From 0eb6205065cc40cbd999f0d5c24ba620d77ff9cd Mon Sep 17 00:00:00 2001 From: nscuro Date: Sat, 4 Feb 2023 15:58:30 +0100 Subject: [PATCH] feat(spec1-5): add support for `firstIssued` and `lastUpdated` in vuln analysis Signed-off-by: nscuro --- cyclonedx.go | 2 ++ ...lonedx-go-TestRoundTripJSON-func1-valid-vulnerability.json | 4 +++- ...yclonedx-go-TestRoundTripXML-func1-valid-vulnerability.xml | 2 ++ testdata/valid-vulnerability.json | 4 +++- testdata/valid-vulnerability.xml | 2 ++ 5 files changed, 12 insertions(+), 2 deletions(-) diff --git a/cyclonedx.go b/cyclonedx.go index 7bff7d1..0b3b914 100644 --- a/cyclonedx.go +++ b/cyclonedx.go @@ -527,6 +527,8 @@ type VulnerabilityAnalysis struct { Justification ImpactAnalysisJustification `json:"justification,omitempty" xml:"justification,omitempty"` Response *[]ImpactAnalysisResponse `json:"response,omitempty" xml:"responses>response,omitempty"` Detail string `json:"detail,omitempty" xml:"detail,omitempty"` + FirstIssued string `json:"firstIssued,omitempty" xml:"firstIssued,omitempty"` + LastUpdated string `json:"lastUpdated,omitempty" xml:"lastUpdated,omitempty"` } type VulnerabilityRating struct { diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-vulnerability.json b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-vulnerability.json index 4f335d6..447d1d1 100644 --- a/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-vulnerability.json +++ b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-vulnerability.json @@ -99,7 +99,9 @@ "will_not_fix", "update" ], - "detail": "An optional explanation of why the application is not affected by the vulnerable component." + "detail": "An optional explanation of why the application is not affected by the vulnerable component.", + "firstIssued": "2022-01-01T00:00:00.000Z", + "lastUpdated": "2022-02-01T00:00:00.000Z" }, "affects": [ { diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-vulnerability.xml b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-vulnerability.xml index d430733..33463a0 100644 --- a/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-vulnerability.xml +++ b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-vulnerability.xml @@ -96,6 +96,8 @@ update An optional explanation of why the application is not affected by the vulnerable component. + 2022-01-01T00:00:00.000Z + 2022-02-01T00:00:00.000Z diff --git a/testdata/valid-vulnerability.json b/testdata/valid-vulnerability.json index 84bf6a1..75199af 100644 --- a/testdata/valid-vulnerability.json +++ b/testdata/valid-vulnerability.json @@ -97,7 +97,9 @@ "state": "not_affected", "justification": "code_not_reachable", "response": ["will_not_fix", "update"], - "detail": "An optional explanation of why the application is not affected by the vulnerable component." + "detail": "An optional explanation of why the application is not affected by the vulnerable component.", + "firstIssued": "2022-01-01T00:00:00.000Z", + "lastUpdated": "2022-02-01T00:00:00.000Z" }, "affects": [ { diff --git a/testdata/valid-vulnerability.xml b/testdata/valid-vulnerability.xml index 1a231fa..f502534 100644 --- a/testdata/valid-vulnerability.xml +++ b/testdata/valid-vulnerability.xml @@ -97,6 +97,8 @@ update An optional explanation of why the application is not affected by the vulnerable component. + 2022-01-01T00:00:00.000Z + 2022-02-01T00:00:00.000Z