-1.0", + "AAL", + "GPL-2.0-with-font-exception", + "Info-ZIP", + "SSH-OpenSSH", + "SSH-short", + "GPL-2.0-or-later", "ClArtistic", - "CECILL-C", - "CNRI-Jython", - "Condor-1.1", - "CPOL-1.02", - "curl", - "diffmark", - "Crossword", - "Dotseqn", - "DOC", - "DSDP", - "DRL-1.0", - "ECL-1.0", - "ECL-2.0", - "eCos-2.0", - "CrystalStacker", - "CERN-OHL-W-2.0", - "D-FSL-1.0", - "eGenix", - "EPICS", - "Entessa", - "EPL-1.0", - "EFL-2.0", - "CUA-OPL-1.0", - "etalab-2.0", - "EUPL-1.0", - "ErlPL-1.1", - "EUDatagrid", - "EUPL-1.1", - "Cube", - "dvipdfm", - "FreeBSD-DOC", - "Eurosym", - "FSFAP", - "FreeImage", - "FSFULLR", - "FSFUL", - "GD", + "SNIA", "GFDL-1.1-invariants-only", - "EUPL-1.2", - "EPL-2.0", - "GFDL-1.1-no-invariants-or-later", - "GFDL-1.1-only", - "GFDL-1.1-or-later", + "BSD-3-Clause-No-Military-License", "GFDL-1.1", - "FTL", - "GFDL-1.2-invariants-or-later", - "GFDL-1.1-invariants-or-later", - "GFDL-1.2-invariants-only", - "GFDL-1.2-only", - "GFDL-1.2-or-later", - "GFDL-1.2", - "GFDL-1.2-no-invariants-only", - "GFDL-1.3-invariants-only", + "MPL-1.1", + "OLDAP-1.1", + "JSON", "GFDL-1.3-no-invariants-only", - "GFDL-1.3-invariants-or-later", - "GFDL-1.2-no-invariants-or-later", - "Fair", - "Frameworx-1.0", - "Giftware", - "GFDL-1.1-no-invariants-only", - "GL2PS", - "Glulxe", - "Glide", - "gnuplot", - "GLWTPL", - "GPL-1.0-only", + "OCLC-2.0", + "OLDAP-2.0.1", + "FreeBSD-DOC", "GPL-1.0-or-later", - "GPL-1.0", - "GFDL-1.3-only", - "GPL-2.0-only", - "GPL-2.0-or-later", - "GPL-2.0-with-autoconf-exception", - "GPL-2.0+", - "GFDL-1.3", - "GPL-1.0+", - "CDLA-Sharing-1.0", - "GPL-2.0-with-classpath-exception", + "YPL-1.1", + "CPL-1.0", + "Apache-1.0", + "OFL-1.0", + "CC-BY-4.0", + "DSDP", + "IBM-pibs", + "MIT-0", + "DRL-1.0", + "Zlib", + "APL-1.0", + "Watcom-1.0", "GPL-2.0-with-GCC-exception", - "GPL-2.0-with-bison-exception", - "GPL-2.0-with-font-exception", - "GPL-2.0", - "CECILL-2.1", - "GPL-3.0", - "GPL-3.0+", - "GPL-3.0-with-autoconf-exception", - "GPL-3.0-only", - "Hippocratic-2.1", - "HPND", - "HTMLTIDY", - "GPL-3.0-with-GCC-exception", + "EUPL-1.2", + "FSFUL", + "NASA-1.3", + "BSD-2-Clause", + "XFree86-1.1", + "Eurosym", + "OLDAP-2.8", + "dvipdfm", + "NIST-PD", + "Apache-1.1", + "Parity-6.0.0", + "CC-BY-2.0", + "LGPL-3.0+", + "BSD-2-Clause-Views", + "GPL-2.0-with-classpath-exception", + "BSD-3-Clause-No-Nuclear-Warranty", + "X11", + "CDLA-Permissive-2.0", "HaskellReport", - "GPL-3.0-or-later", - "ICU", - "ImageMagick", - "iMatix", - "IBM-pibs", - "Intel-ACPI", - "Intel", - "Info-ZIP", - "IPA", + "Artistic-1.0-cl8", + "APSL-2.0", + "GPL-3.0+", + "SHL-0.5", + "CNRI-Python-GPL-Compatible", + "Condor-1.1", + "OLDAP-2.3", + "GPL-2.0-only", + "BUSL-1.1", + "LiLiQ-R-1.1", + "AMPAS", + "copyleft-next-0.3.1", + "GFDL-1.3-invariants-or-later", + "OLDAP-2.7", + "OSL-2.0", + "Unicode-DFS-2015", + "CATOSL-1.1", + "RSCPL", + "libpng-2.0", + "LPPL-1.1", + "CDLA-Sharing-1.0", + "Glulxe", + "GFDL-1.3-no-invariants-or-later", + "OLDAP-1.2", + "CDDL-1.1", + "CERN-OHL-1.1", + "BSD-Source-Code", "IJG", - "ISC", - "JasPer-2.0", + "Zimbra-1.4", + "0BSD", + "CC-BY-1.0", + "wxWindows", + "ZPL-2.1", + "NTP", + "Artistic-1.0-Perl", + "CC-BY-ND-2.0", + "CC-BY-ND-4.0", + "Adobe-2006", + "EPL-1.0", + "diffmark", + "xinetd", + "Plexus", "JPNIC", - "JSON", - "LAL-1.2", - "LAL-1.3", - "Latex2e", - "Leptonica", - "HPND-sell-variant", - "LGPL-2.0-only", - "LGPL-2.0-or-later", - "Imlib2", - "IPL-1.0", + "Adobe-Glyph", + "Cube", + "TCP-wrappers", + "CC-BY-SA-1.0", + "BSD-2-Clause-FreeBSD", + "OGL-Canada-2.0", + "ANTLR-PD", + "LGPL-2.1+", + "OSL-2.1", + "psutils", + "SCEA", + "MirOS", + "Hippocratic-2.1", + "GFDL-1.2-invariants-only", "LGPL-2.1-only", - "LGPL-2.1-or-later", - "LGPL-2.0+", + "Entessa", + "MS-RL", + "libselinux-1.0", "LGPL-2.0", - "CECILL-B", - "LGPL-3.0-or-later", - "LGPL-3.0-only", - "LGPLLR", - "libpng-2.0", + "OLDAP-2.5", + "Imlib2", "Libpng", - "libselinux-1.0", - "LGPL-3.0+", - "EFL-1.0", - "libtiff", - "GFDL-1.3-no-invariants-or-later", - "LiLiQ-Rplus-1.1", - "LiLiQ-R-1.1", - "LPL-1.0", - "LiLiQ-P-1.1", - "Linux-OpenIB", - "LPPL-1.0", - "LPPL-1.2", - "LPPL-1.3a", - "LPL-1.02", - "LPPL-1.3c", + "SchemeReport", + "MPL-1.0", + "SAX-PD", + "NLOD-1.0", + "SimPL-2.0", + "TU-Berlin-1.0", + "GFDL-1.1-no-invariants-only", + "CC-BY-ND-3.0-DE", "MakeIndex", - "LGPL-2.1+", - "LPPL-1.1", - "MIT-CMU", - "MirOS", - "MIT-advertising", - "MIT-Modern-Variant", - "MIT", + "EPICS", + "GFDL-1.3-invariants-only", + "XSkat", + "bzip2-1.0.5", + "Community-Spec-1.0", + "GL2PS", + "HPND", + "bzip2-1.0.6", + "CC-BY-NC-1.0", + "Fair", + "CECILL-B", + "Glide", + "CC-BY-SA-4.0", + "CC0-1.0", "MIT-enna", - "MIT-open-group", - "MIT-feh", - "MITNFA", - "MPL-1.0", - "mpich2", - "MPL-2.0", - "MPL-2.0-no-copyleft-exception", - "MS-RL", - "MTLL", - "MPL-1.1", - "MulanPSL-2.0", - "Motosoto", - "Mup", - "MulanPSL-1.0", - "NAIST-2003", - "Naumen", - "Multics", - "NBPL-1.0", - "NCSA", - "Net-SNMP", - "NetCDF", - "NASA-1.3", - "NGPL", + "Wsuipa", + "RSA-MD", + "VOSTROM", + "O-UDA-1.0", + "CERN-OHL-S-2.0", + "X11-distribute-modifications-variant", + "copyleft-next-0.3.0", + "Zimbra-1.3", "NIST-PD-fallback", - "NIST-PD", - "Newsletr", - "NLPL", "Nokia", - "NOSL", - "Noweb", - "NLOD-1.0", - "NPL-1.0", - "NCGL-UK-2.0", - "NRL", - "NTP-0", - "NTP", - "GFDL-1.3-or-later", - "Nunit", - "O-UDA-1.0", - "NPL-1.1", - "OCCT-PL", - "ODC-By-1.0", - "OFL-1.0-no-RFN", - "OCLC-2.0", + "AFL-2.1", + "ZPL-2.0", + "ODbL-1.0", + "zlib-acknowledgement", + "PHP-3.01", + "Afmparse", + "HPND-sell-variant", + "PolyForm-Small-Business-1.0.0", + "IPL-1.0", + "CECILL-1.1", + "MIT-feh", "OFL-1.0-RFN", - "OFL-1.0", - "OFL-1.1-no-RFN", - "OFL-1.1-RFN", - "OFL-1.1", - "OGDL-Taiwan-1.0", - "OGC-1.0", - "OGL-UK-1.0", - "OGL-UK-2.0", - "OGL-UK-3.0", - "OGTSL", - "OLDAP-1.1", - "OLDAP-1.2", - "OLDAP-1.3", - "OGL-Canada-2.0", - "OLDAP-2.0.1", + "TMate", + "BSD-3-Clause-No-Nuclear-License", + "W3C-19980720", + "SPL-1.0", + "NetCDF", + "Aladdin", + "AMDPLPA", + "CrystalStacker", + "Intel-ACPI", + "CERN-OHL-1.2", + "CC-BY-NC-SA-3.0-DE", + "MIT", + "Zed", "OLDAP-2.0", - "OLDAP-2.1", - "OLDAP-2.2.1", - "OLDAP-2.2.2", - "OLDAP-2.2", - "ODbL-1.0", - "OLDAP-2.4", - "OLDAP-1.4", - "OLDAP-2.3", - "OLDAP-2.7", - "OLDAP-2.8", - "OML", - "OpenSSL", - "OLDAP-2.6", + "MulanPSL-1.0", + "EFL-2.0", + "Latex2e", + "Spencer-94", "OPL-1.0", - "OSL-1.0", - "OSL-1.1", - "OSL-2.0", - "OSET-PL-2.1", - "OSL-2.1", - "Parity-6.0.0", - "Parity-7.0.0", - "PDDL-1.0", - "PHP-3.0", - "OSL-3.0", - "Plexus", - "MS-PL", - "PolyForm-Small-Business-1.0.0", - "PolyForm-Noncommercial-1.0.0", - "PSF-2.0", - "psfrag", - "PostgreSQL", - "psutils", - "Qhull", - "QPL-1.0", - "Rdisc", - "Python-2.0", - "RPL-1.1", - "RPL-1.5", - "RHeCos-1.1", - "RSA-MD", - "RSCPL", - "Ruby", - "SAX-PD", - "Saxpath", - "SCEA", - "Sendmail-8.23", - "Sendmail", - "SGI-B-1.0", - "SGI-B-1.1", + "CC-BY-NC-4.0", + "LGPL-3.0-or-later", + "UPL-1.0", + "NCSA", "SGI-B-2.0", - "SHL-0.5", - "SHL-0.51", - "SimPL-2.0", - "SISSL-1.2", + "GPL-3.0-with-GCC-exception", + "Zend-2.0", + "ImageMagick", + "OLDAP-2.6", + "Unicode-TOU", + "GPL-3.0-only", + "Artistic-2.0", + "blessing", + "etalab-2.0", + "GFDL-1.2-only", + "LPPL-1.0", + "Rdisc", + "BSD-3-Clause-Modification", + "Xerox", + "MPL-2.0", + "BitTorrent-1.1", + "CC-BY-NC-ND-2.0", "SISSL", - "Sleepycat", - "SMLNJ", - "SMPPL", - "SNIA", - "Spencer-86", - "Spencer-94", - "Spencer-99", - "SPL-1.0", - "SSH-OpenSSH", - "PHP-3.01", - "SSH-short", - "MIT-0", - "RPSL-1.0", - "SWL", - "SugarCRM-1.1.3", - "TCL", - "TCP-wrappers", - "SSPL-1.0", - "TMate", - "TOSL", - "TORQUE-1.1", + "libtiff", + "CC-BY-NC-SA-2.0-UK", + "D-FSL-1.0", + "LPPL-1.2", "TAPR-OHL-1.0", + "EUPL-1.0", + "SHL-0.51", + "FTL", + "W3C-20150513", + "OSET-PL-2.1", + "EUDatagrid", "UCL-1.0", - "Unicode-DFS-2015", - "Unicode-DFS-2016", - "Unicode-TOU", - "TU-Berlin-1.0", - "UPL-1.0", - "Unlicense", - "VOSTROM", - "Vim", + "Borceux", + "Elastic-2.0", + "BSD-2-Clause-NetBSD", + "BSD-3-Clause-Open-MPI", + "OSL-3.0", + "curl", + "Spencer-86", + "BSL-1.0", + "SMLNJ", + "TOSL", + "NOSL", + "AFL-1.2", + "MulanPSL-2.0", + "Motosoto", + "CC-BY-NC-SA-2.5", + "JasPer-2.0", + "BSD-4-Clause-UC", + "Bahyph", "VSL-1.0", - "W3C-20150513", "W3C", - "W3C-19980720", - "Wsuipa", - "Watcom-1.0", - "WTFPL", - "X11", - "Xerox", - "XFree86-1.1", - "xinetd", + "ODC-By-1.0", + "BitTorrent-1.0", + "OGL-UK-2.0", + "LGPL-3.0-only", "Xnet", - "xpp", - "XSkat", + "Ruby", + "GFDL-1.3", + "ZPL-1.1", + "OCCT-PL", + "LPPL-1.3c", + "Apache-2.0", + "GD", + "CC-BY-3.0-NL", + "LPPL-1.3a", + "CC-BY-2.5-AU", + "GFDL-1.1-only", + "GFDL-1.1-or-later", + "OGL-UK-3.0", "YPL-1.0", - "YPL-1.1", - "Zed", - "Zend-2.0", + "RPL-1.1", + "LGPL-2.0-or-later", + "OPUBL-1.0", + "Noweb", + "AFL-3.0", + "Nunit", + "CC-BY-3.0", + "Beerware", + "Caldera", + "GPL-1.0", + "GPL-2.0+", + "NCGL-UK-2.0", + "CC-BY-ND-2.5", + "GPL-2.0", + "Intel", + "Vim", + "CC-BY-SA-2.0", + "MITNFA", + "APSL-1.1", + "GFDL-1.2-or-later", + "BSD-3-Clause-Attribution", + "OFL-1.0-no-RFN", + "Naumen", + "CC-BY-NC-ND-2.5", + "C-UDA-1.0", + "LGPLLR", + "mpich2", + "APSL-1.0", + "Linux-OpenIB", + "MIT-advertising", + "GFDL-1.2", + "OGTSL", + "Dotseqn", + "DL-DE-BY-2.0", + "Saxpath", + "AGPL-3.0", + "Abstyles", + "CC-BY-SA-3.0", + "Giftware", + "FreeImage", + "CECILL-2.1", + "RPSL-1.0", + "GFDL-1.3-or-later", + "GFDL-1.1-invariants-or-later", + "ECL-2.0", + "LiLiQ-Rplus-1.1", + "GPL-3.0-with-autoconf-exception", + "Jam", + "GFDL-1.2-no-invariants-or-later", + "CECILL-2.0", + "PolyForm-Noncommercial-1.0.0", + "OGC-1.0", + "CC-BY-ND-3.0", + "QPL-1.0", + "LAL-1.2", + "CC-BY-3.0-DE", + "OpenSSL", + "Spencer-99", + "CC-BY-SA-3.0-AT", + "BSD-Protection", + "OLDAP-2.2.2", + "NRL", + "TORQUE-1.1", + "HTMLTIDY", + "SSPL-1.0", + "NPL-1.0", + "LGPL-2.0-only", + "AGPL-3.0-only", + "GFDL-1.2-invariants-or-later", + "GPL-2.0-with-bison-exception", + "CC-BY-NC-ND-1.0", + "ECL-1.0", + "WTFPL", + "CC-BY-SA-2.0-UK", + "GPL-3.0", + "OLDAP-2.2.1", + "SMPPL", + "CC-BY-3.0-AT", + "EFL-1.0", + "NBPL-1.0", + "BSD-3-Clause-LBNL", + "AGPL-1.0", + "Crossword", + "TCL", + "CC-BY-ND-1.0", + "AML", "TU-Berlin-2.0", - "Zimbra-1.4", - "zlib-acknowledgement", - "Zlib", - "ZPL-1.1", - "ZPL-2.0", - "ZPL-2.1", - "wxWindows", - "Zimbra-1.3", + "GFDL-1.3-only", + "NPOSL-3.0", + "BSD-4-Clause", "gSOAP-1.3b", - "Interbase-1.0", "LGPL-2.1", "LGPL-3.0", - "NPOSL-3.0", - "OLDAP-2.5", - "StandardML-NJ", - "389-exception", - "Autoconf-exception-2.0", - "Autoconf-exception-3.0", - "Bison-exception-2.2", - "Bootloader-exception", - "Classpath-exception-2.0", + "freertos-exception-2.0", + "Swift-exception", + "Qt-LGPL-exception-1.1", + "gnu-javamail-exception", "CLISP-exception-2.0", - "DigiRule-FOSS-exception", "eCos-exception-2.0", - "Fawkes-Runtime-exception", - "FLTK-exception", + "GPL-CC-1.0", + "DigiRule-FOSS-exception", "Font-exception-2.0", - "freertos-exception-2.0", - "GCC-exception-2.0", - "GCC-exception-3.1", - "gnu-javamail-exception", - "GPL-3.0-linking-exception", + "Qt-GPL-exception-1.0", + "PS-or-PDF-font-exception-20170817", "GPL-3.0-linking-source-exception", - "GPL-CC-1.0", - "i2p-gpl-java-exception", - "LGPL-3.0-linking-exception", - "Libtool-exception", "Linux-syscall-note", - "LLVM-exception", + "GCC-exception-2.0", "LZMA-exception", - "mif-exception", - "Nokia-Qt-exception-1.1", + "Autoconf-exception-3.0", + "u-boot-exception-2.0", + "LLVM-exception", "OCaml-LGPL-linking-exception", + "Autoconf-exception-2.0", + "Bootloader-exception", + "LGPL-3.0-linking-exception", + "openvpn-openssl-exception", + "FLTK-exception", + "Bison-exception-2.2", "OCCT-exception-1.0", + "GCC-exception-3.1", "OpenJDK-assembly-exception-1.0", - "openvpn-openssl-exception", - "PS-or-PDF-font-exception-20170817", - "Qt-GPL-exception-1.0", - "Qt-LGPL-exception-1.1", + "WxWindows-exception-3.1", + "Fawkes-Runtime-exception", + "Nokia-Qt-exception-1.1", "Qwt-exception-1.0", + "Universal-FOSS-exception-1.0", + "Classpath-exception-2.0", "SHL-2.0", + "GPL-3.0-linking-exception", "SHL-2.1", - "Swift-exception", - "u-boot-exception-2.0", - "Universal-FOSS-exception-1.0", - "WxWindows-exception-3.1" + "Libtool-exception", + "mif-exception", + "389-exception", + "i2p-gpl-java-exception" ] } diff --git a/res/spdx.SNAPSHOT.xsd b/res/spdx.SNAPSHOT.xsd index b45e2de06..e707e52d4 100644 --- a/res/spdx.SNAPSHOT.xsd +++ b/res/spdx.SNAPSHOT.xsd @@ -2,239 +2,234 @@ + version="1.0-3.16"> - - - Academic Free License v2.0 - - - + - Attribution Assurance License + Interbase Public License v1.0 - + - Adobe Systems Incorporated Source Code License Agreement + Mup License - + - Academic Free License v3.0 + GNU General Public License v2.0 w/Autoconf exception - + - Amazon Digital Services License + Open LDAP Public License v2.1 - + - BSD Zero Clause License + Creative Commons Attribution Non Commercial Share Alike 3.0 IGO - + - Afmparse License + GNU Library General Public License v2 or later - + - Academic Free License v1.2 + XPP License - + - Affero General Public License v1.0 or later + SIL Open Font License 1.1 - + - Academic Free License v2.1 + CNRI Python License - + - Academic Free License v1.1 + Linux man-pages Copyleft - + - Affero General Public License v1.0 + Open LDAP Public License v2.2 - + - Adobe Glyph List License + Open Software License 1.1 - + - AMD's plpa_map.c License + Eclipse Public License 2.0 - + - Aladdin Free Public License + Academic Free License v1.1 - + - ANTLR Software Rights Notice + Affero General Public License v1.0 or later - + - Apple MIT License + Good Luck With That Public License - + - Apache License 1.0 + MIT License Modern Variant - + - ANTLR Software Rights Notice with license fallback + BSD 1-Clause License - + - Abstyles License + SGI Free Software License B v1.0 - + - Affero General Public License v1.0 only + Open Market License - + - Adobe Postscript AFM License + psfrag License - + - Apple Public Source License 1.0 + Artistic License 1.0 - + - Apple Public Source License 1.1 + Creative Commons Public Domain Dedication and Certification - + - Apple Public Source License 2.0 + eGenix.com Public License 1.1.0 - + - GNU Affero General Public License v3.0 only + European Union Public License 1.1 - + - Apache License 1.1 + Sendmail License - + - Apache License 2.0 + Python Software Foundation License 2.0 - + - Adaptive Public License 1.0 + Open Government Licence v1.0 - + - Bahyph License + Matrix Template Library License - + - Artistic License 1.0 + Nara Institute of Science and Technology License (2003) - + - Academy of Motion Picture Arts and Sciences BSD + ANTLR Software Rights Notice with license fallback - + - Barr License + PostgreSQL License - + - GNU Affero General Public License v3.0 or later + Open Software License 1.0 - + - Blue Oak Model License 1.0.0 + Nethack General Public License - + - Beerware License + Creative Commons Attribution Non Commercial No Derivatives 4.0 International - + - Artistic License 1.0 w/clause 8 + Code Project Open License 1.02 - + - SQLite Blessing + FSF Unlimited License (with License Retention) - + - Borceux license + GNU Free Documentation License v1.2 only - no invariants - + - BSD 2-Clause NetBSD License + Net-SNMP License - + - BSD 1-Clause License + Amazon Digital Services License - + - BSD-2-Clause Plus Patent License + Sendmail License 8.23 - + - BitTorrent Open Source License v1.0 + CNRI Jython License - + - BSD 2-Clause FreeBSD License + Reciprocal Public License 1.5 - + - BSD with attribution + BSD-2-Clause Plus Patent License - + - BSD 2-Clause "Simplified" License + SIL Open Font License 1.1 with no Reserved Font Name @@ -242,249 +237,254 @@ Apple Public Source License 1.2 - + - Lawrence Berkeley National Labs BSD variant license + Open LDAP Public License v2.4 - + - Artistic License 2.0 + Mozilla Public License 2.0 (no copyleft exception) - + - BSD 3-Clause No Nuclear License 2014 + ISC License - + - BSD 3-Clause Modification + Creative Commons Attribution Share Alike 2.5 Generic - + - BSD 4 Clause Shortened + Sleepycat License - + - BSD 3-Clause "New" or "Revised" License + CUA Office Public License v1.0 - + - BSD 3-Clause Open MPI variant + Frameworx Open License 1.0 - + - BitTorrent Open Source License v1.1 + Common Public Attribution License 1.0 - + - BSD 3-Clause No Nuclear Warranty + Norwegian Licence for Open Government Data (NLOD) 2.0 - + - BSD Source Code Attribution + Creative Commons Attribution Non Commercial 2.0 Generic - + - BSD Protection License + GNU Free Documentation License v1.1 or later - no invariants - + - GNU Affero General Public License v3.0 + Creative Commons Attribution 2.5 Generic - + - Business Source License 1.1 + Newsletr License - + - Artistic License 1.0 (Perl) + The Parity Public License 7.0.0 - + - Boost Software License 1.0 + Leptonica License - + - BSD 2-Clause with views sentence + CMU License - + - Cryptographic Autonomy License 1.0 (Combined Work Exception) + Adobe Postscript AFM License - + - Computer Associates Trusted Open Source License 1.1 + Creative Commons Attribution Non Commercial 2.5 Generic - + - bzip2 and libbzip2 License v1.0.5 + Cryptographic Autonomy License 1.0 (Combined Work Exception) - + - bzip2 and libbzip2 License v1.0.6 + BSD 4 Clause Shortened - + - Creative Commons Attribution 2.5 Generic + Netscape Public License v1.1 - + - Creative Commons Attribution 3.0 Austria + Qhull License - + - Computational Use of Data Agreement v1.0 + CeCILL-C Free Software License Agreement - + - Creative Commons Attribution 3.0 United States + GNU General Public License v1.0 only - + - Creative Commons Attribution 1.0 Generic + Creative Commons Attribution Non Commercial No Derivatives 3.0 Germany - + - Creative Commons Attribution Non Commercial 1.0 Generic + Creative Commons Attribution Non Commercial Share Alike 3.0 Unported - + - Creative Commons Attribution Non Commercial 2.0 Generic + Creative Commons Attribution Non Commercial Share Alike 1.0 Generic - + - Creative Commons Attribution Non Commercial 2.5 Generic + MIT Open Group variant - + - Creative Commons Attribution 2.0 Generic + Multics License - + - Creative Commons Attribution Non Commercial 4.0 International + Scheme Widget Library (SWL) Software License Agreement - + - Creative Commons Attribution Non Commercial No Derivatives 1.0 Generic + GNU General Public License v1.0 or later - + - Creative Commons Attribution Non Commercial No Derivatives 2.0 Generic + GNU General Public License v3.0 or later - + - Creative Commons Attribution Non Commercial 3.0 Unported + DOC License - + - Creative Commons Attribution Non Commercial No Derivatives 3.0 IGO + PHP License v3.0 - + - Creative Commons Attribution Non Commercial No Derivatives 3.0 Unported + Sun Industry Standards Source License v1.2 - + - BSD 3-Clause No Nuclear License + Common Documentation License 1.0 - + - Creative Commons Attribution Non Commercial No Derivatives 4.0 International + Lucent Public License Version 1.0 - + - Creative Commons Attribution Non Commercial Share Alike 2.0 Generic + Red Hat eCos Public License v1.1 - + - Creative Commons Attribution Non Commercial Share Alike 2.5 Generic + Licence Art Libre 1.3 - + - Creative Commons Attribution Non Commercial Share Alike 3.0 Unported + Creative Commons Attribution Share Alike 3.0 Germany - + - Creative Commons Attribution Non Commercial Share Alike 4.0 International + Community Data License Agreement Permissive 1.0 - + - Creative Commons Attribution No Derivatives 1.0 Generic + gnuplot License - + - BSD 3-Clause Clear License + App::s2p License - + - Creative Commons Attribution No Derivatives 2.5 Generic + iMatix Standard Function Library Agreement - + - Creative Commons Attribution No Derivatives 3.0 Unported + Microsoft Public License - + - Creative Commons Attribution No Derivatives 4.0 International + eCos license version 2.0 - + - Creative Commons Attribution Share Alike 1.0 Generic + BSD 3-Clause "New" or "Revised" License - + - Creative Commons Attribution Share Alike 2.0 England and Wales + Creative Commons Attribution Non Commercial No Derivatives 3.0 IGO - + - Creative Commons Attribution Share Alike 2.0 Generic + ICU License + + + + + GNU Affero General Public License v3.0 or later @@ -492,354 +492,359 @@ Creative Commons Attribution Share Alike 2.1 Japan - + - Creative Commons Attribution No Derivatives 2.0 Generic + Creative Commons Attribution Non Commercial Share Alike 4.0 International - + - Creative Commons Attribution-Share Alike 3.0 Austria + The Unlicense - + - Creative Commons Attribution Share Alike 3.0 Unported + Creative Commons Attribution Non Commercial 3.0 Germany - + - Creative Commons Attribution Share Alike 4.0 International + Open LDAP Public License v1.4 - + - Creative Commons Attribution Share Alike 2.5 Generic + CERN Open Hardware Licence Version 2 - Weakly Reciprocal - + - Creative Commons Attribution 3.0 Unported + SugarCRM Public License v1.1.3 - + - Common Development and Distribution License 1.0 + IPA Font License - + - Creative Commons Zero v1.0 Universal + Academic Free License v2.0 - + - Creative Commons Attribution Non Commercial No Derivatives 2.5 Generic + Unicode License Agreement - Data Files and Software (2016) - + - Creative Commons Attribution Non Commercial Share Alike 1.0 Generic + Creative Commons Attribution Non Commercial No Derivatives 3.0 Unported - + - Caldera License + CERN Open Hardware Licence Version 2 - Permissive - + - Community Data License Agreement Permissive 1.0 + Creative Commons Attribution Non Commercial 3.0 Unported - + - Creative Commons Attribution 4.0 International + Copyfree Open Innovation License - + - Creative Commons Public Domain Dedication and Certification + Cryptographic Autonomy License 1.0 - + - BSD-4-Clause (University of California-Specific) + Licence Libre du Québec – Permissive version 1.1 - + - BSD 4-Clause "Original" or "Old" License + SIL Open Font License 1.1 with Reserved Font Name - + - Cryptographic Autonomy License 1.0 + Lucent Public License v1.02 - + - Common Development and Distribution License 1.1 + Open LDAP Public License v1.3 - + - CERN Open Hardware Licence v1.2 + Taiwan Open Government Data License, version 1.0 - + - CERN Open Hardware Licence v1.1 + Creative Commons Attribution Non Commercial Share Alike 2.0 Generic - + - CERN Open Hardware Licence Version 2 - Permissive + Python License 2.0 - + - CERN Open Hardware Licence Version 2 - Strongly Reciprocal + NTP No Attribution - + - CeCILL Free Software License Agreement v1.1 + FSF All Permissive License - + - CeCILL Free Software License Agreement v2.0 + Erlang Public License v1.1 - + - CeCILL Free Software License Agreement v1.0 + Barr License - + - CNRI Python License + Creative Commons Attribution 3.0 United States - + - CNRI Python Open Source GPL Compatible License Agreement + BSD 3-Clause No Nuclear License 2014 - + - copyleft-next 0.3.0 + No Limit Public License - + - Common Public Attribution License 1.0 + BSD 3-Clause Clear License - + - copyleft-next 0.3.1 + SGI Free Software License B v1.1 - + - Common Public License 1.0 + Open Data Commons Public Domain Dedication & License 1.0 - + - Clarified Artistic License + Common Development and Distribution License 1.0 - + - CeCILL-C Free Software License Agreement + GNU Lesser General Public License v2.1 or later - + - CNRI Jython License + Blue Oak Model License 1.0.0 - + - Condor Public License v1.1 + Creative Commons Attribution-NonCommercial-ShareAlike 2.0 France - + - Code Project Open License 1.02 + Fraunhofer FDK AAC Codec Library - + - curl License + Standard ML of New Jersey License - + - diffmark license + Affero General Public License v1.0 only - + - Crossword License + CeCILL Free Software License Agreement v1.0 - + - Dotseqn License + Attribution Assurance License - + - DOC License + GNU General Public License v2.0 w/Font exception - + - DSDP License + Info-ZIP License - + - Detection Rule License 1.0 + SSH OpenSSH license - + - Educational Community License v1.0 + SSH short notice - + - Educational Community License v2.0 + GNU General Public License v2.0 or later - + - eCos license version 2.0 + Clarified Artistic License - + - CrystalStacker License + SNIA Public License 1.1 - + - CERN Open Hardware Licence Version 2 - Weakly Reciprocal + GNU Free Documentation License v1.1 only - invariants - + - Deutsche Freie Software Lizenz + BSD 3-Clause No Military License - + - eGenix.com Public License 1.1.0 + GNU Free Documentation License v1.1 - + - EPICS Open License + Mozilla Public License 1.1 - + - Entessa Public License v1.0 + Open LDAP Public License v1.1 - + - Eclipse Public License 1.0 + JSON License - + - Eiffel Forum License v2.0 + GNU Free Documentation License v1.3 only - no invariants - + - CUA Office Public License v1.0 + OCLC Research Public License 2.0 - + - Etalab Open License 2.0 + Open LDAP Public License v2.0.1 - + - European Union Public License 1.0 + FreeBSD Documentation License - + - Erlang Public License v1.1 + GNU General Public License v1.0 or later - + - EU DataGrid Software License + Yahoo! Public License v1.1 - + - European Union Public License 1.1 + Common Public License 1.0 - + - Cube License + Apache License 1.0 - + - dvipdfm License + SIL Open Font License 1.0 - + - FreeBSD Documentation License + Creative Commons Attribution 4.0 International - + - Eurosym License + DSDP License - + - FSF All Permissive License + IBM PowerPC Initialization and Boot Software - + - FreeImage Public License v1.0 + MIT No Attribution - + - FSF Unlimited License (with License Retention) + Detection Rule License 1.0 - + - FSF Unlimited License + zlib License - + - GD License + Adaptive Public License 1.0 - + - GNU Free Documentation License v1.1 only - invariants + Sybase Open Watcom Public License 1.0 + + + + + GNU General Public License v2.0 w/GCC Runtime Library exception @@ -847,79 +852,154 @@ European Union Public License 1.2 - + - Eclipse Public License 2.0 + FSF Unlimited License - + - GNU Free Documentation License v1.1 or later - no invariants + NASA Open Source Agreement 1.3 - + - GNU Free Documentation License v1.1 only + BSD 2-Clause "Simplified" License - + - GNU Free Documentation License v1.1 or later + XFree86 License 1.1 - + - GNU Free Documentation License v1.1 + Eurosym License - + - Freetype Project License + Open LDAP Public License v2.8 - + - GNU Free Documentation License v1.2 or later - invariants + dvipdfm License - + - GNU Free Documentation License v1.1 or later - invariants + NIST Public Domain Notice - + - GNU Free Documentation License v1.2 only - invariants + Apache License 1.1 - + - GNU Free Documentation License v1.2 only + The Parity Public License 6.0.0 - + - GNU Free Documentation License v1.2 or later + Creative Commons Attribution 2.0 Generic - + - GNU Free Documentation License v1.2 + GNU Lesser General Public License v3.0 or later - + - GNU Free Documentation License v1.2 only - no invariants + BSD 2-Clause with views sentence - + - GNU Free Documentation License v1.3 only - invariants + GNU General Public License v2.0 w/Classpath exception - + - GNU Free Documentation License v1.3 only - no invariants + BSD 3-Clause No Nuclear Warranty + + + + + X11 License + + + + + Community Data License Agreement Permissive 2.0 + + + + + Haskell Language Report License + + + + + Artistic License 1.0 w/clause 8 + + + + + Apple Public Source License 2.0 + + + + + GNU General Public License v3.0 or later + + + + + Solderpad Hardware License v0.5 + + + + + CNRI Python Open Source GPL Compatible License Agreement + + + + + Condor Public License v1.1 + + + + + Open LDAP Public License v2.3 + + + + + GNU General Public License v2.0 only + + + + + Business Source License 1.1 + + + + + Licence Libre du Québec – Réciprocité version 1.1 + + + + + Academy of Motion Picture Arts and Sciences BSD + + + + + copyleft-next 0.3.1 @@ -927,34 +1007,44 @@ GNU Free Documentation License v1.3 or later - invariants - + - GNU Free Documentation License v1.2 or later - no invariants + Open LDAP Public License v2.7 - + - Fair License + Open Software License 2.0 - + - Frameworx Open License 1.0 + Unicode License Agreement - Data Files and Software (2015) - + - Giftware License + Computer Associates Trusted Open Source License 1.1 - + - GNU Free Documentation License v1.1 only - no invariants + Ricoh Source Code Public License - + - GL2PS License + PNG Reference Library version 2 + + + + + LaTeX Project Public License v1.1 + + + + + Community Data License Agreement Sharing 1.0 @@ -962,284 +1052,314 @@ Glulxe License - + - 3dfx Glide License + GNU Free Documentation License v1.3 or later - no invariants - + - gnuplot License + Open LDAP Public License v1.2 - + - Good Luck With That Public License + Common Development and Distribution License 1.1 - + - GNU General Public License v1.0 only + CERN Open Hardware Licence v1.1 - + - GNU General Public License v1.0 or later + BSD Source Code Attribution - + - GNU General Public License v1.0 only + Independent JPEG Group License - + - GNU Free Documentation License v1.3 only + Zimbra Public License v1.4 - + - GNU General Public License v2.0 only + BSD Zero Clause License - + - GNU General Public License v2.0 or later + Creative Commons Attribution 1.0 Generic - + - GNU General Public License v2.0 w/Autoconf exception + wxWindows Library License - + - GNU General Public License v2.0 or later + Zope Public License 2.1 - + - GNU Free Documentation License v1.3 + NTP License - + - GNU General Public License v1.0 or later + Artistic License 1.0 (Perl) - + - Community Data License Agreement Sharing 1.0 + Creative Commons Attribution No Derivatives 2.0 Generic - + - GNU General Public License v2.0 w/Classpath exception + Creative Commons Attribution No Derivatives 4.0 International - + - GNU General Public License v2.0 w/GCC Runtime Library exception + Adobe Systems Incorporated Source Code License Agreement - + - GNU General Public License v2.0 w/Bison exception + Eclipse Public License 1.0 - + - GNU General Public License v2.0 w/Font exception + diffmark license - + - GNU General Public License v2.0 only + xinetd License - + - CeCILL Free Software License Agreement v2.1 + Plexus Classworlds License - + - GNU General Public License v3.0 only + Japan Network Information Center License - + - GNU General Public License v3.0 or later + Adobe Glyph List License - + - GNU General Public License v3.0 w/Autoconf exception + Cube License - + - GNU General Public License v3.0 only + TCP Wrappers License - + - Hippocratic License 2.1 + Creative Commons Attribution Share Alike 1.0 Generic - + - Historical Permission Notice and Disclaimer + BSD 2-Clause FreeBSD License - + - HTML Tidy License + Open Government Licence - Canada - + - GNU General Public License v3.0 w/GCC Runtime Library exception + ANTLR Software Rights Notice - + - Haskell Language Report License + GNU Library General Public License v2.1 or later - + - GNU General Public License v3.0 or later + Open Software License 2.1 - + - ICU License + psutils License - + - ImageMagick License + SCEA Shared Source License - + - iMatix Standard Function Library Agreement + The MirOS Licence - + - IBM PowerPC Initialization and Boot Software + Hippocratic License 2.1 - + - Intel ACPI Software License Agreement + GNU Free Documentation License v1.2 only - invariants - + - Intel Open Source License + GNU Lesser General Public License v2.1 only - + - Info-ZIP License + Entessa Public License v1.0 - + - IPA Font License + Microsoft Reciprocal License - + - Independent JPEG Group License + libselinux public domain notice - + - ISC License + GNU Library General Public License v2 only - + - JasPer License + Open LDAP Public License v2.5 + + + + + Imlib2 License + + + + + libpng License + + + + + Scheme Language Report License + + + + + Mozilla Public License 1.0 + + + + + Sax Public Domain Notice + + + + + Norwegian Licence for Open Government Data (NLOD) 1.0 - + - Japan Network Information Center License + Simple Public License 2.0 - + - JSON License + Technische Universitaet Berlin License 1.0 - + - Licence Art Libre 1.2 + GNU Free Documentation License v1.1 only - no invariants - + - Licence Art Libre 1.3 + Creative Commons Attribution No Derivatives 3.0 Germany - + - Latex2e License + MakeIndex License - + - Leptonica License + EPICS Open License - + - Historical Permission Notice and Disclaimer - sell variant + GNU Free Documentation License v1.3 only - invariants - + - GNU Library General Public License v2 only + XSkat License - + - GNU Library General Public License v2 or later + bzip2 and libbzip2 License v1.0.5 - + - Imlib2 License + Community Specification License 1.0 - + - IBM Public License v1.0 + GL2PS License - + - GNU Lesser General Public License v2.1 only + Historical Permission Notice and Disclaimer - + - GNU Lesser General Public License v2.1 or later + bzip2 and libbzip2 License v1.0.6 - + - GNU Library General Public License v2 or later + Creative Commons Attribution Non Commercial 1.0 Generic - + - GNU Library General Public License v2 only + Fair License @@ -1247,1039 +1367,1039 @@ CeCILL-B Free Software License Agreement - + - GNU Lesser General Public License v3.0 or later + 3dfx Glide License - + - GNU Lesser General Public License v3.0 only + Creative Commons Attribution Share Alike 4.0 International - + - Lesser General Public License For Linguistic Resources + Creative Commons Zero v1.0 Universal - + - PNG Reference Library version 2 + enna License - + - libpng License + Wsuipa License - + - libselinux public domain notice + RSA Message-Digest License - + - GNU Lesser General Public License v3.0 or later + VOSTROM Public License for Open Source - + - Eiffel Forum License v1.0 + Open Use of Data Agreement v1.0 - + - libtiff License + CERN Open Hardware Licence Version 2 - Strongly Reciprocal - + - GNU Free Documentation License v1.3 or later - no invariants + X11 License Distribution Modification Variant - + - Licence Libre du Québec – Réciprocité forte version 1.1 + copyleft-next 0.3.0 - + - Licence Libre du Québec – Réciprocité version 1.1 + Zimbra Public License v1.3 - + - Lucent Public License Version 1.0 + NIST Public Domain Notice with license fallback - + - Licence Libre du Québec – Permissive version 1.1 + Nokia Open Source License - + - Linux Kernel Variant of OpenIB.org license + Academic Free License v2.1 - + - LaTeX Project Public License v1.0 + Zope Public License 2.0 - + - LaTeX Project Public License v1.2 + Open Data Commons Open Database License v1.0 - + - LaTeX Project Public License v1.3a + zlib/libpng License with Acknowledgement - + - Lucent Public License v1.02 + PHP License v3.01 - + - LaTeX Project Public License v1.3c + Afmparse License - + - MakeIndex License + Historical Permission Notice and Disclaimer - sell variant - + - GNU Library General Public License v2.1 or later + PolyForm Small Business License 1.0.0 - + - LaTeX Project Public License v1.1 + IBM Public License v1.0 - + - CMU License + CeCILL Free Software License Agreement v1.1 - + - The MirOS Licence + feh License - + - Enlightenment License (e16) + SIL Open Font License 1.0 with Reserved Font Name - + - MIT License Modern Variant + TMate Open Source License - + - MIT License + BSD 3-Clause No Nuclear License - + - enna License + W3C Software Notice and License (1998-07-20) - + - MIT Open Group variant + Sun Public License v1.0 - + - feh License + NetCDF license - + - MIT +no-false-attribs license + Aladdin Free Public License - + - Mozilla Public License 1.0 + AMD's plpa_map.c License - + - mpich2 License + CrystalStacker License - + - Mozilla Public License 2.0 + Intel ACPI Software License Agreement - + - Mozilla Public License 2.0 (no copyleft exception) + CERN Open Hardware Licence v1.2 - + - Microsoft Reciprocal License + Creative Commons Attribution Non Commercial Share Alike 3.0 Germany - + - Matrix Template Library License + MIT License - + - Mozilla Public License 1.1 + Zed License - + - Mulan Permissive Software License, Version 2 + Open LDAP Public License v2.0 (or possibly 2.0A and 2.0B) - + - Motosoto License + Mulan Permissive Software License, Version 1 - + - Mup License + Eiffel Forum License v2.0 - + - Mulan Permissive Software License, Version 1 + Latex2e License - + - Nara Institute of Science and Technology License (2003) + Spencer License 94 - + - Naumen Public License + Open Public License v1.0 - + - Multics License + Creative Commons Attribution Non Commercial 4.0 International - + - Net Boolean Public License v1 + GNU Lesser General Public License v3.0 or later - + - University of Illinois/NCSA Open Source License + Universal Permissive License v1.0 - + - Net-SNMP License + University of Illinois/NCSA Open Source License - + - NetCDF license + SGI Free Software License B v2.0 - + - NASA Open Source Agreement 1.3 + GNU General Public License v3.0 w/GCC Runtime Library exception - + - Nethack General Public License + Zend License v2.0 - + - NIST Public Domain Notice with license fallback + ImageMagick License - + - NIST Public Domain Notice + Open LDAP Public License v2.6 - + - Newsletr License + Unicode Terms of Use - + - No Limit Public License + GNU General Public License v3.0 only - + - Nokia Open Source License + Artistic License 2.0 - + - Netizen Open Source License + SQLite Blessing - + - Noweb License + Etalab Open License 2.0 - + - Norwegian Licence for Open Government Data + GNU Free Documentation License v1.2 only - + - Netscape Public License v1.0 + LaTeX Project Public License v1.0 - + - Non-Commercial Government Licence + Rdisc License - + - NRL License + BSD 3-Clause Modification - + - NTP No Attribution + Xerox License - + - NTP License + Mozilla Public License 2.0 - + - GNU Free Documentation License v1.3 or later + BitTorrent Open Source License v1.1 - + - Nunit License + Creative Commons Attribution Non Commercial No Derivatives 2.0 Generic - + - Open Use of Data Agreement v1.0 + Sun Industry Standards Source License v1.1 - + - Netscape Public License v1.1 + libtiff License - + - Open CASCADE Technology Public License + Creative Commons Attribution Non Commercial Share Alike 2.0 England and Wales - + - Open Data Commons Attribution License v1.0 + Deutsche Freie Software Lizenz - + - SIL Open Font License 1.0 with no Reserved Font Name + LaTeX Project Public License v1.2 - + - OCLC Research Public License 2.0 + TAPR Open Hardware License v1.0 - + - SIL Open Font License 1.0 with Reserved Font Name + European Union Public License 1.0 - + - SIL Open Font License 1.0 + Solderpad Hardware License, Version 0.51 - + - SIL Open Font License 1.1 with no Reserved Font Name + Freetype Project License - + - SIL Open Font License 1.1 with Reserved Font Name + W3C Software Notice and Document License (2015-05-13) - + - SIL Open Font License 1.1 + OSET Public License version 2.1 - + - Taiwan Open Government Data License, version 1.0 + EU DataGrid Software License - + - OGC Software License, Version 1.0 + Upstream Compatibility License v1.0 - + - Open Government Licence v1.0 + Borceux license - + - Open Government Licence v2.0 + Elastic License 2.0 - + - Open Government Licence v3.0 + BSD 2-Clause NetBSD License - + - Open Group Test Suite License + BSD 3-Clause Open MPI variant - + - Open LDAP Public License v1.1 + Open Software License 3.0 - + - Open LDAP Public License v1.2 + curl License - + - Open LDAP Public License v1.3 + Spencer License 86 - + - Open Government Licence - Canada + Boost Software License 1.0 - + - Open LDAP Public License v2.0.1 + Standard ML of New Jersey License - + - Open LDAP Public License v2.0 (or possibly 2.0A and 2.0B) + Trusster Open Source License - + - Open LDAP Public License v2.1 + Netizen Open Source License - + - Open LDAP Public License v2.2.1 + Academic Free License v1.2 - + - Open LDAP Public License 2.2.2 + Mulan Permissive Software License, Version 2 - + - Open LDAP Public License v2.2 + Motosoto License - + - Open Data Commons Open Database License v1.0 + Creative Commons Attribution Non Commercial Share Alike 2.5 Generic - + - Open LDAP Public License v2.4 + JasPer License - + - Open LDAP Public License v1.4 + BSD-4-Clause (University of California-Specific) - + - Open LDAP Public License v2.3 + Bahyph License - + - Open LDAP Public License v2.7 + Vovida Software License v1.0 - + - Open LDAP Public License v2.8 + W3C Software Notice and License (2002-12-31) - + - Open Market License + Open Data Commons Attribution License v1.0 - + - OpenSSL License + BitTorrent Open Source License v1.0 - + - Open LDAP Public License v2.6 + Open Government Licence v2.0 - + - Open Public License v1.0 + GNU Lesser General Public License v3.0 only - + - Open Software License 1.0 + X.Net License - + - Open Software License 1.1 + Ruby License - + - Open Software License 2.0 + GNU Free Documentation License v1.3 - + - OSET Public License version 2.1 + Zope Public License 1.1 - + - Open Software License 2.1 + Open CASCADE Technology Public License - + - The Parity Public License 6.0.0 + LaTeX Project Public License v1.3c - + - The Parity Public License 7.0.0 + Apache License 2.0 - + - Open Data Commons Public Domain Dedication & License 1.0 + GD License - + - PHP License v3.0 + Creative Commons Attribution 3.0 Netherlands - + - Open Software License 3.0 + LaTeX Project Public License v1.3a - + - Plexus Classworlds License + Creative Commons Attribution 2.5 Australia - + - Microsoft Public License + GNU Free Documentation License v1.1 only - + - PolyForm Small Business License 1.0.0 + GNU Free Documentation License v1.1 or later - + - PolyForm Noncommercial License 1.0.0 + Open Government Licence v3.0 - + - Python Software Foundation License 2.0 + Yahoo! Public License v1.0 - + - psfrag License + Reciprocal Public License 1.1 - + - PostgreSQL License + GNU Library General Public License v2 or later - + - psutils License + Open Publication License v1.0 - + - Qhull License + Noweb License - + - Q Public License 1.0 + Academic Free License v3.0 - + - Rdisc License + Nunit License - + - Python License 2.0 + Creative Commons Attribution 3.0 Unported - + - Reciprocal Public License 1.1 + Beerware License - + - Reciprocal Public License 1.5 + Caldera License - + - Red Hat eCos Public License v1.1 + GNU General Public License v1.0 only - + - RSA Message-Digest License + GNU General Public License v2.0 or later - + - Ricoh Source Code Public License + Non-Commercial Government Licence - + - Ruby License + Creative Commons Attribution No Derivatives 2.5 Generic - + - Sax Public Domain Notice + GNU General Public License v2.0 only - + - Saxpath License + Intel Open Source License - + - SCEA Shared Source License + Vim License - + - Sendmail License 8.23 + Creative Commons Attribution Share Alike 2.0 Generic - + - Sendmail License + MIT +no-false-attribs license - + - SGI Free Software License B v1.0 + Apple Public Source License 1.1 - + - SGI Free Software License B v1.1 + GNU Free Documentation License v1.2 or later - + - SGI Free Software License B v2.0 + BSD with attribution - + - Solderpad Hardware License v0.5 + SIL Open Font License 1.0 with no Reserved Font Name - + - Solderpad Hardware License, Version 0.51 + Naumen Public License - + - Simple Public License 2.0 + Creative Commons Attribution Non Commercial No Derivatives 2.5 Generic - + - Sun Industry Standards Source License v1.2 + Computational Use of Data Agreement v1.0 - + - Sun Industry Standards Source License v1.1 + Lesser General Public License For Linguistic Resources - + - Sleepycat License + mpich2 License - + - Standard ML of New Jersey License + Apple Public Source License 1.0 - + - Secure Messaging Protocol Public License + Linux Kernel Variant of OpenIB.org license - + - SNIA Public License 1.1 + Enlightenment License (e16) - + - Spencer License 86 + GNU Free Documentation License v1.2 - + - Spencer License 94 + Open Group Test Suite License - + - Spencer License 99 + Dotseqn License - + - Sun Public License v1.0 + Data licence Germany – attribution – version 2.0 - + - SSH OpenSSH license + Saxpath License - + - PHP License v3.01 + GNU Affero General Public License v3.0 - + - SSH short notice + Abstyles License - + - MIT No Attribution + Creative Commons Attribution Share Alike 3.0 Unported - + - RealNetworks Public Source License v1.0 + Giftware License - + - Scheme Widget Library (SWL) Software License Agreement + FreeImage Public License v1.0 - + - SugarCRM Public License v1.1.3 + CeCILL Free Software License Agreement v2.1 - + - TCL/TK License + RealNetworks Public Source License v1.0 - + - TCP Wrappers License + GNU Free Documentation License v1.3 or later - + - Server Side Public License, v 1 + GNU Free Documentation License v1.1 or later - invariants - + - TMate Open Source License + Educational Community License v2.0 - + - Trusster Open Source License + Licence Libre du Québec – Réciprocité forte version 1.1 - + - TORQUE v2.5+ Software License v1.1 + GNU General Public License v3.0 w/Autoconf exception - + - TAPR Open Hardware License v1.0 + Jam License - + - Upstream Compatibility License v1.0 + GNU Free Documentation License v1.2 or later - no invariants - + - Unicode License Agreement - Data Files and Software (2015) + CeCILL Free Software License Agreement v2.0 - + - Unicode License Agreement - Data Files and Software (2016) + PolyForm Noncommercial License 1.0.0 - + - Unicode Terms of Use + OGC Software License, Version 1.0 - + - Technische Universitaet Berlin License 1.0 + Creative Commons Attribution No Derivatives 3.0 Unported - + - Universal Permissive License v1.0 + Q Public License 1.0 - + - The Unlicense + Licence Art Libre 1.2 - + - VOSTROM Public License for Open Source + Creative Commons Attribution 3.0 Germany - + - Vim License + OpenSSL License - + - Vovida Software License v1.0 + Spencer License 99 - + - W3C Software Notice and Document License (2015-05-13) + Creative Commons Attribution Share Alike 3.0 Austria - + - W3C Software Notice and License (2002-12-31) + BSD Protection License - + - W3C Software Notice and License (1998-07-20) + Open LDAP Public License 2.2.2 - + - Wsuipa License + NRL License - + - Sybase Open Watcom Public License 1.0 + TORQUE v2.5+ Software License v1.1 - + - Do What The F*ck You Want To Public License + HTML Tidy License - + - X11 License + Server Side Public License, v 1 - + - Xerox License + Netscape Public License v1.0 - + - XFree86 License 1.1 + GNU Library General Public License v2 only - + - xinetd License + GNU Affero General Public License v3.0 only - + - X.Net License + GNU Free Documentation License v1.2 or later - invariants - + - XPP License + GNU General Public License v2.0 w/Bison exception - + - XSkat License + Creative Commons Attribution Non Commercial No Derivatives 1.0 Generic - + - Yahoo! Public License v1.0 + Educational Community License v1.0 - + - Yahoo! Public License v1.1 + Do What The F*ck You Want To Public License - + - Zed License + Creative Commons Attribution Share Alike 2.0 England and Wales - + - Zend License v2.0 + GNU General Public License v3.0 only - + - Technische Universitaet Berlin License 2.0 + Open LDAP Public License v2.2.1 - + - Zimbra Public License v1.4 + Secure Messaging Protocol Public License - + - zlib/libpng License with Acknowledgement + Creative Commons Attribution 3.0 Austria - + - zlib License + Eiffel Forum License v1.0 - + - Zope Public License 1.1 + Net Boolean Public License v1 - + - Zope Public License 2.0 + Lawrence Berkeley National Labs BSD variant license - + - Zope Public License 2.1 + Affero General Public License v1.0 - + - wxWindows Library License + Crossword License - + - Zimbra Public License v1.3 + TCL/TK License - + - gSOAP Public License v1.3b + Creative Commons Attribution No Derivatives 1.0 Generic - + - Interbase Public License v1.0 + Apple MIT License - + - GNU Lesser General Public License v2.1 only + Technische Universitaet Berlin License 2.0 - + - GNU Lesser General Public License v3.0 only + GNU Free Documentation License v1.3 only @@ -2287,45 +2407,45 @@ Non-Profit Open Software License 3.0 - + - Open LDAP Public License v2.5 + BSD 4-Clause "Original" or "Old" License - + - Standard ML of New Jersey License + gSOAP Public License v1.3b - - + - 389 Directory Server Exception + GNU Lesser General Public License v2.1 only - + - Autoconf exception 2.0 + GNU Lesser General Public License v3.0 only - + + - Autoconf exception 3.0 + FreeRTOS Exception 2.0 - + - Bison exception 2.2 + Swift Exception - + - Bootloader Distribution Exception + Qt LGPL exception 1.1 - + - Classpath exception 2.0 + GNU JavaMail exception @@ -2333,24 +2453,19 @@ CLISP exception 2.0 - - - DigiRule FOSS License Exception - - eCos exception 2.0 - + - Fawkes Runtime Exception + GPL Cooperation Commitment 1.0 - + - FLTK exception + DigiRule FOSS License Exception @@ -2358,84 +2473,84 @@ Font exception 2.0 - + - FreeRTOS Exception 2.0 + Qt GPL exception 1.0 - + - GCC Runtime Library exception 2.0 + PS/PDF font exception (2017-08-17) - + - GCC Runtime Library exception 3.1 + GPL-3.0 Linking Exception (with Corresponding Source) - + - GNU JavaMail exception + Linux Syscall Note - + - GPL-3.0 Linking Exception + GCC Runtime Library exception 2.0 - + - GPL-3.0 Linking Exception (with Corresponding Source) + LZMA exception - + - GPL Cooperation Commitment 1.0 + Autoconf exception 3.0 - + - i2p GPL+Java Exception + U-Boot exception 2.0 - + - LGPL-3.0 Linking Exception + LLVM Exception - + - Libtool Exception + OCaml LGPL Linking Exception - + - Linux Syscall Note + Autoconf exception 2.0 - + - LLVM Exception + Bootloader Distribution Exception - + - LZMA exception + LGPL-3.0 Linking Exception - + - Macros and Inline Functions Exception + OpenVPN OpenSSL Exception - + - Nokia Qt LGPL exception 1.1 + FLTK exception - + - OCaml LGPL Linking Exception + Bison exception 2.2 @@ -2443,29 +2558,29 @@ Open CASCADE Exception 1.0 - + - OpenJDK Assembly exception 1.0 + GCC Runtime Library exception 3.1 - + - OpenVPN OpenSSL Exception + OpenJDK Assembly exception 1.0 - + - PS/PDF font exception (2017-08-17) + WxWindows Library Exception 3.1 - + - Qt GPL exception 1.0 + Fawkes Runtime Exception - + - Qt LGPL exception 1.1 + Nokia Qt LGPL exception 1.1 @@ -2473,34 +2588,49 @@ Qwt exception 1.0 + + + Universal FOSS Exception, Version 1.0 + + + + + Classpath exception 2.0 + + Solderpad Hardware License v2.0 + + + GPL-3.0 Linking Exception + + Solderpad Hardware License v2.1 - + - Swift Exception + Libtool Exception - + - U-Boot exception 2.0 + Macros and Inline Functions Exception - + - Universal FOSS Exception, Version 1.0 + 389 Directory Server Exception - + - WxWindows Library Exception 3.1 + i2p GPL+Java Exception diff --git a/src/index.ts b/src/index.ts index dc86de79b..912d0a3ee 100644 --- a/src/index.ts +++ b/src/index.ts @@ -1,6 +1,6 @@ export * as Enums from "./enums/" export * as Models from "./models/" export * as Serialize from "./serialize/" +export * as Types from "./types/" export * as SPDX from "./SPDX" export * as Spec from "./spec" -export * as Types from "./types" diff --git a/src/models/bom.ts b/src/models/bom.ts index 373c06ad2..ac2ca4e96 100644 --- a/src/models/bom.ts +++ b/src/models/bom.ts @@ -1,8 +1,7 @@ import {Metadata} from "./metadata" import {ComponentRepository} from "./component" -import {isPositiveInteger, PositiveInteger} from "../types" +import {isPositiveInteger, isUrnUuid, PositiveInteger, UrnUuid} from "../types/"; -const SerialNumberRegExp = /^urn:uuid:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/ export class Bom { @@ -16,6 +15,7 @@ export class Bom { get version(): PositiveInteger { return this.#version } + set version(value: PositiveInteger) { if (!isPositiveInteger(value)) { throw new RangeError(`${value} is not PositiveInteger`) @@ -23,20 +23,18 @@ export class Bom { this.#version = value } - #serialNumber: string | null = null - get serialNumber(): string | null { + #serialNumber: UrnUuid | null = null + /** @type {(UrnUuid|null)} */ + get serialNumber(): UrnUuid | null { return this.#serialNumber } - set serialNumber(value: string | null) { - if (value !== null && !Bom.isEligibleSerialNumber(value)) { - throw new RangeError(`${value} is no eligible SerialNumber`) + + set serialNumber(value: UrnUuid | null) { + if (value !== null && !isUrnUuid(value)) { + throw new RangeError(`${value} is not UrnUuid`) } this.#serialNumber = value } - private static isEligibleSerialNumber(value: string | any): boolean { - // this method might be moved to the Spec, as the spec defines valid values in general. - return typeof value == 'string' - && SerialNumberRegExp.test(value) - } + } diff --git a/src/models/component.ts b/src/models/component.ts index ee4c96f70..086255882 100644 --- a/src/models/component.ts +++ b/src/models/component.ts @@ -1,3 +1,5 @@ +import {PackageURL} from 'packageurl-js' + import {ComponentScope, ComponentType} from "../enums/" import {BomRef} from "./bomRef" import {HashRepository} from "./hash" @@ -5,8 +7,7 @@ import {OrganizationalEntity} from "./organizationalEntity" import {ExternalReferenceRepository} from "./externalReference" import {LicenseRepository} from "./license" import {SWID} from "./SWID" - -import {PackageURL} from 'packageurl-js' +import {CPE, isCPE} from "../types/"; export class Component { @@ -15,7 +16,6 @@ export class Component { name: string author: string | null = null copyright: string | null = null - cpe: string | null = null description: string | null = null externalReferences = new ExternalReferenceRepository() group: string | null = null @@ -32,6 +32,20 @@ export class Component { this.type = type this.name = name } + + #cpe: CPE | null = null + /** @type {(CPE|null)} */ + get cpe(): CPE | null { + return this.#cpe + } + + set cpe(value: CPE | null) { + if (value !== null && !isCPE(value)) { + throw new RangeError(`${value} is not CPE`) + } + this.#cpe = value + } + } export class ComponentRepository extends Set { diff --git a/src/serialize/JSON.ts b/src/serialize/JSON.ts index 27ababf41..9b959f7d7 100644 --- a/src/serialize/JSON.ts +++ b/src/serialize/JSON.ts @@ -3,15 +3,14 @@ import {Protocol as SpecProtocol, Version as SpecVersion, Format, UnsupportedFor import {Protocol as SerializerProtocol} from "./serializer"; -const JsonSchemaUrl: ReadonlyMap = new Map([ - [SpecVersion.v1_0, undefined], - [SpecVersion.v1_1, undefined], - [SpecVersion.v1_2, 'http://cyclonedx.org/schema/bom-1.2.schema.json'], - [SpecVersion.v1_3, 'http://cyclonedx.org/schema/bom-1.3.schema.json'], +const JsonSchemaUrl: ReadonlyMap = new Map([ + [SpecVersion.v1_2, 'http://cyclonedx.org/schema/bom-1.2b.schema.json'], + [SpecVersion.v1_3, 'http://cyclonedx.org/schema/bom-1.3a.schema.json'], [SpecVersion.v1_4, 'http://cyclonedx.org/schema/bom-1.4.schema.json'], ]) -class UnsupportedFormat extends Error {} +class UnsupportedFormat extends Error { +} export class Serializer implements SerializerProtocol { #normalizerFactory: Normalize.Factory @@ -20,8 +19,7 @@ export class Serializer implements SerializerProtocol { * @throws {UnsupportedFormatError} if spec does not support JSON format. */ constructor(normalizerFactory: Normalize.Factory) { - if (!normalizerFactory.spec.supportsFormat(Format.JSON)) - { + if (!normalizerFactory.spec.supportsFormat(Format.JSON)) { throw new UnsupportedFormatError('Spec does not support JSON format.') } this.#normalizerFactory = normalizerFactory @@ -173,7 +171,8 @@ export namespace Normalize { export class HashNormalizer extends Base { normalize([algorithm, content]: Models.Hash): object | undefined { - return this.factory.spec.supportsHashAlgorithm(algorithm) + const spec = this.factory.spec + return spec.supportsHashAlgorithm(algorithm) && spec.supportsHashValue(content) ? { alg: algorithm, content: content, diff --git a/src/spec.ts b/src/spec.ts index 5006f411e..52aed2309 100644 --- a/src/spec.ts +++ b/src/spec.ts @@ -1,21 +1,23 @@ import {ComponentType, ExternalReferenceType, HashAlgorithm} from "./enums/"; +import {HashContent} from "./models"; export enum Version { - v1_4 = '1.4', - v1_3 = '1.3', - v1_2 = '1.2', - v1_1 = '1.1', v1_0 = '1.0', + v1_1 = '1.1', + v1_2 = '1.2', + v1_3 = '1.3', + v1_4 = '1.4', } export enum Format { - JSON = 'json', XML = 'xml', + JSON = 'json', } -export class UnsupportedFormatError extends Error {} +export class UnsupportedFormatError extends Error { +} export interface Protocol { @@ -23,33 +25,38 @@ export interface Protocol { supportsFormat(f: Format | any): boolean - supportsComponentType(ct: ComponentType | any): boolean; + supportsComponentType(ct: ComponentType | any): boolean - supportsHashAlgorithm(ha: HashAlgorithm | any): boolean; + supportsHashAlgorithm(ha: HashAlgorithm | any): boolean - supportsExternalReferenceType(ert: ExternalReferenceType | any): boolean; + supportsHashValue(hv: HashContent | any): boolean + + supportsExternalReferenceType(ert: ExternalReferenceType | any): boolean } class Spec implements Protocol { readonly #version: Version - readonly #supportedFormats: ReadonlySet - readonly #supportedComponentTypes: ReadonlySet - readonly #supportedHashAlgorithms: ReadonlySet - readonly #supportedExternalReferenceTypes: ReadonlySet + readonly #formats: ReadonlySet + readonly #componentTypes: ReadonlySet + readonly #hashAlgorithms: ReadonlySet + readonly #hashValuePattern: RegExp + readonly #externalReferenceTypes: ReadonlySet constructor( version: Version, - supportedFormats: Iterable, - supportedComponentTypes: Iterable, - supportedHashAlgorithms: Iterable, - supportedExternalReferenceTypes: Iterable + formats: Iterable, + componentTypes: Iterable, + hashAlgorithms: Iterable, + hashValuePattern: RegExp, + externalReferenceTypes: Iterable, ) { this.#version = version - this.#supportedFormats = new Set(supportedFormats) - this.#supportedComponentTypes = new Set(supportedComponentTypes) - this.#supportedHashAlgorithms = new Set(supportedHashAlgorithms) - this.#supportedExternalReferenceTypes = new Set(supportedExternalReferenceTypes) + this.#formats = new Set(formats) + this.#componentTypes = new Set(componentTypes) + this.#hashAlgorithms = new Set(hashAlgorithms) + this.#hashValuePattern = hashValuePattern + this.#externalReferenceTypes = new Set(externalReferenceTypes) } get version(): Version { @@ -57,25 +64,130 @@ class Spec implements Protocol { } supportsFormat(f: Format | any): boolean { - return this.#supportedFormats.has(f) + return this.#formats.has(f) } supportsComponentType(ct: ComponentType | any): boolean { - return this.#supportedComponentTypes.has(ct) + return this.#componentTypes.has(ct) } supportsHashAlgorithm(ha: HashAlgorithm | any): boolean { - return this.#supportedHashAlgorithms.has(ha) + return this.#hashAlgorithms.has(ha) + } + + supportsHashValue(hv: HashContent | any): boolean { + return typeof hv === 'string' + && this.#hashValuePattern.test(hv) } supportsExternalReferenceType(ert: ExternalReferenceType | any): boolean { - return this.#supportedExternalReferenceTypes.has(ert) + return this.#externalReferenceTypes.has(ert) } } -// @TODO add the other versions +/** Specification v1.2 */ +export const Spec1_2: Protocol = Object.freeze(new Spec( + Version.v1_2, + [ + Format.XML, + Format.JSON, + ], + [ + ComponentType.Application, + ComponentType.Framework, + ComponentType.Library, + ComponentType.Container, + ComponentType.OperatingSystem, + ComponentType.Device, + ComponentType.Firmware, + ComponentType.File, + ], + [ + HashAlgorithm.MD5, + HashAlgorithm["SHA-1"], + HashAlgorithm["SHA-256"], + HashAlgorithm["SHA-384"], + HashAlgorithm["SHA-512"], + HashAlgorithm["SHA3-256"], + HashAlgorithm["SHA3-384"], + HashAlgorithm["SHA3-512"], + HashAlgorithm["BLAKE2b-256"], + HashAlgorithm["BLAKE2b-384"], + HashAlgorithm["BLAKE2b-512"], + HashAlgorithm.BLAKE3, + ], + /^([a-fA-F0-9]{32})$|^([a-fA-F0-9]{40})$|^([a-fA-F0-9]{64})$|^([a-fA-F0-9]{96})$|^([a-fA-F0-9]{128})$/, + [ + ExternalReferenceType.VCS, + ExternalReferenceType.IssueTracker, + ExternalReferenceType.Website, + ExternalReferenceType.Advisories, + ExternalReferenceType.BOM, + ExternalReferenceType.MailingList, + ExternalReferenceType.Social, + ExternalReferenceType.Chat, + ExternalReferenceType.Documentation, + ExternalReferenceType.Support, + ExternalReferenceType.Distribution, + ExternalReferenceType.License, + ExternalReferenceType.BuildMeta, + ExternalReferenceType.BuildSystem, + ExternalReferenceType.Other, + ], +)) + +/** Specification v1.3 */ +export const Spec1_3: Protocol = Object.freeze(new Spec( + Version.v1_3, + [ + Format.XML, + Format.JSON, + ], + [ + ComponentType.Application, + ComponentType.Framework, + ComponentType.Library, + ComponentType.Container, + ComponentType.OperatingSystem, + ComponentType.Device, + ComponentType.Firmware, + ComponentType.File, + ], + [ + HashAlgorithm.MD5, + HashAlgorithm["SHA-1"], + HashAlgorithm["SHA-256"], + HashAlgorithm["SHA-384"], + HashAlgorithm["SHA-512"], + HashAlgorithm["SHA3-256"], + HashAlgorithm["SHA3-384"], + HashAlgorithm["SHA3-512"], + HashAlgorithm["BLAKE2b-256"], + HashAlgorithm["BLAKE2b-384"], + HashAlgorithm["BLAKE2b-512"], + HashAlgorithm.BLAKE3, + ], + /^([a-fA-F0-9]{32})$|^([a-fA-F0-9]{40})$|^([a-fA-F0-9]{64})$|%([a-fA-F0-9]{96})$|%([a-fA-F0-9]{128})$/, + [ + ExternalReferenceType.VCS, + ExternalReferenceType.IssueTracker, + ExternalReferenceType.Website, + ExternalReferenceType.Advisories, + ExternalReferenceType.BOM, + ExternalReferenceType.MailingList, + ExternalReferenceType.Social, + ExternalReferenceType.Chat, + ExternalReferenceType.Documentation, + ExternalReferenceType.Support, + ExternalReferenceType.Distribution, + ExternalReferenceType.License, + ExternalReferenceType.BuildMeta, + ExternalReferenceType.BuildSystem, + ExternalReferenceType.Other, + ], +)) /** Specification v1.4 */ export const Spec1_4: Protocol = Object.freeze(new Spec( @@ -108,6 +220,7 @@ export const Spec1_4: Protocol = Object.freeze(new Spec( HashAlgorithm["BLAKE2b-512"], HashAlgorithm.BLAKE3, ], + /^([a-fA-F0-9]{32})$|^([a-fA-F0-9]{40})$|^([a-fA-F0-9]{64})$|^([a-fA-F0-9]{96})$|^([a-fA-F0-9]{128})$/, [ ExternalReferenceType.VCS, ExternalReferenceType.IssueTracker, @@ -125,5 +238,5 @@ export const Spec1_4: Protocol = Object.freeze(new Spec( ExternalReferenceType.BuildSystem, ExternalReferenceType.ReleaseNotes, ExternalReferenceType.Other, - ] + ], )) diff --git a/src/types/CPE.ts b/src/types/CPE.ts new file mode 100644 index 000000000..6bbc8b0f8 --- /dev/null +++ b/src/types/CPE.ts @@ -0,0 +1,12 @@ +/** + * Define the format for acceptable CPE URIs. Supports CPE 2.2 and CPE 2.3 formats. + * Refer to https://nvd.nist.gov/products/cpe for official specification. + */ +export declare type CPE = string + +const cpePattern = /^([c][pP][eE]:\/[AHOaho]?(:[A-Za-z0-9\._\-~%]*){0,6})$|^(cpe:2\.3:[aho\*\-](:(((\?*|\*?)([a-zA-Z0-9\-\._]|(\\[\\\*\?!"#$$%&'\(\)\+,\/:;<=>@\[\]\^`\{\|}~]))+(\?*|\*?))|[\*\-])){5}(:(([a-zA-Z]{2,3}(-([a-zA-Z]{2}|[0-9]{3}))?)|[\*\-]))(:(((\?*|\*?)([a-zA-Z0-9\-\._]|(\\[\\\*\?!"#$$%&'\(\)\+,\/:;<=>@\[\]\^`\{\|}~]))+(\?*|\*?))|[\*\-])){4})$/ + +export function isCPE(value: any): value is CPE { + return typeof value == 'string' + && cpePattern.test(value) +} diff --git a/src/types/MimeType.ts b/src/types/MimeType.ts new file mode 100644 index 000000000..c3ff78201 --- /dev/null +++ b/src/types/MimeType.ts @@ -0,0 +1,8 @@ +export declare type MimeType = string + +const mimeTypePattern = /^[-+a-z0-9.]+\/[-+a-z0-9.]+$/ + +export function isMimeType(value: any): value is MimeType { + return typeof value == 'string' + && mimeTypePattern.test(value) +} diff --git a/src/types.ts b/src/types/PositiveInteger.ts similarity index 100% rename from src/types.ts rename to src/types/PositiveInteger.ts diff --git a/src/types/UrnUuid.ts b/src/types/UrnUuid.ts new file mode 100644 index 000000000..3adb55e08 --- /dev/null +++ b/src/types/UrnUuid.ts @@ -0,0 +1,12 @@ +/** + * Defines a string representation of a UUID conforming to RFC 4122. + * @see https://datatracker.ietf.org/doc/html/rfc4122 + */ +export declare type UrnUuid = string + +const urnUuidPattern = /^urn:uuid:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/ + +export function isUrnUuid(value: any): value is UrnUuid { + return typeof value == 'string' + && urnUuidPattern.test(value) +} diff --git a/src/types/index.ts b/src/types/index.ts new file mode 100644 index 000000000..c7712b62f --- /dev/null +++ b/src/types/index.ts @@ -0,0 +1,4 @@ +export * from './CPE' +export * from './MimeType' +export * from './PositiveInteger' +export * from './UrnUuid' diff --git a/test/_data/serialize.js b/test/_data/serialize.js index ca0ebb3aa..f9fa114de 100644 --- a/test/_data/serialize.js +++ b/test/_data/serialize.js @@ -58,6 +58,7 @@ function createComplexStructure() { bom.components.add((function (component) { component.bomRef.value = 'dummy-component' component.author = "component's author" + component.cpe = 'cpe:2.3:a:microsoft:internet_explorer:8.0.6001:beta:*:*:*:*:*:*' component.copyright = '(c) acme' component.description = 'this is a test component' component.externalReferences.add((function (ref) { diff --git a/test/_data/serializeResults/complex-spec1.2.json b/test/_data/serializeResults/complex-spec1.2.json new file mode 100644 index 000000000..af4db22f7 --- /dev/null +++ b/test/_data/serializeResults/complex-spec1.2.json @@ -0,0 +1,134 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.2b.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.2", + "version": 7, + "serialNumber": "urn:uuid:12345678-1234-1234-1234-123456789012", + "metadata": { + "timestamp": "2001-05-23T13:37:42.000Z", + "tools": [ + { + "vendor": "tool vendor", + "name": "tool name", + "version": "0.8.15", + "hashes": [ + { + "alg": "MD5", + "content": "f32a26e2a3a8aa338cd77b6e1263c535" + } + ] + } + ], + "authors": [ + { + "name": "Jane \"the-author\" Doe", + "email": "cdx-author@mailinator.com" + } + ], + "component": { + "type": "library", + "name": "Root Component", + "version": "", + "bom-ref": "dummy.metadata.component" + }, + "manufacture": { + "name": "meta manufacture", + "url": [ + "https://meta-manufacture.xmpl/" + ] + }, + "supplier": { + "name": "meta supplier", + "url": [ + "https://meta-supplier.xmpl/" + ], + "contact": [ + { + "name": "John \"the-supplier\" Doe", + "email": "cdx-supplier@mailinator.com" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "dummy-component", + "group": "acme", + "version": "1337-beta", + "bom-ref": "dummy-component", + "supplier": { + "name": "Component Supplier", + "url": [ + "https://localhost/componentSupplier" + ], + "contact": [ + { + "name": "Franz", + "email": "franz-aus-bayern@komplett.verwahrlosten.taxi", + "phone": "555-732378879" + } + ] + }, + "author": "component's author", + "publisher": "the publisher", + "description": "this is a test component", + "scope": "required", + "hashes": [ + { + "alg": "SHA-1", + "content": "e6f36746ccba42c288acf906e636bb278eaeb7e8" + } + ], + "licenses": [ + { + "license": { + "name": "some other", + "text": { + "content": "U29tZQpsaWNlbnNlCnRleHQu", + "contentType": "text/plain", + "encoding": "base64" + }, + "url": "https://localhost/license" + } + }, + { + "license": { + "id": "MIT", + "text": { + "content": "TUlUIExpY2Vuc2UKLi4uClRIRSBTT0ZUV0FSRSBJUyBQUk9WSURFRCAiQVMgSVMiLi4u", + "contentType": "text/plain", + "encoding": "base64" + }, + "url": "https://spdx.org/licenses/MIT.html" + } + }, + { + "expression": "(MIT or Apache-2.0)" + } + ], + "copyright": "(c) acme", + "cpe": "cpe:2.3:a:microsoft:internet_explorer:8.0.6001:beta:*:*:*:*:*:*", + "purl": "pkg:npm/acme/dummy-component@1337-beta", + "swid": { + "tagId": "some-tag", + "name": "dummy-component", + "version": "1337-beta", + "patch": true, + "text": { + "content": "some context", + "contentType": "some context type", + "encoding": "base64" + }, + "url": "https://localhost/swid" + }, + "externalReferences": [ + { + "url": "https://localhost/acme", + "type": "website", + "comment": "testing" + } + ] + } + ] +} diff --git a/test/_data/serializeResults/complex-spec1.3.json b/test/_data/serializeResults/complex-spec1.3.json new file mode 100644 index 000000000..a58ab315b --- /dev/null +++ b/test/_data/serializeResults/complex-spec1.3.json @@ -0,0 +1,134 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.3a.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.3", + "version": 7, + "serialNumber": "urn:uuid:12345678-1234-1234-1234-123456789012", + "metadata": { + "timestamp": "2001-05-23T13:37:42.000Z", + "tools": [ + { + "vendor": "tool vendor", + "name": "tool name", + "version": "0.8.15", + "hashes": [ + { + "alg": "MD5", + "content": "f32a26e2a3a8aa338cd77b6e1263c535" + } + ] + } + ], + "authors": [ + { + "name": "Jane \"the-author\" Doe", + "email": "cdx-author@mailinator.com" + } + ], + "component": { + "type": "library", + "name": "Root Component", + "version": "", + "bom-ref": "dummy.metadata.component" + }, + "manufacture": { + "name": "meta manufacture", + "url": [ + "https://meta-manufacture.xmpl/" + ] + }, + "supplier": { + "name": "meta supplier", + "url": [ + "https://meta-supplier.xmpl/" + ], + "contact": [ + { + "name": "John \"the-supplier\" Doe", + "email": "cdx-supplier@mailinator.com" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "dummy-component", + "group": "acme", + "version": "1337-beta", + "bom-ref": "dummy-component", + "supplier": { + "name": "Component Supplier", + "url": [ + "https://localhost/componentSupplier" + ], + "contact": [ + { + "name": "Franz", + "email": "franz-aus-bayern@komplett.verwahrlosten.taxi", + "phone": "555-732378879" + } + ] + }, + "author": "component's author", + "publisher": "the publisher", + "description": "this is a test component", + "scope": "required", + "hashes": [ + { + "alg": "SHA-1", + "content": "e6f36746ccba42c288acf906e636bb278eaeb7e8" + } + ], + "licenses": [ + { + "license": { + "name": "some other", + "text": { + "content": "U29tZQpsaWNlbnNlCnRleHQu", + "contentType": "text/plain", + "encoding": "base64" + }, + "url": "https://localhost/license" + } + }, + { + "license": { + "id": "MIT", + "text": { + "content": "TUlUIExpY2Vuc2UKLi4uClRIRSBTT0ZUV0FSRSBJUyBQUk9WSURFRCAiQVMgSVMiLi4u", + "contentType": "text/plain", + "encoding": "base64" + }, + "url": "https://spdx.org/licenses/MIT.html" + } + }, + { + "expression": "(MIT or Apache-2.0)" + } + ], + "copyright": "(c) acme", + "cpe": "cpe:2.3:a:microsoft:internet_explorer:8.0.6001:beta:*:*:*:*:*:*", + "purl": "pkg:npm/acme/dummy-component@1337-beta", + "swid": { + "tagId": "some-tag", + "name": "dummy-component", + "version": "1337-beta", + "patch": true, + "text": { + "content": "some context", + "contentType": "some context type", + "encoding": "base64" + }, + "url": "https://localhost/swid" + }, + "externalReferences": [ + { + "url": "https://localhost/acme", + "type": "website", + "comment": "testing" + } + ] + } + ] +} diff --git a/test/_data/serializeResults/complex-spec1.4.json b/test/_data/serializeResults/complex-spec1.4.json index 50041b76e..a6a54c647 100644 --- a/test/_data/serializeResults/complex-spec1.4.json +++ b/test/_data/serializeResults/complex-spec1.4.json @@ -108,6 +108,7 @@ } ], "copyright": "(c) acme", + "cpe": "cpe:2.3:a:microsoft:internet_explorer:8.0.6001:beta:*:*:*:*:*:*", "purl": "pkg:npm/acme/dummy-component@1337-beta", "swid": { "tagId": "some-tag", diff --git a/test/integration/serialize.JSON.test.js b/test/integration/serialize.JSON.test.js index cc7546d15..20e9bc96b 100644 --- a/test/integration/serialize.JSON.test.js +++ b/test/integration/serialize.JSON.test.js @@ -8,7 +8,8 @@ const {Spec} = require('../../') describe('JSON serialize', () => { [ - // TODO add other versions + Spec.Spec1_2, + Spec.Spec1_3, Spec.Spec1_4, ].forEach(spec => describe(`complex with spec v${spec.version}`, () => { const serializer = new JsonSerialize.Serializer(new JsonSerialize.Normalize.Factory(spec)) From 4544a30bd485045e5d52c7f93d88425a04d4845a Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Fri, 15 Apr 2022 13:49:26 +0200 Subject: [PATCH 065/233] fixed examples Signed-off-by: Jan Kowalleck --- README.md | 6 +++--- examples/README.md | 3 ++- examples/{node.js => node.cjs} | 0 examples/node.mjs | 19 +++++++++++++++++++ examples/web-browser.html | 2 +- package-lock.json | 13 +++++++------ package.json | 5 +++-- 7 files changed, 35 insertions(+), 13 deletions(-) rename examples/{node.js => node.cjs} (100%) create mode 100644 examples/node.mjs diff --git a/README.md b/README.md index d985c3292..0d16f195c 100644 --- a/README.md +++ b/README.md @@ -22,7 +22,7 @@ As node module: ```javascript const cdx = require('@cyclonedx/cyclonedx-library') -const bom = new cdx.models.Bom() +const bom = new cdx.Models.Bom() bom.components.add( new cdx.Models.Component( cdx.Enums.ComponentType.Library, @@ -36,13 +36,13 @@ In web-browser: - - ``` -## Development +## Development & CONTRIBUTING -see [](CONTRIBUTING.md) +See [CONTRIBUTING](CONTRIBUTING.md) file for details. [CycloneDX]: https://cyclonedx.org/ diff --git a/examples/web-browser.html b/examples/web-browser.html index 834a49c7a..b598b9c97 100644 --- a/examples/web-browser.html +++ b/examples/web-browser.html @@ -1,31 +1,31 @@ - example - - + + console.log(serialized) +

see console log output for result.

From 0f7f0ec96686fd26d868bbfd4e435feb9a0e9e80 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sat, 16 Apr 2022 01:15:43 +0200 Subject: [PATCH 077/233] wip Signed-off-by: Jan Kowalleck --- src/index.ts | 6 +++--- src/models/SWID.ts | 2 +- src/models/bom.ts | 2 +- src/models/component.ts | 2 +- src/models/index.ts | 10 +++++----- 5 files changed, 11 insertions(+), 11 deletions(-) diff --git a/src/index.ts b/src/index.ts index 5b0fa41ab..f83019371 100644 --- a/src/index.ts +++ b/src/index.ts @@ -1,7 +1,7 @@ +export * as Types from './types' export * as Enums from './enums' +export * as SPDX from './SPDX' export * as Models from './models' export * as Factories from './factories' -export * as Serialize from './serialize' -export * as Types from './types' -export * as SPDX from './SPDX' export * as Spec from './spec' +export * as Serialize from './serialize' diff --git a/src/models/SWID.ts b/src/models/SWID.ts index 15a4f59ed..8069ac7ea 100644 --- a/src/models/SWID.ts +++ b/src/models/SWID.ts @@ -1,5 +1,5 @@ -import { Attachment } from './attachment' import { isPositiveInteger, PositiveInteger } from '../types' +import { Attachment } from './attachment' export class SWID { tagId: string diff --git a/src/models/bom.ts b/src/models/bom.ts index 56940c78a..80924d87a 100644 --- a/src/models/bom.ts +++ b/src/models/bom.ts @@ -1,6 +1,6 @@ +import { isPositiveInteger, isUrnUuid, PositiveInteger, UrnUuid } from '../types' import { Metadata } from './metadata' import { ComponentRepository } from './component' -import { isPositiveInteger, isUrnUuid, PositiveInteger, UrnUuid } from '../types' export class Bom { // property `bomFormat` is not part of model, it is a runtime information diff --git a/src/models/component.ts b/src/models/component.ts index 9e8c5fb67..6b26ebb25 100644 --- a/src/models/component.ts +++ b/src/models/component.ts @@ -1,5 +1,6 @@ import { PackageURL } from 'packageurl-js' +import { CPE, isCPE } from '../types' import { ComponentScope, ComponentType } from '../enums' import { BomRef } from './bomRef' import { HashRepository } from './hash' @@ -7,7 +8,6 @@ import { OrganizationalEntity } from './organizationalEntity' import { ExternalReferenceRepository } from './externalReference' import { LicenseRepository } from './license' import { SWID } from './SWID' -import { CPE, isCPE } from '../types' export class Component { readonly bomRef = new BomRef() diff --git a/src/models/index.ts b/src/models/index.ts index ef838b873..8b2ca70de 100644 --- a/src/models/index.ts +++ b/src/models/index.ts @@ -1,12 +1,12 @@ -export * from './attachment' -export * from './bom' export * from './bomRef' -export * from './component' +export * from './organizationalContact' export * from './externalReference' export * from './hash' +export * from './attachment' export * from './license' -export * from './metadata' -export * from './organizationalContact' export * from './organizationalEntity' export * from './SWID' export * from './tool' +export * from './component' +export * from './metadata' +export * from './bom' From 89de7aa17e3b2d2ef27fce155859d4cbe4116eac Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sat, 16 Apr 2022 01:19:03 +0200 Subject: [PATCH 078/233] wip Signed-off-by: Jan Kowalleck --- CONTRIBUTING.md | 4 ++++ README.md | 1 + 2 files changed, 5 insertions(+) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index cc3c7844d..145c50183 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -9,6 +9,7 @@ first. ## Set up the project Install dependencies: + ```shell npm ci ``` @@ -18,6 +19,7 @@ The setup will also build the project. ## Build from source Build the JavaScript: + ```shell npm run build ``` @@ -25,6 +27,7 @@ npm run build ## Test the build result Run the tests: + ```shell npm test ``` @@ -32,6 +35,7 @@ npm test ## Coding standards Apply coding standards via: + ```shell npm run cs-fix ``` diff --git a/README.md b/README.md index 39e0d8c40..9be62cc52 100644 --- a/README.md +++ b/README.md @@ -17,6 +17,7 @@ which will build automatically on installation: ```shell npm i -S github:CycloneDX/cyclonedx-javascript-library +# not supported with yarn ``` ## Usage From 1edd507af6d945994b8cbfcda42bf7facc250303 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sat, 16 Apr 2022 01:54:30 +0200 Subject: [PATCH 079/233] wip Signed-off-by: Jan Kowalleck --- .eslintrc.js | 8 +++++- src/models/SWID.ts | 21 +++++++++------- src/models/bom.ts | 42 ++++++++++++++++++-------------- src/models/component.ts | 21 +++++++++------- src/models/hash.ts | 8 +++--- src/models/license.ts | 54 ++++++++++++++++++++--------------------- src/serialize/JSON.ts | 46 +++++++++++++++++------------------ src/types/CPE.ts | 2 +- 8 files changed, 110 insertions(+), 92 deletions(-) diff --git a/.eslintrc.js b/.eslintrc.js index 9d42242de..c5d86e52f 100644 --- a/.eslintrc.js +++ b/.eslintrc.js @@ -1,6 +1,12 @@ module.exports = { + root: true, extends: 'standard-with-typescript', parserOptions: { project: './tsconfig.json' - } + }, + ignorePatterns: [ + 'dist/', + 'dist.*/', + 'node_modules/' + ] } diff --git a/src/models/SWID.ts b/src/models/SWID.ts index 8069ac7ea..0148bd72a 100644 --- a/src/models/SWID.ts +++ b/src/models/SWID.ts @@ -14,15 +14,18 @@ export class SWID { this.name = name } - #tagVersion: PositiveInteger | null = null - get tagVersion (): PositiveInteger | null { - return this.#tagVersion - } + #tagVersion: PositiveInteger | null = null + get tagVersion (): PositiveInteger | null { + return this.#tagVersion + } - set tagVersion (value: PositiveInteger | null) { - if (value !== null && !isPositiveInteger(value)) { - throw new TypeError('Not PositiveInteger nor null') - } - this.#tagVersion = value + /** + * @throws {TypeError} if value is not PositiveInteger nor null + */ + set tagVersion (value: PositiveInteger | null) { + if (value !== null && !isPositiveInteger(value)) { + throw new TypeError('Not PositiveInteger nor null') } + this.#tagVersion = value + } } diff --git a/src/models/bom.ts b/src/models/bom.ts index 80924d87a..e3a4334b9 100644 --- a/src/models/bom.ts +++ b/src/models/bom.ts @@ -9,27 +9,33 @@ export class Bom { metadata = new Metadata() components = new ComponentRepository() - #version: PositiveInteger = 1 - get version (): PositiveInteger { - return this.#version - } + #version: PositiveInteger = 1 + get version (): PositiveInteger { + return this.#version + } - set version (value: PositiveInteger) { - if (!isPositiveInteger(value)) { - throw new RangeError('Not PositiveInteger') - } - this.#version = value + /** + * @throws {TypeError} if value is not positive integer + */ + set version (value: PositiveInteger) { + if (!isPositiveInteger(value)) { + throw new TypeError('Not PositiveInteger') } + this.#version = value + } - #serialNumber: UrnUuid | null = null - get serialNumber (): UrnUuid | null { - return this.#serialNumber - } + #serialNumber: UrnUuid | null = null + get serialNumber (): UrnUuid | null { + return this.#serialNumber + } - set serialNumber (value: UrnUuid | null) { - if (value !== null && !isUrnUuid(value)) { - throw new RangeError('Not UrnUuid') - } - this.#serialNumber = value + /** + * @throws {TypeError} if value is not UrnUuid nor null + */ + set serialNumber (value: UrnUuid | null) { + if (value !== null && !isUrnUuid(value)) { + throw new TypeError('Not UrnUuid') } + this.#serialNumber = value + } } diff --git a/src/models/component.ts b/src/models/component.ts index 6b26ebb25..d91fd6991 100644 --- a/src/models/component.ts +++ b/src/models/component.ts @@ -32,17 +32,20 @@ export class Component { this.name = name } - #cpe: CPE | null = null - get cpe (): CPE | null { - return this.#cpe - } + #cpe: CPE | null = null + get cpe (): CPE | null { + return this.#cpe + } - set cpe (value: CPE | null) { - if (value !== null && !isCPE(value)) { - throw new RangeError('Not CPE') - } - this.#cpe = value + /** + * @throws {TypeError} if value is not CPE not null + */ + set cpe (value: CPE | null) { + if (value !== null && !isCPE(value)) { + throw new TypeError('Not CPE nor null') } + this.#cpe = value + } } export class ComponentRepository extends Set { diff --git a/src/models/hash.ts b/src/models/hash.ts index f2de0ce3b..6407c949b 100644 --- a/src/models/hash.ts +++ b/src/models/hash.ts @@ -4,10 +4,10 @@ import { HashAlgorithm } from '../enums' export type HashContent = string export type Hash = [ - // order matters: it must reflect [key, value] of HashRepository - - // this way a HashRepository can be constructed from multiple Hash objects. - algorithm: HashAlgorithm, - content: HashContent + // order matters: it must reflect [key, value] of HashRepository - + // this way a HashRepository can be constructed from multiple Hash objects. + algorithm: HashAlgorithm, + content: HashContent ] export class HashRepository extends Map { diff --git a/src/models/license.ts b/src/models/license.ts index 6f66ab85a..9e32ea271 100644 --- a/src/models/license.ts +++ b/src/models/license.ts @@ -4,9 +4,9 @@ import { Attachment } from './attachment' export function isEligibleLicenseExpression (expression: string | any): boolean { // smallest known: (A or B) return typeof expression === 'string' && - expression.length >= 8 && - expression[0] === '(' && - expression[expression.length - 1] === ')' + expression.length >= 8 && + expression[0] === '(' && + expression[expression.length - 1] === ')' } export class LicenseExpression { @@ -17,20 +17,20 @@ export class LicenseExpression { this.expression = expression } - #expression!: string - get expression (): string { - return this.#expression - } + #expression!: string + get expression (): string { + return this.#expression + } - /** - * @throws {RangeError} if expression is not eligible - */ - set expression (value: string) { - if (!isEligibleLicenseExpression(value)) { - throw new RangeError(`Not eligible license expression: ${value}`) - } - this.#expression = value + /** + * @throws {RangeError} if expression is not eligible + */ + set expression (value: string) { + if (!isEligibleLicenseExpression(value)) { + throw new RangeError('Not eligible license expression') } + this.#expression = value + } } export class NamedLicense { @@ -54,20 +54,20 @@ export class SpdxLicense { this.id = id } - #id!: SpdxId - get id (): SpdxId { - return this.#id - } + #id!: SpdxId + get id (): SpdxId { + return this.#id + } - /** - * @throws {RangeError} if value is not supported SPDX id - */ - set id (value: SpdxId) { - if (!isSupportedSpdxId(value)) { - throw new RangeError('Unknown SPDX id') - } - this.#id = value + /** + * @throws {RangeError} if value is not supported SPDX id + */ + set id (value: SpdxId) { + if (!isSupportedSpdxId(value)) { + throw new RangeError('Unknown SPDX id') } + this.#id = value + } } export type DisjunctiveLicense = NamedLicense | SpdxLicense diff --git a/src/serialize/JSON.ts b/src/serialize/JSON.ts index e78daf433..b0b2255b6 100644 --- a/src/serialize/JSON.ts +++ b/src/serialize/JSON.ts @@ -9,29 +9,29 @@ const JsonSchemaUrl: ReadonlyMap = new Map([ ]) export class Serializer implements SerializerProtocol { - #normalizerFactory: Normalize.Factory - - /** - * @throws {UnsupportedFormatError} if spec does not support JSON format. - */ - constructor (normalizerFactory: Normalize.Factory) { - if (!normalizerFactory.spec.supportsFormat(Format.JSON)) { - throw new UnsupportedFormatError('Spec does not support JSON format.') - } - this.#normalizerFactory = normalizerFactory + #normalizerFactory: Normalize.Factory + + /** + * @throws {UnsupportedFormatError} if spec does not support JSON format. + */ + constructor (normalizerFactory: Normalize.Factory) { + if (!normalizerFactory.spec.supportsFormat(Format.JSON)) { + throw new UnsupportedFormatError('Spec does not support JSON format.') } + this.#normalizerFactory = normalizerFactory + } - serialize (bom: Models.Bom): string { - // @TODO bom-refs values make unique ... - return JSON.stringify( - { - $schema: JsonSchemaUrl.get(this.#normalizerFactory.spec.version), - ...this.#normalizerFactory.makeForBom().normalize(bom) - }, - null, - 4 - ) - } + serialize (bom: Models.Bom): string { + // @TODO bom-refs values make unique ... + return JSON.stringify( + { + $schema: JsonSchemaUrl.get(this.#normalizerFactory.spec.version), + ...this.#normalizerFactory.makeForBom().normalize(bom) + }, + null, + 4 + ) + } } /* eslint-disable-next-line @typescript-eslint/no-namespace */ @@ -116,7 +116,7 @@ export namespace Normalize { metadata: this.factory.makeForMetadata().normalize(data.metadata), components: data.components.size > 0 ? this.factory.makeForComponent().normalizeIter(data.components) - // spec < 1.4 requires `component` to be array + // spec < 1.4 requires `component` to be array : [] } } @@ -196,7 +196,7 @@ export namespace Normalize { return { name: data.name || undefined, url: data.url.size > 0 - // must comply to https://datatracker.ietf.org/doc/html/rfc3987 + // must comply to https://datatracker.ietf.org/doc/html/rfc3987 ? Array.from(data.url, u => u.toString()) : undefined, contact: data.contact.size > 0 diff --git a/src/types/CPE.ts b/src/types/CPE.ts index 8c4f9f9ed..83c1ab57b 100644 --- a/src/types/CPE.ts +++ b/src/types/CPE.ts @@ -4,7 +4,7 @@ */ export declare type CPE = string -// eslint-disable-next-line no-useless-escape -- value directly from XML or JSON spec, surrounded with ^$ +/* eslint-disable-next-line no-useless-escape -- value directly from XML or JSON spec, surrounded with ^$ */ const cpePattern = /^([c][pP][eE]:\/[AHOaho]?(:[A-Za-z0-9\._\-~%]*){0,6})$|^(cpe:2\.3:[aho\*\-](:(((\?*|\*?)([a-zA-Z0-9\-\._]|(\\[\\\*\?!"#$$%&'\(\)\+,\/:;<=>@\[\]\^`\{\|}~]))+(\?*|\*?))|[\*\-])){5}(:(([a-zA-Z]{2,3}(-([a-zA-Z]{2}|[0-9]{3}))?)|[\*\-]))(:(((\?*|\*?)([a-zA-Z0-9\-\._]|(\\[\\\*\?!"#$$%&'\(\)\+,\/:;<=>@\[\]\^`\{\|}~]))+(\?*|\*?))|[\*\-])){4})$/ export function isCPE (value: any): value is CPE { From 08b8710a020a24b58c12258bdffc489f99ef0346 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sat, 16 Apr 2022 02:00:21 +0200 Subject: [PATCH 080/233] wip Signed-off-by: Jan Kowalleck --- .eslintrc.js | 2 ++ .mocharc.js | 16 ++++++++-------- webpack.config.js | 1 - 3 files changed, 10 insertions(+), 9 deletions(-) diff --git a/.eslintrc.js b/.eslintrc.js index c5d86e52f..71740bbb5 100644 --- a/.eslintrc.js +++ b/.eslintrc.js @@ -1,5 +1,7 @@ +// https://eslint.org/ module.exports = { root: true, + // see https://github.com/standard/ts-standard extends: 'standard-with-typescript', parserOptions: { project: './tsconfig.json' diff --git a/.mocharc.js b/.mocharc.js index 7e7aad24a..fb04922d5 100644 --- a/.mocharc.js +++ b/.mocharc.js @@ -1,11 +1,11 @@ -module.exports = { // mocha config // read: https://mochajs.org/#configuring-mocha-nodejs - recursive: true, - extension: [ - "spec.js", "test.js", - "spec.cjs", "test.cjs", - "spec.mjs", "test.mjs", - ], - ui: 'tdd', +module.exports = { + recursive: true, + extension: [ + 'spec.js', 'test.js', + 'spec.cjs', 'test.cjs', + 'spec.mjs', 'test.mjs', + ], + ui: 'tdd', } diff --git a/webpack.config.js b/webpack.config.js index 589e57bc4..8c4ca0bf5 100644 --- a/webpack.config.js +++ b/webpack.config.js @@ -2,7 +2,6 @@ const path = require('path') const merge = require('deepmerge') // see https://webpack.js.org/guides/author-libraries/ - const configBase = { target: 'web', // mode: '', From 341d957ce7e2035792228cdfaeaf968a9c255cd3 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sat, 16 Apr 2022 14:05:53 +0200 Subject: [PATCH 081/233] wip Signed-off-by: Jan Kowalleck --- src/serialize/JSON.normalize.ts | 302 ++++++++++++++++++++++++++++++ src/serialize/JSON.ts | 318 +------------------------------- src/serialize/index.ts | 3 +- src/serialize/serializer.ts | 5 - src/serialize/types.ts | 9 + 5 files changed, 321 insertions(+), 316 deletions(-) create mode 100644 src/serialize/JSON.normalize.ts delete mode 100644 src/serialize/serializer.ts create mode 100644 src/serialize/types.ts diff --git a/src/serialize/JSON.normalize.ts b/src/serialize/JSON.normalize.ts new file mode 100644 index 000000000..fe4cbd5e2 --- /dev/null +++ b/src/serialize/JSON.normalize.ts @@ -0,0 +1,302 @@ +import * as Models from '../models' +import { Protocol as SpecProtocol } from '../spec' + +export class Factory { + readonly spec: SpecProtocol + + constructor (spec: SpecProtocol) { + this.spec = spec + } + + makeForBom (): BomNormalizer { + return new BomNormalizer(this) + } + + makeForMetadata (): MetadataNormalizer { + return new MetadataNormalizer(this) + } + + makeForComponent (): ComponentNormalizer { + return new ComponentNormalizer(this) + } + + makeForTool (): ToolNormalizer { + return new ToolNormalizer(this) + } + + makeForOrganizationalContact (): OrganizationalContactNormalizer { + return new OrganizationalContactNormalizer(this) + } + + makeForOrganizationalEntity (): OrganizationalEntityNormalizer { + return new OrganizationalEntityNormalizer(this) + } + + makeForHash (): HashNormalizer { + return new HashNormalizer(this) + } + + makeForLicense (): LicenseNormalizer { + return new LicenseNormalizer(this) + } + + makeForSWID (): SWIDNormalizer { + return new SWIDNormalizer(this) + } + + makeForExternalReference (): ExternalReferenceNormalizer { + return new ExternalReferenceNormalizer(this) + } + + makeForAttachment (): AttachmentNormalizer { + return new AttachmentNormalizer(this) + } +} + +export interface Protocol { + normalize: (data: any) => object | undefined +} + +abstract class Base implements Protocol { + protected factory: Factory + + constructor (factory: Factory) { + this.factory = factory + } + + abstract normalize (data: any): object | undefined +} + +/* eslint-disable @typescript-eslint/prefer-nullish-coalescing, @typescript-eslint/strict-boolean-expressions -- + * since empty strings need to be treated here + **/ + +export class BomNormalizer extends Base { + normalize (data: Models.Bom): object { + return { + bomFormat: 'CycloneDX', + specVersion: this.factory.spec.version, + version: data.version, + serialNumber: data.serialNumber || undefined, + metadata: this.factory.makeForMetadata().normalize(data.metadata), + components: data.components.size > 0 + ? this.factory.makeForComponent().normalizeIter(data.components) + : [] // spec < 1.4 requires `component` to be array + } + } +} + +export class MetadataNormalizer extends Base { + normalize (data: Models.Metadata): object { + const toolNormalizer = this.factory.makeForTool() + const orgContactNormalizer = this.factory.makeForOrganizationalContact() + const orgEntityNormalizer = this.factory.makeForOrganizationalEntity() + return { + timestamp: data.timestamp?.toISOString(), + tools: data.tools.size > 0 + ? Array.from(data.tools, t => toolNormalizer.normalize(t)) + : undefined, + authors: data.authors.size > 0 + ? Array.from(data.authors, a => orgContactNormalizer.normalize(a)) + : undefined, + component: data.component === null + ? undefined + : this.factory.makeForComponent().normalize(data.component), + manufacture: data.manufacture === null + ? undefined + : orgEntityNormalizer.normalize(data.manufacture), + supplier: data.supplier === null + ? undefined + : orgEntityNormalizer.normalize(data.supplier) + } + } +} + +export class ToolNormalizer extends Base { + normalize (data: Models.Tool): object { + const hashNormalizer = this.factory.makeForHash() + return { + vendor: data.vendor || undefined, + name: data.name || undefined, + version: data.version || undefined, + hashes: data.hashes.size > 0 + ? hashNormalizer.normalizeIter(data.hashes) + : undefined + } + } +} + +export class HashNormalizer extends Base { + normalize ([algorithm, content]: Models.Hash): object | undefined { + const spec = this.factory.spec + return spec.supportsHashAlgorithm(algorithm) && spec.supportsHashValue(content) + ? { + alg: algorithm, + content: content + } + : undefined + } + + normalizeIter (data: Iterable): object[] { + return Array.from(data, h => this.normalize(h)) + .filter(h => undefined !== h) as object[] + } +} + +export class OrganizationalContactNormalizer extends Base { + normalize (data: Models.OrganizationalContact): object { + return { + name: data.name || undefined, + // email must conform to https://datatracker.ietf.org/doc/html/rfc6531 + email: data.email || undefined, + phone: data.phone || undefined + } + } +} + +export class OrganizationalEntityNormalizer extends Base { + normalize (data: Models.OrganizationalEntity): object { + const contactNormalizer = this.factory.makeForOrganizationalContact() + return { + name: data.name || undefined, + url: data.url.size > 0 + // must comply to https://datatracker.ietf.org/doc/html/rfc3987 + ? Array.from(data.url, u => u.toString()) + : undefined, + contact: data.contact.size > 0 + ? Array.from(data.contact, c => contactNormalizer.normalize(c)) + : undefined + } + } +} + +export class ComponentNormalizer extends Base { + normalize (data: Models.Component): object | undefined { + return this.factory.spec.supportsComponentType(data.type) + ? { + type: data.type, + name: data.name, + group: data.group || undefined, + // version fallback to string for spec < 1.4 + version: data.version || '', + 'bom-ref': data.bomRef.value || undefined, + supplier: data.supplier === null + ? undefined + : this.factory.makeForOrganizationalEntity().normalize(data.supplier), + author: data.author || undefined, + publisher: data.publisher || undefined, + description: data.description || undefined, + scope: data.scope || undefined, + hashes: data.hashes.size > 0 + ? this.factory.makeForHash().normalizeIter(data.hashes) + : undefined, + licenses: data.licenses.size > 0 + ? this.factory.makeForLicense().normalizeIter(data.licenses) + : undefined, + copyright: data.copyright || undefined, + cpe: data.cpe || undefined, + purl: data.purl?.toString(), + swid: (data.swid === null) + ? undefined + : this.factory.makeForSWID().normalize(data.swid), + externalReferences: data.externalReferences.size > 0 + ? this.factory.makeForExternalReference().normalizeIter(data.externalReferences) + : undefined + } + : undefined + } + + normalizeIter (data: Iterable): object[] { + return Array.from(data, c => this.normalize(c)) + .filter(c => undefined !== c) as object[] + } +} + +class LicenseNormalizer extends Base { + normalize (data: Models.License): object | undefined { + switch (true) { + case data instanceof Models.NamedLicense: + return this.normalizeNamedLicense(data as Models.NamedLicense) + case data instanceof Models.SpdxLicense: + return this.normalizeSpdxLicense(data as Models.SpdxLicense) + case data instanceof Models.LicenseExpression: + return this.normalizeLicenseExpression(data as Models.LicenseExpression) + default: + throw new RangeError('Unexpected LicenseChoice') + } + } + + private readonly normalizeNamedLicense = (data: Models.NamedLicense): object => ({ + license: { + name: data.name, + text: data.text === null + ? undefined + : this.factory.makeForAttachment().normalize(data.text), + url: data.url?.toString() + } + }) + + private readonly normalizeSpdxLicense = (data: Models.SpdxLicense): object => ({ + license: { + id: data.id, + text: data.text === null + ? undefined + : this.factory.makeForAttachment().normalize(data.text), + url: data.url?.toString() + } + }) + + private readonly normalizeLicenseExpression = (data: Models.LicenseExpression): object => ({ + expression: data.expression + }) + + normalizeIter (data: Iterable): object[] { + return Array.from(data, c => this.normalize(c)) + .filter(c => undefined !== c) as object[] + } +} + +class SWIDNormalizer extends Base { + normalize (data: Models.SWID): object { + return { + tagId: data.tagId, + name: data.name, + version: data.version || undefined, + tagVersion: data.tagVersion ?? undefined, + patch: data.patch ?? undefined, + text: data.text === null + ? undefined + : this.factory.makeForAttachment().normalize(data.text), + url: data.url?.toString() + } + } +} + +class ExternalReferenceNormalizer extends Base { + normalize (data: Models.ExternalReference): object | undefined { + return this.factory.spec.supportsExternalReferenceType(data.type) + ? { + url: data.url.toString(), + type: data.type, + comment: data.comment || undefined + } + : undefined + } + + normalizeIter (data: Iterable): object[] { + return Array.from(data, r => this.normalize(r)) + .filter(r => undefined !== r) as object[] + } +} + +class AttachmentNormalizer extends Base { + normalize (data: Models.Attachment): object { + return { + content: data.content, + contentType: data.contentType || undefined, + encoding: data.encoding || undefined + } + } +} + +/* eslint-enable @typescript-eslint/prefer-nullish-coalescing, @typescript-eslint/strict-boolean-expressions */ diff --git a/src/serialize/JSON.ts b/src/serialize/JSON.ts index b0b2255b6..bd3024f7c 100644 --- a/src/serialize/JSON.ts +++ b/src/serialize/JSON.ts @@ -1,6 +1,7 @@ -import * as Models from '../models' -import { Protocol as SpecProtocol, Version as SpecVersion, Format, UnsupportedFormatError } from '../spec' -import { Protocol as SerializerProtocol } from './serializer' +import { Bom } from '../models' +import { Version as SpecVersion, Format, UnsupportedFormatError } from '../spec' +import { Serializer as SerializerProtocol } from './types' +import { Factory as NormalizerFactory } from './JSON.normalize' const JsonSchemaUrl: ReadonlyMap = new Map([ [SpecVersion.v1dot2, 'http://cyclonedx.org/schema/bom-1.2b.schema.json'], @@ -9,19 +10,19 @@ const JsonSchemaUrl: ReadonlyMap = new Map([ ]) export class Serializer implements SerializerProtocol { - #normalizerFactory: Normalize.Factory + #normalizerFactory: NormalizerFactory /** * @throws {UnsupportedFormatError} if spec does not support JSON format. */ - constructor (normalizerFactory: Normalize.Factory) { + constructor (normalizerFactory: NormalizerFactory) { if (!normalizerFactory.spec.supportsFormat(Format.JSON)) { throw new UnsupportedFormatError('Spec does not support JSON format.') } this.#normalizerFactory = normalizerFactory } - serialize (bom: Models.Bom): string { + serialize (bom: Bom): string { // @TODO bom-refs values make unique ... return JSON.stringify( { @@ -34,307 +35,4 @@ export class Serializer implements SerializerProtocol { } } -/* eslint-disable-next-line @typescript-eslint/no-namespace */ -export namespace Normalize { - - export class Factory { - readonly spec: SpecProtocol - - constructor (spec: SpecProtocol) { - this.spec = spec - } - - makeForBom (): BomNormalizer { - return new BomNormalizer(this) - } - - makeForMetadata (): MetadataNormalizer { - return new MetadataNormalizer(this) - } - - makeForComponent (): ComponentNormalizer { - return new ComponentNormalizer(this) - } - - makeForTool (): ToolNormalizer { - return new ToolNormalizer(this) - } - - makeForOrganizationalContact (): OrganizationalContactNormalizer { - return new OrganizationalContactNormalizer(this) - } - - makeForOrganizationalEntity (): OrganizationalEntityNormalizer { - return new OrganizationalEntityNormalizer(this) - } - - makeForHash (): HashNormalizer { - return new HashNormalizer(this) - } - - makeForLicense (): LicenseNormalizer { - return new LicenseNormalizer(this) - } - - makeForSWID (): SWIDNormalizer { - return new SWIDNormalizer(this) - } - - makeForExternalReference (): ExternalReferenceNormalizer { - return new ExternalReferenceNormalizer(this) - } - - makeForAttachment (): AttachmentNormalizer { - return new AttachmentNormalizer(this) - } - } - - export interface Protocol { - normalize: (data: any) => object | undefined - } - - abstract class Base implements Protocol { - protected factory: Factory - - constructor (factory: Factory) { - this.factory = factory - } - - abstract normalize (data: any): object | undefined - } - - /* eslint-disable @typescript-eslint/prefer-nullish-coalescing, @typescript-eslint/strict-boolean-expressions -- - * since empty strings need to treated here */ - - export class BomNormalizer extends Base { - normalize (data: Models.Bom): object { - return { - bomFormat: 'CycloneDX', - specVersion: this.factory.spec.version, - version: data.version, - serialNumber: data.serialNumber || undefined, - metadata: this.factory.makeForMetadata().normalize(data.metadata), - components: data.components.size > 0 - ? this.factory.makeForComponent().normalizeIter(data.components) - // spec < 1.4 requires `component` to be array - : [] - } - } - } - - export class MetadataNormalizer extends Base { - normalize (data: Models.Metadata): object { - const toolNormalizer = this.factory.makeForTool() - const orgContactNormalizer = this.factory.makeForOrganizationalContact() - const orgEntityNormalizer = this.factory.makeForOrganizationalEntity() - return { - timestamp: data.timestamp?.toISOString(), - tools: data.tools.size > 0 - ? Array.from(data.tools, t => toolNormalizer.normalize(t)) - : undefined, - authors: data.authors.size > 0 - ? Array.from(data.authors, a => orgContactNormalizer.normalize(a)) - : undefined, - component: (data.component != null) - ? this.factory.makeForComponent().normalize(data.component) - : undefined, - manufacture: (data.manufacture != null) - ? orgEntityNormalizer.normalize(data.manufacture) - : undefined, - supplier: (data.supplier != null) - ? orgEntityNormalizer.normalize(data.supplier) - : undefined - } - } - } - - export class ToolNormalizer extends Base { - normalize (data: Models.Tool): object { - const hashNormalizer = this.factory.makeForHash() - return { - vendor: data.vendor || undefined, - name: data.name || undefined, - version: data.version || undefined, - hashes: data.hashes.size > 0 - ? hashNormalizer.normalizeIter(data.hashes) - : undefined - } - } - } - - export class HashNormalizer extends Base { - normalize ([algorithm, content]: Models.Hash): object | undefined { - const spec = this.factory.spec - return spec.supportsHashAlgorithm(algorithm) && spec.supportsHashValue(content) - ? { - alg: algorithm, - content: content - } - : undefined - } - - normalizeIter (data: Iterable): object[] { - return Array.from(data, h => this.normalize(h)) - .filter(h => undefined !== h) as object[] - } - } - - export class OrganizationalContactNormalizer extends Base { - normalize (data: Models.OrganizationalContact): object { - return { - name: data.name || undefined, - // email must conform to https://datatracker.ietf.org/doc/html/rfc6531 - email: data.email || undefined, - phone: data.phone || undefined - } - } - } - - export class OrganizationalEntityNormalizer extends Base { - normalize (data: Models.OrganizationalEntity): object { - const contactNormalizer = this.factory.makeForOrganizationalContact() - return { - name: data.name || undefined, - url: data.url.size > 0 - // must comply to https://datatracker.ietf.org/doc/html/rfc3987 - ? Array.from(data.url, u => u.toString()) - : undefined, - contact: data.contact.size > 0 - ? Array.from(data.contact, c => contactNormalizer.normalize(c)) - : undefined - } - } - } - - export class ComponentNormalizer extends Base { - normalize (data: Models.Component): object | undefined { - return this.factory.spec.supportsComponentType(data.type) - ? { - type: data.type, - name: data.name, - group: data.group || undefined, - // version fallback to string for spec < 1.4 - version: data.version || '', - 'bom-ref': data.bomRef.value || undefined, - supplier: (data.supplier != null) - ? this.factory.makeForOrganizationalEntity().normalize(data.supplier) - : undefined, - author: data.author || undefined, - publisher: data.publisher || undefined, - description: data.description || undefined, - scope: data.scope || undefined, - hashes: data.hashes.size > 0 - ? this.factory.makeForHash().normalizeIter(data.hashes) - : undefined, - licenses: data.licenses.size > 0 - ? this.factory.makeForLicense().normalizeIter(data.licenses) - : undefined, - copyright: data.copyright || undefined, - cpe: data.cpe || undefined, - purl: data.purl?.toString(), - swid: (data.swid != null) - ? this.factory.makeForSWID().normalize(data.swid) - : undefined, - externalReferences: data.externalReferences.size > 0 - ? this.factory.makeForExternalReference().normalizeIter(data.externalReferences) - : undefined - } - : undefined - } - - normalizeIter (data: Iterable): object[] { - return Array.from(data, c => this.normalize(c)) - .filter(c => undefined !== c) as object[] - } - } - - class LicenseNormalizer extends Base { - normalize (data: Models.License): object | undefined { - switch (true) { - case data instanceof Models.NamedLicense: - return this.normalizeNamedLicense(data as Models.NamedLicense) - case data instanceof Models.SpdxLicense: - return this.normalizeSpdxLicense(data as Models.SpdxLicense) - case data instanceof Models.LicenseExpression: - return this.normalizeLicenseExpression(data as Models.LicenseExpression) - default: - throw new RangeError('Unexpected LicenseChoice') - } - } - - private readonly normalizeNamedLicense = (data: Models.NamedLicense): object => ({ - license: { - name: data.name, - text: (data.text != null) - ? this.factory.makeForAttachment().normalize(data.text) - : undefined, - url: data.url?.toString() - } - }) - - private readonly normalizeSpdxLicense = (data: Models.SpdxLicense): object => ({ - license: { - id: data.id, - text: (data.text != null) - ? this.factory.makeForAttachment().normalize(data.text) - : undefined, - url: data.url?.toString() - } - }) - - private readonly normalizeLicenseExpression = (data: Models.LicenseExpression): object => ({ - expression: data.expression - }) - - normalizeIter (data: Iterable): object[] { - return Array.from(data, c => this.normalize(c)) - .filter(c => undefined !== c) as object[] - } - } - - class SWIDNormalizer extends Base { - normalize (data: Models.SWID): object { - return { - tagId: data.tagId, - name: data.name, - version: data.version || undefined, - tagVersion: data.tagVersion ?? undefined, - patch: data.patch ?? undefined, - text: (data.text != null) - ? this.factory.makeForAttachment().normalize(data.text) - : undefined, - url: data.url?.toString() - } - } - } - - class ExternalReferenceNormalizer extends Base { - normalize (data: Models.ExternalReference): object | undefined { - return this.factory.spec.supportsExternalReferenceType(data.type) - ? { - url: data.url.toString(), - type: data.type, - comment: data.comment || undefined - } - : undefined - } - - normalizeIter (data: Iterable): object[] { - return Array.from(data, r => this.normalize(r)) - .filter(r => undefined !== r) as object[] - } - } - - class AttachmentNormalizer extends Base { - normalize (data: Models.Attachment): object { - return { - content: data.content, - contentType: data.contentType || undefined, - encoding: data.encoding || undefined - } - } - } - - /* eslint-enable @typescript-eslint/prefer-nullish-coalescing, @typescript-eslint/strict-boolean-expressions */ - -} +export * as Normalize from './JSON.normalize' diff --git a/src/serialize/index.ts b/src/serialize/index.ts index f05065ccf..cb340f388 100644 --- a/src/serialize/index.ts +++ b/src/serialize/index.ts @@ -1,2 +1,3 @@ -export * as Serializer from './serializer' +export * from './types' + export * as JSON from './JSON' diff --git a/src/serialize/serializer.ts b/src/serialize/serializer.ts deleted file mode 100644 index 2e19ba034..000000000 --- a/src/serialize/serializer.ts +++ /dev/null @@ -1,5 +0,0 @@ -import { Bom } from '../models' - -export interface Protocol { - serialize: (bom: Bom) => string -} diff --git a/src/serialize/types.ts b/src/serialize/types.ts new file mode 100644 index 000000000..a762cacdb --- /dev/null +++ b/src/serialize/types.ts @@ -0,0 +1,9 @@ +import { Bom } from '../models' + +export interface Serializer { + serialize: (bom: Bom) => string +} + +export interface Deserializer { + deserialize: (bom: string) => Bom +} From 0e86a08a144529760c698431eadd15f567d7c3a7 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sat, 16 Apr 2022 18:06:28 +0200 Subject: [PATCH 082/233] wip Signed-off-by: Jan Kowalleck --- README.md | 33 ++++++++++++++++----------------- 1 file changed, 16 insertions(+), 17 deletions(-) diff --git a/README.md b/README.md index 9be62cc52..e5668b79f 100644 --- a/README.md +++ b/README.md @@ -39,26 +39,25 @@ bom.components.add( In web-browser: ```html - - - - + + ``` ## Development & CONTRIBUTING -See [CONTRIBUTING](CONTRIBUTING.md) file for details. +See [CONTRIBUTING] file for details. [CycloneDX]: https://cyclonedx.org/ +[CONTRIBUTING]: https://github.com/CycloneDX/cyclonedx-javascript-library/blob/1.0-dev/CONTRIBUTING.md From 4b5f5a1a30b4d36de737e16d462d183063c4b47b Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Tue, 19 Apr 2022 00:14:44 +0200 Subject: [PATCH 083/233] add json types (#21) Signed-off-by: Jan Kowalleck --- src/serialize/JSON.normalize.ts | 46 ++++++------ src/serialize/JSON.ts | 14 ++-- src/serialize/JSON.types.ts | 123 ++++++++++++++++++++++++++++++++ 3 files changed, 152 insertions(+), 31 deletions(-) create mode 100644 src/serialize/JSON.types.ts diff --git a/src/serialize/JSON.normalize.ts b/src/serialize/JSON.normalize.ts index fe4cbd5e2..d7d95c1c8 100644 --- a/src/serialize/JSON.normalize.ts +++ b/src/serialize/JSON.normalize.ts @@ -1,5 +1,6 @@ -import * as Models from '../models' import { Protocol as SpecProtocol } from '../spec' +import * as Models from '../models' +import * as Types from './JSON.types' export class Factory { readonly spec: SpecProtocol @@ -72,7 +73,7 @@ abstract class Base implements Protocol { **/ export class BomNormalizer extends Base { - normalize (data: Models.Bom): object { + normalize (data: Models.Bom): Types.Bom { return { bomFormat: 'CycloneDX', specVersion: this.factory.spec.version, @@ -87,7 +88,7 @@ export class BomNormalizer extends Base { } export class MetadataNormalizer extends Base { - normalize (data: Models.Metadata): object { + normalize (data: Models.Metadata): Types.Metadata { const toolNormalizer = this.factory.makeForTool() const orgContactNormalizer = this.factory.makeForOrganizationalContact() const orgEntityNormalizer = this.factory.makeForOrganizationalEntity() @@ -113,7 +114,7 @@ export class MetadataNormalizer extends Base { } export class ToolNormalizer extends Base { - normalize (data: Models.Tool): object { + normalize (data: Models.Tool): Types.Tool { const hashNormalizer = this.factory.makeForHash() return { vendor: data.vendor || undefined, @@ -127,7 +128,7 @@ export class ToolNormalizer extends Base { } export class HashNormalizer extends Base { - normalize ([algorithm, content]: Models.Hash): object | undefined { + normalize ([algorithm, content]: Models.Hash): Types.Hash | undefined { const spec = this.factory.spec return spec.supportsHashAlgorithm(algorithm) && spec.supportsHashValue(content) ? { @@ -137,14 +138,14 @@ export class HashNormalizer extends Base { : undefined } - normalizeIter (data: Iterable): object[] { + normalizeIter (data: Iterable): Types.Hash[] { return Array.from(data, h => this.normalize(h)) - .filter(h => undefined !== h) as object[] + .filter(h => undefined !== h) as Types.Hash[] } } export class OrganizationalContactNormalizer extends Base { - normalize (data: Models.OrganizationalContact): object { + normalize (data: Models.OrganizationalContact): Types.OrganizationalContact { return { name: data.name || undefined, // email must conform to https://datatracker.ietf.org/doc/html/rfc6531 @@ -155,7 +156,7 @@ export class OrganizationalContactNormalizer extends Base { } export class OrganizationalEntityNormalizer extends Base { - normalize (data: Models.OrganizationalEntity): object { + normalize (data: Models.OrganizationalEntity): Types.OrganizationalEntity { const contactNormalizer = this.factory.makeForOrganizationalContact() return { name: data.name || undefined, @@ -171,7 +172,7 @@ export class OrganizationalEntityNormalizer extends Base { } export class ComponentNormalizer extends Base { - normalize (data: Models.Component): object | undefined { + normalize (data: Models.Component): Types.Component | undefined { return this.factory.spec.supportsComponentType(data.type) ? { type: data.type, @@ -206,14 +207,14 @@ export class ComponentNormalizer extends Base { : undefined } - normalizeIter (data: Iterable): object[] { + normalizeIter (data: Iterable): Types.Component[] { return Array.from(data, c => this.normalize(c)) - .filter(c => undefined !== c) as object[] + .filter(c => undefined !== c) as Types.Component[] } } class LicenseNormalizer extends Base { - normalize (data: Models.License): object | undefined { + normalize (data: Models.License): Types.License { switch (true) { case data instanceof Models.NamedLicense: return this.normalizeNamedLicense(data as Models.NamedLicense) @@ -226,7 +227,7 @@ class LicenseNormalizer extends Base { } } - private readonly normalizeNamedLicense = (data: Models.NamedLicense): object => ({ + private readonly normalizeNamedLicense = (data: Models.NamedLicense): Types.NamedLicense => ({ license: { name: data.name, text: data.text === null @@ -236,7 +237,7 @@ class LicenseNormalizer extends Base { } }) - private readonly normalizeSpdxLicense = (data: Models.SpdxLicense): object => ({ + private readonly normalizeSpdxLicense = (data: Models.SpdxLicense): Types.SpdxLicense => ({ license: { id: data.id, text: data.text === null @@ -246,18 +247,17 @@ class LicenseNormalizer extends Base { } }) - private readonly normalizeLicenseExpression = (data: Models.LicenseExpression): object => ({ + private readonly normalizeLicenseExpression = (data: Models.LicenseExpression): Types.LicenseExpression => ({ expression: data.expression }) - normalizeIter (data: Iterable): object[] { + normalizeIter (data: Iterable): Types.License[] { return Array.from(data, c => this.normalize(c)) - .filter(c => undefined !== c) as object[] } } class SWIDNormalizer extends Base { - normalize (data: Models.SWID): object { + normalize (data: Models.SWID): Types.SWID { return { tagId: data.tagId, name: data.name, @@ -273,7 +273,7 @@ class SWIDNormalizer extends Base { } class ExternalReferenceNormalizer extends Base { - normalize (data: Models.ExternalReference): object | undefined { + normalize (data: Models.ExternalReference): Types.ExternalReference | undefined { return this.factory.spec.supportsExternalReferenceType(data.type) ? { url: data.url.toString(), @@ -283,14 +283,14 @@ class ExternalReferenceNormalizer extends Base { : undefined } - normalizeIter (data: Iterable): object[] { + normalizeIter (data: Iterable): Types.ExternalReference[] { return Array.from(data, r => this.normalize(r)) - .filter(r => undefined !== r) as object[] + .filter(r => undefined !== r) as Types.ExternalReference[] } } class AttachmentNormalizer extends Base { - normalize (data: Models.Attachment): object { + normalize (data: Models.Attachment): Types.Attachment { return { content: data.content, contentType: data.contentType || undefined, diff --git a/src/serialize/JSON.ts b/src/serialize/JSON.ts index bd3024f7c..1b958701a 100644 --- a/src/serialize/JSON.ts +++ b/src/serialize/JSON.ts @@ -2,6 +2,7 @@ import { Bom } from '../models' import { Version as SpecVersion, Format, UnsupportedFormatError } from '../spec' import { Serializer as SerializerProtocol } from './types' import { Factory as NormalizerFactory } from './JSON.normalize' +import { Bom as JsonBom } from './JSON.types' const JsonSchemaUrl: ReadonlyMap = new Map([ [SpecVersion.v1dot2, 'http://cyclonedx.org/schema/bom-1.2b.schema.json'], @@ -24,14 +25,11 @@ export class Serializer implements SerializerProtocol { serialize (bom: Bom): string { // @TODO bom-refs values make unique ... - return JSON.stringify( - { - $schema: JsonSchemaUrl.get(this.#normalizerFactory.spec.version), - ...this.#normalizerFactory.makeForBom().normalize(bom) - }, - null, - 4 - ) + const _bom: JsonBom = { + $schema: JsonSchemaUrl.get(this.#normalizerFactory.spec.version), + ...this.#normalizerFactory.makeForBom().normalize(bom) + } + return JSON.stringify(_bom, null, 4) } } diff --git a/src/serialize/JSON.types.ts b/src/serialize/JSON.types.ts new file mode 100644 index 000000000..ac949de80 --- /dev/null +++ b/src/serialize/JSON.types.ts @@ -0,0 +1,123 @@ +import * as Enums from '../enums' +import { SpdxId } from '../SPDX' +import { CPE, PositiveInteger, UrnUuid } from '../types' +import { HashContent } from '../models' + +type IriReference = string +type IdnEmail = string +type DateTime = string + +type RefType = string + +export interface Bom { + '$schema'?: string + bomFormat: 'CycloneDX' + specVersion: string + version: PositiveInteger + serialNumber?: UrnUuid + metadata?: Metadata + components?: Component[] + externalReferences?: ExternalReference[] +} + +export interface Metadata { + timestamp?: DateTime + tools?: Tool[] + authors?: OrganizationalContact[] + component?: Component + manufacture?: OrganizationalEntity + supplier?: OrganizationalEntity + licenses?: License[] +} + +export interface Tool { + vendor?: string + name?: string + version?: string + hashes?: Hash[] + externalReferences?: ExternalReference[] +} + +export interface OrganizationalContact { + name?: string + email?: IdnEmail + phone?: string +} + +export interface OrganizationalEntity { + name?: string + url?: IriReference[] + contact?: OrganizationalContact[] +} + +export interface Hash { + alg: Enums.HashAlgorithm + content: HashContent +} + +export interface Component { + type: Enums.ComponentType + name: string + 'mime-type'?: string + 'bom-ref'?: RefType + supplier?: OrganizationalEntity + author?: string + publisher?: string + group?: string + version?: string + description?: string + scope?: Enums.ComponentScope + hashes?: Hash[] + licenses?: License[] + copyright?: string + cpe?: CPE + purl?: string + swid?: SWID + modified?: boolean + externalReferences?: ExternalReference[] + components?: Component[] +} + +export interface NamedLicense { + license: { + name: string + text?: Attachment + url?: string + } +} + +export interface SpdxLicense { + license: { + id: SpdxId + text?: Attachment + url?: string + } +} + +export interface LicenseExpression { + expression: string +} + +export type License = NamedLicense | SpdxLicense | LicenseExpression + +export interface SWID { + tagId: string + name: string + version?: string + tagVersion?: number + patch?: boolean + text?: Attachment + url?: IriReference +} + +export interface ExternalReference { + url: string + type: Enums.ExternalReferenceType + comment?: string +} + +export interface Attachment { + content?: string + contentType?: string + encoding?: Enums.AttachmentEncoding +} From 92beb6300ff84d0d9de3955460035fd67adf0f98 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Mon, 25 Apr 2022 17:26:50 +0200 Subject: [PATCH 084/233] wip Signed-off-by: Jan Kowalleck --- .gitignore | 4 ++-- .npmignore | 4 ++-- package.json | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.gitignore b/.gitignore index 212dddc5a..488b72efd 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,6 @@ /.*.cache/ -/report/ -/CI_report/ +/reports/ +/CI_reports/ /dist/ /dist.*/ diff --git a/.npmignore b/.npmignore index 3c53ad529..218f827a1 100644 --- a/.npmignore +++ b/.npmignore @@ -168,5 +168,5 @@ dist /examples/ /.*.cache/ -/report/ -/CI_report/ +/reports/ +/CI_reports/ diff --git a/package.json b/package.json index a1bcf3e9e..29ef24bb8 100644 --- a/package.json +++ b/package.json @@ -51,9 +51,9 @@ "prebuild:web": "node -r fs -e 'fs.rmSync(\"dist.web\",{recursive:true,force:true})'", "build:web": "webpack", "cs-fix": "ts-standard --fix", - "test": " npm run test:style && npm run test:web && npm run test:node", + "test": " npm run test:standard && npm run test:web && npm run test:node", "test:node": "mocha", "test:web": "node -e 'console.log(\"todo: write web test\")'", - "test:style": "ts-standard" + "test:standard": "ts-standard" } } From 9ed66de24260e633802a6be0513d02f80e9887c0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 24 Apr 2022 23:49:34 +0200 Subject: [PATCH 085/233] Bump @types/node from 17.0.24 to 17.0.25 (#22) Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 17.0.24 to 17.0.25. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) --- updated-dependencies: - dependency-name: "@types/node" dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Jan Kowalleck --- package-lock.json | 14 +++++++------- package.json | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/package-lock.json b/package-lock.json index aeda7ec21..9746466e6 100644 --- a/package-lock.json +++ b/package-lock.json @@ -12,7 +12,7 @@ "packageurl-js": "^0.0.6" }, "devDependencies": { - "@types/node": "^17.0.24", + "@types/node": "^17.0.25", "deepmerge": "4.2.2", "mocha": "9.2.2", "ts-loader": "9.2.8", @@ -306,9 +306,9 @@ "dev": true }, "node_modules/@types/node": { - "version": "17.0.24", - "resolved": "https://registry.npmjs.org/@types/node/-/node-17.0.24.tgz", - "integrity": "sha512-aveCYRQbgTH9Pssp1voEP7HiuWlD2jW2BO56w+bVrJn04i61yh6mRfoKO6hEYQD9vF+W8Chkwc6j1M36uPkx4g==", + "version": "17.0.25", + "resolved": "https://registry.npmjs.org/@types/node/-/node-17.0.25.tgz", + "integrity": "sha512-wANk6fBrUwdpY4isjWrKTufkrXdu1D2YHCot2fD/DfWxF5sMrVSA+KN7ydckvaTCh0HiqX9IVl0L5/ZoXg5M7w==", "dev": true }, "node_modules/@typescript-eslint/eslint-plugin": { @@ -5051,9 +5051,9 @@ "dev": true }, "@types/node": { - "version": "17.0.24", - "resolved": "https://registry.npmjs.org/@types/node/-/node-17.0.24.tgz", - "integrity": "sha512-aveCYRQbgTH9Pssp1voEP7HiuWlD2jW2BO56w+bVrJn04i61yh6mRfoKO6hEYQD9vF+W8Chkwc6j1M36uPkx4g==", + "version": "17.0.25", + "resolved": "https://registry.npmjs.org/@types/node/-/node-17.0.25.tgz", + "integrity": "sha512-wANk6fBrUwdpY4isjWrKTufkrXdu1D2YHCot2fD/DfWxF5sMrVSA+KN7ydckvaTCh0HiqX9IVl0L5/ZoXg5M7w==", "dev": true }, "@typescript-eslint/eslint-plugin": { diff --git a/package.json b/package.json index 29ef24bb8..8aec546f5 100644 --- a/package.json +++ b/package.json @@ -24,7 +24,7 @@ "packageurl-js": "^0.0.6" }, "devDependencies": { - "@types/node": "^17.0.24", + "@types/node": "^17.0.25", "deepmerge": "4.2.2", "mocha": "9.2.2", "ts-loader": "9.2.8", From dcd516f5543a788fbf2b799b3619b8d38156c1a7 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Mon, 25 Apr 2022 17:38:08 +0200 Subject: [PATCH 086/233] wip Signed-off-by: Jan Kowalleck --- .eslintrc.js | 1 - 1 file changed, 1 deletion(-) diff --git a/.eslintrc.js b/.eslintrc.js index 71740bbb5..0168c19f4 100644 --- a/.eslintrc.js +++ b/.eslintrc.js @@ -1,6 +1,5 @@ // https://eslint.org/ module.exports = { - root: true, // see https://github.com/standard/ts-standard extends: 'standard-with-typescript', parserOptions: { From abde12ad9cfc16b6f9bb296fc368ee26003469fd Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Mon, 25 Apr 2022 17:44:24 +0200 Subject: [PATCH 087/233] wip Signed-off-by: Jan Kowalleck --- .eslintrc.js | 1 + 1 file changed, 1 insertion(+) diff --git a/.eslintrc.js b/.eslintrc.js index 0168c19f4..71740bbb5 100644 --- a/.eslintrc.js +++ b/.eslintrc.js @@ -1,5 +1,6 @@ // https://eslint.org/ module.exports = { + root: true, // see https://github.com/standard/ts-standard extends: 'standard-with-typescript', parserOptions: { From 854b3c4e3d10b77123a7cff239f6ac70af9523bb Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Fri, 29 Apr 2022 13:26:44 +0200 Subject: [PATCH 088/233] reproducibility (#24) Signed-off-by: Jan Kowalleck --- src/models/attachment.ts | 6 + src/models/bomRef.ts | 7 + src/models/component.ts | 21 ++- src/models/externalReference.ts | 9 + src/models/hash.ts | 7 +- src/models/license.ts | 19 ++ src/models/organizationalContact.ts | 11 ++ src/models/organizationalEntity.ts | 3 - src/models/tool.ts | 10 ++ src/serialize/JSON.normalize.ts | 154 +++++++++------- src/serialize/JSON.ts | 15 +- test/_data/serialize.js | 61 ++++++- ...plex-spec1.2.json => complex_spec1.2.json} | 39 +++- ...plex-spec1.3.json => complex_spec1.3.json} | 39 +++- ...plex-spec1.4.json => complex_spec1.4.json} | 43 ++++- .../serializeResults/sortedLists_spec1.2.json | 165 +++++++++++++++++ .../serializeResults/sortedLists_spec1.3.json | 165 +++++++++++++++++ .../serializeResults/sortedLists_spec1.4.json | 169 ++++++++++++++++++ test/integration/serialize.JSON.test.js | 22 ++- 19 files changed, 868 insertions(+), 97 deletions(-) rename test/_data/serializeResults/{complex-spec1.2.json => complex_spec1.2.json} (78%) rename test/_data/serializeResults/{complex-spec1.3.json => complex_spec1.3.json} (78%) rename test/_data/serializeResults/{complex-spec1.4.json => complex_spec1.4.json} (76%) create mode 100644 test/_data/serializeResults/sortedLists_spec1.2.json create mode 100644 test/_data/serializeResults/sortedLists_spec1.3.json create mode 100644 test/_data/serializeResults/sortedLists_spec1.4.json diff --git a/src/models/attachment.ts b/src/models/attachment.ts index de93e1882..c1c8a887c 100644 --- a/src/models/attachment.ts +++ b/src/models/attachment.ts @@ -8,4 +8,10 @@ export class Attachment { constructor (content: string) { this.content = content } + + compare (other: Attachment): number { + /* eslint-disable-next-line @typescript-eslint/strict-boolean-expressions -- run compares in weighted order */ + return (this.contentType ?? '').localeCompare(other.contentType ?? '') || + this.content.localeCompare(other.content) // do not care for encoding, as long as a deterministic order is made + } } diff --git a/src/models/bomRef.ts b/src/models/bomRef.ts index e1d70d24d..a79b1b41c 100644 --- a/src/models/bomRef.ts +++ b/src/models/bomRef.ts @@ -1,6 +1,13 @@ export class BomRef { value: string | null = null + + compare (other: BomRef): number { + return (this.value ?? '').localeCompare(other.value ?? '') + } } export class BomRefRepository extends Set { + static compareItems (a: BomRef, b: BomRef): number { + return a.compare(b) + } } diff --git a/src/models/component.ts b/src/models/component.ts index d91fd6991..787bc5224 100644 --- a/src/models/component.ts +++ b/src/models/component.ts @@ -32,13 +32,14 @@ export class Component { this.name = name } + // see https://nvd.nist.gov/products/cpe #cpe: CPE | null = null get cpe (): CPE | null { return this.#cpe } /** - * @throws {TypeError} if value is not CPE not null + * @throws {TypeError} if value is not CPE nor null */ set cpe (value: CPE | null) { if (value !== null && !isCPE(value)) { @@ -46,7 +47,25 @@ export class Component { } this.#cpe = value } + + compare (other: Component): number { + const bomRefCompare = this.bomRef.compare(other.bomRef) + if (bomRefCompare !== 0) { return bomRefCompare } + if (this.purl !== null && other.purl !== null) { + return this.purl.toString().localeCompare(other.purl.toString()) + } + if (this.#cpe !== null && other.#cpe !== null) { + return this.#cpe.toString().localeCompare(other.#cpe.toString()) + } + /* eslint-disable-next-line @typescript-eslint/strict-boolean-expressions -- run compares in weighted order */ + return (this.group ?? '').localeCompare(other.group ?? '') || + this.name.localeCompare(other.name) || + (this.version ?? '').localeCompare(other.version ?? '') + } } export class ComponentRepository extends Set { + static compareItems (a: Component, b: Component): number { + return a.compare(b) + } } diff --git a/src/models/externalReference.ts b/src/models/externalReference.ts index eda7b27b1..3c92ad13c 100644 --- a/src/models/externalReference.ts +++ b/src/models/externalReference.ts @@ -9,7 +9,16 @@ export class ExternalReference { this.url = url this.type = type } + + compare (other: ExternalReference): number { + /* eslint-disable-next-line @typescript-eslint/strict-boolean-expressions -- run compares in weighted order */ + return this.type.localeCompare(other.type) || + this.url.toString().localeCompare(other.url.toString()) + } } export class ExternalReferenceRepository extends Set { + static compareItems (a: ExternalReference, b: ExternalReference): number { + return a.compare(b) + } } diff --git a/src/models/hash.ts b/src/models/hash.ts index 6407c949b..6981c9ea3 100644 --- a/src/models/hash.ts +++ b/src/models/hash.ts @@ -1,6 +1,6 @@ import { HashAlgorithm } from '../enums' -// no regex for the ashContent in here. It applies at runtime of a normalization/serialization process. +// no regex for the HashContent in here. It applies at runtime of a normalization/serialization process. export type HashContent = string export type Hash = [ @@ -11,4 +11,9 @@ export type Hash = [ ] export class HashRepository extends Map { + static compareItems (a: Hash, b: Hash): number { + /* eslint-disable-next-line @typescript-eslint/strict-boolean-expressions -- run compares in weighted order */ + return a[0].localeCompare(b[0]) || + a[1].localeCompare(b[1]) + } } diff --git a/src/models/license.ts b/src/models/license.ts index 9e32ea271..daac3e6cd 100644 --- a/src/models/license.ts +++ b/src/models/license.ts @@ -31,6 +31,10 @@ export class LicenseExpression { } this.#expression = value } + + compare (other: LicenseExpression): number { + return this.#expression.localeCompare(other.#expression) + } } export class NamedLicense { @@ -41,6 +45,10 @@ export class NamedLicense { constructor (name: string) { this.name = name } + + compare (other: NamedLicense): number { + return this.name.localeCompare(other.name) + } } export class SpdxLicense { @@ -68,10 +76,21 @@ export class SpdxLicense { } this.#id = value } + + compare (other: SpdxLicense): number { + return this.#id.localeCompare(other.#id) + } } export type DisjunctiveLicense = NamedLicense | SpdxLicense export type License = DisjunctiveLicense | LicenseExpression export class LicenseRepository extends Set { + static compareItems (a: License, b: License): number { + if (a.constructor === b.constructor) { + // @ts-expect-error -- classes are from same type -> they are comparable + return a.compare(b) + } + return a.constructor.name.localeCompare(b.constructor.name) + } } diff --git a/src/models/organizationalContact.ts b/src/models/organizationalContact.ts index e54a32071..ebcb401e5 100644 --- a/src/models/organizationalContact.ts +++ b/src/models/organizationalContact.ts @@ -1,8 +1,19 @@ + export class OrganizationalContact { name: string | null = null email: string | null = null phone: string | null = null + + compare (other: OrganizationalContact): number { + /* eslint-disable-next-line @typescript-eslint/strict-boolean-expressions -- run compares in weighted order */ + return (this.name ?? '').localeCompare(other.name ?? '') || + (this.email ?? '').localeCompare(other.email ?? '') || + (this.phone ?? '').localeCompare(other.phone ?? '') + } } export class OrganizationalContactRepository extends Set { + static compareItems (a: OrganizationalContact, b: OrganizationalContact): number { + return a.compare(b) + } } diff --git a/src/models/organizationalEntity.ts b/src/models/organizationalEntity.ts index 15c4e31fe..0f24b80e7 100644 --- a/src/models/organizationalEntity.ts +++ b/src/models/organizationalEntity.ts @@ -5,6 +5,3 @@ export class OrganizationalEntity { url = new Set() contact = new OrganizationalContactRepository() } - -export class OrganizationalEntityRepository extends Set { -} diff --git a/src/models/tool.ts b/src/models/tool.ts index 2f9d4e5ea..ab6f538aa 100644 --- a/src/models/tool.ts +++ b/src/models/tool.ts @@ -5,7 +5,17 @@ export class Tool { name: string | null = null version: string | null = null hashes = new HashRepository() + + compare (other: Tool): number { + /* eslint-disable-next-line @typescript-eslint/strict-boolean-expressions -- run compares in weighted order */ + return (this.vendor ?? '').localeCompare(other.vendor ?? '') || + (this.name ?? '').localeCompare(other.name ?? '') || + (this.version ?? '').localeCompare(other.version ?? '') + } } export class ToolRepository extends Set { + static compareItems (a: Tool, b: Tool): number { + return a.compare(b) + } } diff --git a/src/serialize/JSON.normalize.ts b/src/serialize/JSON.normalize.ts index d7d95c1c8..df907a549 100644 --- a/src/serialize/JSON.normalize.ts +++ b/src/serialize/JSON.normalize.ts @@ -54,8 +54,12 @@ export class Factory { } } +export interface Options { + sortLists?: boolean +} + export interface Protocol { - normalize: (data: any) => object | undefined + normalize: (data: any, options: Options) => object | undefined } abstract class Base implements Protocol { @@ -65,7 +69,7 @@ abstract class Base implements Protocol { this.factory = factory } - abstract normalize (data: any): object | undefined + abstract normalize (data: any, options: Options): object | undefined } /* eslint-disable @typescript-eslint/prefer-nullish-coalescing, @typescript-eslint/strict-boolean-expressions -- @@ -73,62 +77,65 @@ abstract class Base implements Protocol { **/ export class BomNormalizer extends Base { - normalize (data: Models.Bom): Types.Bom { + normalize (data: Models.Bom, options: Options): Types.Bom { return { bomFormat: 'CycloneDX', specVersion: this.factory.spec.version, version: data.version, serialNumber: data.serialNumber || undefined, - metadata: this.factory.makeForMetadata().normalize(data.metadata), + metadata: this.factory.makeForMetadata().normalize(data.metadata, options), components: data.components.size > 0 - ? this.factory.makeForComponent().normalizeIter(data.components) + ? this.factory.makeForComponent().normalizeIter(data.components, options) : [] // spec < 1.4 requires `component` to be array } } } export class MetadataNormalizer extends Base { - normalize (data: Models.Metadata): Types.Metadata { - const toolNormalizer = this.factory.makeForTool() - const orgContactNormalizer = this.factory.makeForOrganizationalContact() + normalize (data: Models.Metadata, options: Options): Types.Metadata { const orgEntityNormalizer = this.factory.makeForOrganizationalEntity() return { timestamp: data.timestamp?.toISOString(), tools: data.tools.size > 0 - ? Array.from(data.tools, t => toolNormalizer.normalize(t)) + ? this.factory.makeForTool().normalizeIter(data.tools, options) : undefined, authors: data.authors.size > 0 - ? Array.from(data.authors, a => orgContactNormalizer.normalize(a)) + ? this.factory.makeForOrganizationalContact().normalizeIter(data.authors, options) : undefined, component: data.component === null ? undefined - : this.factory.makeForComponent().normalize(data.component), + : this.factory.makeForComponent().normalize(data.component, options), manufacture: data.manufacture === null ? undefined - : orgEntityNormalizer.normalize(data.manufacture), + : orgEntityNormalizer.normalize(data.manufacture, options), supplier: data.supplier === null ? undefined - : orgEntityNormalizer.normalize(data.supplier) + : orgEntityNormalizer.normalize(data.supplier, options) } } } export class ToolNormalizer extends Base { - normalize (data: Models.Tool): Types.Tool { - const hashNormalizer = this.factory.makeForHash() + normalize (data: Models.Tool, options: Options): Types.Tool { return { vendor: data.vendor || undefined, name: data.name || undefined, version: data.version || undefined, hashes: data.hashes.size > 0 - ? hashNormalizer.normalizeIter(data.hashes) + ? this.factory.makeForHash().normalizeIter(data.hashes, options) : undefined } } + + normalizeIter (data: Iterable, options: Options): Types.Tool[] { + const tools = Array.from(data) + if (options.sortLists) { tools.sort(Models.ToolRepository.compareItems) } + return tools.map(t => this.normalize(t, options)) + } } export class HashNormalizer extends Base { - normalize ([algorithm, content]: Models.Hash): Types.Hash | undefined { + normalize ([algorithm, content]: Models.Hash, options: Options): Types.Hash | undefined { const spec = this.factory.spec return spec.supportsHashAlgorithm(algorithm) && spec.supportsHashValue(content) ? { @@ -138,14 +145,16 @@ export class HashNormalizer extends Base { : undefined } - normalizeIter (data: Iterable): Types.Hash[] { - return Array.from(data, h => this.normalize(h)) + normalizeIter (data: Iterable, options: Options): Types.Hash[] { + const hashes = Array.from(data) + if (options.sortLists) { hashes.sort(Models.HashRepository.compareItems) } + return hashes.map(h => this.normalize(h, options)) .filter(h => undefined !== h) as Types.Hash[] } } export class OrganizationalContactNormalizer extends Base { - normalize (data: Models.OrganizationalContact): Types.OrganizationalContact { + normalize (data: Models.OrganizationalContact, options: Options): Types.OrganizationalContact { return { name: data.name || undefined, // email must conform to https://datatracker.ietf.org/doc/html/rfc6531 @@ -153,26 +162,33 @@ export class OrganizationalContactNormalizer extends Base { phone: data.phone || undefined } } + + normalizeIter (data: Iterable, options: Options): Types.OrganizationalContact[] { + const contacts = Array.from(data) + if (options.sortLists) { contacts.sort(Models.OrganizationalContactRepository.compareItems) } + return contacts.map(c => this.normalize(c, options)) + } } export class OrganizationalEntityNormalizer extends Base { - normalize (data: Models.OrganizationalEntity): Types.OrganizationalEntity { - const contactNormalizer = this.factory.makeForOrganizationalContact() - return { + normalize (data: Models.OrganizationalEntity, options: Options): Types.OrganizationalEntity { + const r = { name: data.name || undefined, url: data.url.size > 0 // must comply to https://datatracker.ietf.org/doc/html/rfc3987 ? Array.from(data.url, u => u.toString()) : undefined, contact: data.contact.size > 0 - ? Array.from(data.contact, c => contactNormalizer.normalize(c)) + ? this.factory.makeForOrganizationalContact().normalizeIter(data.contact, options) : undefined } + if (options.sortLists && r.url) { r.url.sort((a, b) => a.localeCompare(b)) } + return r } } export class ComponentNormalizer extends Base { - normalize (data: Models.Component): Types.Component | undefined { + normalize (data: Models.Component, options: Options): Types.Component | undefined { return this.factory.spec.supportsComponentType(data.type) ? { type: data.type, @@ -183,43 +199,45 @@ export class ComponentNormalizer extends Base { 'bom-ref': data.bomRef.value || undefined, supplier: data.supplier === null ? undefined - : this.factory.makeForOrganizationalEntity().normalize(data.supplier), + : this.factory.makeForOrganizationalEntity().normalize(data.supplier, options), author: data.author || undefined, publisher: data.publisher || undefined, description: data.description || undefined, scope: data.scope || undefined, hashes: data.hashes.size > 0 - ? this.factory.makeForHash().normalizeIter(data.hashes) + ? this.factory.makeForHash().normalizeIter(data.hashes, options) : undefined, licenses: data.licenses.size > 0 - ? this.factory.makeForLicense().normalizeIter(data.licenses) + ? this.factory.makeForLicense().normalizeIter(data.licenses, options) : undefined, copyright: data.copyright || undefined, cpe: data.cpe || undefined, purl: data.purl?.toString(), - swid: (data.swid === null) + swid: data.swid === null ? undefined - : this.factory.makeForSWID().normalize(data.swid), + : this.factory.makeForSWID().normalize(data.swid, options), externalReferences: data.externalReferences.size > 0 - ? this.factory.makeForExternalReference().normalizeIter(data.externalReferences) + ? this.factory.makeForExternalReference().normalizeIter(data.externalReferences, options) : undefined } : undefined } - normalizeIter (data: Iterable): Types.Component[] { - return Array.from(data, c => this.normalize(c)) + normalizeIter (data: Iterable, options: Options): Types.Component[] { + const components = Array.from(data) + if (options.sortLists) { components.sort(Models.ComponentRepository.compareItems) } + return components.map(c => this.normalize(c, options)) .filter(c => undefined !== c) as Types.Component[] } } class LicenseNormalizer extends Base { - normalize (data: Models.License): Types.License { + normalize (data: Models.License, options: Options): Types.License { switch (true) { case data instanceof Models.NamedLicense: - return this.normalizeNamedLicense(data as Models.NamedLicense) + return this.normalizeNamedLicense(data as Models.NamedLicense, options) case data instanceof Models.SpdxLicense: - return this.normalizeSpdxLicense(data as Models.SpdxLicense) + return this.normalizeSpdxLicense(data as Models.SpdxLicense, options) case data instanceof Models.LicenseExpression: return this.normalizeLicenseExpression(data as Models.LicenseExpression) default: @@ -227,37 +245,45 @@ class LicenseNormalizer extends Base { } } - private readonly normalizeNamedLicense = (data: Models.NamedLicense): Types.NamedLicense => ({ - license: { - name: data.name, - text: data.text === null - ? undefined - : this.factory.makeForAttachment().normalize(data.text), - url: data.url?.toString() + private normalizeNamedLicense (data: Models.NamedLicense, options: Options): Types.NamedLicense { + return { + license: { + name: data.name, + text: data.text === null + ? undefined + : this.factory.makeForAttachment().normalize(data.text, options), + url: data.url?.toString() + } } - }) + } - private readonly normalizeSpdxLicense = (data: Models.SpdxLicense): Types.SpdxLicense => ({ - license: { - id: data.id, - text: data.text === null - ? undefined - : this.factory.makeForAttachment().normalize(data.text), - url: data.url?.toString() + private normalizeSpdxLicense (data: Models.SpdxLicense, options: Options): Types.SpdxLicense { + return { + license: { + id: data.id, + text: data.text === null + ? undefined + : this.factory.makeForAttachment().normalize(data.text, options), + url: data.url?.toString() + } } - }) + } - private readonly normalizeLicenseExpression = (data: Models.LicenseExpression): Types.LicenseExpression => ({ - expression: data.expression - }) + private normalizeLicenseExpression (data: Models.LicenseExpression): Types.LicenseExpression { + return { + expression: data.expression + } + } - normalizeIter (data: Iterable): Types.License[] { - return Array.from(data, c => this.normalize(c)) + normalizeIter (data: Iterable, options: Options): Types.License[] { + const licenses = Array.from(data) + if (options.sortLists) { licenses.sort(Models.LicenseRepository.compareItems) } + return licenses.map(c => this.normalize(c, options)) } } class SWIDNormalizer extends Base { - normalize (data: Models.SWID): Types.SWID { + normalize (data: Models.SWID, options: Options): Types.SWID { return { tagId: data.tagId, name: data.name, @@ -266,14 +292,14 @@ class SWIDNormalizer extends Base { patch: data.patch ?? undefined, text: data.text === null ? undefined - : this.factory.makeForAttachment().normalize(data.text), + : this.factory.makeForAttachment().normalize(data.text, options), url: data.url?.toString() } } } class ExternalReferenceNormalizer extends Base { - normalize (data: Models.ExternalReference): Types.ExternalReference | undefined { + normalize (data: Models.ExternalReference, options: Options): Types.ExternalReference | undefined { return this.factory.spec.supportsExternalReferenceType(data.type) ? { url: data.url.toString(), @@ -283,14 +309,16 @@ class ExternalReferenceNormalizer extends Base { : undefined } - normalizeIter (data: Iterable): Types.ExternalReference[] { - return Array.from(data, r => this.normalize(r)) + normalizeIter (data: Iterable, options: Options): Types.ExternalReference[] { + const refs = Array.from(data) + if (options.sortLists) { refs.sort(Models.ExternalReferenceRepository.compareItems) } + return refs.map(r => this.normalize(r, options)) .filter(r => undefined !== r) as Types.ExternalReference[] } } class AttachmentNormalizer extends Base { - normalize (data: Models.Attachment): Types.Attachment { + normalize (data: Models.Attachment, options: Options): Types.Attachment { return { content: data.content, contentType: data.contentType || undefined, diff --git a/src/serialize/JSON.ts b/src/serialize/JSON.ts index 1b958701a..3cfd4639c 100644 --- a/src/serialize/JSON.ts +++ b/src/serialize/JSON.ts @@ -1,9 +1,12 @@ import { Bom } from '../models' import { Version as SpecVersion, Format, UnsupportedFormatError } from '../spec' import { Serializer as SerializerProtocol } from './types' -import { Factory as NormalizerFactory } from './JSON.normalize' +import { Factory as NormalizerFactory, Options as NormalizerOptions } from './JSON.normalize' import { Bom as JsonBom } from './JSON.types' +export * as Normalize from './JSON.normalize' +export * as Types from './JSON.types' + const JsonSchemaUrl: ReadonlyMap = new Map([ [SpecVersion.v1dot2, 'http://cyclonedx.org/schema/bom-1.2b.schema.json'], [SpecVersion.v1dot3, 'http://cyclonedx.org/schema/bom-1.3a.schema.json'], @@ -23,14 +26,12 @@ export class Serializer implements SerializerProtocol { this.#normalizerFactory = normalizerFactory } - serialize (bom: Bom): string { - // @TODO bom-refs values make unique ... + serialize (bom: Bom, options: NormalizerOptions = {}): string { + // @TODO bom-refs values make unique ... - and find a way to create consistent hash values or something. for reproducibility.... const _bom: JsonBom = { $schema: JsonSchemaUrl.get(this.#normalizerFactory.spec.version), - ...this.#normalizerFactory.makeForBom().normalize(bom) + ...this.#normalizerFactory.makeForBom().normalize(bom, options) } - return JSON.stringify(_bom, null, 4) + return JSON.stringify(_bom, null, 2) } } - -export * as Normalize from './JSON.normalize' diff --git a/test/_data/serialize.js b/test/_data/serialize.js index 17b5a2df5..e9aba5f73 100644 --- a/test/_data/serialize.js +++ b/test/_data/serialize.js @@ -11,18 +11,33 @@ const { Enums, Models, Spec } = require('../../') * @param {Spec.Version} spec * @param {string} format * @param {BufferEncoding} [encoding] - * @return {string} + * @returns {string} */ -function serializeResults (purpose, spec, format, encoding = 'utf-8') { +function loadSerializeResult (purpose, spec, format, encoding = 'utf-8') { return fs.readFileSync( - path.resolve(__dirname, 'serializeResults', `${purpose}-spec${spec}.${format}`) + path.resolve(__dirname, 'serializeResults', `${purpose}_spec${spec}.${format}`) ).toString(encoding) } -module.exports.serializeResults = serializeResults +module.exports.loadSerializeResult = loadSerializeResult /** - * @return {Models.Bom} + * @param {string} data + * @param {string} purpose + * @param {Spec.Version} spec + * @param {string} format + */ +function writeSerializeResult (data, purpose, spec, format) { + return fs.writeFileSync( + path.resolve(__dirname, 'serializeResults', `${purpose}_spec${spec}.${format}`), + data + ) +} + +module.exports.writeSerializeResult = writeSerializeResult + +/** + * @returns {Models.Bom} */ function createComplexStructure () { const bom = new Models.Bom() @@ -34,11 +49,21 @@ function createComplexStructure () { tool.name = 'tool name' tool.version = '0.8.15' tool.hashes.set(Enums.HashAlgorithm.MD5, 'f32a26e2a3a8aa338cd77b6e1263c535') + tool.hashes.set(Enums.HashAlgorithm['SHA-1'], '829c3804401b0727f70f73d4415e162400cbe57b') + return tool + })(new Models.Tool())) + bom.metadata.tools.add((function (tool) { + tool.vendor = 'tool vendor' + tool.name = 'other tool' return tool })(new Models.Tool())) + bom.metadata.authors.add((function (author) { + author.name = 'John "the-co-author" Doe' + return author + })(new Models.OrganizationalContact())) bom.metadata.authors.add((function (author) { author.name = 'Jane "the-author" Doe' - author.email = 'cdx-author@mailinator.com' + author.email = 'cdx-authors@mailinator.com' author.pone = '555-1234567890' return author })(new Models.OrganizationalContact())) @@ -52,10 +77,14 @@ function createComplexStructure () { bom.metadata.supplier.url.add(new URL('https://meta-supplier.xmpl')) bom.metadata.supplier.contact.add((function (contact) { contact.name = 'John "the-supplier" Doe' - contact.email = 'cdx-supplier@mailinator.com' + contact.email = 'cdx-suppliers@mailinator.com' contact.pone = '555-0123456789' return contact })(new Models.OrganizationalContact())) + bom.metadata.supplier.contact.add((function (contact) { + contact.name = 'Jane "the-other-supplier" Doe' + return contact + })(new Models.OrganizationalContact())) bom.components.add((function (component) { component.bomRef.value = 'dummy-component' component.author = "component's author" @@ -66,8 +95,18 @@ function createComplexStructure () { ref.comment = 'testing' return ref })(new Models.ExternalReference(new URL('https://localhost/acme'), Enums.ExternalReferenceType.Website))) + component.externalReferences.add(new Models.ExternalReference( + new URL('https://localhost/acme/support'), + Enums.ExternalReferenceType.Support + )) + component.externalReferences.add(new Models.ExternalReference( + new URL('https://localhost/acme/releases'), + Enums.ExternalReferenceType.ReleaseNotes // available since spec 1.4 + )) component.group = 'acme' component.hashes.set(Enums.HashAlgorithm['SHA-1'], 'e6f36746ccba42c288acf906e636bb278eaeb7e8') + component.hashes.set(Enums.HashAlgorithm.MD5, '6bd3ac6fb35bb07c3f74d7f72451af57') + component.hashes.set(Enums.HashAlgorithm.MD5, '6bd3ac6fb35bb07c3f74d7f72451af57') component.licenses.add((function (license) { license.text = new Models.Attachment('U29tZQpsaWNlbnNlCnRleHQu') license.text.contentType = 'text/plain' @@ -88,7 +127,12 @@ function createComplexStructure () { component.scope = Enums.ComponentScope.Required component.supplier = new Models.OrganizationalEntity() component.supplier.name = 'Component Supplier' - component.supplier.url.add(new URL('https://localhost/componentSupplier')) + component.supplier.url.add(new URL('https://localhost/componentSupplier-B')) + component.supplier.url.add(new URL('https://localhost/componentSupplier-A')) + component.supplier.contact.add((function (contact) { + contact.name = 'The quick brown fox' + return contact + })(new Models.OrganizationalContact())) component.supplier.contact.add((function (contact) { contact.name = 'Franz' contact.email = 'franz-aus-bayern@komplett.verwahrlosten.taxi' @@ -105,6 +149,7 @@ function createComplexStructure () { component.version = '1337-beta' return component })(new Models.Component(Enums.ComponentType.Library, 'dummy-component'))) + bom.components.add(new Models.Component(Enums.ComponentType.Library, 'a-component')) return bom } diff --git a/test/_data/serializeResults/complex-spec1.2.json b/test/_data/serializeResults/complex_spec1.2.json similarity index 78% rename from test/_data/serializeResults/complex-spec1.2.json rename to test/_data/serializeResults/complex_spec1.2.json index af4db22f7..7844a4339 100644 --- a/test/_data/serializeResults/complex-spec1.2.json +++ b/test/_data/serializeResults/complex_spec1.2.json @@ -15,14 +15,25 @@ { "alg": "MD5", "content": "f32a26e2a3a8aa338cd77b6e1263c535" + }, + { + "alg": "SHA-1", + "content": "829c3804401b0727f70f73d4415e162400cbe57b" } ] + }, + { + "vendor": "tool vendor", + "name": "other tool" } ], "authors": [ + { + "name": "John \"the-co-author\" Doe" + }, { "name": "Jane \"the-author\" Doe", - "email": "cdx-author@mailinator.com" + "email": "cdx-authors@mailinator.com" } ], "component": { @@ -45,7 +56,10 @@ "contact": [ { "name": "John \"the-supplier\" Doe", - "email": "cdx-supplier@mailinator.com" + "email": "cdx-suppliers@mailinator.com" + }, + { + "name": "Jane \"the-other-supplier\" Doe" } ] } @@ -60,9 +74,13 @@ "supplier": { "name": "Component Supplier", "url": [ - "https://localhost/componentSupplier" + "https://localhost/componentSupplier-B", + "https://localhost/componentSupplier-A" ], "contact": [ + { + "name": "The quick brown fox" + }, { "name": "Franz", "email": "franz-aus-bayern@komplett.verwahrlosten.taxi", @@ -78,6 +96,10 @@ { "alg": "SHA-1", "content": "e6f36746ccba42c288acf906e636bb278eaeb7e8" + }, + { + "alg": "MD5", + "content": "6bd3ac6fb35bb07c3f74d7f72451af57" } ], "licenses": [ @@ -127,8 +149,17 @@ "url": "https://localhost/acme", "type": "website", "comment": "testing" + }, + { + "url": "https://localhost/acme/support", + "type": "support" } ] + }, + { + "type": "library", + "name": "a-component", + "version": "" } ] -} +} \ No newline at end of file diff --git a/test/_data/serializeResults/complex-spec1.3.json b/test/_data/serializeResults/complex_spec1.3.json similarity index 78% rename from test/_data/serializeResults/complex-spec1.3.json rename to test/_data/serializeResults/complex_spec1.3.json index a58ab315b..ace35a43e 100644 --- a/test/_data/serializeResults/complex-spec1.3.json +++ b/test/_data/serializeResults/complex_spec1.3.json @@ -15,14 +15,25 @@ { "alg": "MD5", "content": "f32a26e2a3a8aa338cd77b6e1263c535" + }, + { + "alg": "SHA-1", + "content": "829c3804401b0727f70f73d4415e162400cbe57b" } ] + }, + { + "vendor": "tool vendor", + "name": "other tool" } ], "authors": [ + { + "name": "John \"the-co-author\" Doe" + }, { "name": "Jane \"the-author\" Doe", - "email": "cdx-author@mailinator.com" + "email": "cdx-authors@mailinator.com" } ], "component": { @@ -45,7 +56,10 @@ "contact": [ { "name": "John \"the-supplier\" Doe", - "email": "cdx-supplier@mailinator.com" + "email": "cdx-suppliers@mailinator.com" + }, + { + "name": "Jane \"the-other-supplier\" Doe" } ] } @@ -60,9 +74,13 @@ "supplier": { "name": "Component Supplier", "url": [ - "https://localhost/componentSupplier" + "https://localhost/componentSupplier-B", + "https://localhost/componentSupplier-A" ], "contact": [ + { + "name": "The quick brown fox" + }, { "name": "Franz", "email": "franz-aus-bayern@komplett.verwahrlosten.taxi", @@ -78,6 +96,10 @@ { "alg": "SHA-1", "content": "e6f36746ccba42c288acf906e636bb278eaeb7e8" + }, + { + "alg": "MD5", + "content": "6bd3ac6fb35bb07c3f74d7f72451af57" } ], "licenses": [ @@ -127,8 +149,17 @@ "url": "https://localhost/acme", "type": "website", "comment": "testing" + }, + { + "url": "https://localhost/acme/support", + "type": "support" } ] + }, + { + "type": "library", + "name": "a-component", + "version": "" } ] -} +} \ No newline at end of file diff --git a/test/_data/serializeResults/complex-spec1.4.json b/test/_data/serializeResults/complex_spec1.4.json similarity index 76% rename from test/_data/serializeResults/complex-spec1.4.json rename to test/_data/serializeResults/complex_spec1.4.json index a6a54c647..7b30a6587 100644 --- a/test/_data/serializeResults/complex-spec1.4.json +++ b/test/_data/serializeResults/complex_spec1.4.json @@ -15,14 +15,25 @@ { "alg": "MD5", "content": "f32a26e2a3a8aa338cd77b6e1263c535" + }, + { + "alg": "SHA-1", + "content": "829c3804401b0727f70f73d4415e162400cbe57b" } ] + }, + { + "vendor": "tool vendor", + "name": "other tool" } ], "authors": [ + { + "name": "John \"the-co-author\" Doe" + }, { "name": "Jane \"the-author\" Doe", - "email": "cdx-author@mailinator.com" + "email": "cdx-authors@mailinator.com" } ], "component": { @@ -45,7 +56,10 @@ "contact": [ { "name": "John \"the-supplier\" Doe", - "email": "cdx-supplier@mailinator.com" + "email": "cdx-suppliers@mailinator.com" + }, + { + "name": "Jane \"the-other-supplier\" Doe" } ] } @@ -60,9 +74,13 @@ "supplier": { "name": "Component Supplier", "url": [ - "https://localhost/componentSupplier" + "https://localhost/componentSupplier-B", + "https://localhost/componentSupplier-A" ], "contact": [ + { + "name": "The quick brown fox" + }, { "name": "Franz", "email": "franz-aus-bayern@komplett.verwahrlosten.taxi", @@ -78,6 +96,10 @@ { "alg": "SHA-1", "content": "e6f36746ccba42c288acf906e636bb278eaeb7e8" + }, + { + "alg": "MD5", + "content": "6bd3ac6fb35bb07c3f74d7f72451af57" } ], "licenses": [ @@ -127,8 +149,21 @@ "url": "https://localhost/acme", "type": "website", "comment": "testing" + }, + { + "url": "https://localhost/acme/support", + "type": "support" + }, + { + "url": "https://localhost/acme/releases", + "type": "release-notes" } ] + }, + { + "type": "library", + "name": "a-component", + "version": "" } ] -} +} \ No newline at end of file diff --git a/test/_data/serializeResults/sortedLists_spec1.2.json b/test/_data/serializeResults/sortedLists_spec1.2.json new file mode 100644 index 000000000..cac9d4f76 --- /dev/null +++ b/test/_data/serializeResults/sortedLists_spec1.2.json @@ -0,0 +1,165 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.2b.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.2", + "version": 7, + "serialNumber": "urn:uuid:12345678-1234-1234-1234-123456789012", + "metadata": { + "timestamp": "2001-05-23T13:37:42.000Z", + "tools": [ + { + "vendor": "tool vendor", + "name": "other tool" + }, + { + "vendor": "tool vendor", + "name": "tool name", + "version": "0.8.15", + "hashes": [ + { + "alg": "MD5", + "content": "f32a26e2a3a8aa338cd77b6e1263c535" + }, + { + "alg": "SHA-1", + "content": "829c3804401b0727f70f73d4415e162400cbe57b" + } + ] + } + ], + "authors": [ + { + "name": "Jane \"the-author\" Doe", + "email": "cdx-authors@mailinator.com" + }, + { + "name": "John \"the-co-author\" Doe" + } + ], + "component": { + "type": "library", + "name": "Root Component", + "version": "", + "bom-ref": "dummy.metadata.component" + }, + "manufacture": { + "name": "meta manufacture", + "url": [ + "https://meta-manufacture.xmpl/" + ] + }, + "supplier": { + "name": "meta supplier", + "url": [ + "https://meta-supplier.xmpl/" + ], + "contact": [ + { + "name": "Jane \"the-other-supplier\" Doe" + }, + { + "name": "John \"the-supplier\" Doe", + "email": "cdx-suppliers@mailinator.com" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "a-component", + "version": "" + }, + { + "type": "library", + "name": "dummy-component", + "group": "acme", + "version": "1337-beta", + "bom-ref": "dummy-component", + "supplier": { + "name": "Component Supplier", + "url": [ + "https://localhost/componentSupplier-A", + "https://localhost/componentSupplier-B" + ], + "contact": [ + { + "name": "Franz", + "email": "franz-aus-bayern@komplett.verwahrlosten.taxi", + "phone": "555-732378879" + }, + { + "name": "The quick brown fox" + } + ] + }, + "author": "component's author", + "publisher": "the publisher", + "description": "this is a test component", + "scope": "required", + "hashes": [ + { + "alg": "MD5", + "content": "6bd3ac6fb35bb07c3f74d7f72451af57" + }, + { + "alg": "SHA-1", + "content": "e6f36746ccba42c288acf906e636bb278eaeb7e8" + } + ], + "licenses": [ + { + "expression": "(MIT or Apache-2.0)" + }, + { + "license": { + "name": "some other", + "text": { + "content": "U29tZQpsaWNlbnNlCnRleHQu", + "contentType": "text/plain", + "encoding": "base64" + }, + "url": "https://localhost/license" + } + }, + { + "license": { + "id": "MIT", + "text": { + "content": "TUlUIExpY2Vuc2UKLi4uClRIRSBTT0ZUV0FSRSBJUyBQUk9WSURFRCAiQVMgSVMiLi4u", + "contentType": "text/plain", + "encoding": "base64" + }, + "url": "https://spdx.org/licenses/MIT.html" + } + } + ], + "copyright": "(c) acme", + "cpe": "cpe:2.3:a:microsoft:internet_explorer:8.0.6001:beta:*:*:*:*:*:*", + "purl": "pkg:npm/acme/dummy-component@1337-beta", + "swid": { + "tagId": "some-tag", + "name": "dummy-component", + "version": "1337-beta", + "patch": true, + "text": { + "content": "some context", + "contentType": "some context type", + "encoding": "base64" + }, + "url": "https://localhost/swid" + }, + "externalReferences": [ + { + "url": "https://localhost/acme/support", + "type": "support" + }, + { + "url": "https://localhost/acme", + "type": "website", + "comment": "testing" + } + ] + } + ] +} \ No newline at end of file diff --git a/test/_data/serializeResults/sortedLists_spec1.3.json b/test/_data/serializeResults/sortedLists_spec1.3.json new file mode 100644 index 000000000..64b8c3488 --- /dev/null +++ b/test/_data/serializeResults/sortedLists_spec1.3.json @@ -0,0 +1,165 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.3a.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.3", + "version": 7, + "serialNumber": "urn:uuid:12345678-1234-1234-1234-123456789012", + "metadata": { + "timestamp": "2001-05-23T13:37:42.000Z", + "tools": [ + { + "vendor": "tool vendor", + "name": "other tool" + }, + { + "vendor": "tool vendor", + "name": "tool name", + "version": "0.8.15", + "hashes": [ + { + "alg": "MD5", + "content": "f32a26e2a3a8aa338cd77b6e1263c535" + }, + { + "alg": "SHA-1", + "content": "829c3804401b0727f70f73d4415e162400cbe57b" + } + ] + } + ], + "authors": [ + { + "name": "Jane \"the-author\" Doe", + "email": "cdx-authors@mailinator.com" + }, + { + "name": "John \"the-co-author\" Doe" + } + ], + "component": { + "type": "library", + "name": "Root Component", + "version": "", + "bom-ref": "dummy.metadata.component" + }, + "manufacture": { + "name": "meta manufacture", + "url": [ + "https://meta-manufacture.xmpl/" + ] + }, + "supplier": { + "name": "meta supplier", + "url": [ + "https://meta-supplier.xmpl/" + ], + "contact": [ + { + "name": "Jane \"the-other-supplier\" Doe" + }, + { + "name": "John \"the-supplier\" Doe", + "email": "cdx-suppliers@mailinator.com" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "a-component", + "version": "" + }, + { + "type": "library", + "name": "dummy-component", + "group": "acme", + "version": "1337-beta", + "bom-ref": "dummy-component", + "supplier": { + "name": "Component Supplier", + "url": [ + "https://localhost/componentSupplier-A", + "https://localhost/componentSupplier-B" + ], + "contact": [ + { + "name": "Franz", + "email": "franz-aus-bayern@komplett.verwahrlosten.taxi", + "phone": "555-732378879" + }, + { + "name": "The quick brown fox" + } + ] + }, + "author": "component's author", + "publisher": "the publisher", + "description": "this is a test component", + "scope": "required", + "hashes": [ + { + "alg": "MD5", + "content": "6bd3ac6fb35bb07c3f74d7f72451af57" + }, + { + "alg": "SHA-1", + "content": "e6f36746ccba42c288acf906e636bb278eaeb7e8" + } + ], + "licenses": [ + { + "expression": "(MIT or Apache-2.0)" + }, + { + "license": { + "name": "some other", + "text": { + "content": "U29tZQpsaWNlbnNlCnRleHQu", + "contentType": "text/plain", + "encoding": "base64" + }, + "url": "https://localhost/license" + } + }, + { + "license": { + "id": "MIT", + "text": { + "content": "TUlUIExpY2Vuc2UKLi4uClRIRSBTT0ZUV0FSRSBJUyBQUk9WSURFRCAiQVMgSVMiLi4u", + "contentType": "text/plain", + "encoding": "base64" + }, + "url": "https://spdx.org/licenses/MIT.html" + } + } + ], + "copyright": "(c) acme", + "cpe": "cpe:2.3:a:microsoft:internet_explorer:8.0.6001:beta:*:*:*:*:*:*", + "purl": "pkg:npm/acme/dummy-component@1337-beta", + "swid": { + "tagId": "some-tag", + "name": "dummy-component", + "version": "1337-beta", + "patch": true, + "text": { + "content": "some context", + "contentType": "some context type", + "encoding": "base64" + }, + "url": "https://localhost/swid" + }, + "externalReferences": [ + { + "url": "https://localhost/acme/support", + "type": "support" + }, + { + "url": "https://localhost/acme", + "type": "website", + "comment": "testing" + } + ] + } + ] +} \ No newline at end of file diff --git a/test/_data/serializeResults/sortedLists_spec1.4.json b/test/_data/serializeResults/sortedLists_spec1.4.json new file mode 100644 index 000000000..8f5cf87fe --- /dev/null +++ b/test/_data/serializeResults/sortedLists_spec1.4.json @@ -0,0 +1,169 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.4", + "version": 7, + "serialNumber": "urn:uuid:12345678-1234-1234-1234-123456789012", + "metadata": { + "timestamp": "2001-05-23T13:37:42.000Z", + "tools": [ + { + "vendor": "tool vendor", + "name": "other tool" + }, + { + "vendor": "tool vendor", + "name": "tool name", + "version": "0.8.15", + "hashes": [ + { + "alg": "MD5", + "content": "f32a26e2a3a8aa338cd77b6e1263c535" + }, + { + "alg": "SHA-1", + "content": "829c3804401b0727f70f73d4415e162400cbe57b" + } + ] + } + ], + "authors": [ + { + "name": "Jane \"the-author\" Doe", + "email": "cdx-authors@mailinator.com" + }, + { + "name": "John \"the-co-author\" Doe" + } + ], + "component": { + "type": "library", + "name": "Root Component", + "version": "", + "bom-ref": "dummy.metadata.component" + }, + "manufacture": { + "name": "meta manufacture", + "url": [ + "https://meta-manufacture.xmpl/" + ] + }, + "supplier": { + "name": "meta supplier", + "url": [ + "https://meta-supplier.xmpl/" + ], + "contact": [ + { + "name": "Jane \"the-other-supplier\" Doe" + }, + { + "name": "John \"the-supplier\" Doe", + "email": "cdx-suppliers@mailinator.com" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "a-component", + "version": "" + }, + { + "type": "library", + "name": "dummy-component", + "group": "acme", + "version": "1337-beta", + "bom-ref": "dummy-component", + "supplier": { + "name": "Component Supplier", + "url": [ + "https://localhost/componentSupplier-A", + "https://localhost/componentSupplier-B" + ], + "contact": [ + { + "name": "Franz", + "email": "franz-aus-bayern@komplett.verwahrlosten.taxi", + "phone": "555-732378879" + }, + { + "name": "The quick brown fox" + } + ] + }, + "author": "component's author", + "publisher": "the publisher", + "description": "this is a test component", + "scope": "required", + "hashes": [ + { + "alg": "MD5", + "content": "6bd3ac6fb35bb07c3f74d7f72451af57" + }, + { + "alg": "SHA-1", + "content": "e6f36746ccba42c288acf906e636bb278eaeb7e8" + } + ], + "licenses": [ + { + "expression": "(MIT or Apache-2.0)" + }, + { + "license": { + "name": "some other", + "text": { + "content": "U29tZQpsaWNlbnNlCnRleHQu", + "contentType": "text/plain", + "encoding": "base64" + }, + "url": "https://localhost/license" + } + }, + { + "license": { + "id": "MIT", + "text": { + "content": "TUlUIExpY2Vuc2UKLi4uClRIRSBTT0ZUV0FSRSBJUyBQUk9WSURFRCAiQVMgSVMiLi4u", + "contentType": "text/plain", + "encoding": "base64" + }, + "url": "https://spdx.org/licenses/MIT.html" + } + } + ], + "copyright": "(c) acme", + "cpe": "cpe:2.3:a:microsoft:internet_explorer:8.0.6001:beta:*:*:*:*:*:*", + "purl": "pkg:npm/acme/dummy-component@1337-beta", + "swid": { + "tagId": "some-tag", + "name": "dummy-component", + "version": "1337-beta", + "patch": true, + "text": { + "content": "some context", + "contentType": "some context type", + "encoding": "base64" + }, + "url": "https://localhost/swid" + }, + "externalReferences": [ + { + "url": "https://localhost/acme/releases", + "type": "release-notes" + }, + { + "url": "https://localhost/acme/support", + "type": "support" + }, + { + "url": "https://localhost/acme", + "type": "website", + "comment": "testing" + } + ] + } + ] +} \ No newline at end of file diff --git a/test/integration/serialize.JSON.test.js b/test/integration/serialize.JSON.test.js index c8d1cfab1..3c1f5258a 100644 --- a/test/integration/serialize.JSON.test.js +++ b/test/integration/serialize.JSON.test.js @@ -1,7 +1,10 @@ + const assert = require('assert') const { describe, beforeEach, afterEach, it } = require('mocha') -const { createComplexStructure, serializeResults } = require('../_data/serialize') +const { createComplexStructure, loadSerializeResult } = require('../_data/serialize') +/* uncomment next line to dump data */ +// const { writeSerializeResult } = require('../_data/serialize') const JsonSerialize = require('../../').Serialize.JSON const { Spec } = require('../../') @@ -25,9 +28,24 @@ describe('JSON serialize', () => { it('can serialize', function () { const serialized = serializer.serialize(this.bom) + /* uncomment next line to dump data */ + // writeSerializeResult(serialized, 'complex', spec.version, 'json') + + assert.deepStrictEqual( + JSON.parse(serialized), + JSON.parse(loadSerializeResult('complex', spec.version, 'json')) + ) + }) + + it('can serialize with sorted lists', function () { + const serialized = serializer.serialize(this.bom, { sortLists: true }) + + /* uncomment next line to dump data */ + // writeSerializeResult(serialized, 'sortedLists', spec.version, 'json') + assert.deepStrictEqual( JSON.parse(serialized), - JSON.parse(serializeResults('complex', spec.version, 'json')) + JSON.parse(loadSerializeResult('sortedLists', spec.version, 'json')) ) }) From 16801ebd8cfec4ce18bd3fd7e2de3adfcd54ce93 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Fri, 29 Apr 2022 14:39:53 +0200 Subject: [PATCH 089/233] SpecVersionDict Signed-off-by: Jan Kowalleck --- src/spec.ts | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/spec.ts b/src/spec.ts index bfd7fc364..863d6819e 100644 --- a/src/spec.ts +++ b/src/spec.ts @@ -73,7 +73,7 @@ class Spec implements Protocol { supportsHashValue (hv: HashContent | any): boolean { return typeof hv === 'string' && - this.#hashValuePattern.test(hv) + this.#hashValuePattern.test(hv) } supportsExternalReferenceType (ert: ExternalReferenceType | any): boolean { @@ -234,3 +234,9 @@ export const Spec1dot4: Protocol = Object.freeze(new Spec( ExternalReferenceType.Other ] )) + +export const SpecVersionDict: { readonly [key in Version]?: Protocol } = Object.freeze(Object.fromEntries([ + [Version.v1dot2, Spec1dot2], + [Version.v1dot3, Spec1dot3], + [Version.v1dot4, Spec1dot4] +])) From b0bee3bce8f508c5628bbafa0f3fd17c72baa7aa Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Fri, 29 Apr 2022 15:42:26 +0200 Subject: [PATCH 090/233] wip Signed-off-by: Jan Kowalleck --- test/functional/enums.HashAlogorithms.test.js | 24 +++++++++++++++++++ test/functional/enums/HashAlogorithms.test.js | 20 ---------------- test/functional/spec.SpecVersionDict.test.js | 17 +++++++++++++ 3 files changed, 41 insertions(+), 20 deletions(-) create mode 100644 test/functional/enums.HashAlogorithms.test.js delete mode 100644 test/functional/enums/HashAlogorithms.test.js create mode 100644 test/functional/spec.SpecVersionDict.test.js diff --git a/test/functional/enums.HashAlogorithms.test.js b/test/functional/enums.HashAlogorithms.test.js new file mode 100644 index 000000000..21651515d --- /dev/null +++ b/test/functional/enums.HashAlogorithms.test.js @@ -0,0 +1,24 @@ +const assert = require('assert') +const { suite, test } = require('mocha') + +const enumLoader = require('../_data/enumLoader') + +const { HashAlgorithm } = require('../../').Enums + +suite('all values from SPEC are available', () => { + const schemas = new Map([ + ['1.2', 'bom-1.2.SNAPSHOT.schema.json'], + ['1.3', 'bom-1.3.SNAPSHOT.schema.json'], + ['1.4', 'bom-1.4.SNAPSHOT.schema.json'] + ]) + + schemas.forEach((resourceFile, specVersion) => + suite(`from spec ${specVersion}`, () => + enumLoader(resourceFile, 'hash-alg').forEach(expected => + test(`${expected}`, () => + assert.strictEqual(HashAlgorithm[expected], expected) + ) + ) + ) + ) +}) diff --git a/test/functional/enums/HashAlogorithms.test.js b/test/functional/enums/HashAlogorithms.test.js deleted file mode 100644 index 8787dffb6..000000000 --- a/test/functional/enums/HashAlogorithms.test.js +++ /dev/null @@ -1,20 +0,0 @@ -const assert = require('assert') -const { suite, test } = require('mocha') - -const enumLoader = require('../../_data/enumLoader') - -const { HashAlgorithm } = require('../../../').Enums - -suite('all values from SPEC are available', () => { - suite('from spec 1.4', () => { - enumLoader( - 'bom-1.4.SNAPSHOT.schema.json', - 'hash-alg' - ).forEach(expected => - test(`${expected}`, () => { - assert.ok(Object.prototype.hasOwnProperty.call(HashAlgorithm, expected)) - assert.strictEqual(HashAlgorithm[expected], expected) - }) - ) - }) -}) diff --git a/test/functional/spec.SpecVersionDict.test.js b/test/functional/spec.SpecVersionDict.test.js new file mode 100644 index 000000000..728230e2a --- /dev/null +++ b/test/functional/spec.SpecVersionDict.test.js @@ -0,0 +1,17 @@ +const assert = require('assert') +const { suite, test } = require('mocha') + +const { SpecVersionDict, Version } = require('../../').Spec + +suite('SpecVersionDict', () => { + Object.entries(SpecVersionDict).forEach(([key, spec]) => + suite(`key: ${key}`, () => { + test('key is well-known version', () => + assert.ok(Object.values(Version).includes(key)) + ) + test('spec version equals key', () => + assert.equal(spec.version, key) + ) + }) + ) +}) From e65a56296ef04a2b1e8507f88981449f8493213c Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Fri, 29 Apr 2022 15:47:17 +0200 Subject: [PATCH 091/233] wip Signed-off-by: Jan Kowalleck --- src/spec.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/spec.ts b/src/spec.ts index 863d6819e..3960dd05d 100644 --- a/src/spec.ts +++ b/src/spec.ts @@ -163,7 +163,7 @@ export const Spec1dot3: Protocol = Object.freeze(new Spec( HashAlgorithm['BLAKE2b-512'], HashAlgorithm.BLAKE3 ], - /^([a-fA-F0-9]{32})$|^([a-fA-F0-9]{40})$|^([a-fA-F0-9]{64})$|%([a-fA-F0-9]{96})$|%([a-fA-F0-9]{128})$/, + /^([a-fA-F0-9]{32})$|^([a-fA-F0-9]{40})$|^([a-fA-F0-9]{64})$|^([a-fA-F0-9]{96})$|^([a-fA-F0-9]{128})$/, [ ExternalReferenceType.VCS, ExternalReferenceType.IssueTracker, From d9f799781335b6c614219cc2b3c3122103fb06e0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 5 May 2022 10:27:21 +0200 Subject: [PATCH 092/233] Bump typescript from 4.6.3 to 4.6.4 (#27) Bumps [typescript](https://github.com/Microsoft/TypeScript) from 4.6.3 to 4.6.4. - [Release notes](https://github.com/Microsoft/TypeScript/releases) - [Commits](https://github.com/Microsoft/TypeScript/compare/v4.6.3...v4.6.4) --- updated-dependencies: - dependency-name: typescript dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Jan Kowalleck --- package-lock.json | 14 +++++++------- package.json | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/package-lock.json b/package-lock.json index 9746466e6..517db1e1a 100644 --- a/package-lock.json +++ b/package-lock.json @@ -17,7 +17,7 @@ "mocha": "9.2.2", "ts-loader": "9.2.8", "ts-standard": "^11.0.0", - "typescript": "4.6.3", + "typescript": "4.6.4", "webpack": "5.72.0", "webpack-cli": "4.9.2" }, @@ -4463,9 +4463,9 @@ } }, "node_modules/typescript": { - "version": "4.6.3", - "resolved": "https://registry.npmjs.org/typescript/-/typescript-4.6.3.tgz", - "integrity": "sha512-yNIatDa5iaofVozS/uQJEl3JRWLKKGJKh6Yaiv0GLGSuhpFJe7P3SbHZ8/yjAHRQwKRoA6YZqlfjXWmVzoVSMw==", + "version": "4.6.4", + "resolved": "https://registry.npmjs.org/typescript/-/typescript-4.6.4.tgz", + "integrity": "sha512-9ia/jWHIEbo49HfjrLGfKbZSuWo9iTMwXO+Ca3pRsSpbsMbc7/IU8NKdCZVRRBafVPGnoJeFL76ZOAA84I9fEg==", "dev": true, "bin": { "tsc": "bin/tsc", @@ -8027,9 +8027,9 @@ "dev": true }, "typescript": { - "version": "4.6.3", - "resolved": "https://registry.npmjs.org/typescript/-/typescript-4.6.3.tgz", - "integrity": "sha512-yNIatDa5iaofVozS/uQJEl3JRWLKKGJKh6Yaiv0GLGSuhpFJe7P3SbHZ8/yjAHRQwKRoA6YZqlfjXWmVzoVSMw==", + "version": "4.6.4", + "resolved": "https://registry.npmjs.org/typescript/-/typescript-4.6.4.tgz", + "integrity": "sha512-9ia/jWHIEbo49HfjrLGfKbZSuWo9iTMwXO+Ca3pRsSpbsMbc7/IU8NKdCZVRRBafVPGnoJeFL76ZOAA84I9fEg==", "dev": true }, "unbox-primitive": { diff --git a/package.json b/package.json index 8aec546f5..24215673b 100644 --- a/package.json +++ b/package.json @@ -29,7 +29,7 @@ "mocha": "9.2.2", "ts-loader": "9.2.8", "ts-standard": "^11.0.0", - "typescript": "4.6.3", + "typescript": "4.6.4", "webpack": "5.72.0", "webpack-cli": "4.9.2" }, From 2a08e5742834aa4e171c90050d569b45c1d6cd1b Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Thu, 5 May 2022 10:53:10 +0200 Subject: [PATCH 093/233] wip Signed-off-by: Jan Kowalleck --- .github/workflows/release.yml | 97 +++++++++++++++++++++++++++++++++-- 1 file changed, 94 insertions(+), 3 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 0ad94e730..487d51409 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -3,11 +3,102 @@ name: Release on: - push: - branches: ["master"] # run auto-release via semantic-release? workflow_dispatch: + inputs: + newversion: + # is param from `npm version`. therefore the description should reference all the options from there + description: 'one of: [ | major | minor | patch | premajor | preminor | prepatch | prerelease | from-git]' + required: true + commitMessage: + description: 'Release/commit message (%s will be replaced with the resulting version number)' + default: '%s' + required: true env: + REPORTS_DIR: CI_reports NODE_ACTIVE_LTS: "16" -jobs: # TODO write workflow thar cleans and builds and releases +jobs: + bump: + name: bump and tag release + concurrency: release-bump + outputs: + version: ${{ steps.bump.outputs.version }} + version_plain: ${{ steps.bump.outputs.version_plain }} + runs-on: ubuntu-latest + timeout-minutes: 30 + steps: + - name: Checkout code + # see https://github.com/actions/checkout + uses: actions/checkout@v3 + - name: Configure Git + # needed for push back of changes + run: | + git config --local user.email "${GITHUB_ACTOR}@users.noreply.github.com" + git config --local user.name "${GITHUB_ACTOR}" + - name: Setup Node.js ${{ env.NODE_ACTIVE_LTS }} + # see https://github.com/actions/setup-node + uses: actions/setup-node@v3 + with: + node-version: ${{ env.NODE_ACTIVE_LTS }} + ## ! no npm build at the moment + - name: bump VERSION + id: bump + run: | + VERSION="$(npm version "$NPMV_NEWVERSION" --message "$NPMV_MESSAGE")" + echo "::debug::new version = $VERSION" + VERSION_PLAIN="${VERSION:1}" # remove 'v' prefix + echo "::debug::plain version = $VERSION_PLAIN" + echo "::set-output name=version::$VERSION" + echo "::set-output name=version_plain::$VERSION_PLAIN" + env: + NPMV_NEWVERSION: ${{ github.event.inputs.newversion }} + NPMV_MESSAGE: ${{ github.event.inputs.commitMessage }} + - name: git push back + run: git push --follow-tags + publish-NPM: + needs: + - "bump" + name: NPM - publish + runs-on: ubuntu-latest + timeout-minutes: 30 + steps: + - name: Checkout code + # see https://github.com/actions/checkout + uses: actions/checkout@v3 + with: + ref: ${{ needs.bump.outputs.version }} + - name: Setup Node.js ${{ env.NODE_ACTIVE_LTS }} + # see https://github.com/actions/setup-node + uses: actions/setup-node@v3 + with: + node-version: ${{ env.NODE_ACTIVE_LTS }} + - name: install build tools + run: npm ci --ignore-scripts + # no explicit npm build. if a build is required, it should be configured as prepublish script of npm. + - name: publish to NPM + run: | + npm config set "//registry.npmjs.org/:_authToken=$NODE_AUTH_TOKEN" + npm publish --access public + env: + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + release-GH: + needs: + - "bump" + - "publish-NPM" + name: GitHub - release + runs-on: ubuntu-latest + timeout-minutes: 30 + env: + ASSETS_DIR: release_assets + steps: + - name: Create Release + id: release + # see https://github.com/softprops/action-gh-release + uses: softprops/action-gh-release@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + tag_name: ${{ needs.bump.outputs.version }} + name: ${{ needs.bump.outputs.version_plain }} + prerelease: ${{ startsWith(github.event.inputs.newversion, 'pre') }} From 0f355055259ffd1d64cdd6a103491e76523ccd9d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 5 May 2022 10:53:43 +0200 Subject: [PATCH 094/233] Bump @types/node from 17.0.25 to 17.0.30 (#26) Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 17.0.25 to 17.0.30. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) --- updated-dependencies: - dependency-name: "@types/node" dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Jan Kowalleck --- package-lock.json | 14 +++++++------- package.json | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/package-lock.json b/package-lock.json index 517db1e1a..3dd2f4f7a 100644 --- a/package-lock.json +++ b/package-lock.json @@ -12,7 +12,7 @@ "packageurl-js": "^0.0.6" }, "devDependencies": { - "@types/node": "^17.0.25", + "@types/node": "^17.0.30", "deepmerge": "4.2.2", "mocha": "9.2.2", "ts-loader": "9.2.8", @@ -306,9 +306,9 @@ "dev": true }, "node_modules/@types/node": { - "version": "17.0.25", - "resolved": "https://registry.npmjs.org/@types/node/-/node-17.0.25.tgz", - "integrity": "sha512-wANk6fBrUwdpY4isjWrKTufkrXdu1D2YHCot2fD/DfWxF5sMrVSA+KN7ydckvaTCh0HiqX9IVl0L5/ZoXg5M7w==", + "version": "17.0.30", + "resolved": "https://registry.npmjs.org/@types/node/-/node-17.0.30.tgz", + "integrity": "sha512-oNBIZjIqyHYP8VCNAV9uEytXVeXG2oR0w9lgAXro20eugRQfY002qr3CUl6BAe+Yf/z3CRjPdz27Pu6WWtuSRw==", "dev": true }, "node_modules/@typescript-eslint/eslint-plugin": { @@ -5051,9 +5051,9 @@ "dev": true }, "@types/node": { - "version": "17.0.25", - "resolved": "https://registry.npmjs.org/@types/node/-/node-17.0.25.tgz", - "integrity": "sha512-wANk6fBrUwdpY4isjWrKTufkrXdu1D2YHCot2fD/DfWxF5sMrVSA+KN7ydckvaTCh0HiqX9IVl0L5/ZoXg5M7w==", + "version": "17.0.30", + "resolved": "https://registry.npmjs.org/@types/node/-/node-17.0.30.tgz", + "integrity": "sha512-oNBIZjIqyHYP8VCNAV9uEytXVeXG2oR0w9lgAXro20eugRQfY002qr3CUl6BAe+Yf/z3CRjPdz27Pu6WWtuSRw==", "dev": true }, "@typescript-eslint/eslint-plugin": { diff --git a/package.json b/package.json index 24215673b..2a326694c 100644 --- a/package.json +++ b/package.json @@ -24,7 +24,7 @@ "packageurl-js": "^0.0.6" }, "devDependencies": { - "@types/node": "^17.0.25", + "@types/node": "^17.0.30", "deepmerge": "4.2.2", "mocha": "9.2.2", "ts-loader": "9.2.8", From 6021e72f25c87f687b66225f95f21d28cf4b251b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 5 May 2022 10:57:50 +0200 Subject: [PATCH 095/233] Bump ts-loader from 9.2.8 to 9.3.0 (#25) Bumps [ts-loader](https://github.com/TypeStrong/ts-loader) from 9.2.8 to 9.3.0. - [Release notes](https://github.com/TypeStrong/ts-loader/releases) - [Changelog](https://github.com/TypeStrong/ts-loader/blob/main/CHANGELOG.md) - [Commits](https://github.com/TypeStrong/ts-loader/compare/v9.2.8...v9.3.0) --- updated-dependencies: - dependency-name: ts-loader dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Jan Kowalleck --- package-lock.json | 14 +++++++------- package.json | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/package-lock.json b/package-lock.json index 3dd2f4f7a..23d099e3d 100644 --- a/package-lock.json +++ b/package-lock.json @@ -15,7 +15,7 @@ "@types/node": "^17.0.30", "deepmerge": "4.2.2", "mocha": "9.2.2", - "ts-loader": "9.2.8", + "ts-loader": "9.3.0", "ts-standard": "^11.0.0", "typescript": "4.6.4", "webpack": "5.72.0", @@ -4357,9 +4357,9 @@ } }, "node_modules/ts-loader": { - "version": "9.2.8", - "resolved": "https://registry.npmjs.org/ts-loader/-/ts-loader-9.2.8.tgz", - "integrity": "sha512-gxSak7IHUuRtwKf3FIPSW1VpZcqF9+MBrHOvBp9cjHh+525SjtCIJKVGjRKIAfxBwDGDGCFF00rTfzB1quxdSw==", + "version": "9.3.0", + "resolved": "https://registry.npmjs.org/ts-loader/-/ts-loader-9.3.0.tgz", + "integrity": "sha512-2kLLAdAD+FCKijvGKi9sS0OzoqxLCF3CxHpok7rVgCZ5UldRzH0TkbwG9XECKjBzHsAewntC5oDaI/FwKzEUog==", "dev": true, "dependencies": { "chalk": "^4.1.0", @@ -7952,9 +7952,9 @@ } }, "ts-loader": { - "version": "9.2.8", - "resolved": "https://registry.npmjs.org/ts-loader/-/ts-loader-9.2.8.tgz", - "integrity": "sha512-gxSak7IHUuRtwKf3FIPSW1VpZcqF9+MBrHOvBp9cjHh+525SjtCIJKVGjRKIAfxBwDGDGCFF00rTfzB1quxdSw==", + "version": "9.3.0", + "resolved": "https://registry.npmjs.org/ts-loader/-/ts-loader-9.3.0.tgz", + "integrity": "sha512-2kLLAdAD+FCKijvGKi9sS0OzoqxLCF3CxHpok7rVgCZ5UldRzH0TkbwG9XECKjBzHsAewntC5oDaI/FwKzEUog==", "dev": true, "requires": { "chalk": "^4.1.0", diff --git a/package.json b/package.json index 2a326694c..14f988d2c 100644 --- a/package.json +++ b/package.json @@ -27,7 +27,7 @@ "@types/node": "^17.0.30", "deepmerge": "4.2.2", "mocha": "9.2.2", - "ts-loader": "9.2.8", + "ts-loader": "9.3.0", "ts-standard": "^11.0.0", "typescript": "4.6.4", "webpack": "5.72.0", From e0e62e2768c9b4f18a662ea1b38574f7ed5c70eb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 7 May 2022 13:25:37 +0200 Subject: [PATCH 096/233] Bump @types/node from 17.0.30 to 17.0.31 (#29) Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 17.0.30 to 17.0.31. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) --- updated-dependencies: - dependency-name: "@types/node" dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Jan Kowalleck --- package-lock.json | 14 +++++++------- package.json | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/package-lock.json b/package-lock.json index 23d099e3d..28158aac0 100644 --- a/package-lock.json +++ b/package-lock.json @@ -12,7 +12,7 @@ "packageurl-js": "^0.0.6" }, "devDependencies": { - "@types/node": "^17.0.30", + "@types/node": "^17.0.31", "deepmerge": "4.2.2", "mocha": "9.2.2", "ts-loader": "9.3.0", @@ -306,9 +306,9 @@ "dev": true }, "node_modules/@types/node": { - "version": "17.0.30", - "resolved": "https://registry.npmjs.org/@types/node/-/node-17.0.30.tgz", - "integrity": "sha512-oNBIZjIqyHYP8VCNAV9uEytXVeXG2oR0w9lgAXro20eugRQfY002qr3CUl6BAe+Yf/z3CRjPdz27Pu6WWtuSRw==", + "version": "17.0.31", + "resolved": "https://registry.npmjs.org/@types/node/-/node-17.0.31.tgz", + "integrity": "sha512-AR0x5HbXGqkEx9CadRH3EBYx/VkiUgZIhP4wvPn/+5KIsgpNoyFaRlVe0Zlx9gRtg8fA06a9tskE2MSN7TcG4Q==", "dev": true }, "node_modules/@typescript-eslint/eslint-plugin": { @@ -5051,9 +5051,9 @@ "dev": true }, "@types/node": { - "version": "17.0.30", - "resolved": "https://registry.npmjs.org/@types/node/-/node-17.0.30.tgz", - "integrity": "sha512-oNBIZjIqyHYP8VCNAV9uEytXVeXG2oR0w9lgAXro20eugRQfY002qr3CUl6BAe+Yf/z3CRjPdz27Pu6WWtuSRw==", + "version": "17.0.31", + "resolved": "https://registry.npmjs.org/@types/node/-/node-17.0.31.tgz", + "integrity": "sha512-AR0x5HbXGqkEx9CadRH3EBYx/VkiUgZIhP4wvPn/+5KIsgpNoyFaRlVe0Zlx9gRtg8fA06a9tskE2MSN7TcG4Q==", "dev": true }, "@typescript-eslint/eslint-plugin": { diff --git a/package.json b/package.json index 14f988d2c..dfc16c9b9 100644 --- a/package.json +++ b/package.json @@ -24,7 +24,7 @@ "packageurl-js": "^0.0.6" }, "devDependencies": { - "@types/node": "^17.0.30", + "@types/node": "^17.0.31", "deepmerge": "4.2.2", "mocha": "9.2.2", "ts-loader": "9.3.0", From d080276ae00a10b6c80dec249d1c052b737f7b62 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sat, 7 May 2022 13:32:23 +0200 Subject: [PATCH 097/233] support node18 (#30) Signed-off-by: Jan Kowalleck --- .github/workflows/nodejs.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/nodejs.yml b/.github/workflows/nodejs.yml index bc548c7d7..d79fd2b60 100644 --- a/.github/workflows/nodejs.yml +++ b/.github/workflows/nodejs.yml @@ -10,7 +10,7 @@ on: env: - NODE_ACTIVE_LTS: "16" + NODE_ACTIVE_LTS: "16" # see https://nodejs.org/en/about/releases/ jobs: build: @@ -55,7 +55,7 @@ jobs: node-version: # action based on https://github.com/actions/node-versions/releases # see also: https://nodejs.org/en/about/releases/ - - "17" # current + - "18" # current - "16" # active LTS - "14" - "14.0.0" # lowest supported From 232a53c180d9b81458081cf87cd598d1cfae6a30 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 7 May 2022 13:52:29 +0200 Subject: [PATCH 098/233] Bump mocha from 9.2.2 to 10.0.0 (#28) Bumps [mocha](https://github.com/mochajs/mocha) from 9.2.2 to 10.0.0. - [Release notes](https://github.com/mochajs/mocha/releases) - [Changelog](https://github.com/mochajs/mocha/blob/master/CHANGELOG.md) - [Commits](https://github.com/mochajs/mocha/compare/v9.2.2...v10.0.0) --- updated-dependencies: - dependency-name: mocha dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Jan Kowalleck --- package-lock.json | 125 +++++++++++++++++++++++----------------------- package.json | 2 +- 2 files changed, 64 insertions(+), 63 deletions(-) diff --git a/package-lock.json b/package-lock.json index 28158aac0..ba234f375 100644 --- a/package-lock.json +++ b/package-lock.json @@ -14,7 +14,7 @@ "devDependencies": { "@types/node": "^17.0.31", "deepmerge": "4.2.2", - "mocha": "9.2.2", + "mocha": "10.0.0", "ts-loader": "9.3.0", "ts-standard": "^11.0.0", "typescript": "4.6.4", @@ -1107,9 +1107,9 @@ } }, "node_modules/debug": { - "version": "4.3.3", - "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.3.tgz", - "integrity": "sha512-/zxw5+vh1Tfv+4Qn7a5nsbcJKPaSvCDhojn6FEl9vupwK2VCSDtEiEtqr8DFtzYFOdz63LBkxec7DYuc2jon6Q==", + "version": "4.3.4", + "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.4.tgz", + "integrity": "sha512-PRWFHuSU3eDtQJPvnNY7Jcket1j0t5OuOsFzPPzsekD52Zl8qUfFIPEiswXqIvHWGVHOgX+7G/vCNNhehwxfkQ==", "dev": true, "dependencies": { "ms": "2.1.2" @@ -2372,15 +2372,6 @@ "integrity": "sha512-9ByhssR2fPVsNZj478qUUbKfmL0+t5BDVyjShtyZZLiK7ZDAArFFfopyOTj0M05wE2tJPisA4iTnnXl2YoPvOA==", "dev": true }, - "node_modules/growl": { - "version": "1.10.5", - "resolved": "https://registry.npmjs.org/growl/-/growl-1.10.5.tgz", - "integrity": "sha512-qBr4OuELkhPenW6goKVXiv47US3clb3/IbuWF9KNKEijAy9oeHxU9IgzjvJhHkUzhaj7rOUD7+YGWqUjLp5oSA==", - "dev": true, - "engines": { - "node": ">=4.x" - } - }, "node_modules/has": { "version": "1.0.3", "resolved": "https://registry.npmjs.org/has/-/has-1.0.3.tgz", @@ -3098,17 +3089,26 @@ } }, "node_modules/minimatch": { - "version": "4.2.1", - "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-4.2.1.tgz", - "integrity": "sha512-9Uq1ChtSZO+Mxa/CL1eGizn2vRn3MlLgzhT0Iz8zaY8NdvxvB0d5QdPFmCKf7JKA9Lerx5vRrnwO03jsSfGG9g==", + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.0.1.tgz", + "integrity": "sha512-nLDxIFRyhDblz3qMuq+SoRZED4+miJ/G+tdDrjkkkRnjAsBexeGpgjLEQ0blJy7rHhR2b93rhQY4SvyWu9v03g==", "dev": true, "dependencies": { - "brace-expansion": "^1.1.7" + "brace-expansion": "^2.0.1" }, "engines": { "node": ">=10" } }, + "node_modules/minimatch/node_modules/brace-expansion": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz", + "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==", + "dev": true, + "dependencies": { + "balanced-match": "^1.0.0" + } + }, "node_modules/minimist": { "version": "1.2.6", "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.6.tgz", @@ -3116,42 +3116,40 @@ "dev": true }, "node_modules/mocha": { - "version": "9.2.2", - "resolved": "https://registry.npmjs.org/mocha/-/mocha-9.2.2.tgz", - "integrity": "sha512-L6XC3EdwT6YrIk0yXpavvLkn8h+EU+Y5UcCHKECyMbdUIxyMuZj4bX4U9e1nvnvUUvQVsV2VHQr5zLdcUkhW/g==", + "version": "10.0.0", + "resolved": "https://registry.npmjs.org/mocha/-/mocha-10.0.0.tgz", + "integrity": "sha512-0Wl+elVUD43Y0BqPZBzZt8Tnkw9CMUdNYnUsTfOM1vuhJVZL+kiesFYsqwBkEEuEixaiPe5ZQdqDgX2jddhmoA==", "dev": true, "dependencies": { "@ungap/promise-all-settled": "1.1.2", "ansi-colors": "4.1.1", "browser-stdout": "1.3.1", "chokidar": "3.5.3", - "debug": "4.3.3", + "debug": "4.3.4", "diff": "5.0.0", "escape-string-regexp": "4.0.0", "find-up": "5.0.0", "glob": "7.2.0", - "growl": "1.10.5", "he": "1.2.0", "js-yaml": "4.1.0", "log-symbols": "4.1.0", - "minimatch": "4.2.1", + "minimatch": "5.0.1", "ms": "2.1.3", - "nanoid": "3.3.1", + "nanoid": "3.3.3", "serialize-javascript": "6.0.0", "strip-json-comments": "3.1.1", "supports-color": "8.1.1", - "which": "2.0.2", - "workerpool": "6.2.0", + "workerpool": "6.2.1", "yargs": "16.2.0", "yargs-parser": "20.2.4", "yargs-unparser": "2.0.0" }, "bin": { "_mocha": "bin/_mocha", - "mocha": "bin/mocha" + "mocha": "bin/mocha.js" }, "engines": { - "node": ">= 12.0.0" + "node": ">= 14.0.0" }, "funding": { "type": "opencollective", @@ -3165,9 +3163,9 @@ "dev": true }, "node_modules/nanoid": { - "version": "3.3.1", - "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.1.tgz", - "integrity": "sha512-n6Vs/3KGyxPQd6uO0eH4Bv0ojGSUvuLlIHtC3Y0kEO23YRge8H9x1GCzLn28YX0H66pMkxuaeESFq4tKISKwdw==", + "version": "3.3.3", + "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.3.tgz", + "integrity": "sha512-p1sjXuopFs0xg+fPASzQ28agW1oHD7xDsd9Xkf3T15H3c/cifrFHVwrh74PdoklAPi+i7MdRsE47vm2r6JoB+w==", "dev": true, "bin": { "nanoid": "bin/nanoid.cjs" @@ -4707,9 +4705,9 @@ } }, "node_modules/workerpool": { - "version": "6.2.0", - "resolved": "https://registry.npmjs.org/workerpool/-/workerpool-6.2.0.tgz", - "integrity": "sha512-Rsk5qQHJ9eowMH28Jwhe8HEbmdYDX4lwoMWshiCXugjtHqMD9ZbiqSDLxcsfdqsETPzVUtX5s1Z5kStiIM6l4A==", + "version": "6.2.1", + "resolved": "https://registry.npmjs.org/workerpool/-/workerpool-6.2.1.tgz", + "integrity": "sha512-ILEIE97kDZvF9Wb9f6h5aXK4swSlKGUcOEGiIYb2OOu/IrDU9iwj0fD//SsA6E5ibwJxpEvhullJY4Sl4GcpAw==", "dev": true }, "node_modules/wrap-ansi": { @@ -5638,9 +5636,9 @@ } }, "debug": { - "version": "4.3.3", - "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.3.tgz", - "integrity": "sha512-/zxw5+vh1Tfv+4Qn7a5nsbcJKPaSvCDhojn6FEl9vupwK2VCSDtEiEtqr8DFtzYFOdz63LBkxec7DYuc2jon6Q==", + "version": "4.3.4", + "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.4.tgz", + "integrity": "sha512-PRWFHuSU3eDtQJPvnNY7Jcket1j0t5OuOsFzPPzsekD52Zl8qUfFIPEiswXqIvHWGVHOgX+7G/vCNNhehwxfkQ==", "dev": true, "requires": { "ms": "2.1.2" @@ -6568,12 +6566,6 @@ "integrity": "sha512-9ByhssR2fPVsNZj478qUUbKfmL0+t5BDVyjShtyZZLiK7ZDAArFFfopyOTj0M05wE2tJPisA4iTnnXl2YoPvOA==", "dev": true }, - "growl": { - "version": "1.10.5", - "resolved": "https://registry.npmjs.org/growl/-/growl-1.10.5.tgz", - "integrity": "sha512-qBr4OuELkhPenW6goKVXiv47US3clb3/IbuWF9KNKEijAy9oeHxU9IgzjvJhHkUzhaj7rOUD7+YGWqUjLp5oSA==", - "dev": true - }, "has": { "version": "1.0.3", "resolved": "https://registry.npmjs.org/has/-/has-1.0.3.tgz", @@ -7080,12 +7072,23 @@ "dev": true }, "minimatch": { - "version": "4.2.1", - "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-4.2.1.tgz", - "integrity": "sha512-9Uq1ChtSZO+Mxa/CL1eGizn2vRn3MlLgzhT0Iz8zaY8NdvxvB0d5QdPFmCKf7JKA9Lerx5vRrnwO03jsSfGG9g==", + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.0.1.tgz", + "integrity": "sha512-nLDxIFRyhDblz3qMuq+SoRZED4+miJ/G+tdDrjkkkRnjAsBexeGpgjLEQ0blJy7rHhR2b93rhQY4SvyWu9v03g==", "dev": true, "requires": { - "brace-expansion": "^1.1.7" + "brace-expansion": "^2.0.1" + }, + "dependencies": { + "brace-expansion": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz", + "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==", + "dev": true, + "requires": { + "balanced-match": "^1.0.0" + } + } } }, "minimist": { @@ -7095,32 +7098,30 @@ "dev": true }, "mocha": { - "version": "9.2.2", - "resolved": "https://registry.npmjs.org/mocha/-/mocha-9.2.2.tgz", - "integrity": "sha512-L6XC3EdwT6YrIk0yXpavvLkn8h+EU+Y5UcCHKECyMbdUIxyMuZj4bX4U9e1nvnvUUvQVsV2VHQr5zLdcUkhW/g==", + "version": "10.0.0", + "resolved": "https://registry.npmjs.org/mocha/-/mocha-10.0.0.tgz", + "integrity": "sha512-0Wl+elVUD43Y0BqPZBzZt8Tnkw9CMUdNYnUsTfOM1vuhJVZL+kiesFYsqwBkEEuEixaiPe5ZQdqDgX2jddhmoA==", "dev": true, "requires": { "@ungap/promise-all-settled": "1.1.2", "ansi-colors": "4.1.1", "browser-stdout": "1.3.1", "chokidar": "3.5.3", - "debug": "4.3.3", + "debug": "4.3.4", "diff": "5.0.0", "escape-string-regexp": "4.0.0", "find-up": "5.0.0", "glob": "7.2.0", - "growl": "1.10.5", "he": "1.2.0", "js-yaml": "4.1.0", "log-symbols": "4.1.0", - "minimatch": "4.2.1", + "minimatch": "5.0.1", "ms": "2.1.3", - "nanoid": "3.3.1", + "nanoid": "3.3.3", "serialize-javascript": "6.0.0", "strip-json-comments": "3.1.1", "supports-color": "8.1.1", - "which": "2.0.2", - "workerpool": "6.2.0", + "workerpool": "6.2.1", "yargs": "16.2.0", "yargs-parser": "20.2.4", "yargs-unparser": "2.0.0" @@ -7133,9 +7134,9 @@ "dev": true }, "nanoid": { - "version": "3.3.1", - "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.1.tgz", - "integrity": "sha512-n6Vs/3KGyxPQd6uO0eH4Bv0ojGSUvuLlIHtC3Y0kEO23YRge8H9x1GCzLn28YX0H66pMkxuaeESFq4tKISKwdw==", + "version": "3.3.3", + "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.3.tgz", + "integrity": "sha512-p1sjXuopFs0xg+fPASzQ28agW1oHD7xDsd9Xkf3T15H3c/cifrFHVwrh74PdoklAPi+i7MdRsE47vm2r6JoB+w==", "dev": true }, "natural-compare": { @@ -8195,9 +8196,9 @@ "dev": true }, "workerpool": { - "version": "6.2.0", - "resolved": "https://registry.npmjs.org/workerpool/-/workerpool-6.2.0.tgz", - "integrity": "sha512-Rsk5qQHJ9eowMH28Jwhe8HEbmdYDX4lwoMWshiCXugjtHqMD9ZbiqSDLxcsfdqsETPzVUtX5s1Z5kStiIM6l4A==", + "version": "6.2.1", + "resolved": "https://registry.npmjs.org/workerpool/-/workerpool-6.2.1.tgz", + "integrity": "sha512-ILEIE97kDZvF9Wb9f6h5aXK4swSlKGUcOEGiIYb2OOu/IrDU9iwj0fD//SsA6E5ibwJxpEvhullJY4Sl4GcpAw==", "dev": true }, "wrap-ansi": { diff --git a/package.json b/package.json index dfc16c9b9..d1111b393 100644 --- a/package.json +++ b/package.json @@ -26,7 +26,7 @@ "devDependencies": { "@types/node": "^17.0.31", "deepmerge": "4.2.2", - "mocha": "9.2.2", + "mocha": "10.0.0", "ts-loader": "9.3.0", "ts-standard": "^11.0.0", "typescript": "4.6.4", From e2d92c88bf8ce7a177b7dd20434e7e8763ac2838 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sat, 7 May 2022 14:11:10 +0200 Subject: [PATCH 099/233] Update bom.ts Signed-off-by: Jan Kowalleck --- src/models/bom.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/models/bom.ts b/src/models/bom.ts index e3a4334b9..2dc3c94b9 100644 --- a/src/models/bom.ts +++ b/src/models/bom.ts @@ -34,7 +34,7 @@ export class Bom { */ set serialNumber (value: UrnUuid | null) { if (value !== null && !isUrnUuid(value)) { - throw new TypeError('Not UrnUuid') + throw new TypeError('Not UrnUuid nor null') } this.#serialNumber = value } From 1e4d2ffe51a8dbf83d8b7d5aaa488c1692d55573 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sat, 7 May 2022 14:44:59 +0200 Subject: [PATCH 100/233] initial dependency graph work Signed-off-by: Jan Kowalleck --- src/models/bom.ts | 9 ++++++--- src/models/component.ts | 11 ++++++++++- src/serialize/JSON.normalize.ts | 12 +++++++++++- src/serialize/JSON.ts | 1 - src/serialize/JSON.types.ts | 8 +++++++- src/spec.ts | 20 ++++++++++++++++---- 6 files changed, 50 insertions(+), 11 deletions(-) diff --git a/src/models/bom.ts b/src/models/bom.ts index 2dc3c94b9..692753906 100644 --- a/src/models/bom.ts +++ b/src/models/bom.ts @@ -3,12 +3,15 @@ import { Metadata } from './metadata' import { ComponentRepository } from './component' export class Bom { - // property `bomFormat` is not part of model, it is a runtime information - // property `specVersion` is not part of model, it is a runtime information - metadata = new Metadata() components = new ComponentRepository() + // Property `bomFormat` is not part of model, it is a runtime information. + // Property `specVersion` is not part of model, it is a runtime information. + + // Property `dependencies` is not part of this model, but part of `Component` and other models. + // The dependency grapth can be normalized on rendertime, no need to store it in the bom model. + #version: PositiveInteger = 1 get version (): PositiveInteger { return this.#version diff --git a/src/models/component.ts b/src/models/component.ts index 787bc5224..41ab1c014 100644 --- a/src/models/component.ts +++ b/src/models/component.ts @@ -2,7 +2,7 @@ import { PackageURL } from 'packageurl-js' import { CPE, isCPE } from '../types' import { ComponentScope, ComponentType } from '../enums' -import { BomRef } from './bomRef' +import { BomRef, BomRefRepository } from './bomRef' import { HashRepository } from './hash' import { OrganizationalEntity } from './organizationalEntity' import { ExternalReferenceRepository } from './externalReference' @@ -48,6 +48,15 @@ export class Component { this.#cpe = value } + #dependencies = new BomRefRepository() + get dependencies (): BomRefRepository { + return this.#dependencies + } + + set dependencies (value: BomRefRepository) { + this.#dependencies = value + } + compare (other: Component): number { const bomRefCompare = this.bomRef.compare(other.bomRef) if (bomRefCompare !== 0) { return bomRefCompare } diff --git a/src/serialize/JSON.normalize.ts b/src/serialize/JSON.normalize.ts index df907a549..dfbcf4fd8 100644 --- a/src/serialize/JSON.normalize.ts +++ b/src/serialize/JSON.normalize.ts @@ -86,9 +86,19 @@ export class BomNormalizer extends Base { metadata: this.factory.makeForMetadata().normalize(data.metadata, options), components: data.components.size > 0 ? this.factory.makeForComponent().normalizeIter(data.components, options) - : [] // spec < 1.4 requires `component` to be array + // spec < 1.4 requires `component` to be array + : [], + dependencies: this.factory.spec.supportsDependencyGraph + ? this.#normalizeDependencies(data, options) + : undefined } } + + #normalizeDependencies (data: Models.Bom, options: Options): Types.Depndency[] | undefined { + // @TODO: render dependency graph + // @TODO bom-refs values make unique ... - and find a way to create consistent hash values or something. for reproducibility.... ? + return undefined + } } export class MetadataNormalizer extends Base { diff --git a/src/serialize/JSON.ts b/src/serialize/JSON.ts index 3cfd4639c..98f1f78ce 100644 --- a/src/serialize/JSON.ts +++ b/src/serialize/JSON.ts @@ -27,7 +27,6 @@ export class Serializer implements SerializerProtocol { } serialize (bom: Bom, options: NormalizerOptions = {}): string { - // @TODO bom-refs values make unique ... - and find a way to create consistent hash values or something. for reproducibility.... const _bom: JsonBom = { $schema: JsonSchemaUrl.get(this.#normalizerFactory.spec.version), ...this.#normalizerFactory.makeForBom().normalize(bom, options) diff --git a/src/serialize/JSON.types.ts b/src/serialize/JSON.types.ts index ac949de80..4eeb6d0b2 100644 --- a/src/serialize/JSON.types.ts +++ b/src/serialize/JSON.types.ts @@ -1,7 +1,7 @@ import * as Enums from '../enums' import { SpdxId } from '../SPDX' import { CPE, PositiveInteger, UrnUuid } from '../types' -import { HashContent } from '../models' +import { BomRef, HashContent } from '../models' type IriReference = string type IdnEmail = string @@ -18,6 +18,7 @@ export interface Bom { metadata?: Metadata components?: Component[] externalReferences?: ExternalReference[] + dependencies?: Depndency[] } export interface Metadata { @@ -121,3 +122,8 @@ export interface Attachment { contentType?: string encoding?: Enums.AttachmentEncoding } + +export interface Depndency { + ref: BomRef + dependsOn?: BomRef[] +} diff --git a/src/spec.ts b/src/spec.ts index 3960dd05d..66ae72a3d 100644 --- a/src/spec.ts +++ b/src/spec.ts @@ -29,6 +29,8 @@ export interface Protocol { supportsHashValue: (hv: HashContent | any) => boolean supportsExternalReferenceType: (ert: ExternalReferenceType | any) => boolean + + readonly supportsDependencyGraph: boolean } class Spec implements Protocol { @@ -38,6 +40,7 @@ class Spec implements Protocol { readonly #hashAlgorithms: ReadonlySet readonly #hashValuePattern: RegExp readonly #externalReferenceTypes: ReadonlySet + readonly #supportsDependencyGraph: boolean constructor ( version: Version, @@ -45,7 +48,8 @@ class Spec implements Protocol { componentTypes: Iterable, hashAlgorithms: Iterable, hashValuePattern: RegExp, - externalReferenceTypes: Iterable + externalReferenceTypes: Iterable, + supportsDependencyGraph: boolean ) { this.#version = version this.#formats = new Set(formats) @@ -53,6 +57,7 @@ class Spec implements Protocol { this.#hashAlgorithms = new Set(hashAlgorithms) this.#hashValuePattern = hashValuePattern this.#externalReferenceTypes = new Set(externalReferenceTypes) + this.#supportsDependencyGraph = supportsDependencyGraph } get version (): Version { @@ -79,6 +84,10 @@ class Spec implements Protocol { supportsExternalReferenceType (ert: ExternalReferenceType | any): boolean { return this.#externalReferenceTypes.has(ert) } + + get supportsDependencyGraph (): boolean { + return this.#supportsDependencyGraph + } } /** Specification v1.2 */ @@ -129,7 +138,8 @@ export const Spec1dot2: Protocol = Object.freeze(new Spec( ExternalReferenceType.BuildMeta, ExternalReferenceType.BuildSystem, ExternalReferenceType.Other - ] + ], + true )) /** Specification v1.3 */ @@ -180,7 +190,8 @@ export const Spec1dot3: Protocol = Object.freeze(new Spec( ExternalReferenceType.BuildMeta, ExternalReferenceType.BuildSystem, ExternalReferenceType.Other - ] + ], + true )) /** Specification v1.4 */ @@ -232,7 +243,8 @@ export const Spec1dot4: Protocol = Object.freeze(new Spec( ExternalReferenceType.BuildSystem, ExternalReferenceType.ReleaseNotes, ExternalReferenceType.Other - ] + ], + true )) export const SpecVersionDict: { readonly [key in Version]?: Protocol } = Object.freeze(Object.fromEntries([ From bde0ba13cba2ebef8ba2b48796fdd8c928c42b22 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sat, 7 May 2022 15:10:41 +0200 Subject: [PATCH 101/233] wip Signed-off-by: Jan Kowalleck --- src/serialize/JSON.normalize.ts | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/serialize/JSON.normalize.ts b/src/serialize/JSON.normalize.ts index dfbcf4fd8..e864b649c 100644 --- a/src/serialize/JSON.normalize.ts +++ b/src/serialize/JSON.normalize.ts @@ -82,7 +82,7 @@ export class BomNormalizer extends Base { bomFormat: 'CycloneDX', specVersion: this.factory.spec.version, version: data.version, - serialNumber: data.serialNumber || undefined, + serialNumber: data.serialNumber ?? undefined, metadata: this.factory.makeForMetadata().normalize(data.metadata, options), components: data.components.size > 0 ? this.factory.makeForComponent().normalizeIter(data.components, options) @@ -213,7 +213,7 @@ export class ComponentNormalizer extends Base { author: data.author || undefined, publisher: data.publisher || undefined, description: data.description || undefined, - scope: data.scope || undefined, + scope: data.scope ?? undefined, hashes: data.hashes.size > 0 ? this.factory.makeForHash().normalizeIter(data.hashes, options) : undefined, @@ -332,7 +332,7 @@ class AttachmentNormalizer extends Base { return { content: data.content, contentType: data.contentType || undefined, - encoding: data.encoding || undefined + encoding: data.encoding ?? undefined } } } From 9ecf49b592672e1ebdb8566e2d2506d62917f0ee Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sat, 7 May 2022 15:18:56 +0200 Subject: [PATCH 102/233] wip Signed-off-by: Jan Kowalleck --- src/serialize/JSON.types.ts | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/src/serialize/JSON.types.ts b/src/serialize/JSON.types.ts index 4eeb6d0b2..f69f9e9ac 100644 --- a/src/serialize/JSON.types.ts +++ b/src/serialize/JSON.types.ts @@ -1,13 +1,17 @@ import * as Enums from '../enums' import { SpdxId } from '../SPDX' import { CPE, PositiveInteger, UrnUuid } from '../types' -import { BomRef, HashContent } from '../models' +// #region JSON schema globals type IriReference = string type IdnEmail = string type DateTime = string +// #endregion +// #region JSON schema internals +type HashContent = string type RefType = string +// #endregion export interface Bom { '$schema'?: string @@ -124,6 +128,6 @@ export interface Attachment { } export interface Depndency { - ref: BomRef - dependsOn?: BomRef[] + ref: RefType + dependsOn?: RefType[] } From a501a4b195a1d44180b2c71c955555c688238f5d Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sat, 7 May 2022 15:27:45 +0200 Subject: [PATCH 103/233] wip Signed-off-by: Jan Kowalleck --- src/SPDX.ts | 6 ++++++ src/serialize/JSON.types.ts | 8 ++------ 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/src/SPDX.ts b/src/SPDX.ts index c2a93d62f..924608518 100644 --- a/src/SPDX.ts +++ b/src/SPDX.ts @@ -3,6 +3,12 @@ import { enum as _spdxSpecEnum } from '../res/spdx.SNAPSHOT.schema.json' /* eslint-enable */ +/** + * One of the known SPDX licence identifiers. + * See http://cyclonedx.org/schema/spdx + * @see isSupportedSpdxId + * @see fixupSpdxId + */ export type SpdxId = string const spdxIds: ReadonlySet = new Set(_spdxSpecEnum) diff --git a/src/serialize/JSON.types.ts b/src/serialize/JSON.types.ts index f69f9e9ac..d5a1b9a92 100644 --- a/src/serialize/JSON.types.ts +++ b/src/serialize/JSON.types.ts @@ -1,17 +1,13 @@ import * as Enums from '../enums' +import { HashContent } from '../models' import { SpdxId } from '../SPDX' import { CPE, PositiveInteger, UrnUuid } from '../types' -// #region JSON schema globals type IriReference = string type IdnEmail = string type DateTime = string -// #endregion -// #region JSON schema internals -type HashContent = string type RefType = string -// #endregion export interface Bom { '$schema'?: string @@ -93,7 +89,7 @@ export interface NamedLicense { export interface SpdxLicense { license: { - id: SpdxId + id: SpdxId // See http://cyclonedx.org/schema/spdx text?: Attachment url?: string } From 61276d20234bfee17c230e0bf4ee7f78812f5daa Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sun, 8 May 2022 12:26:12 +0200 Subject: [PATCH 104/233] dependencies normalized (#31) Signed-off-by: Jan Kowalleck --- src/models/bomRef.ts | 6 +++- src/serialize/JSON.normalize.ts | 32 +++++++++++++++++-- src/serialize/JSON.ts | 13 +++++--- test/_data/serialize.js | 13 +++++++- .../serializeResults/complex_spec1.2.json | 21 +++++++++++- .../serializeResults/complex_spec1.3.json | 21 +++++++++++- .../serializeResults/complex_spec1.4.json | 21 +++++++++++- .../serializeResults/sortedLists_spec1.2.json | 21 +++++++++++- .../serializeResults/sortedLists_spec1.3.json | 21 +++++++++++- .../serializeResults/sortedLists_spec1.4.json | 21 +++++++++++- 10 files changed, 175 insertions(+), 15 deletions(-) diff --git a/src/models/bomRef.ts b/src/models/bomRef.ts index a79b1b41c..23f373ccf 100644 --- a/src/models/bomRef.ts +++ b/src/models/bomRef.ts @@ -1,5 +1,9 @@ export class BomRef { - value: string | null = null + value: string | null + + constructor (value: string | null = null) { + this.value = value + } compare (other: BomRef): number { return (this.value ?? '').localeCompare(other.value ?? '') diff --git a/src/serialize/JSON.normalize.ts b/src/serialize/JSON.normalize.ts index e864b649c..52c02331a 100644 --- a/src/serialize/JSON.normalize.ts +++ b/src/serialize/JSON.normalize.ts @@ -95,9 +95,35 @@ export class BomNormalizer extends Base { } #normalizeDependencies (data: Models.Bom, options: Options): Types.Depndency[] | undefined { - // @TODO: render dependency graph - // @TODO bom-refs values make unique ... - and find a way to create consistent hash values or something. for reproducibility.... ? - return undefined + if (!data.metadata.component) { + // the graph is missint the entry point -> omit the graph + return undefined + } + + const allDeps = new Map() + data.components.forEach(c => allDeps.set(c.bomRef, new Models.BomRefRepository(c.dependencies))) + allDeps.set(data.metadata.component.bomRef, data.metadata.component.dependencies) + + const dependencies: Types.Depndency[] = [] + + allDeps.forEach((deps, ref) => { + if (ref.value === null) { return } + const dependsOn = Array.from(deps).filter(d => allDeps.has(d)) + .map(d => d.value).filter(d => d !== null) as string[] + dependencies.push({ + ref: ref.value, + dependsOn: dependsOn.length > 0 + ? dependsOn + : undefined + }) + }) + + if (options.sortLists) { + dependencies.sort((a, b) => a.ref.localeCompare(b.ref)) + dependencies.forEach(d => d.dependsOn?.sort((a, b) => a.localeCompare(b))) + } + + return dependencies } } diff --git a/src/serialize/JSON.ts b/src/serialize/JSON.ts index 98f1f78ce..d15d66c74 100644 --- a/src/serialize/JSON.ts +++ b/src/serialize/JSON.ts @@ -27,10 +27,15 @@ export class Serializer implements SerializerProtocol { } serialize (bom: Bom, options: NormalizerOptions = {}): string { - const _bom: JsonBom = { - $schema: JsonSchemaUrl.get(this.#normalizerFactory.spec.version), - ...this.#normalizerFactory.makeForBom().normalize(bom, options) + // @TODO bom-refs values make unique ... - and find a way to create consistent hash values or something. for reproducibility.... ? + try { + const _bom: JsonBom = { + $schema: JsonSchemaUrl.get(this.#normalizerFactory.spec.version), + ...this.#normalizerFactory.makeForBom().normalize(bom, options) + } + return JSON.stringify(_bom, null, 2) + } finally { + // @TODO revert modified bomRefs } - return JSON.stringify(_bom, null, 2) } } diff --git a/test/_data/serialize.js b/test/_data/serialize.js index e9aba5f73..5613f01e0 100644 --- a/test/_data/serialize.js +++ b/test/_data/serialize.js @@ -147,9 +147,20 @@ function createComplexStructure () { component.swid.text.encoding = Enums.AttachmentEncoding.Base64 component.swid.url = new URL('https://localhost/swid') component.version = '1337-beta' + + bom.metadata.component.dependencies.add(component.bomRef) + return component })(new Models.Component(Enums.ComponentType.Library, 'dummy-component'))) - bom.components.add(new Models.Component(Enums.ComponentType.Library, 'a-component')) + bom.components.add(function (component) { + component.bomRef.value = 'a-component' + component.dependencies.add(new Models.BomRef('unknown foreign ref that should not be rendered')) + + bom.metadata.component.dependencies.add(component.bomRef) + bom.components.forEach(c => c.dependencies.add(component.bomRef)) + + return component + }(new Models.Component(Enums.ComponentType.Library, 'a-component'))) return bom } diff --git a/test/_data/serializeResults/complex_spec1.2.json b/test/_data/serializeResults/complex_spec1.2.json index 7844a4339..c5ab144a1 100644 --- a/test/_data/serializeResults/complex_spec1.2.json +++ b/test/_data/serializeResults/complex_spec1.2.json @@ -159,7 +159,26 @@ { "type": "library", "name": "a-component", - "version": "" + "version": "", + "bom-ref": "a-component" + } + ], + "dependencies": [ + { + "ref": "dummy-component", + "dependsOn": [ + "a-component" + ] + }, + { + "ref": "a-component" + }, + { + "ref": "dummy.metadata.component", + "dependsOn": [ + "dummy-component", + "a-component" + ] } ] } \ No newline at end of file diff --git a/test/_data/serializeResults/complex_spec1.3.json b/test/_data/serializeResults/complex_spec1.3.json index ace35a43e..d893bf921 100644 --- a/test/_data/serializeResults/complex_spec1.3.json +++ b/test/_data/serializeResults/complex_spec1.3.json @@ -159,7 +159,26 @@ { "type": "library", "name": "a-component", - "version": "" + "version": "", + "bom-ref": "a-component" + } + ], + "dependencies": [ + { + "ref": "dummy-component", + "dependsOn": [ + "a-component" + ] + }, + { + "ref": "a-component" + }, + { + "ref": "dummy.metadata.component", + "dependsOn": [ + "dummy-component", + "a-component" + ] } ] } \ No newline at end of file diff --git a/test/_data/serializeResults/complex_spec1.4.json b/test/_data/serializeResults/complex_spec1.4.json index 7b30a6587..ed9f48add 100644 --- a/test/_data/serializeResults/complex_spec1.4.json +++ b/test/_data/serializeResults/complex_spec1.4.json @@ -163,7 +163,26 @@ { "type": "library", "name": "a-component", - "version": "" + "version": "", + "bom-ref": "a-component" + } + ], + "dependencies": [ + { + "ref": "dummy-component", + "dependsOn": [ + "a-component" + ] + }, + { + "ref": "a-component" + }, + { + "ref": "dummy.metadata.component", + "dependsOn": [ + "dummy-component", + "a-component" + ] } ] } \ No newline at end of file diff --git a/test/_data/serializeResults/sortedLists_spec1.2.json b/test/_data/serializeResults/sortedLists_spec1.2.json index cac9d4f76..232bfd92e 100644 --- a/test/_data/serializeResults/sortedLists_spec1.2.json +++ b/test/_data/serializeResults/sortedLists_spec1.2.json @@ -68,7 +68,8 @@ { "type": "library", "name": "a-component", - "version": "" + "version": "", + "bom-ref": "a-component" }, { "type": "library", @@ -161,5 +162,23 @@ } ] } + ], + "dependencies": [ + { + "ref": "a-component" + }, + { + "ref": "dummy-component", + "dependsOn": [ + "a-component" + ] + }, + { + "ref": "dummy.metadata.component", + "dependsOn": [ + "a-component", + "dummy-component" + ] + } ] } \ No newline at end of file diff --git a/test/_data/serializeResults/sortedLists_spec1.3.json b/test/_data/serializeResults/sortedLists_spec1.3.json index 64b8c3488..5009f5e82 100644 --- a/test/_data/serializeResults/sortedLists_spec1.3.json +++ b/test/_data/serializeResults/sortedLists_spec1.3.json @@ -68,7 +68,8 @@ { "type": "library", "name": "a-component", - "version": "" + "version": "", + "bom-ref": "a-component" }, { "type": "library", @@ -161,5 +162,23 @@ } ] } + ], + "dependencies": [ + { + "ref": "a-component" + }, + { + "ref": "dummy-component", + "dependsOn": [ + "a-component" + ] + }, + { + "ref": "dummy.metadata.component", + "dependsOn": [ + "a-component", + "dummy-component" + ] + } ] } \ No newline at end of file diff --git a/test/_data/serializeResults/sortedLists_spec1.4.json b/test/_data/serializeResults/sortedLists_spec1.4.json index 8f5cf87fe..4b7475604 100644 --- a/test/_data/serializeResults/sortedLists_spec1.4.json +++ b/test/_data/serializeResults/sortedLists_spec1.4.json @@ -68,7 +68,8 @@ { "type": "library", "name": "a-component", - "version": "" + "version": "", + "bom-ref": "a-component" }, { "type": "library", @@ -165,5 +166,23 @@ } ] } + ], + "dependencies": [ + { + "ref": "a-component" + }, + { + "ref": "dummy-component", + "dependsOn": [ + "a-component" + ] + }, + { + "ref": "dummy.metadata.component", + "dependsOn": [ + "a-component", + "dummy-component" + ] + } ] } \ No newline at end of file From 73b150e49d94c1db07be3671f333baa427373be8 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sun, 8 May 2022 14:53:15 +0200 Subject: [PATCH 105/233] wip Signed-off-by: Jan Kowalleck --- src/models/bomRef.ts | 4 +- src/serialize/JSON.normalize.ts | 125 ++++++++++++++++++++------------ 2 files changed, 81 insertions(+), 48 deletions(-) diff --git a/src/models/bomRef.ts b/src/models/bomRef.ts index 23f373ccf..317ffaae9 100644 --- a/src/models/bomRef.ts +++ b/src/models/bomRef.ts @@ -1,7 +1,7 @@ export class BomRef { - value: string | null + value: string | undefined - constructor (value: string | null = null) { + constructor (value: string | undefined = undefined) { this.value = value } diff --git a/src/serialize/JSON.normalize.ts b/src/serialize/JSON.normalize.ts index 52c02331a..45d9671e2 100644 --- a/src/serialize/JSON.normalize.ts +++ b/src/serialize/JSON.normalize.ts @@ -52,6 +52,10 @@ export class Factory { makeForAttachment (): AttachmentNormalizer { return new AttachmentNormalizer(this) } + + makeForDependencyGraph (): DependencyGraphNormalizer { + return new DependencyGraphNormalizer(this) + } } export interface Options { @@ -73,8 +77,8 @@ abstract class Base implements Protocol { } /* eslint-disable @typescript-eslint/prefer-nullish-coalescing, @typescript-eslint/strict-boolean-expressions -- - * since empty strings need to be treated here - **/ + * since empty strings need to be treated as undefined/null + */ export class BomNormalizer extends Base { normalize (data: Models.Bom, options: Options): Types.Bom { @@ -89,42 +93,10 @@ export class BomNormalizer extends Base { // spec < 1.4 requires `component` to be array : [], dependencies: this.factory.spec.supportsDependencyGraph - ? this.#normalizeDependencies(data, options) + ? this.factory.makeForDependencyGraph().normalize(data, options) : undefined } } - - #normalizeDependencies (data: Models.Bom, options: Options): Types.Depndency[] | undefined { - if (!data.metadata.component) { - // the graph is missint the entry point -> omit the graph - return undefined - } - - const allDeps = new Map() - data.components.forEach(c => allDeps.set(c.bomRef, new Models.BomRefRepository(c.dependencies))) - allDeps.set(data.metadata.component.bomRef, data.metadata.component.dependencies) - - const dependencies: Types.Depndency[] = [] - - allDeps.forEach((deps, ref) => { - if (ref.value === null) { return } - const dependsOn = Array.from(deps).filter(d => allDeps.has(d)) - .map(d => d.value).filter(d => d !== null) as string[] - dependencies.push({ - ref: ref.value, - dependsOn: dependsOn.length > 0 - ? dependsOn - : undefined - }) - }) - - if (options.sortLists) { - dependencies.sort((a, b) => a.ref.localeCompare(b.ref)) - dependencies.forEach(d => d.dependsOn?.sort((a, b) => a.localeCompare(b))) - } - - return dependencies - } } export class MetadataNormalizer extends Base { @@ -165,7 +137,9 @@ export class ToolNormalizer extends Base { normalizeIter (data: Iterable, options: Options): Types.Tool[] { const tools = Array.from(data) - if (options.sortLists) { tools.sort(Models.ToolRepository.compareItems) } + if (options.sortLists) { + tools.sort(Models.ToolRepository.compareItems) + } return tools.map(t => this.normalize(t, options)) } } @@ -183,7 +157,9 @@ export class HashNormalizer extends Base { normalizeIter (data: Iterable, options: Options): Types.Hash[] { const hashes = Array.from(data) - if (options.sortLists) { hashes.sort(Models.HashRepository.compareItems) } + if (options.sortLists) { + hashes.sort(Models.HashRepository.compareItems) + } return hashes.map(h => this.normalize(h, options)) .filter(h => undefined !== h) as Types.Hash[] } @@ -201,7 +177,9 @@ export class OrganizationalContactNormalizer extends Base { normalizeIter (data: Iterable, options: Options): Types.OrganizationalContact[] { const contacts = Array.from(data) - if (options.sortLists) { contacts.sort(Models.OrganizationalContactRepository.compareItems) } + if (options.sortLists) { + contacts.sort(Models.OrganizationalContactRepository.compareItems) + } return contacts.map(c => this.normalize(c, options)) } } @@ -218,7 +196,9 @@ export class OrganizationalEntityNormalizer extends Base { ? this.factory.makeForOrganizationalContact().normalizeIter(data.contact, options) : undefined } - if (options.sortLists && r.url) { r.url.sort((a, b) => a.localeCompare(b)) } + if (options.sortLists && r.url) { + r.url.sort((a, b) => a.localeCompare(b)) + } return r } } @@ -261,13 +241,15 @@ export class ComponentNormalizer extends Base { normalizeIter (data: Iterable, options: Options): Types.Component[] { const components = Array.from(data) - if (options.sortLists) { components.sort(Models.ComponentRepository.compareItems) } + if (options.sortLists) { + components.sort(Models.ComponentRepository.compareItems) + } return components.map(c => this.normalize(c, options)) .filter(c => undefined !== c) as Types.Component[] } } -class LicenseNormalizer extends Base { +export class LicenseNormalizer extends Base { normalize (data: Models.License, options: Options): Types.License { switch (true) { case data instanceof Models.NamedLicense: @@ -313,12 +295,14 @@ class LicenseNormalizer extends Base { normalizeIter (data: Iterable, options: Options): Types.License[] { const licenses = Array.from(data) - if (options.sortLists) { licenses.sort(Models.LicenseRepository.compareItems) } + if (options.sortLists) { + licenses.sort(Models.LicenseRepository.compareItems) + } return licenses.map(c => this.normalize(c, options)) } } -class SWIDNormalizer extends Base { +export class SWIDNormalizer extends Base { normalize (data: Models.SWID, options: Options): Types.SWID { return { tagId: data.tagId, @@ -334,7 +318,7 @@ class SWIDNormalizer extends Base { } } -class ExternalReferenceNormalizer extends Base { +export class ExternalReferenceNormalizer extends Base { normalize (data: Models.ExternalReference, options: Options): Types.ExternalReference | undefined { return this.factory.spec.supportsExternalReferenceType(data.type) ? { @@ -347,13 +331,15 @@ class ExternalReferenceNormalizer extends Base { normalizeIter (data: Iterable, options: Options): Types.ExternalReference[] { const refs = Array.from(data) - if (options.sortLists) { refs.sort(Models.ExternalReferenceRepository.compareItems) } + if (options.sortLists) { + refs.sort(Models.ExternalReferenceRepository.compareItems) + } return refs.map(r => this.normalize(r, options)) .filter(r => undefined !== r) as Types.ExternalReference[] } } -class AttachmentNormalizer extends Base { +export class AttachmentNormalizer extends Base { normalize (data: Models.Attachment, options: Options): Types.Attachment { return { content: data.content, @@ -363,4 +349,51 @@ class AttachmentNormalizer extends Base { } } +export class DependencyGraphNormalizer extends Base { + normalize (data: Models.Bom, options: Options): Types.Depndency[] | undefined { + if (!data.metadata.component) { + // the graph is missing the entry point -> omit the graph + return undefined + } + + const allDeps = new Map() + data.components.forEach(c => allDeps.set(c.bomRef, new Models.BomRefRepository(c.dependencies))) + allDeps.set(data.metadata.component.bomRef, data.metadata.component.dependencies) + + const normalized: Types.Depndency[] = [] + allDeps.forEach((deps, ref) => { + const dep = this.normalizeDependency(ref, deps, allDeps) + if (dep) { normalized.push(dep) } + }) + + if (options.sortLists) { + normalized.sort((a, b) => a.ref.localeCompare(b.ref)) + normalized.forEach(d => d.dependsOn?.sort((a, b) => a.localeCompare(b))) + } + + return normalized + } + + private normalizeDependency ( + ref: Models.BomRef, + deps: Models.BomRefRepository, + allDeps: Map + ): Types.Depndency | undefined { + if (!ref.value) { + // no value -> cannot render + return undefined + } + + const dependsOn = Array.from(deps).filter(d => allDeps.has(d)) + .map(d => d.value).filter(v => !!v) as string[] + + return { + ref: ref.value, + dependsOn: dependsOn.length > 0 + ? dependsOn + : undefined + } + } +} + /* eslint-enable @typescript-eslint/prefer-nullish-coalescing, @typescript-eslint/strict-boolean-expressions */ From facfd2014fd10d6cdb53d4654b356e965b420e82 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sun, 8 May 2022 15:00:54 +0200 Subject: [PATCH 106/233] wip Signed-off-by: Jan Kowalleck --- src/serialize/JSON.normalize.ts | 6 +++--- src/serialize/JSON.types.ts | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/serialize/JSON.normalize.ts b/src/serialize/JSON.normalize.ts index 45d9671e2..daf043605 100644 --- a/src/serialize/JSON.normalize.ts +++ b/src/serialize/JSON.normalize.ts @@ -350,7 +350,7 @@ export class AttachmentNormalizer extends Base { } export class DependencyGraphNormalizer extends Base { - normalize (data: Models.Bom, options: Options): Types.Depndency[] | undefined { + normalize (data: Models.Bom, options: Options): Types.Dependency[] | undefined { if (!data.metadata.component) { // the graph is missing the entry point -> omit the graph return undefined @@ -360,7 +360,7 @@ export class DependencyGraphNormalizer extends Base { data.components.forEach(c => allDeps.set(c.bomRef, new Models.BomRefRepository(c.dependencies))) allDeps.set(data.metadata.component.bomRef, data.metadata.component.dependencies) - const normalized: Types.Depndency[] = [] + const normalized: Types.Dependency[] = [] allDeps.forEach((deps, ref) => { const dep = this.normalizeDependency(ref, deps, allDeps) if (dep) { normalized.push(dep) } @@ -378,7 +378,7 @@ export class DependencyGraphNormalizer extends Base { ref: Models.BomRef, deps: Models.BomRefRepository, allDeps: Map - ): Types.Depndency | undefined { + ): Types.Dependency | undefined { if (!ref.value) { // no value -> cannot render return undefined diff --git a/src/serialize/JSON.types.ts b/src/serialize/JSON.types.ts index d5a1b9a92..bc485b091 100644 --- a/src/serialize/JSON.types.ts +++ b/src/serialize/JSON.types.ts @@ -18,7 +18,7 @@ export interface Bom { metadata?: Metadata components?: Component[] externalReferences?: ExternalReference[] - dependencies?: Depndency[] + dependencies?: Dependency[] } export interface Metadata { @@ -123,7 +123,7 @@ export interface Attachment { encoding?: Enums.AttachmentEncoding } -export interface Depndency { +export interface Dependency { ref: RefType dependsOn?: RefType[] } From a288ea707942ef3a6923d7b2803356686166bc13 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sun, 8 May 2022 15:39:30 +0200 Subject: [PATCH 107/233] wip Signed-off-by: Jan Kowalleck --- src/factories/licenseFactory.ts | 10 ++--- src/models/bomRef.ts | 3 -- src/serialize/JSON.normalize.ts | 72 ++++++++++++++++----------------- src/serialize/JSON.ts | 2 +- tsconfig.json | 2 +- 5 files changed, 41 insertions(+), 48 deletions(-) diff --git a/src/factories/licenseFactory.ts b/src/factories/licenseFactory.ts index 2a431082b..445d1abf9 100644 --- a/src/factories/licenseFactory.ts +++ b/src/factories/licenseFactory.ts @@ -2,7 +2,7 @@ import { DisjunctiveLicense, License, LicenseExpression, NamedLicense, SpdxLicen import { fixupSpdxId } from '../SPDX' export class LicenseFactory { - public makeFromString (value: string): License { + makeFromString (value: string): License { try { return this.makeExpression(value) } catch (Error) { @@ -13,11 +13,11 @@ export class LicenseFactory { /** * @throws {RangeError} if expression is not eligible */ - public makeExpression (value: string | any): LicenseExpression { + makeExpression (value: string | any): LicenseExpression { return new LicenseExpression(String(value)) } - public makeDisjunctive (value: string): DisjunctiveLicense { + makeDisjunctive (value: string): DisjunctiveLicense { try { return this.makeDisjunctiveWithId(value) } catch (Error) { @@ -28,7 +28,7 @@ export class LicenseFactory { /** * @throws {RangeError} if value is not supported SPDX id */ - public makeDisjunctiveWithId (value: string | any): SpdxLicense { + makeDisjunctiveWithId (value: string | any): SpdxLicense { const spdxId = fixupSpdxId(String(value)) if (undefined === spdxId) { throw new RangeError('Unknown SPDX id') @@ -37,7 +37,7 @@ export class LicenseFactory { return new SpdxLicense(spdxId) } - public makeDisjunctiveWithName (value: string | any): NamedLicense { + makeDisjunctiveWithName (value: string | any): NamedLicense { return new NamedLicense(String(value)) } } diff --git a/src/models/bomRef.ts b/src/models/bomRef.ts index 317ffaae9..23b369661 100644 --- a/src/models/bomRef.ts +++ b/src/models/bomRef.ts @@ -11,7 +11,4 @@ export class BomRef { } export class BomRefRepository extends Set { - static compareItems (a: BomRef, b: BomRef): number { - return a.compare(b) - } } diff --git a/src/serialize/JSON.normalize.ts b/src/serialize/JSON.normalize.ts index daf043605..e754b804e 100644 --- a/src/serialize/JSON.normalize.ts +++ b/src/serialize/JSON.normalize.ts @@ -62,18 +62,14 @@ export interface Options { sortLists?: boolean } -export interface Protocol { - normalize: (data: any, options: Options) => object | undefined -} - -abstract class Base implements Protocol { - protected factory: Factory +abstract class Base { + protected readonly _factory: Factory constructor (factory: Factory) { - this.factory = factory + this._factory = factory } - abstract normalize (data: any, options: Options): object | undefined + abstract normalize (data: object, options: Options): object | undefined } /* eslint-disable @typescript-eslint/prefer-nullish-coalescing, @typescript-eslint/strict-boolean-expressions -- @@ -84,16 +80,16 @@ export class BomNormalizer extends Base { normalize (data: Models.Bom, options: Options): Types.Bom { return { bomFormat: 'CycloneDX', - specVersion: this.factory.spec.version, + specVersion: this._factory.spec.version, version: data.version, serialNumber: data.serialNumber ?? undefined, - metadata: this.factory.makeForMetadata().normalize(data.metadata, options), + metadata: this._factory.makeForMetadata().normalize(data.metadata, options), components: data.components.size > 0 - ? this.factory.makeForComponent().normalizeIter(data.components, options) + ? this._factory.makeForComponent().normalizeIter(data.components, options) // spec < 1.4 requires `component` to be array : [], - dependencies: this.factory.spec.supportsDependencyGraph - ? this.factory.makeForDependencyGraph().normalize(data, options) + dependencies: this._factory.spec.supportsDependencyGraph + ? this._factory.makeForDependencyGraph().normalize(data, options) : undefined } } @@ -101,18 +97,18 @@ export class BomNormalizer extends Base { export class MetadataNormalizer extends Base { normalize (data: Models.Metadata, options: Options): Types.Metadata { - const orgEntityNormalizer = this.factory.makeForOrganizationalEntity() + const orgEntityNormalizer = this._factory.makeForOrganizationalEntity() return { timestamp: data.timestamp?.toISOString(), tools: data.tools.size > 0 - ? this.factory.makeForTool().normalizeIter(data.tools, options) + ? this._factory.makeForTool().normalizeIter(data.tools, options) : undefined, authors: data.authors.size > 0 - ? this.factory.makeForOrganizationalContact().normalizeIter(data.authors, options) + ? this._factory.makeForOrganizationalContact().normalizeIter(data.authors, options) : undefined, component: data.component === null ? undefined - : this.factory.makeForComponent().normalize(data.component, options), + : this._factory.makeForComponent().normalize(data.component, options), manufacture: data.manufacture === null ? undefined : orgEntityNormalizer.normalize(data.manufacture, options), @@ -130,7 +126,7 @@ export class ToolNormalizer extends Base { name: data.name || undefined, version: data.version || undefined, hashes: data.hashes.size > 0 - ? this.factory.makeForHash().normalizeIter(data.hashes, options) + ? this._factory.makeForHash().normalizeIter(data.hashes, options) : undefined } } @@ -146,7 +142,7 @@ export class ToolNormalizer extends Base { export class HashNormalizer extends Base { normalize ([algorithm, content]: Models.Hash, options: Options): Types.Hash | undefined { - const spec = this.factory.spec + const spec = this._factory.spec return spec.supportsHashAlgorithm(algorithm) && spec.supportsHashValue(content) ? { alg: algorithm, @@ -193,7 +189,7 @@ export class OrganizationalEntityNormalizer extends Base { ? Array.from(data.url, u => u.toString()) : undefined, contact: data.contact.size > 0 - ? this.factory.makeForOrganizationalContact().normalizeIter(data.contact, options) + ? this._factory.makeForOrganizationalContact().normalizeIter(data.contact, options) : undefined } if (options.sortLists && r.url) { @@ -205,7 +201,7 @@ export class OrganizationalEntityNormalizer extends Base { export class ComponentNormalizer extends Base { normalize (data: Models.Component, options: Options): Types.Component | undefined { - return this.factory.spec.supportsComponentType(data.type) + return this._factory.spec.supportsComponentType(data.type) ? { type: data.type, name: data.name, @@ -215,25 +211,25 @@ export class ComponentNormalizer extends Base { 'bom-ref': data.bomRef.value || undefined, supplier: data.supplier === null ? undefined - : this.factory.makeForOrganizationalEntity().normalize(data.supplier, options), + : this._factory.makeForOrganizationalEntity().normalize(data.supplier, options), author: data.author || undefined, publisher: data.publisher || undefined, description: data.description || undefined, scope: data.scope ?? undefined, hashes: data.hashes.size > 0 - ? this.factory.makeForHash().normalizeIter(data.hashes, options) + ? this._factory.makeForHash().normalizeIter(data.hashes, options) : undefined, licenses: data.licenses.size > 0 - ? this.factory.makeForLicense().normalizeIter(data.licenses, options) + ? this._factory.makeForLicense().normalizeIter(data.licenses, options) : undefined, copyright: data.copyright || undefined, cpe: data.cpe || undefined, purl: data.purl?.toString(), swid: data.swid === null ? undefined - : this.factory.makeForSWID().normalize(data.swid, options), + : this._factory.makeForSWID().normalize(data.swid, options), externalReferences: data.externalReferences.size > 0 - ? this.factory.makeForExternalReference().normalizeIter(data.externalReferences, options) + ? this._factory.makeForExternalReference().normalizeIter(data.externalReferences, options) : undefined } : undefined @@ -253,41 +249,41 @@ export class LicenseNormalizer extends Base { normalize (data: Models.License, options: Options): Types.License { switch (true) { case data instanceof Models.NamedLicense: - return this.normalizeNamedLicense(data as Models.NamedLicense, options) + return this.#normalizeNamedLicense(data as Models.NamedLicense, options) case data instanceof Models.SpdxLicense: - return this.normalizeSpdxLicense(data as Models.SpdxLicense, options) + return this.#normalizeSpdxLicense(data as Models.SpdxLicense, options) case data instanceof Models.LicenseExpression: - return this.normalizeLicenseExpression(data as Models.LicenseExpression) + return this.#normalizeLicenseExpression(data as Models.LicenseExpression) default: throw new RangeError('Unexpected LicenseChoice') } } - private normalizeNamedLicense (data: Models.NamedLicense, options: Options): Types.NamedLicense { + #normalizeNamedLicense (data: Models.NamedLicense, options: Options): Types.NamedLicense { return { license: { name: data.name, text: data.text === null ? undefined - : this.factory.makeForAttachment().normalize(data.text, options), + : this._factory.makeForAttachment().normalize(data.text, options), url: data.url?.toString() } } } - private normalizeSpdxLicense (data: Models.SpdxLicense, options: Options): Types.SpdxLicense { + #normalizeSpdxLicense (data: Models.SpdxLicense, options: Options): Types.SpdxLicense { return { license: { id: data.id, text: data.text === null ? undefined - : this.factory.makeForAttachment().normalize(data.text, options), + : this._factory.makeForAttachment().normalize(data.text, options), url: data.url?.toString() } } } - private normalizeLicenseExpression (data: Models.LicenseExpression): Types.LicenseExpression { + #normalizeLicenseExpression (data: Models.LicenseExpression): Types.LicenseExpression { return { expression: data.expression } @@ -312,7 +308,7 @@ export class SWIDNormalizer extends Base { patch: data.patch ?? undefined, text: data.text === null ? undefined - : this.factory.makeForAttachment().normalize(data.text, options), + : this._factory.makeForAttachment().normalize(data.text, options), url: data.url?.toString() } } @@ -320,7 +316,7 @@ export class SWIDNormalizer extends Base { export class ExternalReferenceNormalizer extends Base { normalize (data: Models.ExternalReference, options: Options): Types.ExternalReference | undefined { - return this.factory.spec.supportsExternalReferenceType(data.type) + return this._factory.spec.supportsExternalReferenceType(data.type) ? { url: data.url.toString(), type: data.type, @@ -362,7 +358,7 @@ export class DependencyGraphNormalizer extends Base { const normalized: Types.Dependency[] = [] allDeps.forEach((deps, ref) => { - const dep = this.normalizeDependency(ref, deps, allDeps) + const dep = this.#normalizeDependency(ref, deps, allDeps) if (dep) { normalized.push(dep) } }) @@ -374,7 +370,7 @@ export class DependencyGraphNormalizer extends Base { return normalized } - private normalizeDependency ( + #normalizeDependency ( ref: Models.BomRef, deps: Models.BomRefRepository, allDeps: Map diff --git a/src/serialize/JSON.ts b/src/serialize/JSON.ts index d15d66c74..a601e9370 100644 --- a/src/serialize/JSON.ts +++ b/src/serialize/JSON.ts @@ -14,7 +14,7 @@ const JsonSchemaUrl: ReadonlyMap = new Map([ ]) export class Serializer implements SerializerProtocol { - #normalizerFactory: NormalizerFactory + readonly #normalizerFactory: NormalizerFactory /** * @throws {UnsupportedFormatError} if spec does not support JSON format. diff --git a/tsconfig.json b/tsconfig.json index 80991f627..4fe7314f0 100644 --- a/tsconfig.json +++ b/tsconfig.json @@ -92,7 +92,7 @@ // "noImplicitReturns": true, /* Enable error reporting for codepaths that do not explicitly return in a function. */ // "noFallthroughCasesInSwitch": true, /* Enable error reporting for fallthrough cases in switch statements. */ // "noUncheckedIndexedAccess": true, /* Include 'undefined' in index signature results */ - // "noImplicitOverride": true, /* Ensure overriding members in derived classes are marked with an override modifier. */ + "noImplicitOverride": true, /* Ensure overriding members in derived classes are marked with an override modifier. */ // "noPropertyAccessFromIndexSignature": true, /* Enforces using indexed accessors for keys declared using an indexed type */ // "allowUnusedLabels": true, /* Disable error reporting for unused labels. */ "allowUnreachableCode": false, /* Disable error reporting for unreachable code. */ From 920bf0d9cdce7b4bec3d3e64ba247c67ab73f213 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sun, 8 May 2022 23:14:42 +0200 Subject: [PATCH 108/233] wip Signed-off-by: Jan Kowalleck --- src/serialize/JSON.normalize.ts | 1 + src/serialize/JSON.types.ts | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/src/serialize/JSON.normalize.ts b/src/serialize/JSON.normalize.ts index e754b804e..1dabe736a 100644 --- a/src/serialize/JSON.normalize.ts +++ b/src/serialize/JSON.normalize.ts @@ -79,6 +79,7 @@ abstract class Base { export class BomNormalizer extends Base { normalize (data: Models.Bom, options: Options): Types.Bom { return { + // Do not set $schema here. it is part of the final serializer, not the normalizer bomFormat: 'CycloneDX', specVersion: this._factory.spec.version, version: data.version, diff --git a/src/serialize/JSON.types.ts b/src/serialize/JSON.types.ts index bc485b091..9eca9038c 100644 --- a/src/serialize/JSON.types.ts +++ b/src/serialize/JSON.types.ts @@ -10,7 +10,7 @@ type DateTime = string type RefType = string export interface Bom { - '$schema'?: string + $schema?: string bomFormat: 'CycloneDX' specVersion: string version: PositiveInteger From 32abf5c7790a0bad12f158f37c43bbf1775a192d Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Mon, 9 May 2022 08:48:41 +0200 Subject: [PATCH 109/233] wip Signed-off-by: Jan Kowalleck --- src/serialize/JSON.normalize.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/serialize/JSON.normalize.ts b/src/serialize/JSON.normalize.ts index 1dabe736a..4a6d03191 100644 --- a/src/serialize/JSON.normalize.ts +++ b/src/serialize/JSON.normalize.ts @@ -348,7 +348,7 @@ export class AttachmentNormalizer extends Base { export class DependencyGraphNormalizer extends Base { normalize (data: Models.Bom, options: Options): Types.Dependency[] | undefined { - if (!data.metadata.component) { + if (!data.metadata.component?.bomRef.value) { // the graph is missing the entry point -> omit the graph return undefined } From 9472db46ee2faf6c8ccd29f3aab67da47f8b98a9 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Mon, 9 May 2022 08:55:24 +0200 Subject: [PATCH 110/233] wip Signed-off-by: Jan Kowalleck --- src/serialize/JSON.normalize.ts | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/serialize/JSON.normalize.ts b/src/serialize/JSON.normalize.ts index 4a6d03191..64617110a 100644 --- a/src/serialize/JSON.normalize.ts +++ b/src/serialize/JSON.normalize.ts @@ -360,7 +360,9 @@ export class DependencyGraphNormalizer extends Base { const normalized: Types.Dependency[] = [] allDeps.forEach((deps, ref) => { const dep = this.#normalizeDependency(ref, deps, allDeps) - if (dep) { normalized.push(dep) } + if (dep) { + normalized.push(dep) + } }) if (options.sortLists) { From ca08c35395960e79e21d72436b31057735f36761 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Mon, 9 May 2022 09:41:20 +0200 Subject: [PATCH 111/233] wip Signed-off-by: Jan Kowalleck --- src/SPDX.ts | 2 +- src/models/attachment.ts | 6 ------ src/models/component.ts | 2 +- src/serialize/JSON.normalize.ts | 14 +++++++++----- src/serialize/JSON.types.ts | 3 ++- src/types/CPE.ts | 2 +- src/types/UrnUuid.ts | 2 +- 7 files changed, 15 insertions(+), 16 deletions(-) diff --git a/src/SPDX.ts b/src/SPDX.ts index 924608518..1e6709dea 100644 --- a/src/SPDX.ts +++ b/src/SPDX.ts @@ -5,7 +5,7 @@ import { enum as _spdxSpecEnum } from '../res/spdx.SNAPSHOT.schema.json' /** * One of the known SPDX licence identifiers. - * See http://cyclonedx.org/schema/spdx + * @see {@link http://cyclonedx.org/schema/spdx} * @see isSupportedSpdxId * @see fixupSpdxId */ diff --git a/src/models/attachment.ts b/src/models/attachment.ts index c1c8a887c..de93e1882 100644 --- a/src/models/attachment.ts +++ b/src/models/attachment.ts @@ -8,10 +8,4 @@ export class Attachment { constructor (content: string) { this.content = content } - - compare (other: Attachment): number { - /* eslint-disable-next-line @typescript-eslint/strict-boolean-expressions -- run compares in weighted order */ - return (this.contentType ?? '').localeCompare(other.contentType ?? '') || - this.content.localeCompare(other.content) // do not care for encoding, as long as a deterministic order is made - } } diff --git a/src/models/component.ts b/src/models/component.ts index 41ab1c014..bab00637e 100644 --- a/src/models/component.ts +++ b/src/models/component.ts @@ -32,7 +32,7 @@ export class Component { this.name = name } - // see https://nvd.nist.gov/products/cpe + /** @see {@link https://nvd.nist.gov/products/cpe} */ #cpe: CPE | null = null get cpe (): CPE | null { return this.#cpe diff --git a/src/serialize/JSON.normalize.ts b/src/serialize/JSON.normalize.ts index 64617110a..34ec7c335 100644 --- a/src/serialize/JSON.normalize.ts +++ b/src/serialize/JSON.normalize.ts @@ -166,7 +166,7 @@ export class OrganizationalContactNormalizer extends Base { normalize (data: Models.OrganizationalContact, options: Options): Types.OrganizationalContact { return { name: data.name || undefined, - // email must conform to https://datatracker.ietf.org/doc/html/rfc6531 + /** email must conform to {@link https://datatracker.ietf.org/doc/html/rfc6531} */ email: data.email || undefined, phone: data.phone || undefined } @@ -185,8 +185,8 @@ export class OrganizationalEntityNormalizer extends Base { normalize (data: Models.OrganizationalEntity, options: Options): Types.OrganizationalEntity { const r = { name: data.name || undefined, + /** must comply to {@link https://datatracker.ietf.org/doc/html/rfc3987} */ url: data.url.size > 0 - // must comply to https://datatracker.ietf.org/doc/html/rfc3987 ? Array.from(data.url, u => u.toString()) : undefined, contact: data.contact.size > 0 @@ -359,7 +359,7 @@ export class DependencyGraphNormalizer extends Base { const normalized: Types.Dependency[] = [] allDeps.forEach((deps, ref) => { - const dep = this.#normalizeDependency(ref, deps, allDeps) + const dep = this.#normalizeDependency(ref, deps, allDeps, options) if (dep) { normalized.push(dep) } @@ -367,7 +367,6 @@ export class DependencyGraphNormalizer extends Base { if (options.sortLists) { normalized.sort((a, b) => a.ref.localeCompare(b.ref)) - normalized.forEach(d => d.dependsOn?.sort((a, b) => a.localeCompare(b))) } return normalized @@ -376,7 +375,8 @@ export class DependencyGraphNormalizer extends Base { #normalizeDependency ( ref: Models.BomRef, deps: Models.BomRefRepository, - allDeps: Map + allDeps: Map, + options: Options ): Types.Dependency | undefined { if (!ref.value) { // no value -> cannot render @@ -386,6 +386,10 @@ export class DependencyGraphNormalizer extends Base { const dependsOn = Array.from(deps).filter(d => allDeps.has(d)) .map(d => d.value).filter(v => !!v) as string[] + if (options.sortLists) { + dependsOn.sort((a, b) => a.localeCompare(b)) + } + return { ref: ref.value, dependsOn: dependsOn.length > 0 diff --git a/src/serialize/JSON.types.ts b/src/serialize/JSON.types.ts index 9eca9038c..9998419fd 100644 --- a/src/serialize/JSON.types.ts +++ b/src/serialize/JSON.types.ts @@ -89,7 +89,8 @@ export interface NamedLicense { export interface SpdxLicense { license: { - id: SpdxId // See http://cyclonedx.org/schema/spdx + /** @see {@link http://cyclonedx.org/schema/spdx} */ + id: SpdxId text?: Attachment url?: string } diff --git a/src/types/CPE.ts b/src/types/CPE.ts index 83c1ab57b..410c12a3e 100644 --- a/src/types/CPE.ts +++ b/src/types/CPE.ts @@ -1,6 +1,6 @@ /** * Define the format for acceptable CPE URIs. Supports CPE 2.2 and CPE 2.3 formats. - * Refer to https://nvd.nist.gov/products/cpe for official specification. + * Refer to {@link https://nvd.nist.gov/products/cpe} for official specification. */ export declare type CPE = string diff --git a/src/types/UrnUuid.ts b/src/types/UrnUuid.ts index 38c9c4d08..3fcc26556 100644 --- a/src/types/UrnUuid.ts +++ b/src/types/UrnUuid.ts @@ -1,6 +1,6 @@ /** * Defines a string representation of a UUID conforming to RFC 4122. - * @see https://datatracker.ietf.org/doc/html/rfc4122 + * @see {@link https://datatracker.ietf.org/doc/html/rfc4122} */ export declare type UrnUuid = string From f0cbb9db3c93b938d16d7562d401ef9aa680bd8d Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Tue, 10 May 2022 09:39:41 +0200 Subject: [PATCH 112/233] wip Signed-off-by: Jan Kowalleck --- src/models/bom.ts | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/models/bom.ts b/src/models/bom.ts index 692753906..7299b194b 100644 --- a/src/models/bom.ts +++ b/src/models/bom.ts @@ -6,11 +6,11 @@ export class Bom { metadata = new Metadata() components = new ComponentRepository() - // Property `bomFormat` is not part of model, it is a runtime information. - // Property `specVersion` is not part of model, it is a runtime information. + // Property `bomFormat` is not part of model, it is runtime information. + // Property `specVersion` is not part of model, it is runtime information. // Property `dependencies` is not part of this model, but part of `Component` and other models. - // The dependency grapth can be normalized on rendertime, no need to store it in the bom model. + // The dependency graph can be normalized on render-time, no need to store it in the bom model. #version: PositiveInteger = 1 get version (): PositiveInteger { From fcf3d7a578dcf02c27e4417e1725b758b59ca5c1 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Tue, 10 May 2022 09:45:56 +0200 Subject: [PATCH 113/233] wip Signed-off-by: Jan Kowalleck --- src/serialize/JSON.normalize.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/serialize/JSON.normalize.ts b/src/serialize/JSON.normalize.ts index 34ec7c335..9b73cb3b9 100644 --- a/src/serialize/JSON.normalize.ts +++ b/src/serialize/JSON.normalize.ts @@ -256,7 +256,7 @@ export class LicenseNormalizer extends Base { case data instanceof Models.LicenseExpression: return this.#normalizeLicenseExpression(data as Models.LicenseExpression) default: - throw new RangeError('Unexpected LicenseChoice') + throw new TypeError('Unexpected LicenseChoice') } } From dd1d2b3c0dfb9db9605f9e680a6efe054d3c354e Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Thu, 12 May 2022 20:50:36 +0200 Subject: [PATCH 114/233] wip Signed-off-by: Jan Kowalleck --- src/models/license.ts | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/src/models/license.ts b/src/models/license.ts index daac3e6cd..2b7602b91 100644 --- a/src/models/license.ts +++ b/src/models/license.ts @@ -1,15 +1,15 @@ import { isSupportedSpdxId, SpdxId } from '../SPDX' import { Attachment } from './attachment' -export function isEligibleLicenseExpression (expression: string | any): boolean { - // smallest known: (A or B) - return typeof expression === 'string' && - expression.length >= 8 && - expression[0] === '(' && - expression[expression.length - 1] === ')' -} - export class LicenseExpression { + static isEligibleExpression (expression: string | any): boolean { + // smallest known: (A or B) + return typeof expression === 'string' && + expression.length >= 8 && + expression[0] === '(' && + expression[expression.length - 1] === ')' + } + /** * @throws {RangeError} if expression is not eligible */ @@ -26,7 +26,7 @@ export class LicenseExpression { * @throws {RangeError} if expression is not eligible */ set expression (value: string) { - if (!isEligibleLicenseExpression(value)) { + if (!LicenseExpression.isEligibleExpression(value)) { throw new RangeError('Not eligible license expression') } this.#expression = value From 1499ed4d5ef6f4dad53c20f404ec7b743ee49a8b Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Thu, 12 May 2022 20:54:40 +0200 Subject: [PATCH 115/233] wip Signed-off-by: Jan Kowalleck --- src/models/license.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/models/license.ts b/src/models/license.ts index 2b7602b91..0d350919d 100644 --- a/src/models/license.ts +++ b/src/models/license.ts @@ -27,7 +27,7 @@ export class LicenseExpression { */ set expression (value: string) { if (!LicenseExpression.isEligibleExpression(value)) { - throw new RangeError('Not eligible license expression') + throw new RangeError('Not eligible expression') } this.#expression = value } From 0a5903d000612be2f3491f1a9ce97716b79445fe Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Thu, 12 May 2022 21:23:48 +0200 Subject: [PATCH 116/233] wip Signed-off-by: Jan Kowalleck --- src/factories/licenseFactory.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/factories/licenseFactory.ts b/src/factories/licenseFactory.ts index 445d1abf9..4cf8d3566 100644 --- a/src/factories/licenseFactory.ts +++ b/src/factories/licenseFactory.ts @@ -20,7 +20,7 @@ export class LicenseFactory { makeDisjunctive (value: string): DisjunctiveLicense { try { return this.makeDisjunctiveWithId(value) - } catch (Error) { + } catch (error) { return this.makeDisjunctiveWithName(value) } } From cd648360d75e5a00df190f406d3ce0f5b351ef9f Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Thu, 12 May 2022 21:27:30 +0200 Subject: [PATCH 117/233] wip Signed-off-by: Jan Kowalleck --- src/factories/licenseFactory.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/factories/licenseFactory.ts b/src/factories/licenseFactory.ts index 4cf8d3566..1125ba28d 100644 --- a/src/factories/licenseFactory.ts +++ b/src/factories/licenseFactory.ts @@ -13,8 +13,8 @@ export class LicenseFactory { /** * @throws {RangeError} if expression is not eligible */ - makeExpression (value: string | any): LicenseExpression { - return new LicenseExpression(String(value)) + makeExpression (value: string): LicenseExpression { + return new LicenseExpression(value) } makeDisjunctive (value: string): DisjunctiveLicense { From e079d5ab1902175b2336b6d015b527e72e499cd7 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sat, 14 May 2022 16:19:48 +0200 Subject: [PATCH 118/233] wip Signed-off-by: Jan Kowalleck --- src/spec.ts | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/spec.ts b/src/spec.ts index 66ae72a3d..f01a647e9 100644 --- a/src/spec.ts +++ b/src/spec.ts @@ -247,7 +247,9 @@ export const Spec1dot4: Protocol = Object.freeze(new Spec( true )) -export const SpecVersionDict: { readonly [key in Version]?: Protocol } = Object.freeze(Object.fromEntries([ +export const SpecVersionDict: { + readonly [key in Version]?: Protocol +} = Object.freeze(Object.fromEntries([ [Version.v1dot2, Spec1dot2], [Version.v1dot3, Spec1dot3], [Version.v1dot4, Spec1dot4] From 705132eeee31fc606eda6d4bbfbdb5491ca1e17c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 14 May 2022 16:26:40 +0200 Subject: [PATCH 119/233] Bump @types/node from 17.0.31 to 17.0.33 (#34) Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 17.0.31 to 17.0.33. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) --- updated-dependencies: - dependency-name: "@types/node" dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Jan Kowalleck --- package-lock.json | 14 +++++++------- package.json | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/package-lock.json b/package-lock.json index ba234f375..1a19195ad 100644 --- a/package-lock.json +++ b/package-lock.json @@ -12,7 +12,7 @@ "packageurl-js": "^0.0.6" }, "devDependencies": { - "@types/node": "^17.0.31", + "@types/node": "^17.0.33", "deepmerge": "4.2.2", "mocha": "10.0.0", "ts-loader": "9.3.0", @@ -306,9 +306,9 @@ "dev": true }, "node_modules/@types/node": { - "version": "17.0.31", - "resolved": "https://registry.npmjs.org/@types/node/-/node-17.0.31.tgz", - "integrity": "sha512-AR0x5HbXGqkEx9CadRH3EBYx/VkiUgZIhP4wvPn/+5KIsgpNoyFaRlVe0Zlx9gRtg8fA06a9tskE2MSN7TcG4Q==", + "version": "17.0.33", + "resolved": "https://registry.npmjs.org/@types/node/-/node-17.0.33.tgz", + "integrity": "sha512-miWq2m2FiQZmaHfdZNcbpp9PuXg34W5JZ5CrJ/BaS70VuhoJENBEQybeiYSaPBRNq6KQGnjfEnc/F3PN++D+XQ==", "dev": true }, "node_modules/@typescript-eslint/eslint-plugin": { @@ -5049,9 +5049,9 @@ "dev": true }, "@types/node": { - "version": "17.0.31", - "resolved": "https://registry.npmjs.org/@types/node/-/node-17.0.31.tgz", - "integrity": "sha512-AR0x5HbXGqkEx9CadRH3EBYx/VkiUgZIhP4wvPn/+5KIsgpNoyFaRlVe0Zlx9gRtg8fA06a9tskE2MSN7TcG4Q==", + "version": "17.0.33", + "resolved": "https://registry.npmjs.org/@types/node/-/node-17.0.33.tgz", + "integrity": "sha512-miWq2m2FiQZmaHfdZNcbpp9PuXg34W5JZ5CrJ/BaS70VuhoJENBEQybeiYSaPBRNq6KQGnjfEnc/F3PN++D+XQ==", "dev": true }, "@typescript-eslint/eslint-plugin": { diff --git a/package.json b/package.json index d1111b393..67e407499 100644 --- a/package.json +++ b/package.json @@ -24,7 +24,7 @@ "packageurl-js": "^0.0.6" }, "devDependencies": { - "@types/node": "^17.0.31", + "@types/node": "^17.0.33", "deepmerge": "4.2.2", "mocha": "10.0.0", "ts-loader": "9.3.0", From afcb7363ba3aa13008aa76fa882ef32d616df28a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 14 May 2022 16:28:31 +0200 Subject: [PATCH 120/233] Bump webpack from 5.72.0 to 5.72.1 (#33) Bumps [webpack](https://github.com/webpack/webpack) from 5.72.0 to 5.72.1. - [Release notes](https://github.com/webpack/webpack/releases) - [Commits](https://github.com/webpack/webpack/compare/v5.72.0...v5.72.1) --- updated-dependencies: - dependency-name: webpack dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Jan Kowalleck --- package-lock.json | 34 +++++++++++++++++++++++----------- package.json | 2 +- 2 files changed, 24 insertions(+), 12 deletions(-) diff --git a/package-lock.json b/package-lock.json index 1a19195ad..56caca117 100644 --- a/package-lock.json +++ b/package-lock.json @@ -18,7 +18,7 @@ "ts-loader": "9.3.0", "ts-standard": "^11.0.0", "typescript": "4.6.4", - "webpack": "5.72.0", + "webpack": "5.72.1", "webpack-cli": "4.9.2" }, "engines": { @@ -2870,6 +2870,12 @@ "integrity": "sha512-mrqyZKfX5EhL7hvqcV6WG1yYjnjeuYDzDhhcAAUrq8Po85NBQBJP+ZDUT75qZQ98IkUoBqdkExkukOU7Ts2wrw==", "dev": true }, + "node_modules/json-parse-even-better-errors": { + "version": "2.3.1", + "resolved": "https://registry.npmjs.org/json-parse-even-better-errors/-/json-parse-even-better-errors-2.3.1.tgz", + "integrity": "sha512-xyFwyhro/JEof6Ghe2iz2NcXoj2sloNsWr/XsERDK/oiPCfaNhl5ONfp+jQdAZRQQ0IJWNzH9zIZF7li91kh2w==", + "dev": true + }, "node_modules/json-schema-traverse": { "version": "0.4.1", "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz", @@ -4517,9 +4523,9 @@ } }, "node_modules/webpack": { - "version": "5.72.0", - "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.72.0.tgz", - "integrity": "sha512-qmSmbspI0Qo5ld49htys8GY9XhS9CGqFoHTsOVAnjBdg0Zn79y135R+k4IR4rKK6+eKaabMhJwiVB7xw0SJu5w==", + "version": "5.72.1", + "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.72.1.tgz", + "integrity": "sha512-dXG5zXCLspQR4krZVR6QgajnZOjW2K/djHvdcRaDQvsjV9z9vaW6+ja5dZOYbqBBjF6kGXka/2ZyxNdc+8Jung==", "dev": true, "dependencies": { "@types/eslint-scope": "^3.7.3", @@ -4531,13 +4537,13 @@ "acorn-import-assertions": "^1.7.6", "browserslist": "^4.14.5", "chrome-trace-event": "^1.0.2", - "enhanced-resolve": "^5.9.2", + "enhanced-resolve": "^5.9.3", "es-module-lexer": "^0.9.0", "eslint-scope": "5.1.1", "events": "^3.2.0", "glob-to-regexp": "^0.4.1", "graceful-fs": "^4.2.9", - "json-parse-better-errors": "^1.0.2", + "json-parse-even-better-errors": "^2.3.1", "loader-runner": "^4.2.0", "mime-types": "^2.1.27", "neo-async": "^2.6.2", @@ -6905,6 +6911,12 @@ "integrity": "sha512-mrqyZKfX5EhL7hvqcV6WG1yYjnjeuYDzDhhcAAUrq8Po85NBQBJP+ZDUT75qZQ98IkUoBqdkExkukOU7Ts2wrw==", "dev": true }, + "json-parse-even-better-errors": { + "version": "2.3.1", + "resolved": "https://registry.npmjs.org/json-parse-even-better-errors/-/json-parse-even-better-errors-2.3.1.tgz", + "integrity": "sha512-xyFwyhro/JEof6Ghe2iz2NcXoj2sloNsWr/XsERDK/oiPCfaNhl5ONfp+jQdAZRQQ0IJWNzH9zIZF7li91kh2w==", + "dev": true + }, "json-schema-traverse": { "version": "0.4.1", "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz", @@ -8071,9 +8083,9 @@ } }, "webpack": { - "version": "5.72.0", - "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.72.0.tgz", - "integrity": "sha512-qmSmbspI0Qo5ld49htys8GY9XhS9CGqFoHTsOVAnjBdg0Zn79y135R+k4IR4rKK6+eKaabMhJwiVB7xw0SJu5w==", + "version": "5.72.1", + "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.72.1.tgz", + "integrity": "sha512-dXG5zXCLspQR4krZVR6QgajnZOjW2K/djHvdcRaDQvsjV9z9vaW6+ja5dZOYbqBBjF6kGXka/2ZyxNdc+8Jung==", "dev": true, "requires": { "@types/eslint-scope": "^3.7.3", @@ -8085,13 +8097,13 @@ "acorn-import-assertions": "^1.7.6", "browserslist": "^4.14.5", "chrome-trace-event": "^1.0.2", - "enhanced-resolve": "^5.9.2", + "enhanced-resolve": "^5.9.3", "es-module-lexer": "^0.9.0", "eslint-scope": "5.1.1", "events": "^3.2.0", "glob-to-regexp": "^0.4.1", "graceful-fs": "^4.2.9", - "json-parse-better-errors": "^1.0.2", + "json-parse-even-better-errors": "^2.3.1", "loader-runner": "^4.2.0", "mime-types": "^2.1.27", "neo-async": "^2.6.2", diff --git a/package.json b/package.json index 67e407499..30d919672 100644 --- a/package.json +++ b/package.json @@ -30,7 +30,7 @@ "ts-loader": "9.3.0", "ts-standard": "^11.0.0", "typescript": "4.6.4", - "webpack": "5.72.0", + "webpack": "5.72.1", "webpack-cli": "4.9.2" }, "browser": "dist.web/lib.js", From 4d88ee5dda48e597ce5a17afc4c09e9634e9596f Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sat, 14 May 2022 16:57:45 +0200 Subject: [PATCH 121/233] wip Signed-off-by: Jan Kowalleck --- src/serialize/JSON.ts | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/serialize/JSON.ts b/src/serialize/JSON.ts index a601e9370..6293b442a 100644 --- a/src/serialize/JSON.ts +++ b/src/serialize/JSON.ts @@ -27,7 +27,9 @@ export class Serializer implements SerializerProtocol { } serialize (bom: Bom, options: NormalizerOptions = {}): string { - // @TODO bom-refs values make unique ... - and find a way to create consistent hash values or something. for reproducibility.... ? + // @TODO bom-refs values make unique ... + // and find a way to create consistent hash values or something. for reproducibility.... ? + // see https://github.com/CycloneDX/cyclonedx-javascript-library/issues/32 try { const _bom: JsonBom = { $schema: JsonSchemaUrl.get(this.#normalizerFactory.spec.version), @@ -36,6 +38,7 @@ export class Serializer implements SerializerProtocol { return JSON.stringify(_bom, null, 2) } finally { // @TODO revert modified bomRefs + // see https://github.com/CycloneDX/cyclonedx-javascript-library/issues/32 } } } From 03916b6dcf9bf325ab0ac6bb5d4a59a03cc7e873 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sat, 14 May 2022 18:03:45 +0200 Subject: [PATCH 122/233] wip Signed-off-by: Jan Kowalleck --- src/serialize/JSON.normalize.ts | 3 +++ src/serialize/JSON.ts | 19 ++++++++++++++++--- 2 files changed, 19 insertions(+), 3 deletions(-) diff --git a/src/serialize/JSON.normalize.ts b/src/serialize/JSON.normalize.ts index 9b73cb3b9..baa19722b 100644 --- a/src/serialize/JSON.normalize.ts +++ b/src/serialize/JSON.normalize.ts @@ -59,6 +59,9 @@ export class Factory { } export interface Options { + /** + * Whether to sort lists in normalization results. Sorted lists make the output reproducible. + */ sortLists?: boolean } diff --git a/src/serialize/JSON.ts b/src/serialize/JSON.ts index 6293b442a..4f4d98785 100644 --- a/src/serialize/JSON.ts +++ b/src/serialize/JSON.ts @@ -13,6 +13,13 @@ const JsonSchemaUrl: ReadonlyMap = new Map([ [SpecVersion.v1dot4, 'http://cyclonedx.org/schema/bom-1.4.schema.json'] ]) +export interface SerializerOptions { + /** + * Add indention in serialization result. Indention increase readability for humans. + */ + space?: string | number +} + export class Serializer implements SerializerProtocol { readonly #normalizerFactory: NormalizerFactory @@ -26,16 +33,22 @@ export class Serializer implements SerializerProtocol { this.#normalizerFactory = normalizerFactory } - serialize (bom: Bom, options: NormalizerOptions = {}): string { + serialize ( + bom: Bom, + { + sortLists = false, + space = 2 + }: NormalizerOptions & SerializerOptions = {} + ): string { // @TODO bom-refs values make unique ... // and find a way to create consistent hash values or something. for reproducibility.... ? // see https://github.com/CycloneDX/cyclonedx-javascript-library/issues/32 try { const _bom: JsonBom = { $schema: JsonSchemaUrl.get(this.#normalizerFactory.spec.version), - ...this.#normalizerFactory.makeForBom().normalize(bom, options) + ...this.#normalizerFactory.makeForBom().normalize(bom, { sortLists }) } - return JSON.stringify(_bom, null, 2) + return JSON.stringify(_bom, null, space) } finally { // @TODO revert modified bomRefs // see https://github.com/CycloneDX/cyclonedx-javascript-library/issues/32 From 375a86e5c9849de163701888e9fce10e2726e0ee Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sat, 14 May 2022 18:25:36 +0200 Subject: [PATCH 123/233] wip Signed-off-by: Jan Kowalleck --- src/serialize/JSON.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/serialize/JSON.ts b/src/serialize/JSON.ts index 4f4d98785..a0014f09e 100644 --- a/src/serialize/JSON.ts +++ b/src/serialize/JSON.ts @@ -15,7 +15,7 @@ const JsonSchemaUrl: ReadonlyMap = new Map([ export interface SerializerOptions { /** - * Add indention in serialization result. Indention increase readability for humans. + * Add indention in the serialization result. Indention increases readability for humans. */ space?: string | number } From f57d52697df4f636f7cb05fe158f639835878bd7 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sat, 14 May 2022 18:54:16 +0200 Subject: [PATCH 124/233] wip Signed-off-by: Jan Kowalleck --- src/serialize/JSON/denormalize.ts | 2 ++ src/serialize/JSON/deserializer.ts | 2 ++ src/serialize/JSON/index.ts | 5 +++++ .../{JSON.normalize.ts => JSON/normalize.ts} | 6 +++--- src/serialize/{JSON.ts => JSON/serializer.ts} | 17 +++++++---------- src/serialize/{JSON.types.ts => JSON/types.ts} | 8 ++++---- src/serialize/index.ts | 1 - 7 files changed, 23 insertions(+), 18 deletions(-) create mode 100644 src/serialize/JSON/denormalize.ts create mode 100644 src/serialize/JSON/deserializer.ts create mode 100644 src/serialize/JSON/index.ts rename src/serialize/{JSON.normalize.ts => JSON/normalize.ts} (99%) rename src/serialize/{JSON.ts => JSON/serializer.ts} (80%) rename src/serialize/{JSON.types.ts => JSON/types.ts} (93%) diff --git a/src/serialize/JSON/denormalize.ts b/src/serialize/JSON/denormalize.ts new file mode 100644 index 000000000..d80922888 --- /dev/null +++ b/src/serialize/JSON/denormalize.ts @@ -0,0 +1,2 @@ +// @TODO +export {} diff --git a/src/serialize/JSON/deserializer.ts b/src/serialize/JSON/deserializer.ts new file mode 100644 index 000000000..d80922888 --- /dev/null +++ b/src/serialize/JSON/deserializer.ts @@ -0,0 +1,2 @@ +// @TODO +export {} diff --git a/src/serialize/JSON/index.ts b/src/serialize/JSON/index.ts new file mode 100644 index 000000000..fc7ada952 --- /dev/null +++ b/src/serialize/JSON/index.ts @@ -0,0 +1,5 @@ +export * as Types from './types' +export * as Normalize from './normalize' +export * from './serializer' +export * as Denormalize from './denormalize' +export * from './deserializer' diff --git a/src/serialize/JSON.normalize.ts b/src/serialize/JSON/normalize.ts similarity index 99% rename from src/serialize/JSON.normalize.ts rename to src/serialize/JSON/normalize.ts index baa19722b..5e3cbe004 100644 --- a/src/serialize/JSON.normalize.ts +++ b/src/serialize/JSON/normalize.ts @@ -1,6 +1,6 @@ -import { Protocol as SpecProtocol } from '../spec' -import * as Models from '../models' -import * as Types from './JSON.types' +import { Protocol as SpecProtocol } from '../../spec' +import * as Models from '../../models' +import * as Types from './types' export class Factory { readonly spec: SpecProtocol diff --git a/src/serialize/JSON.ts b/src/serialize/JSON/serializer.ts similarity index 80% rename from src/serialize/JSON.ts rename to src/serialize/JSON/serializer.ts index a0014f09e..c7e4ac23f 100644 --- a/src/serialize/JSON.ts +++ b/src/serialize/JSON/serializer.ts @@ -1,13 +1,10 @@ -import { Bom } from '../models' -import { Version as SpecVersion, Format, UnsupportedFormatError } from '../spec' -import { Serializer as SerializerProtocol } from './types' -import { Factory as NormalizerFactory, Options as NormalizerOptions } from './JSON.normalize' -import { Bom as JsonBom } from './JSON.types' +import { Bom } from '../../models' +import { Version as SpecVersion, Format, UnsupportedFormatError } from '../../spec' +import { Serializer as SerializerProtocol } from '../types' +import { Factory as NormalizerFactory, Options as NormalizerOptions } from './normalize' +import { Bom as JsonBom } from './types' -export * as Normalize from './JSON.normalize' -export * as Types from './JSON.types' - -const JsonSchemaUrl: ReadonlyMap = new Map([ +const SchemaUrl: ReadonlyMap = new Map([ [SpecVersion.v1dot2, 'http://cyclonedx.org/schema/bom-1.2b.schema.json'], [SpecVersion.v1dot3, 'http://cyclonedx.org/schema/bom-1.3a.schema.json'], [SpecVersion.v1dot4, 'http://cyclonedx.org/schema/bom-1.4.schema.json'] @@ -45,7 +42,7 @@ export class Serializer implements SerializerProtocol { // see https://github.com/CycloneDX/cyclonedx-javascript-library/issues/32 try { const _bom: JsonBom = { - $schema: JsonSchemaUrl.get(this.#normalizerFactory.spec.version), + $schema: SchemaUrl.get(this.#normalizerFactory.spec.version), ...this.#normalizerFactory.makeForBom().normalize(bom, { sortLists }) } return JSON.stringify(_bom, null, space) diff --git a/src/serialize/JSON.types.ts b/src/serialize/JSON/types.ts similarity index 93% rename from src/serialize/JSON.types.ts rename to src/serialize/JSON/types.ts index 9998419fd..7f63c304d 100644 --- a/src/serialize/JSON.types.ts +++ b/src/serialize/JSON/types.ts @@ -1,7 +1,7 @@ -import * as Enums from '../enums' -import { HashContent } from '../models' -import { SpdxId } from '../SPDX' -import { CPE, PositiveInteger, UrnUuid } from '../types' +import * as Enums from '../../enums' +import { HashContent } from '../../models' +import { SpdxId } from '../../SPDX' +import { CPE, PositiveInteger, UrnUuid } from '../../types' type IriReference = string type IdnEmail = string diff --git a/src/serialize/index.ts b/src/serialize/index.ts index cb340f388..6248bfcf1 100644 --- a/src/serialize/index.ts +++ b/src/serialize/index.ts @@ -1,3 +1,2 @@ export * from './types' - export * as JSON from './JSON' From 7d5d8d9e11fc5234627766da1e225179a8955ba8 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sat, 14 May 2022 19:30:17 +0200 Subject: [PATCH 125/233] wip Signed-off-by: Jan Kowalleck --- src/serialize/JSON/denormalize.ts | 2 -- src/serialize/JSON/deserializer.ts | 2 -- src/serialize/JSON/index.ts | 6 ++++-- 3 files changed, 4 insertions(+), 6 deletions(-) delete mode 100644 src/serialize/JSON/denormalize.ts delete mode 100644 src/serialize/JSON/deserializer.ts diff --git a/src/serialize/JSON/denormalize.ts b/src/serialize/JSON/denormalize.ts deleted file mode 100644 index d80922888..000000000 --- a/src/serialize/JSON/denormalize.ts +++ /dev/null @@ -1,2 +0,0 @@ -// @TODO -export {} diff --git a/src/serialize/JSON/deserializer.ts b/src/serialize/JSON/deserializer.ts deleted file mode 100644 index d80922888..000000000 --- a/src/serialize/JSON/deserializer.ts +++ /dev/null @@ -1,2 +0,0 @@ -// @TODO -export {} diff --git a/src/serialize/JSON/index.ts b/src/serialize/JSON/index.ts index fc7ada952..1d5ba64ae 100644 --- a/src/serialize/JSON/index.ts +++ b/src/serialize/JSON/index.ts @@ -1,5 +1,7 @@ export * as Types from './types' + export * as Normalize from './normalize' export * from './serializer' -export * as Denormalize from './denormalize' -export * from './deserializer' + +// export * as Denormalize from './denormalize' +// export * from './deserializer' From 354a9b07e925e137efa637dfb8d735a80f6a104e Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sat, 14 May 2022 19:34:53 +0200 Subject: [PATCH 126/233] wip Signed-off-by: Jan Kowalleck --- tsconfig.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tsconfig.json b/tsconfig.json index 4fe7314f0..70ba94fbb 100644 --- a/tsconfig.json +++ b/tsconfig.json @@ -51,7 +51,7 @@ "sourceMap": true, /* Create source map files for emitted JavaScript files. */ // "outFile": "./", /* Specify a file that bundles all outputs into one JavaScript file. If `declaration` is true, also designates a file that bundles all .d.ts output. */ "outDir": "./dist.node/", /* Specify an output folder for all emitted files. */ - // "removeComments": true, /* Disable emitting comments. */ + "removeComments": true, /* Disable emitting comments. */ // "noEmit": true, /* Disable emitting files from a compilation. */ // "importHelpers": true, /* Allow importing helper functions from tslib once per project, instead of including them per-file. */ // "importsNotUsedAsValues": "remove", /* Specify emit/checking behavior for imports that are only used for types */ @@ -62,7 +62,7 @@ // "inlineSources": true, /* Include source code in the sourcemaps inside the emitted JavaScript. */ // "emitBOM": true, /* Emit a UTF-8 Byte Order Mark (BOM) in the beginning of output files. */ "newLine": "lf", /* Set the newline character for emitting files. */ - // "stripInternal": true, /* Disable emitting declarations that have `@internal` in their JSDoc comments. */ + "stripInternal": true, /* Disable emitting declarations that have `@internal` in their JSDoc comments. */ // "noEmitHelpers": true, /* Disable generating custom helper functions like `__extends` in compiled output. */ // "noEmitOnError": true, /* Disable emitting files if any type checking errors are reported. */ // "preserveConstEnums": true, /* Disable erasing `const enum` declarations in generated code. */ From 1559e7f512ce5f553b790cd84147f1e6a836599d Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sat, 14 May 2022 19:44:20 +0200 Subject: [PATCH 127/233] wip Signed-off-by: Jan Kowalleck --- webpack.config.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/webpack.config.js b/webpack.config.js index 8c4ca0bf5..b8e2e0447 100644 --- a/webpack.config.js +++ b/webpack.config.js @@ -1,5 +1,5 @@ const path = require('path') -const merge = require('deepmerge') +const deepmerge = require('deepmerge') // see https://webpack.js.org/guides/author-libraries/ const configBase = { @@ -38,13 +38,13 @@ const configBase = { } module.exports = [ - merge(configBase, { + deepmerge(configBase, { mode: 'production', output: { filename: 'lib.js' } }), - merge(configBase, { + deepmerge(configBase, { mode: 'development', devtool: 'source-map', output: { From 2d2ca3946bcfef5fd47abac2e800505564c99fd3 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sat, 14 May 2022 20:59:07 +0200 Subject: [PATCH 128/233] wip Signed-off-by: Jan Kowalleck --- package.json | 2 +- src/models/SWID.ts | 17 ++++++++------ src/models/bom.ts | 4 ++-- src/models/component.ts | 2 +- src/serialize/JSON/types.ts | 6 ++--- src/types/CPE.ts | 2 +- src/types/PositiveInteger.ts | 10 --------- src/types/index.ts | 6 ++--- src/types/integer.ts | 31 ++++++++++++++++++++++++++ src/types/{MimeType.ts => mimeType.ts} | 2 +- src/types/{UrnUuid.ts => urn.ts} | 2 +- 11 files changed, 54 insertions(+), 30 deletions(-) delete mode 100644 src/types/PositiveInteger.ts create mode 100644 src/types/integer.ts rename src/types/{MimeType.ts => mimeType.ts} (83%) rename src/types/{UrnUuid.ts => urn.ts} (90%) diff --git a/package.json b/package.json index 30d919672..4c3cc9341 100644 --- a/package.json +++ b/package.json @@ -45,7 +45,7 @@ "scripts": { "prepublish": "npm run build", "lint": "tsc --noEmit", - "build": "npm run build:web && npm run build:node", + "build": "npm run build:node && npm run build:web", "prebuild:node": "node -r fs -e 'fs.rmSync(\"dist.node\",{recursive:true,force:true})'", "build:node": "tsc --build", "prebuild:web": "node -r fs -e 'fs.rmSync(\"dist.web\",{recursive:true,force:true})'", diff --git a/src/models/SWID.ts b/src/models/SWID.ts index 0148bd72a..d45165e49 100644 --- a/src/models/SWID.ts +++ b/src/models/SWID.ts @@ -1,6 +1,9 @@ -import { isPositiveInteger, PositiveInteger } from '../types' +import { isNonNegativeInteger, NonNegativeInteger } from '../types' import { Attachment } from './attachment' +/** + * @see {@link https://csrc.nist.gov/projects/Software-Identification-SWID} + */ export class SWID { tagId: string name: string @@ -14,17 +17,17 @@ export class SWID { this.name = name } - #tagVersion: PositiveInteger | null = null - get tagVersion (): PositiveInteger | null { + #tagVersion: NonNegativeInteger | null = null + get tagVersion (): NonNegativeInteger | null { return this.#tagVersion } /** - * @throws {TypeError} if value is not PositiveInteger nor null + * @throws {TypeError} if value is neither NonNegativeInteger nor null */ - set tagVersion (value: PositiveInteger | null) { - if (value !== null && !isPositiveInteger(value)) { - throw new TypeError('Not PositiveInteger nor null') + set tagVersion (value: NonNegativeInteger | null) { + if (value !== null && !isNonNegativeInteger(value)) { + throw new TypeError('Not NonNegativeInteger nor null') } this.#tagVersion = value } diff --git a/src/models/bom.ts b/src/models/bom.ts index 7299b194b..577686a8b 100644 --- a/src/models/bom.ts +++ b/src/models/bom.ts @@ -18,7 +18,7 @@ export class Bom { } /** - * @throws {TypeError} if value is not positive integer + * @throws {TypeError} if value is not PositiveInteger */ set version (value: PositiveInteger) { if (!isPositiveInteger(value)) { @@ -33,7 +33,7 @@ export class Bom { } /** - * @throws {TypeError} if value is not UrnUuid nor null + * @throws {TypeError} if value is neither UrnUuid nor null */ set serialNumber (value: UrnUuid | null) { if (value !== null && !isUrnUuid(value)) { diff --git a/src/models/component.ts b/src/models/component.ts index bab00637e..c74dda215 100644 --- a/src/models/component.ts +++ b/src/models/component.ts @@ -39,7 +39,7 @@ export class Component { } /** - * @throws {TypeError} if value is not CPE nor null + * @throws {TypeError} if value is neither CPE nor null */ set cpe (value: CPE | null) { if (value !== null && !isCPE(value)) { diff --git a/src/serialize/JSON/types.ts b/src/serialize/JSON/types.ts index 7f63c304d..3e3f5554a 100644 --- a/src/serialize/JSON/types.ts +++ b/src/serialize/JSON/types.ts @@ -1,7 +1,7 @@ import * as Enums from '../../enums' import { HashContent } from '../../models' import { SpdxId } from '../../SPDX' -import { CPE, PositiveInteger, UrnUuid } from '../../types' +import { CPE, Integer, UrnUuid } from '../../types' type IriReference = string type IdnEmail = string @@ -13,7 +13,7 @@ export interface Bom { $schema?: string bomFormat: 'CycloneDX' specVersion: string - version: PositiveInteger + version: Integer serialNumber?: UrnUuid metadata?: Metadata components?: Component[] @@ -106,7 +106,7 @@ export interface SWID { tagId: string name: string version?: string - tagVersion?: number + tagVersion?: Integer patch?: boolean text?: Attachment url?: IriReference diff --git a/src/types/CPE.ts b/src/types/CPE.ts index 410c12a3e..24b20dd5e 100644 --- a/src/types/CPE.ts +++ b/src/types/CPE.ts @@ -2,7 +2,7 @@ * Define the format for acceptable CPE URIs. Supports CPE 2.2 and CPE 2.3 formats. * Refer to {@link https://nvd.nist.gov/products/cpe} for official specification. */ -export declare type CPE = string +export type CPE = string /* eslint-disable-next-line no-useless-escape -- value directly from XML or JSON spec, surrounded with ^$ */ const cpePattern = /^([c][pP][eE]:\/[AHOaho]?(:[A-Za-z0-9\._\-~%]*){0,6})$|^(cpe:2\.3:[aho\*\-](:(((\?*|\*?)([a-zA-Z0-9\-\._]|(\\[\\\*\?!"#$$%&'\(\)\+,\/:;<=>@\[\]\^`\{\|}~]))+(\?*|\*?))|[\*\-])){5}(:(([a-zA-Z]{2,3}(-([a-zA-Z]{2}|[0-9]{3}))?)|[\*\-]))(:(((\?*|\*?)([a-zA-Z0-9\-\._]|(\\[\\\*\?!"#$$%&'\(\)\+,\/:;<=>@\[\]\^`\{\|}~]))+(\?*|\*?))|[\*\-])){4})$/ diff --git a/src/types/PositiveInteger.ts b/src/types/PositiveInteger.ts deleted file mode 100644 index 796f5c44b..000000000 --- a/src/types/PositiveInteger.ts +++ /dev/null @@ -1,10 +0,0 @@ -/** - * Integer > 0 - * @see isPositiveInteger() - */ -export declare type PositiveInteger = number - -export function isPositiveInteger (value: any): value is PositiveInteger { - return Number.isInteger(value) && - value > 0 -} diff --git a/src/types/index.ts b/src/types/index.ts index c7712b62f..e637f74ee 100644 --- a/src/types/index.ts +++ b/src/types/index.ts @@ -1,4 +1,4 @@ export * from './CPE' -export * from './MimeType' -export * from './PositiveInteger' -export * from './UrnUuid' +export * from './mimeType' +export * from './integer' +export * from './urn' diff --git a/src/types/integer.ts b/src/types/integer.ts new file mode 100644 index 000000000..450e1c18f --- /dev/null +++ b/src/types/integer.ts @@ -0,0 +1,31 @@ +/** + * integer + * @see isInteger + */ +export type Integer = number | NonNegativeInteger + +export function isInteger (value: any): value is Integer { + return Number.isInteger(value) +} + +/** + * integer >= 0 + * @see isNonNegativeInteger + */ +export type NonNegativeInteger = number | PositiveInteger + +export function isNonNegativeInteger (value: any): value is NonNegativeInteger { + return isInteger(value) && + value >= 0 +} + +/** + * integer > 0 + * @see isPositiveInteger + */ +export type PositiveInteger = number + +export function isPositiveInteger (value: any): value is PositiveInteger { + return isInteger(value) && + value > 0 +} diff --git a/src/types/MimeType.ts b/src/types/mimeType.ts similarity index 83% rename from src/types/MimeType.ts rename to src/types/mimeType.ts index 41cca67fa..2fa7371d9 100644 --- a/src/types/MimeType.ts +++ b/src/types/mimeType.ts @@ -1,4 +1,4 @@ -export declare type MimeType = string +export type MimeType = string const mimeTypePattern = /^[-+a-z0-9.]+\/[-+a-z0-9.]+$/ diff --git a/src/types/UrnUuid.ts b/src/types/urn.ts similarity index 90% rename from src/types/UrnUuid.ts rename to src/types/urn.ts index 3fcc26556..1cd601c21 100644 --- a/src/types/UrnUuid.ts +++ b/src/types/urn.ts @@ -2,7 +2,7 @@ * Defines a string representation of a UUID conforming to RFC 4122. * @see {@link https://datatracker.ietf.org/doc/html/rfc4122} */ -export declare type UrnUuid = string +export type UrnUuid = string const urnUuidPattern = /^urn:uuid:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/ From c985c570958a53a1469b8653025d66622d72a490 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sun, 15 May 2022 18:20:38 +0200 Subject: [PATCH 129/233] BomRefDiscriminator (#35) * wip Signed-off-by: Jan Kowalleck * wip Signed-off-by: Jan Kowalleck * wip Signed-off-by: Jan Kowalleck * wip Signed-off-by: Jan Kowalleck --- .mocharc.js | 1 + package-lock.json | 594 ++++++++++++------ package.json | 2 +- src/models/bomRef.ts | 2 +- src/serialize/BaseSerializer.ts | 30 + src/serialize/BomRefDiscriminator.ts | 41 ++ src/serialize/JSON/index.ts | 3 - src/serialize/JSON/normalize.ts | 58 +- src/serialize/JSON/serializer.ts | 54 -- src/serialize/JSON/types.ts | 19 +- src/serialize/JsonSerializer.ts | 43 ++ src/serialize/index.ts | 4 + src/serialize/types.ts | 18 +- {test => tests}/README.md | 2 +- {test => tests}/_data/enumLoader.js | 0 {test => tests}/_data/serialize.js | 11 +- .../serializeResults/complex_spec1.2.json | 0 .../serializeResults/complex_spec1.3.json | 0 .../serializeResults/complex_spec1.4.json | 0 .../serializeResults/sortedLists_spec1.2.json | 0 .../serializeResults/sortedLists_spec1.3.json | 0 .../serializeResults/sortedLists_spec1.4.json | 0 {test => tests}/_data/spdx.js | 0 .../functional/enums.HashAlogorithms.test.js | 4 +- {test => tests}/functional/spdx.test.js | 0 .../functional/spec.SpecVersionDict.test.js | 4 +- .../integration/JsonSerializer.test.js | 18 +- .../unit/factories.licenseFactory.spec.js | 6 +- {test => tests}/unit/models.bom.spec.js | 4 +- .../serialize.BomRefDiscriminator.spec.js | 99 +++ {test => tests}/unit/spdx.spec.js | 6 +- 31 files changed, 717 insertions(+), 306 deletions(-) create mode 100644 src/serialize/BaseSerializer.ts create mode 100644 src/serialize/BomRefDiscriminator.ts delete mode 100644 src/serialize/JSON/serializer.ts create mode 100644 src/serialize/JsonSerializer.ts rename {test => tests}/README.md (83%) rename {test => tests}/_data/enumLoader.js (100%) rename {test => tests}/_data/serialize.js (97%) rename {test => tests}/_data/serializeResults/complex_spec1.2.json (100%) rename {test => tests}/_data/serializeResults/complex_spec1.3.json (100%) rename {test => tests}/_data/serializeResults/complex_spec1.4.json (100%) rename {test => tests}/_data/serializeResults/sortedLists_spec1.2.json (100%) rename {test => tests}/_data/serializeResults/sortedLists_spec1.3.json (100%) rename {test => tests}/_data/serializeResults/sortedLists_spec1.4.json (100%) rename {test => tests}/_data/spdx.js (100%) rename {test => tests}/functional/enums.HashAlogorithms.test.js (91%) rename {test => tests}/functional/spdx.test.js (100%) rename {test => tests}/functional/spec.SpecVersionDict.test.js (86%) rename test/integration/serialize.JSON.test.js => tests/integration/JsonSerializer.test.js (82%) rename {test => tests}/unit/factories.licenseFactory.spec.js (88%) rename {test => tests}/unit/models.bom.spec.js (93%) create mode 100644 tests/unit/serialize.BomRefDiscriminator.spec.js rename {test => tests}/unit/spdx.spec.js (89%) diff --git a/.mocharc.js b/.mocharc.js index fb04922d5..3566bfc82 100644 --- a/.mocharc.js +++ b/.mocharc.js @@ -1,6 +1,7 @@ // mocha config // read: https://mochajs.org/#configuring-mocha-nodejs module.exports = { + spec: 'tests', recursive: true, extension: [ 'spec.js', 'test.js', diff --git a/package-lock.json b/package-lock.json index 56caca117..0ecbd1b36 100644 --- a/package-lock.json +++ b/package-lock.json @@ -166,6 +166,16 @@ "sprintf-js": "~1.0.2" } }, + "node_modules/@eslint/eslintrc/node_modules/brace-expansion": { + "version": "1.1.11", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==", + "dev": true, + "dependencies": { + "balanced-match": "^1.0.0", + "concat-map": "0.0.1" + } + }, "node_modules/@eslint/eslintrc/node_modules/ignore": { "version": "4.0.6", "resolved": "https://registry.npmjs.org/ignore/-/ignore-4.0.6.tgz", @@ -214,6 +224,16 @@ "node": ">=10.10.0" } }, + "node_modules/@humanwhocodes/config-array/node_modules/brace-expansion": { + "version": "1.1.11", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==", + "dev": true, + "dependencies": { + "balanced-match": "^1.0.0", + "concat-map": "0.0.1" + } + }, "node_modules/@humanwhocodes/config-array/node_modules/minimatch": { "version": "3.1.2", "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", @@ -268,9 +288,9 @@ } }, "node_modules/@types/eslint": { - "version": "8.4.1", - "resolved": "https://registry.npmjs.org/@types/eslint/-/eslint-8.4.1.tgz", - "integrity": "sha512-GE44+DNEyxxh2Kc6ro/VkIj+9ma0pO0bwv9+uHSyBrikYOHr8zYcdPvnBOp1aw8s+CjRvuSx7CyWqRrNFQ59mA==", + "version": "8.4.2", + "resolved": "https://registry.npmjs.org/@types/eslint/-/eslint-8.4.2.tgz", + "integrity": "sha512-Z1nseZON+GEnFjJc04sv4NSALGjhFwy6K0HXt7qsn5ArfAKtb63dXNJHf+1YW6IpOIYRBGUbu3GwJdj8DGnCjA==", "dev": true, "dependencies": { "@types/estree": "*", @@ -767,14 +787,14 @@ "dev": true }, "node_modules/array-includes": { - "version": "3.1.4", - "resolved": "https://registry.npmjs.org/array-includes/-/array-includes-3.1.4.tgz", - "integrity": "sha512-ZTNSQkmWumEbiHO2GF4GmWxYVTiQyJy2XOTa15sdQSrvKn7l+180egQMqlrMOUMCyLMD7pmyQe4mMDUT6Behrw==", + "version": "3.1.5", + "resolved": "https://registry.npmjs.org/array-includes/-/array-includes-3.1.5.tgz", + "integrity": "sha512-iSDYZMMyTPkiFasVqfuAQnWAYcvO/SeBSCGKePoEthjp4LEMTe4uLc7b025o4jAZpHhihh8xPo99TNWUWWkGDQ==", "dev": true, "dependencies": { "call-bind": "^1.0.2", - "define-properties": "^1.1.3", - "es-abstract": "^1.19.1", + "define-properties": "^1.1.4", + "es-abstract": "^1.19.5", "get-intrinsic": "^1.1.1", "is-string": "^1.0.7" }, @@ -855,13 +875,12 @@ } }, "node_modules/brace-expansion": { - "version": "1.1.11", - "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", - "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==", + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz", + "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==", "dev": true, "dependencies": { - "balanced-match": "^1.0.0", - "concat-map": "0.0.1" + "balanced-match": "^1.0.0" } }, "node_modules/braces": { @@ -883,9 +902,9 @@ "dev": true }, "node_modules/browserslist": { - "version": "4.20.2", - "resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.20.2.tgz", - "integrity": "sha512-CQOBCqp/9pDvDbx3xfMi+86pr4KXIf2FDkTTdeuYw8OxS9t898LA1Khq57gtufFILXpfgsSx5woNgsBgvGjpsA==", + "version": "4.20.3", + "resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.20.3.tgz", + "integrity": "sha512-NBhymBQl1zM0Y5dQT/O+xiLP9/rzOIQdKM/eMJBAq7yBgaB6krIYLGejrwVYnSHZdqjscB1SPuAjHwxjvN6Wdg==", "dev": true, "funding": [ { @@ -898,10 +917,10 @@ } ], "dependencies": { - "caniuse-lite": "^1.0.30001317", - "electron-to-chromium": "^1.4.84", + "caniuse-lite": "^1.0.30001332", + "electron-to-chromium": "^1.4.118", "escalade": "^3.1.1", - "node-releases": "^2.0.2", + "node-releases": "^2.0.3", "picocolors": "^1.0.0" }, "bin": { @@ -952,9 +971,9 @@ } }, "node_modules/caniuse-lite": { - "version": "1.0.30001332", - "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001332.tgz", - "integrity": "sha512-10T30NYOEQtN6C11YGg411yebhvpnC6Z102+B95eAsN0oB6KUs01ivE8u+G6FMIRtIrVlYXhL+LUwQ3/hXwDWw==", + "version": "1.0.30001341", + "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001341.tgz", + "integrity": "sha512-2SodVrFFtvGENGCv0ChVJIDQ0KPaS1cg7/qtfMaICgeMolDdo/Z2OD32F0Aq9yl6F4YFwGPBS5AaPqNYiW4PoA==", "dev": true, "funding": [ { @@ -1206,9 +1225,9 @@ } }, "node_modules/electron-to-chromium": { - "version": "1.4.110", - "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.4.110.tgz", - "integrity": "sha512-TvHZrkj9anfWkxgblHlNr4IMQdm2N6D0o8Wu1BDpSL/RKT4DHyUt/tvDFtApgZ+LGFL3U9EO4LRZ1eSlQ8xMYA==", + "version": "1.4.137", + "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.4.137.tgz", + "integrity": "sha512-0Rcpald12O11BUogJagX3HsCN3FE83DSqWjgXoHo5a72KUKMSfI39XBgJpgNNxS9fuGzytaFjE06kZkiVFy2qA==", "dev": true }, "node_modules/emoji-regex": { @@ -1264,17 +1283,19 @@ } }, "node_modules/es-abstract": { - "version": "1.19.5", - "resolved": "https://registry.npmjs.org/es-abstract/-/es-abstract-1.19.5.tgz", - "integrity": "sha512-Aa2G2+Rd3b6kxEUKTF4TaW67czBLyAv3z7VOhYRU50YBx+bbsYZ9xQP4lMNazePuFlybXI0V4MruPos7qUo5fA==", + "version": "1.20.0", + "resolved": "https://registry.npmjs.org/es-abstract/-/es-abstract-1.20.0.tgz", + "integrity": "sha512-URbD8tgRthKD3YcC39vbvSDrX23upXnPcnGAjQfgxXF5ID75YcENawc9ZX/9iTP9ptUyfCLIxTTuMYoRfiOVKA==", "dev": true, "dependencies": { "call-bind": "^1.0.2", "es-to-primitive": "^1.2.1", "function-bind": "^1.1.1", + "function.prototype.name": "^1.1.5", "get-intrinsic": "^1.1.1", "get-symbol-description": "^1.0.0", "has": "^1.0.3", + "has-property-descriptors": "^1.0.0", "has-symbols": "^1.0.3", "internal-slot": "^1.0.3", "is-callable": "^1.2.4", @@ -1286,9 +1307,10 @@ "object-inspect": "^1.12.0", "object-keys": "^1.1.1", "object.assign": "^4.1.2", - "string.prototype.trimend": "^1.0.4", - "string.prototype.trimstart": "^1.0.4", - "unbox-primitive": "^1.0.1" + "regexp.prototype.flags": "^1.4.1", + "string.prototype.trimend": "^1.0.5", + "string.prototype.trimstart": "^1.0.5", + "unbox-primitive": "^1.0.2" }, "engines": { "node": ">= 0.4" @@ -1644,6 +1666,16 @@ "eslint": "^2 || ^3 || ^4 || ^5 || ^6 || ^7.2.0 || ^8" } }, + "node_modules/eslint-plugin-import/node_modules/brace-expansion": { + "version": "1.1.11", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==", + "dev": true, + "dependencies": { + "balanced-match": "^1.0.0", + "concat-map": "0.0.1" + } + }, "node_modules/eslint-plugin-import/node_modules/debug": { "version": "2.6.9", "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", @@ -1703,6 +1735,16 @@ "eslint": ">=5.16.0" } }, + "node_modules/eslint-plugin-node/node_modules/brace-expansion": { + "version": "1.1.11", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==", + "dev": true, + "dependencies": { + "balanced-match": "^1.0.0", + "concat-map": "0.0.1" + } + }, "node_modules/eslint-plugin-node/node_modules/eslint-utils": { "version": "2.1.0", "resolved": "https://registry.npmjs.org/eslint-utils/-/eslint-utils-2.1.0.tgz", @@ -1788,6 +1830,16 @@ "eslint": "^3 || ^4 || ^5 || ^6 || ^7 || ^8" } }, + "node_modules/eslint-plugin-react/node_modules/brace-expansion": { + "version": "1.1.11", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==", + "dev": true, + "dependencies": { + "balanced-match": "^1.0.0", + "concat-map": "0.0.1" + } + }, "node_modules/eslint-plugin-react/node_modules/doctrine": { "version": "2.1.0", "resolved": "https://registry.npmjs.org/doctrine/-/doctrine-2.1.0.tgz", @@ -1892,6 +1944,16 @@ "sprintf-js": "~1.0.2" } }, + "node_modules/eslint/node_modules/brace-expansion": { + "version": "1.1.11", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==", + "dev": true, + "dependencies": { + "balanced-match": "^1.0.0", + "concat-map": "0.0.1" + } + }, "node_modules/eslint/node_modules/eslint-utils": { "version": "2.1.0", "resolved": "https://registry.npmjs.org/eslint-utils/-/eslint-utils-2.1.0.tgz", @@ -2203,6 +2265,24 @@ "integrity": "sha512-yIovAzMX49sF8Yl58fSCWJ5svSLuaibPxXQJFLmBObTuCr0Mf1KiPopGM9NiFjiYBCbfaa2Fh6breQ6ANVTI0A==", "dev": true }, + "node_modules/function.prototype.name": { + "version": "1.1.5", + "resolved": "https://registry.npmjs.org/function.prototype.name/-/function.prototype.name-1.1.5.tgz", + "integrity": "sha512-uN7m/BzVKQnCUF/iW8jYea67v++2u7m5UgENbHRtdDVclOUP+FMPlCNdmk0h/ysGyo2tavMJEDqJAkJdRa1vMA==", + "dev": true, + "dependencies": { + "call-bind": "^1.0.2", + "define-properties": "^1.1.3", + "es-abstract": "^1.19.0", + "functions-have-names": "^1.2.2" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, "node_modules/functional-red-black-tree": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/functional-red-black-tree/-/functional-red-black-tree-1.0.1.tgz", @@ -2210,9 +2290,9 @@ "dev": true }, "node_modules/functions-have-names": { - "version": "1.2.2", - "resolved": "https://registry.npmjs.org/functions-have-names/-/functions-have-names-1.2.2.tgz", - "integrity": "sha512-bLgc3asbWdwPbx2mNk2S49kmJCuQeu0nfmaOgbs8WIyzzkw3r4htszdIi9Q9EMezDPTYuJx2wvjZ/EwgAthpnA==", + "version": "1.2.3", + "resolved": "https://registry.npmjs.org/functions-have-names/-/functions-have-names-1.2.3.tgz", + "integrity": "sha512-xckBUXyTIqT97tq2x2AMb+g163b5JFysYk0x4qxNFwbfQkmNZoiRHb6sPzI9/QV33WeuvVYBUIiD4NzNIyqaRQ==", "dev": true, "funding": { "url": "https://github.com/sponsors/ljharb" @@ -2319,6 +2399,16 @@ "integrity": "sha512-lkX1HJXwyMcprw/5YUZc2s7DrpAiHB21/V+E1rHUrVNokkvB6bqMzT0VfV6/86ZNabt1k14YOIaT7nDvOX3Iiw==", "dev": true }, + "node_modules/glob/node_modules/brace-expansion": { + "version": "1.1.11", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==", + "dev": true, + "dependencies": { + "balanced-match": "^1.0.0", + "concat-map": "0.0.1" + } + }, "node_modules/glob/node_modules/minimatch": { "version": "3.1.2", "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", @@ -2332,9 +2422,9 @@ } }, "node_modules/globals": { - "version": "13.13.0", - "resolved": "https://registry.npmjs.org/globals/-/globals-13.13.0.tgz", - "integrity": "sha512-EQ7Q18AJlPwp3vUDL4mKA0KXrXyNIQyWon6T6XQiBQF0XHvRsiCSrWmmeATpUzdJN2HhWZU6Pdl0a9zdep5p6A==", + "version": "13.15.0", + "resolved": "https://registry.npmjs.org/globals/-/globals-13.15.0.tgz", + "integrity": "sha512-bpzcOlgDhMG070Av0Vy5Owklpv1I6+j96GhUI7Rh7IzDCKLzboflLrrfqMu8NquDbiR4EOQk7XzJwqVJxicxog==", "dev": true, "dependencies": { "type-fest": "^0.20.2" @@ -2385,9 +2475,9 @@ } }, "node_modules/has-bigints": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/has-bigints/-/has-bigints-1.0.1.tgz", - "integrity": "sha512-LSBS2LjbNBTf6287JEbEzvJgftkF5qFkmCo9hDRpAzKhUOlJ+hx8dd4USs00SgsUNwc4617J9ki5YtEClM2ffA==", + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/has-bigints/-/has-bigints-1.0.2.tgz", + "integrity": "sha512-tSvCKtBr9lkF0Ex0aQiP9N+OpV4zi2r/Nee5VkRDbaqv35RLYMzbwQfFSZZH0kR+Rd6302UJZ2p/bJCEoR3VoQ==", "dev": true, "funding": { "url": "https://github.com/sponsors/ljharb" @@ -2610,9 +2700,9 @@ } }, "node_modules/is-core-module": { - "version": "2.8.1", - "resolved": "https://registry.npmjs.org/is-core-module/-/is-core-module-2.8.1.tgz", - "integrity": "sha512-SdNCUs284hr40hFTFP6l0IfZ/RSrMXF3qgoRHd3/79unUTvrFO/JoXwkGm+5J/Oe3E/b5GsnG330uUNgRpu1PA==", + "version": "2.9.0", + "resolved": "https://registry.npmjs.org/is-core-module/-/is-core-module-2.9.0.tgz", + "integrity": "sha512-+5FPy5PnwmO3lvfMb0AsoPaBG+5KHUI0wYFXOtYPnVVVspTFUuMZNfNaNVRt3FZadstu2c8x23vykRW/NBoU6A==", "dev": true, "dependencies": { "has": "^1.0.3" @@ -2901,9 +2991,9 @@ } }, "node_modules/jsx-ast-utils": { - "version": "3.2.2", - "resolved": "https://registry.npmjs.org/jsx-ast-utils/-/jsx-ast-utils-3.2.2.tgz", - "integrity": "sha512-HDAyJ4MNQBboGpUnHAVUNJs6X0lh058s6FuixsFGP7MgJYpD6Vasd6nzSG5iIfXu1zAYlHJ/zsOKNlrenTUBnw==", + "version": "3.3.0", + "resolved": "https://registry.npmjs.org/jsx-ast-utils/-/jsx-ast-utils-3.3.0.tgz", + "integrity": "sha512-XzO9luP6L0xkxwhIJMTJQpZo/eeN60K08jHdexfD569AGxeNug6UketeHXEhROoM8aR7EcUoOQmIhcJQjcuq8Q==", "dev": true, "dependencies": { "array-includes": "^3.1.4", @@ -2990,6 +3080,12 @@ "integrity": "sha512-0KpjqXRVvrYyCsX1swR/XTK0va6VQkQM6MNo7PqW77ByjAhoARA8EfrP1N4+KlKj8YS0ZUCtRT/YUuhyYDujIQ==", "dev": true }, + "node_modules/lodash.sortby": { + "version": "4.7.0", + "resolved": "https://registry.npmjs.org/lodash.sortby/-/lodash.sortby-4.7.0.tgz", + "integrity": "sha1-7dFMgk4sycHgsKG0K7UhBRakJDg=", + "dev": true + }, "node_modules/lodash.truncate": { "version": "4.4.2", "resolved": "https://registry.npmjs.org/lodash.truncate/-/lodash.truncate-4.4.2.tgz", @@ -3106,15 +3202,6 @@ "node": ">=10" } }, - "node_modules/minimatch/node_modules/brace-expansion": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz", - "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==", - "dev": true, - "dependencies": { - "balanced-match": "^1.0.0" - } - }, "node_modules/minimist": { "version": "1.2.6", "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.6.tgz", @@ -3193,9 +3280,9 @@ "dev": true }, "node_modules/node-releases": { - "version": "2.0.3", - "resolved": "https://registry.npmjs.org/node-releases/-/node-releases-2.0.3.tgz", - "integrity": "sha512-maHFz6OLqYxz+VQyCAtA3PTX4UP/53pa05fyDNc9CwjvJ0yEh6+xBwKsgCxMNhS8taUKBFYxfuiaD9U/55iFaw==", + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/node-releases/-/node-releases-2.0.4.tgz", + "integrity": "sha512-gbMzqQtTtDz/00jQzZ21PQzdI9PyLYqUSvD0p3naOhX4odFji0ZxYdnVwPTxmSwkmxhcFImpozceidSG+AgoPQ==", "dev": true }, "node_modules/normalize-path": { @@ -3296,13 +3383,13 @@ } }, "node_modules/object.hasown": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/object.hasown/-/object.hasown-1.1.0.tgz", - "integrity": "sha512-MhjYRfj3GBlhSkDHo6QmvgjRLXQ2zndabdf3nX0yTyZK9rPfxb6uRpAac8HXNLy1GpqWtZ81Qh4v3uOls2sRAg==", + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/object.hasown/-/object.hasown-1.1.1.tgz", + "integrity": "sha512-LYLe4tivNQzq4JdaWW6WO3HMZZJWzkkH8fnI6EebWl0VZth2wL2Lovm74ep2/gZzlaTdV62JZHEqHQ2yVn8Q/A==", "dev": true, "dependencies": { - "define-properties": "^1.1.3", - "es-abstract": "^1.19.1" + "define-properties": "^1.1.4", + "es-abstract": "^1.19.5" }, "funding": { "url": "https://github.com/sponsors/ljharb" @@ -4128,26 +4215,28 @@ } }, "node_modules/string.prototype.trimend": { - "version": "1.0.4", - "resolved": "https://registry.npmjs.org/string.prototype.trimend/-/string.prototype.trimend-1.0.4.tgz", - "integrity": "sha512-y9xCjw1P23Awk8EvTpcyL2NIr1j7wJ39f+k6lvRnSMz+mz9CGz9NYPelDk42kOz6+ql8xjfK8oYzy3jAP5QU5A==", + "version": "1.0.5", + "resolved": "https://registry.npmjs.org/string.prototype.trimend/-/string.prototype.trimend-1.0.5.tgz", + "integrity": "sha512-I7RGvmjV4pJ7O3kdf+LXFpVfdNOxtCW/2C8f6jNiW4+PQchwxkCDzlk1/7p+Wl4bqFIZeF47qAHXLuHHWKAxog==", "dev": true, "dependencies": { "call-bind": "^1.0.2", - "define-properties": "^1.1.3" + "define-properties": "^1.1.4", + "es-abstract": "^1.19.5" }, "funding": { "url": "https://github.com/sponsors/ljharb" } }, "node_modules/string.prototype.trimstart": { - "version": "1.0.4", - "resolved": "https://registry.npmjs.org/string.prototype.trimstart/-/string.prototype.trimstart-1.0.4.tgz", - "integrity": "sha512-jh6e984OBfvxS50tdY2nRZnoC5/mLFKOREQfw8t5yytkoUsJRNxvI/E39qu1sD0OtWI3OC0XgKSmcWwziwYuZw==", + "version": "1.0.5", + "resolved": "https://registry.npmjs.org/string.prototype.trimstart/-/string.prototype.trimstart-1.0.5.tgz", + "integrity": "sha512-THx16TJCGlsN0o6dl2o6ncWUsdgnLRSA23rRE5pyGBw/mLr3Ej/R2LaqCtgP8VNMGZsvMWnf9ooZPyY2bHvUFg==", "dev": true, "dependencies": { "call-bind": "^1.0.2", - "define-properties": "^1.1.3" + "define-properties": "^1.1.4", + "es-abstract": "^1.19.5" }, "funding": { "url": "https://github.com/sponsors/ljharb" @@ -4270,14 +4359,14 @@ } }, "node_modules/terser": { - "version": "5.12.1", - "resolved": "https://registry.npmjs.org/terser/-/terser-5.12.1.tgz", - "integrity": "sha512-NXbs+7nisos5E+yXwAD+y7zrcTkMqb0dEJxIGtSKPdCBzopf7ni4odPul2aechpV7EXNvOudYOX2bb5tln1jbQ==", + "version": "5.13.1", + "resolved": "https://registry.npmjs.org/terser/-/terser-5.13.1.tgz", + "integrity": "sha512-hn4WKOfwnwbYfe48NgrQjqNOH9jzLqRcIfbYytOXCOv46LBfWr9bDS17MQqOi+BWGD0sJK3Sj5NC/gJjiojaoA==", "dev": true, "dependencies": { "acorn": "^8.5.0", "commander": "^2.20.0", - "source-map": "~0.7.2", + "source-map": "~0.8.0-beta.0", "source-map-support": "~0.5.20" }, "bin": { @@ -4322,9 +4411,9 @@ } }, "node_modules/terser/node_modules/acorn": { - "version": "8.7.0", - "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.7.0.tgz", - "integrity": "sha512-V/LGr1APy+PXIwKebEWrkZPwoeoF+w1jiOBUmuxuiUIaOHtob8Qc9BTrYo7VuI5fR8tqsy+buA2WFooR5olqvQ==", + "version": "8.7.1", + "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.7.1.tgz", + "integrity": "sha512-Xx54uLJQZ19lKygFXOWsscKUbsBZW0CPykPhVQdhIeIwrbPmJzqeASDInc8nKBnp/JT6igTs82qPXz069H8I/A==", "dev": true, "bin": { "acorn": "bin/acorn" @@ -4334,10 +4423,13 @@ } }, "node_modules/terser/node_modules/source-map": { - "version": "0.7.3", - "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.7.3.tgz", - "integrity": "sha512-CkCj6giN3S+n9qrYiBTX5gystlENnRW5jZeNLHpe6aue+SrHcG5VYwujhW9s4dY31mEGsxBDrHR6oI69fTXsaQ==", + "version": "0.8.0-beta.0", + "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.8.0-beta.0.tgz", + "integrity": "sha512-2ymg6oRBpebeZi9UUNsgQ89bhx01TcTkmNTGnNO88imTmbSgy4nfujrgVEFKWpMTEGA11EDkTt7mqObTPdigIA==", "dev": true, + "dependencies": { + "whatwg-url": "^7.0.0" + }, "engines": { "node": ">= 8" } @@ -4360,6 +4452,15 @@ "node": ">=8.0" } }, + "node_modules/tr46": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/tr46/-/tr46-1.0.1.tgz", + "integrity": "sha1-qLE/1r/SSJUZZ0zN5VujaTtwbQk=", + "dev": true, + "dependencies": { + "punycode": "^2.1.0" + } + }, "node_modules/ts-loader": { "version": "9.3.0", "resolved": "https://registry.npmjs.org/ts-loader/-/ts-loader-9.3.0.tgz", @@ -4480,14 +4581,14 @@ } }, "node_modules/unbox-primitive": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/unbox-primitive/-/unbox-primitive-1.0.1.tgz", - "integrity": "sha512-tZU/3NqK3dA5gpE1KtyiJUrEB0lxnGkMFHptJ7q6ewdZ8s12QrODwNbhIJStmJkd1QDXa1NRA8aF2A1zk/Ypyw==", + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/unbox-primitive/-/unbox-primitive-1.0.2.tgz", + "integrity": "sha512-61pPlCD9h51VoreyJ0BReideM3MDKMKnh6+V9L08331ipq6Q8OFXZYiqP6n/tbHx4s5I9uRhcye6BrbkizkBDw==", "dev": true, "dependencies": { - "function-bind": "^1.1.1", - "has-bigints": "^1.0.1", - "has-symbols": "^1.0.2", + "call-bind": "^1.0.2", + "has-bigints": "^1.0.2", + "has-symbols": "^1.0.3", "which-boxed-primitive": "^1.0.2" }, "funding": { @@ -4522,6 +4623,12 @@ "node": ">=10.13.0" } }, + "node_modules/webidl-conversions": { + "version": "4.0.2", + "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-4.0.2.tgz", + "integrity": "sha512-YQ+BmxuTgd6UXZW3+ICGfyqRyHXVlD5GtQr5+qjiNW7bF0cqrzX500HVXPBOvgXb5YnzDd+h0zqyv61KUD7+Sg==", + "dev": true + }, "node_modules/webpack": { "version": "5.72.1", "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.72.1.tgz", @@ -4644,9 +4751,9 @@ } }, "node_modules/webpack/node_modules/acorn": { - "version": "8.7.0", - "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.7.0.tgz", - "integrity": "sha512-V/LGr1APy+PXIwKebEWrkZPwoeoF+w1jiOBUmuxuiUIaOHtob8Qc9BTrYo7VuI5fR8tqsy+buA2WFooR5olqvQ==", + "version": "8.7.1", + "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.7.1.tgz", + "integrity": "sha512-Xx54uLJQZ19lKygFXOWsscKUbsBZW0CPykPhVQdhIeIwrbPmJzqeASDInc8nKBnp/JT6igTs82qPXz069H8I/A==", "dev": true, "bin": { "acorn": "bin/acorn" @@ -4664,6 +4771,17 @@ "acorn": "^8" } }, + "node_modules/whatwg-url": { + "version": "7.1.0", + "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-7.1.0.tgz", + "integrity": "sha512-WUu7Rg1DroM7oQvGWfOiAK21n74Gg+T4elXEQYkOhtyLeWiJFoOGLXPKI/9gzIie9CtwVLm8wtw6YJdKyxSjeg==", + "dev": true, + "dependencies": { + "lodash.sortby": "^4.7.0", + "tr46": "^1.0.1", + "webidl-conversions": "^4.0.2" + } + }, "node_modules/which": { "version": "2.0.2", "resolved": "https://registry.npmjs.org/which/-/which-2.0.2.tgz", @@ -4935,6 +5053,16 @@ "sprintf-js": "~1.0.2" } }, + "brace-expansion": { + "version": "1.1.11", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==", + "dev": true, + "requires": { + "balanced-match": "^1.0.0", + "concat-map": "0.0.1" + } + }, "ignore": { "version": "4.0.6", "resolved": "https://registry.npmjs.org/ignore/-/ignore-4.0.6.tgz", @@ -4973,6 +5101,16 @@ "minimatch": "^3.0.4" }, "dependencies": { + "brace-expansion": { + "version": "1.1.11", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==", + "dev": true, + "requires": { + "balanced-match": "^1.0.0", + "concat-map": "0.0.1" + } + }, "minimatch": { "version": "3.1.2", "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", @@ -5017,9 +5155,9 @@ } }, "@types/eslint": { - "version": "8.4.1", - "resolved": "https://registry.npmjs.org/@types/eslint/-/eslint-8.4.1.tgz", - "integrity": "sha512-GE44+DNEyxxh2Kc6ro/VkIj+9ma0pO0bwv9+uHSyBrikYOHr8zYcdPvnBOp1aw8s+CjRvuSx7CyWqRrNFQ59mA==", + "version": "8.4.2", + "resolved": "https://registry.npmjs.org/@types/eslint/-/eslint-8.4.2.tgz", + "integrity": "sha512-Z1nseZON+GEnFjJc04sv4NSALGjhFwy6K0HXt7qsn5ArfAKtb63dXNJHf+1YW6IpOIYRBGUbu3GwJdj8DGnCjA==", "dev": true, "requires": { "@types/estree": "*", @@ -5400,14 +5538,14 @@ "dev": true }, "array-includes": { - "version": "3.1.4", - "resolved": "https://registry.npmjs.org/array-includes/-/array-includes-3.1.4.tgz", - "integrity": "sha512-ZTNSQkmWumEbiHO2GF4GmWxYVTiQyJy2XOTa15sdQSrvKn7l+180egQMqlrMOUMCyLMD7pmyQe4mMDUT6Behrw==", + "version": "3.1.5", + "resolved": "https://registry.npmjs.org/array-includes/-/array-includes-3.1.5.tgz", + "integrity": "sha512-iSDYZMMyTPkiFasVqfuAQnWAYcvO/SeBSCGKePoEthjp4LEMTe4uLc7b025o4jAZpHhihh8xPo99TNWUWWkGDQ==", "dev": true, "requires": { "call-bind": "^1.0.2", - "define-properties": "^1.1.3", - "es-abstract": "^1.19.1", + "define-properties": "^1.1.4", + "es-abstract": "^1.19.5", "get-intrinsic": "^1.1.1", "is-string": "^1.0.7" } @@ -5461,13 +5599,12 @@ "dev": true }, "brace-expansion": { - "version": "1.1.11", - "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", - "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==", + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz", + "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==", "dev": true, "requires": { - "balanced-match": "^1.0.0", - "concat-map": "0.0.1" + "balanced-match": "^1.0.0" } }, "braces": { @@ -5486,15 +5623,15 @@ "dev": true }, "browserslist": { - "version": "4.20.2", - "resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.20.2.tgz", - "integrity": "sha512-CQOBCqp/9pDvDbx3xfMi+86pr4KXIf2FDkTTdeuYw8OxS9t898LA1Khq57gtufFILXpfgsSx5woNgsBgvGjpsA==", + "version": "4.20.3", + "resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.20.3.tgz", + "integrity": "sha512-NBhymBQl1zM0Y5dQT/O+xiLP9/rzOIQdKM/eMJBAq7yBgaB6krIYLGejrwVYnSHZdqjscB1SPuAjHwxjvN6Wdg==", "dev": true, "requires": { - "caniuse-lite": "^1.0.30001317", - "electron-to-chromium": "^1.4.84", + "caniuse-lite": "^1.0.30001332", + "electron-to-chromium": "^1.4.118", "escalade": "^3.1.1", - "node-releases": "^2.0.2", + "node-releases": "^2.0.3", "picocolors": "^1.0.0" } }, @@ -5527,9 +5664,9 @@ "dev": true }, "caniuse-lite": { - "version": "1.0.30001332", - "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001332.tgz", - "integrity": "sha512-10T30NYOEQtN6C11YGg411yebhvpnC6Z102+B95eAsN0oB6KUs01ivE8u+G6FMIRtIrVlYXhL+LUwQ3/hXwDWw==", + "version": "1.0.30001341", + "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001341.tgz", + "integrity": "sha512-2SodVrFFtvGENGCv0ChVJIDQ0KPaS1cg7/qtfMaICgeMolDdo/Z2OD32F0Aq9yl6F4YFwGPBS5AaPqNYiW4PoA==", "dev": true }, "chalk": { @@ -5711,9 +5848,9 @@ } }, "electron-to-chromium": { - "version": "1.4.110", - "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.4.110.tgz", - "integrity": "sha512-TvHZrkj9anfWkxgblHlNr4IMQdm2N6D0o8Wu1BDpSL/RKT4DHyUt/tvDFtApgZ+LGFL3U9EO4LRZ1eSlQ8xMYA==", + "version": "1.4.137", + "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.4.137.tgz", + "integrity": "sha512-0Rcpald12O11BUogJagX3HsCN3FE83DSqWjgXoHo5a72KUKMSfI39XBgJpgNNxS9fuGzytaFjE06kZkiVFy2qA==", "dev": true }, "emoji-regex": { @@ -5757,17 +5894,19 @@ } }, "es-abstract": { - "version": "1.19.5", - "resolved": "https://registry.npmjs.org/es-abstract/-/es-abstract-1.19.5.tgz", - "integrity": "sha512-Aa2G2+Rd3b6kxEUKTF4TaW67czBLyAv3z7VOhYRU50YBx+bbsYZ9xQP4lMNazePuFlybXI0V4MruPos7qUo5fA==", + "version": "1.20.0", + "resolved": "https://registry.npmjs.org/es-abstract/-/es-abstract-1.20.0.tgz", + "integrity": "sha512-URbD8tgRthKD3YcC39vbvSDrX23upXnPcnGAjQfgxXF5ID75YcENawc9ZX/9iTP9ptUyfCLIxTTuMYoRfiOVKA==", "dev": true, "requires": { "call-bind": "^1.0.2", "es-to-primitive": "^1.2.1", "function-bind": "^1.1.1", + "function.prototype.name": "^1.1.5", "get-intrinsic": "^1.1.1", "get-symbol-description": "^1.0.0", "has": "^1.0.3", + "has-property-descriptors": "^1.0.0", "has-symbols": "^1.0.3", "internal-slot": "^1.0.3", "is-callable": "^1.2.4", @@ -5779,9 +5918,10 @@ "object-inspect": "^1.12.0", "object-keys": "^1.1.1", "object.assign": "^4.1.2", - "string.prototype.trimend": "^1.0.4", - "string.prototype.trimstart": "^1.0.4", - "unbox-primitive": "^1.0.1" + "regexp.prototype.flags": "^1.4.1", + "string.prototype.trimend": "^1.0.5", + "string.prototype.trimstart": "^1.0.5", + "unbox-primitive": "^1.0.2" } }, "es-module-lexer": { @@ -5879,6 +6019,16 @@ "sprintf-js": "~1.0.2" } }, + "brace-expansion": { + "version": "1.1.11", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==", + "dev": true, + "requires": { + "balanced-match": "^1.0.0", + "concat-map": "0.0.1" + } + }, "eslint-utils": { "version": "2.1.0", "resolved": "https://registry.npmjs.org/eslint-utils/-/eslint-utils-2.1.0.tgz", @@ -6080,6 +6230,16 @@ "tsconfig-paths": "^3.14.1" }, "dependencies": { + "brace-expansion": { + "version": "1.1.11", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==", + "dev": true, + "requires": { + "balanced-match": "^1.0.0", + "concat-map": "0.0.1" + } + }, "debug": { "version": "2.6.9", "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", @@ -6129,6 +6289,16 @@ "semver": "^6.1.0" }, "dependencies": { + "brace-expansion": { + "version": "1.1.11", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==", + "dev": true, + "requires": { + "balanced-match": "^1.0.0", + "concat-map": "0.0.1" + } + }, "eslint-utils": { "version": "2.1.0", "resolved": "https://registry.npmjs.org/eslint-utils/-/eslint-utils-2.1.0.tgz", @@ -6190,6 +6360,16 @@ "string.prototype.matchall": "^4.0.6" }, "dependencies": { + "brace-expansion": { + "version": "1.1.11", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==", + "dev": true, + "requires": { + "balanced-match": "^1.0.0", + "concat-map": "0.0.1" + } + }, "doctrine": { "version": "2.1.0", "resolved": "https://registry.npmjs.org/doctrine/-/doctrine-2.1.0.tgz", @@ -6452,6 +6632,18 @@ "integrity": "sha512-yIovAzMX49sF8Yl58fSCWJ5svSLuaibPxXQJFLmBObTuCr0Mf1KiPopGM9NiFjiYBCbfaa2Fh6breQ6ANVTI0A==", "dev": true }, + "function.prototype.name": { + "version": "1.1.5", + "resolved": "https://registry.npmjs.org/function.prototype.name/-/function.prototype.name-1.1.5.tgz", + "integrity": "sha512-uN7m/BzVKQnCUF/iW8jYea67v++2u7m5UgENbHRtdDVclOUP+FMPlCNdmk0h/ysGyo2tavMJEDqJAkJdRa1vMA==", + "dev": true, + "requires": { + "call-bind": "^1.0.2", + "define-properties": "^1.1.3", + "es-abstract": "^1.19.0", + "functions-have-names": "^1.2.2" + } + }, "functional-red-black-tree": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/functional-red-black-tree/-/functional-red-black-tree-1.0.1.tgz", @@ -6459,9 +6651,9 @@ "dev": true }, "functions-have-names": { - "version": "1.2.2", - "resolved": "https://registry.npmjs.org/functions-have-names/-/functions-have-names-1.2.2.tgz", - "integrity": "sha512-bLgc3asbWdwPbx2mNk2S49kmJCuQeu0nfmaOgbs8WIyzzkw3r4htszdIi9Q9EMezDPTYuJx2wvjZ/EwgAthpnA==", + "version": "1.2.3", + "resolved": "https://registry.npmjs.org/functions-have-names/-/functions-have-names-1.2.3.tgz", + "integrity": "sha512-xckBUXyTIqT97tq2x2AMb+g163b5JFysYk0x4qxNFwbfQkmNZoiRHb6sPzI9/QV33WeuvVYBUIiD4NzNIyqaRQ==", "dev": true }, "get-caller-file": { @@ -6517,6 +6709,16 @@ "path-is-absolute": "^1.0.0" }, "dependencies": { + "brace-expansion": { + "version": "1.1.11", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==", + "dev": true, + "requires": { + "balanced-match": "^1.0.0", + "concat-map": "0.0.1" + } + }, "minimatch": { "version": "3.1.2", "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", @@ -6544,9 +6746,9 @@ "dev": true }, "globals": { - "version": "13.13.0", - "resolved": "https://registry.npmjs.org/globals/-/globals-13.13.0.tgz", - "integrity": "sha512-EQ7Q18AJlPwp3vUDL4mKA0KXrXyNIQyWon6T6XQiBQF0XHvRsiCSrWmmeATpUzdJN2HhWZU6Pdl0a9zdep5p6A==", + "version": "13.15.0", + "resolved": "https://registry.npmjs.org/globals/-/globals-13.15.0.tgz", + "integrity": "sha512-bpzcOlgDhMG070Av0Vy5Owklpv1I6+j96GhUI7Rh7IzDCKLzboflLrrfqMu8NquDbiR4EOQk7XzJwqVJxicxog==", "dev": true, "requires": { "type-fest": "^0.20.2" @@ -6582,9 +6784,9 @@ } }, "has-bigints": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/has-bigints/-/has-bigints-1.0.1.tgz", - "integrity": "sha512-LSBS2LjbNBTf6287JEbEzvJgftkF5qFkmCo9hDRpAzKhUOlJ+hx8dd4USs00SgsUNwc4617J9ki5YtEClM2ffA==", + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/has-bigints/-/has-bigints-1.0.2.tgz", + "integrity": "sha512-tSvCKtBr9lkF0Ex0aQiP9N+OpV4zi2r/Nee5VkRDbaqv35RLYMzbwQfFSZZH0kR+Rd6302UJZ2p/bJCEoR3VoQ==", "dev": true }, "has-flag": { @@ -6735,9 +6937,9 @@ "dev": true }, "is-core-module": { - "version": "2.8.1", - "resolved": "https://registry.npmjs.org/is-core-module/-/is-core-module-2.8.1.tgz", - "integrity": "sha512-SdNCUs284hr40hFTFP6l0IfZ/RSrMXF3qgoRHd3/79unUTvrFO/JoXwkGm+5J/Oe3E/b5GsnG330uUNgRpu1PA==", + "version": "2.9.0", + "resolved": "https://registry.npmjs.org/is-core-module/-/is-core-module-2.9.0.tgz", + "integrity": "sha512-+5FPy5PnwmO3lvfMb0AsoPaBG+5KHUI0wYFXOtYPnVVVspTFUuMZNfNaNVRt3FZadstu2c8x23vykRW/NBoU6A==", "dev": true, "requires": { "has": "^1.0.3" @@ -6939,9 +7141,9 @@ } }, "jsx-ast-utils": { - "version": "3.2.2", - "resolved": "https://registry.npmjs.org/jsx-ast-utils/-/jsx-ast-utils-3.2.2.tgz", - "integrity": "sha512-HDAyJ4MNQBboGpUnHAVUNJs6X0lh058s6FuixsFGP7MgJYpD6Vasd6nzSG5iIfXu1zAYlHJ/zsOKNlrenTUBnw==", + "version": "3.3.0", + "resolved": "https://registry.npmjs.org/jsx-ast-utils/-/jsx-ast-utils-3.3.0.tgz", + "integrity": "sha512-XzO9luP6L0xkxwhIJMTJQpZo/eeN60K08jHdexfD569AGxeNug6UketeHXEhROoM8aR7EcUoOQmIhcJQjcuq8Q==", "dev": true, "requires": { "array-includes": "^3.1.4", @@ -7006,6 +7208,12 @@ "integrity": "sha512-0KpjqXRVvrYyCsX1swR/XTK0va6VQkQM6MNo7PqW77ByjAhoARA8EfrP1N4+KlKj8YS0ZUCtRT/YUuhyYDujIQ==", "dev": true }, + "lodash.sortby": { + "version": "4.7.0", + "resolved": "https://registry.npmjs.org/lodash.sortby/-/lodash.sortby-4.7.0.tgz", + "integrity": "sha1-7dFMgk4sycHgsKG0K7UhBRakJDg=", + "dev": true + }, "lodash.truncate": { "version": "4.4.2", "resolved": "https://registry.npmjs.org/lodash.truncate/-/lodash.truncate-4.4.2.tgz", @@ -7090,17 +7298,6 @@ "dev": true, "requires": { "brace-expansion": "^2.0.1" - }, - "dependencies": { - "brace-expansion": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz", - "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==", - "dev": true, - "requires": { - "balanced-match": "^1.0.0" - } - } } }, "minimist": { @@ -7164,9 +7361,9 @@ "dev": true }, "node-releases": { - "version": "2.0.3", - "resolved": "https://registry.npmjs.org/node-releases/-/node-releases-2.0.3.tgz", - "integrity": "sha512-maHFz6OLqYxz+VQyCAtA3PTX4UP/53pa05fyDNc9CwjvJ0yEh6+xBwKsgCxMNhS8taUKBFYxfuiaD9U/55iFaw==", + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/node-releases/-/node-releases-2.0.4.tgz", + "integrity": "sha512-gbMzqQtTtDz/00jQzZ21PQzdI9PyLYqUSvD0p3naOhX4odFji0ZxYdnVwPTxmSwkmxhcFImpozceidSG+AgoPQ==", "dev": true }, "normalize-path": { @@ -7237,13 +7434,13 @@ } }, "object.hasown": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/object.hasown/-/object.hasown-1.1.0.tgz", - "integrity": "sha512-MhjYRfj3GBlhSkDHo6QmvgjRLXQ2zndabdf3nX0yTyZK9rPfxb6uRpAac8HXNLy1GpqWtZ81Qh4v3uOls2sRAg==", + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/object.hasown/-/object.hasown-1.1.1.tgz", + "integrity": "sha512-LYLe4tivNQzq4JdaWW6WO3HMZZJWzkkH8fnI6EebWl0VZth2wL2Lovm74ep2/gZzlaTdV62JZHEqHQ2yVn8Q/A==", "dev": true, "requires": { - "define-properties": "^1.1.3", - "es-abstract": "^1.19.1" + "define-properties": "^1.1.4", + "es-abstract": "^1.19.5" } }, "object.values": { @@ -7810,23 +8007,25 @@ } }, "string.prototype.trimend": { - "version": "1.0.4", - "resolved": "https://registry.npmjs.org/string.prototype.trimend/-/string.prototype.trimend-1.0.4.tgz", - "integrity": "sha512-y9xCjw1P23Awk8EvTpcyL2NIr1j7wJ39f+k6lvRnSMz+mz9CGz9NYPelDk42kOz6+ql8xjfK8oYzy3jAP5QU5A==", + "version": "1.0.5", + "resolved": "https://registry.npmjs.org/string.prototype.trimend/-/string.prototype.trimend-1.0.5.tgz", + "integrity": "sha512-I7RGvmjV4pJ7O3kdf+LXFpVfdNOxtCW/2C8f6jNiW4+PQchwxkCDzlk1/7p+Wl4bqFIZeF47qAHXLuHHWKAxog==", "dev": true, "requires": { "call-bind": "^1.0.2", - "define-properties": "^1.1.3" + "define-properties": "^1.1.4", + "es-abstract": "^1.19.5" } }, "string.prototype.trimstart": { - "version": "1.0.4", - "resolved": "https://registry.npmjs.org/string.prototype.trimstart/-/string.prototype.trimstart-1.0.4.tgz", - "integrity": "sha512-jh6e984OBfvxS50tdY2nRZnoC5/mLFKOREQfw8t5yytkoUsJRNxvI/E39qu1sD0OtWI3OC0XgKSmcWwziwYuZw==", + "version": "1.0.5", + "resolved": "https://registry.npmjs.org/string.prototype.trimstart/-/string.prototype.trimstart-1.0.5.tgz", + "integrity": "sha512-THx16TJCGlsN0o6dl2o6ncWUsdgnLRSA23rRE5pyGBw/mLr3Ej/R2LaqCtgP8VNMGZsvMWnf9ooZPyY2bHvUFg==", "dev": true, "requires": { "call-bind": "^1.0.2", - "define-properties": "^1.1.3" + "define-properties": "^1.1.4", + "es-abstract": "^1.19.5" } }, "strip-ansi": { @@ -7911,28 +8110,31 @@ "dev": true }, "terser": { - "version": "5.12.1", - "resolved": "https://registry.npmjs.org/terser/-/terser-5.12.1.tgz", - "integrity": "sha512-NXbs+7nisos5E+yXwAD+y7zrcTkMqb0dEJxIGtSKPdCBzopf7ni4odPul2aechpV7EXNvOudYOX2bb5tln1jbQ==", + "version": "5.13.1", + "resolved": "https://registry.npmjs.org/terser/-/terser-5.13.1.tgz", + "integrity": "sha512-hn4WKOfwnwbYfe48NgrQjqNOH9jzLqRcIfbYytOXCOv46LBfWr9bDS17MQqOi+BWGD0sJK3Sj5NC/gJjiojaoA==", "dev": true, "requires": { "acorn": "^8.5.0", "commander": "^2.20.0", - "source-map": "~0.7.2", + "source-map": "~0.8.0-beta.0", "source-map-support": "~0.5.20" }, "dependencies": { "acorn": { - "version": "8.7.0", - "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.7.0.tgz", - "integrity": "sha512-V/LGr1APy+PXIwKebEWrkZPwoeoF+w1jiOBUmuxuiUIaOHtob8Qc9BTrYo7VuI5fR8tqsy+buA2WFooR5olqvQ==", + "version": "8.7.1", + "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.7.1.tgz", + "integrity": "sha512-Xx54uLJQZ19lKygFXOWsscKUbsBZW0CPykPhVQdhIeIwrbPmJzqeASDInc8nKBnp/JT6igTs82qPXz069H8I/A==", "dev": true }, "source-map": { - "version": "0.7.3", - "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.7.3.tgz", - "integrity": "sha512-CkCj6giN3S+n9qrYiBTX5gystlENnRW5jZeNLHpe6aue+SrHcG5VYwujhW9s4dY31mEGsxBDrHR6oI69fTXsaQ==", - "dev": true + "version": "0.8.0-beta.0", + "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.8.0-beta.0.tgz", + "integrity": "sha512-2ymg6oRBpebeZi9UUNsgQ89bhx01TcTkmNTGnNO88imTmbSgy4nfujrgVEFKWpMTEGA11EDkTt7mqObTPdigIA==", + "dev": true, + "requires": { + "whatwg-url": "^7.0.0" + } } } }, @@ -7964,6 +8166,15 @@ "is-number": "^7.0.0" } }, + "tr46": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/tr46/-/tr46-1.0.1.tgz", + "integrity": "sha1-qLE/1r/SSJUZZ0zN5VujaTtwbQk=", + "dev": true, + "requires": { + "punycode": "^2.1.0" + } + }, "ts-loader": { "version": "9.3.0", "resolved": "https://registry.npmjs.org/ts-loader/-/ts-loader-9.3.0.tgz", @@ -8046,14 +8257,14 @@ "dev": true }, "unbox-primitive": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/unbox-primitive/-/unbox-primitive-1.0.1.tgz", - "integrity": "sha512-tZU/3NqK3dA5gpE1KtyiJUrEB0lxnGkMFHptJ7q6ewdZ8s12QrODwNbhIJStmJkd1QDXa1NRA8aF2A1zk/Ypyw==", + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/unbox-primitive/-/unbox-primitive-1.0.2.tgz", + "integrity": "sha512-61pPlCD9h51VoreyJ0BReideM3MDKMKnh6+V9L08331ipq6Q8OFXZYiqP6n/tbHx4s5I9uRhcye6BrbkizkBDw==", "dev": true, "requires": { - "function-bind": "^1.1.1", - "has-bigints": "^1.0.1", - "has-symbols": "^1.0.2", + "call-bind": "^1.0.2", + "has-bigints": "^1.0.2", + "has-symbols": "^1.0.3", "which-boxed-primitive": "^1.0.2" } }, @@ -8082,6 +8293,12 @@ "graceful-fs": "^4.1.2" } }, + "webidl-conversions": { + "version": "4.0.2", + "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-4.0.2.tgz", + "integrity": "sha512-YQ+BmxuTgd6UXZW3+ICGfyqRyHXVlD5GtQr5+qjiNW7bF0cqrzX500HVXPBOvgXb5YnzDd+h0zqyv61KUD7+Sg==", + "dev": true + }, "webpack": { "version": "5.72.1", "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.72.1.tgz", @@ -8115,9 +8332,9 @@ }, "dependencies": { "acorn": { - "version": "8.7.0", - "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.7.0.tgz", - "integrity": "sha512-V/LGr1APy+PXIwKebEWrkZPwoeoF+w1jiOBUmuxuiUIaOHtob8Qc9BTrYo7VuI5fR8tqsy+buA2WFooR5olqvQ==", + "version": "8.7.1", + "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.7.1.tgz", + "integrity": "sha512-Xx54uLJQZ19lKygFXOWsscKUbsBZW0CPykPhVQdhIeIwrbPmJzqeASDInc8nKBnp/JT6igTs82qPXz069H8I/A==", "dev": true }, "acorn-import-assertions": { @@ -8173,6 +8390,17 @@ "integrity": "sha512-/DyMEOrDgLKKIG0fmvtz+4dUX/3Ghozwgm6iPp8KRhvn+eQf9+Q7GWxVNMk3+uCPWfdXYC4ExGBckIXdFEfH1w==", "dev": true }, + "whatwg-url": { + "version": "7.1.0", + "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-7.1.0.tgz", + "integrity": "sha512-WUu7Rg1DroM7oQvGWfOiAK21n74Gg+T4elXEQYkOhtyLeWiJFoOGLXPKI/9gzIie9CtwVLm8wtw6YJdKyxSjeg==", + "dev": true, + "requires": { + "lodash.sortby": "^4.7.0", + "tr46": "^1.0.1", + "webidl-conversions": "^4.0.2" + } + }, "which": { "version": "2.0.2", "resolved": "https://registry.npmjs.org/which/-/which-2.0.2.tgz", diff --git a/package.json b/package.json index 4c3cc9341..8d7db46ce 100644 --- a/package.json +++ b/package.json @@ -40,7 +40,7 @@ "lib": "dist.node", "doc": "docs", "example": "examples", - "test": "test" + "test": "tests" }, "scripts": { "prepublish": "npm run build", diff --git a/src/models/bomRef.ts b/src/models/bomRef.ts index 23b369661..a99b4f71b 100644 --- a/src/models/bomRef.ts +++ b/src/models/bomRef.ts @@ -1,7 +1,7 @@ export class BomRef { value: string | undefined - constructor (value: string | undefined = undefined) { + constructor (value?: string) { this.value = value } diff --git a/src/serialize/BaseSerializer.ts b/src/serialize/BaseSerializer.ts new file mode 100644 index 000000000..5262fb7e1 --- /dev/null +++ b/src/serialize/BaseSerializer.ts @@ -0,0 +1,30 @@ +import { Bom, BomRef } from '../models' +import { BomRefDiscriminator } from './BomRefDiscriminator' +import { NormalizeOptions, SerializeOptions, Serializer } from './types' + +export abstract class BaseSerializer implements Serializer { + serialize (bom: Bom, options?: SerializeOptions & NormalizeOptions): string { + const bomRefDiscriminator = new BomRefDiscriminator(this.#getAllBomRefs(bom)) + bomRefDiscriminator.discriminate() + try { + return this._normalize(bom, options) + } finally { + bomRefDiscriminator.reset() + } + } + + #getAllBomRefs (bom: Bom): Iterable { + const bomRefs = new Set() + bom.components.forEach(c => bomRefs.add(c.bomRef)) + if (bom.metadata.component !== null) { + bomRefs.add(bom.metadata.component.bomRef) + } + return bomRefs.values() + } + + /** + * Normalize the {@see Bom} and serialize this result. + * @internal + */ + protected abstract _normalize (bom: Bom, options?: SerializeOptions & NormalizeOptions): string +} diff --git a/src/serialize/BomRefDiscriminator.ts b/src/serialize/BomRefDiscriminator.ts new file mode 100644 index 000000000..9f9bfd23f --- /dev/null +++ b/src/serialize/BomRefDiscriminator.ts @@ -0,0 +1,41 @@ +import { BomRef } from '../models' + +export class BomRefDiscriminator { + readonly #prefix = 'BomRef' + + readonly #originalValues: ReadonlyMap + + constructor (bomRefs: Iterable) { + this.#originalValues = new Map( + Array.from(bomRefs).map(ref => [ref, ref.value]) + ) + } + + discriminate (): void { + const knownRefValues = new Set() + this.#originalValues.forEach((_, bomRef) => { + let value = bomRef.value + if (value === undefined || knownRefValues.has(value)) { + value = this.#makeUniqueId() + bomRef.value = value + } + knownRefValues.add(value) + }) + } + + reset (): void { + this.#originalValues.forEach((value, bomRef) => { + bomRef.value = value + }) + } + + #makeUniqueId (): string { + return `${ + this.#prefix + }${ + Math.random().toString(32).substring(1) + }${ + Math.random().toString(32).substring(1) + }` + } +} diff --git a/src/serialize/JSON/index.ts b/src/serialize/JSON/index.ts index 1d5ba64ae..51edb98e3 100644 --- a/src/serialize/JSON/index.ts +++ b/src/serialize/JSON/index.ts @@ -1,7 +1,4 @@ export * as Types from './types' export * as Normalize from './normalize' -export * from './serializer' - // export * as Denormalize from './denormalize' -// export * from './deserializer' diff --git a/src/serialize/JSON/normalize.ts b/src/serialize/JSON/normalize.ts index 5e3cbe004..92b6070dd 100644 --- a/src/serialize/JSON/normalize.ts +++ b/src/serialize/JSON/normalize.ts @@ -1,11 +1,12 @@ -import { Protocol as SpecProtocol } from '../../spec' import * as Models from '../../models' +import { Protocol as Spec } from '../../spec' +import { NormalizeOptions } from '../types' import * as Types from './types' export class Factory { - readonly spec: SpecProtocol + readonly spec: Spec - constructor (spec: SpecProtocol) { + constructor (spec: Spec) { this.spec = spec } @@ -58,13 +59,6 @@ export class Factory { } } -export interface Options { - /** - * Whether to sort lists in normalization results. Sorted lists make the output reproducible. - */ - sortLists?: boolean -} - abstract class Base { protected readonly _factory: Factory @@ -72,7 +66,7 @@ abstract class Base { this._factory = factory } - abstract normalize (data: object, options: Options): object | undefined + abstract normalize (data: object, options: NormalizeOptions): object | undefined } /* eslint-disable @typescript-eslint/prefer-nullish-coalescing, @typescript-eslint/strict-boolean-expressions -- @@ -80,7 +74,7 @@ abstract class Base { */ export class BomNormalizer extends Base { - normalize (data: Models.Bom, options: Options): Types.Bom { + normalize (data: Models.Bom, options: NormalizeOptions): Types.Bom { return { // Do not set $schema here. it is part of the final serializer, not the normalizer bomFormat: 'CycloneDX', @@ -100,7 +94,7 @@ export class BomNormalizer extends Base { } export class MetadataNormalizer extends Base { - normalize (data: Models.Metadata, options: Options): Types.Metadata { + normalize (data: Models.Metadata, options: NormalizeOptions): Types.Metadata { const orgEntityNormalizer = this._factory.makeForOrganizationalEntity() return { timestamp: data.timestamp?.toISOString(), @@ -124,7 +118,7 @@ export class MetadataNormalizer extends Base { } export class ToolNormalizer extends Base { - normalize (data: Models.Tool, options: Options): Types.Tool { + normalize (data: Models.Tool, options: NormalizeOptions): Types.Tool { return { vendor: data.vendor || undefined, name: data.name || undefined, @@ -135,7 +129,7 @@ export class ToolNormalizer extends Base { } } - normalizeIter (data: Iterable, options: Options): Types.Tool[] { + normalizeIter (data: Iterable, options: NormalizeOptions): Types.Tool[] { const tools = Array.from(data) if (options.sortLists) { tools.sort(Models.ToolRepository.compareItems) @@ -145,7 +139,7 @@ export class ToolNormalizer extends Base { } export class HashNormalizer extends Base { - normalize ([algorithm, content]: Models.Hash, options: Options): Types.Hash | undefined { + normalize ([algorithm, content]: Models.Hash, options: NormalizeOptions): Types.Hash | undefined { const spec = this._factory.spec return spec.supportsHashAlgorithm(algorithm) && spec.supportsHashValue(content) ? { @@ -155,7 +149,7 @@ export class HashNormalizer extends Base { : undefined } - normalizeIter (data: Iterable, options: Options): Types.Hash[] { + normalizeIter (data: Iterable, options: NormalizeOptions): Types.Hash[] { const hashes = Array.from(data) if (options.sortLists) { hashes.sort(Models.HashRepository.compareItems) @@ -166,7 +160,7 @@ export class HashNormalizer extends Base { } export class OrganizationalContactNormalizer extends Base { - normalize (data: Models.OrganizationalContact, options: Options): Types.OrganizationalContact { + normalize (data: Models.OrganizationalContact, options: NormalizeOptions): Types.OrganizationalContact { return { name: data.name || undefined, /** email must conform to {@link https://datatracker.ietf.org/doc/html/rfc6531} */ @@ -175,7 +169,7 @@ export class OrganizationalContactNormalizer extends Base { } } - normalizeIter (data: Iterable, options: Options): Types.OrganizationalContact[] { + normalizeIter (data: Iterable, options: NormalizeOptions): Types.OrganizationalContact[] { const contacts = Array.from(data) if (options.sortLists) { contacts.sort(Models.OrganizationalContactRepository.compareItems) @@ -185,7 +179,7 @@ export class OrganizationalContactNormalizer extends Base { } export class OrganizationalEntityNormalizer extends Base { - normalize (data: Models.OrganizationalEntity, options: Options): Types.OrganizationalEntity { + normalize (data: Models.OrganizationalEntity, options: NormalizeOptions): Types.OrganizationalEntity { const r = { name: data.name || undefined, /** must comply to {@link https://datatracker.ietf.org/doc/html/rfc3987} */ @@ -204,7 +198,7 @@ export class OrganizationalEntityNormalizer extends Base { } export class ComponentNormalizer extends Base { - normalize (data: Models.Component, options: Options): Types.Component | undefined { + normalize (data: Models.Component, options: NormalizeOptions): Types.Component | undefined { return this._factory.spec.supportsComponentType(data.type) ? { type: data.type, @@ -239,7 +233,7 @@ export class ComponentNormalizer extends Base { : undefined } - normalizeIter (data: Iterable, options: Options): Types.Component[] { + normalizeIter (data: Iterable, options: NormalizeOptions): Types.Component[] { const components = Array.from(data) if (options.sortLists) { components.sort(Models.ComponentRepository.compareItems) @@ -250,7 +244,7 @@ export class ComponentNormalizer extends Base { } export class LicenseNormalizer extends Base { - normalize (data: Models.License, options: Options): Types.License { + normalize (data: Models.License, options: NormalizeOptions): Types.License { switch (true) { case data instanceof Models.NamedLicense: return this.#normalizeNamedLicense(data as Models.NamedLicense, options) @@ -263,7 +257,7 @@ export class LicenseNormalizer extends Base { } } - #normalizeNamedLicense (data: Models.NamedLicense, options: Options): Types.NamedLicense { + #normalizeNamedLicense (data: Models.NamedLicense, options: NormalizeOptions): Types.NamedLicense { return { license: { name: data.name, @@ -275,7 +269,7 @@ export class LicenseNormalizer extends Base { } } - #normalizeSpdxLicense (data: Models.SpdxLicense, options: Options): Types.SpdxLicense { + #normalizeSpdxLicense (data: Models.SpdxLicense, options: NormalizeOptions): Types.SpdxLicense { return { license: { id: data.id, @@ -293,7 +287,7 @@ export class LicenseNormalizer extends Base { } } - normalizeIter (data: Iterable, options: Options): Types.License[] { + normalizeIter (data: Iterable, options: NormalizeOptions): Types.License[] { const licenses = Array.from(data) if (options.sortLists) { licenses.sort(Models.LicenseRepository.compareItems) @@ -303,7 +297,7 @@ export class LicenseNormalizer extends Base { } export class SWIDNormalizer extends Base { - normalize (data: Models.SWID, options: Options): Types.SWID { + normalize (data: Models.SWID, options: NormalizeOptions): Types.SWID { return { tagId: data.tagId, name: data.name, @@ -319,7 +313,7 @@ export class SWIDNormalizer extends Base { } export class ExternalReferenceNormalizer extends Base { - normalize (data: Models.ExternalReference, options: Options): Types.ExternalReference | undefined { + normalize (data: Models.ExternalReference, options: NormalizeOptions): Types.ExternalReference | undefined { return this._factory.spec.supportsExternalReferenceType(data.type) ? { url: data.url.toString(), @@ -329,7 +323,7 @@ export class ExternalReferenceNormalizer extends Base { : undefined } - normalizeIter (data: Iterable, options: Options): Types.ExternalReference[] { + normalizeIter (data: Iterable, options: NormalizeOptions): Types.ExternalReference[] { const refs = Array.from(data) if (options.sortLists) { refs.sort(Models.ExternalReferenceRepository.compareItems) @@ -340,7 +334,7 @@ export class ExternalReferenceNormalizer extends Base { } export class AttachmentNormalizer extends Base { - normalize (data: Models.Attachment, options: Options): Types.Attachment { + normalize (data: Models.Attachment, options: NormalizeOptions): Types.Attachment { return { content: data.content, contentType: data.contentType || undefined, @@ -350,7 +344,7 @@ export class AttachmentNormalizer extends Base { } export class DependencyGraphNormalizer extends Base { - normalize (data: Models.Bom, options: Options): Types.Dependency[] | undefined { + normalize (data: Models.Bom, options: NormalizeOptions): Types.Dependency[] | undefined { if (!data.metadata.component?.bomRef.value) { // the graph is missing the entry point -> omit the graph return undefined @@ -379,7 +373,7 @@ export class DependencyGraphNormalizer extends Base { ref: Models.BomRef, deps: Models.BomRefRepository, allDeps: Map, - options: Options + options: NormalizeOptions ): Types.Dependency | undefined { if (!ref.value) { // no value -> cannot render diff --git a/src/serialize/JSON/serializer.ts b/src/serialize/JSON/serializer.ts deleted file mode 100644 index c7e4ac23f..000000000 --- a/src/serialize/JSON/serializer.ts +++ /dev/null @@ -1,54 +0,0 @@ -import { Bom } from '../../models' -import { Version as SpecVersion, Format, UnsupportedFormatError } from '../../spec' -import { Serializer as SerializerProtocol } from '../types' -import { Factory as NormalizerFactory, Options as NormalizerOptions } from './normalize' -import { Bom as JsonBom } from './types' - -const SchemaUrl: ReadonlyMap = new Map([ - [SpecVersion.v1dot2, 'http://cyclonedx.org/schema/bom-1.2b.schema.json'], - [SpecVersion.v1dot3, 'http://cyclonedx.org/schema/bom-1.3a.schema.json'], - [SpecVersion.v1dot4, 'http://cyclonedx.org/schema/bom-1.4.schema.json'] -]) - -export interface SerializerOptions { - /** - * Add indention in the serialization result. Indention increases readability for humans. - */ - space?: string | number -} - -export class Serializer implements SerializerProtocol { - readonly #normalizerFactory: NormalizerFactory - - /** - * @throws {UnsupportedFormatError} if spec does not support JSON format. - */ - constructor (normalizerFactory: NormalizerFactory) { - if (!normalizerFactory.spec.supportsFormat(Format.JSON)) { - throw new UnsupportedFormatError('Spec does not support JSON format.') - } - this.#normalizerFactory = normalizerFactory - } - - serialize ( - bom: Bom, - { - sortLists = false, - space = 2 - }: NormalizerOptions & SerializerOptions = {} - ): string { - // @TODO bom-refs values make unique ... - // and find a way to create consistent hash values or something. for reproducibility.... ? - // see https://github.com/CycloneDX/cyclonedx-javascript-library/issues/32 - try { - const _bom: JsonBom = { - $schema: SchemaUrl.get(this.#normalizerFactory.spec.version), - ...this.#normalizerFactory.makeForBom().normalize(bom, { sortLists }) - } - return JSON.stringify(_bom, null, space) - } finally { - // @TODO revert modified bomRefs - // see https://github.com/CycloneDX/cyclonedx-javascript-library/issues/32 - } - } -} diff --git a/src/serialize/JSON/types.ts b/src/serialize/JSON/types.ts index 3e3f5554a..fbf6389d2 100644 --- a/src/serialize/JSON/types.ts +++ b/src/serialize/JSON/types.ts @@ -3,11 +3,14 @@ import { HashContent } from '../../models' import { SpdxId } from '../../SPDX' import { CPE, Integer, UrnUuid } from '../../types' -type IriReference = string -type IdnEmail = string -type DateTime = string +// eslint-disable-next-line @typescript-eslint/no-namespace +namespace JsonSchema { + export type IriReference = string + export type IdnEmail = string + export type DateTime = string +} -type RefType = string +export type RefType = string export interface Bom { $schema?: string @@ -22,7 +25,7 @@ export interface Bom { } export interface Metadata { - timestamp?: DateTime + timestamp?: JsonSchema.DateTime tools?: Tool[] authors?: OrganizationalContact[] component?: Component @@ -41,13 +44,13 @@ export interface Tool { export interface OrganizationalContact { name?: string - email?: IdnEmail + email?: JsonSchema.IdnEmail phone?: string } export interface OrganizationalEntity { name?: string - url?: IriReference[] + url?: JsonSchema.IriReference[] contact?: OrganizationalContact[] } @@ -109,7 +112,7 @@ export interface SWID { tagVersion?: Integer patch?: boolean text?: Attachment - url?: IriReference + url?: JsonSchema.IriReference } export interface ExternalReference { diff --git a/src/serialize/JsonSerializer.ts b/src/serialize/JsonSerializer.ts new file mode 100644 index 000000000..dc680dbb8 --- /dev/null +++ b/src/serialize/JsonSerializer.ts @@ -0,0 +1,43 @@ +import { Bom } from '../models' +import { Version as SpecVersion, Format, UnsupportedFormatError } from '../spec' +import { SerializeOptions, NormalizeOptions } from './types' +import { BaseSerializer } from './BaseSerializer' +import { Factory as NormalizerFactory } from './JSON/normalize' +import { Bom as JsonBom } from './JSON/types' + +const SchemaUrl: ReadonlyMap = new Map([ + [SpecVersion.v1dot2, 'http://cyclonedx.org/schema/bom-1.2b.schema.json'], + [SpecVersion.v1dot3, 'http://cyclonedx.org/schema/bom-1.3a.schema.json'], + [SpecVersion.v1dot4, 'http://cyclonedx.org/schema/bom-1.4.schema.json'] +]) + +export class JsonSerializer extends BaseSerializer { + readonly #normalizerFactory: NormalizerFactory + + /** + * @throws {UnsupportedFormatError} if spec does not support JSON format. + */ + constructor (normalizerFactory: NormalizerFactory) { + if (!normalizerFactory.spec.supportsFormat(Format.JSON)) { + throw new UnsupportedFormatError('Spec does not support JSON format.') + } + + super() + this.#normalizerFactory = normalizerFactory + } + + /** @internal */ + protected _normalize ( + bom: Bom, + { + sortLists = false, + space = 0 + }: NormalizeOptions & SerializeOptions = {} + ): string { + const _bom: JsonBom = { + $schema: SchemaUrl.get(this.#normalizerFactory.spec.version), + ...this.#normalizerFactory.makeForBom().normalize(bom, { sortLists }) + } + return JSON.stringify(_bom, null, space) + } +} diff --git a/src/serialize/index.ts b/src/serialize/index.ts index 6248bfcf1..e21d798d7 100644 --- a/src/serialize/index.ts +++ b/src/serialize/index.ts @@ -1,2 +1,6 @@ export * from './types' +export * from './BomRefDiscriminator' +export * from './BaseSerializer' + +export * from './JsonSerializer' export * as JSON from './JSON' diff --git a/src/serialize/types.ts b/src/serialize/types.ts index a762cacdb..28849b244 100644 --- a/src/serialize/types.ts +++ b/src/serialize/types.ts @@ -1,9 +1,19 @@ import { Bom } from '../models' -export interface Serializer { - serialize: (bom: Bom) => string +export interface NormalizeOptions { + /** + * Whether to sort lists in normalization results. Sorted lists make the output reproducible. + */ + sortLists?: boolean +} + +export interface SerializeOptions { + /** + * Add indention in the serialization result. Indention increases readability for humans. + */ + space?: string | number } -export interface Deserializer { - deserialize: (bom: string) => Bom +export interface Serializer { + serialize: (bom: Bom, options?: SerializeOptions & NormalizeOptions) => string } diff --git a/test/README.md b/tests/README.md similarity index 83% rename from test/README.md rename to tests/README.md index 80f3960ad..63f8db583 100644 --- a/test/README.md +++ b/tests/README.md @@ -6,7 +6,7 @@ instead of the source(`src/`). ## write tests -Test files must follow the pattern `**.{spec,test}.{c,m}?js`, +Test files must follow the pattern `**.{spec,test}.[cm]?js`, to be picked up. ## run node tests diff --git a/test/_data/enumLoader.js b/tests/_data/enumLoader.js similarity index 100% rename from test/_data/enumLoader.js rename to tests/_data/enumLoader.js diff --git a/test/_data/serialize.js b/tests/_data/serialize.js similarity index 97% rename from test/_data/serialize.js rename to tests/_data/serialize.js index 5613f01e0..1f270c0f9 100644 --- a/test/_data/serialize.js +++ b/tests/_data/serialize.js @@ -3,12 +3,13 @@ const path = require('path') const { PackageURL } = require('packageurl-js') -// eslint-disable-next-line no-unused-vars -const { Enums, Models, Spec } = require('../../') +const { Enums, Models } = require('../../') + +/** @typedef {import('../../').Spec.Version} Version */ /** * @param {string} purpose - * @param {Spec.Version} spec + * @param {Version} spec * @param {string} format * @param {BufferEncoding} [encoding] * @returns {string} @@ -24,7 +25,7 @@ module.exports.loadSerializeResult = loadSerializeResult /** * @param {string} data * @param {string} purpose - * @param {Spec.Version} spec + * @param {Version} spec * @param {string} format */ function writeSerializeResult (data, purpose, spec, format) { @@ -87,7 +88,7 @@ function createComplexStructure () { })(new Models.OrganizationalContact())) bom.components.add((function (component) { component.bomRef.value = 'dummy-component' - component.author = "component's author" + component.author = 'component\'s author' component.cpe = 'cpe:2.3:a:microsoft:internet_explorer:8.0.6001:beta:*:*:*:*:*:*' component.copyright = '(c) acme' component.description = 'this is a test component' diff --git a/test/_data/serializeResults/complex_spec1.2.json b/tests/_data/serializeResults/complex_spec1.2.json similarity index 100% rename from test/_data/serializeResults/complex_spec1.2.json rename to tests/_data/serializeResults/complex_spec1.2.json diff --git a/test/_data/serializeResults/complex_spec1.3.json b/tests/_data/serializeResults/complex_spec1.3.json similarity index 100% rename from test/_data/serializeResults/complex_spec1.3.json rename to tests/_data/serializeResults/complex_spec1.3.json diff --git a/test/_data/serializeResults/complex_spec1.4.json b/tests/_data/serializeResults/complex_spec1.4.json similarity index 100% rename from test/_data/serializeResults/complex_spec1.4.json rename to tests/_data/serializeResults/complex_spec1.4.json diff --git a/test/_data/serializeResults/sortedLists_spec1.2.json b/tests/_data/serializeResults/sortedLists_spec1.2.json similarity index 100% rename from test/_data/serializeResults/sortedLists_spec1.2.json rename to tests/_data/serializeResults/sortedLists_spec1.2.json diff --git a/test/_data/serializeResults/sortedLists_spec1.3.json b/tests/_data/serializeResults/sortedLists_spec1.3.json similarity index 100% rename from test/_data/serializeResults/sortedLists_spec1.3.json rename to tests/_data/serializeResults/sortedLists_spec1.3.json diff --git a/test/_data/serializeResults/sortedLists_spec1.4.json b/tests/_data/serializeResults/sortedLists_spec1.4.json similarity index 100% rename from test/_data/serializeResults/sortedLists_spec1.4.json rename to tests/_data/serializeResults/sortedLists_spec1.4.json diff --git a/test/_data/spdx.js b/tests/_data/spdx.js similarity index 100% rename from test/_data/spdx.js rename to tests/_data/spdx.js diff --git a/test/functional/enums.HashAlogorithms.test.js b/tests/functional/enums.HashAlogorithms.test.js similarity index 91% rename from test/functional/enums.HashAlogorithms.test.js rename to tests/functional/enums.HashAlogorithms.test.js index 21651515d..4d0dcc54d 100644 --- a/test/functional/enums.HashAlogorithms.test.js +++ b/tests/functional/enums.HashAlogorithms.test.js @@ -3,7 +3,9 @@ const { suite, test } = require('mocha') const enumLoader = require('../_data/enumLoader') -const { HashAlgorithm } = require('../../').Enums +const { + Enums: { HashAlgorithm } +} = require('../../') suite('all values from SPEC are available', () => { const schemas = new Map([ diff --git a/test/functional/spdx.test.js b/tests/functional/spdx.test.js similarity index 100% rename from test/functional/spdx.test.js rename to tests/functional/spdx.test.js diff --git a/test/functional/spec.SpecVersionDict.test.js b/tests/functional/spec.SpecVersionDict.test.js similarity index 86% rename from test/functional/spec.SpecVersionDict.test.js rename to tests/functional/spec.SpecVersionDict.test.js index 728230e2a..2174e088b 100644 --- a/test/functional/spec.SpecVersionDict.test.js +++ b/tests/functional/spec.SpecVersionDict.test.js @@ -1,7 +1,9 @@ const assert = require('assert') const { suite, test } = require('mocha') -const { SpecVersionDict, Version } = require('../../').Spec +const { + Spec: { SpecVersionDict, Version } +} = require('../../') suite('SpecVersionDict', () => { Object.entries(SpecVersionDict).forEach(([key, spec]) => diff --git a/test/integration/serialize.JSON.test.js b/tests/integration/JsonSerializer.test.js similarity index 82% rename from test/integration/serialize.JSON.test.js rename to tests/integration/JsonSerializer.test.js index 3c1f5258a..704a3e1b5 100644 --- a/test/integration/serialize.JSON.test.js +++ b/tests/integration/JsonSerializer.test.js @@ -1,4 +1,3 @@ - const assert = require('assert') const { describe, beforeEach, afterEach, it } = require('mocha') @@ -6,16 +5,21 @@ const { createComplexStructure, loadSerializeResult } = require('../_data/serial /* uncomment next line to dump data */ // const { writeSerializeResult } = require('../_data/serialize') -const JsonSerialize = require('../../').Serialize.JSON -const { Spec } = require('../../') +const { + Serialize: { + JsonSerializer, + JSON: { Normalize: { Factory: JsonNormalizeFactory } } + }, + Spec: { Spec1dot2, Spec1dot3, Spec1dot4 } +} = require('../../') describe('JSON serialize', () => { [ - Spec.Spec1dot2, - Spec.Spec1dot3, - Spec.Spec1dot4 + Spec1dot2, + Spec1dot3, + Spec1dot4 ].forEach(spec => describe(`complex with spec v${spec.version}`, () => { - const serializer = new JsonSerialize.Serializer(new JsonSerialize.Normalize.Factory(spec)) + const serializer = new JsonSerializer(new JsonNormalizeFactory(spec)) beforeEach(function () { this.bom = createComplexStructure() diff --git a/test/unit/factories.licenseFactory.spec.js b/tests/unit/factories.licenseFactory.spec.js similarity index 88% rename from test/unit/factories.licenseFactory.spec.js rename to tests/unit/factories.licenseFactory.spec.js index 62b1be043..3d4466abc 100644 --- a/test/unit/factories.licenseFactory.spec.js +++ b/tests/unit/factories.licenseFactory.spec.js @@ -1,8 +1,10 @@ const assert = require('assert') const { suite, test } = require('mocha') -const { LicenseExpression, NamedLicense, SpdxLicense } = require('../../').Models -const { LicenseFactory } = require('../../').Factories +const { + Factories: { LicenseFactory }, + Models: { LicenseExpression, NamedLicense, SpdxLicense } +} = require('../../') suite('LicenseFactory', () => { test('makeFromString() -> LicenseExpression', () => { diff --git a/test/unit/models.bom.spec.js b/tests/unit/models.bom.spec.js similarity index 93% rename from test/unit/models.bom.spec.js rename to tests/unit/models.bom.spec.js index 3e7874cc1..a0661b6fc 100644 --- a/test/unit/models.bom.spec.js +++ b/tests/unit/models.bom.spec.js @@ -1,7 +1,9 @@ const assert = require('assert') const { suite, test } = require('mocha') -const { Bom, ComponentRepository, Metadata } = require('../../').Models +const { + Models: { Bom, ComponentRepository, Metadata } +} = require('../../') suite('BOM', () => { test('construct with empty properties', () => { diff --git a/tests/unit/serialize.BomRefDiscriminator.spec.js b/tests/unit/serialize.BomRefDiscriminator.spec.js new file mode 100644 index 000000000..2a24229b0 --- /dev/null +++ b/tests/unit/serialize.BomRefDiscriminator.spec.js @@ -0,0 +1,99 @@ +const assert = require('assert') +const { suite, test } = require('mocha') + +const { + Models: { BomRef }, + Serialize: { BomRefDiscriminator } +} = require('../../') + +suite('BomRefDiscriminator', () => { + test('does not alter BomRef.value unintended', () => { + const bomRef1 = new BomRef() + const bomRef2 = new BomRef('foo') + + assert.strictEqual(bomRef1.value, undefined) + assert.strictEqual(bomRef2.value, 'foo') + + /* eslint-disable-next-line no-unused-vars */ + const discriminator = new BomRefDiscriminator([bomRef1, bomRef2]) + + assert.strictEqual(bomRef1.value, undefined) + assert.strictEqual(bomRef2.value, 'foo') + }) + + test('does not alter BomRef.value unnecessary', () => { + const bomRef1 = new BomRef('foo') + const bomRef2 = new BomRef('foo') + + assert.strictEqual(bomRef1.value, 'foo') + assert.strictEqual(bomRef2.value, 'foo') + + /* eslint-disable-next-line no-unused-vars */ + const discriminator = new BomRefDiscriminator([bomRef1, bomRef2]) + discriminator.discriminate() + + assert.notStrictEqual(bomRef1.value, bomRef2.value) + assert.ok(bomRef1.value === 'foo' || bomRef2.value === 'foo') + }) + + test('does discriminate BomRef.value', () => { + const bomRef1 = new BomRef() + const bomRef2 = new BomRef('foo') + const bomRef3 = new BomRef() + const bomRef4 = new BomRef('foo') + + const discriminator = new BomRefDiscriminator([bomRef1, bomRef2, bomRef3, bomRef4]) + assert.strictEqual(bomRef1.value, undefined) + assert.strictEqual(bomRef2.value, 'foo') + assert.strictEqual(bomRef3.value, undefined) + assert.strictEqual(bomRef4.value, 'foo') + + discriminator.discriminate() + assert.ok(typeof bomRef1.value === 'string') + assert.ok(typeof bomRef2.value === 'string') + assert.ok(typeof bomRef3.value === 'string') + assert.ok(typeof bomRef4.value === 'string') + + assert.notStrictEqual(bomRef2.value, bomRef1.value) + assert.notStrictEqual(bomRef3.value, bomRef1.value) + assert.notStrictEqual(bomRef4.value, bomRef1.value) + + assert.notStrictEqual(bomRef1.value, bomRef2.value) + assert.notStrictEqual(bomRef3.value, bomRef2.value) + assert.notStrictEqual(bomRef4.value, bomRef2.value) + + assert.notStrictEqual(bomRef1.value, bomRef3.value) + assert.notStrictEqual(bomRef2.value, bomRef3.value) + assert.notStrictEqual(bomRef4.value, bomRef3.value) + + assert.notStrictEqual(bomRef1.value, bomRef4.value) + assert.notStrictEqual(bomRef2.value, bomRef4.value) + assert.notStrictEqual(bomRef3.value, bomRef4.value) + }) + + test('does reset BomRef.value', () => { + const bomRef1 = new BomRef() + const bomRef2 = new BomRef('foo') + const bomRef3 = new BomRef() + const bomRef4 = new BomRef('bar') + + const discriminator = new BomRefDiscriminator([bomRef1, bomRef2, bomRef3, bomRef4]) + assert.strictEqual(bomRef1.value, undefined) + assert.strictEqual(bomRef2.value, 'foo') + assert.strictEqual(bomRef3.value, undefined) + assert.strictEqual(bomRef4.value, 'bar') + + // intentional modification + bomRef1.value = bomRef2.value = bomRef3.value = bomRef4.value = 'bar' + assert.strictEqual(bomRef1.value, 'bar') + assert.strictEqual(bomRef2.value, 'bar') + assert.strictEqual(bomRef3.value, 'bar') + assert.strictEqual(bomRef4.value, 'bar') + + discriminator.reset() + assert.strictEqual(bomRef1.value, undefined) + assert.strictEqual(bomRef2.value, 'foo') + assert.strictEqual(bomRef3.value, undefined) + assert.strictEqual(bomRef4.value, 'bar') + }) +}) diff --git a/test/unit/spdx.spec.js b/tests/unit/spdx.spec.js similarity index 89% rename from test/unit/spdx.spec.js rename to tests/unit/spdx.spec.js index dc82d22da..cdf4d83e8 100644 --- a/test/unit/spdx.spec.js +++ b/tests/unit/spdx.spec.js @@ -1,7 +1,9 @@ const assert = require('assert') const { suite, test } = require('mocha') -const { fixupSpdxId, isSupportedSpdxId } = require('../../').SPDX +const { + SPDX: { fixupSpdxId, isSupportedSpdxId } +} = require('../../') suite('isSupportedSpdxId()', () => { const knownSpdxIds = Object.freeze(['MIT', 'Apache-2.0']) @@ -41,7 +43,7 @@ suite('fixupSpdxId()', () => { ) suite('miss', () => - [undefined, null, 'fooBarbaz'].forEach((value, expected) => + [undefined, null, 'fooBarbaz'].forEach((value) => test(`${value}`, () => assert.strictEqual(fixupSpdxId(value), undefined) ) From 4f36272003147f01989aaeade3751a3c38891aa2 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sun, 15 May 2022 18:36:15 +0200 Subject: [PATCH 130/233] wip Signed-off-by: Jan Kowalleck --- tests/_data/enumLoader.js | 7 ++++++- tests/_data/spdx.js | 2 +- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/tests/_data/enumLoader.js b/tests/_data/enumLoader.js index 4ffb536a0..e88cb9e2f 100644 --- a/tests/_data/enumLoader.js +++ b/tests/_data/enumLoader.js @@ -1,8 +1,13 @@ const fs = require('fs') const path = require('path') -const resPath = path.resolve(__dirname, '../../res/') +const resPath = path.resolve(__dirname, '..', '..', 'res') +/** + * @param {string} resourceFile + * @param {string} definitionName + * @return {*} + */ module.exports = (resourceFile, definitionName) => JSON.parse( fs.readFileSync( path.resolve(resPath, resourceFile) diff --git a/tests/_data/spdx.js b/tests/_data/spdx.js index aa2693d76..547064844 100644 --- a/tests/_data/spdx.js +++ b/tests/_data/spdx.js @@ -3,7 +3,7 @@ const fs = require('fs') const path = require('path') const spdxSpecEnum = JSON.parse(fs.readFileSync(path.resolve( - __dirname, '../../', 'res/spdx.SNAPSHOT.schema.json' + __dirname, '..', '..', 'res', 'spdx.SNAPSHOT.schema.json' ))).enum assert.ok(spdxSpecEnum instanceof Array) From fd02c5030ffc49bd00479da20b39dd7f076cd671 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sun, 15 May 2022 18:43:06 +0200 Subject: [PATCH 131/233] wip Signed-off-by: Jan Kowalleck --- tests/_data/serialize.js | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/_data/serialize.js b/tests/_data/serialize.js index 1f270c0f9..e7e988a75 100644 --- a/tests/_data/serialize.js +++ b/tests/_data/serialize.js @@ -42,6 +42,7 @@ module.exports.writeSerializeResult = writeSerializeResult */ function createComplexStructure () { const bom = new Models.Bom() + bom.version = 7 bom.serialNumber = 'urn:uuid:12345678-1234-1234-1234-123456789012' bom.metadata.timestamp = new Date('2001-05-23T13:37:42.000Z') From 717e0022bf90f36ccc6b5c417d19ee74d1f94389 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sun, 15 May 2022 18:45:44 +0200 Subject: [PATCH 132/233] wip Signed-off-by: Jan Kowalleck --- tests/_data/serialize.js | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/tests/_data/serialize.js b/tests/_data/serialize.js index e7e988a75..901ef6dcc 100644 --- a/tests/_data/serialize.js +++ b/tests/_data/serialize.js @@ -7,6 +7,8 @@ const { Enums, Models } = require('../../') /** @typedef {import('../../').Spec.Version} Version */ +/** @typedef {import('../../').Models.Bom} Bom */ + /** * @param {string} purpose * @param {Version} spec @@ -14,33 +16,29 @@ const { Enums, Models } = require('../../') * @param {BufferEncoding} [encoding] * @returns {string} */ -function loadSerializeResult (purpose, spec, format, encoding = 'utf-8') { +module.exports.loadSerializeResult = function (purpose, spec, format, encoding = 'utf-8') { return fs.readFileSync( path.resolve(__dirname, 'serializeResults', `${purpose}_spec${spec}.${format}`) ).toString(encoding) } -module.exports.loadSerializeResult = loadSerializeResult - /** * @param {string} data * @param {string} purpose * @param {Version} spec * @param {string} format */ -function writeSerializeResult (data, purpose, spec, format) { +module.exports.writeSerializeResult = function (data, purpose, spec, format) { return fs.writeFileSync( path.resolve(__dirname, 'serializeResults', `${purpose}_spec${spec}.${format}`), data ) } -module.exports.writeSerializeResult = writeSerializeResult - /** - * @returns {Models.Bom} + * @returns {Bom} */ -function createComplexStructure () { +module.exports.createComplexStructure = function () { const bom = new Models.Bom() bom.version = 7 @@ -166,5 +164,3 @@ function createComplexStructure () { return bom } - -module.exports.createComplexStructure = createComplexStructure From b7742958f97de510fcac698ddde6d77f4c7e17ed Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sun, 15 May 2022 19:01:42 +0200 Subject: [PATCH 133/233] wip Signed-off-by: Jan Kowalleck --- examples/node/example.cjs | 2 +- examples/node/example.mjs | 2 +- examples/web-browser.html | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/examples/node/example.cjs b/examples/node/example.cjs index 6a86ac419..a277523a0 100644 --- a/examples/node/example.cjs +++ b/examples/node/example.cjs @@ -11,7 +11,7 @@ bom.components.add( ) ) -const serializer = new cdx.Serialize.JSON.Serializer( +const serializer = new cdx.Serialize.JsonSerializer( new cdx.Serialize.JSON.Normalize.Factory( cdx.Spec.Spec1dot4)) const serialized = serializer.serialize(bom) diff --git a/examples/node/example.mjs b/examples/node/example.mjs index d3e6ea5c6..2f93d8b06 100644 --- a/examples/node/example.mjs +++ b/examples/node/example.mjs @@ -11,7 +11,7 @@ bom.components.add( ) ) -const serializer = new cdx.Serialize.JSON.Serializer( +const serializer = new cdx.Serialize.JsonSerializer( new cdx.Serialize.JSON.Normalize.Factory( cdx.Spec.Spec1dot4)) const serialized = serializer.serialize(bom) diff --git a/examples/web-browser.html b/examples/web-browser.html index b598b9c97..dd89fe827 100644 --- a/examples/web-browser.html +++ b/examples/web-browser.html @@ -19,7 +19,7 @@ ) ) - const serializer = new cdx.Serialize.JSON.Serializer( + const serializer = new cdx.Serialize.JsonSerializer( new cdx.Serialize.JSON.Normalize.Factory( cdx.Spec.Spec1dot4)) const serialized = serializer.serialize(bom) From 45296b76605953a28184d91ba5a085a44c042a80 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 21 May 2022 14:07:40 +0200 Subject: [PATCH 134/233] Bump @types/node from 17.0.33 to 17.0.35 (#37) Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 17.0.33 to 17.0.35. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) --- updated-dependencies: - dependency-name: "@types/node" dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Jan Kowalleck --- package-lock.json | 14 +++++++------- package.json | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/package-lock.json b/package-lock.json index 0ecbd1b36..bbaeb0d09 100644 --- a/package-lock.json +++ b/package-lock.json @@ -12,7 +12,7 @@ "packageurl-js": "^0.0.6" }, "devDependencies": { - "@types/node": "^17.0.33", + "@types/node": "^17.0.35", "deepmerge": "4.2.2", "mocha": "10.0.0", "ts-loader": "9.3.0", @@ -326,9 +326,9 @@ "dev": true }, "node_modules/@types/node": { - "version": "17.0.33", - "resolved": "https://registry.npmjs.org/@types/node/-/node-17.0.33.tgz", - "integrity": "sha512-miWq2m2FiQZmaHfdZNcbpp9PuXg34W5JZ5CrJ/BaS70VuhoJENBEQybeiYSaPBRNq6KQGnjfEnc/F3PN++D+XQ==", + "version": "17.0.35", + "resolved": "https://registry.npmjs.org/@types/node/-/node-17.0.35.tgz", + "integrity": "sha512-vu1SrqBjbbZ3J6vwY17jBs8Sr/BKA+/a/WtjRG+whKg1iuLFOosq872EXS0eXWILdO36DHQQeku/ZcL6hz2fpg==", "dev": true }, "node_modules/@typescript-eslint/eslint-plugin": { @@ -5193,9 +5193,9 @@ "dev": true }, "@types/node": { - "version": "17.0.33", - "resolved": "https://registry.npmjs.org/@types/node/-/node-17.0.33.tgz", - "integrity": "sha512-miWq2m2FiQZmaHfdZNcbpp9PuXg34W5JZ5CrJ/BaS70VuhoJENBEQybeiYSaPBRNq6KQGnjfEnc/F3PN++D+XQ==", + "version": "17.0.35", + "resolved": "https://registry.npmjs.org/@types/node/-/node-17.0.35.tgz", + "integrity": "sha512-vu1SrqBjbbZ3J6vwY17jBs8Sr/BKA+/a/WtjRG+whKg1iuLFOosq872EXS0eXWILdO36DHQQeku/ZcL6hz2fpg==", "dev": true }, "@typescript-eslint/eslint-plugin": { diff --git a/package.json b/package.json index 8d7db46ce..375cb3ff0 100644 --- a/package.json +++ b/package.json @@ -24,7 +24,7 @@ "packageurl-js": "^0.0.6" }, "devDependencies": { - "@types/node": "^17.0.33", + "@types/node": "^17.0.35", "deepmerge": "4.2.2", "mocha": "10.0.0", "ts-loader": "9.3.0", From 2ff090e39d8a6975c44234da3e13273cf3f8895a Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sat, 21 May 2022 19:07:24 +0200 Subject: [PATCH 135/233] Xml normalizer, string URI (#36) * wip Signed-off-by: Jan Kowalleck * wip Signed-off-by: Jan Kowalleck * wip Signed-off-by: Jan Kowalleck * wip Signed-off-by: Jan Kowalleck * wip Signed-off-by: Jan Kowalleck * wip Signed-off-by: Jan Kowalleck * wip Signed-off-by: Jan Kowalleck * wip Signed-off-by: Jan Kowalleck * wip Signed-off-by: Jan Kowalleck * wip Signed-off-by: Jan Kowalleck * wip Signed-off-by: Jan Kowalleck * wip Signed-off-by: Jan Kowalleck * wip Signed-off-by: Jan Kowalleck * wip Signed-off-by: Jan Kowalleck * wip Signed-off-by: Jan Kowalleck * wip Signed-off-by: Jan Kowalleck * wip Signed-off-by: Jan Kowalleck * wip Signed-off-by: Jan Kowalleck * wip Signed-off-by: Jan Kowalleck * wip Signed-off-by: Jan Kowalleck * wip Signed-off-by: Jan Kowalleck --- src/helpers/README.md | 3 + src/helpers/types.ts | 10 + src/index.ts | 1 + src/models/SWID.ts | 2 +- src/models/bomRef.ts | 6 +- src/models/component.ts | 5 +- src/models/externalReference.ts | 4 +- src/models/license.ts | 4 +- src/models/organizationalContact.ts | 1 - src/models/organizationalEntity.ts | 2 +- src/serialize/BaseSerializer.ts | 2 +- src/serialize/JSON/normalize.ts | 100 ++-- src/serialize/JSON/types.ts | 24 +- src/serialize/JsonSerializer.ts | 22 +- src/serialize/XML/index.ts | 4 + src/serialize/XML/normalize.ts | 550 +++++++++++++++++ src/serialize/XML/types.ts | 80 +++ src/serialize/XmlSerializer.ts | 3 + src/serialize/index.ts | 11 +- src/types/index.ts | 2 +- tests/_data/{serialize.js => normalize.js} | 12 +- .../json_complex_spec1.2.json} | 0 .../json_complex_spec1.3.json} | 0 .../json_complex_spec1.4.json} | 4 +- .../json_sortedLists_spec1.2.json} | 0 .../json_sortedLists_spec1.3.json} | 0 .../json_sortedLists_spec1.4.json} | 4 +- .../normalizeResults/xml_complex_spec1.2.json | 539 +++++++++++++++++ .../normalizeResults/xml_complex_spec1.3.json | 539 +++++++++++++++++ .../normalizeResults/xml_complex_spec1.4.json | 553 ++++++++++++++++++ .../xml_sortedLists_spec1.2.json | 539 +++++++++++++++++ .../xml_sortedLists_spec1.3.json | 539 +++++++++++++++++ .../xml_sortedLists_spec1.4.json | 553 ++++++++++++++++++ tests/integration/JsonNormalize.test.js | 61 ++ tests/integration/JsonSerializer.test.js | 58 -- tests/integration/XmlNormalize.test.js | 61 ++ 36 files changed, 4161 insertions(+), 137 deletions(-) create mode 100644 src/helpers/README.md create mode 100644 src/helpers/types.ts create mode 100644 src/serialize/XML/index.ts create mode 100644 src/serialize/XML/normalize.ts create mode 100644 src/serialize/XML/types.ts create mode 100644 src/serialize/XmlSerializer.ts rename tests/_data/{serialize.js => normalize.js} (94%) rename tests/_data/{serializeResults/complex_spec1.2.json => normalizeResults/json_complex_spec1.2.json} (100%) rename tests/_data/{serializeResults/complex_spec1.3.json => normalizeResults/json_complex_spec1.3.json} (100%) rename tests/_data/{serializeResults/complex_spec1.4.json => normalizeResults/json_complex_spec1.4.json} (98%) rename tests/_data/{serializeResults/sortedLists_spec1.2.json => normalizeResults/json_sortedLists_spec1.2.json} (100%) rename tests/_data/{serializeResults/sortedLists_spec1.3.json => normalizeResults/json_sortedLists_spec1.3.json} (100%) rename tests/_data/{serializeResults/sortedLists_spec1.4.json => normalizeResults/json_sortedLists_spec1.4.json} (98%) create mode 100644 tests/_data/normalizeResults/xml_complex_spec1.2.json create mode 100644 tests/_data/normalizeResults/xml_complex_spec1.3.json create mode 100644 tests/_data/normalizeResults/xml_complex_spec1.4.json create mode 100644 tests/_data/normalizeResults/xml_sortedLists_spec1.2.json create mode 100644 tests/_data/normalizeResults/xml_sortedLists_spec1.3.json create mode 100644 tests/_data/normalizeResults/xml_sortedLists_spec1.4.json create mode 100644 tests/integration/JsonNormalize.test.js delete mode 100644 tests/integration/JsonSerializer.test.js create mode 100644 tests/integration/XmlNormalize.test.js diff --git a/src/helpers/README.md b/src/helpers/README.md new file mode 100644 index 000000000..13851661d --- /dev/null +++ b/src/helpers/README.md @@ -0,0 +1,3 @@ +# Helpers + +these are internal helpers, that are not intended to be exported/published diff --git a/src/helpers/types.ts b/src/helpers/types.ts new file mode 100644 index 000000000..29a7213e4 --- /dev/null +++ b/src/helpers/types.ts @@ -0,0 +1,10 @@ + +export type NotUndefined = T extends undefined ? never : T + +export function isNotUndefined (value: T | undefined): value is NotUndefined { + return value !== undefined +} + +export interface Stringable { + toString: () => string +} diff --git a/src/index.ts b/src/index.ts index f83019371..f68914b05 100644 --- a/src/index.ts +++ b/src/index.ts @@ -5,3 +5,4 @@ export * as Models from './models' export * as Factories from './factories' export * as Spec from './spec' export * as Serialize from './serialize' +// do not export the helpers, they are for internal use only diff --git a/src/models/SWID.ts b/src/models/SWID.ts index d45165e49..b8a7cf56f 100644 --- a/src/models/SWID.ts +++ b/src/models/SWID.ts @@ -10,7 +10,7 @@ export class SWID { version: string | null = null patch: boolean | null = null text: Attachment | null = null - url: URL | null = null + url: URL | string | null = null constructor (tagId: string, name: string) { this.tagId = tagId diff --git a/src/models/bomRef.ts b/src/models/bomRef.ts index a99b4f71b..ebef78f77 100644 --- a/src/models/bomRef.ts +++ b/src/models/bomRef.ts @@ -6,7 +6,11 @@ export class BomRef { } compare (other: BomRef): number { - return (this.value ?? '').localeCompare(other.value ?? '') + return (this.toString()).localeCompare(other.toString()) + } + + toString (): string { + return this.value ?? '' } } diff --git a/src/models/component.ts b/src/models/component.ts index c74dda215..d916685c3 100644 --- a/src/models/component.ts +++ b/src/models/component.ts @@ -32,7 +32,6 @@ export class Component { this.name = name } - /** @see {@link https://nvd.nist.gov/products/cpe} */ #cpe: CPE | null = null get cpe (): CPE | null { return this.#cpe @@ -59,7 +58,9 @@ export class Component { compare (other: Component): number { const bomRefCompare = this.bomRef.compare(other.bomRef) - if (bomRefCompare !== 0) { return bomRefCompare } + if (bomRefCompare !== 0) { + return bomRefCompare + } if (this.purl !== null && other.purl !== null) { return this.purl.toString().localeCompare(other.purl.toString()) } diff --git a/src/models/externalReference.ts b/src/models/externalReference.ts index 3c92ad13c..7d4de7321 100644 --- a/src/models/externalReference.ts +++ b/src/models/externalReference.ts @@ -1,11 +1,11 @@ import { ExternalReferenceType } from '../enums' export class ExternalReference { - url: URL + url: URL | string type: ExternalReferenceType comment: string | null = null - constructor (url: URL, type: ExternalReferenceType) { + constructor (url: URL | string, type: ExternalReferenceType) { this.url = url this.type = type } diff --git a/src/models/license.ts b/src/models/license.ts index 0d350919d..2f3565b50 100644 --- a/src/models/license.ts +++ b/src/models/license.ts @@ -40,7 +40,7 @@ export class LicenseExpression { export class NamedLicense { name: string text: Attachment | null = null - url: URL | null = null + url: URL | string | null = null constructor (name: string) { this.name = name @@ -53,7 +53,7 @@ export class NamedLicense { export class SpdxLicense { text: Attachment | null = null - url: URL | null = null + url: URL | string | null = null /** * @throws {RangeError} if value is not supported SPDX id diff --git a/src/models/organizationalContact.ts b/src/models/organizationalContact.ts index ebcb401e5..fa76681dc 100644 --- a/src/models/organizationalContact.ts +++ b/src/models/organizationalContact.ts @@ -1,4 +1,3 @@ - export class OrganizationalContact { name: string | null = null email: string | null = null diff --git a/src/models/organizationalEntity.ts b/src/models/organizationalEntity.ts index 0f24b80e7..f682e38c0 100644 --- a/src/models/organizationalEntity.ts +++ b/src/models/organizationalEntity.ts @@ -2,6 +2,6 @@ import { OrganizationalContactRepository } from './organizationalContact' export class OrganizationalEntity { name: string | null = null - url = new Set() + url = new Set() contact = new OrganizationalContactRepository() } diff --git a/src/serialize/BaseSerializer.ts b/src/serialize/BaseSerializer.ts index 5262fb7e1..5c446809b 100644 --- a/src/serialize/BaseSerializer.ts +++ b/src/serialize/BaseSerializer.ts @@ -23,8 +23,8 @@ export abstract class BaseSerializer implements Serializer { } /** - * Normalize the {@see Bom} and serialize this result. * @internal + * @private */ protected abstract _normalize (bom: Bom, options?: SerializeOptions & NormalizeOptions): string } diff --git a/src/serialize/JSON/normalize.ts b/src/serialize/JSON/normalize.ts index 92b6070dd..d3e012bb7 100644 --- a/src/serialize/JSON/normalize.ts +++ b/src/serialize/JSON/normalize.ts @@ -1,5 +1,6 @@ +import { isNotUndefined, Stringable } from '../../helpers/types' import * as Models from '../../models' -import { Protocol as Spec } from '../../spec' +import { Protocol as Spec, Version as SpecVersion } from '../../spec' import { NormalizeOptions } from '../types' import * as Types from './types' @@ -59,7 +60,19 @@ export class Factory { } } -abstract class Base { +const schemaUrl: ReadonlyMap = new Map([ + [SpecVersion.v1dot2, 'http://cyclonedx.org/schema/bom-1.2b.schema.json'], + [SpecVersion.v1dot3, 'http://cyclonedx.org/schema/bom-1.3a.schema.json'], + [SpecVersion.v1dot4, 'http://cyclonedx.org/schema/bom-1.4.schema.json'] +]) + +interface Normalizer { + normalize: (data: object, options: NormalizeOptions) => object | undefined + + normalizeIter?: (data: Iterable, options: NormalizeOptions) => object[] +} + +abstract class Base implements Normalizer { protected readonly _factory: Factory constructor (factory: Factory) { @@ -76,7 +89,7 @@ abstract class Base { export class BomNormalizer extends Base { normalize (data: Models.Bom, options: NormalizeOptions): Types.Bom { return { - // Do not set $schema here. it is part of the final serializer, not the normalizer + $schema: schemaUrl.get(this._factory.spec.version), bomFormat: 'CycloneDX', specVersion: this._factory.spec.version, version: data.version, @@ -131,7 +144,7 @@ export class ToolNormalizer extends Base { normalizeIter (data: Iterable, options: NormalizeOptions): Types.Tool[] { const tools = Array.from(data) - if (options.sortLists) { + if (options.sortLists ?? false) { tools.sort(Models.ToolRepository.compareItems) } return tools.map(t => this.normalize(t, options)) @@ -151,11 +164,11 @@ export class HashNormalizer extends Base { normalizeIter (data: Iterable, options: NormalizeOptions): Types.Hash[] { const hashes = Array.from(data) - if (options.sortLists) { + if (options.sortLists ?? false) { hashes.sort(Models.HashRepository.compareItems) } return hashes.map(h => this.normalize(h, options)) - .filter(h => undefined !== h) as Types.Hash[] + .filter(isNotUndefined) } } @@ -163,15 +176,16 @@ export class OrganizationalContactNormalizer extends Base { normalize (data: Models.OrganizationalContact, options: NormalizeOptions): Types.OrganizationalContact { return { name: data.name || undefined, - /** email must conform to {@link https://datatracker.ietf.org/doc/html/rfc6531} */ - email: data.email || undefined, + email: Types.JsonSchema.isIdnEmail(data.email) + ? data.email + : undefined, phone: data.phone || undefined } } normalizeIter (data: Iterable, options: NormalizeOptions): Types.OrganizationalContact[] { const contacts = Array.from(data) - if (options.sortLists) { + if (options.sortLists ?? false) { contacts.sort(Models.OrganizationalContactRepository.compareItems) } return contacts.map(c => this.normalize(c, options)) @@ -180,20 +194,18 @@ export class OrganizationalContactNormalizer extends Base { export class OrganizationalEntityNormalizer extends Base { normalize (data: Models.OrganizationalEntity, options: NormalizeOptions): Types.OrganizationalEntity { - const r = { + const urls = normalizeStringableIter(data.url, options) + .filter(Types.JsonSchema.isIriReference) + return { name: data.name || undefined, /** must comply to {@link https://datatracker.ietf.org/doc/html/rfc3987} */ - url: data.url.size > 0 - ? Array.from(data.url, u => u.toString()) + url: urls.length > 0 + ? urls : undefined, contact: data.contact.size > 0 ? this._factory.makeForOrganizationalContact().normalizeIter(data.contact, options) : undefined } - if (options.sortLists && r.url) { - r.url.sort((a, b) => a.localeCompare(b)) - } - return r } } @@ -235,11 +247,11 @@ export class ComponentNormalizer extends Base { normalizeIter (data: Iterable, options: NormalizeOptions): Types.Component[] { const components = Array.from(data) - if (options.sortLists) { + if (options.sortLists ?? false) { components.sort(Models.ComponentRepository.compareItems) } return components.map(c => this.normalize(c, options)) - .filter(c => undefined !== c) as Types.Component[] + .filter(isNotUndefined) } } @@ -289,7 +301,7 @@ export class LicenseNormalizer extends Base { normalizeIter (data: Iterable, options: NormalizeOptions): Types.License[] { const licenses = Array.from(data) - if (options.sortLists) { + if (options.sortLists ?? false) { licenses.sort(Models.LicenseRepository.compareItems) } return licenses.map(c => this.normalize(c, options)) @@ -298,6 +310,7 @@ export class LicenseNormalizer extends Base { export class SWIDNormalizer extends Base { normalize (data: Models.SWID, options: NormalizeOptions): Types.SWID { + const url = data.url?.toString() return { tagId: data.tagId, name: data.name, @@ -307,7 +320,9 @@ export class SWIDNormalizer extends Base { text: data.text === null ? undefined : this._factory.makeForAttachment().normalize(data.text, options), - url: data.url?.toString() + url: Types.JsonSchema.isIriReference(url) + ? url + : undefined } } } @@ -325,11 +340,11 @@ export class ExternalReferenceNormalizer extends Base { normalizeIter (data: Iterable, options: NormalizeOptions): Types.ExternalReference[] { const refs = Array.from(data) - if (options.sortLists) { + if (options.sortLists ?? false) { refs.sort(Models.ExternalReferenceRepository.compareItems) } return refs.map(r => this.normalize(r, options)) - .filter(r => undefined !== r) as Types.ExternalReference[] + .filter(isNotUndefined) } } @@ -350,20 +365,20 @@ export class DependencyGraphNormalizer extends Base { return undefined } - const allDeps = new Map() - data.components.forEach(c => allDeps.set(c.bomRef, new Models.BomRefRepository(c.dependencies))) - allDeps.set(data.metadata.component.bomRef, data.metadata.component.dependencies) + const allRefs = new Map() + data.components.forEach(c => allRefs.set(c.bomRef, new Models.BomRefRepository(c.dependencies))) + allRefs.set(data.metadata.component.bomRef, data.metadata.component.dependencies) const normalized: Types.Dependency[] = [] - allDeps.forEach((deps, ref) => { - const dep = this.#normalizeDependency(ref, deps, allDeps, options) - if (dep) { + allRefs.forEach((deps, ref) => { + const dep = this.#normalizeDependency(ref, deps, allRefs, options) + if (isNotUndefined(dep)) { normalized.push(dep) } }) - if (options.sortLists) { - normalized.sort((a, b) => a.ref.localeCompare(b.ref)) + if (options.sortLists ?? false) { + normalized.sort(({ ref: a }, { ref: b }) => a.localeCompare(b)) } return normalized @@ -372,23 +387,22 @@ export class DependencyGraphNormalizer extends Base { #normalizeDependency ( ref: Models.BomRef, deps: Models.BomRefRepository, - allDeps: Map, + allRefs: Map, options: NormalizeOptions ): Types.Dependency | undefined { - if (!ref.value) { + const bomRef = ref.toString() + if (bomRef.length === 0) { // no value -> cannot render return undefined } - const dependsOn = Array.from(deps).filter(d => allDeps.has(d)) - .map(d => d.value).filter(v => !!v) as string[] - - if (options.sortLists) { - dependsOn.sort((a, b) => a.localeCompare(b)) - } + const dependsOn: string[] = normalizeStringableIter( + Array.from(deps).filter(d => allRefs.has(d)), + options + ).filter(d => d.length > 0) return { - ref: ref.value, + ref: bomRef, dependsOn: dependsOn.length > 0 ? dependsOn : undefined @@ -397,3 +411,11 @@ export class DependencyGraphNormalizer extends Base { } /* eslint-enable @typescript-eslint/prefer-nullish-coalescing, @typescript-eslint/strict-boolean-expressions */ + +function normalizeStringableIter (data: Iterable, options: NormalizeOptions): string[] { + const r: string[] = Array.from(data, d => d.toString()) + if (options.sortLists ?? false) { + r.sort((a, b) => a.localeCompare(b)) + } + return r +} diff --git a/src/serialize/JSON/types.ts b/src/serialize/JSON/types.ts index fbf6389d2..d02e5a354 100644 --- a/src/serialize/JSON/types.ts +++ b/src/serialize/JSON/types.ts @@ -4,9 +4,31 @@ import { SpdxId } from '../../SPDX' import { CPE, Integer, UrnUuid } from '../../types' // eslint-disable-next-line @typescript-eslint/no-namespace -namespace JsonSchema { +export namespace JsonSchema { export type IriReference = string + /** + * Test whether format is JSON::iri-reference - best-effort. + * + * @see {@link https://datatracker.ietf.org/doc/html/rfc3987} + */ + export function isIriReference (value: IriReference | any): value is IriReference { + return typeof value === 'string' && + value.length > 0 + // TODO add more validation according to spec + } + export type IdnEmail = string + /** + * Test whether format is JSON::idn-email - best-effort. + * + * @see {@link https://datatracker.ietf.org/doc/html/rfc6531} + */ + export function isIdnEmail (value: IdnEmail | any): value is IdnEmail { + return typeof value === 'string' && + value.length > 0 + // TODO add more validation according to spec + } + export type DateTime = string } diff --git a/src/serialize/JsonSerializer.ts b/src/serialize/JsonSerializer.ts index dc680dbb8..f5672305b 100644 --- a/src/serialize/JsonSerializer.ts +++ b/src/serialize/JsonSerializer.ts @@ -1,15 +1,8 @@ import { Bom } from '../models' -import { Version as SpecVersion, Format, UnsupportedFormatError } from '../spec' +import { Format, UnsupportedFormatError } from '../spec' import { SerializeOptions, NormalizeOptions } from './types' import { BaseSerializer } from './BaseSerializer' import { Factory as NormalizerFactory } from './JSON/normalize' -import { Bom as JsonBom } from './JSON/types' - -const SchemaUrl: ReadonlyMap = new Map([ - [SpecVersion.v1dot2, 'http://cyclonedx.org/schema/bom-1.2b.schema.json'], - [SpecVersion.v1dot3, 'http://cyclonedx.org/schema/bom-1.3a.schema.json'], - [SpecVersion.v1dot4, 'http://cyclonedx.org/schema/bom-1.4.schema.json'] -]) export class JsonSerializer extends BaseSerializer { readonly #normalizerFactory: NormalizerFactory @@ -26,7 +19,10 @@ export class JsonSerializer extends BaseSerializer { this.#normalizerFactory = normalizerFactory } - /** @internal */ + /** + * @internal + * @private + */ protected _normalize ( bom: Bom, { @@ -34,10 +30,8 @@ export class JsonSerializer extends BaseSerializer { space = 0 }: NormalizeOptions & SerializeOptions = {} ): string { - const _bom: JsonBom = { - $schema: SchemaUrl.get(this.#normalizerFactory.spec.version), - ...this.#normalizerFactory.makeForBom().normalize(bom, { sortLists }) - } - return JSON.stringify(_bom, null, space) + return JSON.stringify( + this.#normalizerFactory.makeForBom().normalize(bom, { sortLists }), + null, space) } } diff --git a/src/serialize/XML/index.ts b/src/serialize/XML/index.ts new file mode 100644 index 000000000..51edb98e3 --- /dev/null +++ b/src/serialize/XML/index.ts @@ -0,0 +1,4 @@ +export * as Types from './types' + +export * as Normalize from './normalize' +// export * as Denormalize from './denormalize' diff --git a/src/serialize/XML/normalize.ts b/src/serialize/XML/normalize.ts new file mode 100644 index 000000000..e9bcf62ba --- /dev/null +++ b/src/serialize/XML/normalize.ts @@ -0,0 +1,550 @@ +import { isNotUndefined, Stringable } from '../../helpers/types' +import * as Models from '../../models' +import { Protocol as Spec, Version as SpecVersion } from '../../spec' +import { NormalizeOptions } from '../types' +import * as Types from './types' + +export class Factory { + readonly spec: Spec + + constructor (spec: Spec) { + this.spec = spec + } + + makeForBom (): BomNormalizer { + return new BomNormalizer(this) + } + + makeForMetadata (): MetadataNormalizer { + return new MetadataNormalizer(this) + } + + makeForComponent (): ComponentNormalizer { + return new ComponentNormalizer(this) + } + + makeForTool (): ToolNormalizer { + return new ToolNormalizer(this) + } + + makeForOrganizationalContact (): OrganizationalContactNormalizer { + return new OrganizationalContactNormalizer(this) + } + + makeForOrganizationalEntity (): OrganizationalEntityNormalizer { + return new OrganizationalEntityNormalizer(this) + } + + makeForHash (): HashNormalizer { + return new HashNormalizer(this) + } + + makeForLicense (): LicenseNormalizer { + return new LicenseNormalizer(this) + } + + makeForSWID (): SWIDNormalizer { + return new SWIDNormalizer(this) + } + + makeForExternalReference (): ExternalReferenceNormalizer { + return new ExternalReferenceNormalizer(this) + } + + makeForAttachment (): AttachmentNormalizer { + return new AttachmentNormalizer(this) + } + + makeForDependencyGraph (): DependencyGraphNormalizer { + return new DependencyGraphNormalizer(this) + } +} + +const xmlNamespace: ReadonlyMap = new Map([ + [SpecVersion.v1dot2, 'http://cyclonedx.org/schema/bom/1.2'], + [SpecVersion.v1dot3, 'http://cyclonedx.org/schema/bom/1.3'], + [SpecVersion.v1dot4, 'http://cyclonedx.org/schema/bom/1.4'] +]) + +interface Normalizer { + normalize: (data: object, options: NormalizeOptions, elementName?: string) => object | undefined + + normalizeIter?: (data: Iterable, options: NormalizeOptions, elementName: string) => object[] +} + +abstract class Base implements Normalizer { + protected readonly _factory: Factory + + constructor (factory: Factory) { + this._factory = factory + } + + /** + * @param {*} data + * @param {NormalizeOptions} options + * @param {string} [elementName] element name. XML defines structures; the element's name is defined on usage of a structure. + */ + abstract normalize (data: object, options: NormalizeOptions, elementName?: string): object | undefined +} + +/* eslint-disable @typescript-eslint/prefer-nullish-coalescing, @typescript-eslint/strict-boolean-expressions -- + * since empty strings need to be treated as undefined/null + */ + +export class BomNormalizer extends Base { + normalize (data: Models.Bom, options: NormalizeOptions): Types.SimpleXml.Element { + const components: Types.SimpleXml.Element = { + // spec < 1.4 always requires a 'components' element + type: 'element', + name: 'components', + children: data.components.size > 0 + ? this._factory.makeForComponent().normalizeIter(data.components, options, 'component') + : undefined + } + return { + type: 'element', + name: 'bom', + attributes: { + xmlns: xmlNamespace.get(this._factory.spec.version), + version: data.version, + serialNumber: data.serialNumber ?? undefined + }, + children: [ + data.metadata + ? this._factory.makeForMetadata().normalize(data.metadata, options, 'metadata') + : undefined, + components, + this._factory.spec.supportsDependencyGraph + ? this._factory.makeForDependencyGraph().normalize(data, options, 'dependencies') + : undefined + ].filter(isNotUndefined) + } + } +} + +export class MetadataNormalizer extends Base { + normalize (data: Models.Metadata, options: NormalizeOptions, elementName: string): Types.SimpleXml.Element { + const orgEntityNormalizer = this._factory.makeForOrganizationalEntity() + const timestamp: Types.SimpleXml.Element | undefined = data.timestamp === null + ? undefined + : { + type: 'element', + name: 'timestamp', + children: data.timestamp.toISOString() + } + const tools: Types.SimpleXml.Element | undefined = data.tools.size > 0 + ? { + type: 'element', + name: 'tools', + children: this._factory.makeForTool().normalizeIter(data.tools, options, 'tool') + } + : undefined + const authors: Types.SimpleXml.Element | undefined = data.authors.size > 0 + ? { + type: 'element', + name: 'authors', + children: this._factory.makeForOrganizationalContact().normalizeIter(data.authors, options, 'author') + } + : undefined + return { + type: 'element', + name: elementName, + children: [ + timestamp, + tools, + authors, + data.component === null + ? undefined + : this._factory.makeForComponent().normalize(data.component, options, 'component'), + data.manufacture === null + ? undefined + : orgEntityNormalizer.normalize(data.manufacture, options, 'manufacture'), + data.supplier === null + ? undefined + : orgEntityNormalizer.normalize(data.supplier, options, 'supplier') + ].filter(isNotUndefined) + } + } +} + +export class ToolNormalizer extends Base { + normalize (data: Models.Tool, options: NormalizeOptions, elementName: string): Types.SimpleXml.Element { + const hashes: Types.SimpleXml.Element | undefined = data.hashes.size > 0 + ? { + type: 'element', + name: 'hashes', + children: this._factory.makeForHash().normalizeIter(data.hashes, options, 'hash') + } + : undefined + return { + type: 'element', + name: elementName, + children: [ + makeOptionalTextElement(data.vendor, 'vendor'), + makeOptionalTextElement(data.name, 'name'), + makeOptionalTextElement(data.version, 'version'), + hashes + ].filter(isNotUndefined) + } + } + + normalizeIter (data: Iterable, options: NormalizeOptions, elementName: string): Types.SimpleXml.Element[] { + const tools = Array.from(data) + if (options.sortLists) { + tools.sort(Models.ToolRepository.compareItems) + } + return tools.map(t => this.normalize(t, options, elementName)) + } +} + +export class HashNormalizer extends Base { + normalize ([algorithm, content]: Models.Hash, options: NormalizeOptions, elementName: string): Types.SimpleXml.Element | undefined { + const spec = this._factory.spec + return spec.supportsHashAlgorithm(algorithm) && spec.supportsHashValue(content) + ? { + type: 'element', + name: elementName, + attributes: { hashAlg: algorithm }, + children: content + } + : undefined + } + + normalizeIter (data: Iterable, options: NormalizeOptions, elementName: string): Types.SimpleXml.Element[] { + const hashes = Array.from(data) + if (options.sortLists ?? false) { + hashes.sort(Models.HashRepository.compareItems) + } + return hashes.map(h => this.normalize(h, options, elementName)) + .filter(isNotUndefined) + } +} + +export class OrganizationalContactNormalizer extends Base { + normalize (data: Models.OrganizationalContact, options: NormalizeOptions, elementName: string): Types.SimpleXml.Element { + return { + type: 'element', + name: elementName, + children: [ + makeOptionalTextElement(data.name, 'name'), + makeOptionalTextElement(data.email, 'email'), + makeOptionalTextElement(data.phone, 'phone') + ].filter(isNotUndefined) + } + } + + normalizeIter (data: Iterable, options: NormalizeOptions, elementName: string): Types.SimpleXml.Element[] { + const contacts = Array.from(data) + if (options.sortLists ?? false) { + contacts.sort(Models.OrganizationalContactRepository.compareItems) + } + return contacts.map(c => this.normalize(c, options, elementName)) + } +} + +export class OrganizationalEntityNormalizer extends Base { + normalize (data: Models.OrganizationalEntity, options: NormalizeOptions, elementName: string): Types.SimpleXml.Element { + return { + type: 'element', + name: elementName, + children: [ + makeOptionalTextElement(data.name, 'name'), + ...makeTextElementIter(data.url, options, 'url') + .filter(({ children: u }) => Types.XmlSchema.isAnyURI(u)), + ...this._factory.makeForOrganizationalContact().normalizeIter(data.contact, options, 'contact') + ].filter(isNotUndefined) + } + } +} + +export class ComponentNormalizer extends Base { + normalize (data: Models.Component, options: NormalizeOptions, elementName: string): Types.SimpleXml.Element | undefined { + if (!this._factory.spec.supportsComponentType(data.type)) { + return undefined + } + const supplier: Types.SimpleXml.Element | undefined = data.supplier === null + ? undefined + : this._factory.makeForOrganizationalEntity().normalize(data.supplier, options, 'supplier') + const hashes: Types.SimpleXml.Element | undefined = data.hashes.size > 0 + ? { + type: 'element', + name: 'hashes', + children: this._factory.makeForHash().normalizeIter(data.hashes, options, 'hash') + } + : undefined + const licenses: Types.SimpleXml.Element | undefined = data.licenses.size > 0 + ? { + type: 'element', + name: 'licenses', + children: this._factory.makeForLicense().normalizeIter(data.licenses, options) + } + : undefined + const swid: Types.SimpleXml.Element | undefined = data.swid === null + ? undefined + : this._factory.makeForSWID().normalize(data.swid, options, 'swid') + const extRefs: Types.SimpleXml.Element | undefined = data.externalReferences.size > 0 + ? { + type: 'element', + name: 'externalReferences', + children: this._factory.makeForExternalReference().normalizeIter(data.externalReferences, options, 'reference') + } + : undefined + return { + type: 'element', + name: elementName, + attributes: { + type: data.type, + 'bom-ref': data.bomRef.value + }, + children: [ + supplier, + makeOptionalTextElement(data.author, 'author'), + makeOptionalTextElement(data.publisher, 'publisher'), + makeOptionalTextElement(data.group, 'group'), + makeTextElement(data.name, 'name'), + makeTextElement( + // version fallback to string for spec < 1.4 + data.version ?? '', + 'version' + ), + makeOptionalTextElement(data.description, 'description'), + makeOptionalTextElement(data.scope, 'description'), + hashes, + licenses, + makeOptionalTextElement(data.copyright, 'copyright'), + makeOptionalTextElement(data.cpe, 'cpe'), + makeOptionalTextElement(data.purl, 'purl'), + swid, + extRefs + ].filter(isNotUndefined) + } + } + + normalizeIter (data: Iterable, options: NormalizeOptions, elementName: string): Types.SimpleXml.Element[] { + const components = Array.from(data) + if (options.sortLists ?? false) { + components.sort(Models.ComponentRepository.compareItems) + } + return components.map(c => this.normalize(c, options, elementName)) + .filter(isNotUndefined) + } +} + +export class LicenseNormalizer extends Base { + normalize (data: Models.License, options: NormalizeOptions): Types.SimpleXml.Element { + switch (true) { + case data instanceof Models.NamedLicense: + return this.#normalizeNamedLicense(data as Models.NamedLicense, options) + case data instanceof Models.SpdxLicense: + return this.#normalizeSpdxLicense(data as Models.SpdxLicense, options) + case data instanceof Models.LicenseExpression: + return this.#normalizeLicenseExpression(data as Models.LicenseExpression) + default: + throw new TypeError('Unexpected LicenseChoice') + } + } + + #normalizeNamedLicense (data: Models.NamedLicense, options: NormalizeOptions): Types.SimpleXml.Element { + const url = data.url?.toString() + return { + type: 'element', + name: 'license', + children: [ + makeTextElement(data.name, 'name'), + data.text === null + ? undefined + : this._factory.makeForAttachment().normalize(data.text, options, 'text'), + Types.XmlSchema.isAnyURI(url) + ? makeTextElement(url, 'url') + : undefined + ].filter(isNotUndefined) + } + } + + #normalizeSpdxLicense (data: Models.SpdxLicense, options: NormalizeOptions): Types.SimpleXml.Element { + const url = data.url?.toString() + return { + type: 'element', + name: 'license', + children: [ + makeTextElement(data.id, 'id'), + data.text === null + ? undefined + : this._factory.makeForAttachment().normalize(data.text, options, 'text'), + Types.XmlSchema.isAnyURI(url) + ? makeTextElement(url, 'url') + : undefined + ].filter(isNotUndefined) + } + } + + #normalizeLicenseExpression (data: Models.LicenseExpression): Types.SimpleXml.Element { + return makeTextElement(data.expression, 'expression') + } + + normalizeIter (data: Models.LicenseRepository, options: NormalizeOptions): Types.SimpleXml.Element[] { + const licenses = Array.from(data) + if (options.sortLists ?? false) { + licenses.sort(Models.LicenseRepository.compareItems) + } + return licenses.map(c => this.normalize(c, options)) + } +} + +export class SWIDNormalizer extends Base { + normalize (data: Models.SWID, options: NormalizeOptions, elementName: string): Types.SimpleXml.Element { + const url = data.url?.toString() + return { + type: 'element', + name: elementName, + attributes: { + tagId: data.tagId, + name: data.name, + version: data.version || undefined, + tagVersion: data.tagVersion ?? undefined, + patch: data.patch === null + ? undefined + : (data.patch ? 'true' : 'false') + }, + children: [ + data.text === null + ? undefined + : this._factory.makeForAttachment().normalize(data.text, options, 'text'), + Types.XmlSchema.isAnyURI(url) + ? makeTextElement(url, 'url') + : undefined + ].filter(isNotUndefined) + } + } +} + +export class ExternalReferenceNormalizer extends Base { + normalize (data: Models.ExternalReference, options: NormalizeOptions, elementName: string): Types.SimpleXml.Element | undefined { + const url = data.url.toString() + return this._factory.spec.supportsExternalReferenceType(data.type) && + Types.XmlSchema.isAnyURI(url) + ? { + type: 'element', + name: elementName, + attributes: { + type: data.type + }, + children: [ + makeTextElement(url, 'url'), + makeOptionalTextElement(data.comment, 'comment') + ].filter(isNotUndefined) + } + : undefined + } + + normalizeIter (data: Iterable, options: NormalizeOptions, elementName: string): Types.SimpleXml.Element[] { + const references = Array.from(data) + if (options.sortLists ?? false) { + references.sort(Models.ExternalReferenceRepository.compareItems) + } + return references.map(r => this.normalize(r, options, elementName)) + .filter(isNotUndefined) + } +} + +export class AttachmentNormalizer extends Base { + normalize (data: Models.Attachment, options: NormalizeOptions, elementName: string): Types.SimpleXml.Element { + return { + type: 'element', + name: elementName, + attributes: { + 'content-type': data.contentType || undefined, + encoding: data.encoding || undefined + }, + children: data.content + } + } +} + +export class DependencyGraphNormalizer extends Base { + normalize (data: Models.Bom, options: NormalizeOptions, elementName: string): Types.SimpleXml.Element | undefined { + if (!data.metadata.component?.bomRef.value) { + // the graph is missing the entry point -> omit the graph + return undefined + } + + const allRefs = new Map() + data.components.forEach(c => allRefs.set(c.bomRef, new Models.BomRefRepository(c.dependencies))) + allRefs.set(data.metadata.component.bomRef, data.metadata.component.dependencies) + + const normalized: Array<(Types.SimpleXml.Element & { attributes: { ref: string } })> = [] + allRefs.forEach((deps, ref) => { + const dep = this.#normalizeDependency(ref, deps, allRefs, options) + if (isNotUndefined(dep)) { + normalized.push(dep) + } + }) + + if (options.sortLists ?? false) { + normalized.sort(({ attributes: { ref: a } }, { attributes: { ref: b } }) => a.localeCompare(b)) + } + + return { + type: 'element', + name: elementName, + children: normalized + } + } + + #normalizeDependency ( + ref: Models.BomRef, + deps: Models.BomRefRepository, + allRefs: Map, + options: NormalizeOptions + ): undefined | (Types.SimpleXml.Element & { attributes: { ref: string } }) { + const bomRef = ref.toString() + if (bomRef.length === 0) { + // no value -> cannot render + return undefined + } + + const dependsOn: string[] = Array.from(deps).filter(d => allRefs.has(d)) + .map(d => d.toString()).filter(d => d.length > 0) + if (options.sortLists ?? false) { + dependsOn.sort((a, b) => a.localeCompare(b)) + } + + return { + type: 'element', + name: 'dependency', + attributes: { ref: bomRef }, + children: dependsOn.map(d => ({ + type: 'element', + name: 'dependency', + attributes: { ref: d } + })) + } + } +} + +/* eslint-enable @typescript-eslint/prefer-nullish-coalescing, @typescript-eslint/strict-boolean-expressions */ + +type StrictTextElement = Types.SimpleXml.TextElement & { children: string } + +function makeOptionalTextElement (data: null | undefined | Stringable, elementName: string): undefined | StrictTextElement { + const s = data?.toString() ?? '' + return s.length > 0 + ? makeTextElement(s, elementName) + : undefined +} + +function makeTextElement (data: Stringable, elementName: string): StrictTextElement { + return { + type: 'element', + name: elementName, + children: data.toString() + } +} + +function makeTextElementIter (data: Iterable, options: NormalizeOptions, elementName: string): StrictTextElement[] { + const r: StrictTextElement[] = Array.from(data, d => makeTextElement(d, elementName)) + if (options.sortLists ?? false) { + r.sort(({ children: a }, { children: b }) => a.localeCompare(b)) + } + return r +} diff --git a/src/serialize/XML/types.ts b/src/serialize/XML/types.ts new file mode 100644 index 000000000..58a99ab8d --- /dev/null +++ b/src/serialize/XML/types.ts @@ -0,0 +1,80 @@ +// eslint-disable-next-line @typescript-eslint/no-namespace +export namespace XmlSchema { + export type AnyURI = string + /** + * Test whether format is XML::anyURI - best-effort. + * + * @see {@link http://www.w3.org/TR/xmlschema-2/#anyURI} + * @see {@link http://www.datypic.com/sc/xsd/t-xsd_anyURI.html} + */ + export function isAnyURI (value: AnyURI | any): value is AnyURI { + return typeof value === 'string' && + value.length > 0 && + Array.from(value).filter(c => c === '#').length <= 1 + // TODO add more validation according to spec + } +} + +// eslint-disable-next-line @typescript-eslint/no-namespace +export namespace SimpleXml { + + /** + * Attribute's name. + * + * Must be alphanumeric. + * Must start with alpha. + * Must not contain whitespace characters. + */ + type attributeName = string + + /** + * Element's name. + * + * Must be alphanumeric. + * Must start with alpha. + * Must not contain whitespace characters. + */ + type elementName = string + + /** + * Textual representation. + * + * Be aware that low-/high-bytes could be represented as numbers. + * They might need to be converted on serialization. + */ + export type Text = string | number + + /** + * Unset representation. + * + * Do NOT allow null here, as it is context-aware sometimes an empty string or unset + * in a space where context is unknown. + */ + export type Unset = undefined + + /** + * Element node. + */ + export interface Element { + type: 'element' + name: elementName + attributes?: { [key: attributeName]: Text | Unset } + children?: Iterable | Text | Unset + } + + /** + * Element node with textual content + */ + export interface TextElement extends Element { + children: Text + } + + /** + * Comment node. + */ + export interface Comment { + type: 'comment' + text?: Text + } + +} diff --git a/src/serialize/XmlSerializer.ts b/src/serialize/XmlSerializer.ts new file mode 100644 index 000000000..fe13bcdac --- /dev/null +++ b/src/serialize/XmlSerializer.ts @@ -0,0 +1,3 @@ +export { + // @TODO +} diff --git a/src/serialize/index.ts b/src/serialize/index.ts index e21d798d7..fe00cdc40 100644 --- a/src/serialize/index.ts +++ b/src/serialize/index.ts @@ -1,6 +1,11 @@ -export * from './types' +export * as Types from './types' + export * from './BomRefDiscriminator' -export * from './BaseSerializer' -export * from './JsonSerializer' export * as JSON from './JSON' +export * from './JsonSerializer' + +export * as Xml from './XML' +export * from './XmlSerializer' + +// export * from './BaseSerializer' // internal use only diff --git a/src/types/index.ts b/src/types/index.ts index e637f74ee..990a90276 100644 --- a/src/types/index.ts +++ b/src/types/index.ts @@ -1,4 +1,4 @@ export * from './CPE' -export * from './mimeType' export * from './integer' +export * from './mimeType' export * from './urn' diff --git a/tests/_data/serialize.js b/tests/_data/normalize.js similarity index 94% rename from tests/_data/serialize.js rename to tests/_data/normalize.js index 901ef6dcc..68a22fa7c 100644 --- a/tests/_data/serialize.js +++ b/tests/_data/normalize.js @@ -16,9 +16,9 @@ const { Enums, Models } = require('../../') * @param {BufferEncoding} [encoding] * @returns {string} */ -module.exports.loadSerializeResult = function (purpose, spec, format, encoding = 'utf-8') { +module.exports.loadNormalizeResult = function (purpose, spec, format, encoding = 'utf-8') { return fs.readFileSync( - path.resolve(__dirname, 'serializeResults', `${purpose}_spec${spec}.${format}`) + path.resolve(__dirname, 'normalizeResults', `${purpose}_spec${spec}.${format}`) ).toString(encoding) } @@ -28,9 +28,9 @@ module.exports.loadSerializeResult = function (purpose, spec, format, encoding = * @param {Version} spec * @param {string} format */ -module.exports.writeSerializeResult = function (data, purpose, spec, format) { +module.exports.writeNormalizeResult = function (data, purpose, spec, format) { return fs.writeFileSync( - path.resolve(__dirname, 'serializeResults', `${purpose}_spec${spec}.${format}`), + path.resolve(__dirname, 'normalizeResults', `${purpose}_spec${spec}.${format}`), data ) } @@ -100,7 +100,7 @@ module.exports.createComplexStructure = function () { Enums.ExternalReferenceType.Support )) component.externalReferences.add(new Models.ExternalReference( - new URL('https://localhost/acme/releases'), + './other/file', Enums.ExternalReferenceType.ReleaseNotes // available since spec 1.4 )) component.group = 'acme' @@ -111,7 +111,7 @@ module.exports.createComplexStructure = function () { license.text = new Models.Attachment('U29tZQpsaWNlbnNlCnRleHQu') license.text.contentType = 'text/plain' license.text.encoding = Enums.AttachmentEncoding.Base64 - license.url = new URL('https://localhost/license') + license.url = 'https://localhost/license' return license })(new Models.NamedLicense('some other'))) component.licenses.add((function (license) { diff --git a/tests/_data/serializeResults/complex_spec1.2.json b/tests/_data/normalizeResults/json_complex_spec1.2.json similarity index 100% rename from tests/_data/serializeResults/complex_spec1.2.json rename to tests/_data/normalizeResults/json_complex_spec1.2.json diff --git a/tests/_data/serializeResults/complex_spec1.3.json b/tests/_data/normalizeResults/json_complex_spec1.3.json similarity index 100% rename from tests/_data/serializeResults/complex_spec1.3.json rename to tests/_data/normalizeResults/json_complex_spec1.3.json diff --git a/tests/_data/serializeResults/complex_spec1.4.json b/tests/_data/normalizeResults/json_complex_spec1.4.json similarity index 98% rename from tests/_data/serializeResults/complex_spec1.4.json rename to tests/_data/normalizeResults/json_complex_spec1.4.json index ed9f48add..62f344a3e 100644 --- a/tests/_data/serializeResults/complex_spec1.4.json +++ b/tests/_data/normalizeResults/json_complex_spec1.4.json @@ -155,7 +155,7 @@ "type": "support" }, { - "url": "https://localhost/acme/releases", + "url": "./other/file", "type": "release-notes" } ] @@ -185,4 +185,4 @@ ] } ] -} \ No newline at end of file +} diff --git a/tests/_data/serializeResults/sortedLists_spec1.2.json b/tests/_data/normalizeResults/json_sortedLists_spec1.2.json similarity index 100% rename from tests/_data/serializeResults/sortedLists_spec1.2.json rename to tests/_data/normalizeResults/json_sortedLists_spec1.2.json diff --git a/tests/_data/serializeResults/sortedLists_spec1.3.json b/tests/_data/normalizeResults/json_sortedLists_spec1.3.json similarity index 100% rename from tests/_data/serializeResults/sortedLists_spec1.3.json rename to tests/_data/normalizeResults/json_sortedLists_spec1.3.json diff --git a/tests/_data/serializeResults/sortedLists_spec1.4.json b/tests/_data/normalizeResults/json_sortedLists_spec1.4.json similarity index 98% rename from tests/_data/serializeResults/sortedLists_spec1.4.json rename to tests/_data/normalizeResults/json_sortedLists_spec1.4.json index 4b7475604..275e3b19b 100644 --- a/tests/_data/serializeResults/sortedLists_spec1.4.json +++ b/tests/_data/normalizeResults/json_sortedLists_spec1.4.json @@ -152,7 +152,7 @@ }, "externalReferences": [ { - "url": "https://localhost/acme/releases", + "url": "./other/file", "type": "release-notes" }, { @@ -185,4 +185,4 @@ ] } ] -} \ No newline at end of file +} diff --git a/tests/_data/normalizeResults/xml_complex_spec1.2.json b/tests/_data/normalizeResults/xml_complex_spec1.2.json new file mode 100644 index 000000000..daf4d9a7c --- /dev/null +++ b/tests/_data/normalizeResults/xml_complex_spec1.2.json @@ -0,0 +1,539 @@ +{ + "type": "element", + "name": "bom", + "attributes": { + "xmlns": "http://cyclonedx.org/schema/bom/1.2", + "version": 7, + "serialNumber": "urn:uuid:12345678-1234-1234-1234-123456789012" + }, + "children": [ + { + "type": "element", + "name": "metadata", + "children": [ + { + "type": "element", + "name": "timestamp", + "children": "2001-05-23T13:37:42.000Z" + }, + { + "type": "element", + "name": "tools", + "children": [ + { + "type": "element", + "name": "tool", + "children": [ + { + "type": "element", + "name": "vendor", + "children": "tool vendor" + }, + { + "type": "element", + "name": "name", + "children": "tool name" + }, + { + "type": "element", + "name": "version", + "children": "0.8.15" + }, + { + "type": "element", + "name": "hashes", + "children": [ + { + "type": "element", + "name": "hash", + "attributes": { + "hashAlg": "MD5" + }, + "children": "f32a26e2a3a8aa338cd77b6e1263c535" + }, + { + "type": "element", + "name": "hash", + "attributes": { + "hashAlg": "SHA-1" + }, + "children": "829c3804401b0727f70f73d4415e162400cbe57b" + } + ] + } + ] + }, + { + "type": "element", + "name": "tool", + "children": [ + { + "type": "element", + "name": "vendor", + "children": "tool vendor" + }, + { + "type": "element", + "name": "name", + "children": "other tool" + } + ] + } + ] + }, + { + "type": "element", + "name": "authors", + "children": [ + { + "type": "element", + "name": "author", + "children": [ + { + "type": "element", + "name": "name", + "children": "John \"the-co-author\" Doe" + } + ] + }, + { + "type": "element", + "name": "author", + "children": [ + { + "type": "element", + "name": "name", + "children": "Jane \"the-author\" Doe" + }, + { + "type": "element", + "name": "email", + "children": "cdx-authors@mailinator.com" + } + ] + } + ] + }, + { + "type": "element", + "name": "component", + "attributes": { + "type": "library", + "bom-ref": "dummy.metadata.component" + }, + "children": [ + { + "type": "element", + "name": "name", + "children": "Root Component" + }, + { + "type": "element", + "name": "version", + "children": "" + } + ] + }, + { + "type": "element", + "name": "manufacture", + "children": [ + { + "type": "element", + "name": "name", + "children": "meta manufacture" + }, + { + "type": "element", + "name": "url", + "children": "https://meta-manufacture.xmpl/" + } + ] + }, + { + "type": "element", + "name": "supplier", + "children": [ + { + "type": "element", + "name": "name", + "children": "meta supplier" + }, + { + "type": "element", + "name": "url", + "children": "https://meta-supplier.xmpl/" + }, + { + "type": "element", + "name": "contact", + "children": [ + { + "type": "element", + "name": "name", + "children": "John \"the-supplier\" Doe" + }, + { + "type": "element", + "name": "email", + "children": "cdx-suppliers@mailinator.com" + } + ] + }, + { + "type": "element", + "name": "contact", + "children": [ + { + "type": "element", + "name": "name", + "children": "Jane \"the-other-supplier\" Doe" + } + ] + } + ] + } + ] + }, + { + "type": "element", + "name": "components", + "children": [ + { + "type": "element", + "name": "component", + "attributes": { + "type": "library", + "bom-ref": "dummy-component" + }, + "children": [ + { + "type": "element", + "name": "supplier", + "children": [ + { + "type": "element", + "name": "name", + "children": "Component Supplier" + }, + { + "type": "element", + "name": "url", + "children": "https://localhost/componentSupplier-B" + }, + { + "type": "element", + "name": "url", + "children": "https://localhost/componentSupplier-A" + }, + { + "type": "element", + "name": "contact", + "children": [ + { + "type": "element", + "name": "name", + "children": "The quick brown fox" + } + ] + }, + { + "type": "element", + "name": "contact", + "children": [ + { + "type": "element", + "name": "name", + "children": "Franz" + }, + { + "type": "element", + "name": "email", + "children": "franz-aus-bayern@komplett.verwahrlosten.taxi" + }, + { + "type": "element", + "name": "phone", + "children": "555-732378879" + } + ] + } + ] + }, + { + "type": "element", + "name": "author", + "children": "component's author" + }, + { + "type": "element", + "name": "publisher", + "children": "the publisher" + }, + { + "type": "element", + "name": "group", + "children": "acme" + }, + { + "type": "element", + "name": "name", + "children": "dummy-component" + }, + { + "type": "element", + "name": "version", + "children": "1337-beta" + }, + { + "type": "element", + "name": "description", + "children": "this is a test component" + }, + { + "type": "element", + "name": "description", + "children": "required" + }, + { + "type": "element", + "name": "hashes", + "children": [ + { + "type": "element", + "name": "hash", + "attributes": { + "hashAlg": "SHA-1" + }, + "children": "e6f36746ccba42c288acf906e636bb278eaeb7e8" + }, + { + "type": "element", + "name": "hash", + "attributes": { + "hashAlg": "MD5" + }, + "children": "6bd3ac6fb35bb07c3f74d7f72451af57" + } + ] + }, + { + "type": "element", + "name": "licenses", + "children": [ + { + "type": "element", + "name": "license", + "children": [ + { + "type": "element", + "name": "name", + "children": "some other" + }, + { + "type": "element", + "name": "text", + "attributes": { + "content-type": "text/plain", + "encoding": "base64" + }, + "children": "U29tZQpsaWNlbnNlCnRleHQu" + }, + { + "type": "element", + "name": "url", + "children": "https://localhost/license" + } + ] + }, + { + "type": "element", + "name": "license", + "children": [ + { + "type": "element", + "name": "id", + "children": "MIT" + }, + { + "type": "element", + "name": "text", + "attributes": { + "content-type": "text/plain", + "encoding": "base64" + }, + "children": "TUlUIExpY2Vuc2UKLi4uClRIRSBTT0ZUV0FSRSBJUyBQUk9WSURFRCAiQVMgSVMiLi4u" + }, + { + "type": "element", + "name": "url", + "children": "https://spdx.org/licenses/MIT.html" + } + ] + }, + { + "type": "element", + "name": "expression", + "children": "(MIT or Apache-2.0)" + } + ] + }, + { + "type": "element", + "name": "copyright", + "children": "(c) acme" + }, + { + "type": "element", + "name": "cpe", + "children": "cpe:2.3:a:microsoft:internet_explorer:8.0.6001:beta:*:*:*:*:*:*" + }, + { + "type": "element", + "name": "purl", + "children": "pkg:npm/acme/dummy-component@1337-beta" + }, + { + "type": "element", + "name": "swid", + "attributes": { + "tagId": "some-tag", + "name": "dummy-component", + "version": "1337-beta", + "patch": "true" + }, + "children": [ + { + "type": "element", + "name": "text", + "attributes": { + "content-type": "some context type", + "encoding": "base64" + }, + "children": "some context" + }, + { + "type": "element", + "name": "url", + "children": "https://localhost/swid" + } + ] + }, + { + "type": "element", + "name": "externalReferences", + "children": [ + { + "type": "element", + "name": "reference", + "attributes": { + "type": "website" + }, + "children": [ + { + "type": "element", + "name": "url", + "children": "https://localhost/acme" + }, + { + "type": "element", + "name": "comment", + "children": "testing" + } + ] + }, + { + "type": "element", + "name": "reference", + "attributes": { + "type": "support" + }, + "children": [ + { + "type": "element", + "name": "url", + "children": "https://localhost/acme/support" + } + ] + } + ] + } + ] + }, + { + "type": "element", + "name": "component", + "attributes": { + "type": "library", + "bom-ref": "a-component" + }, + "children": [ + { + "type": "element", + "name": "name", + "children": "a-component" + }, + { + "type": "element", + "name": "version", + "children": "" + } + ] + } + ] + }, + { + "type": "element", + "name": "dependencies", + "children": [ + { + "type": "element", + "name": "dependency", + "attributes": { + "ref": "dummy-component" + }, + "children": [ + { + "type": "element", + "name": "dependency", + "attributes": { + "ref": "a-component" + } + } + ] + }, + { + "type": "element", + "name": "dependency", + "attributes": { + "ref": "a-component" + }, + "children": [] + }, + { + "type": "element", + "name": "dependency", + "attributes": { + "ref": "dummy.metadata.component" + }, + "children": [ + { + "type": "element", + "name": "dependency", + "attributes": { + "ref": "dummy-component" + } + }, + { + "type": "element", + "name": "dependency", + "attributes": { + "ref": "a-component" + } + } + ] + } + ] + } + ] +} diff --git a/tests/_data/normalizeResults/xml_complex_spec1.3.json b/tests/_data/normalizeResults/xml_complex_spec1.3.json new file mode 100644 index 000000000..b529e2516 --- /dev/null +++ b/tests/_data/normalizeResults/xml_complex_spec1.3.json @@ -0,0 +1,539 @@ +{ + "type": "element", + "name": "bom", + "attributes": { + "xmlns": "http://cyclonedx.org/schema/bom/1.3", + "version": 7, + "serialNumber": "urn:uuid:12345678-1234-1234-1234-123456789012" + }, + "children": [ + { + "type": "element", + "name": "metadata", + "children": [ + { + "type": "element", + "name": "timestamp", + "children": "2001-05-23T13:37:42.000Z" + }, + { + "type": "element", + "name": "tools", + "children": [ + { + "type": "element", + "name": "tool", + "children": [ + { + "type": "element", + "name": "vendor", + "children": "tool vendor" + }, + { + "type": "element", + "name": "name", + "children": "tool name" + }, + { + "type": "element", + "name": "version", + "children": "0.8.15" + }, + { + "type": "element", + "name": "hashes", + "children": [ + { + "type": "element", + "name": "hash", + "attributes": { + "hashAlg": "MD5" + }, + "children": "f32a26e2a3a8aa338cd77b6e1263c535" + }, + { + "type": "element", + "name": "hash", + "attributes": { + "hashAlg": "SHA-1" + }, + "children": "829c3804401b0727f70f73d4415e162400cbe57b" + } + ] + } + ] + }, + { + "type": "element", + "name": "tool", + "children": [ + { + "type": "element", + "name": "vendor", + "children": "tool vendor" + }, + { + "type": "element", + "name": "name", + "children": "other tool" + } + ] + } + ] + }, + { + "type": "element", + "name": "authors", + "children": [ + { + "type": "element", + "name": "author", + "children": [ + { + "type": "element", + "name": "name", + "children": "John \"the-co-author\" Doe" + } + ] + }, + { + "type": "element", + "name": "author", + "children": [ + { + "type": "element", + "name": "name", + "children": "Jane \"the-author\" Doe" + }, + { + "type": "element", + "name": "email", + "children": "cdx-authors@mailinator.com" + } + ] + } + ] + }, + { + "type": "element", + "name": "component", + "attributes": { + "type": "library", + "bom-ref": "dummy.metadata.component" + }, + "children": [ + { + "type": "element", + "name": "name", + "children": "Root Component" + }, + { + "type": "element", + "name": "version", + "children": "" + } + ] + }, + { + "type": "element", + "name": "manufacture", + "children": [ + { + "type": "element", + "name": "name", + "children": "meta manufacture" + }, + { + "type": "element", + "name": "url", + "children": "https://meta-manufacture.xmpl/" + } + ] + }, + { + "type": "element", + "name": "supplier", + "children": [ + { + "type": "element", + "name": "name", + "children": "meta supplier" + }, + { + "type": "element", + "name": "url", + "children": "https://meta-supplier.xmpl/" + }, + { + "type": "element", + "name": "contact", + "children": [ + { + "type": "element", + "name": "name", + "children": "John \"the-supplier\" Doe" + }, + { + "type": "element", + "name": "email", + "children": "cdx-suppliers@mailinator.com" + } + ] + }, + { + "type": "element", + "name": "contact", + "children": [ + { + "type": "element", + "name": "name", + "children": "Jane \"the-other-supplier\" Doe" + } + ] + } + ] + } + ] + }, + { + "type": "element", + "name": "components", + "children": [ + { + "type": "element", + "name": "component", + "attributes": { + "type": "library", + "bom-ref": "dummy-component" + }, + "children": [ + { + "type": "element", + "name": "supplier", + "children": [ + { + "type": "element", + "name": "name", + "children": "Component Supplier" + }, + { + "type": "element", + "name": "url", + "children": "https://localhost/componentSupplier-B" + }, + { + "type": "element", + "name": "url", + "children": "https://localhost/componentSupplier-A" + }, + { + "type": "element", + "name": "contact", + "children": [ + { + "type": "element", + "name": "name", + "children": "The quick brown fox" + } + ] + }, + { + "type": "element", + "name": "contact", + "children": [ + { + "type": "element", + "name": "name", + "children": "Franz" + }, + { + "type": "element", + "name": "email", + "children": "franz-aus-bayern@komplett.verwahrlosten.taxi" + }, + { + "type": "element", + "name": "phone", + "children": "555-732378879" + } + ] + } + ] + }, + { + "type": "element", + "name": "author", + "children": "component's author" + }, + { + "type": "element", + "name": "publisher", + "children": "the publisher" + }, + { + "type": "element", + "name": "group", + "children": "acme" + }, + { + "type": "element", + "name": "name", + "children": "dummy-component" + }, + { + "type": "element", + "name": "version", + "children": "1337-beta" + }, + { + "type": "element", + "name": "description", + "children": "this is a test component" + }, + { + "type": "element", + "name": "description", + "children": "required" + }, + { + "type": "element", + "name": "hashes", + "children": [ + { + "type": "element", + "name": "hash", + "attributes": { + "hashAlg": "SHA-1" + }, + "children": "e6f36746ccba42c288acf906e636bb278eaeb7e8" + }, + { + "type": "element", + "name": "hash", + "attributes": { + "hashAlg": "MD5" + }, + "children": "6bd3ac6fb35bb07c3f74d7f72451af57" + } + ] + }, + { + "type": "element", + "name": "licenses", + "children": [ + { + "type": "element", + "name": "license", + "children": [ + { + "type": "element", + "name": "name", + "children": "some other" + }, + { + "type": "element", + "name": "text", + "attributes": { + "content-type": "text/plain", + "encoding": "base64" + }, + "children": "U29tZQpsaWNlbnNlCnRleHQu" + }, + { + "type": "element", + "name": "url", + "children": "https://localhost/license" + } + ] + }, + { + "type": "element", + "name": "license", + "children": [ + { + "type": "element", + "name": "id", + "children": "MIT" + }, + { + "type": "element", + "name": "text", + "attributes": { + "content-type": "text/plain", + "encoding": "base64" + }, + "children": "TUlUIExpY2Vuc2UKLi4uClRIRSBTT0ZUV0FSRSBJUyBQUk9WSURFRCAiQVMgSVMiLi4u" + }, + { + "type": "element", + "name": "url", + "children": "https://spdx.org/licenses/MIT.html" + } + ] + }, + { + "type": "element", + "name": "expression", + "children": "(MIT or Apache-2.0)" + } + ] + }, + { + "type": "element", + "name": "copyright", + "children": "(c) acme" + }, + { + "type": "element", + "name": "cpe", + "children": "cpe:2.3:a:microsoft:internet_explorer:8.0.6001:beta:*:*:*:*:*:*" + }, + { + "type": "element", + "name": "purl", + "children": "pkg:npm/acme/dummy-component@1337-beta" + }, + { + "type": "element", + "name": "swid", + "attributes": { + "tagId": "some-tag", + "name": "dummy-component", + "version": "1337-beta", + "patch": "true" + }, + "children": [ + { + "type": "element", + "name": "text", + "attributes": { + "content-type": "some context type", + "encoding": "base64" + }, + "children": "some context" + }, + { + "type": "element", + "name": "url", + "children": "https://localhost/swid" + } + ] + }, + { + "type": "element", + "name": "externalReferences", + "children": [ + { + "type": "element", + "name": "reference", + "attributes": { + "type": "website" + }, + "children": [ + { + "type": "element", + "name": "url", + "children": "https://localhost/acme" + }, + { + "type": "element", + "name": "comment", + "children": "testing" + } + ] + }, + { + "type": "element", + "name": "reference", + "attributes": { + "type": "support" + }, + "children": [ + { + "type": "element", + "name": "url", + "children": "https://localhost/acme/support" + } + ] + } + ] + } + ] + }, + { + "type": "element", + "name": "component", + "attributes": { + "type": "library", + "bom-ref": "a-component" + }, + "children": [ + { + "type": "element", + "name": "name", + "children": "a-component" + }, + { + "type": "element", + "name": "version", + "children": "" + } + ] + } + ] + }, + { + "type": "element", + "name": "dependencies", + "children": [ + { + "type": "element", + "name": "dependency", + "attributes": { + "ref": "dummy-component" + }, + "children": [ + { + "type": "element", + "name": "dependency", + "attributes": { + "ref": "a-component" + } + } + ] + }, + { + "type": "element", + "name": "dependency", + "attributes": { + "ref": "a-component" + }, + "children": [] + }, + { + "type": "element", + "name": "dependency", + "attributes": { + "ref": "dummy.metadata.component" + }, + "children": [ + { + "type": "element", + "name": "dependency", + "attributes": { + "ref": "dummy-component" + } + }, + { + "type": "element", + "name": "dependency", + "attributes": { + "ref": "a-component" + } + } + ] + } + ] + } + ] +} diff --git a/tests/_data/normalizeResults/xml_complex_spec1.4.json b/tests/_data/normalizeResults/xml_complex_spec1.4.json new file mode 100644 index 000000000..0ba7c41e6 --- /dev/null +++ b/tests/_data/normalizeResults/xml_complex_spec1.4.json @@ -0,0 +1,553 @@ +{ + "type": "element", + "name": "bom", + "attributes": { + "xmlns": "http://cyclonedx.org/schema/bom/1.4", + "version": 7, + "serialNumber": "urn:uuid:12345678-1234-1234-1234-123456789012" + }, + "children": [ + { + "type": "element", + "name": "metadata", + "children": [ + { + "type": "element", + "name": "timestamp", + "children": "2001-05-23T13:37:42.000Z" + }, + { + "type": "element", + "name": "tools", + "children": [ + { + "type": "element", + "name": "tool", + "children": [ + { + "type": "element", + "name": "vendor", + "children": "tool vendor" + }, + { + "type": "element", + "name": "name", + "children": "tool name" + }, + { + "type": "element", + "name": "version", + "children": "0.8.15" + }, + { + "type": "element", + "name": "hashes", + "children": [ + { + "type": "element", + "name": "hash", + "attributes": { + "hashAlg": "MD5" + }, + "children": "f32a26e2a3a8aa338cd77b6e1263c535" + }, + { + "type": "element", + "name": "hash", + "attributes": { + "hashAlg": "SHA-1" + }, + "children": "829c3804401b0727f70f73d4415e162400cbe57b" + } + ] + } + ] + }, + { + "type": "element", + "name": "tool", + "children": [ + { + "type": "element", + "name": "vendor", + "children": "tool vendor" + }, + { + "type": "element", + "name": "name", + "children": "other tool" + } + ] + } + ] + }, + { + "type": "element", + "name": "authors", + "children": [ + { + "type": "element", + "name": "author", + "children": [ + { + "type": "element", + "name": "name", + "children": "John \"the-co-author\" Doe" + } + ] + }, + { + "type": "element", + "name": "author", + "children": [ + { + "type": "element", + "name": "name", + "children": "Jane \"the-author\" Doe" + }, + { + "type": "element", + "name": "email", + "children": "cdx-authors@mailinator.com" + } + ] + } + ] + }, + { + "type": "element", + "name": "component", + "attributes": { + "type": "library", + "bom-ref": "dummy.metadata.component" + }, + "children": [ + { + "type": "element", + "name": "name", + "children": "Root Component" + }, + { + "type": "element", + "name": "version", + "children": "" + } + ] + }, + { + "type": "element", + "name": "manufacture", + "children": [ + { + "type": "element", + "name": "name", + "children": "meta manufacture" + }, + { + "type": "element", + "name": "url", + "children": "https://meta-manufacture.xmpl/" + } + ] + }, + { + "type": "element", + "name": "supplier", + "children": [ + { + "type": "element", + "name": "name", + "children": "meta supplier" + }, + { + "type": "element", + "name": "url", + "children": "https://meta-supplier.xmpl/" + }, + { + "type": "element", + "name": "contact", + "children": [ + { + "type": "element", + "name": "name", + "children": "John \"the-supplier\" Doe" + }, + { + "type": "element", + "name": "email", + "children": "cdx-suppliers@mailinator.com" + } + ] + }, + { + "type": "element", + "name": "contact", + "children": [ + { + "type": "element", + "name": "name", + "children": "Jane \"the-other-supplier\" Doe" + } + ] + } + ] + } + ] + }, + { + "type": "element", + "name": "components", + "children": [ + { + "type": "element", + "name": "component", + "attributes": { + "type": "library", + "bom-ref": "dummy-component" + }, + "children": [ + { + "type": "element", + "name": "supplier", + "children": [ + { + "type": "element", + "name": "name", + "children": "Component Supplier" + }, + { + "type": "element", + "name": "url", + "children": "https://localhost/componentSupplier-B" + }, + { + "type": "element", + "name": "url", + "children": "https://localhost/componentSupplier-A" + }, + { + "type": "element", + "name": "contact", + "children": [ + { + "type": "element", + "name": "name", + "children": "The quick brown fox" + } + ] + }, + { + "type": "element", + "name": "contact", + "children": [ + { + "type": "element", + "name": "name", + "children": "Franz" + }, + { + "type": "element", + "name": "email", + "children": "franz-aus-bayern@komplett.verwahrlosten.taxi" + }, + { + "type": "element", + "name": "phone", + "children": "555-732378879" + } + ] + } + ] + }, + { + "type": "element", + "name": "author", + "children": "component's author" + }, + { + "type": "element", + "name": "publisher", + "children": "the publisher" + }, + { + "type": "element", + "name": "group", + "children": "acme" + }, + { + "type": "element", + "name": "name", + "children": "dummy-component" + }, + { + "type": "element", + "name": "version", + "children": "1337-beta" + }, + { + "type": "element", + "name": "description", + "children": "this is a test component" + }, + { + "type": "element", + "name": "description", + "children": "required" + }, + { + "type": "element", + "name": "hashes", + "children": [ + { + "type": "element", + "name": "hash", + "attributes": { + "hashAlg": "SHA-1" + }, + "children": "e6f36746ccba42c288acf906e636bb278eaeb7e8" + }, + { + "type": "element", + "name": "hash", + "attributes": { + "hashAlg": "MD5" + }, + "children": "6bd3ac6fb35bb07c3f74d7f72451af57" + } + ] + }, + { + "type": "element", + "name": "licenses", + "children": [ + { + "type": "element", + "name": "license", + "children": [ + { + "type": "element", + "name": "name", + "children": "some other" + }, + { + "type": "element", + "name": "text", + "attributes": { + "content-type": "text/plain", + "encoding": "base64" + }, + "children": "U29tZQpsaWNlbnNlCnRleHQu" + }, + { + "type": "element", + "name": "url", + "children": "https://localhost/license" + } + ] + }, + { + "type": "element", + "name": "license", + "children": [ + { + "type": "element", + "name": "id", + "children": "MIT" + }, + { + "type": "element", + "name": "text", + "attributes": { + "content-type": "text/plain", + "encoding": "base64" + }, + "children": "TUlUIExpY2Vuc2UKLi4uClRIRSBTT0ZUV0FSRSBJUyBQUk9WSURFRCAiQVMgSVMiLi4u" + }, + { + "type": "element", + "name": "url", + "children": "https://spdx.org/licenses/MIT.html" + } + ] + }, + { + "type": "element", + "name": "expression", + "children": "(MIT or Apache-2.0)" + } + ] + }, + { + "type": "element", + "name": "copyright", + "children": "(c) acme" + }, + { + "type": "element", + "name": "cpe", + "children": "cpe:2.3:a:microsoft:internet_explorer:8.0.6001:beta:*:*:*:*:*:*" + }, + { + "type": "element", + "name": "purl", + "children": "pkg:npm/acme/dummy-component@1337-beta" + }, + { + "type": "element", + "name": "swid", + "attributes": { + "tagId": "some-tag", + "name": "dummy-component", + "version": "1337-beta", + "patch": "true" + }, + "children": [ + { + "type": "element", + "name": "text", + "attributes": { + "content-type": "some context type", + "encoding": "base64" + }, + "children": "some context" + }, + { + "type": "element", + "name": "url", + "children": "https://localhost/swid" + } + ] + }, + { + "type": "element", + "name": "externalReferences", + "children": [ + { + "type": "element", + "name": "reference", + "attributes": { + "type": "website" + }, + "children": [ + { + "type": "element", + "name": "url", + "children": "https://localhost/acme" + }, + { + "type": "element", + "name": "comment", + "children": "testing" + } + ] + }, + { + "type": "element", + "name": "reference", + "attributes": { + "type": "support" + }, + "children": [ + { + "type": "element", + "name": "url", + "children": "https://localhost/acme/support" + } + ] + }, + { + "type": "element", + "name": "reference", + "attributes": { + "type": "release-notes" + }, + "children": [ + { + "type": "element", + "name": "url", + "children": "./other/file" + } + ] + } + ] + } + ] + }, + { + "type": "element", + "name": "component", + "attributes": { + "type": "library", + "bom-ref": "a-component" + }, + "children": [ + { + "type": "element", + "name": "name", + "children": "a-component" + }, + { + "type": "element", + "name": "version", + "children": "" + } + ] + } + ] + }, + { + "type": "element", + "name": "dependencies", + "children": [ + { + "type": "element", + "name": "dependency", + "attributes": { + "ref": "dummy-component" + }, + "children": [ + { + "type": "element", + "name": "dependency", + "attributes": { + "ref": "a-component" + } + } + ] + }, + { + "type": "element", + "name": "dependency", + "attributes": { + "ref": "a-component" + }, + "children": [] + }, + { + "type": "element", + "name": "dependency", + "attributes": { + "ref": "dummy.metadata.component" + }, + "children": [ + { + "type": "element", + "name": "dependency", + "attributes": { + "ref": "dummy-component" + } + }, + { + "type": "element", + "name": "dependency", + "attributes": { + "ref": "a-component" + } + } + ] + } + ] + } + ] +} diff --git a/tests/_data/normalizeResults/xml_sortedLists_spec1.2.json b/tests/_data/normalizeResults/xml_sortedLists_spec1.2.json new file mode 100644 index 000000000..cd748aad5 --- /dev/null +++ b/tests/_data/normalizeResults/xml_sortedLists_spec1.2.json @@ -0,0 +1,539 @@ +{ + "type": "element", + "name": "bom", + "attributes": { + "xmlns": "http://cyclonedx.org/schema/bom/1.2", + "version": 7, + "serialNumber": "urn:uuid:12345678-1234-1234-1234-123456789012" + }, + "children": [ + { + "type": "element", + "name": "metadata", + "children": [ + { + "type": "element", + "name": "timestamp", + "children": "2001-05-23T13:37:42.000Z" + }, + { + "type": "element", + "name": "tools", + "children": [ + { + "type": "element", + "name": "tool", + "children": [ + { + "type": "element", + "name": "vendor", + "children": "tool vendor" + }, + { + "type": "element", + "name": "name", + "children": "other tool" + } + ] + }, + { + "type": "element", + "name": "tool", + "children": [ + { + "type": "element", + "name": "vendor", + "children": "tool vendor" + }, + { + "type": "element", + "name": "name", + "children": "tool name" + }, + { + "type": "element", + "name": "version", + "children": "0.8.15" + }, + { + "type": "element", + "name": "hashes", + "children": [ + { + "type": "element", + "name": "hash", + "attributes": { + "hashAlg": "MD5" + }, + "children": "f32a26e2a3a8aa338cd77b6e1263c535" + }, + { + "type": "element", + "name": "hash", + "attributes": { + "hashAlg": "SHA-1" + }, + "children": "829c3804401b0727f70f73d4415e162400cbe57b" + } + ] + } + ] + } + ] + }, + { + "type": "element", + "name": "authors", + "children": [ + { + "type": "element", + "name": "author", + "children": [ + { + "type": "element", + "name": "name", + "children": "Jane \"the-author\" Doe" + }, + { + "type": "element", + "name": "email", + "children": "cdx-authors@mailinator.com" + } + ] + }, + { + "type": "element", + "name": "author", + "children": [ + { + "type": "element", + "name": "name", + "children": "John \"the-co-author\" Doe" + } + ] + } + ] + }, + { + "type": "element", + "name": "component", + "attributes": { + "type": "library", + "bom-ref": "dummy.metadata.component" + }, + "children": [ + { + "type": "element", + "name": "name", + "children": "Root Component" + }, + { + "type": "element", + "name": "version", + "children": "" + } + ] + }, + { + "type": "element", + "name": "manufacture", + "children": [ + { + "type": "element", + "name": "name", + "children": "meta manufacture" + }, + { + "type": "element", + "name": "url", + "children": "https://meta-manufacture.xmpl/" + } + ] + }, + { + "type": "element", + "name": "supplier", + "children": [ + { + "type": "element", + "name": "name", + "children": "meta supplier" + }, + { + "type": "element", + "name": "url", + "children": "https://meta-supplier.xmpl/" + }, + { + "type": "element", + "name": "contact", + "children": [ + { + "type": "element", + "name": "name", + "children": "Jane \"the-other-supplier\" Doe" + } + ] + }, + { + "type": "element", + "name": "contact", + "children": [ + { + "type": "element", + "name": "name", + "children": "John \"the-supplier\" Doe" + }, + { + "type": "element", + "name": "email", + "children": "cdx-suppliers@mailinator.com" + } + ] + } + ] + } + ] + }, + { + "type": "element", + "name": "components", + "children": [ + { + "type": "element", + "name": "component", + "attributes": { + "type": "library", + "bom-ref": "a-component" + }, + "children": [ + { + "type": "element", + "name": "name", + "children": "a-component" + }, + { + "type": "element", + "name": "version", + "children": "" + } + ] + }, + { + "type": "element", + "name": "component", + "attributes": { + "type": "library", + "bom-ref": "dummy-component" + }, + "children": [ + { + "type": "element", + "name": "supplier", + "children": [ + { + "type": "element", + "name": "name", + "children": "Component Supplier" + }, + { + "type": "element", + "name": "url", + "children": "https://localhost/componentSupplier-A" + }, + { + "type": "element", + "name": "url", + "children": "https://localhost/componentSupplier-B" + }, + { + "type": "element", + "name": "contact", + "children": [ + { + "type": "element", + "name": "name", + "children": "Franz" + }, + { + "type": "element", + "name": "email", + "children": "franz-aus-bayern@komplett.verwahrlosten.taxi" + }, + { + "type": "element", + "name": "phone", + "children": "555-732378879" + } + ] + }, + { + "type": "element", + "name": "contact", + "children": [ + { + "type": "element", + "name": "name", + "children": "The quick brown fox" + } + ] + } + ] + }, + { + "type": "element", + "name": "author", + "children": "component's author" + }, + { + "type": "element", + "name": "publisher", + "children": "the publisher" + }, + { + "type": "element", + "name": "group", + "children": "acme" + }, + { + "type": "element", + "name": "name", + "children": "dummy-component" + }, + { + "type": "element", + "name": "version", + "children": "1337-beta" + }, + { + "type": "element", + "name": "description", + "children": "this is a test component" + }, + { + "type": "element", + "name": "description", + "children": "required" + }, + { + "type": "element", + "name": "hashes", + "children": [ + { + "type": "element", + "name": "hash", + "attributes": { + "hashAlg": "MD5" + }, + "children": "6bd3ac6fb35bb07c3f74d7f72451af57" + }, + { + "type": "element", + "name": "hash", + "attributes": { + "hashAlg": "SHA-1" + }, + "children": "e6f36746ccba42c288acf906e636bb278eaeb7e8" + } + ] + }, + { + "type": "element", + "name": "licenses", + "children": [ + { + "type": "element", + "name": "expression", + "children": "(MIT or Apache-2.0)" + }, + { + "type": "element", + "name": "license", + "children": [ + { + "type": "element", + "name": "name", + "children": "some other" + }, + { + "type": "element", + "name": "text", + "attributes": { + "content-type": "text/plain", + "encoding": "base64" + }, + "children": "U29tZQpsaWNlbnNlCnRleHQu" + }, + { + "type": "element", + "name": "url", + "children": "https://localhost/license" + } + ] + }, + { + "type": "element", + "name": "license", + "children": [ + { + "type": "element", + "name": "id", + "children": "MIT" + }, + { + "type": "element", + "name": "text", + "attributes": { + "content-type": "text/plain", + "encoding": "base64" + }, + "children": "TUlUIExpY2Vuc2UKLi4uClRIRSBTT0ZUV0FSRSBJUyBQUk9WSURFRCAiQVMgSVMiLi4u" + }, + { + "type": "element", + "name": "url", + "children": "https://spdx.org/licenses/MIT.html" + } + ] + } + ] + }, + { + "type": "element", + "name": "copyright", + "children": "(c) acme" + }, + { + "type": "element", + "name": "cpe", + "children": "cpe:2.3:a:microsoft:internet_explorer:8.0.6001:beta:*:*:*:*:*:*" + }, + { + "type": "element", + "name": "purl", + "children": "pkg:npm/acme/dummy-component@1337-beta" + }, + { + "type": "element", + "name": "swid", + "attributes": { + "tagId": "some-tag", + "name": "dummy-component", + "version": "1337-beta", + "patch": "true" + }, + "children": [ + { + "type": "element", + "name": "text", + "attributes": { + "content-type": "some context type", + "encoding": "base64" + }, + "children": "some context" + }, + { + "type": "element", + "name": "url", + "children": "https://localhost/swid" + } + ] + }, + { + "type": "element", + "name": "externalReferences", + "children": [ + { + "type": "element", + "name": "reference", + "attributes": { + "type": "support" + }, + "children": [ + { + "type": "element", + "name": "url", + "children": "https://localhost/acme/support" + } + ] + }, + { + "type": "element", + "name": "reference", + "attributes": { + "type": "website" + }, + "children": [ + { + "type": "element", + "name": "url", + "children": "https://localhost/acme" + }, + { + "type": "element", + "name": "comment", + "children": "testing" + } + ] + } + ] + } + ] + } + ] + }, + { + "type": "element", + "name": "dependencies", + "children": [ + { + "type": "element", + "name": "dependency", + "attributes": { + "ref": "a-component" + }, + "children": [] + }, + { + "type": "element", + "name": "dependency", + "attributes": { + "ref": "dummy-component" + }, + "children": [ + { + "type": "element", + "name": "dependency", + "attributes": { + "ref": "a-component" + } + } + ] + }, + { + "type": "element", + "name": "dependency", + "attributes": { + "ref": "dummy.metadata.component" + }, + "children": [ + { + "type": "element", + "name": "dependency", + "attributes": { + "ref": "a-component" + } + }, + { + "type": "element", + "name": "dependency", + "attributes": { + "ref": "dummy-component" + } + } + ] + } + ] + } + ] +} diff --git a/tests/_data/normalizeResults/xml_sortedLists_spec1.3.json b/tests/_data/normalizeResults/xml_sortedLists_spec1.3.json new file mode 100644 index 000000000..3d26e56ae --- /dev/null +++ b/tests/_data/normalizeResults/xml_sortedLists_spec1.3.json @@ -0,0 +1,539 @@ +{ + "type": "element", + "name": "bom", + "attributes": { + "xmlns": "http://cyclonedx.org/schema/bom/1.3", + "version": 7, + "serialNumber": "urn:uuid:12345678-1234-1234-1234-123456789012" + }, + "children": [ + { + "type": "element", + "name": "metadata", + "children": [ + { + "type": "element", + "name": "timestamp", + "children": "2001-05-23T13:37:42.000Z" + }, + { + "type": "element", + "name": "tools", + "children": [ + { + "type": "element", + "name": "tool", + "children": [ + { + "type": "element", + "name": "vendor", + "children": "tool vendor" + }, + { + "type": "element", + "name": "name", + "children": "other tool" + } + ] + }, + { + "type": "element", + "name": "tool", + "children": [ + { + "type": "element", + "name": "vendor", + "children": "tool vendor" + }, + { + "type": "element", + "name": "name", + "children": "tool name" + }, + { + "type": "element", + "name": "version", + "children": "0.8.15" + }, + { + "type": "element", + "name": "hashes", + "children": [ + { + "type": "element", + "name": "hash", + "attributes": { + "hashAlg": "MD5" + }, + "children": "f32a26e2a3a8aa338cd77b6e1263c535" + }, + { + "type": "element", + "name": "hash", + "attributes": { + "hashAlg": "SHA-1" + }, + "children": "829c3804401b0727f70f73d4415e162400cbe57b" + } + ] + } + ] + } + ] + }, + { + "type": "element", + "name": "authors", + "children": [ + { + "type": "element", + "name": "author", + "children": [ + { + "type": "element", + "name": "name", + "children": "Jane \"the-author\" Doe" + }, + { + "type": "element", + "name": "email", + "children": "cdx-authors@mailinator.com" + } + ] + }, + { + "type": "element", + "name": "author", + "children": [ + { + "type": "element", + "name": "name", + "children": "John \"the-co-author\" Doe" + } + ] + } + ] + }, + { + "type": "element", + "name": "component", + "attributes": { + "type": "library", + "bom-ref": "dummy.metadata.component" + }, + "children": [ + { + "type": "element", + "name": "name", + "children": "Root Component" + }, + { + "type": "element", + "name": "version", + "children": "" + } + ] + }, + { + "type": "element", + "name": "manufacture", + "children": [ + { + "type": "element", + "name": "name", + "children": "meta manufacture" + }, + { + "type": "element", + "name": "url", + "children": "https://meta-manufacture.xmpl/" + } + ] + }, + { + "type": "element", + "name": "supplier", + "children": [ + { + "type": "element", + "name": "name", + "children": "meta supplier" + }, + { + "type": "element", + "name": "url", + "children": "https://meta-supplier.xmpl/" + }, + { + "type": "element", + "name": "contact", + "children": [ + { + "type": "element", + "name": "name", + "children": "Jane \"the-other-supplier\" Doe" + } + ] + }, + { + "type": "element", + "name": "contact", + "children": [ + { + "type": "element", + "name": "name", + "children": "John \"the-supplier\" Doe" + }, + { + "type": "element", + "name": "email", + "children": "cdx-suppliers@mailinator.com" + } + ] + } + ] + } + ] + }, + { + "type": "element", + "name": "components", + "children": [ + { + "type": "element", + "name": "component", + "attributes": { + "type": "library", + "bom-ref": "a-component" + }, + "children": [ + { + "type": "element", + "name": "name", + "children": "a-component" + }, + { + "type": "element", + "name": "version", + "children": "" + } + ] + }, + { + "type": "element", + "name": "component", + "attributes": { + "type": "library", + "bom-ref": "dummy-component" + }, + "children": [ + { + "type": "element", + "name": "supplier", + "children": [ + { + "type": "element", + "name": "name", + "children": "Component Supplier" + }, + { + "type": "element", + "name": "url", + "children": "https://localhost/componentSupplier-A" + }, + { + "type": "element", + "name": "url", + "children": "https://localhost/componentSupplier-B" + }, + { + "type": "element", + "name": "contact", + "children": [ + { + "type": "element", + "name": "name", + "children": "Franz" + }, + { + "type": "element", + "name": "email", + "children": "franz-aus-bayern@komplett.verwahrlosten.taxi" + }, + { + "type": "element", + "name": "phone", + "children": "555-732378879" + } + ] + }, + { + "type": "element", + "name": "contact", + "children": [ + { + "type": "element", + "name": "name", + "children": "The quick brown fox" + } + ] + } + ] + }, + { + "type": "element", + "name": "author", + "children": "component's author" + }, + { + "type": "element", + "name": "publisher", + "children": "the publisher" + }, + { + "type": "element", + "name": "group", + "children": "acme" + }, + { + "type": "element", + "name": "name", + "children": "dummy-component" + }, + { + "type": "element", + "name": "version", + "children": "1337-beta" + }, + { + "type": "element", + "name": "description", + "children": "this is a test component" + }, + { + "type": "element", + "name": "description", + "children": "required" + }, + { + "type": "element", + "name": "hashes", + "children": [ + { + "type": "element", + "name": "hash", + "attributes": { + "hashAlg": "MD5" + }, + "children": "6bd3ac6fb35bb07c3f74d7f72451af57" + }, + { + "type": "element", + "name": "hash", + "attributes": { + "hashAlg": "SHA-1" + }, + "children": "e6f36746ccba42c288acf906e636bb278eaeb7e8" + } + ] + }, + { + "type": "element", + "name": "licenses", + "children": [ + { + "type": "element", + "name": "expression", + "children": "(MIT or Apache-2.0)" + }, + { + "type": "element", + "name": "license", + "children": [ + { + "type": "element", + "name": "name", + "children": "some other" + }, + { + "type": "element", + "name": "text", + "attributes": { + "content-type": "text/plain", + "encoding": "base64" + }, + "children": "U29tZQpsaWNlbnNlCnRleHQu" + }, + { + "type": "element", + "name": "url", + "children": "https://localhost/license" + } + ] + }, + { + "type": "element", + "name": "license", + "children": [ + { + "type": "element", + "name": "id", + "children": "MIT" + }, + { + "type": "element", + "name": "text", + "attributes": { + "content-type": "text/plain", + "encoding": "base64" + }, + "children": "TUlUIExpY2Vuc2UKLi4uClRIRSBTT0ZUV0FSRSBJUyBQUk9WSURFRCAiQVMgSVMiLi4u" + }, + { + "type": "element", + "name": "url", + "children": "https://spdx.org/licenses/MIT.html" + } + ] + } + ] + }, + { + "type": "element", + "name": "copyright", + "children": "(c) acme" + }, + { + "type": "element", + "name": "cpe", + "children": "cpe:2.3:a:microsoft:internet_explorer:8.0.6001:beta:*:*:*:*:*:*" + }, + { + "type": "element", + "name": "purl", + "children": "pkg:npm/acme/dummy-component@1337-beta" + }, + { + "type": "element", + "name": "swid", + "attributes": { + "tagId": "some-tag", + "name": "dummy-component", + "version": "1337-beta", + "patch": "true" + }, + "children": [ + { + "type": "element", + "name": "text", + "attributes": { + "content-type": "some context type", + "encoding": "base64" + }, + "children": "some context" + }, + { + "type": "element", + "name": "url", + "children": "https://localhost/swid" + } + ] + }, + { + "type": "element", + "name": "externalReferences", + "children": [ + { + "type": "element", + "name": "reference", + "attributes": { + "type": "support" + }, + "children": [ + { + "type": "element", + "name": "url", + "children": "https://localhost/acme/support" + } + ] + }, + { + "type": "element", + "name": "reference", + "attributes": { + "type": "website" + }, + "children": [ + { + "type": "element", + "name": "url", + "children": "https://localhost/acme" + }, + { + "type": "element", + "name": "comment", + "children": "testing" + } + ] + } + ] + } + ] + } + ] + }, + { + "type": "element", + "name": "dependencies", + "children": [ + { + "type": "element", + "name": "dependency", + "attributes": { + "ref": "a-component" + }, + "children": [] + }, + { + "type": "element", + "name": "dependency", + "attributes": { + "ref": "dummy-component" + }, + "children": [ + { + "type": "element", + "name": "dependency", + "attributes": { + "ref": "a-component" + } + } + ] + }, + { + "type": "element", + "name": "dependency", + "attributes": { + "ref": "dummy.metadata.component" + }, + "children": [ + { + "type": "element", + "name": "dependency", + "attributes": { + "ref": "a-component" + } + }, + { + "type": "element", + "name": "dependency", + "attributes": { + "ref": "dummy-component" + } + } + ] + } + ] + } + ] +} diff --git a/tests/_data/normalizeResults/xml_sortedLists_spec1.4.json b/tests/_data/normalizeResults/xml_sortedLists_spec1.4.json new file mode 100644 index 000000000..3b7398abd --- /dev/null +++ b/tests/_data/normalizeResults/xml_sortedLists_spec1.4.json @@ -0,0 +1,553 @@ +{ + "type": "element", + "name": "bom", + "attributes": { + "xmlns": "http://cyclonedx.org/schema/bom/1.4", + "version": 7, + "serialNumber": "urn:uuid:12345678-1234-1234-1234-123456789012" + }, + "children": [ + { + "type": "element", + "name": "metadata", + "children": [ + { + "type": "element", + "name": "timestamp", + "children": "2001-05-23T13:37:42.000Z" + }, + { + "type": "element", + "name": "tools", + "children": [ + { + "type": "element", + "name": "tool", + "children": [ + { + "type": "element", + "name": "vendor", + "children": "tool vendor" + }, + { + "type": "element", + "name": "name", + "children": "other tool" + } + ] + }, + { + "type": "element", + "name": "tool", + "children": [ + { + "type": "element", + "name": "vendor", + "children": "tool vendor" + }, + { + "type": "element", + "name": "name", + "children": "tool name" + }, + { + "type": "element", + "name": "version", + "children": "0.8.15" + }, + { + "type": "element", + "name": "hashes", + "children": [ + { + "type": "element", + "name": "hash", + "attributes": { + "hashAlg": "MD5" + }, + "children": "f32a26e2a3a8aa338cd77b6e1263c535" + }, + { + "type": "element", + "name": "hash", + "attributes": { + "hashAlg": "SHA-1" + }, + "children": "829c3804401b0727f70f73d4415e162400cbe57b" + } + ] + } + ] + } + ] + }, + { + "type": "element", + "name": "authors", + "children": [ + { + "type": "element", + "name": "author", + "children": [ + { + "type": "element", + "name": "name", + "children": "Jane \"the-author\" Doe" + }, + { + "type": "element", + "name": "email", + "children": "cdx-authors@mailinator.com" + } + ] + }, + { + "type": "element", + "name": "author", + "children": [ + { + "type": "element", + "name": "name", + "children": "John \"the-co-author\" Doe" + } + ] + } + ] + }, + { + "type": "element", + "name": "component", + "attributes": { + "type": "library", + "bom-ref": "dummy.metadata.component" + }, + "children": [ + { + "type": "element", + "name": "name", + "children": "Root Component" + }, + { + "type": "element", + "name": "version", + "children": "" + } + ] + }, + { + "type": "element", + "name": "manufacture", + "children": [ + { + "type": "element", + "name": "name", + "children": "meta manufacture" + }, + { + "type": "element", + "name": "url", + "children": "https://meta-manufacture.xmpl/" + } + ] + }, + { + "type": "element", + "name": "supplier", + "children": [ + { + "type": "element", + "name": "name", + "children": "meta supplier" + }, + { + "type": "element", + "name": "url", + "children": "https://meta-supplier.xmpl/" + }, + { + "type": "element", + "name": "contact", + "children": [ + { + "type": "element", + "name": "name", + "children": "Jane \"the-other-supplier\" Doe" + } + ] + }, + { + "type": "element", + "name": "contact", + "children": [ + { + "type": "element", + "name": "name", + "children": "John \"the-supplier\" Doe" + }, + { + "type": "element", + "name": "email", + "children": "cdx-suppliers@mailinator.com" + } + ] + } + ] + } + ] + }, + { + "type": "element", + "name": "components", + "children": [ + { + "type": "element", + "name": "component", + "attributes": { + "type": "library", + "bom-ref": "a-component" + }, + "children": [ + { + "type": "element", + "name": "name", + "children": "a-component" + }, + { + "type": "element", + "name": "version", + "children": "" + } + ] + }, + { + "type": "element", + "name": "component", + "attributes": { + "type": "library", + "bom-ref": "dummy-component" + }, + "children": [ + { + "type": "element", + "name": "supplier", + "children": [ + { + "type": "element", + "name": "name", + "children": "Component Supplier" + }, + { + "type": "element", + "name": "url", + "children": "https://localhost/componentSupplier-A" + }, + { + "type": "element", + "name": "url", + "children": "https://localhost/componentSupplier-B" + }, + { + "type": "element", + "name": "contact", + "children": [ + { + "type": "element", + "name": "name", + "children": "Franz" + }, + { + "type": "element", + "name": "email", + "children": "franz-aus-bayern@komplett.verwahrlosten.taxi" + }, + { + "type": "element", + "name": "phone", + "children": "555-732378879" + } + ] + }, + { + "type": "element", + "name": "contact", + "children": [ + { + "type": "element", + "name": "name", + "children": "The quick brown fox" + } + ] + } + ] + }, + { + "type": "element", + "name": "author", + "children": "component's author" + }, + { + "type": "element", + "name": "publisher", + "children": "the publisher" + }, + { + "type": "element", + "name": "group", + "children": "acme" + }, + { + "type": "element", + "name": "name", + "children": "dummy-component" + }, + { + "type": "element", + "name": "version", + "children": "1337-beta" + }, + { + "type": "element", + "name": "description", + "children": "this is a test component" + }, + { + "type": "element", + "name": "description", + "children": "required" + }, + { + "type": "element", + "name": "hashes", + "children": [ + { + "type": "element", + "name": "hash", + "attributes": { + "hashAlg": "MD5" + }, + "children": "6bd3ac6fb35bb07c3f74d7f72451af57" + }, + { + "type": "element", + "name": "hash", + "attributes": { + "hashAlg": "SHA-1" + }, + "children": "e6f36746ccba42c288acf906e636bb278eaeb7e8" + } + ] + }, + { + "type": "element", + "name": "licenses", + "children": [ + { + "type": "element", + "name": "expression", + "children": "(MIT or Apache-2.0)" + }, + { + "type": "element", + "name": "license", + "children": [ + { + "type": "element", + "name": "name", + "children": "some other" + }, + { + "type": "element", + "name": "text", + "attributes": { + "content-type": "text/plain", + "encoding": "base64" + }, + "children": "U29tZQpsaWNlbnNlCnRleHQu" + }, + { + "type": "element", + "name": "url", + "children": "https://localhost/license" + } + ] + }, + { + "type": "element", + "name": "license", + "children": [ + { + "type": "element", + "name": "id", + "children": "MIT" + }, + { + "type": "element", + "name": "text", + "attributes": { + "content-type": "text/plain", + "encoding": "base64" + }, + "children": "TUlUIExpY2Vuc2UKLi4uClRIRSBTT0ZUV0FSRSBJUyBQUk9WSURFRCAiQVMgSVMiLi4u" + }, + { + "type": "element", + "name": "url", + "children": "https://spdx.org/licenses/MIT.html" + } + ] + } + ] + }, + { + "type": "element", + "name": "copyright", + "children": "(c) acme" + }, + { + "type": "element", + "name": "cpe", + "children": "cpe:2.3:a:microsoft:internet_explorer:8.0.6001:beta:*:*:*:*:*:*" + }, + { + "type": "element", + "name": "purl", + "children": "pkg:npm/acme/dummy-component@1337-beta" + }, + { + "type": "element", + "name": "swid", + "attributes": { + "tagId": "some-tag", + "name": "dummy-component", + "version": "1337-beta", + "patch": "true" + }, + "children": [ + { + "type": "element", + "name": "text", + "attributes": { + "content-type": "some context type", + "encoding": "base64" + }, + "children": "some context" + }, + { + "type": "element", + "name": "url", + "children": "https://localhost/swid" + } + ] + }, + { + "type": "element", + "name": "externalReferences", + "children": [ + { + "type": "element", + "name": "reference", + "attributes": { + "type": "release-notes" + }, + "children": [ + { + "type": "element", + "name": "url", + "children": "./other/file" + } + ] + }, + { + "type": "element", + "name": "reference", + "attributes": { + "type": "support" + }, + "children": [ + { + "type": "element", + "name": "url", + "children": "https://localhost/acme/support" + } + ] + }, + { + "type": "element", + "name": "reference", + "attributes": { + "type": "website" + }, + "children": [ + { + "type": "element", + "name": "url", + "children": "https://localhost/acme" + }, + { + "type": "element", + "name": "comment", + "children": "testing" + } + ] + } + ] + } + ] + } + ] + }, + { + "type": "element", + "name": "dependencies", + "children": [ + { + "type": "element", + "name": "dependency", + "attributes": { + "ref": "a-component" + }, + "children": [] + }, + { + "type": "element", + "name": "dependency", + "attributes": { + "ref": "dummy-component" + }, + "children": [ + { + "type": "element", + "name": "dependency", + "attributes": { + "ref": "a-component" + } + } + ] + }, + { + "type": "element", + "name": "dependency", + "attributes": { + "ref": "dummy.metadata.component" + }, + "children": [ + { + "type": "element", + "name": "dependency", + "attributes": { + "ref": "a-component" + } + }, + { + "type": "element", + "name": "dependency", + "attributes": { + "ref": "dummy-component" + } + } + ] + } + ] + } + ] +} diff --git a/tests/integration/JsonNormalize.test.js b/tests/integration/JsonNormalize.test.js new file mode 100644 index 000000000..b137e49eb --- /dev/null +++ b/tests/integration/JsonNormalize.test.js @@ -0,0 +1,61 @@ +const assert = require('assert') +const { describe, beforeEach, afterEach, it } = require('mocha') + +const { createComplexStructure, loadNormalizeResult } = require('../_data/normalize') +/* uncomment next line to dump data */ +// const { writeNormalizeResult } = require('../_data/normalize') + +const { + Serialize: { + JSON: { Normalize: { Factory: JsonNormalizeFactory } } + }, + Spec: { Spec1dot2, Spec1dot3, Spec1dot4 } +} = require('../../') + +describe('JSON normalize', () => { + [ + Spec1dot2, + Spec1dot3, + Spec1dot4 + ].forEach(spec => describe(`complex with spec v${spec.version}`, () => { + const normalizerFactory = new JsonNormalizeFactory(spec) + + beforeEach(function () { + this.bom = createComplexStructure() + }) + + afterEach(function () { + delete this.bom + }) + + it('can normalize', function () { + const normalized = normalizerFactory.makeForBom() + .normalize(this.bom, {}) + const json = JSON.stringify(normalized) + + /* uncomment next line to dump data */ + // writeNormalizeResult(json, 'json_complex', spec.version, 'json') + + assert.deepStrictEqual( + JSON.parse(json), + JSON.parse(loadNormalizeResult('json_complex', spec.version, 'json')) + ) + }) + + it('can normalize with sorted lists', function () { + const normalized = normalizerFactory.makeForBom() + .normalize(this.bom, { sortLists: true }) + const json = JSON.stringify(normalized) + + /* uncomment next line to dump data */ + // writeNormalizeResult(json, 'json_sortedLists', spec.version, 'json') + + assert.deepStrictEqual( + JSON.parse(json), + JSON.parse(loadNormalizeResult('json_sortedLists', spec.version, 'json')) + ) + }) + + // TODO add more tests + })) +}) diff --git a/tests/integration/JsonSerializer.test.js b/tests/integration/JsonSerializer.test.js deleted file mode 100644 index 704a3e1b5..000000000 --- a/tests/integration/JsonSerializer.test.js +++ /dev/null @@ -1,58 +0,0 @@ -const assert = require('assert') -const { describe, beforeEach, afterEach, it } = require('mocha') - -const { createComplexStructure, loadSerializeResult } = require('../_data/serialize') -/* uncomment next line to dump data */ -// const { writeSerializeResult } = require('../_data/serialize') - -const { - Serialize: { - JsonSerializer, - JSON: { Normalize: { Factory: JsonNormalizeFactory } } - }, - Spec: { Spec1dot2, Spec1dot3, Spec1dot4 } -} = require('../../') - -describe('JSON serialize', () => { - [ - Spec1dot2, - Spec1dot3, - Spec1dot4 - ].forEach(spec => describe(`complex with spec v${spec.version}`, () => { - const serializer = new JsonSerializer(new JsonNormalizeFactory(spec)) - - beforeEach(function () { - this.bom = createComplexStructure() - }) - - afterEach(function () { - delete this.bom - }) - - it('can serialize', function () { - const serialized = serializer.serialize(this.bom) - - /* uncomment next line to dump data */ - // writeSerializeResult(serialized, 'complex', spec.version, 'json') - - assert.deepStrictEqual( - JSON.parse(serialized), - JSON.parse(loadSerializeResult('complex', spec.version, 'json')) - ) - }) - - it('can serialize with sorted lists', function () { - const serialized = serializer.serialize(this.bom, { sortLists: true }) - - /* uncomment next line to dump data */ - // writeSerializeResult(serialized, 'sortedLists', spec.version, 'json') - - assert.deepStrictEqual( - JSON.parse(serialized), - JSON.parse(loadSerializeResult('sortedLists', spec.version, 'json')) - ) - }) - - // TODO add more tests - })) -}) diff --git a/tests/integration/XmlNormalize.test.js b/tests/integration/XmlNormalize.test.js new file mode 100644 index 000000000..22bc7fc08 --- /dev/null +++ b/tests/integration/XmlNormalize.test.js @@ -0,0 +1,61 @@ +const assert = require('assert') +const { describe, beforeEach, afterEach, it } = require('mocha') + +const { createComplexStructure, loadNormalizeResult } = require('../_data/normalize') +/* uncomment next line to dump data */ +// const { writeNormalizeResult } = require('../_data/normalize') + +const { + Serialize: { + Xml: { Normalize: { Factory: XmlNormalizeFactory } } + }, + Spec: { Spec1dot2, Spec1dot3, Spec1dot4 } +} = require('../../') + +describe('JSON normalize', () => { + [ + Spec1dot2, + Spec1dot3, + Spec1dot4 + ].forEach(spec => describe(`complex with spec v${spec.version}`, () => { + const normalizerFactory = new XmlNormalizeFactory(spec) + + beforeEach(function () { + this.bom = createComplexStructure() + }) + + afterEach(function () { + delete this.bom + }) + + it('can normalize', function () { + const normalized = normalizerFactory.makeForBom() + .normalize(this.bom, {}) + const json = JSON.stringify(normalized) + + /* uncomment next line to dump data */ + // writeNormalizeResult(json, 'xml_complex', spec.version, 'json') + + assert.deepStrictEqual( + JSON.parse(json), + JSON.parse(loadNormalizeResult('xml_complex', spec.version, 'json')) + ) + }) + + it('can normalize with sorted lists', function () { + const normalized = normalizerFactory.makeForBom() + .normalize(this.bom, { sortLists: true }) + const json = JSON.stringify(normalized) + + /* uncomment next line to dump data */ + // writeNormalizeResult(json, 'xml_sortedLists', spec.version, 'json') + + assert.deepStrictEqual( + JSON.parse(json), + JSON.parse(loadNormalizeResult('xml_sortedLists', spec.version, 'json')) + ) + }) + + // TODO add more tests + })) +}) From 7268ef7527911f6eebb468d35bda470841b783e7 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sun, 22 May 2022 11:57:45 +0200 Subject: [PATCH 136/233] wip (#39) Signed-off-by: Jan Kowalleck --- src/serialize/BaseSerializer.ts | 4 +++- src/serialize/BomRefDiscriminator.ts | 10 +++++----- src/serialize/JSON/normalize.ts | 8 +++++--- src/serialize/XML/normalize.ts | 8 +++++--- 4 files changed, 18 insertions(+), 12 deletions(-) diff --git a/src/serialize/BaseSerializer.ts b/src/serialize/BaseSerializer.ts index 5c446809b..77fbabf16 100644 --- a/src/serialize/BaseSerializer.ts +++ b/src/serialize/BaseSerializer.ts @@ -15,7 +15,9 @@ export abstract class BaseSerializer implements Serializer { #getAllBomRefs (bom: Bom): Iterable { const bomRefs = new Set() - bom.components.forEach(c => bomRefs.add(c.bomRef)) + for (const c of bom.components) { + bomRefs.add(c.bomRef) + } if (bom.metadata.component !== null) { bomRefs.add(bom.metadata.component.bomRef) } diff --git a/src/serialize/BomRefDiscriminator.ts b/src/serialize/BomRefDiscriminator.ts index 9f9bfd23f..9158ff655 100644 --- a/src/serialize/BomRefDiscriminator.ts +++ b/src/serialize/BomRefDiscriminator.ts @@ -13,20 +13,20 @@ export class BomRefDiscriminator { discriminate (): void { const knownRefValues = new Set() - this.#originalValues.forEach((_, bomRef) => { + for (const [bomRef] of this.#originalValues) { let value = bomRef.value if (value === undefined || knownRefValues.has(value)) { value = this.#makeUniqueId() bomRef.value = value } knownRefValues.add(value) - }) + } } reset (): void { - this.#originalValues.forEach((value, bomRef) => { - bomRef.value = value - }) + for (const [bomRef, originalValue] of this.#originalValues) { + bomRef.value = originalValue + } } #makeUniqueId (): string { diff --git a/src/serialize/JSON/normalize.ts b/src/serialize/JSON/normalize.ts index d3e012bb7..cb3ba85c6 100644 --- a/src/serialize/JSON/normalize.ts +++ b/src/serialize/JSON/normalize.ts @@ -366,16 +366,18 @@ export class DependencyGraphNormalizer extends Base { } const allRefs = new Map() - data.components.forEach(c => allRefs.set(c.bomRef, new Models.BomRefRepository(c.dependencies))) + for (const c of data.components) { + allRefs.set(c.bomRef, new Models.BomRefRepository(c.dependencies)) + } allRefs.set(data.metadata.component.bomRef, data.metadata.component.dependencies) const normalized: Types.Dependency[] = [] - allRefs.forEach((deps, ref) => { + for (const [ref, deps] of allRefs) { const dep = this.#normalizeDependency(ref, deps, allRefs, options) if (isNotUndefined(dep)) { normalized.push(dep) } - }) + } if (options.sortLists ?? false) { normalized.sort(({ ref: a }, { ref: b }) => a.localeCompare(b)) diff --git a/src/serialize/XML/normalize.ts b/src/serialize/XML/normalize.ts index e9bcf62ba..2577e5e7f 100644 --- a/src/serialize/XML/normalize.ts +++ b/src/serialize/XML/normalize.ts @@ -469,16 +469,18 @@ export class DependencyGraphNormalizer extends Base { } const allRefs = new Map() - data.components.forEach(c => allRefs.set(c.bomRef, new Models.BomRefRepository(c.dependencies))) + for (const c of data.components) { + allRefs.set(c.bomRef, new Models.BomRefRepository(c.dependencies)) + } allRefs.set(data.metadata.component.bomRef, data.metadata.component.dependencies) const normalized: Array<(Types.SimpleXml.Element & { attributes: { ref: string } })> = [] - allRefs.forEach((deps, ref) => { + for (const [ref, deps] of allRefs) { const dep = this.#normalizeDependency(ref, deps, allRefs, options) if (isNotUndefined(dep)) { normalized.push(dep) } - }) + } if (options.sortLists ?? false) { normalized.sort(({ attributes: { ref: a } }, { attributes: { ref: b } }) => a.localeCompare(b)) From 96743d00ffd3be890108be75d24e78abe4a1dddd Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Thu, 26 May 2022 19:23:29 +0200 Subject: [PATCH 137/233] xmlSerializer (#38) * wip Signed-off-by: Jan Kowalleck * wip Signed-off-by: Jan Kowalleck * wip Signed-off-by: Jan Kowalleck * wip Signed-off-by: Jan Kowalleck * wip Signed-off-by: Jan Kowalleck * wip Signed-off-by: Jan Kowalleck * wip Signed-off-by: Jan Kowalleck * wip Signed-off-by: Jan Kowalleck --- examples/node/example.cjs | 5 +- examples/node/example.mjs | 5 +- examples/web-browser.html | 9 ++- src/serialize/BaseSerializer.ts | 12 ++-- src/serialize/JsonSerializer.ts | 29 +++++---- src/serialize/XML/normalize.ts | 2 +- src/serialize/XML/types.ts | 18 +++-- src/serialize/XmlSerializer.ts | 34 +++++++++- src/serialize/XmlSerializer.web.ts | 65 +++++++++++++++++++ src/serialize/index.ts | 6 +- .../normalizeResults/xml_complex_spec1.2.json | 2 +- .../normalizeResults/xml_complex_spec1.3.json | 2 +- .../normalizeResults/xml_complex_spec1.4.json | 2 +- .../xml_sortedLists_spec1.2.json | 2 +- .../xml_sortedLists_spec1.3.json | 2 +- .../xml_sortedLists_spec1.4.json | 2 +- tests/integration/XmlNormalize.test.js | 2 +- 17 files changed, 150 insertions(+), 49 deletions(-) create mode 100644 src/serialize/XmlSerializer.web.ts diff --git a/examples/node/example.cjs b/examples/node/example.cjs index a277523a0..ebf90f0dc 100644 --- a/examples/node/example.cjs +++ b/examples/node/example.cjs @@ -11,9 +11,8 @@ bom.components.add( ) ) -const serializer = new cdx.Serialize.JsonSerializer( +const jsonSerializer = new cdx.Serialize.JsonSerializer( new cdx.Serialize.JSON.Normalize.Factory( cdx.Spec.Spec1dot4)) -const serialized = serializer.serialize(bom) - +const serialized = jsonSerializer.serialize(bom) console.log(serialized) diff --git a/examples/node/example.mjs b/examples/node/example.mjs index 2f93d8b06..1d8faa9ec 100644 --- a/examples/node/example.mjs +++ b/examples/node/example.mjs @@ -11,9 +11,8 @@ bom.components.add( ) ) -const serializer = new cdx.Serialize.JsonSerializer( +const jsonSerializer = new cdx.Serialize.JsonSerializer( new cdx.Serialize.JSON.Normalize.Factory( cdx.Spec.Spec1dot4)) -const serialized = serializer.serialize(bom) - +const serialized = jsonSerializer.serialize(bom) console.log(serialized) diff --git a/examples/web-browser.html b/examples/web-browser.html index dd89fe827..bb93a9ebd 100644 --- a/examples/web-browser.html +++ b/examples/web-browser.html @@ -19,15 +19,14 @@ ) ) - const serializer = new cdx.Serialize.JsonSerializer( + const jsonSerializer = new cdx.Serialize.JsonSerializer( new cdx.Serialize.JSON.Normalize.Factory( cdx.Spec.Spec1dot4)) - const serialized = serializer.serialize(bom) - - console.log(serialized) + const serializedJson = jsonSerializer.serialize(bom) + console.log(serializedJson) -

see console log output for result.

+

see javascript console output for result.

diff --git a/src/serialize/BaseSerializer.ts b/src/serialize/BaseSerializer.ts index 77fbabf16..c85f9ba4a 100644 --- a/src/serialize/BaseSerializer.ts +++ b/src/serialize/BaseSerializer.ts @@ -2,12 +2,12 @@ import { Bom, BomRef } from '../models' import { BomRefDiscriminator } from './BomRefDiscriminator' import { NormalizeOptions, SerializeOptions, Serializer } from './types' -export abstract class BaseSerializer implements Serializer { +export abstract class BaseSerializer implements Serializer { serialize (bom: Bom, options?: SerializeOptions & NormalizeOptions): string { const bomRefDiscriminator = new BomRefDiscriminator(this.#getAllBomRefs(bom)) bomRefDiscriminator.discriminate() try { - return this._normalize(bom, options) + return this._serialize(this._normalize(bom, options), options) } finally { bomRefDiscriminator.reset() } @@ -24,9 +24,7 @@ export abstract class BaseSerializer implements Serializer { return bomRefs.values() } - /** - * @internal - * @private - */ - protected abstract _normalize (bom: Bom, options?: SerializeOptions & NormalizeOptions): string + protected abstract _serialize (normalizedBom: NormalizedBom, options?: SerializeOptions): string + + protected abstract _normalize (bom: Bom, options?: NormalizeOptions): NormalizedBom } diff --git a/src/serialize/JsonSerializer.ts b/src/serialize/JsonSerializer.ts index f5672305b..38b587e41 100644 --- a/src/serialize/JsonSerializer.ts +++ b/src/serialize/JsonSerializer.ts @@ -3,8 +3,12 @@ import { Format, UnsupportedFormatError } from '../spec' import { SerializeOptions, NormalizeOptions } from './types' import { BaseSerializer } from './BaseSerializer' import { Factory as NormalizerFactory } from './JSON/normalize' +import { Bom as NormalizedBom } from './JSON/types' -export class JsonSerializer extends BaseSerializer { +/** + * Multi purpose Json serializer. + */ +export class JsonSerializer extends BaseSerializer { readonly #normalizerFactory: NormalizerFactory /** @@ -19,19 +23,18 @@ export class JsonSerializer extends BaseSerializer { this.#normalizerFactory = normalizerFactory } - /** - * @internal - * @private - */ + protected _serialize ( + bom: NormalizedBom, + { space }: SerializeOptions = {} + ): string { + return JSON.stringify(bom, null, space) + } + protected _normalize ( bom: Bom, - { - sortLists = false, - space = 0 - }: NormalizeOptions & SerializeOptions = {} - ): string { - return JSON.stringify( - this.#normalizerFactory.makeForBom().normalize(bom, { sortLists }), - null, space) + { sortLists }: NormalizeOptions = {} + ): NormalizedBom { + return this.#normalizerFactory.makeForBom() + .normalize(bom, { sortLists }) } } diff --git a/src/serialize/XML/normalize.ts b/src/serialize/XML/normalize.ts index 2577e5e7f..d8fda74a3 100644 --- a/src/serialize/XML/normalize.ts +++ b/src/serialize/XML/normalize.ts @@ -104,8 +104,8 @@ export class BomNormalizer extends Base { return { type: 'element', name: 'bom', + namespace: xmlNamespace.get(this._factory.spec.version), attributes: { - xmlns: xmlNamespace.get(this._factory.spec.version), version: data.version, serialNumber: data.serialNumber ?? undefined }, diff --git a/src/serialize/XML/types.ts b/src/serialize/XML/types.ts index 58a99ab8d..0a6ccd22b 100644 --- a/src/serialize/XML/types.ts +++ b/src/serialize/XML/types.ts @@ -24,8 +24,9 @@ export namespace SimpleXml { * Must be alphanumeric. * Must start with alpha. * Must not contain whitespace characters. + * Should not be literal "xmlns". */ - type attributeName = string + export type AttributeName = string /** * Element's name. @@ -34,7 +35,7 @@ export namespace SimpleXml { * Must start with alpha. * Must not contain whitespace characters. */ - type elementName = string + export type ElementName = string /** * Textual representation. @@ -52,14 +53,21 @@ export namespace SimpleXml { */ export type Unset = undefined + export interface ElementAttributes { + [key: AttributeName]: Text | Unset + } + + export type ElementChildren = Iterable | Text | Unset + /** * Element node. */ export interface Element { type: 'element' - name: elementName - attributes?: { [key: attributeName]: Text | Unset } - children?: Iterable | Text | Unset + name: ElementName + namespace?: string | URL + attributes?: ElementAttributes + children?: ElementChildren } /** diff --git a/src/serialize/XmlSerializer.ts b/src/serialize/XmlSerializer.ts index fe13bcdac..7ad249e81 100644 --- a/src/serialize/XmlSerializer.ts +++ b/src/serialize/XmlSerializer.ts @@ -1,3 +1,33 @@ -export { - // @TODO +import { Bom } from '../models' +import { Format, UnsupportedFormatError } from '../spec' +import { BaseSerializer } from './BaseSerializer' +import { NormalizeOptions } from './types' +import { Factory as NormalizerFactory } from './XML/normalize' +import { SimpleXml } from './XML/types' + +/** + * Base XML serializer. + */ +export abstract class BaseXmlSerializer extends BaseSerializer { + readonly #normalizerFactory: NormalizerFactory + + /** + * @throws {UnsupportedFormatError} if spec does not support JSON format. + */ + constructor (normalizerFactory: NormalizerFactory) { + if (!normalizerFactory.spec.supportsFormat(Format.JSON)) { + throw new UnsupportedFormatError('Spec does not support JSON format.') + } + + super() + this.#normalizerFactory = normalizerFactory + } + + protected _normalize ( + bom: Bom, + { sortLists = false }: NormalizeOptions = {} + ): SimpleXml.Element { + return this.#normalizerFactory.makeForBom() + .normalize(bom, { sortLists }) + } } diff --git a/src/serialize/XmlSerializer.web.ts b/src/serialize/XmlSerializer.web.ts new file mode 100644 index 000000000..0a4c945b0 --- /dev/null +++ b/src/serialize/XmlSerializer.web.ts @@ -0,0 +1,65 @@ +import { isNotUndefined } from '../helpers/types' +import { SerializeOptions } from './types' +import { BaseXmlSerializer } from './XmlSerializer' +import { SimpleXml } from './XML/types' + +/** + * XML serializer for web browsers. + * @TODO this class is not final, unclear if it should be part of this dist. + */ +export class XmlSerializerForWebBrowser extends BaseXmlSerializer { + protected _serialize ( + normalizedBom: SimpleXml.Element, + options: SerializeOptions = {} + ): string { + const doc = document.implementation.createDocument(null, null) + doc.appendChild(this.#buildElement(normalizedBom, doc)) + // TODO: incorporate `options.space` + return (new XMLSerializer()).serializeToString(doc) + } + + #getNs (element: SimpleXml.Element): string | null { + const ns = (element.namespace ?? element.attributes?.xmlns)?.toString() ?? '' + return ns.length > 0 + ? ns + : null + } + + #buildElement (element: SimpleXml.Element, doc: XMLDocument, parentNS: string | null = null): Element { + const ns = this.#getNs(element) ?? parentNS + const node: Element = ns === null + ? doc.createElement(element.name) + : doc.createElementNS(ns, element.name) + if (isNotUndefined(element.attributes)) { + this.#setAttributes(node, element.attributes) + } + if (isNotUndefined(element.children)) { + this.#setChildren(node, element.children, ns) + } + return node + } + + #setAttributes (node: Element, attributes: SimpleXml.ElementAttributes): void { + for (const [name, value] of Object.entries(attributes)) { + if (isNotUndefined(value) && name !== 'xmlns') { + // reminder: cannot change a namespace after the fact. + node.setAttribute(name, `${value}`) + } + } + } + + #setChildren (node: Element, children: SimpleXml.ElementChildren, parentNS: string | null = null): void { + const t = typeof children + if (t === 'string' || t === 'number') { + node.textContent = `${children as SimpleXml.Text}` + return + } + + for (const c of (children as Iterable)) { + if (c.type === 'element') { + node.appendChild(this.#buildElement(c, node.ownerDocument, parentNS)) + } + // comments are not implemented, yet + } + } +} diff --git a/src/serialize/index.ts b/src/serialize/index.ts index fe00cdc40..fa97385c3 100644 --- a/src/serialize/index.ts +++ b/src/serialize/index.ts @@ -1,11 +1,11 @@ export * as Types from './types' export * from './BomRefDiscriminator' +export * from './BaseSerializer' export * as JSON from './JSON' export * from './JsonSerializer' -export * as Xml from './XML' +export * as XML from './XML' export * from './XmlSerializer' - -// export * from './BaseSerializer' // internal use only +// export * from './XmlSerializer.web' // not public, yet diff --git a/tests/_data/normalizeResults/xml_complex_spec1.2.json b/tests/_data/normalizeResults/xml_complex_spec1.2.json index daf4d9a7c..bf17613c3 100644 --- a/tests/_data/normalizeResults/xml_complex_spec1.2.json +++ b/tests/_data/normalizeResults/xml_complex_spec1.2.json @@ -1,8 +1,8 @@ { "type": "element", "name": "bom", + "namespace": "http://cyclonedx.org/schema/bom/1.2", "attributes": { - "xmlns": "http://cyclonedx.org/schema/bom/1.2", "version": 7, "serialNumber": "urn:uuid:12345678-1234-1234-1234-123456789012" }, diff --git a/tests/_data/normalizeResults/xml_complex_spec1.3.json b/tests/_data/normalizeResults/xml_complex_spec1.3.json index b529e2516..705cff9b5 100644 --- a/tests/_data/normalizeResults/xml_complex_spec1.3.json +++ b/tests/_data/normalizeResults/xml_complex_spec1.3.json @@ -1,8 +1,8 @@ { "type": "element", "name": "bom", + "namespace": "http://cyclonedx.org/schema/bom/1.3", "attributes": { - "xmlns": "http://cyclonedx.org/schema/bom/1.3", "version": 7, "serialNumber": "urn:uuid:12345678-1234-1234-1234-123456789012" }, diff --git a/tests/_data/normalizeResults/xml_complex_spec1.4.json b/tests/_data/normalizeResults/xml_complex_spec1.4.json index 0ba7c41e6..adf991683 100644 --- a/tests/_data/normalizeResults/xml_complex_spec1.4.json +++ b/tests/_data/normalizeResults/xml_complex_spec1.4.json @@ -1,8 +1,8 @@ { "type": "element", "name": "bom", + "namespace": "http://cyclonedx.org/schema/bom/1.4", "attributes": { - "xmlns": "http://cyclonedx.org/schema/bom/1.4", "version": 7, "serialNumber": "urn:uuid:12345678-1234-1234-1234-123456789012" }, diff --git a/tests/_data/normalizeResults/xml_sortedLists_spec1.2.json b/tests/_data/normalizeResults/xml_sortedLists_spec1.2.json index cd748aad5..a88541d88 100644 --- a/tests/_data/normalizeResults/xml_sortedLists_spec1.2.json +++ b/tests/_data/normalizeResults/xml_sortedLists_spec1.2.json @@ -1,8 +1,8 @@ { "type": "element", "name": "bom", + "namespace": "http://cyclonedx.org/schema/bom/1.2", "attributes": { - "xmlns": "http://cyclonedx.org/schema/bom/1.2", "version": 7, "serialNumber": "urn:uuid:12345678-1234-1234-1234-123456789012" }, diff --git a/tests/_data/normalizeResults/xml_sortedLists_spec1.3.json b/tests/_data/normalizeResults/xml_sortedLists_spec1.3.json index 3d26e56ae..076911b8e 100644 --- a/tests/_data/normalizeResults/xml_sortedLists_spec1.3.json +++ b/tests/_data/normalizeResults/xml_sortedLists_spec1.3.json @@ -1,8 +1,8 @@ { "type": "element", "name": "bom", + "namespace": "http://cyclonedx.org/schema/bom/1.3", "attributes": { - "xmlns": "http://cyclonedx.org/schema/bom/1.3", "version": 7, "serialNumber": "urn:uuid:12345678-1234-1234-1234-123456789012" }, diff --git a/tests/_data/normalizeResults/xml_sortedLists_spec1.4.json b/tests/_data/normalizeResults/xml_sortedLists_spec1.4.json index 3b7398abd..2163df3d0 100644 --- a/tests/_data/normalizeResults/xml_sortedLists_spec1.4.json +++ b/tests/_data/normalizeResults/xml_sortedLists_spec1.4.json @@ -1,8 +1,8 @@ { "type": "element", "name": "bom", + "namespace": "http://cyclonedx.org/schema/bom/1.4", "attributes": { - "xmlns": "http://cyclonedx.org/schema/bom/1.4", "version": 7, "serialNumber": "urn:uuid:12345678-1234-1234-1234-123456789012" }, diff --git a/tests/integration/XmlNormalize.test.js b/tests/integration/XmlNormalize.test.js index 22bc7fc08..a794bbaac 100644 --- a/tests/integration/XmlNormalize.test.js +++ b/tests/integration/XmlNormalize.test.js @@ -7,7 +7,7 @@ const { createComplexStructure, loadNormalizeResult } = require('../_data/normal const { Serialize: { - Xml: { Normalize: { Factory: XmlNormalizeFactory } } + XML: { Normalize: { Factory: XmlNormalizeFactory } } }, Spec: { Spec1dot2, Spec1dot3, Spec1dot4 } } = require('../../') From 4778828dd02ef74c57b57ab6cc91cc6b1ee70a94 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Fri, 27 May 2022 09:51:10 +0200 Subject: [PATCH 138/233] wip (#41) Signed-off-by: Jan Kowalleck --- src/serialize/BaseSerializer.ts | 8 +- src/serialize/JSON/normalize.ts | 66 ++++----- src/serialize/JSON/types.ts | 219 +++++++++++++++-------------- src/serialize/JsonSerializer.ts | 14 +- src/serialize/XML/normalize.ts | 94 ++++++------- src/serialize/XML/types.ts | 5 + src/serialize/XmlSerializer.ts | 4 +- src/serialize/XmlSerializer.web.ts | 4 +- src/serialize/types.ts | 6 +- src/types/CPE.ts | 1 + src/types/{urn.ts => URN.ts} | 2 + src/types/index.ts | 2 +- src/types/integer.ts | 6 +- src/types/mimeType.ts | 4 + tsconfig.json | 2 +- 15 files changed, 231 insertions(+), 206 deletions(-) rename src/types/{urn.ts => URN.ts} (81%) diff --git a/src/serialize/BaseSerializer.ts b/src/serialize/BaseSerializer.ts index c85f9ba4a..74422aba7 100644 --- a/src/serialize/BaseSerializer.ts +++ b/src/serialize/BaseSerializer.ts @@ -1,9 +1,9 @@ import { Bom, BomRef } from '../models' import { BomRefDiscriminator } from './BomRefDiscriminator' -import { NormalizeOptions, SerializeOptions, Serializer } from './types' +import { NormalizerOptions, SerializerOptions, Serializer } from './types' export abstract class BaseSerializer implements Serializer { - serialize (bom: Bom, options?: SerializeOptions & NormalizeOptions): string { + serialize (bom: Bom, options?: SerializerOptions & NormalizerOptions): string { const bomRefDiscriminator = new BomRefDiscriminator(this.#getAllBomRefs(bom)) bomRefDiscriminator.discriminate() try { @@ -24,7 +24,7 @@ export abstract class BaseSerializer implements Serializer { return bomRefs.values() } - protected abstract _serialize (normalizedBom: NormalizedBom, options?: SerializeOptions): string + protected abstract _serialize (normalizedBom: NormalizedBom, options?: SerializerOptions): string - protected abstract _normalize (bom: Bom, options?: NormalizeOptions): NormalizedBom + protected abstract _normalize (bom: Bom, options?: NormalizerOptions): NormalizedBom } diff --git a/src/serialize/JSON/normalize.ts b/src/serialize/JSON/normalize.ts index cb3ba85c6..3d95fc485 100644 --- a/src/serialize/JSON/normalize.ts +++ b/src/serialize/JSON/normalize.ts @@ -1,8 +1,8 @@ import { isNotUndefined, Stringable } from '../../helpers/types' import * as Models from '../../models' import { Protocol as Spec, Version as SpecVersion } from '../../spec' -import { NormalizeOptions } from '../types' -import * as Types from './types' +import { NormalizerOptions } from '../types' +import { Normalized, JsonSchema } from './types' export class Factory { readonly spec: Spec @@ -67,9 +67,9 @@ const schemaUrl: ReadonlyMap = new Map([ ]) interface Normalizer { - normalize: (data: object, options: NormalizeOptions) => object | undefined + normalize: (data: object, options: NormalizerOptions) => object | undefined - normalizeIter?: (data: Iterable, options: NormalizeOptions) => object[] + normalizeIter?: (data: Iterable, options: NormalizerOptions) => object[] } abstract class Base implements Normalizer { @@ -79,7 +79,7 @@ abstract class Base implements Normalizer { this._factory = factory } - abstract normalize (data: object, options: NormalizeOptions): object | undefined + abstract normalize (data: object, options: NormalizerOptions): object | undefined } /* eslint-disable @typescript-eslint/prefer-nullish-coalescing, @typescript-eslint/strict-boolean-expressions -- @@ -87,7 +87,7 @@ abstract class Base implements Normalizer { */ export class BomNormalizer extends Base { - normalize (data: Models.Bom, options: NormalizeOptions): Types.Bom { + normalize (data: Models.Bom, options: NormalizerOptions): Normalized.Bom { return { $schema: schemaUrl.get(this._factory.spec.version), bomFormat: 'CycloneDX', @@ -107,7 +107,7 @@ export class BomNormalizer extends Base { } export class MetadataNormalizer extends Base { - normalize (data: Models.Metadata, options: NormalizeOptions): Types.Metadata { + normalize (data: Models.Metadata, options: NormalizerOptions): Normalized.Metadata { const orgEntityNormalizer = this._factory.makeForOrganizationalEntity() return { timestamp: data.timestamp?.toISOString(), @@ -131,7 +131,7 @@ export class MetadataNormalizer extends Base { } export class ToolNormalizer extends Base { - normalize (data: Models.Tool, options: NormalizeOptions): Types.Tool { + normalize (data: Models.Tool, options: NormalizerOptions): Normalized.Tool { return { vendor: data.vendor || undefined, name: data.name || undefined, @@ -142,7 +142,7 @@ export class ToolNormalizer extends Base { } } - normalizeIter (data: Iterable, options: NormalizeOptions): Types.Tool[] { + normalizeIter (data: Iterable, options: NormalizerOptions): Normalized.Tool[] { const tools = Array.from(data) if (options.sortLists ?? false) { tools.sort(Models.ToolRepository.compareItems) @@ -152,7 +152,7 @@ export class ToolNormalizer extends Base { } export class HashNormalizer extends Base { - normalize ([algorithm, content]: Models.Hash, options: NormalizeOptions): Types.Hash | undefined { + normalize ([algorithm, content]: Models.Hash, options: NormalizerOptions): Normalized.Hash | undefined { const spec = this._factory.spec return spec.supportsHashAlgorithm(algorithm) && spec.supportsHashValue(content) ? { @@ -162,7 +162,7 @@ export class HashNormalizer extends Base { : undefined } - normalizeIter (data: Iterable, options: NormalizeOptions): Types.Hash[] { + normalizeIter (data: Iterable, options: NormalizerOptions): Normalized.Hash[] { const hashes = Array.from(data) if (options.sortLists ?? false) { hashes.sort(Models.HashRepository.compareItems) @@ -173,17 +173,17 @@ export class HashNormalizer extends Base { } export class OrganizationalContactNormalizer extends Base { - normalize (data: Models.OrganizationalContact, options: NormalizeOptions): Types.OrganizationalContact { + normalize (data: Models.OrganizationalContact, options: NormalizerOptions): Normalized.OrganizationalContact { return { name: data.name || undefined, - email: Types.JsonSchema.isIdnEmail(data.email) + email: JsonSchema.isIdnEmail(data.email) ? data.email : undefined, phone: data.phone || undefined } } - normalizeIter (data: Iterable, options: NormalizeOptions): Types.OrganizationalContact[] { + normalizeIter (data: Iterable, options: NormalizerOptions): Normalized.OrganizationalContact[] { const contacts = Array.from(data) if (options.sortLists ?? false) { contacts.sort(Models.OrganizationalContactRepository.compareItems) @@ -193,9 +193,9 @@ export class OrganizationalContactNormalizer extends Base { } export class OrganizationalEntityNormalizer extends Base { - normalize (data: Models.OrganizationalEntity, options: NormalizeOptions): Types.OrganizationalEntity { + normalize (data: Models.OrganizationalEntity, options: NormalizerOptions): Normalized.OrganizationalEntity { const urls = normalizeStringableIter(data.url, options) - .filter(Types.JsonSchema.isIriReference) + .filter(JsonSchema.isIriReference) return { name: data.name || undefined, /** must comply to {@link https://datatracker.ietf.org/doc/html/rfc3987} */ @@ -210,7 +210,7 @@ export class OrganizationalEntityNormalizer extends Base { } export class ComponentNormalizer extends Base { - normalize (data: Models.Component, options: NormalizeOptions): Types.Component | undefined { + normalize (data: Models.Component, options: NormalizerOptions): Normalized.Component | undefined { return this._factory.spec.supportsComponentType(data.type) ? { type: data.type, @@ -245,7 +245,7 @@ export class ComponentNormalizer extends Base { : undefined } - normalizeIter (data: Iterable, options: NormalizeOptions): Types.Component[] { + normalizeIter (data: Iterable, options: NormalizerOptions): Normalized.Component[] { const components = Array.from(data) if (options.sortLists ?? false) { components.sort(Models.ComponentRepository.compareItems) @@ -256,7 +256,7 @@ export class ComponentNormalizer extends Base { } export class LicenseNormalizer extends Base { - normalize (data: Models.License, options: NormalizeOptions): Types.License { + normalize (data: Models.License, options: NormalizerOptions): Normalized.License { switch (true) { case data instanceof Models.NamedLicense: return this.#normalizeNamedLicense(data as Models.NamedLicense, options) @@ -269,7 +269,7 @@ export class LicenseNormalizer extends Base { } } - #normalizeNamedLicense (data: Models.NamedLicense, options: NormalizeOptions): Types.NamedLicense { + #normalizeNamedLicense (data: Models.NamedLicense, options: NormalizerOptions): Normalized.NamedLicense { return { license: { name: data.name, @@ -281,7 +281,7 @@ export class LicenseNormalizer extends Base { } } - #normalizeSpdxLicense (data: Models.SpdxLicense, options: NormalizeOptions): Types.SpdxLicense { + #normalizeSpdxLicense (data: Models.SpdxLicense, options: NormalizerOptions): Normalized.SpdxLicense { return { license: { id: data.id, @@ -293,13 +293,13 @@ export class LicenseNormalizer extends Base { } } - #normalizeLicenseExpression (data: Models.LicenseExpression): Types.LicenseExpression { + #normalizeLicenseExpression (data: Models.LicenseExpression): Normalized.LicenseExpression { return { expression: data.expression } } - normalizeIter (data: Iterable, options: NormalizeOptions): Types.License[] { + normalizeIter (data: Iterable, options: NormalizerOptions): Normalized.License[] { const licenses = Array.from(data) if (options.sortLists ?? false) { licenses.sort(Models.LicenseRepository.compareItems) @@ -309,7 +309,7 @@ export class LicenseNormalizer extends Base { } export class SWIDNormalizer extends Base { - normalize (data: Models.SWID, options: NormalizeOptions): Types.SWID { + normalize (data: Models.SWID, options: NormalizerOptions): Normalized.SWID { const url = data.url?.toString() return { tagId: data.tagId, @@ -320,7 +320,7 @@ export class SWIDNormalizer extends Base { text: data.text === null ? undefined : this._factory.makeForAttachment().normalize(data.text, options), - url: Types.JsonSchema.isIriReference(url) + url: JsonSchema.isIriReference(url) ? url : undefined } @@ -328,7 +328,7 @@ export class SWIDNormalizer extends Base { } export class ExternalReferenceNormalizer extends Base { - normalize (data: Models.ExternalReference, options: NormalizeOptions): Types.ExternalReference | undefined { + normalize (data: Models.ExternalReference, options: NormalizerOptions): Normalized.ExternalReference | undefined { return this._factory.spec.supportsExternalReferenceType(data.type) ? { url: data.url.toString(), @@ -338,7 +338,7 @@ export class ExternalReferenceNormalizer extends Base { : undefined } - normalizeIter (data: Iterable, options: NormalizeOptions): Types.ExternalReference[] { + normalizeIter (data: Iterable, options: NormalizerOptions): Normalized.ExternalReference[] { const refs = Array.from(data) if (options.sortLists ?? false) { refs.sort(Models.ExternalReferenceRepository.compareItems) @@ -349,7 +349,7 @@ export class ExternalReferenceNormalizer extends Base { } export class AttachmentNormalizer extends Base { - normalize (data: Models.Attachment, options: NormalizeOptions): Types.Attachment { + normalize (data: Models.Attachment, options: NormalizerOptions): Normalized.Attachment { return { content: data.content, contentType: data.contentType || undefined, @@ -359,7 +359,7 @@ export class AttachmentNormalizer extends Base { } export class DependencyGraphNormalizer extends Base { - normalize (data: Models.Bom, options: NormalizeOptions): Types.Dependency[] | undefined { + normalize (data: Models.Bom, options: NormalizerOptions): Normalized.Dependency[] | undefined { if (!data.metadata.component?.bomRef.value) { // the graph is missing the entry point -> omit the graph return undefined @@ -371,7 +371,7 @@ export class DependencyGraphNormalizer extends Base { } allRefs.set(data.metadata.component.bomRef, data.metadata.component.dependencies) - const normalized: Types.Dependency[] = [] + const normalized: Normalized.Dependency[] = [] for (const [ref, deps] of allRefs) { const dep = this.#normalizeDependency(ref, deps, allRefs, options) if (isNotUndefined(dep)) { @@ -390,8 +390,8 @@ export class DependencyGraphNormalizer extends Base { ref: Models.BomRef, deps: Models.BomRefRepository, allRefs: Map, - options: NormalizeOptions - ): Types.Dependency | undefined { + options: NormalizerOptions + ): Normalized.Dependency | undefined { const bomRef = ref.toString() if (bomRef.length === 0) { // no value -> cannot render @@ -414,7 +414,7 @@ export class DependencyGraphNormalizer extends Base { /* eslint-enable @typescript-eslint/prefer-nullish-coalescing, @typescript-eslint/strict-boolean-expressions */ -function normalizeStringableIter (data: Iterable, options: NormalizeOptions): string[] { +function normalizeStringableIter (data: Iterable, options: NormalizerOptions): string[] { const r: string[] = Array.from(data, d => d.toString()) if (options.sortLists ?? false) { r.sort((a, b) => a.localeCompare(b)) diff --git a/src/serialize/JSON/types.ts b/src/serialize/JSON/types.ts index d02e5a354..e96658fc6 100644 --- a/src/serialize/JSON/types.ts +++ b/src/serialize/JSON/types.ts @@ -5,6 +5,10 @@ import { CPE, Integer, UrnUuid } from '../../types' // eslint-disable-next-line @typescript-eslint/no-namespace export namespace JsonSchema { + + /** + * @see isIriReference + */ export type IriReference = string /** * Test whether format is JSON::iri-reference - best-effort. @@ -17,6 +21,9 @@ export namespace JsonSchema { // TODO add more validation according to spec } + /** + * @see isIdnEmail + */ export type IdnEmail = string /** * Test whether format is JSON::idn-email - best-effort. @@ -30,126 +37,132 @@ export namespace JsonSchema { } export type DateTime = string -} -export type RefType = string - -export interface Bom { - $schema?: string - bomFormat: 'CycloneDX' - specVersion: string - version: Integer - serialNumber?: UrnUuid - metadata?: Metadata - components?: Component[] - externalReferences?: ExternalReference[] - dependencies?: Dependency[] } -export interface Metadata { - timestamp?: JsonSchema.DateTime - tools?: Tool[] - authors?: OrganizationalContact[] - component?: Component - manufacture?: OrganizationalEntity - supplier?: OrganizationalEntity - licenses?: License[] -} +// eslint-disable-next-line @typescript-eslint/no-namespace +export namespace Normalized { + + export type RefType = string + + export interface Bom { + $schema?: string + bomFormat: 'CycloneDX' + specVersion: string + version: Integer + serialNumber?: UrnUuid + metadata?: Metadata + components?: Component[] + externalReferences?: ExternalReference[] + dependencies?: Dependency[] + } -export interface Tool { - vendor?: string - name?: string - version?: string - hashes?: Hash[] - externalReferences?: ExternalReference[] -} + export interface Metadata { + timestamp?: JsonSchema.DateTime + tools?: Tool[] + authors?: OrganizationalContact[] + component?: Component + manufacture?: OrganizationalEntity + supplier?: OrganizationalEntity + licenses?: License[] + } -export interface OrganizationalContact { - name?: string - email?: JsonSchema.IdnEmail - phone?: string -} + export interface Tool { + vendor?: string + name?: string + version?: string + hashes?: Hash[] + externalReferences?: ExternalReference[] + } -export interface OrganizationalEntity { - name?: string - url?: JsonSchema.IriReference[] - contact?: OrganizationalContact[] -} + export interface OrganizationalContact { + name?: string + email?: JsonSchema.IdnEmail + phone?: string + } -export interface Hash { - alg: Enums.HashAlgorithm - content: HashContent -} + export interface OrganizationalEntity { + name?: string + url?: JsonSchema.IriReference[] + contact?: OrganizationalContact[] + } -export interface Component { - type: Enums.ComponentType - name: string - 'mime-type'?: string - 'bom-ref'?: RefType - supplier?: OrganizationalEntity - author?: string - publisher?: string - group?: string - version?: string - description?: string - scope?: Enums.ComponentScope - hashes?: Hash[] - licenses?: License[] - copyright?: string - cpe?: CPE - purl?: string - swid?: SWID - modified?: boolean - externalReferences?: ExternalReference[] - components?: Component[] -} + export interface Hash { + alg: Enums.HashAlgorithm + content: HashContent + } -export interface NamedLicense { - license: { + export interface Component { + type: Enums.ComponentType name: string - text?: Attachment - url?: string + 'mime-type'?: string + 'bom-ref'?: RefType + supplier?: OrganizationalEntity + author?: string + publisher?: string + group?: string + version?: string + description?: string + scope?: Enums.ComponentScope + hashes?: Hash[] + licenses?: License[] + copyright?: string + cpe?: CPE + purl?: string + swid?: SWID + modified?: boolean + externalReferences?: ExternalReference[] + components?: Component[] } -} -export interface SpdxLicense { - license: { - /** @see {@link http://cyclonedx.org/schema/spdx} */ - id: SpdxId - text?: Attachment - url?: string + export interface NamedLicense { + license: { + name: string + text?: Attachment + url?: string + } } -} -export interface LicenseExpression { - expression: string -} + export interface SpdxLicense { + license: { + /** @see {@link http://cyclonedx.org/schema/spdx} */ + id: SpdxId + text?: Attachment + url?: string + } + } -export type License = NamedLicense | SpdxLicense | LicenseExpression + export interface LicenseExpression { + expression: string + } -export interface SWID { - tagId: string - name: string - version?: string - tagVersion?: Integer - patch?: boolean - text?: Attachment - url?: JsonSchema.IriReference -} + export type License = NamedLicense | SpdxLicense | LicenseExpression -export interface ExternalReference { - url: string - type: Enums.ExternalReferenceType - comment?: string -} + export interface SWID { + tagId: string + name: string + version?: string + tagVersion?: Integer + patch?: boolean + text?: Attachment + url?: JsonSchema.IriReference + } -export interface Attachment { - content?: string - contentType?: string - encoding?: Enums.AttachmentEncoding -} + export interface ExternalReference { + url: string + type: Enums.ExternalReferenceType + comment?: string + } + + export interface Attachment { + content?: string + contentType?: string + encoding?: Enums.AttachmentEncoding + } + + export interface Dependency { + ref: RefType + dependsOn?: RefType[] + } -export interface Dependency { - ref: RefType - dependsOn?: RefType[] } diff --git a/src/serialize/JsonSerializer.ts b/src/serialize/JsonSerializer.ts index 38b587e41..500bfca8d 100644 --- a/src/serialize/JsonSerializer.ts +++ b/src/serialize/JsonSerializer.ts @@ -1,14 +1,14 @@ import { Bom } from '../models' import { Format, UnsupportedFormatError } from '../spec' -import { SerializeOptions, NormalizeOptions } from './types' +import { SerializerOptions, NormalizerOptions } from './types' import { BaseSerializer } from './BaseSerializer' import { Factory as NormalizerFactory } from './JSON/normalize' -import { Bom as NormalizedBom } from './JSON/types' +import { Normalized } from './JSON/types' /** * Multi purpose Json serializer. */ -export class JsonSerializer extends BaseSerializer { +export class JsonSerializer extends BaseSerializer { readonly #normalizerFactory: NormalizerFactory /** @@ -24,16 +24,16 @@ export class JsonSerializer extends BaseSerializer { } protected _serialize ( - bom: NormalizedBom, - { space }: SerializeOptions = {} + bom: Normalized.Bom, + { space }: SerializerOptions = {} ): string { return JSON.stringify(bom, null, space) } protected _normalize ( bom: Bom, - { sortLists }: NormalizeOptions = {} - ): NormalizedBom { + { sortLists }: NormalizerOptions = {} + ): Normalized.Bom { return this.#normalizerFactory.makeForBom() .normalize(bom, { sortLists }) } diff --git a/src/serialize/XML/normalize.ts b/src/serialize/XML/normalize.ts index d8fda74a3..b2623bffb 100644 --- a/src/serialize/XML/normalize.ts +++ b/src/serialize/XML/normalize.ts @@ -1,8 +1,8 @@ import { isNotUndefined, Stringable } from '../../helpers/types' import * as Models from '../../models' import { Protocol as Spec, Version as SpecVersion } from '../../spec' -import { NormalizeOptions } from '../types' -import * as Types from './types' +import { NormalizerOptions } from '../types' +import { XmlSchema, SimpleXml } from './types' export class Factory { readonly spec: Spec @@ -67,9 +67,9 @@ const xmlNamespace: ReadonlyMap = new Map([ ]) interface Normalizer { - normalize: (data: object, options: NormalizeOptions, elementName?: string) => object | undefined + normalize: (data: object, options: NormalizerOptions, elementName?: string) => object | undefined - normalizeIter?: (data: Iterable, options: NormalizeOptions, elementName: string) => object[] + normalizeIter?: (data: Iterable, options: NormalizerOptions, elementName: string) => object[] } abstract class Base implements Normalizer { @@ -81,10 +81,10 @@ abstract class Base implements Normalizer { /** * @param {*} data - * @param {NormalizeOptions} options + * @param {NormalizerOptions} options * @param {string} [elementName] element name. XML defines structures; the element's name is defined on usage of a structure. */ - abstract normalize (data: object, options: NormalizeOptions, elementName?: string): object | undefined + abstract normalize (data: object, options: NormalizerOptions, elementName?: string): object | undefined } /* eslint-disable @typescript-eslint/prefer-nullish-coalescing, @typescript-eslint/strict-boolean-expressions -- @@ -92,8 +92,8 @@ abstract class Base implements Normalizer { */ export class BomNormalizer extends Base { - normalize (data: Models.Bom, options: NormalizeOptions): Types.SimpleXml.Element { - const components: Types.SimpleXml.Element = { + normalize (data: Models.Bom, options: NormalizerOptions): SimpleXml.Element { + const components: SimpleXml.Element = { // spec < 1.4 always requires a 'components' element type: 'element', name: 'components', @@ -123,23 +123,23 @@ export class BomNormalizer extends Base { } export class MetadataNormalizer extends Base { - normalize (data: Models.Metadata, options: NormalizeOptions, elementName: string): Types.SimpleXml.Element { + normalize (data: Models.Metadata, options: NormalizerOptions, elementName: string): SimpleXml.Element { const orgEntityNormalizer = this._factory.makeForOrganizationalEntity() - const timestamp: Types.SimpleXml.Element | undefined = data.timestamp === null + const timestamp: SimpleXml.Element | undefined = data.timestamp === null ? undefined : { type: 'element', name: 'timestamp', children: data.timestamp.toISOString() } - const tools: Types.SimpleXml.Element | undefined = data.tools.size > 0 + const tools: SimpleXml.Element | undefined = data.tools.size > 0 ? { type: 'element', name: 'tools', children: this._factory.makeForTool().normalizeIter(data.tools, options, 'tool') } : undefined - const authors: Types.SimpleXml.Element | undefined = data.authors.size > 0 + const authors: SimpleXml.Element | undefined = data.authors.size > 0 ? { type: 'element', name: 'authors', @@ -168,8 +168,8 @@ export class MetadataNormalizer extends Base { } export class ToolNormalizer extends Base { - normalize (data: Models.Tool, options: NormalizeOptions, elementName: string): Types.SimpleXml.Element { - const hashes: Types.SimpleXml.Element | undefined = data.hashes.size > 0 + normalize (data: Models.Tool, options: NormalizerOptions, elementName: string): SimpleXml.Element { + const hashes: SimpleXml.Element | undefined = data.hashes.size > 0 ? { type: 'element', name: 'hashes', @@ -188,7 +188,7 @@ export class ToolNormalizer extends Base { } } - normalizeIter (data: Iterable, options: NormalizeOptions, elementName: string): Types.SimpleXml.Element[] { + normalizeIter (data: Iterable, options: NormalizerOptions, elementName: string): SimpleXml.Element[] { const tools = Array.from(data) if (options.sortLists) { tools.sort(Models.ToolRepository.compareItems) @@ -198,7 +198,7 @@ export class ToolNormalizer extends Base { } export class HashNormalizer extends Base { - normalize ([algorithm, content]: Models.Hash, options: NormalizeOptions, elementName: string): Types.SimpleXml.Element | undefined { + normalize ([algorithm, content]: Models.Hash, options: NormalizerOptions, elementName: string): SimpleXml.Element | undefined { const spec = this._factory.spec return spec.supportsHashAlgorithm(algorithm) && spec.supportsHashValue(content) ? { @@ -210,7 +210,7 @@ export class HashNormalizer extends Base { : undefined } - normalizeIter (data: Iterable, options: NormalizeOptions, elementName: string): Types.SimpleXml.Element[] { + normalizeIter (data: Iterable, options: NormalizerOptions, elementName: string): SimpleXml.Element[] { const hashes = Array.from(data) if (options.sortLists ?? false) { hashes.sort(Models.HashRepository.compareItems) @@ -221,7 +221,7 @@ export class HashNormalizer extends Base { } export class OrganizationalContactNormalizer extends Base { - normalize (data: Models.OrganizationalContact, options: NormalizeOptions, elementName: string): Types.SimpleXml.Element { + normalize (data: Models.OrganizationalContact, options: NormalizerOptions, elementName: string): SimpleXml.Element { return { type: 'element', name: elementName, @@ -233,7 +233,7 @@ export class OrganizationalContactNormalizer extends Base { } } - normalizeIter (data: Iterable, options: NormalizeOptions, elementName: string): Types.SimpleXml.Element[] { + normalizeIter (data: Iterable, options: NormalizerOptions, elementName: string): SimpleXml.Element[] { const contacts = Array.from(data) if (options.sortLists ?? false) { contacts.sort(Models.OrganizationalContactRepository.compareItems) @@ -243,14 +243,14 @@ export class OrganizationalContactNormalizer extends Base { } export class OrganizationalEntityNormalizer extends Base { - normalize (data: Models.OrganizationalEntity, options: NormalizeOptions, elementName: string): Types.SimpleXml.Element { + normalize (data: Models.OrganizationalEntity, options: NormalizerOptions, elementName: string): SimpleXml.Element { return { type: 'element', name: elementName, children: [ makeOptionalTextElement(data.name, 'name'), ...makeTextElementIter(data.url, options, 'url') - .filter(({ children: u }) => Types.XmlSchema.isAnyURI(u)), + .filter(({ children: u }) => XmlSchema.isAnyURI(u)), ...this._factory.makeForOrganizationalContact().normalizeIter(data.contact, options, 'contact') ].filter(isNotUndefined) } @@ -258,31 +258,31 @@ export class OrganizationalEntityNormalizer extends Base { } export class ComponentNormalizer extends Base { - normalize (data: Models.Component, options: NormalizeOptions, elementName: string): Types.SimpleXml.Element | undefined { + normalize (data: Models.Component, options: NormalizerOptions, elementName: string): SimpleXml.Element | undefined { if (!this._factory.spec.supportsComponentType(data.type)) { return undefined } - const supplier: Types.SimpleXml.Element | undefined = data.supplier === null + const supplier: SimpleXml.Element | undefined = data.supplier === null ? undefined : this._factory.makeForOrganizationalEntity().normalize(data.supplier, options, 'supplier') - const hashes: Types.SimpleXml.Element | undefined = data.hashes.size > 0 + const hashes: SimpleXml.Element | undefined = data.hashes.size > 0 ? { type: 'element', name: 'hashes', children: this._factory.makeForHash().normalizeIter(data.hashes, options, 'hash') } : undefined - const licenses: Types.SimpleXml.Element | undefined = data.licenses.size > 0 + const licenses: SimpleXml.Element | undefined = data.licenses.size > 0 ? { type: 'element', name: 'licenses', children: this._factory.makeForLicense().normalizeIter(data.licenses, options) } : undefined - const swid: Types.SimpleXml.Element | undefined = data.swid === null + const swid: SimpleXml.Element | undefined = data.swid === null ? undefined : this._factory.makeForSWID().normalize(data.swid, options, 'swid') - const extRefs: Types.SimpleXml.Element | undefined = data.externalReferences.size > 0 + const extRefs: SimpleXml.Element | undefined = data.externalReferences.size > 0 ? { type: 'element', name: 'externalReferences', @@ -320,7 +320,7 @@ export class ComponentNormalizer extends Base { } } - normalizeIter (data: Iterable, options: NormalizeOptions, elementName: string): Types.SimpleXml.Element[] { + normalizeIter (data: Iterable, options: NormalizerOptions, elementName: string): SimpleXml.Element[] { const components = Array.from(data) if (options.sortLists ?? false) { components.sort(Models.ComponentRepository.compareItems) @@ -331,7 +331,7 @@ export class ComponentNormalizer extends Base { } export class LicenseNormalizer extends Base { - normalize (data: Models.License, options: NormalizeOptions): Types.SimpleXml.Element { + normalize (data: Models.License, options: NormalizerOptions): SimpleXml.Element { switch (true) { case data instanceof Models.NamedLicense: return this.#normalizeNamedLicense(data as Models.NamedLicense, options) @@ -344,7 +344,7 @@ export class LicenseNormalizer extends Base { } } - #normalizeNamedLicense (data: Models.NamedLicense, options: NormalizeOptions): Types.SimpleXml.Element { + #normalizeNamedLicense (data: Models.NamedLicense, options: NormalizerOptions): SimpleXml.Element { const url = data.url?.toString() return { type: 'element', @@ -354,14 +354,14 @@ export class LicenseNormalizer extends Base { data.text === null ? undefined : this._factory.makeForAttachment().normalize(data.text, options, 'text'), - Types.XmlSchema.isAnyURI(url) + XmlSchema.isAnyURI(url) ? makeTextElement(url, 'url') : undefined ].filter(isNotUndefined) } } - #normalizeSpdxLicense (data: Models.SpdxLicense, options: NormalizeOptions): Types.SimpleXml.Element { + #normalizeSpdxLicense (data: Models.SpdxLicense, options: NormalizerOptions): SimpleXml.Element { const url = data.url?.toString() return { type: 'element', @@ -371,18 +371,18 @@ export class LicenseNormalizer extends Base { data.text === null ? undefined : this._factory.makeForAttachment().normalize(data.text, options, 'text'), - Types.XmlSchema.isAnyURI(url) + XmlSchema.isAnyURI(url) ? makeTextElement(url, 'url') : undefined ].filter(isNotUndefined) } } - #normalizeLicenseExpression (data: Models.LicenseExpression): Types.SimpleXml.Element { + #normalizeLicenseExpression (data: Models.LicenseExpression): SimpleXml.Element { return makeTextElement(data.expression, 'expression') } - normalizeIter (data: Models.LicenseRepository, options: NormalizeOptions): Types.SimpleXml.Element[] { + normalizeIter (data: Models.LicenseRepository, options: NormalizerOptions): SimpleXml.Element[] { const licenses = Array.from(data) if (options.sortLists ?? false) { licenses.sort(Models.LicenseRepository.compareItems) @@ -392,7 +392,7 @@ export class LicenseNormalizer extends Base { } export class SWIDNormalizer extends Base { - normalize (data: Models.SWID, options: NormalizeOptions, elementName: string): Types.SimpleXml.Element { + normalize (data: Models.SWID, options: NormalizerOptions, elementName: string): SimpleXml.Element { const url = data.url?.toString() return { type: 'element', @@ -410,7 +410,7 @@ export class SWIDNormalizer extends Base { data.text === null ? undefined : this._factory.makeForAttachment().normalize(data.text, options, 'text'), - Types.XmlSchema.isAnyURI(url) + XmlSchema.isAnyURI(url) ? makeTextElement(url, 'url') : undefined ].filter(isNotUndefined) @@ -419,10 +419,10 @@ export class SWIDNormalizer extends Base { } export class ExternalReferenceNormalizer extends Base { - normalize (data: Models.ExternalReference, options: NormalizeOptions, elementName: string): Types.SimpleXml.Element | undefined { + normalize (data: Models.ExternalReference, options: NormalizerOptions, elementName: string): SimpleXml.Element | undefined { const url = data.url.toString() return this._factory.spec.supportsExternalReferenceType(data.type) && - Types.XmlSchema.isAnyURI(url) + XmlSchema.isAnyURI(url) ? { type: 'element', name: elementName, @@ -437,7 +437,7 @@ export class ExternalReferenceNormalizer extends Base { : undefined } - normalizeIter (data: Iterable, options: NormalizeOptions, elementName: string): Types.SimpleXml.Element[] { + normalizeIter (data: Iterable, options: NormalizerOptions, elementName: string): SimpleXml.Element[] { const references = Array.from(data) if (options.sortLists ?? false) { references.sort(Models.ExternalReferenceRepository.compareItems) @@ -448,7 +448,7 @@ export class ExternalReferenceNormalizer extends Base { } export class AttachmentNormalizer extends Base { - normalize (data: Models.Attachment, options: NormalizeOptions, elementName: string): Types.SimpleXml.Element { + normalize (data: Models.Attachment, options: NormalizerOptions, elementName: string): SimpleXml.Element { return { type: 'element', name: elementName, @@ -462,7 +462,7 @@ export class AttachmentNormalizer extends Base { } export class DependencyGraphNormalizer extends Base { - normalize (data: Models.Bom, options: NormalizeOptions, elementName: string): Types.SimpleXml.Element | undefined { + normalize (data: Models.Bom, options: NormalizerOptions, elementName: string): SimpleXml.Element | undefined { if (!data.metadata.component?.bomRef.value) { // the graph is missing the entry point -> omit the graph return undefined @@ -474,7 +474,7 @@ export class DependencyGraphNormalizer extends Base { } allRefs.set(data.metadata.component.bomRef, data.metadata.component.dependencies) - const normalized: Array<(Types.SimpleXml.Element & { attributes: { ref: string } })> = [] + const normalized: Array<(SimpleXml.Element & { attributes: { ref: string } })> = [] for (const [ref, deps] of allRefs) { const dep = this.#normalizeDependency(ref, deps, allRefs, options) if (isNotUndefined(dep)) { @@ -497,8 +497,8 @@ export class DependencyGraphNormalizer extends Base { ref: Models.BomRef, deps: Models.BomRefRepository, allRefs: Map, - options: NormalizeOptions - ): undefined | (Types.SimpleXml.Element & { attributes: { ref: string } }) { + options: NormalizerOptions + ): undefined | (SimpleXml.Element & { attributes: { ref: string } }) { const bomRef = ref.toString() if (bomRef.length === 0) { // no value -> cannot render @@ -526,7 +526,7 @@ export class DependencyGraphNormalizer extends Base { /* eslint-enable @typescript-eslint/prefer-nullish-coalescing, @typescript-eslint/strict-boolean-expressions */ -type StrictTextElement = Types.SimpleXml.TextElement & { children: string } +type StrictTextElement = SimpleXml.TextElement & { children: string } function makeOptionalTextElement (data: null | undefined | Stringable, elementName: string): undefined | StrictTextElement { const s = data?.toString() ?? '' @@ -543,7 +543,7 @@ function makeTextElement (data: Stringable, elementName: string): StrictTextElem } } -function makeTextElementIter (data: Iterable, options: NormalizeOptions, elementName: string): StrictTextElement[] { +function makeTextElementIter (data: Iterable, options: NormalizerOptions, elementName: string): StrictTextElement[] { const r: StrictTextElement[] = Array.from(data, d => makeTextElement(d, elementName)) if (options.sortLists ?? false) { r.sort(({ children: a }, { children: b }) => a.localeCompare(b)) diff --git a/src/serialize/XML/types.ts b/src/serialize/XML/types.ts index 0a6ccd22b..635308e17 100644 --- a/src/serialize/XML/types.ts +++ b/src/serialize/XML/types.ts @@ -1,5 +1,9 @@ // eslint-disable-next-line @typescript-eslint/no-namespace export namespace XmlSchema { + + /** + * @see isAnyURI + */ export type AnyURI = string /** * Test whether format is XML::anyURI - best-effort. @@ -13,6 +17,7 @@ export namespace XmlSchema { Array.from(value).filter(c => c === '#').length <= 1 // TODO add more validation according to spec } + } // eslint-disable-next-line @typescript-eslint/no-namespace diff --git a/src/serialize/XmlSerializer.ts b/src/serialize/XmlSerializer.ts index 7ad249e81..6bf813990 100644 --- a/src/serialize/XmlSerializer.ts +++ b/src/serialize/XmlSerializer.ts @@ -1,7 +1,7 @@ import { Bom } from '../models' import { Format, UnsupportedFormatError } from '../spec' import { BaseSerializer } from './BaseSerializer' -import { NormalizeOptions } from './types' +import { NormalizerOptions } from './types' import { Factory as NormalizerFactory } from './XML/normalize' import { SimpleXml } from './XML/types' @@ -25,7 +25,7 @@ export abstract class BaseXmlSerializer extends BaseSerializer string + serialize: (bom: Bom, options?: SerializerOptions & NormalizerOptions) => string } diff --git a/src/types/CPE.ts b/src/types/CPE.ts index 24b20dd5e..35be9f5ea 100644 --- a/src/types/CPE.ts +++ b/src/types/CPE.ts @@ -1,6 +1,7 @@ /** * Define the format for acceptable CPE URIs. Supports CPE 2.2 and CPE 2.3 formats. * Refer to {@link https://nvd.nist.gov/products/cpe} for official specification. + * @see isCPE */ export type CPE = string diff --git a/src/types/urn.ts b/src/types/URN.ts similarity index 81% rename from src/types/urn.ts rename to src/types/URN.ts index 1cd601c21..570680e75 100644 --- a/src/types/urn.ts +++ b/src/types/URN.ts @@ -1,9 +1,11 @@ /** * Defines a string representation of a UUID conforming to RFC 4122. * @see {@link https://datatracker.ietf.org/doc/html/rfc4122} + * @see isUrnUuid */ export type UrnUuid = string +/* regular expression was taken from the CycloneDX schema definitions. */ const urnUuidPattern = /^urn:uuid:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/ export function isUrnUuid (value: any): value is UrnUuid { diff --git a/src/types/index.ts b/src/types/index.ts index 990a90276..87aeddd77 100644 --- a/src/types/index.ts +++ b/src/types/index.ts @@ -1,4 +1,4 @@ export * from './CPE' export * from './integer' export * from './mimeType' -export * from './urn' +export * from './URN' diff --git a/src/types/integer.ts b/src/types/integer.ts index 450e1c18f..f7512e419 100644 --- a/src/types/integer.ts +++ b/src/types/integer.ts @@ -1,5 +1,5 @@ /** - * integer + * Integer * @see isInteger */ export type Integer = number | NonNegativeInteger @@ -9,7 +9,7 @@ export function isInteger (value: any): value is Integer { } /** - * integer >= 0 + * Integer >= 0 * @see isNonNegativeInteger */ export type NonNegativeInteger = number | PositiveInteger @@ -20,7 +20,7 @@ export function isNonNegativeInteger (value: any): value is NonNegativeInteger { } /** - * integer > 0 + * Integer > 0 * @see isPositiveInteger */ export type PositiveInteger = number diff --git a/src/types/mimeType.ts b/src/types/mimeType.ts index 2fa7371d9..49bd0d0f9 100644 --- a/src/types/mimeType.ts +++ b/src/types/mimeType.ts @@ -1,5 +1,9 @@ +/** + * @see isMimeType + */ export type MimeType = string +/* regular expression was taken from the CycloneDX schema definitions. */ const mimeTypePattern = /^[-+a-z0-9.]+\/[-+a-z0-9.]+$/ export function isMimeType (value: any): value is MimeType { diff --git a/tsconfig.json b/tsconfig.json index 70ba94fbb..6ebeb6d9e 100644 --- a/tsconfig.json +++ b/tsconfig.json @@ -105,5 +105,5 @@ "exclude": [ "node_modules", "**/*.spec.ts", "**/*.test.ts" - ], + ] } From 9a850079f5172eb70f61f7fd363a61a0e4203d75 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Fri, 27 May 2022 10:30:59 +0200 Subject: [PATCH 139/233] wip Signed-off-by: Jan Kowalleck --- src/serialize/{XmlSerializer.ts => XmlBaseSerializer.ts} | 2 +- src/serialize/XmlSerializer.web.ts | 4 ++-- src/serialize/index.ts | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) rename src/serialize/{XmlSerializer.ts => XmlBaseSerializer.ts} (93%) diff --git a/src/serialize/XmlSerializer.ts b/src/serialize/XmlBaseSerializer.ts similarity index 93% rename from src/serialize/XmlSerializer.ts rename to src/serialize/XmlBaseSerializer.ts index 6bf813990..f1016456a 100644 --- a/src/serialize/XmlSerializer.ts +++ b/src/serialize/XmlBaseSerializer.ts @@ -8,7 +8,7 @@ import { SimpleXml } from './XML/types' /** * Base XML serializer. */ -export abstract class BaseXmlSerializer extends BaseSerializer { +export abstract class XmlBaseSerializer extends BaseSerializer { readonly #normalizerFactory: NormalizerFactory /** diff --git a/src/serialize/XmlSerializer.web.ts b/src/serialize/XmlSerializer.web.ts index beea96e63..3e46342a7 100644 --- a/src/serialize/XmlSerializer.web.ts +++ b/src/serialize/XmlSerializer.web.ts @@ -1,13 +1,13 @@ import { isNotUndefined } from '../helpers/types' import { SerializerOptions } from './types' -import { BaseXmlSerializer } from './XmlSerializer' +import { XmlBaseSerializer } from './XmlBaseSerializer' import { SimpleXml } from './XML/types' /** * XML serializer for web browsers. * @TODO this class is not final, unclear if it should be part of this dist. */ -export class XmlSerializerForWebBrowser extends BaseXmlSerializer { +export class XmlSerializerForWebBrowser extends XmlBaseSerializer { protected _serialize ( normalizedBom: SimpleXml.Element, options: SerializerOptions = {} diff --git a/src/serialize/index.ts b/src/serialize/index.ts index fa97385c3..d0fa46365 100644 --- a/src/serialize/index.ts +++ b/src/serialize/index.ts @@ -7,5 +7,5 @@ export * as JSON from './JSON' export * from './JsonSerializer' export * as XML from './XML' -export * from './XmlSerializer' +export * from './XmlBaseSerializer' // export * from './XmlSerializer.web' // not public, yet From 9e27c7af428ee9e727e579f527cf6c2621a12e56 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Fri, 27 May 2022 12:48:10 +0200 Subject: [PATCH 140/233] bring CI/CT for windows nd macos (#43) fixes #16 Signed-off-by: Jan Kowalleck --- .github/workflows/nodejs.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/nodejs.yml b/.github/workflows/nodejs.yml index d79fd2b60..2f660bf56 100644 --- a/.github/workflows/nodejs.yml +++ b/.github/workflows/nodejs.yml @@ -36,7 +36,7 @@ jobs: cache-dependency-path: "**/package-lock.json" - name: setup project run: npm ci --ignore-scripts - - name: build ${{ matrix.target }} + - name: build for ${{ matrix.target }} run: npm run build:${{ matrix.target }} - name: artifact build result # see https://github.com/actions/upload-artifact @@ -61,8 +61,8 @@ jobs: - "14.0.0" # lowest supported os: - ubuntu-latest - # - macos-latest - # - windows-latest + - macos-latest + - windows-latest timeout-minutes: 30 steps: - name: Checkout From 1a6a56b24c25f2d81ab58c021ae7071a50094b57 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Fri, 27 May 2022 14:27:03 +0200 Subject: [PATCH 141/233] wip (#42) Signed-off-by: Jan Kowalleck --- examples/web-browser.html | 6 ++++++ package.json | 6 +++--- src/_index.node.ts | 8 ++++++++ src/{index.ts => _index.web.ts} | 2 +- src/serialize/XmlSerializer.web.ts | 3 +-- src/serialize/_index.node.ts | 7 +++++++ src/serialize/_index.web.ts | 4 ++++ src/serialize/index.ts | 6 ++---- tsconfig.node.json | 8 ++++++++ tsconfig.web.json | 8 ++++++++ webpack.config.js | 3 ++- 11 files changed, 50 insertions(+), 11 deletions(-) create mode 100644 src/_index.node.ts rename src/{index.ts => _index.web.ts} (83%) create mode 100644 src/serialize/_index.node.ts create mode 100644 src/serialize/_index.web.ts create mode 100644 tsconfig.node.json create mode 100644 tsconfig.web.json diff --git a/examples/web-browser.html b/examples/web-browser.html index bb93a9ebd..774db3c37 100644 --- a/examples/web-browser.html +++ b/examples/web-browser.html @@ -24,6 +24,12 @@ cdx.Spec.Spec1dot4)) const serializedJson = jsonSerializer.serialize(bom) console.log(serializedJson) + + const xmlSerializer = new cdx.Serialize.XmlSerializer( + new cdx.Serialize.XML.Normalize.Factory( + cdx.Spec.Spec1dot4)) + const serializedXML = xmlSerializer.serialize(bom) + console.log(serializedXML) diff --git a/package.json b/package.json index 375cb3ff0..f1c15c08f 100644 --- a/package.json +++ b/package.json @@ -34,8 +34,8 @@ "webpack-cli": "4.9.2" }, "browser": "dist.web/lib.js", - "main": "dist.node/index.js", - "types": "src/index.ts", + "main": "dist.node/_index.node.js", + "types": "src/_index.node.ts", "directories": { "lib": "dist.node", "doc": "docs", @@ -47,7 +47,7 @@ "lint": "tsc --noEmit", "build": "npm run build:node && npm run build:web", "prebuild:node": "node -r fs -e 'fs.rmSync(\"dist.node\",{recursive:true,force:true})'", - "build:node": "tsc --build", + "build:node": "tsc -b ./tsconfig.node.json", "prebuild:web": "node -r fs -e 'fs.rmSync(\"dist.web\",{recursive:true,force:true})'", "build:web": "webpack", "cs-fix": "ts-standard --fix", diff --git a/src/_index.node.ts b/src/_index.node.ts new file mode 100644 index 000000000..8543a5885 --- /dev/null +++ b/src/_index.node.ts @@ -0,0 +1,8 @@ +export * as Types from './types' +export * as Enums from './enums' +export * as SPDX from './SPDX' +export * as Models from './models' +export * as Factories from './factories' +export * as Spec from './spec' +export * as Serialize from './serialize/_index.node' +// do not export the helpers, they are for internal use only diff --git a/src/index.ts b/src/_index.web.ts similarity index 83% rename from src/index.ts rename to src/_index.web.ts index f68914b05..32057ebe0 100644 --- a/src/index.ts +++ b/src/_index.web.ts @@ -4,5 +4,5 @@ export * as SPDX from './SPDX' export * as Models from './models' export * as Factories from './factories' export * as Spec from './spec' -export * as Serialize from './serialize' +export * as Serialize from './serialize/_index.web' // do not export the helpers, they are for internal use only diff --git a/src/serialize/XmlSerializer.web.ts b/src/serialize/XmlSerializer.web.ts index 3e46342a7..50e82a513 100644 --- a/src/serialize/XmlSerializer.web.ts +++ b/src/serialize/XmlSerializer.web.ts @@ -5,9 +5,8 @@ import { SimpleXml } from './XML/types' /** * XML serializer for web browsers. - * @TODO this class is not final, unclear if it should be part of this dist. */ -export class XmlSerializerForWebBrowser extends XmlBaseSerializer { +export class XmlSerializer extends XmlBaseSerializer { protected _serialize ( normalizedBom: SimpleXml.Element, options: SerializerOptions = {} diff --git a/src/serialize/_index.node.ts b/src/serialize/_index.node.ts new file mode 100644 index 000000000..09cd2a9f4 --- /dev/null +++ b/src/serialize/_index.node.ts @@ -0,0 +1,7 @@ +export * from './' + +export * from './JsonSerializer' + +// There is no general serializer, as node lacks global XML support. +// Therefore, a BaseSerializer for XML is published +export * from './XmlBaseSerializer' diff --git a/src/serialize/_index.web.ts b/src/serialize/_index.web.ts new file mode 100644 index 000000000..a96bdae02 --- /dev/null +++ b/src/serialize/_index.web.ts @@ -0,0 +1,4 @@ +export * from './' + +export * from './JsonSerializer' +export * from './XmlSerializer.web' diff --git a/src/serialize/index.ts b/src/serialize/index.ts index d0fa46365..74ae45c08 100644 --- a/src/serialize/index.ts +++ b/src/serialize/index.ts @@ -1,11 +1,9 @@ +// not everything is public, yet + export * as Types from './types' export * from './BomRefDiscriminator' export * from './BaseSerializer' export * as JSON from './JSON' -export * from './JsonSerializer' - export * as XML from './XML' -export * from './XmlBaseSerializer' -// export * from './XmlSerializer.web' // not public, yet diff --git a/tsconfig.node.json b/tsconfig.node.json new file mode 100644 index 000000000..b48452a94 --- /dev/null +++ b/tsconfig.node.json @@ -0,0 +1,8 @@ +{ + "$schema": "https://json.schemastore.org/tsconfig", + "extends": "./tsconfig.json", + "files": ["src/_index.node.ts"], + "exclude": [ + "src/**/*.web.ts" + ] +} diff --git a/tsconfig.web.json b/tsconfig.web.json new file mode 100644 index 000000000..154089083 --- /dev/null +++ b/tsconfig.web.json @@ -0,0 +1,8 @@ +{ + "$schema": "https://json.schemastore.org/tsconfig", + "extends": "./tsconfig.json", + "files": ["src/_index.web.ts"], + "exclude": [ + "src/**/*.node.ts" + ] +} diff --git a/webpack.config.js b/webpack.config.js index b8e2e0447..46fcfe138 100644 --- a/webpack.config.js +++ b/webpack.config.js @@ -13,6 +13,7 @@ const configBase = { loader: 'ts-loader', // see https://github.com/TypeStrong/ts-loader options: { + configFile: 'tsconfig.web.json', compilerOptions: { // in here parts of typescript compiler can be overridden } @@ -23,7 +24,7 @@ const configBase = { resolve: { extensions: ['.tsx', '.ts'] }, - entry: path.resolve(__dirname, 'src/index.ts'), + entry: path.resolve(__dirname, 'src/_index.web.ts'), output: { path: path.resolve(__dirname, 'dist.web'), // filename: '', From 615746f33033c5473d34566b7cc784acad1a16ef Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Fri, 27 May 2022 16:05:43 +0200 Subject: [PATCH 142/233] wip Signed-off-by: Jan Kowalleck --- src/serialize/_index.node.ts | 2 -- src/serialize/_index.web.ts | 1 - src/serialize/index.ts | 4 +++- 3 files changed, 3 insertions(+), 4 deletions(-) diff --git a/src/serialize/_index.node.ts b/src/serialize/_index.node.ts index 09cd2a9f4..6ff3ff0e4 100644 --- a/src/serialize/_index.node.ts +++ b/src/serialize/_index.node.ts @@ -1,7 +1,5 @@ export * from './' -export * from './JsonSerializer' - // There is no general serializer, as node lacks global XML support. // Therefore, a BaseSerializer for XML is published export * from './XmlBaseSerializer' diff --git a/src/serialize/_index.web.ts b/src/serialize/_index.web.ts index a96bdae02..c42392328 100644 --- a/src/serialize/_index.web.ts +++ b/src/serialize/_index.web.ts @@ -1,4 +1,3 @@ export * from './' -export * from './JsonSerializer' export * from './XmlSerializer.web' diff --git a/src/serialize/index.ts b/src/serialize/index.ts index 74ae45c08..f970bba07 100644 --- a/src/serialize/index.ts +++ b/src/serialize/index.ts @@ -2,8 +2,10 @@ export * as Types from './types' -export * from './BomRefDiscriminator' export * from './BaseSerializer' +export * from './BomRefDiscriminator' export * as JSON from './JSON' +export * from './JsonSerializer' + export * as XML from './XML' From 717d83b8954aa7dda552ae9ea90709cfc120fe5d Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sat, 28 May 2022 10:47:44 +0200 Subject: [PATCH 143/233] wip Signed-off-by: Jan Kowalleck --- src/serialize/JsonSerializer.ts | 4 ++-- src/serialize/XmlBaseSerializer.ts | 4 ++-- src/serialize/XmlSerializer.web.ts | 18 +++++++++++++----- 3 files changed, 17 insertions(+), 9 deletions(-) diff --git a/src/serialize/JsonSerializer.ts b/src/serialize/JsonSerializer.ts index 500bfca8d..57e0f5e9f 100644 --- a/src/serialize/JsonSerializer.ts +++ b/src/serialize/JsonSerializer.ts @@ -32,9 +32,9 @@ export class JsonSerializer extends BaseSerializer { protected _normalize ( bom: Bom, - { sortLists }: NormalizerOptions = {} + options: NormalizerOptions = {} ): Normalized.Bom { return this.#normalizerFactory.makeForBom() - .normalize(bom, { sortLists }) + .normalize(bom, options) } } diff --git a/src/serialize/XmlBaseSerializer.ts b/src/serialize/XmlBaseSerializer.ts index f1016456a..60ab1a874 100644 --- a/src/serialize/XmlBaseSerializer.ts +++ b/src/serialize/XmlBaseSerializer.ts @@ -25,9 +25,9 @@ export abstract class XmlBaseSerializer extends BaseSerializer)) { if (c.type === 'element') { - node.appendChild(this.#buildElement(c, node.ownerDocument, parentNS)) + node.appendChild(this.#buildElement(c, doc, parentNS)) } // comments are not implemented, yet } From e3fe683c7ce5e682551deca5eb59d02e4fa61602 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sat, 28 May 2022 10:50:52 +0200 Subject: [PATCH 144/233] wip Signed-off-by: Jan Kowalleck --- src/SPDX.ts | 2 +- src/serialize/BaseSerializer.ts | 2 +- src/serialize/JSON/normalize.ts | 2 +- src/serialize/JsonSerializer.ts | 2 +- src/serialize/XML/normalize.ts | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/SPDX.ts b/src/SPDX.ts index 1e6709dea..7ac35d508 100644 --- a/src/SPDX.ts +++ b/src/SPDX.ts @@ -1,6 +1,6 @@ /* eslint-disable */ /* @ts-ignore: TS6059 -- this works as long as the paths are available in dist dir */ -import { enum as _spdxSpecEnum } from '../res/spdx.SNAPSHOT.schema.json' +import {enum as _spdxSpecEnum} from '../res/spdx.SNAPSHOT.schema.json' /* eslint-enable */ /** diff --git a/src/serialize/BaseSerializer.ts b/src/serialize/BaseSerializer.ts index 74422aba7..f786eea80 100644 --- a/src/serialize/BaseSerializer.ts +++ b/src/serialize/BaseSerializer.ts @@ -1,6 +1,6 @@ import { Bom, BomRef } from '../models' import { BomRefDiscriminator } from './BomRefDiscriminator' -import { NormalizerOptions, SerializerOptions, Serializer } from './types' +import { NormalizerOptions, Serializer, SerializerOptions } from './types' export abstract class BaseSerializer implements Serializer { serialize (bom: Bom, options?: SerializerOptions & NormalizerOptions): string { diff --git a/src/serialize/JSON/normalize.ts b/src/serialize/JSON/normalize.ts index 3d95fc485..7cd3413d3 100644 --- a/src/serialize/JSON/normalize.ts +++ b/src/serialize/JSON/normalize.ts @@ -2,7 +2,7 @@ import { isNotUndefined, Stringable } from '../../helpers/types' import * as Models from '../../models' import { Protocol as Spec, Version as SpecVersion } from '../../spec' import { NormalizerOptions } from '../types' -import { Normalized, JsonSchema } from './types' +import { JsonSchema, Normalized } from './types' export class Factory { readonly spec: Spec diff --git a/src/serialize/JsonSerializer.ts b/src/serialize/JsonSerializer.ts index 57e0f5e9f..ccc15a8aa 100644 --- a/src/serialize/JsonSerializer.ts +++ b/src/serialize/JsonSerializer.ts @@ -1,6 +1,6 @@ import { Bom } from '../models' import { Format, UnsupportedFormatError } from '../spec' -import { SerializerOptions, NormalizerOptions } from './types' +import { NormalizerOptions, SerializerOptions } from './types' import { BaseSerializer } from './BaseSerializer' import { Factory as NormalizerFactory } from './JSON/normalize' import { Normalized } from './JSON/types' diff --git a/src/serialize/XML/normalize.ts b/src/serialize/XML/normalize.ts index b2623bffb..7ff105dc2 100644 --- a/src/serialize/XML/normalize.ts +++ b/src/serialize/XML/normalize.ts @@ -2,7 +2,7 @@ import { isNotUndefined, Stringable } from '../../helpers/types' import * as Models from '../../models' import { Protocol as Spec, Version as SpecVersion } from '../../spec' import { NormalizerOptions } from '../types' -import { XmlSchema, SimpleXml } from './types' +import { SimpleXml, XmlSchema } from './types' export class Factory { readonly spec: Spec From b32f3b504f0bbb5086f4313f41be147edafde1e6 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sat, 28 May 2022 11:23:23 +0200 Subject: [PATCH 145/233] wip Signed-off-by: Jan Kowalleck --- examples/web-browser.html | 2 +- tests/_data/enumLoader.js | 4 ++-- tests/_data/normalize.js | 4 ++-- tests/_data/spdx.js | 6 +++--- ...ashAlogorithms.test.js => Enums.HashAlogorithms.spec.js} | 2 +- tests/functional/{spdx.test.js => SPDX.spec.js} | 2 +- ...SpecVersionDict.test.js => Spec.SpecVersionDict.spec.js} | 2 +- tests/integration/JsonNormalize.test.js | 2 +- tests/integration/XmlNormalize.test.js | 2 +- ...enseFactory.spec.js => Factories.LicenseFactory.spec.js} | 2 +- tests/unit/{models.bom.spec.js => Models.Bom.spec.js} | 2 +- tests/unit/{spdx.spec.js => SPDX.spec.js} | 2 +- ...inator.spec.js => Serialize.BomRefDiscriminator.spec.js} | 2 +- 13 files changed, 17 insertions(+), 17 deletions(-) rename tests/functional/{enums.HashAlogorithms.test.js => Enums.HashAlogorithms.spec.js} (94%) rename tests/functional/{spdx.test.js => SPDX.spec.js} (95%) rename tests/functional/{spec.SpecVersionDict.test.js => Spec.SpecVersionDict.spec.js} (92%) rename tests/unit/{factories.licenseFactory.spec.js => Factories.LicenseFactory.spec.js} (96%) rename tests/unit/{models.bom.spec.js => Models.Bom.spec.js} (97%) rename tests/unit/{spdx.spec.js => SPDX.spec.js} (96%) rename tests/unit/{serialize.BomRefDiscriminator.spec.js => Serialize.BomRefDiscriminator.spec.js} (98%) diff --git a/examples/web-browser.html b/examples/web-browser.html index 774db3c37..ba8bcfa8b 100644 --- a/examples/web-browser.html +++ b/examples/web-browser.html @@ -6,7 +6,7 @@ // full Library is available as `CycloneDX_library`, per default ``` -## Development & CONTRIBUTING +## Development & Contributing See [CONTRIBUTING] file for details. From ec7393442d8bc69a8a1c123bddb25efe417e9b0e Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sat, 28 May 2022 19:32:46 +0200 Subject: [PATCH 159/233] wip Signed-off-by: Jan Kowalleck --- src/serialize/_index.node.ts | 1 + src/serialize/_index.web.ts | 1 + src/serialize/index.ts | 2 ++ src/serialize/json/index.ts | 2 +- src/serialize/xml/index.ts | 2 +- 5 files changed, 6 insertions(+), 2 deletions(-) diff --git a/src/serialize/_index.node.ts b/src/serialize/_index.node.ts index b421ca107..3d368b249 100644 --- a/src/serialize/_index.node.ts +++ b/src/serialize/_index.node.ts @@ -3,3 +3,4 @@ export * from './' // There is no general serializer, as node lacks global XML support. // Therefore, a BaseSerializer for XML is published export * from './xmlBaseSerializer' +// export * from './xmlBaseDeserializer' // TODO diff --git a/src/serialize/_index.web.ts b/src/serialize/_index.web.ts index 6110b0638..c67f1ad62 100644 --- a/src/serialize/_index.web.ts +++ b/src/serialize/_index.web.ts @@ -1,3 +1,4 @@ export * from './' export * from './xmlSerializer.web' +// export * from './xmlDeserializer.web' // TODO diff --git a/src/serialize/index.ts b/src/serialize/index.ts index f9b3e01ab..4e90481da 100644 --- a/src/serialize/index.ts +++ b/src/serialize/index.ts @@ -3,9 +3,11 @@ export * as Types from './types' export * from './baseSerializer' +// export * from './baseDeserializer' // TODO export * from './bomRefDiscriminator' export * as JSON from './json' export * from './jsonSerializer' +// export * from './jsonDeserializer' // TODO export * as XML from './xml' diff --git a/src/serialize/json/index.ts b/src/serialize/json/index.ts index 51edb98e3..5c93b4a99 100644 --- a/src/serialize/json/index.ts +++ b/src/serialize/json/index.ts @@ -1,4 +1,4 @@ export * as Types from './types' export * as Normalize from './normalize' -// export * as Denormalize from './denormalize' +// export * as Denormalize from './denormalize' // TODO diff --git a/src/serialize/xml/index.ts b/src/serialize/xml/index.ts index 51edb98e3..5c93b4a99 100644 --- a/src/serialize/xml/index.ts +++ b/src/serialize/xml/index.ts @@ -1,4 +1,4 @@ export * as Types from './types' export * as Normalize from './normalize' -// export * as Denormalize from './denormalize' +// export * as Denormalize from './denormalize' // TODO From d3fce49973b4a7e4682e0109e02793b4b6067180 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sat, 28 May 2022 19:40:26 +0200 Subject: [PATCH 160/233] wip Signed-off-by: Jan Kowalleck --- src/_index.node.ts | 8 ++++---- src/models/index.ts | 10 +++++----- src/serialize/index.ts | 1 + 3 files changed, 10 insertions(+), 9 deletions(-) diff --git a/src/_index.node.ts b/src/_index.node.ts index a2fffe74f..12799ba9f 100644 --- a/src/_index.node.ts +++ b/src/_index.node.ts @@ -1,8 +1,8 @@ -export * as Types from './types' export * as Enums from './enums' -export * as SPDX from './spdx' -export * as Models from './models' export * as Factories from './factories' -export * as Spec from './spec' +export * as Models from './models' export * as Serialize from './serialize/_index.node' +export * as SPDX from './spdx' +export * as Spec from './spec' +export * as Types from './types' // do not export the helpers, they are for internal use only diff --git a/src/models/index.ts b/src/models/index.ts index 62e54f333..b78860acf 100644 --- a/src/models/index.ts +++ b/src/models/index.ts @@ -1,12 +1,12 @@ +export * from './attachment' +export * from './bom' export * from './bomRef' -export * from './organizationalContact' +export * from './component' export * from './externalReference' export * from './hash' -export * from './attachment' export * from './license' +export * from './metadata' +export * from './organizationalContact' export * from './organizationalEntity' export * from './swid' export * from './tool' -export * from './component' -export * from './metadata' -export * from './bom' diff --git a/src/serialize/index.ts b/src/serialize/index.ts index 4e90481da..c676482e7 100644 --- a/src/serialize/index.ts +++ b/src/serialize/index.ts @@ -4,6 +4,7 @@ export * as Types from './types' export * from './baseSerializer' // export * from './baseDeserializer' // TODO + export * from './bomRefDiscriminator' export * as JSON from './json' From 2106ad4f4d9402f3a8ce725e5f412accd5fa2b97 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sun, 29 May 2022 21:12:54 +0200 Subject: [PATCH 161/233] Tool references (#46) * wip Signed-off-by: Jan Kowalleck * wip Signed-off-by: Jan Kowalleck * wip Signed-off-by: Jan Kowalleck * wip Signed-off-by: Jan Kowalleck --- src/builders/ExternalReferenceRepository.ts | 61 +++++++ src/builders/Tool.ts | 28 ++++ src/builders/index.ts | 2 + src/models/attachment.ts | 13 +- src/models/bom.ts | 36 +++- src/models/bomRef.ts | 6 +- src/models/component.ts | 95 +++++++---- src/models/externalReference.ts | 9 +- src/models/license.ts | 34 +++- src/models/metadata.ts | 30 +++- src/models/organizationalContact.ts | 18 +- src/models/organizationalEntity.ts | 18 +- src/models/swid.ts | 37 +++-- src/models/tool.ts | 26 ++- src/serialize/_index.node.ts | 2 +- src/serialize/_index.web.ts | 2 +- src/serialize/baseSerializer.ts | 2 +- src/serialize/json/normalize.ts | 29 ++-- src/serialize/xml/normalize.ts | 45 +++-- src/serialize/xmlSerializer.web.ts | 11 +- src/spec.ts | 18 +- tests/_data/normalize.js | 156 ++++++++++-------- .../json_complex_spec1.4.json | 11 +- .../json_sortedLists_spec1.4.json | 11 +- .../normalizeResults/xml_complex_spec1.2.json | 2 +- .../normalizeResults/xml_complex_spec1.3.json | 2 +- .../normalizeResults/xml_complex_spec1.4.json | 27 ++- .../xml_sortedLists_spec1.2.json | 2 +- .../xml_sortedLists_spec1.3.json | 2 +- .../xml_sortedLists_spec1.4.json | 27 ++- tests/functional/Enums.ComponentScope.spec.js | 15 +- tests/functional/Enums.ComponentType.spec.js | 18 +- .../Enums.ExternalReferenceType.spec.js | 18 +- .../functional/Enums.HashAlogorithms.spec.js | 18 +- tests/integration/JsonNormalize.test.js | 6 +- tests/integration/XmlNormalize.test.js | 8 +- tests/unit/Factories.LicenseFactory.spec.js | 8 +- tests/unit/Models.Bom.spec.js | 21 ++- 38 files changed, 627 insertions(+), 247 deletions(-) create mode 100644 src/builders/ExternalReferenceRepository.ts create mode 100644 src/builders/Tool.ts create mode 100644 src/builders/index.ts diff --git a/src/builders/ExternalReferenceRepository.ts b/src/builders/ExternalReferenceRepository.ts new file mode 100644 index 000000000..2b3b6df90 --- /dev/null +++ b/src/builders/ExternalReferenceRepository.ts @@ -0,0 +1,61 @@ +import { ExternalReference, ExternalReferenceRepository } from '../models' +import { ExternalReferenceType } from '../enums' +import { isNotUndefined } from '../helpers/types' + +export class ExternalReferenceRepositoryBuilder { + makeFromPackage (data: any): ExternalReferenceRepository { + const refs: Array = [] + + try { refs.push(this.#getVcs(data)) } catch (err) { /* pass */ } + try { refs.push(this.#getHomepage(data)) } catch (err) { /* pass */ } + try { refs.push(this.#getIssueTracker(data)) } catch (err) { /* pass */ } + + return new ExternalReferenceRepository(refs.filter(isNotUndefined)) + } + + #getVcs (data: any): ExternalReference | undefined { + let url: string | undefined + let comment: string | undefined + + const repository = data.repository + if (typeof repository === 'string') { + url = repository + comment = 'as detected from package property "repository"' + } else if (typeof repository === 'object') { + if (typeof repository.url === 'string') { + url = repository.url + comment = 'as detected from package property "repository.url"' + } else if (typeof repository.directory === 'string') { + url = repository.directory + comment = 'as detected from package property "repository.directory"' + } + } + + return url === undefined + ? undefined + : new ExternalReference(url, ExternalReferenceType.VCS, { comment }) + } + + #getHomepage (data: any): ExternalReference | undefined { + const homepage = data.homepage + return typeof homepage === 'string' + ? new ExternalReference(homepage, ExternalReferenceType.Website, { comment: 'as detected from package property "homepage' }) + : undefined + } + + #getIssueTracker (data: any): ExternalReference | undefined { + const bugs = data.bugs + let url: string | undefined + let comment: string | undefined + if (typeof bugs === 'string') { + url = bugs + comment = 'as detected from package property "bugs"' + } else if (typeof bugs === 'object' && typeof bugs.url === 'string') { + url = bugs.url + comment = 'as detected from package property "bugs.url"' + } + return url === undefined + ? undefined + : new ExternalReference(url, ExternalReferenceType.IssueTracker, { comment }) + } +} diff --git a/src/builders/Tool.ts b/src/builders/Tool.ts new file mode 100644 index 000000000..928dc4cd8 --- /dev/null +++ b/src/builders/Tool.ts @@ -0,0 +1,28 @@ +import { Tool } from '../models' +import { ExternalReferenceRepositoryBuilder } from './ExternalReferenceRepository' + +export class ToolBuilder { + #extRefRepoBuilder: ExternalReferenceRepositoryBuilder + constructor (extRefRepoBuilder: ExternalReferenceRepositoryBuilder) { + this.#extRefRepoBuilder = extRefRepoBuilder + } + + makeFromPackage (data: any): Tool | undefined { + if (typeof data.name !== 'string') { + return undefined + } + const [np1, np2] = data.name.split('/', 2) + + const tool = new Tool() + tool.name = np2 ?? np1 + tool.vendor = np2 === undefined + ? undefined + : np1.replace(/^@/, '') + if (typeof data.version === 'string') { + tool.version = data.version + } + tool.externalReferences = this.#extRefRepoBuilder.makeFromPackage(data) + + return tool + } +} diff --git a/src/builders/index.ts b/src/builders/index.ts new file mode 100644 index 000000000..cb82e7d29 --- /dev/null +++ b/src/builders/index.ts @@ -0,0 +1,2 @@ +export * from './ExternalReferenceRepository' +export * from './Tool' diff --git a/src/models/attachment.ts b/src/models/attachment.ts index de93e1882..5e4d5e757 100644 --- a/src/models/attachment.ts +++ b/src/models/attachment.ts @@ -1,11 +1,18 @@ import { AttachmentEncoding } from '../enums' +interface OptionalProperties { + contentType?: Attachment['contentType'] + encoding?: Attachment['encoding'] +} + export class Attachment { - contentType: string | null = null + contentType?: string content: string - encoding: AttachmentEncoding | null = null + encoding?: AttachmentEncoding - constructor (content: string) { + constructor (content: string, op: OptionalProperties = {}) { + this.contentType = op.contentType this.content = content + this.encoding = op.encoding } } diff --git a/src/models/bom.ts b/src/models/bom.ts index 577686a8b..e4d4ca235 100644 --- a/src/models/bom.ts +++ b/src/models/bom.ts @@ -2,9 +2,22 @@ import { isPositiveInteger, isUrnUuid, PositiveInteger, UrnUuid } from '../types import { Metadata } from './metadata' import { ComponentRepository } from './component' +interface OptionalProperties { + metadata?: Bom['metadata'] + components?: Bom['components'] + version?: Bom['version'] + serialNumber?: Bom['serialNumber'] +} + export class Bom { - metadata = new Metadata() - components = new ComponentRepository() + metadata: Metadata + components: ComponentRepository + + /** @see version */ + #version: PositiveInteger = 1 + + /** @see serialNumber */ + #serialNumber?: UrnUuid // Property `bomFormat` is not part of model, it is runtime information. // Property `specVersion` is not part of model, it is runtime information. @@ -12,7 +25,13 @@ export class Bom { // Property `dependencies` is not part of this model, but part of `Component` and other models. // The dependency graph can be normalized on render-time, no need to store it in the bom model. - #version: PositiveInteger = 1 + constructor (op: OptionalProperties = {}) { + this.metadata = op.metadata ?? new Metadata() + this.components = op.components ?? new ComponentRepository() + this.version = op.version ?? this.version + this.serialNumber = op.serialNumber + } + get version (): PositiveInteger { return this.#version } @@ -27,17 +46,16 @@ export class Bom { this.#version = value } - #serialNumber: UrnUuid | null = null - get serialNumber (): UrnUuid | null { + get serialNumber (): UrnUuid | undefined { return this.#serialNumber } /** - * @throws {TypeError} if value is neither UrnUuid nor null + * @throws {TypeError} if value is neither UrnUuid nor undefined */ - set serialNumber (value: UrnUuid | null) { - if (value !== null && !isUrnUuid(value)) { - throw new TypeError('Not UrnUuid nor null') + set serialNumber (value: UrnUuid | undefined) { + if (value !== undefined && !isUrnUuid(value)) { + throw new TypeError('Not UrnUuid nor undefined') } this.#serialNumber = value } diff --git a/src/models/bomRef.ts b/src/models/bomRef.ts index ebef78f77..93bbe7423 100644 --- a/src/models/bomRef.ts +++ b/src/models/bomRef.ts @@ -1,5 +1,9 @@ +/** + * Proxy for the BomRef. + * This way a `BomRef` gets unique by the in-memory-address of the object. + */ export class BomRef { - value: string | undefined + value?: string constructor (value?: string) { this.value = value diff --git a/src/models/component.ts b/src/models/component.ts index 60e5fdbfa..a15c25391 100644 --- a/src/models/component.ts +++ b/src/models/component.ts @@ -9,62 +9,95 @@ import { ExternalReferenceRepository } from './externalReference' import { LicenseRepository } from './license' import { SWID } from './swid' +interface OptionalProperties { + bomRef?: BomRef['value'] + author?: Component['author'] + copyright?: Component['copyright'] + description?: Component['description'] + externalReferences?: Component['externalReferences'] + group?: Component['group'] + hashes?: Component['hashes'] + licenses?: Component['licenses'] + publisher?: Component['publisher'] + purl?: Component['purl'] + scope?: Component['scope'] + supplier?: Component['supplier'] + swid?: Component['swid'] + version?: Component['version'] + dependencies?: Component['dependencies'] + cpe?: Component['cpe'] +} + export class Component { - readonly bomRef = new BomRef() type: ComponentType name: string - author: string | null = null - copyright: string | null = null - description: string | null = null - externalReferences = new ExternalReferenceRepository() - group: string | null = null - hashes = new HashRepository() - licenses = new LicenseRepository() - publisher: string | null = null - purl: PackageURL | null = null - scope: ComponentScope | null = null - supplier: OrganizationalEntity | null = null - swid: SWID | null = null - version: string | null = null + author?: string + copyright?: string + description?: string + externalReferences: ExternalReferenceRepository + group?: string + hashes: HashRepository + licenses: LicenseRepository + publisher?: string + purl?: PackageURL + scope?: ComponentScope + supplier?: OrganizationalEntity + swid?: SWID + version?: string + dependencies: BomRefRepository + + /** @see bomRef */ + readonly #bomRef: BomRef - constructor (type: ComponentType, name: string) { + /** @see cpe */ + #cpe?: CPE + + constructor (type: ComponentType, name: string, op: OptionalProperties = {}) { + this.#bomRef = new BomRef(op.bomRef) this.type = type this.name = name + this.author = op.author + this.copyright = op.copyright + this.externalReferences = op.externalReferences ?? new ExternalReferenceRepository() + this.group = op.group + this.hashes = op.hashes ?? new HashRepository() + this.licenses = op.licenses ?? new LicenseRepository() + this.publisher = op.publisher + this.purl = op.purl + this.scope = op.scope + this.swid = op.swid + this.version = op.version + this.dependencies = op.dependencies ?? new BomRefRepository() + this.cpe = op.cpe + } + + get bomRef (): BomRef { + return this.#bomRef } - #cpe: CPE | null = null - get cpe (): CPE | null { + get cpe (): CPE | undefined { return this.#cpe } /** * @throws {TypeError} if value is neither CPE nor null */ - set cpe (value: CPE | null) { - if (value !== null && !isCPE(value)) { - throw new TypeError('Not CPE nor null') + set cpe (value: CPE | undefined) { + if (value !== undefined && !isCPE(value)) { + throw new TypeError('Not CPE nor undefined') } this.#cpe = value } - #dependencies = new BomRefRepository() - get dependencies (): BomRefRepository { - return this.#dependencies - } - - set dependencies (value: BomRefRepository) { - this.#dependencies = value - } - compare (other: Component): number { const bomRefCompare = this.bomRef.compare(other.bomRef) if (bomRefCompare !== 0) { return bomRefCompare } - if (this.purl !== null && other.purl !== null) { + if (this.purl !== undefined && other.purl !== undefined) { return this.purl.toString().localeCompare(other.purl.toString()) } - if (this.#cpe !== null && other.#cpe !== null) { + if (this.#cpe !== undefined && other.#cpe !== undefined) { return this.#cpe.toString().localeCompare(other.#cpe.toString()) } /* eslint-disable-next-line @typescript-eslint/strict-boolean-expressions -- run compares in weighted order */ diff --git a/src/models/externalReference.ts b/src/models/externalReference.ts index 7d4de7321..f49eb0787 100644 --- a/src/models/externalReference.ts +++ b/src/models/externalReference.ts @@ -1,13 +1,18 @@ import { ExternalReferenceType } from '../enums' +interface OptionalProperties { + comment?: ExternalReference['comment'] +} + export class ExternalReference { url: URL | string type: ExternalReferenceType - comment: string | null = null + comment?: string - constructor (url: URL | string, type: ExternalReferenceType) { + constructor (url: URL | string, type: ExternalReferenceType, op: OptionalProperties = {}) { this.url = url this.type = type + this.comment = op.comment } compare (other: ExternalReference): number { diff --git a/src/models/license.ts b/src/models/license.ts index c2c5445a1..fe1720e8e 100644 --- a/src/models/license.ts +++ b/src/models/license.ts @@ -10,6 +10,9 @@ export class LicenseExpression { expression[expression.length - 1] === ')' } + /** @see expression */ + #expression!: string + /** * @throws {RangeError} if expression is not eligible */ @@ -17,7 +20,6 @@ export class LicenseExpression { this.expression = expression } - #expression!: string get expression (): string { return this.#expression } @@ -37,13 +39,20 @@ export class LicenseExpression { } } +interface NamedLicenseOptionalProperties { + text?: NamedLicense['text'] + url?: NamedLicense['url'] +} + export class NamedLicense { name: string - text: Attachment | null = null - url: URL | string | null = null + text?: Attachment + url?: URL | string - constructor (name: string) { + constructor (name: string, op: NamedLicenseOptionalProperties = {}) { this.name = name + this.text = op.text + this.url = op.url } compare (other: NamedLicense): number { @@ -51,18 +60,27 @@ export class NamedLicense { } } +interface SpdxLicenseOptionalProperties { + text?: SpdxLicense['text'] + url?: SpdxLicense['url'] +} + export class SpdxLicense { - text: Attachment | null = null - url: URL | string | null = null + text?: Attachment + url?: URL | string + + /** @see id */ + #id!: SpdxId /** * @throws {RangeError} if value is not supported SPDX id */ - constructor (id: SpdxId) { + constructor (id: SpdxId, op: SpdxLicenseOptionalProperties = {}) { this.id = id + this.text = op.text + this.url = op.url } - #id!: SpdxId get id (): SpdxId { return this.#id } diff --git a/src/models/metadata.ts b/src/models/metadata.ts index 6dc95b970..27768eeb8 100644 --- a/src/models/metadata.ts +++ b/src/models/metadata.ts @@ -3,11 +3,29 @@ import { ToolRepository } from './tool' import { OrganizationalEntity } from './organizationalEntity' import { OrganizationalContactRepository } from './organizationalContact' +interface OptionalProperties { + timestamp?: Metadata['timestamp'] + tools?: Metadata['tools'] + authors?: Metadata['authors'] + component?: Metadata['component'] + manufacture?: Metadata['manufacture'] + supplier?: Metadata['supplier'] +} + export class Metadata { - timestamp: Date | null = null - tools = new ToolRepository() - authors = new OrganizationalContactRepository() - component: Component | null = null - manufacture: OrganizationalEntity | null = null - supplier: OrganizationalEntity | null = null + timestamp?: Date + tools: ToolRepository + authors: OrganizationalContactRepository + component?: Component + manufacture?: OrganizationalEntity + supplier?: OrganizationalEntity + + constructor (op: OptionalProperties = {}) { + this.timestamp = op.timestamp + this.tools = op.tools ?? new ToolRepository() + this.authors = op.authors ?? new OrganizationalContactRepository() + this.component = op.component + this.manufacture = op.manufacture + this.supplier = op.supplier + } } diff --git a/src/models/organizationalContact.ts b/src/models/organizationalContact.ts index fa76681dc..0aa49c3db 100644 --- a/src/models/organizationalContact.ts +++ b/src/models/organizationalContact.ts @@ -1,7 +1,19 @@ +interface OptionalProperties { + name?: OrganizationalContact['name'] + email?: OrganizationalContact['email'] + phone?: OrganizationalContact['phone'] +} + export class OrganizationalContact { - name: string | null = null - email: string | null = null - phone: string | null = null + name?: string + email?: string + phone?: string + + constructor (op: OptionalProperties = {}) { + this.name = op.name + this.email = op.email + this.phone = op.phone + } compare (other: OrganizationalContact): number { /* eslint-disable-next-line @typescript-eslint/strict-boolean-expressions -- run compares in weighted order */ diff --git a/src/models/organizationalEntity.ts b/src/models/organizationalEntity.ts index f682e38c0..ffce702e8 100644 --- a/src/models/organizationalEntity.ts +++ b/src/models/organizationalEntity.ts @@ -1,7 +1,19 @@ import { OrganizationalContactRepository } from './organizationalContact' +interface OptionalProperties { + name?: OrganizationalEntity['name'] + url?: OrganizationalEntity['url'] + contact?: OrganizationalEntity['contact'] +} + export class OrganizationalEntity { - name: string | null = null - url = new Set() - contact = new OrganizationalContactRepository() + name?: string + url: Set + contact: OrganizationalContactRepository + + constructor (op: OptionalProperties = {}) { + this.name = op.name + this.url = op.url ?? new Set() + this.contact = op.contact ?? new OrganizationalContactRepository() + } } diff --git a/src/models/swid.ts b/src/models/swid.ts index b8a7cf56f..2e753e7b3 100644 --- a/src/models/swid.ts +++ b/src/models/swid.ts @@ -1,33 +1,48 @@ import { isNonNegativeInteger, NonNegativeInteger } from '../types' import { Attachment } from './attachment' +interface OptionalProperties { + version?: SWID['version'] + patch?: SWID['patch'] + text?: SWID['text'] + url?: SWID['url'] + tagVersion?: SWID['tagVersion'] +} + /** * @see {@link https://csrc.nist.gov/projects/Software-Identification-SWID} */ export class SWID { tagId: string name: string - version: string | null = null - patch: boolean | null = null - text: Attachment | null = null - url: URL | string | null = null + version?: string + patch?: boolean + text?: Attachment + url?: URL | string + + /** @see tagVersion */ + #tagVersion?: NonNegativeInteger - constructor (tagId: string, name: string) { + constructor (tagId: string, name: string, op: OptionalProperties = {}) { this.tagId = tagId this.name = name + this.version = op.version + this.patch = op.patch + this.text = op.text + this.url = op.url + this.tagVersion = op.tagVersion } - #tagVersion: NonNegativeInteger | null = null - get tagVersion (): NonNegativeInteger | null { + get tagVersion (): NonNegativeInteger | undefined { return this.#tagVersion } /** - * @throws {TypeError} if value is neither NonNegativeInteger nor null + * @throws {TypeError} if value is neither NonNegativeInteger nor undefined */ - set tagVersion (value: NonNegativeInteger | null) { - if (value !== null && !isNonNegativeInteger(value)) { - throw new TypeError('Not NonNegativeInteger nor null') + set tagVersion (value: NonNegativeInteger | undefined) { + if (value !== undefined && !isNonNegativeInteger(value)) { + throw new TypeError('Not NonNegativeInteger nor undefined') } this.#tagVersion = value } diff --git a/src/models/tool.ts b/src/models/tool.ts index ab6f538aa..8c853de6a 100644 --- a/src/models/tool.ts +++ b/src/models/tool.ts @@ -1,10 +1,28 @@ import { HashRepository } from './hash' +import { ExternalReferenceRepository } from './externalReference' + +interface OptionalProperties { + vendor?: Tool['vendor'] + name?: Tool['name'] + version?: Tool['version'] + hashes?: Tool['hashes'] + externalReferences?: Tool['externalReferences'] +} export class Tool { - vendor: string | null = null - name: string | null = null - version: string | null = null - hashes = new HashRepository() + vendor?: string + name?: string + version?: string + hashes: HashRepository + externalReferences: ExternalReferenceRepository + + constructor (op: OptionalProperties = {}) { + this.vendor = op.vendor + this.name = op.name + this.version = op.version + this.hashes = op.hashes ?? new HashRepository() + this.externalReferences = op.externalReferences ?? new ExternalReferenceRepository() + } compare (other: Tool): number { /* eslint-disable-next-line @typescript-eslint/strict-boolean-expressions -- run compares in weighted order */ diff --git a/src/serialize/_index.node.ts b/src/serialize/_index.node.ts index 3d368b249..00d63a628 100644 --- a/src/serialize/_index.node.ts +++ b/src/serialize/_index.node.ts @@ -1,4 +1,4 @@ -export * from './' +export * from './index' // There is no general serializer, as node lacks global XML support. // Therefore, a BaseSerializer for XML is published diff --git a/src/serialize/_index.web.ts b/src/serialize/_index.web.ts index c67f1ad62..8eb6799ab 100644 --- a/src/serialize/_index.web.ts +++ b/src/serialize/_index.web.ts @@ -1,4 +1,4 @@ -export * from './' +export * from './index' export * from './xmlSerializer.web' // export * from './xmlDeserializer.web' // TODO diff --git a/src/serialize/baseSerializer.ts b/src/serialize/baseSerializer.ts index 7c3f21d27..a008b6a15 100644 --- a/src/serialize/baseSerializer.ts +++ b/src/serialize/baseSerializer.ts @@ -18,7 +18,7 @@ export abstract class BaseSerializer implements Serializer { for (const c of bom.components) { bomRefs.add(c.bomRef) } - if (bom.metadata.component !== null) { + if (bom.metadata.component !== undefined) { bomRefs.add(bom.metadata.component.bomRef) } return bomRefs.values() diff --git a/src/serialize/json/normalize.ts b/src/serialize/json/normalize.ts index 7cd3413d3..3bbf7066f 100644 --- a/src/serialize/json/normalize.ts +++ b/src/serialize/json/normalize.ts @@ -93,7 +93,7 @@ export class BomNormalizer extends Base { bomFormat: 'CycloneDX', specVersion: this._factory.spec.version, version: data.version, - serialNumber: data.serialNumber ?? undefined, + serialNumber: data.serialNumber, metadata: this._factory.makeForMetadata().normalize(data.metadata, options), components: data.components.size > 0 ? this._factory.makeForComponent().normalizeIter(data.components, options) @@ -117,13 +117,13 @@ export class MetadataNormalizer extends Base { authors: data.authors.size > 0 ? this._factory.makeForOrganizationalContact().normalizeIter(data.authors, options) : undefined, - component: data.component === null + component: data.component === undefined ? undefined : this._factory.makeForComponent().normalize(data.component, options), - manufacture: data.manufacture === null + manufacture: data.manufacture === undefined ? undefined : orgEntityNormalizer.normalize(data.manufacture, options), - supplier: data.supplier === null + supplier: data.supplier === undefined ? undefined : orgEntityNormalizer.normalize(data.supplier, options) } @@ -138,6 +138,9 @@ export class ToolNormalizer extends Base { version: data.version || undefined, hashes: data.hashes.size > 0 ? this._factory.makeForHash().normalizeIter(data.hashes, options) + : undefined, + externalReferences: this._factory.spec.supportsToolReferences && data.externalReferences.size > 0 + ? this._factory.makeForExternalReference().normalizeIter(data.externalReferences, options) : undefined } } @@ -219,13 +222,13 @@ export class ComponentNormalizer extends Base { // version fallback to string for spec < 1.4 version: data.version || '', 'bom-ref': data.bomRef.value || undefined, - supplier: data.supplier === null + supplier: data.supplier === undefined ? undefined : this._factory.makeForOrganizationalEntity().normalize(data.supplier, options), author: data.author || undefined, publisher: data.publisher || undefined, description: data.description || undefined, - scope: data.scope ?? undefined, + scope: data.scope, hashes: data.hashes.size > 0 ? this._factory.makeForHash().normalizeIter(data.hashes, options) : undefined, @@ -235,7 +238,7 @@ export class ComponentNormalizer extends Base { copyright: data.copyright || undefined, cpe: data.cpe || undefined, purl: data.purl?.toString(), - swid: data.swid === null + swid: data.swid === undefined ? undefined : this._factory.makeForSWID().normalize(data.swid, options), externalReferences: data.externalReferences.size > 0 @@ -273,7 +276,7 @@ export class LicenseNormalizer extends Base { return { license: { name: data.name, - text: data.text === null + text: data.text === undefined ? undefined : this._factory.makeForAttachment().normalize(data.text, options), url: data.url?.toString() @@ -285,7 +288,7 @@ export class LicenseNormalizer extends Base { return { license: { id: data.id, - text: data.text === null + text: data.text === undefined ? undefined : this._factory.makeForAttachment().normalize(data.text, options), url: data.url?.toString() @@ -315,9 +318,9 @@ export class SWIDNormalizer extends Base { tagId: data.tagId, name: data.name, version: data.version || undefined, - tagVersion: data.tagVersion ?? undefined, - patch: data.patch ?? undefined, - text: data.text === null + tagVersion: data.tagVersion, + patch: data.patch, + text: data.text === undefined ? undefined : this._factory.makeForAttachment().normalize(data.text, options), url: JsonSchema.isIriReference(url) @@ -353,7 +356,7 @@ export class AttachmentNormalizer extends Base { return { content: data.content, contentType: data.contentType || undefined, - encoding: data.encoding ?? undefined + encoding: data.encoding } } } diff --git a/src/serialize/xml/normalize.ts b/src/serialize/xml/normalize.ts index 31c2ae26c..4d2e73384 100644 --- a/src/serialize/xml/normalize.ts +++ b/src/serialize/xml/normalize.ts @@ -108,7 +108,7 @@ export class BomNormalizer extends Base { namespace: xmlNamespace.get(this._factory.spec.version), attributes: { version: data.version, - serialNumber: data.serialNumber ?? undefined + serialNumber: data.serialNumber }, children: [ data.metadata @@ -126,7 +126,7 @@ export class BomNormalizer extends Base { export class MetadataNormalizer extends Base { normalize (data: Models.Metadata, options: NormalizerOptions, elementName: string): SimpleXml.Element { const orgEntityNormalizer = this._factory.makeForOrganizationalEntity() - const timestamp: SimpleXml.Element | undefined = data.timestamp === null + const timestamp: SimpleXml.Element | undefined = data.timestamp === undefined ? undefined : { type: 'element', @@ -144,7 +144,8 @@ export class MetadataNormalizer extends Base { ? { type: 'element', name: 'authors', - children: this._factory.makeForOrganizationalContact().normalizeIter(data.authors, options, 'author') + children: this._factory.makeForOrganizationalContact() + .normalizeIter(data.authors, options, 'author') } : undefined return { @@ -154,13 +155,13 @@ export class MetadataNormalizer extends Base { timestamp, tools, authors, - data.component === null + data.component === undefined ? undefined : this._factory.makeForComponent().normalize(data.component, options, 'component'), - data.manufacture === null + data.manufacture === undefined ? undefined : orgEntityNormalizer.normalize(data.manufacture, options, 'manufacture'), - data.supplier === null + data.supplier === undefined ? undefined : orgEntityNormalizer.normalize(data.supplier, options, 'supplier') ].filter(isNotUndefined) @@ -177,6 +178,15 @@ export class ToolNormalizer extends Base { children: this._factory.makeForHash().normalizeIter(data.hashes, options, 'hash') } : undefined + const externalReferences: SimpleXml.Element | undefined = + this._factory.spec.supportsToolReferences && data.externalReferences.size > 0 + ? { + type: 'element', + name: 'externalReferences', + children: this._factory.makeForExternalReference() + .normalizeIter(data.externalReferences, options, 'reference') + } + : undefined return { type: 'element', name: elementName, @@ -184,7 +194,8 @@ export class ToolNormalizer extends Base { makeOptionalTextElement(data.vendor, 'vendor'), makeOptionalTextElement(data.name, 'name'), makeOptionalTextElement(data.version, 'version'), - hashes + hashes, + externalReferences ].filter(isNotUndefined) } } @@ -263,7 +274,7 @@ export class ComponentNormalizer extends Base { if (!this._factory.spec.supportsComponentType(data.type)) { return undefined } - const supplier: SimpleXml.Element | undefined = data.supplier === null + const supplier: SimpleXml.Element | undefined = data.supplier === undefined ? undefined : this._factory.makeForOrganizationalEntity().normalize(data.supplier, options, 'supplier') const hashes: SimpleXml.Element | undefined = data.hashes.size > 0 @@ -280,14 +291,15 @@ export class ComponentNormalizer extends Base { children: this._factory.makeForLicense().normalizeIter(data.licenses, options) } : undefined - const swid: SimpleXml.Element | undefined = data.swid === null + const swid: SimpleXml.Element | undefined = data.swid === undefined ? undefined : this._factory.makeForSWID().normalize(data.swid, options, 'swid') const extRefs: SimpleXml.Element | undefined = data.externalReferences.size > 0 ? { type: 'element', name: 'externalReferences', - children: this._factory.makeForExternalReference().normalizeIter(data.externalReferences, options, 'reference') + children: this._factory.makeForExternalReference() + .normalizeIter(data.externalReferences, options, 'reference') } : undefined return { @@ -352,7 +364,7 @@ export class LicenseNormalizer extends Base { name: 'license', children: [ makeTextElement(data.name, 'name'), - data.text === null + data.text === undefined ? undefined : this._factory.makeForAttachment().normalize(data.text, options, 'text'), XmlSchema.isAnyURI(url) @@ -369,7 +381,7 @@ export class LicenseNormalizer extends Base { name: 'license', children: [ makeTextElement(data.id, 'id'), - data.text === null + data.text === undefined ? undefined : this._factory.makeForAttachment().normalize(data.text, options, 'text'), XmlSchema.isAnyURI(url) @@ -402,13 +414,13 @@ export class SWIDNormalizer extends Base { tagId: data.tagId, name: data.name, version: data.version || undefined, - tagVersion: data.tagVersion ?? undefined, - patch: data.patch === null + tagVersion: data.tagVersion, + patch: data.patch === undefined ? undefined : (data.patch ? 'true' : 'false') }, children: [ - data.text === null + data.text === undefined ? undefined : this._factory.makeForAttachment().normalize(data.text, options, 'text'), XmlSchema.isAnyURI(url) @@ -484,7 +496,8 @@ export class DependencyGraphNormalizer extends Base { } if (options.sortLists ?? false) { - normalized.sort(({ attributes: { ref: a } }, { attributes: { ref: b } }) => a.localeCompare(b)) + normalized.sort( + ({ attributes: { ref: a } }, { attributes: { ref: b } }) => a.localeCompare(b)) } return { diff --git a/src/serialize/xmlSerializer.web.ts b/src/serialize/xmlSerializer.web.ts index 7498d0ba9..7c7cd04b4 100644 --- a/src/serialize/xmlSerializer.web.ts +++ b/src/serialize/xmlSerializer.web.ts @@ -19,8 +19,9 @@ export class XmlSerializer extends XmlBaseSerializer { #buildXmlDocument ( normalizedBom: SimpleXml.Element ): XMLDocument { - const doc = document.implementation.createDocument(null, null) - doc.appendChild(this.#buildElement(normalizedBom, doc)) + const namespace = null + const doc = document.implementation.createDocument(namespace, null) + doc.appendChild(this.#buildElement(normalizedBom, doc, namespace)) return doc } @@ -31,11 +32,9 @@ export class XmlSerializer extends XmlBaseSerializer { : null } - #buildElement (element: SimpleXml.Element, doc: XMLDocument, parentNS: string | null = null): Element { + #buildElement (element: SimpleXml.Element, doc: XMLDocument, parentNS: string | null): Element { const ns = this.#getNs(element) ?? parentNS - const node: Element = ns === null - ? doc.createElement(element.name) - : doc.createElementNS(ns, element.name) + const node: Element = doc.createElementNS(ns, element.name) if (isNotUndefined(element.attributes)) { this.#setAttributes(node, element.attributes) } diff --git a/src/spec.ts b/src/spec.ts index e776178e6..1e50b9c5e 100644 --- a/src/spec.ts +++ b/src/spec.ts @@ -31,6 +31,8 @@ export interface Protocol { supportsExternalReferenceType: (ert: ExternalReferenceType | any) => boolean readonly supportsDependencyGraph: boolean + + readonly supportsToolReferences: boolean } class Spec implements Protocol { @@ -41,6 +43,7 @@ class Spec implements Protocol { readonly #hashValuePattern: RegExp readonly #externalReferenceTypes: ReadonlySet readonly #supportsDependencyGraph: boolean + readonly #supportsToolReferences: boolean constructor ( version: Version, @@ -49,7 +52,8 @@ class Spec implements Protocol { hashAlgorithms: Iterable, hashValuePattern: RegExp, externalReferenceTypes: Iterable, - supportsDependencyGraph: boolean + supportsDependencyGraph: boolean, + supportsToolReferences: boolean ) { this.#version = version this.#formats = new Set(formats) @@ -58,6 +62,7 @@ class Spec implements Protocol { this.#hashValuePattern = hashValuePattern this.#externalReferenceTypes = new Set(externalReferenceTypes) this.#supportsDependencyGraph = supportsDependencyGraph + this.#supportsToolReferences = supportsToolReferences } get version (): Version { @@ -88,6 +93,10 @@ class Spec implements Protocol { get supportsDependencyGraph (): boolean { return this.#supportsDependencyGraph } + + get supportsToolReferences (): boolean { + return this.#supportsToolReferences + } } /** Specification v1.2 */ @@ -139,7 +148,8 @@ export const Spec1dot2: Readonly = Object.freeze(new Spec( ExternalReferenceType.BuildSystem, ExternalReferenceType.Other ], - true + true, + false )) /** Specification v1.3 */ @@ -191,7 +201,8 @@ export const Spec1dot3: Readonly = Object.freeze(new Spec( ExternalReferenceType.BuildSystem, ExternalReferenceType.Other ], - true + true, + false )) /** Specification v1.4 */ @@ -244,6 +255,7 @@ export const Spec1dot4: Readonly = Object.freeze(new Spec( ExternalReferenceType.ReleaseNotes, ExternalReferenceType.Other ], + true, true )) diff --git a/tests/_data/normalize.js b/tests/_data/normalize.js index 68a22fa7c..9905b8ebd 100644 --- a/tests/_data/normalize.js +++ b/tests/_data/normalize.js @@ -39,62 +39,73 @@ module.exports.writeNormalizeResult = function (data, purpose, spec, format) { * @returns {Bom} */ module.exports.createComplexStructure = function () { - const bom = new Models.Bom() + const bom = new Models.Bom({ + version: 7, + serialNumber: 'urn:uuid:12345678-1234-1234-1234-123456789012', + metadata: new Models.Metadata({ + timestamp: new Date('2001-05-23T13:37:42.000Z'), + tools: new Models.ToolRepository([ + new Models.Tool({ + vendor: 'tool vendor', + name: 'tool name', + version: '0.8.15', + hashes: new Models.HashRepository([ + [Enums.HashAlgorithm.MD5, 'f32a26e2a3a8aa338cd77b6e1263c535'], + [Enums.HashAlgorithm['SHA-1'], '829c3804401b0727f70f73d4415e162400cbe57b'] + ]) + }), + new Models.Tool({ + vendor: 'tool vendor', + name: 'other tool', + externalReferences: new Models.ExternalReferenceRepository([ + new Models.ExternalReference( + 'https://cyclonedx.org/tool-center/', + Enums.ExternalReferenceType.Website, + { comment: 'the tools that made this' } + ) + ]) + }) + ]), + authors: new Models.OrganizationalContactRepository([ + new Models.OrganizationalContact({ name: 'John "the-co-author" Doe' }), + new Models.OrganizationalContact({ + name: 'Jane "the-author" Doe', + email: 'cdx-authors@mailinator.com', + pone: '555-1234567890' + }) + ]), + component: new Models.Component(Enums.ComponentType.Library, 'Root Component', { + bomRef: 'dummy.metadata.component' + }), + manufacture: new Models.OrganizationalEntity({ + name: 'meta manufacture', + url: new Set([new URL('https://meta-manufacture.xmpl')]) + }), + supplier: new Models.OrganizationalEntity({ + name: 'meta supplier', + url: new Set([new URL('https://meta-supplier.xmpl')]), + contact: new Models.OrganizationalContactRepository([ + new Models.OrganizationalContact({ + name: 'John "the-supplier" Doe', + email: 'cdx-suppliers@mailinator.com', + pone: '555-0123456789' + }), + new Models.OrganizationalContact({ + name: 'Jane "the-other-supplier" Doe' + }) + ]) + }) + }) + }) - bom.version = 7 - bom.serialNumber = 'urn:uuid:12345678-1234-1234-1234-123456789012' - bom.metadata.timestamp = new Date('2001-05-23T13:37:42.000Z') - bom.metadata.tools.add((function (tool) { - tool.vendor = 'tool vendor' - tool.name = 'tool name' - tool.version = '0.8.15' - tool.hashes.set(Enums.HashAlgorithm.MD5, 'f32a26e2a3a8aa338cd77b6e1263c535') - tool.hashes.set(Enums.HashAlgorithm['SHA-1'], '829c3804401b0727f70f73d4415e162400cbe57b') - return tool - })(new Models.Tool())) - bom.metadata.tools.add((function (tool) { - tool.vendor = 'tool vendor' - tool.name = 'other tool' - return tool - })(new Models.Tool())) - bom.metadata.authors.add((function (author) { - author.name = 'John "the-co-author" Doe' - return author - })(new Models.OrganizationalContact())) - bom.metadata.authors.add((function (author) { - author.name = 'Jane "the-author" Doe' - author.email = 'cdx-authors@mailinator.com' - author.pone = '555-1234567890' - return author - })(new Models.OrganizationalContact())) - bom.metadata.component = new Models.Component(Enums.ComponentType.Library, 'Root Component') - bom.metadata.component.bomRef.value = 'dummy.metadata.component' - bom.metadata.manufacture = new Models.OrganizationalEntity() - bom.metadata.manufacture.name = 'meta manufacture' - bom.metadata.manufacture.url.add(new URL('https://meta-manufacture.xmpl')) - bom.metadata.supplier = new Models.OrganizationalEntity() - bom.metadata.supplier.name = 'meta supplier' - bom.metadata.supplier.url.add(new URL('https://meta-supplier.xmpl')) - bom.metadata.supplier.contact.add((function (contact) { - contact.name = 'John "the-supplier" Doe' - contact.email = 'cdx-suppliers@mailinator.com' - contact.pone = '555-0123456789' - return contact - })(new Models.OrganizationalContact())) - bom.metadata.supplier.contact.add((function (contact) { - contact.name = 'Jane "the-other-supplier" Doe' - return contact - })(new Models.OrganizationalContact())) bom.components.add((function (component) { component.bomRef.value = 'dummy-component' component.author = 'component\'s author' component.cpe = 'cpe:2.3:a:microsoft:internet_explorer:8.0.6001:beta:*:*:*:*:*:*' component.copyright = '(c) acme' component.description = 'this is a test component' - component.externalReferences.add((function (ref) { - ref.comment = 'testing' - return ref - })(new Models.ExternalReference(new URL('https://localhost/acme'), Enums.ExternalReferenceType.Website))) + component.externalReferences.add( + new Models.ExternalReference(new URL('https://localhost/acme'), Enums.ExternalReferenceType.Website, { comment: 'testing' })) component.externalReferences.add(new Models.ExternalReference( new URL('https://localhost/acme/support'), Enums.ExternalReferenceType.Support @@ -107,13 +118,13 @@ module.exports.createComplexStructure = function () { component.hashes.set(Enums.HashAlgorithm['SHA-1'], 'e6f36746ccba42c288acf906e636bb278eaeb7e8') component.hashes.set(Enums.HashAlgorithm.MD5, '6bd3ac6fb35bb07c3f74d7f72451af57') component.hashes.set(Enums.HashAlgorithm.MD5, '6bd3ac6fb35bb07c3f74d7f72451af57') - component.licenses.add((function (license) { - license.text = new Models.Attachment('U29tZQpsaWNlbnNlCnRleHQu') - license.text.contentType = 'text/plain' - license.text.encoding = Enums.AttachmentEncoding.Base64 - license.url = 'https://localhost/license' - return license - })(new Models.NamedLicense('some other'))) + component.licenses.add(new Models.NamedLicense('some other', { + text: new Models.Attachment('U29tZQpsaWNlbnNlCnRleHQu', { + contentType: 'text/plain', + encoding: Enums.AttachmentEncoding.Base64 + }), + url: 'https://localhost/license' + })) component.licenses.add((function (license) { license.text = new Models.Attachment('TUlUIExpY2Vuc2UKLi4uClRIRSBTT0ZUV0FSRSBJUyBQUk9WSURFRCAiQVMgSVMiLi4u') license.text.contentType = 'text/plain' @@ -125,42 +136,41 @@ module.exports.createComplexStructure = function () { component.publisher = 'the publisher' component.purl = new PackageURL('npm', 'acme', 'dummy-component', '1337-beta') component.scope = Enums.ComponentScope.Required - component.supplier = new Models.OrganizationalEntity() - component.supplier.name = 'Component Supplier' + component.supplier = new Models.OrganizationalEntity({ name: 'Component Supplier' }) component.supplier.url.add(new URL('https://localhost/componentSupplier-B')) component.supplier.url.add(new URL('https://localhost/componentSupplier-A')) - component.supplier.contact.add((function (contact) { - contact.name = 'The quick brown fox' - return contact - })(new Models.OrganizationalContact())) + component.supplier.contact.add(new Models.OrganizationalContact({ name: 'The quick brown fox' })) component.supplier.contact.add((function (contact) { contact.name = 'Franz' contact.email = 'franz-aus-bayern@komplett.verwahrlosten.taxi' contact.phone = '555-732378879' return contact })(new Models.OrganizationalContact())) - component.swid = new Models.SWID('some-tag', 'dummy-component') - component.swid.version = '1337-beta' - component.swid.patch = true - component.swid.text = new Models.Attachment('some context') + component.swid = new Models.SWID('some-tag', 'dummy-component', { + version: '1337-beta', + patch: true, + text: new Models.Attachment('some context') + }) component.swid.text.contentType = 'some context type' component.swid.text.encoding = Enums.AttachmentEncoding.Base64 component.swid.url = new URL('https://localhost/swid') - component.version = '1337-beta' bom.metadata.component.dependencies.add(component.bomRef) return component - })(new Models.Component(Enums.ComponentType.Library, 'dummy-component'))) - bom.components.add(function (component) { - component.bomRef.value = 'a-component' - component.dependencies.add(new Models.BomRef('unknown foreign ref that should not be rendered')) + })(new Models.Component(Enums.ComponentType.Library, 'dummy-component', { version: '1337-beta' }))) + bom.components.add(function (component) { + // interlink everywhere bom.metadata.component.dependencies.add(component.bomRef) bom.components.forEach(c => c.dependencies.add(component.bomRef)) - return component - }(new Models.Component(Enums.ComponentType.Library, 'a-component'))) + }(new Models.Component(Enums.ComponentType.Library, 'a-component', { + bomRef: 'a-component', + dependencies: new Models.BomRefRepository([ + new Models.BomRef('unknown foreign ref that should not be rendered') + ]) + }))) return bom } diff --git a/tests/_data/normalizeResults/json_complex_spec1.4.json b/tests/_data/normalizeResults/json_complex_spec1.4.json index 62f344a3e..e135cb8c6 100644 --- a/tests/_data/normalizeResults/json_complex_spec1.4.json +++ b/tests/_data/normalizeResults/json_complex_spec1.4.json @@ -24,7 +24,14 @@ }, { "vendor": "tool vendor", - "name": "other tool" + "name": "other tool", + "externalReferences": [ + { + "url": "https://cyclonedx.org/tool-center/", + "type": "website", + "comment": "the tools that made this" + } + ] } ], "authors": [ @@ -185,4 +192,4 @@ ] } ] -} +} \ No newline at end of file diff --git a/tests/_data/normalizeResults/json_sortedLists_spec1.4.json b/tests/_data/normalizeResults/json_sortedLists_spec1.4.json index 275e3b19b..4869b7f4d 100644 --- a/tests/_data/normalizeResults/json_sortedLists_spec1.4.json +++ b/tests/_data/normalizeResults/json_sortedLists_spec1.4.json @@ -9,7 +9,14 @@ "tools": [ { "vendor": "tool vendor", - "name": "other tool" + "name": "other tool", + "externalReferences": [ + { + "url": "https://cyclonedx.org/tool-center/", + "type": "website", + "comment": "the tools that made this" + } + ] }, { "vendor": "tool vendor", @@ -185,4 +192,4 @@ ] } ] -} +} \ No newline at end of file diff --git a/tests/_data/normalizeResults/xml_complex_spec1.2.json b/tests/_data/normalizeResults/xml_complex_spec1.2.json index bf17613c3..2be2d3d49 100644 --- a/tests/_data/normalizeResults/xml_complex_spec1.2.json +++ b/tests/_data/normalizeResults/xml_complex_spec1.2.json @@ -536,4 +536,4 @@ ] } ] -} +} \ No newline at end of file diff --git a/tests/_data/normalizeResults/xml_complex_spec1.3.json b/tests/_data/normalizeResults/xml_complex_spec1.3.json index 705cff9b5..153dd0bba 100644 --- a/tests/_data/normalizeResults/xml_complex_spec1.3.json +++ b/tests/_data/normalizeResults/xml_complex_spec1.3.json @@ -536,4 +536,4 @@ ] } ] -} +} \ No newline at end of file diff --git a/tests/_data/normalizeResults/xml_complex_spec1.4.json b/tests/_data/normalizeResults/xml_complex_spec1.4.json index adf991683..81e3d672b 100644 --- a/tests/_data/normalizeResults/xml_complex_spec1.4.json +++ b/tests/_data/normalizeResults/xml_complex_spec1.4.json @@ -76,6 +76,31 @@ "type": "element", "name": "name", "children": "other tool" + }, + { + "type": "element", + "name": "externalReferences", + "children": [ + { + "type": "element", + "name": "reference", + "attributes": { + "type": "website" + }, + "children": [ + { + "type": "element", + "name": "url", + "children": "https://cyclonedx.org/tool-center/" + }, + { + "type": "element", + "name": "comment", + "children": "the tools that made this" + } + ] + } + ] } ] } @@ -550,4 +575,4 @@ ] } ] -} +} \ No newline at end of file diff --git a/tests/_data/normalizeResults/xml_sortedLists_spec1.2.json b/tests/_data/normalizeResults/xml_sortedLists_spec1.2.json index a88541d88..ea0f75675 100644 --- a/tests/_data/normalizeResults/xml_sortedLists_spec1.2.json +++ b/tests/_data/normalizeResults/xml_sortedLists_spec1.2.json @@ -536,4 +536,4 @@ ] } ] -} +} \ No newline at end of file diff --git a/tests/_data/normalizeResults/xml_sortedLists_spec1.3.json b/tests/_data/normalizeResults/xml_sortedLists_spec1.3.json index 076911b8e..e801b16be 100644 --- a/tests/_data/normalizeResults/xml_sortedLists_spec1.3.json +++ b/tests/_data/normalizeResults/xml_sortedLists_spec1.3.json @@ -536,4 +536,4 @@ ] } ] -} +} \ No newline at end of file diff --git a/tests/_data/normalizeResults/xml_sortedLists_spec1.4.json b/tests/_data/normalizeResults/xml_sortedLists_spec1.4.json index 2163df3d0..72816071d 100644 --- a/tests/_data/normalizeResults/xml_sortedLists_spec1.4.json +++ b/tests/_data/normalizeResults/xml_sortedLists_spec1.4.json @@ -33,6 +33,31 @@ "type": "element", "name": "name", "children": "other tool" + }, + { + "type": "element", + "name": "externalReferences", + "children": [ + { + "type": "element", + "name": "reference", + "attributes": { + "type": "website" + }, + "children": [ + { + "type": "element", + "name": "url", + "children": "https://cyclonedx.org/tool-center/" + }, + { + "type": "element", + "name": "comment", + "children": "the tools that made this" + } + ] + } + ] } ] }, @@ -550,4 +575,4 @@ ] } ] -} +} \ No newline at end of file diff --git a/tests/functional/Enums.ComponentScope.spec.js b/tests/functional/Enums.ComponentScope.spec.js index b6cd50cc1..635eee5c2 100644 --- a/tests/functional/Enums.ComponentScope.spec.js +++ b/tests/functional/Enums.ComponentScope.spec.js @@ -5,21 +5,22 @@ const { getSpecEnum } = require('../_data/specLoader') const { upperCamelCase } = require('../_helpers/stringFunctions') const { - Enums: { ComponentScope } + Enums: { ComponentScope }, + Spec: { Version } } = require('../../') -suite('all ComponentScopes from SPEC are available', () => { +suite('ComponentScope enum', () => { const schemas = new Map([ - ['1.2', 'bom-1.2.SNAPSHOT.schema.json'], - ['1.3', 'bom-1.3.SNAPSHOT.schema.json'], - ['1.4', 'bom-1.4.SNAPSHOT.schema.json'] + [Version.v1dot2, 'bom-1.2.SNAPSHOT.schema.json'], + [Version.v1dot3, 'bom-1.3.SNAPSHOT.schema.json'], + [Version.v1dot4, 'bom-1.4.SNAPSHOT.schema.json'] ]) schemas.forEach((resourceFile, specVersion) => - suite(`from spec ${specVersion}`, () => + suite(`from spec ${specVersion} (${resourceFile})`, () => getSpecEnum(resourceFile, 'component', 'properties', 'scope').forEach(enumValue => { const expectedName = upperCamelCase(enumValue) - test(`${expectedName} -> ${enumValue}`, () => + test(`is known: ${expectedName} -> ${enumValue}`, () => assert.strictEqual(ComponentScope[expectedName], enumValue) ) }) diff --git a/tests/functional/Enums.ComponentType.spec.js b/tests/functional/Enums.ComponentType.spec.js index 38bbab6ea..8e2ae664a 100644 --- a/tests/functional/Enums.ComponentType.spec.js +++ b/tests/functional/Enums.ComponentType.spec.js @@ -5,23 +5,27 @@ const { getSpecEnum } = require('../_data/specLoader') const { upperCamelCase } = require('../_helpers/stringFunctions') const { - Enums: { ComponentType } + Enums: { ComponentType }, + Spec: { Version, SpecVersionDict } } = require('../../') -suite('all ComponentTypes from SPEC are available', () => { +suite('ComponentType enum', () => { const schemas = new Map([ - ['1.2', 'bom-1.2.SNAPSHOT.schema.json'], - ['1.3', 'bom-1.3.SNAPSHOT.schema.json'], - ['1.4', 'bom-1.4.SNAPSHOT.schema.json'] + [Version.v1dot2, 'bom-1.2.SNAPSHOT.schema.json'], + [Version.v1dot3, 'bom-1.3.SNAPSHOT.schema.json'], + [Version.v1dot4, 'bom-1.4.SNAPSHOT.schema.json'] ]) schemas.forEach((resourceFile, specVersion) => - suite(`from spec ${specVersion}`, () => + suite(`from spec ${specVersion} (${resourceFile})`, () => getSpecEnum(resourceFile, 'component', 'properties', 'type').forEach(enumValue => { const expectedName = upperCamelCase(enumValue) - test(`${expectedName} -> ${enumValue}`, () => + test(`is known: ${expectedName} -> ${enumValue}`, () => assert.strictEqual(ComponentType[expectedName], enumValue) ) + test(`is supported: ${enumValue}`, () => + assert.ok(SpecVersionDict[specVersion]?.supportsComponentType(enumValue)) + ) }) ) ) diff --git a/tests/functional/Enums.ExternalReferenceType.spec.js b/tests/functional/Enums.ExternalReferenceType.spec.js index 7623d9be3..adaf13c96 100644 --- a/tests/functional/Enums.ExternalReferenceType.spec.js +++ b/tests/functional/Enums.ExternalReferenceType.spec.js @@ -5,18 +5,19 @@ const { getSpecEnum } = require('../_data/specLoader') const { upperCamelCase } = require('../_helpers/stringFunctions') const { - Enums: { ExternalReferenceType } + Enums: { ExternalReferenceType }, + Spec: { Version, SpecVersionDict } } = require('../../') -suite('all ExternalReferenceTypes from SPEC are available', () => { +suite('ExternalReferenceType enum', () => { const schemas = new Map([ - ['1.2', 'bom-1.2.SNAPSHOT.schema.json'], - ['1.3', 'bom-1.3.SNAPSHOT.schema.json'], - ['1.4', 'bom-1.4.SNAPSHOT.schema.json'] + [Version.v1dot2, 'bom-1.2.SNAPSHOT.schema.json'], + [Version.v1dot3, 'bom-1.3.SNAPSHOT.schema.json'], + [Version.v1dot4, 'bom-1.4.SNAPSHOT.schema.json'] ]) schemas.forEach((resourceFile, specVersion) => - suite(`from spec ${specVersion}`, () => + suite(`from spec ${specVersion} (${resourceFile})`, () => getSpecEnum(resourceFile, 'externalReference', 'properties', 'type').forEach(enumValue => { let expectedName = upperCamelCase(enumValue) switch (enumValue) { @@ -25,9 +26,12 @@ suite('all ExternalReferenceTypes from SPEC are available', () => { expectedName = enumValue.toUpperCase() break } - test(`${expectedName} -> ${enumValue}`, () => + test(`is known: ${expectedName} -> ${enumValue}`, () => assert.strictEqual(ExternalReferenceType[expectedName], enumValue) ) + test(`is supported: ${enumValue}`, () => + assert.ok(SpecVersionDict[specVersion]?.supportsExternalReferenceType(enumValue)) + ) }) ) ) diff --git a/tests/functional/Enums.HashAlogorithms.spec.js b/tests/functional/Enums.HashAlogorithms.spec.js index 9c7287ee6..86be7d9cd 100644 --- a/tests/functional/Enums.HashAlogorithms.spec.js +++ b/tests/functional/Enums.HashAlogorithms.spec.js @@ -5,23 +5,27 @@ const { getSpecEnum } = require('../_data/specLoader') const { capitaliseFirstLetter } = require('../_helpers/stringFunctions') const { - Enums: { HashAlgorithm } + Enums: { HashAlgorithm }, + Spec: { Version, SpecVersionDict } } = require('../../') -suite('all HashAlgorithms from SPEC are available', () => { +suite('HashAlgorithm enum', () => { const schemas = new Map([ - ['1.2', 'bom-1.2.SNAPSHOT.schema.json'], - ['1.3', 'bom-1.3.SNAPSHOT.schema.json'], - ['1.4', 'bom-1.4.SNAPSHOT.schema.json'] + [Version.v1dot2, 'bom-1.2.SNAPSHOT.schema.json'], + [Version.v1dot3, 'bom-1.3.SNAPSHOT.schema.json'], + [Version.v1dot4, 'bom-1.4.SNAPSHOT.schema.json'] ]) schemas.forEach((resourceFile, specVersion) => - suite(`from spec ${specVersion}`, () => + suite(`from spec ${specVersion} (${resourceFile})`, () => getSpecEnum(resourceFile, 'hash-alg').forEach(enumValue => { const expectedName = capitaliseFirstLetter(enumValue) - test(`${expectedName} -> ${enumValue}`, () => + test(`is known: ${expectedName} -> ${enumValue}`, () => assert.strictEqual(HashAlgorithm[expectedName], enumValue) ) + test(`is supported: ${enumValue}`, () => + assert.ok(SpecVersionDict[specVersion]?.supportsHashAlgorithm(enumValue)) + ) }) ) ) diff --git a/tests/integration/JsonNormalize.test.js b/tests/integration/JsonNormalize.test.js index b137e49eb..7e320315a 100644 --- a/tests/integration/JsonNormalize.test.js +++ b/tests/integration/JsonNormalize.test.js @@ -31,11 +31,10 @@ describe('JSON normalize', () => { it('can normalize', function () { const normalized = normalizerFactory.makeForBom() .normalize(this.bom, {}) - const json = JSON.stringify(normalized) + const json = JSON.stringify(normalized, null, 2) /* uncomment next line to dump data */ // writeNormalizeResult(json, 'json_complex', spec.version, 'json') - assert.deepStrictEqual( JSON.parse(json), JSON.parse(loadNormalizeResult('json_complex', spec.version, 'json')) @@ -45,11 +44,10 @@ describe('JSON normalize', () => { it('can normalize with sorted lists', function () { const normalized = normalizerFactory.makeForBom() .normalize(this.bom, { sortLists: true }) - const json = JSON.stringify(normalized) + const json = JSON.stringify(normalized, null, 2) /* uncomment next line to dump data */ // writeNormalizeResult(json, 'json_sortedLists', spec.version, 'json') - assert.deepStrictEqual( JSON.parse(json), JSON.parse(loadNormalizeResult('json_sortedLists', spec.version, 'json')) diff --git a/tests/integration/XmlNormalize.test.js b/tests/integration/XmlNormalize.test.js index a794bbaac..0ec09a8c9 100644 --- a/tests/integration/XmlNormalize.test.js +++ b/tests/integration/XmlNormalize.test.js @@ -12,7 +12,7 @@ const { Spec: { Spec1dot2, Spec1dot3, Spec1dot4 } } = require('../../') -describe('JSON normalize', () => { +describe('XML normalize', () => { [ Spec1dot2, Spec1dot3, @@ -31,11 +31,10 @@ describe('JSON normalize', () => { it('can normalize', function () { const normalized = normalizerFactory.makeForBom() .normalize(this.bom, {}) - const json = JSON.stringify(normalized) + const json = JSON.stringify(normalized, null, 2) /* uncomment next line to dump data */ // writeNormalizeResult(json, 'xml_complex', spec.version, 'json') - assert.deepStrictEqual( JSON.parse(json), JSON.parse(loadNormalizeResult('xml_complex', spec.version, 'json')) @@ -45,11 +44,10 @@ describe('JSON normalize', () => { it('can normalize with sorted lists', function () { const normalized = normalizerFactory.makeForBom() .normalize(this.bom, { sortLists: true }) - const json = JSON.stringify(normalized) + const json = JSON.stringify(normalized, null, 2) /* uncomment next line to dump data */ // writeNormalizeResult(json, 'xml_sortedLists', spec.version, 'json') - assert.deepStrictEqual( JSON.parse(json), JSON.parse(loadNormalizeResult('xml_sortedLists', spec.version, 'json')) diff --git a/tests/unit/Factories.LicenseFactory.spec.js b/tests/unit/Factories.LicenseFactory.spec.js index 3d4466abc..778bf7376 100644 --- a/tests/unit/Factories.LicenseFactory.spec.js +++ b/tests/unit/Factories.LicenseFactory.spec.js @@ -23,8 +23,8 @@ suite('LicenseFactory', () => { assert.ok(license instanceof NamedLicense) assert.strictEqual(license.name, '(c) foo bar') - assert.strictEqual(license.text, null) - assert.strictEqual(license.url, null) + assert.strictEqual(license.text, undefined) + assert.strictEqual(license.url, undefined) }) test('makeFromString() -> SpdxLicense', () => { @@ -34,7 +34,7 @@ suite('LicenseFactory', () => { assert.ok(license instanceof SpdxLicense) assert.strictEqual(license.id, 'MIT') - assert.strictEqual(license.text, null) - assert.strictEqual(license.url, null) + assert.strictEqual(license.text, undefined) + assert.strictEqual(license.url, undefined) }) }) diff --git a/tests/unit/Models.Bom.spec.js b/tests/unit/Models.Bom.spec.js index a0661b6fc..d0d2a0815 100644 --- a/tests/unit/Models.Bom.spec.js +++ b/tests/unit/Models.Bom.spec.js @@ -14,7 +14,26 @@ suite('BOM', () => { assert.ok(bom.components instanceof ComponentRepository) assert.equal(bom.components.size, 0) assert.strictEqual(bom.version, 1) - assert.strictEqual(bom.serialNumber, null) + assert.strictEqual(bom.serialNumber, undefined) + }) + + test('construct with preset properties', () => { + const version = Math.round(Math.random() * 1000) + const serialNumber = 'urn:uuid:12345678-4321-0987-6547-abcdef123456' + const metadata = new Metadata() + const components = new ComponentRepository() + + const bom = new Bom({ + version, + serialNumber, + metadata, + components + }) + + assert.strictEqual(bom.version, version) + assert.strictEqual(bom.serialNumber, serialNumber) + assert.strictEqual(bom.metadata, metadata) + assert.strictEqual(bom.components, components) }) suite('can set version', () => From 21e445a74610a620e82cd148f167e6927504f306 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Tue, 31 May 2022 19:56:43 +0200 Subject: [PATCH 162/233] wip Signed-off-by: Jan Kowalleck --- src/builders/ExternalReferenceRepository.ts | 61 --------------------- src/builders/Tool.ts | 28 ---------- src/builders/index.ts | 2 - 3 files changed, 91 deletions(-) delete mode 100644 src/builders/ExternalReferenceRepository.ts delete mode 100644 src/builders/Tool.ts delete mode 100644 src/builders/index.ts diff --git a/src/builders/ExternalReferenceRepository.ts b/src/builders/ExternalReferenceRepository.ts deleted file mode 100644 index 2b3b6df90..000000000 --- a/src/builders/ExternalReferenceRepository.ts +++ /dev/null @@ -1,61 +0,0 @@ -import { ExternalReference, ExternalReferenceRepository } from '../models' -import { ExternalReferenceType } from '../enums' -import { isNotUndefined } from '../helpers/types' - -export class ExternalReferenceRepositoryBuilder { - makeFromPackage (data: any): ExternalReferenceRepository { - const refs: Array = [] - - try { refs.push(this.#getVcs(data)) } catch (err) { /* pass */ } - try { refs.push(this.#getHomepage(data)) } catch (err) { /* pass */ } - try { refs.push(this.#getIssueTracker(data)) } catch (err) { /* pass */ } - - return new ExternalReferenceRepository(refs.filter(isNotUndefined)) - } - - #getVcs (data: any): ExternalReference | undefined { - let url: string | undefined - let comment: string | undefined - - const repository = data.repository - if (typeof repository === 'string') { - url = repository - comment = 'as detected from package property "repository"' - } else if (typeof repository === 'object') { - if (typeof repository.url === 'string') { - url = repository.url - comment = 'as detected from package property "repository.url"' - } else if (typeof repository.directory === 'string') { - url = repository.directory - comment = 'as detected from package property "repository.directory"' - } - } - - return url === undefined - ? undefined - : new ExternalReference(url, ExternalReferenceType.VCS, { comment }) - } - - #getHomepage (data: any): ExternalReference | undefined { - const homepage = data.homepage - return typeof homepage === 'string' - ? new ExternalReference(homepage, ExternalReferenceType.Website, { comment: 'as detected from package property "homepage' }) - : undefined - } - - #getIssueTracker (data: any): ExternalReference | undefined { - const bugs = data.bugs - let url: string | undefined - let comment: string | undefined - if (typeof bugs === 'string') { - url = bugs - comment = 'as detected from package property "bugs"' - } else if (typeof bugs === 'object' && typeof bugs.url === 'string') { - url = bugs.url - comment = 'as detected from package property "bugs.url"' - } - return url === undefined - ? undefined - : new ExternalReference(url, ExternalReferenceType.IssueTracker, { comment }) - } -} diff --git a/src/builders/Tool.ts b/src/builders/Tool.ts deleted file mode 100644 index 928dc4cd8..000000000 --- a/src/builders/Tool.ts +++ /dev/null @@ -1,28 +0,0 @@ -import { Tool } from '../models' -import { ExternalReferenceRepositoryBuilder } from './ExternalReferenceRepository' - -export class ToolBuilder { - #extRefRepoBuilder: ExternalReferenceRepositoryBuilder - constructor (extRefRepoBuilder: ExternalReferenceRepositoryBuilder) { - this.#extRefRepoBuilder = extRefRepoBuilder - } - - makeFromPackage (data: any): Tool | undefined { - if (typeof data.name !== 'string') { - return undefined - } - const [np1, np2] = data.name.split('/', 2) - - const tool = new Tool() - tool.name = np2 ?? np1 - tool.vendor = np2 === undefined - ? undefined - : np1.replace(/^@/, '') - if (typeof data.version === 'string') { - tool.version = data.version - } - tool.externalReferences = this.#extRefRepoBuilder.makeFromPackage(data) - - return tool - } -} diff --git a/src/builders/index.ts b/src/builders/index.ts deleted file mode 100644 index cb82e7d29..000000000 --- a/src/builders/index.ts +++ /dev/null @@ -1,2 +0,0 @@ -export * from './ExternalReferenceRepository' -export * from './Tool' From 6ef7838d7e41eeae5784cd35b7dbd71e155a695c Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Tue, 31 May 2022 21:12:45 +0200 Subject: [PATCH 163/233] Resources (#48) * wip Signed-off-by: Jan Kowalleck * resouces Signed-off-by: Jan Kowalleck --- res/README.md | 2 +- res/bom-1.4.SNAPSHOT.schema.json | 2 +- ...ema.json => jsf-0.82.SNAPSHOT.schema.json} | 0 src/_index.node.ts | 1 + src/resources.node.ts | 40 ++++++++++++++++++ tests/functional/Resources.node.spec.js | 42 +++++++++++++++++++ 6 files changed, 85 insertions(+), 2 deletions(-) rename res/{jsf-0.82.schema.json => jsf-0.82.SNAPSHOT.schema.json} (100%) create mode 100644 src/resources.node.ts create mode 100644 tests/functional/Resources.node.spec.js diff --git a/res/README.md b/res/README.md index d2a5fdf99..d03299769 100644 --- a/res/README.md +++ b/res/README.md @@ -24,4 +24,4 @@ Currently using version | [`bom-1.3-strict.SNAPSHOT.schema.json`](bom-1.3-strict.SNAPSHOT.schema.json) | `spdx.schema.json` was replaced with `spdx.SNAPSHOT.schema.json` | | [`spdx.SNAPSHOT.xsd`](spdx.SNAPSHOT.xsd) | | | [`spdx.SNAPSHOT.schema.json`](spdx.SNAPSHOT.schema.json) | | -| [`jsf-0.82.schema.json`](jsf-0.82.schema.json) | | +| [`jsf-0.82.SNAPSHOT.schema.json`](jsf-0.82.SNAPSHOT.schema.json) | | diff --git a/res/bom-1.4.SNAPSHOT.schema.json b/res/bom-1.4.SNAPSHOT.schema.json index e9d511281..be70fcc54 100644 --- a/res/bom-1.4.SNAPSHOT.schema.json +++ b/res/bom-1.4.SNAPSHOT.schema.json @@ -1689,7 +1689,7 @@ "maxLength": 1024 }, "signature": { - "$ref": "jsf-0.82.schema.json#/definitions/signature", + "$ref": "jsf-0.82.SNAPSHOT.schema.json#/definitions/signature", "title": "Signature", "description": "Enveloped signature in [JSON Signature Format (JSF)](https://cyberphone.github.io/doc/security/jsf.html)." } diff --git a/res/jsf-0.82.schema.json b/res/jsf-0.82.SNAPSHOT.schema.json similarity index 100% rename from res/jsf-0.82.schema.json rename to res/jsf-0.82.SNAPSHOT.schema.json diff --git a/src/_index.node.ts b/src/_index.node.ts index 12799ba9f..b8760f588 100644 --- a/src/_index.node.ts +++ b/src/_index.node.ts @@ -5,4 +5,5 @@ export * as Serialize from './serialize/_index.node' export * as SPDX from './spdx' export * as Spec from './spec' export * as Types from './types' +export * as Resources from './resources.node' // do not export the helpers, they are for internal use only diff --git a/src/resources.node.ts b/src/resources.node.ts new file mode 100644 index 000000000..333dadc0d --- /dev/null +++ b/src/resources.node.ts @@ -0,0 +1,40 @@ +import path from 'path' + +import { Version } from './spec' + +/** @internal */ +export const ROOT = path.resolve(__dirname, '..', 'res') + +/** @internal */ +export const FILES = Object.freeze({ + CDX: Object.freeze({ + XML_SCHEMA: Object.freeze(Object.fromEntries([ + [Version.v1dot0, path.resolve(ROOT, 'bom-1.0.SNAPSHOT.xsd')], + [Version.v1dot1, path.resolve(ROOT, 'bom-1.1.SNAPSHOT.xsd')], + [Version.v1dot2, path.resolve(ROOT, 'bom-1.2.SNAPSHOT.xsd')], + [Version.v1dot3, path.resolve(ROOT, 'bom-1.3.SNAPSHOT.xsd')], + [Version.v1dot4, path.resolve(ROOT, 'bom-1.4.SNAPSHOT.xsd')] + ])), + JSON_SCHEMA: Object.freeze(Object.fromEntries([ + // v1.0 is not defined in JSON + // v1.1 is not defined in JSON + [Version.v1dot2, path.resolve(ROOT, 'bom-1.2.SNAPSHOT.schema.json')], + [Version.v1dot3, path.resolve(ROOT, 'bom-1.3.SNAPSHOT.schema.json')], + [Version.v1dot4, path.resolve(ROOT, 'bom-1.4.SNAPSHOT.schema.json')] + ])), + JSON_STRICT_SCHEMA: Object.freeze(Object.fromEntries([ + // v1.0 is not defined in JSON + // v1.1 is not defined in JSON + [Version.v1dot2, path.resolve(ROOT, 'bom-1.2-strict.SNAPSHOT.schema.json')], + [Version.v1dot3, path.resolve(ROOT, 'bom-1.3-strict.SNAPSHOT.schema.json')] + // v1.4 is already strict - no special file here + ])) + }), + SPDX: Object.freeze({ + XML_SCHEMA: path.resolve(ROOT, 'spdx.SNAPSHOT.xsd'), + JSON_SCHEMA: path.resolve(ROOT, 'spdx.SNAPSHOT.schema.json') + }), + JSF: Object.freeze({ + JSON_SCHEMA: path.resolve(ROOT, 'jsf-0.82.SNAPSHOT.schema.json') + }) +}) diff --git a/tests/functional/Resources.node.spec.js b/tests/functional/Resources.node.spec.js new file mode 100644 index 000000000..12ec2a384 --- /dev/null +++ b/tests/functional/Resources.node.spec.js @@ -0,0 +1,42 @@ +const fs = require('fs') +const assert = require('assert') +const { suite, test } = require('mocha') + +const { + Resources, + Spec: { Version } +} = require('../../') + +suite('Resources', () => { + suite('expected dir', () => { + [ + Resources.ROOT + ].forEach(expectedDir => + test(`${expectedDir}`, () => + assert.ok(fs.lstatSync(expectedDir).isDirectory()) + ) + ) + }) + + suite('expected files', () => { + [ + Resources.FILES.CDX.JSON_SCHEMA[Version.v1dot2], + Resources.FILES.CDX.JSON_SCHEMA[Version.v1dot3], + Resources.FILES.CDX.JSON_SCHEMA[Version.v1dot4], + Resources.FILES.CDX.JSON_STRICT_SCHEMA[Version.v1dot2], + Resources.FILES.CDX.JSON_STRICT_SCHEMA[Version.v1dot3], + Resources.FILES.CDX.XML_SCHEMA[Version.v1dot0], + Resources.FILES.CDX.XML_SCHEMA[Version.v1dot1], + Resources.FILES.CDX.XML_SCHEMA[Version.v1dot2], + Resources.FILES.CDX.XML_SCHEMA[Version.v1dot3], + Resources.FILES.CDX.XML_SCHEMA[Version.v1dot4], + Resources.FILES.SPDX.JSON_SCHEMA, + Resources.FILES.SPDX.XML_SCHEMA, + Resources.FILES.JSF.JSON_SCHEMA + ].forEach(expectedFile => + test(`${expectedFile}`, () => + assert.ok(fs.lstatSync(expectedFile).isFile()) + ) + ) + }) +}) From 5bb1e9f7c4d78512fcf4919d517ee1154b1458f0 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Tue, 31 May 2022 21:33:21 +0200 Subject: [PATCH 164/233] wip Signed-off-by: Jan Kowalleck --- src/models/bom.ts | 8 ++++++-- src/models/component.ts | 5 ++++- src/models/license.ts | 8 ++++---- src/models/swid.ts | 5 ++++- src/serialize/json/normalize.ts | 9 +++++++-- src/serialize/jsonSerializer.ts | 2 +- src/serialize/xml/normalize.ts | 9 +++++++-- src/serialize/xmlBaseSerializer.ts | 2 +- 8 files changed, 34 insertions(+), 14 deletions(-) diff --git a/src/models/bom.ts b/src/models/bom.ts index e4d4ca235..7cca9a1fd 100644 --- a/src/models/bom.ts +++ b/src/models/bom.ts @@ -25,6 +25,10 @@ export class Bom { // Property `dependencies` is not part of this model, but part of `Component` and other models. // The dependency graph can be normalized on render-time, no need to store it in the bom model. + /** + * @throws {TypeError} if {@see op.version} is not {@see PositiveInteger} nor {@see undefined} + * @throws {TypeError} if {@see op.serialNumber} is neither {@see UrnUuid} nor {@see undefined} + */ constructor (op: OptionalProperties = {}) { this.metadata = op.metadata ?? new Metadata() this.components = op.components ?? new ComponentRepository() @@ -37,7 +41,7 @@ export class Bom { } /** - * @throws {TypeError} if value is not PositiveInteger + * @throws {TypeError} if value is not {@see PositiveInteger} */ set version (value: PositiveInteger) { if (!isPositiveInteger(value)) { @@ -51,7 +55,7 @@ export class Bom { } /** - * @throws {TypeError} if value is neither UrnUuid nor undefined + * @throws {TypeError} if value is neither {@see UrnUuid} nor {@see undefined} */ set serialNumber (value: UrnUuid | undefined) { if (value !== undefined && !isUrnUuid(value)) { diff --git a/src/models/component.ts b/src/models/component.ts index a15c25391..53b98b4fb 100644 --- a/src/models/component.ts +++ b/src/models/component.ts @@ -52,6 +52,9 @@ export class Component { /** @see cpe */ #cpe?: CPE + /** + * @throws {TypeError} if {@see op.cpe} is neither {@see CPE} nor {@see undefined} + */ constructor (type: ComponentType, name: string, op: OptionalProperties = {}) { this.#bomRef = new BomRef(op.bomRef) this.type = type @@ -80,7 +83,7 @@ export class Component { } /** - * @throws {TypeError} if value is neither CPE nor null + * @throws {TypeError} if value is neither {@see CPE} nor {@see undefined} */ set cpe (value: CPE | undefined) { if (value !== undefined && !isCPE(value)) { diff --git a/src/models/license.ts b/src/models/license.ts index fe1720e8e..ae93a34e0 100644 --- a/src/models/license.ts +++ b/src/models/license.ts @@ -14,7 +14,7 @@ export class LicenseExpression { #expression!: string /** - * @throws {RangeError} if expression is not eligible + * @throws {RangeError} if {@see expression} is not eligible({@see LicenseExpression.isEligibleExpression}) */ constructor (expression: string) { this.expression = expression @@ -25,7 +25,7 @@ export class LicenseExpression { } /** - * @throws {RangeError} if expression is not eligible + * @throws {RangeError} if expression is not eligible({@see LicenseExpression.isEligibleExpression}) */ set expression (value: string) { if (!LicenseExpression.isEligibleExpression(value)) { @@ -73,7 +73,7 @@ export class SpdxLicense { #id!: SpdxId /** - * @throws {RangeError} if value is not supported SPDX id + * @throws {RangeError} if {@see id} is not supported SPDX id({@see isSupportedSpdxId}) */ constructor (id: SpdxId, op: SpdxLicenseOptionalProperties = {}) { this.id = id @@ -86,7 +86,7 @@ export class SpdxLicense { } /** - * @throws {RangeError} if value is not supported SPDX id + * @throws {RangeError} if value is not supported SPDX id({@see isSupportedSpdxId}) */ set id (value: SpdxId) { if (!isSupportedSpdxId(value)) { diff --git a/src/models/swid.ts b/src/models/swid.ts index 2e753e7b3..c06f880bc 100644 --- a/src/models/swid.ts +++ b/src/models/swid.ts @@ -23,6 +23,9 @@ export class SWID { /** @see tagVersion */ #tagVersion?: NonNegativeInteger + /** + * @throws {TypeError} if {@see op.tagVersion} is neither {@see NonNegativeInteger} nor {@see undefined} + */ constructor (tagId: string, name: string, op: OptionalProperties = {}) { this.tagId = tagId this.name = name @@ -38,7 +41,7 @@ export class SWID { } /** - * @throws {TypeError} if value is neither NonNegativeInteger nor undefined + * @throws {TypeError} if value is neither {@see NonNegativeInteger} nor {@see undefined} */ set tagVersion (value: NonNegativeInteger | undefined) { if (value !== undefined && !isNonNegativeInteger(value)) { diff --git a/src/serialize/json/normalize.ts b/src/serialize/json/normalize.ts index 3bbf7066f..55ee8daa4 100644 --- a/src/serialize/json/normalize.ts +++ b/src/serialize/json/normalize.ts @@ -5,10 +5,14 @@ import { NormalizerOptions } from '../types' import { JsonSchema, Normalized } from './types' export class Factory { - readonly spec: Spec + readonly #spec: Spec constructor (spec: Spec) { - this.spec = spec + this.#spec = spec + } + + get spec (): Spec { + return this.#spec } makeForBom (): BomNormalizer { @@ -268,6 +272,7 @@ export class LicenseNormalizer extends Base { case data instanceof Models.LicenseExpression: return this.#normalizeLicenseExpression(data as Models.LicenseExpression) default: + // this case is not expected to happen - and therefore is undocumented throw new TypeError('Unexpected LicenseChoice') } } diff --git a/src/serialize/jsonSerializer.ts b/src/serialize/jsonSerializer.ts index 778e8ad63..ed12d4712 100644 --- a/src/serialize/jsonSerializer.ts +++ b/src/serialize/jsonSerializer.ts @@ -12,7 +12,7 @@ export class JsonSerializer extends BaseSerializer { readonly #normalizerFactory: NormalizerFactory /** - * @throws {UnsupportedFormatError} if spec does not support JSON format. + * @throws {UnsupportedFormatError} if {@see NormalizerFactory.spec} does not support {@see Format.JSON}. */ constructor (normalizerFactory: NormalizerFactory) { if (!normalizerFactory.spec.supportsFormat(Format.JSON)) { diff --git a/src/serialize/xml/normalize.ts b/src/serialize/xml/normalize.ts index 4d2e73384..55d7f12c7 100644 --- a/src/serialize/xml/normalize.ts +++ b/src/serialize/xml/normalize.ts @@ -5,10 +5,14 @@ import { NormalizerOptions } from '../types' import { SimpleXml, XmlSchema } from './types' export class Factory { - readonly spec: Spec + readonly #spec: Spec constructor (spec: Spec) { - this.spec = spec + this.#spec = spec + } + + get spec (): Spec { + return this.#spec } makeForBom (): BomNormalizer { @@ -353,6 +357,7 @@ export class LicenseNormalizer extends Base { case data instanceof Models.LicenseExpression: return this.#normalizeLicenseExpression(data as Models.LicenseExpression) default: + // this case is not expected to happen - and therefore is undocumented throw new TypeError('Unexpected LicenseChoice') } } diff --git a/src/serialize/xmlBaseSerializer.ts b/src/serialize/xmlBaseSerializer.ts index 54d64cce7..0918d1285 100644 --- a/src/serialize/xmlBaseSerializer.ts +++ b/src/serialize/xmlBaseSerializer.ts @@ -12,7 +12,7 @@ export abstract class XmlBaseSerializer extends BaseSerializer Date: Tue, 31 May 2022 21:37:22 +0200 Subject: [PATCH 165/233] wip Signed-off-by: Jan Kowalleck --- package.json | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/package.json b/package.json index 0962b2bfa..9341d7893 100644 --- a/package.json +++ b/package.json @@ -2,6 +2,15 @@ "name": "@cyclonedx/cyclonedx-library", "version": "0.0.1-alpha", "description": "Core functionality of CDX for JavaScript (node or web-browser)", + "keywords": [ + "CycloneDX", + "SBOM", "BOM", "inventory", "bill-of-materials", "software-bill-of-materials", + "component", "dependency", + "package-url", "PURL", + "appsec", + "scrm", + "spdx" + ], "repository": { "type": "git", "url": "https://github.com/CycloneDX/cyclonedx-javascript-library" From 0805a6913dd40bfd65972df3da872c911e64a329 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Tue, 31 May 2022 21:38:40 +0200 Subject: [PATCH 166/233] wip Signed-off-by: Jan Kowalleck --- package.json | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/package.json b/package.json index 9341d7893..6e9d038b5 100644 --- a/package.json +++ b/package.json @@ -19,7 +19,10 @@ "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues" }, "license": "Apache-2.0", - "author": "Jan Kowalleck", + "author": { + "name": "Jan Kowalleck", + "email": "jan.kowalleck@gmail.com" + }, "contributors": [ { "name": "Jan Kowalleck" From 72e82c1ce5ab73e064ccb780cb841652ba8085b7 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Tue, 31 May 2022 21:39:13 +0200 Subject: [PATCH 167/233] wip Signed-off-by: Jan Kowalleck --- package.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/package.json b/package.json index 6e9d038b5..db7ef9220 100644 --- a/package.json +++ b/package.json @@ -25,7 +25,8 @@ }, "contributors": [ { - "name": "Jan Kowalleck" + "name": "Jan Kowalleck", + "email": "jan.kowalleck@gmail.com" } ], "type": "commonjs", From 0ff6dc0f57e42e42d7288fb5dc2e99d338ac07ff Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Tue, 31 May 2022 21:40:00 +0200 Subject: [PATCH 168/233] wip Signed-off-by: Jan Kowalleck --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index db7ef9220..4c4b33c28 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@cyclonedx/cyclonedx-library", - "version": "0.0.1-alpha", + "version": "0.0.1-beta", "description": "Core functionality of CDX for JavaScript (node or web-browser)", "keywords": [ "CycloneDX", From 161c4f3fea955758b204fb109b82f3d89b2a01c4 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Tue, 31 May 2022 22:24:24 +0200 Subject: [PATCH 169/233] wip Signed-off-by: Jan Kowalleck --- .eslintignore | 5 +++++ .eslintrc.js | 8 ++------ 2 files changed, 7 insertions(+), 6 deletions(-) create mode 100644 .eslintignore diff --git a/.eslintignore b/.eslintignore new file mode 100644 index 000000000..b46756cfb --- /dev/null +++ b/.eslintignore @@ -0,0 +1,5 @@ +/dist/** +/dist.*/** +/node_modules/** + +!/src/** diff --git a/.eslintrc.js b/.eslintrc.js index 71740bbb5..3f159e233 100644 --- a/.eslintrc.js +++ b/.eslintrc.js @@ -1,14 +1,10 @@ // https://eslint.org/ +/** @type {import('eslint').Linter.Config} */ module.exports = { root: true, // see https://github.com/standard/ts-standard extends: 'standard-with-typescript', parserOptions: { project: './tsconfig.json' - }, - ignorePatterns: [ - 'dist/', - 'dist.*/', - 'node_modules/' - ] + } } From 6278fba7464fb8a6f292c64669801579198332a0 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Tue, 31 May 2022 22:34:44 +0200 Subject: [PATCH 170/233] wip Signed-off-by: Jan Kowalleck --- .eslintrc.js | 6 ++++-- package-lock.json | 27 +++++++++++++++++++++++++-- package.json | 13 ++++++++++--- webpack.config.js | 4 +++- 4 files changed, 42 insertions(+), 8 deletions(-) diff --git a/.eslintrc.js b/.eslintrc.js index 3f159e233..04a201b18 100644 --- a/.eslintrc.js +++ b/.eslintrc.js @@ -1,5 +1,7 @@ -// https://eslint.org/ -/** @type {import('eslint').Linter.Config} */ +/** + * @see {@link https://eslint.org/} + * @type {import('eslint').Linter.Config} + */ module.exports = { root: true, // see https://github.com/standard/ts-standard diff --git a/package-lock.json b/package-lock.json index 7bfb5945d..c999c858a 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,18 +1,19 @@ { "name": "@cyclonedx/cyclonedx-library", - "version": "0.0.1-alpha", + "version": "0.0.1-beta", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "@cyclonedx/cyclonedx-library", - "version": "0.0.1-alpha", + "version": "0.0.1-beta", "license": "Apache-2.0", "dependencies": { "packageurl-js": "^0.0.6" }, "devDependencies": { "@types/node": "^17.0.36", + "@types/webpack": "^5.28.0", "deepmerge": "4.2.2", "mocha": "10.0.0", "ts-loader": "9.3.0", @@ -331,6 +332,17 @@ "integrity": "sha512-V3orv+ggDsWVHP99K3JlwtH20R7J4IhI1Kksgc+64q5VxgfRkQG8Ws3MFm/FZOKDYGy9feGFlZ70/HpCNe9QaA==", "dev": true }, + "node_modules/@types/webpack": { + "version": "5.28.0", + "resolved": "https://registry.npmjs.org/@types/webpack/-/webpack-5.28.0.tgz", + "integrity": "sha512-8cP0CzcxUiFuA9xGJkfeVpqmWTk9nx6CWwamRGCj95ph1SmlRRk9KlCZ6avhCbZd4L68LvYT6l1kpdEnQXrF8w==", + "dev": true, + "dependencies": { + "@types/node": "*", + "tapable": "^2.2.0", + "webpack": "^5" + } + }, "node_modules/@typescript-eslint/eslint-plugin": { "version": "4.33.0", "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-4.33.0.tgz", @@ -5198,6 +5210,17 @@ "integrity": "sha512-V3orv+ggDsWVHP99K3JlwtH20R7J4IhI1Kksgc+64q5VxgfRkQG8Ws3MFm/FZOKDYGy9feGFlZ70/HpCNe9QaA==", "dev": true }, + "@types/webpack": { + "version": "5.28.0", + "resolved": "https://registry.npmjs.org/@types/webpack/-/webpack-5.28.0.tgz", + "integrity": "sha512-8cP0CzcxUiFuA9xGJkfeVpqmWTk9nx6CWwamRGCj95ph1SmlRRk9KlCZ6avhCbZd4L68LvYT6l1kpdEnQXrF8w==", + "dev": true, + "requires": { + "@types/node": "*", + "tapable": "^2.2.0", + "webpack": "^5" + } + }, "@typescript-eslint/eslint-plugin": { "version": "4.33.0", "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-4.33.0.tgz", diff --git a/package.json b/package.json index 4c4b33c28..7e90e6ff0 100644 --- a/package.json +++ b/package.json @@ -4,9 +4,15 @@ "description": "Core functionality of CDX for JavaScript (node or web-browser)", "keywords": [ "CycloneDX", - "SBOM", "BOM", "inventory", "bill-of-materials", "software-bill-of-materials", - "component", "dependency", - "package-url", "PURL", + "SBOM", + "BOM", + "inventory", + "bill-of-materials", + "software-bill-of-materials", + "component", + "dependency", + "package-url", + "PURL", "appsec", "scrm", "spdx" @@ -38,6 +44,7 @@ }, "devDependencies": { "@types/node": "^17.0.36", + "@types/webpack": "^5.28.0", "deepmerge": "4.2.2", "mocha": "10.0.0", "ts-loader": "9.3.0", diff --git a/webpack.config.js b/webpack.config.js index 46fcfe138..e39680179 100644 --- a/webpack.config.js +++ b/webpack.config.js @@ -1,7 +1,9 @@ const path = require('path') const deepmerge = require('deepmerge') -// see https://webpack.js.org/guides/author-libraries/ +/** + * @see {@link https://webpack.js.org/guides/author-libraries/} + */ const configBase = { target: 'web', // mode: '', From 25483157c665e4a39575c6ce1704675dc1d4462d Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Tue, 31 May 2022 23:37:01 +0200 Subject: [PATCH 171/233] wip Signed-off-by: Jan Kowalleck --- package.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/package.json b/package.json index 7e90e6ff0..f328e2e31 100644 --- a/package.json +++ b/package.json @@ -70,10 +70,10 @@ "build:node": "tsc -b ./tsconfig.node.json", "prebuild:web": "node -r fs -e 'fs.rmSync(\"dist.web\",{recursive:true,force:true})'", "build:web": "webpack", - "cs-fix": "ts-standard --fix", + "cs-fix": "eslint --fix .", "test": " npm run test:standard && npm run test:web && npm run test:node", "test:node": "mocha", "test:web": "node -e 'console.log(\"todo: write web test\")'", - "test:standard": "ts-standard" + "test:standard": "eslint ." } } From edf954b73bdc74157237e91d803be2a99060745a Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Wed, 1 Jun 2022 00:14:33 +0200 Subject: [PATCH 172/233] wip Signed-off-by: Jan Kowalleck --- .eslintrc.js | 18 +++++++++++ .mocharc.js | 24 ++++++++++++-- README.md | 31 +++++++++++++++++-- examples/node/example.cjs | 18 +++++++++++ examples/node/example.mjs | 18 +++++++++++ examples/web-browser.html | 18 +++++++++++ package-lock.json | 13 ++++++++ package.json | 1 + src/_index.node.ts | 18 +++++++++++ src/_index.web.ts | 18 +++++++++++ src/enums/attachmentEncoding.ts | 18 +++++++++++ src/enums/componentScope.ts | 18 +++++++++++ src/enums/componentType.ts | 18 +++++++++++ src/enums/externalReferenceType.ts | 18 +++++++++++ src/enums/hashAlogorithm.ts | 18 +++++++++++ src/enums/index.ts | 18 +++++++++++ src/factories/index.ts | 18 +++++++++++ src/factories/licenseFactory.ts | 18 +++++++++++ src/helpers/types.ts | 17 ++++++++++ src/models/attachment.ts | 18 +++++++++++ src/models/bom.ts | 18 +++++++++++ src/models/bomRef.ts | 18 +++++++++++ src/models/component.ts | 18 +++++++++++ src/models/externalReference.ts | 18 +++++++++++ src/models/hash.ts | 18 +++++++++++ src/models/index.ts | 18 +++++++++++ src/models/license.ts | 18 +++++++++++ src/models/metadata.ts | 18 +++++++++++ src/models/organizationalContact.ts | 18 +++++++++++ src/models/organizationalEntity.ts | 18 +++++++++++ src/models/swid.ts | 18 +++++++++++ src/models/tool.ts | 18 +++++++++++ src/resources.node.ts | 18 +++++++++++ src/serialize/_index.node.ts | 18 +++++++++++ src/serialize/_index.web.ts | 18 +++++++++++ src/serialize/baseSerializer.ts | 18 +++++++++++ src/serialize/bomRefDiscriminator.ts | 18 +++++++++++ src/serialize/index.ts | 18 +++++++++++ src/serialize/json/index.ts | 18 +++++++++++ src/serialize/json/normalize.ts | 18 +++++++++++ src/serialize/json/types.ts | 18 +++++++++++ src/serialize/jsonSerializer.ts | 18 +++++++++++ src/serialize/types.ts | 18 +++++++++++ src/serialize/xml/index.ts | 18 +++++++++++ src/serialize/xml/normalize.ts | 18 +++++++++++ src/serialize/xml/types.ts | 18 +++++++++++ src/serialize/xmlBaseSerializer.ts | 18 +++++++++++ src/serialize/xmlSerializer.web.ts | 18 +++++++++++ src/spdx.ts | 18 +++++++++++ src/spec.ts | 18 ++++++++++- src/types/cpe.ts | 18 +++++++++++ src/types/index.ts | 18 +++++++++++ src/types/integer.ts | 18 +++++++++++ src/types/mimeType.ts | 18 +++++++++++ src/types/urn.ts | 18 +++++++++++ tests/_data/normalize.js | 18 +++++++++++ tests/_data/spdx.js | 18 +++++++++++ tests/_data/specLoader.js | 18 +++++++++++ tests/_helpers/stringFunctions.js | 18 +++++++++++ tests/functional/Enums.ComponentScope.spec.js | 18 +++++++++++ tests/functional/Enums.ComponentType.spec.js | 18 +++++++++++ .../Enums.ExternalReferenceType.spec.js | 18 +++++++++++ .../functional/Enums.HashAlogorithms.spec.js | 18 +++++++++++ tests/functional/Resources.node.spec.js | 18 +++++++++++ tests/functional/SPDX.spec.js | 18 +++++++++++ tests/functional/Spec.SpecVersionDict.spec.js | 18 +++++++++++ tests/integration/JsonNormalize.test.js | 18 +++++++++++ tests/integration/XmlNormalize.test.js | 18 +++++++++++ tests/unit/Factories.LicenseFactory.spec.js | 18 +++++++++++ tests/unit/Models.Bom.spec.js | 18 +++++++++++ tests/unit/SPDX.spec.js | 18 +++++++++++ .../Serialize.BomRefDiscriminator.spec.js | 18 +++++++++++ webpack.config.js | 18 +++++++++++ 73 files changed, 1305 insertions(+), 5 deletions(-) diff --git a/.eslintrc.js b/.eslintrc.js index 04a201b18..4c27772a0 100644 --- a/.eslintrc.js +++ b/.eslintrc.js @@ -1,3 +1,21 @@ +/*! +This file is part of CycloneDX JavaScript Library. +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + +SPDX-License-Identifier: Apache-2.0 +Copyright (c) Steve Springett. All Rights Reserved. +*/ + /** * @see {@link https://eslint.org/} * @type {import('eslint').Linter.Config} diff --git a/.mocharc.js b/.mocharc.js index 3566bfc82..ca8ce5dc4 100644 --- a/.mocharc.js +++ b/.mocharc.js @@ -1,5 +1,25 @@ -// mocha config -// read: https://mochajs.org/#configuring-mocha-nodejs +/*! +This file is part of CycloneDX JavaScript Library. +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + +SPDX-License-Identifier: Apache-2.0 +Copyright (c) Steve Springett. All Rights Reserved. +*/ + +/** + * mocha config + * @see {@link https://mochajs.org/#configuring-mocha-nodejs} + */ module.exports = { spec: 'tests', recursive: true, diff --git a/README.md b/README.md index 5d44388af..52bf76418 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,11 @@ +[![shield_license]][license_file] +[![shield_website]][link_website] +[![shield_slack]][link_slack] +[![shield_groups]][link_discussion] +[![shield_twitter-follow]][link_twitter] + +---- + # CycloneDX JavaScript library Core functionality of [CycloneDX] for _JavaScript_ (node or web-browser), @@ -57,7 +65,26 @@ bom.components.add( ## Development & Contributing -See [CONTRIBUTING] file for details. +Feel free to open issues, bugreports or pull requests. +See the [CONTRIBUTING][contributing_file] file for details. + +## License + +Permission to modify and redistribute is granted under the terms of the Apache 2.0 license. +See the [LICENSE][license_file] file for the full license. [CycloneDX]: https://cyclonedx.org/ -[CONTRIBUTING]: https://github.com/CycloneDX/cyclonedx-javascript-library/blob/1.0-dev/CONTRIBUTING.md + +[license_file]: https://github.com/CycloneDX/cyclonedx-javascript-library/blob/master/LICENSE +[contributing_file]: https://github.com/CycloneDX/cyclonedx-javascript-library/blob/master/CONTRIBUTING.md + +[shield_license]: https://img.shields.io/github/license/CycloneDX/cyclonedx-javascript-library?logo=open%20source%20initiative&logoColor=white "license" +[shield_website]: https://img.shields.io/badge/https://-cyclonedx.org-blue.svg "homepage" +[shield_slack]: https://img.shields.io/badge/slack-join-blue?logo=Slack&logoColor=white "slack join" +[shield_groups]: https://img.shields.io/badge/discussion-groups.io-blue.svg "groups discussion" +[shield_twitter-follow]: https://img.shields.io/badge/Twitter-follow-blue?logo=Twitter&logoColor=white "twitter follow" + +[link_website]: https://cyclonedx.org/ +[link_slack]: https://cyclonedx.org/slack/invite +[link_discussion]: https://groups.io/g/CycloneDX +[link_twitter]: https://twitter.com/CycloneDX_Spec diff --git a/examples/node/example.cjs b/examples/node/example.cjs index ebf90f0dc..75351bab5 100644 --- a/examples/node/example.cjs +++ b/examples/node/example.cjs @@ -1,3 +1,21 @@ +/*! +This file is part of CycloneDX JavaScript Library. +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + +SPDX-License-Identifier: Apache-2.0 +Copyright (c) Steve Springett. All Rights Reserved. +*/ + /** Example how to serialize a Bom to JSON. */ const cdx = require('@cyclonedx/cyclonedx-library') diff --git a/examples/node/example.mjs b/examples/node/example.mjs index 1d8faa9ec..644bcaed1 100644 --- a/examples/node/example.mjs +++ b/examples/node/example.mjs @@ -1,3 +1,21 @@ +/*! +This file is part of CycloneDX JavaScript Library. +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + +SPDX-License-Identifier: Apache-2.0 +Copyright (c) Steve Springett. All Rights Reserved. +*/ + /** Example how to serialize a Bom to JSON. */ import * as cdx from '@cyclonedx/cyclonedx-library' diff --git a/examples/web-browser.html b/examples/web-browser.html index ba8bcfa8b..63e37eaf3 100644 --- a/examples/web-browser.html +++ b/examples/web-browser.html @@ -6,6 +6,24 @@ // full Library is available as `CycloneDX_library`, per default -

see javascript console output for result.

+

see JavaScript Console output for result.

From 2ef4bc545669f62e640f4f99fcb6462f2d0c5dce Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Wed, 8 Jun 2022 00:30:43 +0200 Subject: [PATCH 221/233] wip Signed-off-by: Jan Kowalleck --- README.md | 7 +++++-- examples/web-browser.html | 1 + 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 976b3dbb3..7a99d2fb5 100644 --- a/README.md +++ b/README.md @@ -84,6 +84,8 @@ npm i -S github:CycloneDX/cyclonedx-javascript-library ## Usage +See the [examples]. + ### As _Node.js_ package ```javascript @@ -132,8 +134,9 @@ See the [LICENSE][license_file] file for the full license. [license_file]: https://github.com/CycloneDX/cyclonedx-javascript-library/blob/master/LICENSE [contributing_file]: https://github.com/CycloneDX/cyclonedx-javascript-library/blob/master/CONTRIBUTING.md +[examples]: https://github.com/CycloneDX/cyclonedx-javascript-library/tree/1.0-dev/examples -[shield_gh-workflow-test]: https://img.shields.io/github/workflow/status/CycloneDX/cyclonedx-javascript-library/Node%20CI/main?logo=GitHub&logoColor=white "tests" +[shield_gh-workflow-test]: https://img.shields.io/github/workflow/status/CycloneDX/cyclonedx-javascript-library/Node%20CI/1.0-dev?logo=GitHub&logoColor=white "tests" [shield_npm-version]: https://img.shields.io/npm/v/@cyclonedx/cyclonedx-library?logo=npm&logoColor=white "npm" [shield_license]: https://img.shields.io/github/license/CycloneDX/cyclonedx-javascript-library?logo=open%20source%20initiative&logoColor=white "license" [shield_website]: https://img.shields.io/badge/https://-cyclonedx.org-blue.svg "homepage" @@ -142,7 +145,7 @@ See the [LICENSE][license_file] file for the full license. [shield_twitter-follow]: https://img.shields.io/badge/Twitter-follow-blue?logo=Twitter&logoColor=white "twitter follow" [link_website]: https://cyclonedx.org/ -[link_gh-workflow-test]: https://github.com/CycloneDX/cyclonedx-javascript-library/actions/workflows/nodejs.yml?query=branch%3Amain +[link_gh-workflow-test]: https://github.com/CycloneDX/cyclonedx-javascript-library/actions/workflows/nodejs.yml?query=branch%3A1.0-dev [link_npm]: https://www.npmjs.com/package/%40cyclonedx/cyclonedx-library [link_slack]: https://cyclonedx.org/slack/invite [link_discussion]: https://groups.io/g/CycloneDX diff --git a/examples/web-browser.html b/examples/web-browser.html index a034b7ac0..3749f3422 100644 --- a/examples/web-browser.html +++ b/examples/web-browser.html @@ -27,6 +27,7 @@ 'use strict' /** Example how to serialize a Bom to JSON / XML. */ + /** @type {import('../src/_index.web')} */ const cdx = CycloneDX_library // full Library is available as `cdx`, now From 0f71a412ccd013abf1d0168a8e91e30775b83b9f Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Wed, 8 Jun 2022 00:35:00 +0200 Subject: [PATCH 222/233] wip Signed-off-by: Jan Kowalleck --- examples/node/example.cjs | 2 +- examples/node/example.mjs | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/examples/node/example.cjs b/examples/node/example.cjs index 6361ce490..9757c2a1c 100644 --- a/examples/node/example.cjs +++ b/examples/node/example.cjs @@ -18,7 +18,7 @@ SPDX-License-Identifier: Apache-2.0 Copyright (c) OWASP Foundation. All Rights Reserved. */ -/** Example how to serialize a Bom to JSON. */ +/** Example how to serialize a Bom to JSON / XML. */ const cdx = require('@cyclonedx/cyclonedx-library') // full Library is available as `cdx`, now diff --git a/examples/node/example.mjs b/examples/node/example.mjs index 7ec3d2328..0e86bd032 100644 --- a/examples/node/example.mjs +++ b/examples/node/example.mjs @@ -18,7 +18,7 @@ SPDX-License-Identifier: Apache-2.0 Copyright (c) OWASP Foundation. All Rights Reserved. */ -/** Example how to serialize a Bom to JSON. */ +/** Example how to serialize a Bom to JSON / XML. */ import * as cdx from '@cyclonedx/cyclonedx-library' // full Library is available as `cdx`, now From 118bc0875fc52a10fa07e6678191e1363b3ec1fb Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Wed, 8 Jun 2022 01:34:00 +0200 Subject: [PATCH 223/233] wip Signed-off-by: Jan Kowalleck --- libs/universal-node-xml/index.d.ts | 2 +- .../stringifiers/helpers.js | 17 +++++ .../stringifiers/xmlbuilder2.js | 74 ++++++++----------- 3 files changed, 47 insertions(+), 46 deletions(-) create mode 100644 libs/universal-node-xml/stringifiers/helpers.js diff --git a/libs/universal-node-xml/index.d.ts b/libs/universal-node-xml/index.d.ts index db15e504b..b71db34b1 100644 --- a/libs/universal-node-xml/index.d.ts +++ b/libs/universal-node-xml/index.d.ts @@ -22,7 +22,7 @@ import { SerializerOptions } from '../../src/serialize/types' declare type ThrowError = () => never -declare type Stringify = (element: SimpleXml.Element, options: SerializerOptions) => string +declare type Stringify = (element: SimpleXml.Element, options?: SerializerOptions) => string export declare const stringify: Stringify | undefined export declare const stringifyFallback: Stringify | ThrowError diff --git a/libs/universal-node-xml/stringifiers/helpers.js b/libs/universal-node-xml/stringifiers/helpers.js new file mode 100644 index 000000000..c44d6539e --- /dev/null +++ b/libs/universal-node-xml/stringifiers/helpers.js @@ -0,0 +1,17 @@ + +module.exports.getNS = function (element) { + const ns = (element.namespace ?? element.attributes?.xmlns)?.toString() ?? '' + return ns.length > 0 + ? ns + : null +} + +module.exports.makeIndent = function (space) { + if (typeof space === 'number') { + return ' '.repeat(Math.max(0, space)) + } + if (typeof space === 'string') { + return space + } + return '' +} diff --git a/libs/universal-node-xml/stringifiers/xmlbuilder2.js b/libs/universal-node-xml/stringifiers/xmlbuilder2.js index b1c407737..95b85cbf4 100644 --- a/libs/universal-node-xml/stringifiers/xmlbuilder2.js +++ b/libs/universal-node-xml/stringifiers/xmlbuilder2.js @@ -19,48 +19,32 @@ Copyright (c) OWASP Foundation. All Rights Reserved. */ const { create } = require('xmlbuilder2') - -module.exports = !create - ? undefined - : (() => { - function stringify (element, { space } = {}) { - const doc = create() - - addEle(doc, element) - - let indent = '' - if (typeof space === 'number' && space > 0) { - indent = ' '.repeat(space) - } else if (typeof space === 'string') { - indent = space - } - - return doc.end({ - format: 'xml', - prettyPrint: indent.length > 0, - indent - }) - } - - function getNS (element) { - const ns = (element.namespace ?? element.attributes?.xmlns)?.toString() ?? '' - return ns.length > 0 - ? ns - : null - } - - function addEle (parent, element, parentNS) { - if (element.type !== 'element') { return } - const ns = getNS(element) ?? parentNS - const ele = parent.ele(ns, element.name, element.attributes) - if (typeof element.children === 'string' || typeof element.children === 'number') { - ele.txt(element.children.toString()) - } else if (Array.isArray(element.children)) { - for (const child of element.children) { - addEle(ele, child, ns) - } - } - } - - return stringify - })() +const { getNS, makeIndent } = require('./helpers') + +module.exports = typeof create === 'function' + ? stringify + : undefined + +function stringify (element, { space } = {}) { + const indent = makeIndent(space) + const doc = create() + addEle(doc, element) + return doc.end({ + format: 'xml', + prettyPrint: indent.length > 0, + indent + }) +} + +function addEle (parent, element, parentNS) { + if (element.type !== 'element') { return } + const ns = getNS(element) ?? parentNS + const ele = parent.ele(ns, element.name, element.attributes) + if (typeof element.children === 'string' || typeof element.children === 'number') { + ele.txt(element.children.toString()) + } else if (Array.isArray(element.children)) { + for (const child of element.children) { + addEle(ele, child, ns) + } + } +} From 85a3aed32087bcf007f39cac449c04a6cd76e2f3 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Wed, 8 Jun 2022 01:46:06 +0200 Subject: [PATCH 224/233] wip Signed-off-by: Jan Kowalleck --- .../stringifiers/xmlbuilder2.js | 2 +- .../stringifiers/xmlbuilder2.spec.js | 27 ++++++++++++++++--- 2 files changed, 24 insertions(+), 5 deletions(-) diff --git a/libs/universal-node-xml/stringifiers/xmlbuilder2.js b/libs/universal-node-xml/stringifiers/xmlbuilder2.js index 95b85cbf4..f1f46825b 100644 --- a/libs/universal-node-xml/stringifiers/xmlbuilder2.js +++ b/libs/universal-node-xml/stringifiers/xmlbuilder2.js @@ -36,7 +36,7 @@ function stringify (element, { space } = {}) { }) } -function addEle (parent, element, parentNS) { +function addEle (parent, element, parentNS = null) { if (element.type !== 'element') { return } const ns = getNS(element) ?? parentNS const ele = parent.ele(ns, element.name, element.attributes) diff --git a/libs/universal-node-xml/stringifiers/xmlbuilder2.spec.js b/libs/universal-node-xml/stringifiers/xmlbuilder2.spec.js index 121e5a356..196f8abe2 100644 --- a/libs/universal-node-xml/stringifiers/xmlbuilder2.spec.js +++ b/libs/universal-node-xml/stringifiers/xmlbuilder2.spec.js @@ -29,7 +29,6 @@ suite('stringify with xmlbuilder2', () => { const data = { type: 'element', name: 'some-children', - namespace: 'https://example.com/ns1', children: [ { type: 'element', @@ -43,6 +42,17 @@ suite('stringify with xmlbuilder2', () => { type: 'element', name: 'some-text', children: 'This is my texT' + }, + { + type: 'element', + namespace: 'https://example.com/ns1', + name: 'some-namespaced', + children: [ + { + type: 'element', + name: 'empty' + } + ] } ] } @@ -51,9 +61,12 @@ suite('stringify with xmlbuilder2', () => { const stringified = stringify(data) assert.strictEqual(stringified, '' + - '' + + '' + '' + 'This is my texT' + + '' + + '' + + '' + '' ) }) @@ -62,9 +75,12 @@ suite('stringify with xmlbuilder2', () => { const stringified = stringify(data, { space: 4 }) assert.strictEqual(stringified, '\n' + - '\n' + + '\n' + ' \n' + ' This is my texT\n' + + ' \n' + + ' \n' + + ' \n' + '' ) }) @@ -73,9 +89,12 @@ suite('stringify with xmlbuilder2', () => { const stringified = stringify(data, { space: '\t' }) assert.strictEqual(stringified, '\n' + - '\n' + + '\n' + '\t\n' + '\tThis is my texT\n' + + '\t\n' + + '\t\t\n' + + '\t\n' + '') }) }) From f3c4b50c2019e8406ce777bd50ed52f739012b79 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Wed, 8 Jun 2022 01:57:07 +0200 Subject: [PATCH 225/233] wip Signed-off-by: Jan Kowalleck --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 7a99d2fb5..6c602cd35 100644 --- a/README.md +++ b/README.md @@ -26,6 +26,9 @@ written in _TypeScript_ and compiled for the target. * Serialization: * Provide a JSON-serializer for all target environments. * Provide an XML-serializer for all target environments. + * Support the downstream implementation of custom XML-serializers tailored to specific environments + by providing an abstract base class that takes care of normalization and BomRef-discrimination. + This is done, because there is no common xml support in _JavaScript_. ## Capabilities @@ -58,12 +61,9 @@ written in _TypeScript_ and compiled for the target. * Universal serializer that converts `Bom` data models to JSON string * Serializer that converts `Bom` data models to XML string: * Specific to _WebBrowsers_: implementation utilizes browser-specific document generators and printers. - * Specific to _Node.js_: implementation requires one of the following optional libraries + * Specific to _Node.js_: implementation plugs/requires/utilizes one of the following optional libraries * [xmlbuilder2](https://www.npmjs.com/package/xmlbuilder2) * ... to be continued ... (pull requests are welcome) - * Support the downstream implementation of custom XML-serializers tailored to specific environments - by providing an abstract base class that takes care of normalization and BomRef-discrimination. - This is done, because there is no common xml support in _JavaScript_. ## Installation From a6ac1b4a3a123a35f25cb1273e6f992ef92c6eb4 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Wed, 8 Jun 2022 01:58:03 +0200 Subject: [PATCH 226/233] wip Signed-off-by: Jan Kowalleck --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 6c602cd35..1f203ba0f 100644 --- a/README.md +++ b/README.md @@ -24,11 +24,11 @@ written in _TypeScript_ and compiled for the target. * can be configured to generate reproducible/deterministic output. * can prepare data structures for JSON- and XML-serialization. * Serialization: - * Provide a JSON-serializer for all target environments. + * Provide a universal JSON-serializer for all target environments. * Provide an XML-serializer for all target environments. * Support the downstream implementation of custom XML-serializers tailored to specific environments by providing an abstract base class that takes care of normalization and BomRef-discrimination. - This is done, because there is no common xml support in _JavaScript_. + This is done, because there is no universal xml support in _JavaScript_. ## Capabilities From 3b4348af6ced53e98826c814a4d7fcb8aaa7ee73 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Wed, 8 Jun 2022 02:00:25 +0200 Subject: [PATCH 227/233] wip Signed-off-by: Jan Kowalleck --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 1f203ba0f..17f3aecb6 100644 --- a/README.md +++ b/README.md @@ -84,7 +84,7 @@ npm i -S github:CycloneDX/cyclonedx-javascript-library ## Usage -See the [examples]. +See [examples]. ### As _Node.js_ package From 42784918e9702a79af1bdc456368ea112b423f72 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Wed, 8 Jun 2022 02:00:40 +0200 Subject: [PATCH 228/233] wip Signed-off-by: Jan Kowalleck --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 17f3aecb6..f4173f113 100644 --- a/README.md +++ b/README.md @@ -84,7 +84,7 @@ npm i -S github:CycloneDX/cyclonedx-javascript-library ## Usage -See [examples]. +See extended [examples]. ### As _Node.js_ package From 4454e854d3c3a0dff96f3a56b35ed9763df46ddc Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Wed, 8 Jun 2022 02:02:35 +0200 Subject: [PATCH 229/233] wip Signed-off-by: Jan Kowalleck --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index f4173f113..9eb94d7a7 100644 --- a/README.md +++ b/README.md @@ -67,7 +67,7 @@ written in _TypeScript_ and compiled for the target. ## Installation -This package and the build results are available for npm and yarn: +This package and the build results are available for _npm_ and _yarn_: ```shell npm i -S @cyclonedx/cyclonedx-library From e28e812ddd154fa54b58fbb51ab00a726803dcc1 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Wed, 8 Jun 2022 12:50:44 +0200 Subject: [PATCH 230/233] test serializer (#62) * wip Signed-off-by: Jan Kowalleck * wip Signed-off-by: Jan Kowalleck * wip Signed-off-by: Jan Kowalleck * wip Signed-off-by: Jan Kowalleck * wip Signed-off-by: Jan Kowalleck * wip Signed-off-by: Jan Kowalleck * wip Signed-off-by: Jan Kowalleck * wip Signed-off-by: Jan Kowalleck --- .../stringifiers/xmlbuilder2.js | 3 +- .../stringifiers/xmlbuilder2.spec.js | 36 ++-- src/serialize/xml/normalize.ts | 2 +- tests/_data/models.js | 165 +++++++++++++++ tests/_data/normalize.js | 148 +------------ tests/_data/normalizeResults/.editorconfig | 3 + tests/_data/normalizeResults/.gitattributes | 1 + tests/_data/normalizeResults/_README.md | 3 + .../normalizeResults/xml_complex_spec1.2.json | 8 +- .../normalizeResults/xml_complex_spec1.3.json | 8 +- .../normalizeResults/xml_complex_spec1.4.json | 8 +- .../xml_sortedLists_spec1.2.json | 8 +- .../xml_sortedLists_spec1.3.json | 8 +- .../xml_sortedLists_spec1.4.json | 8 +- tests/_data/serialize.js | 50 +++++ tests/_data/serializeResults/.editorconfig | 3 + tests/_data/serializeResults/.gitattributes | 4 + tests/_data/serializeResults/_README.md | 3 + .../json_complex_spec1.2.json.bin | 184 +++++++++++++++++ .../json_complex_spec1.3.json.bin | 184 +++++++++++++++++ .../json_complex_spec1.4.json.bin | 195 ++++++++++++++++++ .../xml_complex_spec1.2.xml.bin | 120 +++++++++++ .../xml_complex_spec1.3.xml.bin | 120 +++++++++++ .../xml_complex_spec1.4.xml.bin | 129 ++++++++++++ tests/integration/JsonNormalize.test.js | 7 +- tests/integration/JsonSerialize.test.js | 71 +++++++ tests/integration/XmlNormalize.test.js | 5 +- tests/integration/XmlSerialize.test.js | 71 +++++++ 28 files changed, 1368 insertions(+), 187 deletions(-) create mode 100644 tests/_data/models.js create mode 100644 tests/_data/normalizeResults/.editorconfig create mode 100644 tests/_data/normalizeResults/.gitattributes create mode 100644 tests/_data/normalizeResults/_README.md create mode 100644 tests/_data/serialize.js create mode 100644 tests/_data/serializeResults/.editorconfig create mode 100644 tests/_data/serializeResults/.gitattributes create mode 100644 tests/_data/serializeResults/_README.md create mode 100644 tests/_data/serializeResults/json_complex_spec1.2.json.bin create mode 100644 tests/_data/serializeResults/json_complex_spec1.3.json.bin create mode 100644 tests/_data/serializeResults/json_complex_spec1.4.json.bin create mode 100644 tests/_data/serializeResults/xml_complex_spec1.2.xml.bin create mode 100644 tests/_data/serializeResults/xml_complex_spec1.3.xml.bin create mode 100644 tests/_data/serializeResults/xml_complex_spec1.4.xml.bin create mode 100644 tests/integration/JsonSerialize.test.js create mode 100644 tests/integration/XmlSerialize.test.js diff --git a/libs/universal-node-xml/stringifiers/xmlbuilder2.js b/libs/universal-node-xml/stringifiers/xmlbuilder2.js index f1f46825b..0832bfaa3 100644 --- a/libs/universal-node-xml/stringifiers/xmlbuilder2.js +++ b/libs/universal-node-xml/stringifiers/xmlbuilder2.js @@ -27,10 +27,11 @@ module.exports = typeof create === 'function' function stringify (element, { space } = {}) { const indent = makeIndent(space) - const doc = create() + const doc = create({ encoding: 'UTF-8' }) addEle(doc, element) return doc.end({ format: 'xml', + newline: '\n', prettyPrint: indent.length > 0, indent }) diff --git a/libs/universal-node-xml/stringifiers/xmlbuilder2.spec.js b/libs/universal-node-xml/stringifiers/xmlbuilder2.spec.js index 196f8abe2..5fb83a566 100644 --- a/libs/universal-node-xml/stringifiers/xmlbuilder2.spec.js +++ b/libs/universal-node-xml/stringifiers/xmlbuilder2.spec.js @@ -34,14 +34,17 @@ suite('stringify with xmlbuilder2', () => { type: 'element', name: 'some-attributes', attributes: { - foo: 'some-value', - bar: 1 + string: 'some-value', + number: 1, + 'quote-encode': 'foo " bar' } }, { type: 'element', name: 'some-text', - children: 'This is my texT' + children: 'testing... \n' + + 'amp-encode? & \n' + + 'tag-encode? foo \n' }, { type: 'element', @@ -60,10 +63,13 @@ suite('stringify with xmlbuilder2', () => { test('data w/o spacing', () => { const stringified = stringify(data) assert.strictEqual(stringified, - '' + + '' + '' + - '' + - 'This is my texT' + + '' + + 'testing... \n' + + 'amp-encode? & \n' + + 'tag-encode? <b>foo<b> \n' + + '' + '' + '' + '' + @@ -74,10 +80,13 @@ suite('stringify with xmlbuilder2', () => { test('data with space=4', () => { const stringified = stringify(data, { space: 4 }) assert.strictEqual(stringified, - '\n' + + '\n' + '\n' + - ' \n' + - ' This is my texT\n' + + ' \n' + + ' testing... \n' + + 'amp-encode? & \n' + + 'tag-encode? <b>foo<b> \n' + + '\n' + ' \n' + ' \n' + ' \n' + @@ -88,10 +97,13 @@ suite('stringify with xmlbuilder2', () => { test('data with space=TAB', () => { const stringified = stringify(data, { space: '\t' }) assert.strictEqual(stringified, - '\n' + + '\n' + '\n' + - '\t\n' + - '\tThis is my texT\n' + + '\t\n' + + '\ttesting... \n' + + 'amp-encode? & \n' + + 'tag-encode? <b>foo<b> \n' + + '\n' + '\t\n' + '\t\t\n' + '\t\n' + diff --git a/src/serialize/xml/normalize.ts b/src/serialize/xml/normalize.ts index 9b81dd8ea..2a00f4fcb 100644 --- a/src/serialize/xml/normalize.ts +++ b/src/serialize/xml/normalize.ts @@ -239,7 +239,7 @@ export class HashNormalizer extends Base { ? { type: 'element', name: elementName, - attributes: { hashAlg: algorithm }, + attributes: { alg: algorithm }, children: content } : undefined diff --git a/tests/_data/models.js b/tests/_data/models.js new file mode 100644 index 000000000..98118fa5f --- /dev/null +++ b/tests/_data/models.js @@ -0,0 +1,165 @@ +'use strict' +/*! +This file is part of CycloneDX JavaScript Library. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + +SPDX-License-Identifier: Apache-2.0 +Copyright (c) OWASP Foundation. All Rights Reserved. +*/ + +const { PackageURL } = require('packageurl-js') + +const { Enums, Models } = require('../../') + +/** @typedef {import('../../').Models.Bom} Bom */ + +/** + * @returns {Bom} + */ +module.exports.createComplexStructure = function () { + const bom = new Models.Bom({ + version: 7, + serialNumber: 'urn:uuid:12345678-1234-1234-1234-123456789012', + metadata: new Models.Metadata({ + timestamp: new Date('2001-05-23T13:37:42.000Z'), + tools: new Models.ToolRepository([ + new Models.Tool({ + vendor: 'tool vendor', + name: 'tool name', + version: '0.8.15', + hashes: new Models.HashRepository([ + [Enums.HashAlgorithm.MD5, 'f32a26e2a3a8aa338cd77b6e1263c535'], + [Enums.HashAlgorithm['SHA-1'], '829c3804401b0727f70f73d4415e162400cbe57b'] + ]) + }), + new Models.Tool({ + vendor: 'tool vendor', + name: 'other tool', + externalReferences: new Models.ExternalReferenceRepository([ + new Models.ExternalReference( + 'https://cyclonedx.org/tool-center/', + Enums.ExternalReferenceType.Website, + { comment: 'the tools that made this' } + ) + ]) + }) + ]), + authors: new Models.OrganizationalContactRepository([ + new Models.OrganizationalContact({ name: 'John "the-co-author" Doe' }), + new Models.OrganizationalContact({ + name: 'Jane "the-author" Doe', + email: 'cdx-authors@mailinator.com', + pone: '555-1234567890' + }) + ]), + component: new Models.Component(Enums.ComponentType.Library, 'Root Component', { + bomRef: 'dummy.metadata.component' + }), + manufacture: new Models.OrganizationalEntity({ + name: 'meta manufacture', + url: new Set([new URL('https://meta-manufacture.xmpl')]) + }), + supplier: new Models.OrganizationalEntity({ + name: 'meta supplier', + url: new Set([new URL('https://meta-supplier.xmpl')]), + contact: new Models.OrganizationalContactRepository([ + new Models.OrganizationalContact({ + name: 'John "the-supplier" Doe', + email: 'cdx-suppliers@mailinator.com', + pone: '555-0123456789' + }), + new Models.OrganizationalContact({ + name: 'Jane "the-other-supplier" Doe' + }) + ]) + }) + }) + }) + + bom.components.add((function (component) { + component.bomRef.value = 'dummy-component' + component.author = 'component\'s author' + component.cpe = 'cpe:2.3:a:microsoft:internet_explorer:8.0.6001:beta:*:*:*:*:*:*' + component.copyright = '(c) acme' + component.description = 'this is a test component' + component.externalReferences.add( + new Models.ExternalReference(new URL('https://localhost/acme'), Enums.ExternalReferenceType.Website, { comment: 'testing' })) + component.externalReferences.add(new Models.ExternalReference( + new URL('https://localhost/acme/support'), + Enums.ExternalReferenceType.Support + )) + component.externalReferences.add(new Models.ExternalReference( + './other/file', + Enums.ExternalReferenceType.ReleaseNotes // available since spec 1.4 + )) + component.group = 'acme' + component.hashes.set(Enums.HashAlgorithm['SHA-1'], 'e6f36746ccba42c288acf906e636bb278eaeb7e8') + component.hashes.set(Enums.HashAlgorithm.MD5, '6bd3ac6fb35bb07c3f74d7f72451af57') + component.hashes.set(Enums.HashAlgorithm['SHA-256'], 'something-invalid-according-to-spec') + component.licenses.add(new Models.NamedLicense('some other', { + text: new Models.Attachment('U29tZQpsaWNlbnNlCnRleHQu', { + contentType: 'text/plain', + encoding: Enums.AttachmentEncoding.Base64 + }), + url: 'https://localhost/license' + })) + component.licenses.add((function (license) { + license.text = new Models.Attachment('TUlUIExpY2Vuc2UKLi4uClRIRSBTT0ZUV0FSRSBJUyBQUk9WSURFRCAiQVMgSVMiLi4u') + license.text.contentType = 'text/plain' + license.text.encoding = Enums.AttachmentEncoding.Base64 + license.url = new URL('https://spdx.org/licenses/MIT.html') + return license + })(new Models.SpdxLicense('MIT'))) + component.licenses.add(new Models.LicenseExpression('(MIT or Apache-2.0)')) + component.publisher = 'the publisher' + component.purl = new PackageURL('npm', 'acme', 'dummy-component', '1337-beta') + component.scope = Enums.ComponentScope.Required + component.supplier = new Models.OrganizationalEntity({ name: 'Component Supplier' }) + component.supplier.url.add(new URL('https://localhost/componentSupplier-B')) + component.supplier.url.add(new URL('https://localhost/componentSupplier-A')) + component.supplier.contact.add(new Models.OrganizationalContact({ name: 'The quick brown fox' })) + component.supplier.contact.add((function (contact) { + contact.name = 'Franz' + contact.email = 'franz-aus-bayern@komplett.verwahrlosten.taxi' + contact.phone = '555-732378879' + return contact + })(new Models.OrganizationalContact())) + component.swid = new Models.SWID('some-tag', 'dummy-component', { + version: '1337-beta', + patch: true, + text: new Models.Attachment('some context') + }) + component.swid.text.contentType = 'some context type' + component.swid.text.encoding = Enums.AttachmentEncoding.Base64 + component.swid.url = new URL('https://localhost/swid') + + bom.metadata.component.dependencies.add(component.bomRef) + + return component + })(new Models.Component(Enums.ComponentType.Library, 'dummy-component', { version: '1337-beta' }))) + + bom.components.add(function (component) { + // interlink everywhere + bom.metadata.component.dependencies.add(component.bomRef) + bom.components.forEach(c => c.dependencies.add(component.bomRef)) + return component + }(new Models.Component(Enums.ComponentType.Library, 'a-component', { + bomRef: 'a-component', + dependencies: new Models.BomRefRepository([ + new Models.BomRef('unknown foreign ref that should not be rendered') + ]) + }))) + + return bom +} diff --git a/tests/_data/normalize.js b/tests/_data/normalize.js index 3458b84fb..c4bad1257 100644 --- a/tests/_data/normalize.js +++ b/tests/_data/normalize.js @@ -21,13 +21,7 @@ Copyright (c) OWASP Foundation. All Rights Reserved. const fs = require('fs') const path = require('path') -const { PackageURL } = require('packageurl-js') - -const { Enums, Models } = require('../../') - -/** @typedef {import('../../').Spec.Version} Version */ - -/** @typedef {import('../../').Models.Bom} Bom */ +/** @typedef {import('../../src/spec').Version} Version */ /** * @param {string} purpose @@ -54,143 +48,3 @@ module.exports.writeNormalizeResult = function (data, purpose, spec, format) { data ) } - -/** - * @returns {Bom} - */ -module.exports.createComplexStructure = function () { - const bom = new Models.Bom({ - version: 7, - serialNumber: 'urn:uuid:12345678-1234-1234-1234-123456789012', - metadata: new Models.Metadata({ - timestamp: new Date('2001-05-23T13:37:42.000Z'), - tools: new Models.ToolRepository([ - new Models.Tool({ - vendor: 'tool vendor', - name: 'tool name', - version: '0.8.15', - hashes: new Models.HashRepository([ - [Enums.HashAlgorithm.MD5, 'f32a26e2a3a8aa338cd77b6e1263c535'], - [Enums.HashAlgorithm['SHA-1'], '829c3804401b0727f70f73d4415e162400cbe57b'] - ]) - }), - new Models.Tool({ - vendor: 'tool vendor', - name: 'other tool', - externalReferences: new Models.ExternalReferenceRepository([ - new Models.ExternalReference( - 'https://cyclonedx.org/tool-center/', - Enums.ExternalReferenceType.Website, - { comment: 'the tools that made this' } - ) - ]) - }) - ]), - authors: new Models.OrganizationalContactRepository([ - new Models.OrganizationalContact({ name: 'John "the-co-author" Doe' }), - new Models.OrganizationalContact({ - name: 'Jane "the-author" Doe', - email: 'cdx-authors@mailinator.com', - pone: '555-1234567890' - }) - ]), - component: new Models.Component(Enums.ComponentType.Library, 'Root Component', { - bomRef: 'dummy.metadata.component' - }), - manufacture: new Models.OrganizationalEntity({ - name: 'meta manufacture', - url: new Set([new URL('https://meta-manufacture.xmpl')]) - }), - supplier: new Models.OrganizationalEntity({ - name: 'meta supplier', - url: new Set([new URL('https://meta-supplier.xmpl')]), - contact: new Models.OrganizationalContactRepository([ - new Models.OrganizationalContact({ - name: 'John "the-supplier" Doe', - email: 'cdx-suppliers@mailinator.com', - pone: '555-0123456789' - }), - new Models.OrganizationalContact({ - name: 'Jane "the-other-supplier" Doe' - }) - ]) - }) - }) - }) - - bom.components.add((function (component) { - component.bomRef.value = 'dummy-component' - component.author = 'component\'s author' - component.cpe = 'cpe:2.3:a:microsoft:internet_explorer:8.0.6001:beta:*:*:*:*:*:*' - component.copyright = '(c) acme' - component.description = 'this is a test component' - component.externalReferences.add( - new Models.ExternalReference(new URL('https://localhost/acme'), Enums.ExternalReferenceType.Website, { comment: 'testing' })) - component.externalReferences.add(new Models.ExternalReference( - new URL('https://localhost/acme/support'), - Enums.ExternalReferenceType.Support - )) - component.externalReferences.add(new Models.ExternalReference( - './other/file', - Enums.ExternalReferenceType.ReleaseNotes // available since spec 1.4 - )) - component.group = 'acme' - component.hashes.set(Enums.HashAlgorithm['SHA-1'], 'e6f36746ccba42c288acf906e636bb278eaeb7e8') - component.hashes.set(Enums.HashAlgorithm.MD5, '6bd3ac6fb35bb07c3f74d7f72451af57') - component.hashes.set(Enums.HashAlgorithm['SHA-256'], 'something-invalid-according-to-spec') - component.licenses.add(new Models.NamedLicense('some other', { - text: new Models.Attachment('U29tZQpsaWNlbnNlCnRleHQu', { - contentType: 'text/plain', - encoding: Enums.AttachmentEncoding.Base64 - }), - url: 'https://localhost/license' - })) - component.licenses.add((function (license) { - license.text = new Models.Attachment('TUlUIExpY2Vuc2UKLi4uClRIRSBTT0ZUV0FSRSBJUyBQUk9WSURFRCAiQVMgSVMiLi4u') - license.text.contentType = 'text/plain' - license.text.encoding = Enums.AttachmentEncoding.Base64 - license.url = new URL('https://spdx.org/licenses/MIT.html') - return license - })(new Models.SpdxLicense('MIT'))) - component.licenses.add(new Models.LicenseExpression('(MIT or Apache-2.0)')) - component.publisher = 'the publisher' - component.purl = new PackageURL('npm', 'acme', 'dummy-component', '1337-beta') - component.scope = Enums.ComponentScope.Required - component.supplier = new Models.OrganizationalEntity({ name: 'Component Supplier' }) - component.supplier.url.add(new URL('https://localhost/componentSupplier-B')) - component.supplier.url.add(new URL('https://localhost/componentSupplier-A')) - component.supplier.contact.add(new Models.OrganizationalContact({ name: 'The quick brown fox' })) - component.supplier.contact.add((function (contact) { - contact.name = 'Franz' - contact.email = 'franz-aus-bayern@komplett.verwahrlosten.taxi' - contact.phone = '555-732378879' - return contact - })(new Models.OrganizationalContact())) - component.swid = new Models.SWID('some-tag', 'dummy-component', { - version: '1337-beta', - patch: true, - text: new Models.Attachment('some context') - }) - component.swid.text.contentType = 'some context type' - component.swid.text.encoding = Enums.AttachmentEncoding.Base64 - component.swid.url = new URL('https://localhost/swid') - - bom.metadata.component.dependencies.add(component.bomRef) - - return component - })(new Models.Component(Enums.ComponentType.Library, 'dummy-component', { version: '1337-beta' }))) - - bom.components.add(function (component) { - // interlink everywhere - bom.metadata.component.dependencies.add(component.bomRef) - bom.components.forEach(c => c.dependencies.add(component.bomRef)) - return component - }(new Models.Component(Enums.ComponentType.Library, 'a-component', { - bomRef: 'a-component', - dependencies: new Models.BomRefRepository([ - new Models.BomRef('unknown foreign ref that should not be rendered') - ]) - }))) - - return bom -} diff --git a/tests/_data/normalizeResults/.editorconfig b/tests/_data/normalizeResults/.editorconfig new file mode 100644 index 000000000..f2ee62f00 --- /dev/null +++ b/tests/_data/normalizeResults/.editorconfig @@ -0,0 +1,3 @@ +[*.json] +insert_final_newline = false +trim_trailing_whitespace = false diff --git a/tests/_data/normalizeResults/.gitattributes b/tests/_data/normalizeResults/.gitattributes new file mode 100644 index 000000000..71e4c3bb7 --- /dev/null +++ b/tests/_data/normalizeResults/.gitattributes @@ -0,0 +1 @@ +*.json text eol=lf linguist-generated diff --git a/tests/_data/normalizeResults/_README.md b/tests/_data/normalizeResults/_README.md new file mode 100644 index 000000000..6cb2ec6d1 --- /dev/null +++ b/tests/_data/normalizeResults/_README.md @@ -0,0 +1,3 @@ +# normalize results + +contents in this dir represent data structures caused by JSON- and XML-normalisation. diff --git a/tests/_data/normalizeResults/xml_complex_spec1.2.json b/tests/_data/normalizeResults/xml_complex_spec1.2.json index 2be2d3d49..a47767a50 100644 --- a/tests/_data/normalizeResults/xml_complex_spec1.2.json +++ b/tests/_data/normalizeResults/xml_complex_spec1.2.json @@ -47,7 +47,7 @@ "type": "element", "name": "hash", "attributes": { - "hashAlg": "MD5" + "alg": "MD5" }, "children": "f32a26e2a3a8aa338cd77b6e1263c535" }, @@ -55,7 +55,7 @@ "type": "element", "name": "hash", "attributes": { - "hashAlg": "SHA-1" + "alg": "SHA-1" }, "children": "829c3804401b0727f70f73d4415e162400cbe57b" } @@ -303,7 +303,7 @@ "type": "element", "name": "hash", "attributes": { - "hashAlg": "SHA-1" + "alg": "SHA-1" }, "children": "e6f36746ccba42c288acf906e636bb278eaeb7e8" }, @@ -311,7 +311,7 @@ "type": "element", "name": "hash", "attributes": { - "hashAlg": "MD5" + "alg": "MD5" }, "children": "6bd3ac6fb35bb07c3f74d7f72451af57" } diff --git a/tests/_data/normalizeResults/xml_complex_spec1.3.json b/tests/_data/normalizeResults/xml_complex_spec1.3.json index 153dd0bba..333835612 100644 --- a/tests/_data/normalizeResults/xml_complex_spec1.3.json +++ b/tests/_data/normalizeResults/xml_complex_spec1.3.json @@ -47,7 +47,7 @@ "type": "element", "name": "hash", "attributes": { - "hashAlg": "MD5" + "alg": "MD5" }, "children": "f32a26e2a3a8aa338cd77b6e1263c535" }, @@ -55,7 +55,7 @@ "type": "element", "name": "hash", "attributes": { - "hashAlg": "SHA-1" + "alg": "SHA-1" }, "children": "829c3804401b0727f70f73d4415e162400cbe57b" } @@ -303,7 +303,7 @@ "type": "element", "name": "hash", "attributes": { - "hashAlg": "SHA-1" + "alg": "SHA-1" }, "children": "e6f36746ccba42c288acf906e636bb278eaeb7e8" }, @@ -311,7 +311,7 @@ "type": "element", "name": "hash", "attributes": { - "hashAlg": "MD5" + "alg": "MD5" }, "children": "6bd3ac6fb35bb07c3f74d7f72451af57" } diff --git a/tests/_data/normalizeResults/xml_complex_spec1.4.json b/tests/_data/normalizeResults/xml_complex_spec1.4.json index 81e3d672b..95a771513 100644 --- a/tests/_data/normalizeResults/xml_complex_spec1.4.json +++ b/tests/_data/normalizeResults/xml_complex_spec1.4.json @@ -47,7 +47,7 @@ "type": "element", "name": "hash", "attributes": { - "hashAlg": "MD5" + "alg": "MD5" }, "children": "f32a26e2a3a8aa338cd77b6e1263c535" }, @@ -55,7 +55,7 @@ "type": "element", "name": "hash", "attributes": { - "hashAlg": "SHA-1" + "alg": "SHA-1" }, "children": "829c3804401b0727f70f73d4415e162400cbe57b" } @@ -328,7 +328,7 @@ "type": "element", "name": "hash", "attributes": { - "hashAlg": "SHA-1" + "alg": "SHA-1" }, "children": "e6f36746ccba42c288acf906e636bb278eaeb7e8" }, @@ -336,7 +336,7 @@ "type": "element", "name": "hash", "attributes": { - "hashAlg": "MD5" + "alg": "MD5" }, "children": "6bd3ac6fb35bb07c3f74d7f72451af57" } diff --git a/tests/_data/normalizeResults/xml_sortedLists_spec1.2.json b/tests/_data/normalizeResults/xml_sortedLists_spec1.2.json index ea0f75675..2fb4f041a 100644 --- a/tests/_data/normalizeResults/xml_sortedLists_spec1.2.json +++ b/tests/_data/normalizeResults/xml_sortedLists_spec1.2.json @@ -63,7 +63,7 @@ "type": "element", "name": "hash", "attributes": { - "hashAlg": "MD5" + "alg": "MD5" }, "children": "f32a26e2a3a8aa338cd77b6e1263c535" }, @@ -71,7 +71,7 @@ "type": "element", "name": "hash", "attributes": { - "hashAlg": "SHA-1" + "alg": "SHA-1" }, "children": "829c3804401b0727f70f73d4415e162400cbe57b" } @@ -323,7 +323,7 @@ "type": "element", "name": "hash", "attributes": { - "hashAlg": "MD5" + "alg": "MD5" }, "children": "6bd3ac6fb35bb07c3f74d7f72451af57" }, @@ -331,7 +331,7 @@ "type": "element", "name": "hash", "attributes": { - "hashAlg": "SHA-1" + "alg": "SHA-1" }, "children": "e6f36746ccba42c288acf906e636bb278eaeb7e8" } diff --git a/tests/_data/normalizeResults/xml_sortedLists_spec1.3.json b/tests/_data/normalizeResults/xml_sortedLists_spec1.3.json index e801b16be..465959e01 100644 --- a/tests/_data/normalizeResults/xml_sortedLists_spec1.3.json +++ b/tests/_data/normalizeResults/xml_sortedLists_spec1.3.json @@ -63,7 +63,7 @@ "type": "element", "name": "hash", "attributes": { - "hashAlg": "MD5" + "alg": "MD5" }, "children": "f32a26e2a3a8aa338cd77b6e1263c535" }, @@ -71,7 +71,7 @@ "type": "element", "name": "hash", "attributes": { - "hashAlg": "SHA-1" + "alg": "SHA-1" }, "children": "829c3804401b0727f70f73d4415e162400cbe57b" } @@ -323,7 +323,7 @@ "type": "element", "name": "hash", "attributes": { - "hashAlg": "MD5" + "alg": "MD5" }, "children": "6bd3ac6fb35bb07c3f74d7f72451af57" }, @@ -331,7 +331,7 @@ "type": "element", "name": "hash", "attributes": { - "hashAlg": "SHA-1" + "alg": "SHA-1" }, "children": "e6f36746ccba42c288acf906e636bb278eaeb7e8" } diff --git a/tests/_data/normalizeResults/xml_sortedLists_spec1.4.json b/tests/_data/normalizeResults/xml_sortedLists_spec1.4.json index 72816071d..32fcdbf1e 100644 --- a/tests/_data/normalizeResults/xml_sortedLists_spec1.4.json +++ b/tests/_data/normalizeResults/xml_sortedLists_spec1.4.json @@ -88,7 +88,7 @@ "type": "element", "name": "hash", "attributes": { - "hashAlg": "MD5" + "alg": "MD5" }, "children": "f32a26e2a3a8aa338cd77b6e1263c535" }, @@ -96,7 +96,7 @@ "type": "element", "name": "hash", "attributes": { - "hashAlg": "SHA-1" + "alg": "SHA-1" }, "children": "829c3804401b0727f70f73d4415e162400cbe57b" } @@ -348,7 +348,7 @@ "type": "element", "name": "hash", "attributes": { - "hashAlg": "MD5" + "alg": "MD5" }, "children": "6bd3ac6fb35bb07c3f74d7f72451af57" }, @@ -356,7 +356,7 @@ "type": "element", "name": "hash", "attributes": { - "hashAlg": "SHA-1" + "alg": "SHA-1" }, "children": "e6f36746ccba42c288acf906e636bb278eaeb7e8" } diff --git a/tests/_data/serialize.js b/tests/_data/serialize.js new file mode 100644 index 000000000..9e66fe146 --- /dev/null +++ b/tests/_data/serialize.js @@ -0,0 +1,50 @@ +'use strict' +/*! +This file is part of CycloneDX JavaScript Library. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + +SPDX-License-Identifier: Apache-2.0 +Copyright (c) OWASP Foundation. All Rights Reserved. +*/ + +const fs = require('fs') +const path = require('path') + +/** @typedef {import('../../src/spec').Version} Version */ + +/** + * @param {string} purpose + * @param {Version} spec + * @param {string} format + * @param {BufferEncoding} [encoding] + * @returns {string} + */ +module.exports.loadSerializeResult = function (purpose, spec, format, encoding = 'utf-8') { + return fs.readFileSync( + path.resolve(__dirname, 'serializeResults', `${purpose}_spec${spec}.${format}.bin`) + ).toString(encoding) +} + +/** + * @param {string} data + * @param {string} purpose + * @param {Version} spec + * @param {string} format + */ +module.exports.writeSerializeResult = function (data, purpose, spec, format) { + return fs.writeFileSync( + path.resolve(__dirname, 'serializeResults', `${purpose}_spec${spec}.${format}.bin`), + data + ) +} diff --git a/tests/_data/serializeResults/.editorconfig b/tests/_data/serializeResults/.editorconfig new file mode 100644 index 000000000..a0313af69 --- /dev/null +++ b/tests/_data/serializeResults/.editorconfig @@ -0,0 +1,3 @@ +[*.bin] +insert_final_newline = false +trim_trailing_whitespace = false diff --git a/tests/_data/serializeResults/.gitattributes b/tests/_data/serializeResults/.gitattributes new file mode 100644 index 000000000..2fc052e86 --- /dev/null +++ b/tests/_data/serializeResults/.gitattributes @@ -0,0 +1,4 @@ +# files in here are treated as binary, since they are compared byte-wise for equality in tests. +*.bin linguist-generated binary +*.xml.bin linguist-language=XML diff=xml +*.json.bin linguist-language=JSON diff=json diff --git a/tests/_data/serializeResults/_README.md b/tests/_data/serializeResults/_README.md new file mode 100644 index 000000000..6cb2ec6d1 --- /dev/null +++ b/tests/_data/serializeResults/_README.md @@ -0,0 +1,3 @@ +# normalize results + +contents in this dir represent data structures caused by JSON- and XML-normalisation. diff --git a/tests/_data/serializeResults/json_complex_spec1.2.json.bin b/tests/_data/serializeResults/json_complex_spec1.2.json.bin new file mode 100644 index 000000000..511c6c211 --- /dev/null +++ b/tests/_data/serializeResults/json_complex_spec1.2.json.bin @@ -0,0 +1,184 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.2b.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.2", + "version": 7, + "serialNumber": "urn:uuid:12345678-1234-1234-1234-123456789012", + "metadata": { + "timestamp": "2001-05-23T13:37:42.000Z", + "tools": [ + { + "vendor": "tool vendor", + "name": "other tool" + }, + { + "vendor": "tool vendor", + "name": "tool name", + "version": "0.8.15", + "hashes": [ + { + "alg": "MD5", + "content": "f32a26e2a3a8aa338cd77b6e1263c535" + }, + { + "alg": "SHA-1", + "content": "829c3804401b0727f70f73d4415e162400cbe57b" + } + ] + } + ], + "authors": [ + { + "name": "Jane \"the-author\" Doe", + "email": "cdx-authors@mailinator.com" + }, + { + "name": "John \"the-co-author\" Doe" + } + ], + "component": { + "type": "library", + "name": "Root Component", + "version": "", + "bom-ref": "dummy.metadata.component" + }, + "manufacture": { + "name": "meta manufacture", + "url": [ + "https://meta-manufacture.xmpl/" + ] + }, + "supplier": { + "name": "meta supplier", + "url": [ + "https://meta-supplier.xmpl/" + ], + "contact": [ + { + "name": "Jane \"the-other-supplier\" Doe" + }, + { + "name": "John \"the-supplier\" Doe", + "email": "cdx-suppliers@mailinator.com" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "a-component", + "version": "", + "bom-ref": "a-component" + }, + { + "type": "library", + "name": "dummy-component", + "group": "acme", + "version": "1337-beta", + "bom-ref": "dummy-component", + "supplier": { + "name": "Component Supplier", + "url": [ + "https://localhost/componentSupplier-A", + "https://localhost/componentSupplier-B" + ], + "contact": [ + { + "name": "Franz", + "email": "franz-aus-bayern@komplett.verwahrlosten.taxi", + "phone": "555-732378879" + }, + { + "name": "The quick brown fox" + } + ] + }, + "author": "component's author", + "publisher": "the publisher", + "description": "this is a test component", + "scope": "required", + "hashes": [ + { + "alg": "MD5", + "content": "6bd3ac6fb35bb07c3f74d7f72451af57" + }, + { + "alg": "SHA-1", + "content": "e6f36746ccba42c288acf906e636bb278eaeb7e8" + } + ], + "licenses": [ + { + "expression": "(MIT or Apache-2.0)" + }, + { + "license": { + "name": "some other", + "text": { + "content": "U29tZQpsaWNlbnNlCnRleHQu", + "contentType": "text/plain", + "encoding": "base64" + }, + "url": "https://localhost/license" + } + }, + { + "license": { + "id": "MIT", + "text": { + "content": "TUlUIExpY2Vuc2UKLi4uClRIRSBTT0ZUV0FSRSBJUyBQUk9WSURFRCAiQVMgSVMiLi4u", + "contentType": "text/plain", + "encoding": "base64" + }, + "url": "https://spdx.org/licenses/MIT.html" + } + } + ], + "copyright": "(c) acme", + "cpe": "cpe:2.3:a:microsoft:internet_explorer:8.0.6001:beta:*:*:*:*:*:*", + "purl": "pkg:npm/acme/dummy-component@1337-beta", + "swid": { + "tagId": "some-tag", + "name": "dummy-component", + "version": "1337-beta", + "patch": true, + "text": { + "content": "some context", + "contentType": "some context type", + "encoding": "base64" + }, + "url": "https://localhost/swid" + }, + "externalReferences": [ + { + "url": "https://localhost/acme/support", + "type": "support" + }, + { + "url": "https://localhost/acme", + "type": "website", + "comment": "testing" + } + ] + } + ], + "dependencies": [ + { + "ref": "a-component" + }, + { + "ref": "dummy-component", + "dependsOn": [ + "a-component" + ] + }, + { + "ref": "dummy.metadata.component", + "dependsOn": [ + "a-component", + "dummy-component" + ] + } + ] +} \ No newline at end of file diff --git a/tests/_data/serializeResults/json_complex_spec1.3.json.bin b/tests/_data/serializeResults/json_complex_spec1.3.json.bin new file mode 100644 index 000000000..82c32eff2 --- /dev/null +++ b/tests/_data/serializeResults/json_complex_spec1.3.json.bin @@ -0,0 +1,184 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.3a.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.3", + "version": 7, + "serialNumber": "urn:uuid:12345678-1234-1234-1234-123456789012", + "metadata": { + "timestamp": "2001-05-23T13:37:42.000Z", + "tools": [ + { + "vendor": "tool vendor", + "name": "other tool" + }, + { + "vendor": "tool vendor", + "name": "tool name", + "version": "0.8.15", + "hashes": [ + { + "alg": "MD5", + "content": "f32a26e2a3a8aa338cd77b6e1263c535" + }, + { + "alg": "SHA-1", + "content": "829c3804401b0727f70f73d4415e162400cbe57b" + } + ] + } + ], + "authors": [ + { + "name": "Jane \"the-author\" Doe", + "email": "cdx-authors@mailinator.com" + }, + { + "name": "John \"the-co-author\" Doe" + } + ], + "component": { + "type": "library", + "name": "Root Component", + "version": "", + "bom-ref": "dummy.metadata.component" + }, + "manufacture": { + "name": "meta manufacture", + "url": [ + "https://meta-manufacture.xmpl/" + ] + }, + "supplier": { + "name": "meta supplier", + "url": [ + "https://meta-supplier.xmpl/" + ], + "contact": [ + { + "name": "Jane \"the-other-supplier\" Doe" + }, + { + "name": "John \"the-supplier\" Doe", + "email": "cdx-suppliers@mailinator.com" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "a-component", + "version": "", + "bom-ref": "a-component" + }, + { + "type": "library", + "name": "dummy-component", + "group": "acme", + "version": "1337-beta", + "bom-ref": "dummy-component", + "supplier": { + "name": "Component Supplier", + "url": [ + "https://localhost/componentSupplier-A", + "https://localhost/componentSupplier-B" + ], + "contact": [ + { + "name": "Franz", + "email": "franz-aus-bayern@komplett.verwahrlosten.taxi", + "phone": "555-732378879" + }, + { + "name": "The quick brown fox" + } + ] + }, + "author": "component's author", + "publisher": "the publisher", + "description": "this is a test component", + "scope": "required", + "hashes": [ + { + "alg": "MD5", + "content": "6bd3ac6fb35bb07c3f74d7f72451af57" + }, + { + "alg": "SHA-1", + "content": "e6f36746ccba42c288acf906e636bb278eaeb7e8" + } + ], + "licenses": [ + { + "expression": "(MIT or Apache-2.0)" + }, + { + "license": { + "name": "some other", + "text": { + "content": "U29tZQpsaWNlbnNlCnRleHQu", + "contentType": "text/plain", + "encoding": "base64" + }, + "url": "https://localhost/license" + } + }, + { + "license": { + "id": "MIT", + "text": { + "content": "TUlUIExpY2Vuc2UKLi4uClRIRSBTT0ZUV0FSRSBJUyBQUk9WSURFRCAiQVMgSVMiLi4u", + "contentType": "text/plain", + "encoding": "base64" + }, + "url": "https://spdx.org/licenses/MIT.html" + } + } + ], + "copyright": "(c) acme", + "cpe": "cpe:2.3:a:microsoft:internet_explorer:8.0.6001:beta:*:*:*:*:*:*", + "purl": "pkg:npm/acme/dummy-component@1337-beta", + "swid": { + "tagId": "some-tag", + "name": "dummy-component", + "version": "1337-beta", + "patch": true, + "text": { + "content": "some context", + "contentType": "some context type", + "encoding": "base64" + }, + "url": "https://localhost/swid" + }, + "externalReferences": [ + { + "url": "https://localhost/acme/support", + "type": "support" + }, + { + "url": "https://localhost/acme", + "type": "website", + "comment": "testing" + } + ] + } + ], + "dependencies": [ + { + "ref": "a-component" + }, + { + "ref": "dummy-component", + "dependsOn": [ + "a-component" + ] + }, + { + "ref": "dummy.metadata.component", + "dependsOn": [ + "a-component", + "dummy-component" + ] + } + ] +} \ No newline at end of file diff --git a/tests/_data/serializeResults/json_complex_spec1.4.json.bin b/tests/_data/serializeResults/json_complex_spec1.4.json.bin new file mode 100644 index 000000000..1a3e674c9 --- /dev/null +++ b/tests/_data/serializeResults/json_complex_spec1.4.json.bin @@ -0,0 +1,195 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.4", + "version": 7, + "serialNumber": "urn:uuid:12345678-1234-1234-1234-123456789012", + "metadata": { + "timestamp": "2001-05-23T13:37:42.000Z", + "tools": [ + { + "vendor": "tool vendor", + "name": "other tool", + "externalReferences": [ + { + "url": "https://cyclonedx.org/tool-center/", + "type": "website", + "comment": "the tools that made this" + } + ] + }, + { + "vendor": "tool vendor", + "name": "tool name", + "version": "0.8.15", + "hashes": [ + { + "alg": "MD5", + "content": "f32a26e2a3a8aa338cd77b6e1263c535" + }, + { + "alg": "SHA-1", + "content": "829c3804401b0727f70f73d4415e162400cbe57b" + } + ] + } + ], + "authors": [ + { + "name": "Jane \"the-author\" Doe", + "email": "cdx-authors@mailinator.com" + }, + { + "name": "John \"the-co-author\" Doe" + } + ], + "component": { + "type": "library", + "name": "Root Component", + "version": "", + "bom-ref": "dummy.metadata.component" + }, + "manufacture": { + "name": "meta manufacture", + "url": [ + "https://meta-manufacture.xmpl/" + ] + }, + "supplier": { + "name": "meta supplier", + "url": [ + "https://meta-supplier.xmpl/" + ], + "contact": [ + { + "name": "Jane \"the-other-supplier\" Doe" + }, + { + "name": "John \"the-supplier\" Doe", + "email": "cdx-suppliers@mailinator.com" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "a-component", + "version": "", + "bom-ref": "a-component" + }, + { + "type": "library", + "name": "dummy-component", + "group": "acme", + "version": "1337-beta", + "bom-ref": "dummy-component", + "supplier": { + "name": "Component Supplier", + "url": [ + "https://localhost/componentSupplier-A", + "https://localhost/componentSupplier-B" + ], + "contact": [ + { + "name": "Franz", + "email": "franz-aus-bayern@komplett.verwahrlosten.taxi", + "phone": "555-732378879" + }, + { + "name": "The quick brown fox" + } + ] + }, + "author": "component's author", + "publisher": "the publisher", + "description": "this is a test component", + "scope": "required", + "hashes": [ + { + "alg": "MD5", + "content": "6bd3ac6fb35bb07c3f74d7f72451af57" + }, + { + "alg": "SHA-1", + "content": "e6f36746ccba42c288acf906e636bb278eaeb7e8" + } + ], + "licenses": [ + { + "expression": "(MIT or Apache-2.0)" + }, + { + "license": { + "name": "some other", + "text": { + "content": "U29tZQpsaWNlbnNlCnRleHQu", + "contentType": "text/plain", + "encoding": "base64" + }, + "url": "https://localhost/license" + } + }, + { + "license": { + "id": "MIT", + "text": { + "content": "TUlUIExpY2Vuc2UKLi4uClRIRSBTT0ZUV0FSRSBJUyBQUk9WSURFRCAiQVMgSVMiLi4u", + "contentType": "text/plain", + "encoding": "base64" + }, + "url": "https://spdx.org/licenses/MIT.html" + } + } + ], + "copyright": "(c) acme", + "cpe": "cpe:2.3:a:microsoft:internet_explorer:8.0.6001:beta:*:*:*:*:*:*", + "purl": "pkg:npm/acme/dummy-component@1337-beta", + "swid": { + "tagId": "some-tag", + "name": "dummy-component", + "version": "1337-beta", + "patch": true, + "text": { + "content": "some context", + "contentType": "some context type", + "encoding": "base64" + }, + "url": "https://localhost/swid" + }, + "externalReferences": [ + { + "url": "./other/file", + "type": "release-notes" + }, + { + "url": "https://localhost/acme/support", + "type": "support" + }, + { + "url": "https://localhost/acme", + "type": "website", + "comment": "testing" + } + ] + } + ], + "dependencies": [ + { + "ref": "a-component" + }, + { + "ref": "dummy-component", + "dependsOn": [ + "a-component" + ] + }, + { + "ref": "dummy.metadata.component", + "dependsOn": [ + "a-component", + "dummy-component" + ] + } + ] +} \ No newline at end of file diff --git a/tests/_data/serializeResults/xml_complex_spec1.2.xml.bin b/tests/_data/serializeResults/xml_complex_spec1.2.xml.bin new file mode 100644 index 000000000..c6e41a0a6 --- /dev/null +++ b/tests/_data/serializeResults/xml_complex_spec1.2.xml.bin @@ -0,0 +1,120 @@ + + + + 2001-05-23T13:37:42.000Z + + + tool vendor + other tool + + + tool vendor + tool name + 0.8.15 + + f32a26e2a3a8aa338cd77b6e1263c535 + 829c3804401b0727f70f73d4415e162400cbe57b + + + + + + Jane "the-author" Doe + cdx-authors@mailinator.com + + + John "the-co-author" Doe + + + + Root Component + + + + meta manufacture + https://meta-manufacture.xmpl/ + + + meta supplier + https://meta-supplier.xmpl/ + + Jane "the-other-supplier" Doe + + + John "the-supplier" Doe + cdx-suppliers@mailinator.com + + + + + + a-component + + + + + Component Supplier + https://localhost/componentSupplier-A + https://localhost/componentSupplier-B + + Franz + franz-aus-bayern@komplett.verwahrlosten.taxi + 555-732378879 + + + The quick brown fox + + + component's author + the publisher + acme + dummy-component + 1337-beta + this is a test component + required + + 6bd3ac6fb35bb07c3f74d7f72451af57 + e6f36746ccba42c288acf906e636bb278eaeb7e8 + + + (MIT or Apache-2.0) + + some other + U29tZQpsaWNlbnNlCnRleHQu + https://localhost/license + + + MIT + TUlUIExpY2Vuc2UKLi4uClRIRSBTT0ZUV0FSRSBJUyBQUk9WSURFRCAiQVMgSVMiLi4u + https://spdx.org/licenses/MIT.html + + + (c) acme + cpe:2.3:a:microsoft:internet_explorer:8.0.6001:beta:*:*:*:*:*:* + pkg:npm/acme/dummy-component@1337-beta + + some context + https://localhost/swid + + + + https://localhost/acme/support + + + https://localhost/acme + testing + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/tests/_data/serializeResults/xml_complex_spec1.3.xml.bin b/tests/_data/serializeResults/xml_complex_spec1.3.xml.bin new file mode 100644 index 000000000..ceb6016f4 --- /dev/null +++ b/tests/_data/serializeResults/xml_complex_spec1.3.xml.bin @@ -0,0 +1,120 @@ + + + + 2001-05-23T13:37:42.000Z + + + tool vendor + other tool + + + tool vendor + tool name + 0.8.15 + + f32a26e2a3a8aa338cd77b6e1263c535 + 829c3804401b0727f70f73d4415e162400cbe57b + + + + + + Jane "the-author" Doe + cdx-authors@mailinator.com + + + John "the-co-author" Doe + + + + Root Component + + + + meta manufacture + https://meta-manufacture.xmpl/ + + + meta supplier + https://meta-supplier.xmpl/ + + Jane "the-other-supplier" Doe + + + John "the-supplier" Doe + cdx-suppliers@mailinator.com + + + + + + a-component + + + + + Component Supplier + https://localhost/componentSupplier-A + https://localhost/componentSupplier-B + + Franz + franz-aus-bayern@komplett.verwahrlosten.taxi + 555-732378879 + + + The quick brown fox + + + component's author + the publisher + acme + dummy-component + 1337-beta + this is a test component + required + + 6bd3ac6fb35bb07c3f74d7f72451af57 + e6f36746ccba42c288acf906e636bb278eaeb7e8 + + + (MIT or Apache-2.0) + + some other + U29tZQpsaWNlbnNlCnRleHQu + https://localhost/license + + + MIT + TUlUIExpY2Vuc2UKLi4uClRIRSBTT0ZUV0FSRSBJUyBQUk9WSURFRCAiQVMgSVMiLi4u + https://spdx.org/licenses/MIT.html + + + (c) acme + cpe:2.3:a:microsoft:internet_explorer:8.0.6001:beta:*:*:*:*:*:* + pkg:npm/acme/dummy-component@1337-beta + + some context + https://localhost/swid + + + + https://localhost/acme/support + + + https://localhost/acme + testing + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/tests/_data/serializeResults/xml_complex_spec1.4.xml.bin b/tests/_data/serializeResults/xml_complex_spec1.4.xml.bin new file mode 100644 index 000000000..6d6bb691b --- /dev/null +++ b/tests/_data/serializeResults/xml_complex_spec1.4.xml.bin @@ -0,0 +1,129 @@ + + + + 2001-05-23T13:37:42.000Z + + + tool vendor + other tool + + + https://cyclonedx.org/tool-center/ + the tools that made this + + + + + tool vendor + tool name + 0.8.15 + + f32a26e2a3a8aa338cd77b6e1263c535 + 829c3804401b0727f70f73d4415e162400cbe57b + + + + + + Jane "the-author" Doe + cdx-authors@mailinator.com + + + John "the-co-author" Doe + + + + Root Component + + + + meta manufacture + https://meta-manufacture.xmpl/ + + + meta supplier + https://meta-supplier.xmpl/ + + Jane "the-other-supplier" Doe + + + John "the-supplier" Doe + cdx-suppliers@mailinator.com + + + + + + a-component + + + + + Component Supplier + https://localhost/componentSupplier-A + https://localhost/componentSupplier-B + + Franz + franz-aus-bayern@komplett.verwahrlosten.taxi + 555-732378879 + + + The quick brown fox + + + component's author + the publisher + acme + dummy-component + 1337-beta + this is a test component + required + + 6bd3ac6fb35bb07c3f74d7f72451af57 + e6f36746ccba42c288acf906e636bb278eaeb7e8 + + + (MIT or Apache-2.0) + + some other + U29tZQpsaWNlbnNlCnRleHQu + https://localhost/license + + + MIT + TUlUIExpY2Vuc2UKLi4uClRIRSBTT0ZUV0FSRSBJUyBQUk9WSURFRCAiQVMgSVMiLi4u + https://spdx.org/licenses/MIT.html + + + (c) acme + cpe:2.3:a:microsoft:internet_explorer:8.0.6001:beta:*:*:*:*:*:* + pkg:npm/acme/dummy-component@1337-beta + + some context + https://localhost/swid + + + + ./other/file + + + https://localhost/acme/support + + + https://localhost/acme + testing + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/tests/integration/JsonNormalize.test.js b/tests/integration/JsonNormalize.test.js index 1f6eaca8b..326335286 100644 --- a/tests/integration/JsonNormalize.test.js +++ b/tests/integration/JsonNormalize.test.js @@ -21,7 +21,8 @@ Copyright (c) OWASP Foundation. All Rights Reserved. const assert = require('assert') const { describe, beforeEach, afterEach, it } = require('mocha') -const { createComplexStructure, loadNormalizeResult } = require('../_data/normalize') +const { createComplexStructure } = require('../_data/models') +const { loadNormalizeResult } = require('../_data/normalize') /* uncomment next line to dump data */ // const { writeNormalizeResult } = require('../_data/normalize') @@ -53,8 +54,10 @@ describe('JSON normalize', () => { .normalize(this.bom, {}) const json = JSON.stringify(normalized, null, 2) + /* uncomment next line to dump data */ // writeNormalizeResult(json, 'json_complex', spec.version, 'json') + assert.deepStrictEqual( JSON.parse(json), JSON.parse(loadNormalizeResult('json_complex', spec.version, 'json')) @@ -66,8 +69,10 @@ describe('JSON normalize', () => { .normalize(this.bom, { sortLists: true }) const json = JSON.stringify(normalized, null, 2) + /* uncomment next line to dump data */ // writeNormalizeResult(json, 'json_sortedLists', spec.version, 'json') + assert.deepStrictEqual( JSON.parse(json), JSON.parse(loadNormalizeResult('json_sortedLists', spec.version, 'json')) diff --git a/tests/integration/JsonSerialize.test.js b/tests/integration/JsonSerialize.test.js new file mode 100644 index 000000000..a9b6c7a0c --- /dev/null +++ b/tests/integration/JsonSerialize.test.js @@ -0,0 +1,71 @@ +'use strict' +/*! +This file is part of CycloneDX JavaScript Library. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + +SPDX-License-Identifier: Apache-2.0 +Copyright (c) OWASP Foundation. All Rights Reserved. +*/ + +const assert = require('assert') +const { describe, beforeEach, afterEach, it } = require('mocha') + +const { createComplexStructure } = require('../_data/models') +const { loadSerializeResult } = require('../_data/serialize') +/* uncomment next line to dump data */ +// const { writeSerializeResult } = require('../_data/serialize') + +const { + Serialize: { + JSON: { Normalize: { Factory: JsonNormalizeFactory } }, + JsonSerializer + }, + Spec: { Spec1dot2, Spec1dot3, Spec1dot4 } +} = require('../../') + +describe('JSON serialize', () => { + [ + Spec1dot2, + Spec1dot3, + Spec1dot4 + ].forEach(spec => describe(`complex with spec v${spec.version}`, () => { + const normalizerFactory = new JsonNormalizeFactory(spec) + + beforeEach(function () { + this.bom = createComplexStructure() + }) + + afterEach(function () { + delete this.bom + }) + + it('serialize', function () { + const serializer = new JsonSerializer(normalizerFactory) + const serialized = serializer.serialize( + this.bom, { + sortLists: true, + space: 4 + }) + + /* uncomment next line to dump data */ + // writeSerializeResult(serialized, 'json_complex', spec.version, 'json') + + assert.strictEqual( + serialized, + loadSerializeResult('json_complex', spec.version, 'json')) + }) + + // TODO add more tests + })) +}) diff --git a/tests/integration/XmlNormalize.test.js b/tests/integration/XmlNormalize.test.js index b5f79509a..424943839 100644 --- a/tests/integration/XmlNormalize.test.js +++ b/tests/integration/XmlNormalize.test.js @@ -21,7 +21,8 @@ Copyright (c) OWASP Foundation. All Rights Reserved. const assert = require('assert') const { describe, beforeEach, afterEach, it } = require('mocha') -const { createComplexStructure, loadNormalizeResult } = require('../_data/normalize') +const { createComplexStructure } = require('../_data/models') +const { loadNormalizeResult } = require('../_data/normalize') /* uncomment next line to dump data */ // const { writeNormalizeResult } = require('../_data/normalize') @@ -66,8 +67,10 @@ describe('XML normalize', () => { .normalize(this.bom, { sortLists: true }) const json = JSON.stringify(normalized, null, 2) + /* uncomment next line to dump data */ // writeNormalizeResult(json, 'xml_sortedLists', spec.version, 'json') + assert.deepStrictEqual( JSON.parse(json), JSON.parse(loadNormalizeResult('xml_sortedLists', spec.version, 'json')) diff --git a/tests/integration/XmlSerialize.test.js b/tests/integration/XmlSerialize.test.js new file mode 100644 index 000000000..c7dffe434 --- /dev/null +++ b/tests/integration/XmlSerialize.test.js @@ -0,0 +1,71 @@ +'use strict' +/*! +This file is part of CycloneDX JavaScript Library. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + +SPDX-License-Identifier: Apache-2.0 +Copyright (c) OWASP Foundation. All Rights Reserved. +*/ + +const assert = require('assert') +const { describe, beforeEach, afterEach, it } = require('mocha') + +const { createComplexStructure } = require('../_data/models') +const { loadSerializeResult } = require('../_data/serialize') +/* uncomment next line to dump data */ +// const { writeSerializeResult } = require('../_data/serialize') + +const { + Serialize: { + XML: { Normalize: { Factory: XmlNormalizeFactory } }, + XmlSerializer + }, + Spec: { Spec1dot2, Spec1dot3, Spec1dot4 } +} = require('../../') + +describe('XML serialize', () => { + [ + Spec1dot2, + Spec1dot3, + Spec1dot4 + ].forEach(spec => describe(`complex with spec v${spec.version}`, () => { + const normalizerFactory = new XmlNormalizeFactory(spec) + + beforeEach(function () { + this.bom = createComplexStructure() + }) + + afterEach(function () { + delete this.bom + }) + + it('serialize', function () { + const serializer = new XmlSerializer(normalizerFactory) + const serialized = serializer.serialize( + this.bom, { + sortLists: true, + space: 4 + }) + + /* uncomment next line to dump data */ + // writeSerializeResult(serialized, 'xml_complex', spec.version, 'xml') + + assert.strictEqual( + serialized, + loadSerializeResult('xml_complex', spec.version, 'xml')) + }) + + // TODO add more tests + })) +}) From 80b7c9a3a0cf73c5705cc2bf4a6666836a0e3ad4 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Wed, 8 Jun 2022 13:08:22 +0200 Subject: [PATCH 231/233] wip Signed-off-by: Jan Kowalleck --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 9eb94d7a7..df8ee9328 100644 --- a/README.md +++ b/README.md @@ -61,7 +61,7 @@ written in _TypeScript_ and compiled for the target. * Universal serializer that converts `Bom` data models to JSON string * Serializer that converts `Bom` data models to XML string: * Specific to _WebBrowsers_: implementation utilizes browser-specific document generators and printers. - * Specific to _Node.js_: implementation plugs/requires/utilizes one of the following optional libraries + * Specific to _Node.js_: implementation plugs/requires/utilizes one of the following *optional* libraries * [xmlbuilder2](https://www.npmjs.com/package/xmlbuilder2) * ... to be continued ... (pull requests are welcome) From 29db6aae2eee93b7e0b9e3bc5892163427f6ff96 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Wed, 8 Jun 2022 22:35:44 +0200 Subject: [PATCH 232/233] wip Signed-off-by: Jan Kowalleck --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index df8ee9328..cb5a586ae 100644 --- a/README.md +++ b/README.md @@ -134,9 +134,9 @@ See the [LICENSE][license_file] file for the full license. [license_file]: https://github.com/CycloneDX/cyclonedx-javascript-library/blob/master/LICENSE [contributing_file]: https://github.com/CycloneDX/cyclonedx-javascript-library/blob/master/CONTRIBUTING.md -[examples]: https://github.com/CycloneDX/cyclonedx-javascript-library/tree/1.0-dev/examples +[examples]: https://github.com/CycloneDX/cyclonedx-javascript-library/tree/master/examples -[shield_gh-workflow-test]: https://img.shields.io/github/workflow/status/CycloneDX/cyclonedx-javascript-library/Node%20CI/1.0-dev?logo=GitHub&logoColor=white "tests" +[shield_gh-workflow-test]: https://img.shields.io/github/workflow/status/CycloneDX/cyclonedx-javascript-library/Node%20CI/master?logo=GitHub&logoColor=white "tests" [shield_npm-version]: https://img.shields.io/npm/v/@cyclonedx/cyclonedx-library?logo=npm&logoColor=white "npm" [shield_license]: https://img.shields.io/github/license/CycloneDX/cyclonedx-javascript-library?logo=open%20source%20initiative&logoColor=white "license" [shield_website]: https://img.shields.io/badge/https://-cyclonedx.org-blue.svg "homepage" @@ -145,7 +145,7 @@ See the [LICENSE][license_file] file for the full license. [shield_twitter-follow]: https://img.shields.io/badge/Twitter-follow-blue?logo=Twitter&logoColor=white "twitter follow" [link_website]: https://cyclonedx.org/ -[link_gh-workflow-test]: https://github.com/CycloneDX/cyclonedx-javascript-library/actions/workflows/nodejs.yml?query=branch%3A1.0-dev +[link_gh-workflow-test]: https://github.com/CycloneDX/cyclonedx-javascript-library/actions/workflows/nodejs.yml?query=branch%3Amaster [link_npm]: https://www.npmjs.com/package/%40cyclonedx/cyclonedx-library [link_slack]: https://cyclonedx.org/slack/invite [link_discussion]: https://groups.io/g/CycloneDX From 517fb4031c33f14fcbc7de389d33924d723bef48 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Wed, 8 Jun 2022 22:38:02 +0200 Subject: [PATCH 233/233] wip Signed-off-by: Jan Kowalleck --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index cb5a586ae..fc4fa8629 100644 --- a/README.md +++ b/README.md @@ -28,7 +28,7 @@ written in _TypeScript_ and compiled for the target. * Provide an XML-serializer for all target environments. * Support the downstream implementation of custom XML-serializers tailored to specific environments by providing an abstract base class that takes care of normalization and BomRef-discrimination. - This is done, because there is no universal xml support in _JavaScript_. + This is done, because there is no universal XML support in _JavaScript_. ## Capabilities