Merge pull request #182 from CycloneDX/spec/1.6

Add support for CycloneDX v1.6
CycloneDX · Jun 4, 2024 · 64d6336 · 64d6336
2 parents 340e7e4 + 199cd18
commit 64d6336
Show file tree

Hide file tree

Showing 175 changed files with 16,136 additions and 250 deletions.
diff --git a/convert.go b/convert.go
@@ -52,6 +52,10 @@ func (b *BOM) convert(specVersion SpecVersion) {
 		b.Annotations = nil
 		b.Formulation = nil
 	}
+	if specVersion < SpecVersion1_6 {
+		b.Declarations = nil
+		b.Definitions = nil
+	}
 
 	if b.Metadata != nil {
 		if specVersion < SpecVersion1_3 {
@@ -62,13 +66,21 @@ func (b *BOM) convert(specVersion SpecVersion) {
 			b.Metadata.Lifecycles = nil
 		}
 
-		if specVersion < SpecVersion1_5 {
-			b.Metadata.Lifecycles = nil
+		if specVersion < SpecVersion1_6 {
+			b.Metadata.Manufacturer = nil
 		}
 
 		recurseComponent(b.Metadata.Component, componentConverter(specVersion))
 		convertLicenses(b.Metadata.Licenses, specVersion)
 		convertTools(b.Metadata.Tools, specVersion)
+		convertOrganizationalEntity(b.Metadata.Manufacture, specVersion)
+		convertOrganizationalEntity(b.Metadata.Supplier, specVersion)
+
+		if b.Metadata.Authors != nil {
+			for i := range *b.Metadata.Authors {
+				convertOrganizationalContact(&(*b.Metadata.Authors)[i], specVersion)
+			}
+		}
 	}
 
 	if b.Components != nil {
@@ -95,6 +107,10 @@ func (b *BOM) convert(specVersion SpecVersion) {
 		convertExternalReferences(b.ExternalReferences, specVersion)
 	}
 
+	if b.Annotations != nil {
+		convertAnnotations(b.Annotations, specVersion)
+	}
+
 	b.SpecVersion = specVersion
 	b.XMLNS = xmlNamespaces[specVersion]
 	b.JSONSchema = jsonSchemas[specVersion]
@@ -123,7 +139,6 @@ func componentConverter(specVersion SpecVersion) func(*Component) {
 		}
 
 		if specVersion < SpecVersion1_3 {
-			c.Evidence = nil
 			c.Properties = nil
 		}
 
@@ -137,26 +152,62 @@ func componentConverter(specVersion SpecVersion) func(*Component) {
 		if specVersion < SpecVersion1_5 {
 			c.ModelCard = nil
 			c.Data = nil
+		}
 
-			if c.Evidence != nil {
-				c.Evidence.Identity = nil
-				c.Evidence.Occurrences = nil
-				c.Evidence.Callstack = nil
-			}
+		if specVersion < SpecVersion1_6 {
+			c.SWHID = nil
+			c.OmniborID = nil
+			c.Manufacturer = nil
+			c.Authors = nil
 		}
 
 		if !specVersion.supportsComponentType(c.Type) {
 			c.Type = ComponentTypeApplication
 		}
+
 		convertExternalReferences(c.ExternalReferences, specVersion)
 		convertHashes(c.Hashes, specVersion)
 		convertLicenses(c.Licenses, specVersion)
+		convertEvidence(c, specVersion)
+		convertModelCard(c, specVersion)
+
 		if !specVersion.supportsScope(c.Scope) {
 			c.Scope = ""
 		}
 	}
 }
 
+func convertEvidence(c *Component, specVersion SpecVersion) {
+	if c.Evidence == nil {
+		return
+	}
+
+	if specVersion < SpecVersion1_3 {
+		c.Evidence = nil
+		return
+	}
+
+	if specVersion < SpecVersion1_5 {
+		c.Evidence.Identity = nil
+		c.Evidence.Occurrences = nil
+		c.Evidence.Callstack = nil
+		return
+	}
+
+	if specVersion < SpecVersion1_6 {
+		for i := range *c.Evidence.Occurrences {
+			occ := &(*c.Evidence.Occurrences)[i]
+
+			occ.Line = nil
+			occ.Offset = nil
+			occ.Symbol = ""
+			occ.AdditionalContext = ""
+		}
+	}
+
+	convertLicenses(c.Evidence.Licenses, specVersion)
+}
+
 func convertCompositions(comps *[]Composition, specVersion SpecVersion) {
 	if comps == nil {
 		return
@@ -253,6 +304,73 @@ func convertLicenses(licenses *Licenses, specVersion SpecVersion) {
 			}
 		}
 	}
+
+	if specVersion < SpecVersion1_6 {
+		for i := range *licenses {
+			choice := &(*licenses)[i]
+			if choice.License == nil {
+				continue
+			}
+
+			choice.License.Acknowledgement = ""
+
+			if choice.License.Licensing == nil {
+				continue
+			}
+
+			if choice.License.Licensing.Licensor != nil {
+				convertOrganizationalEntity(choice.License.Licensing.Licensor.Organization, specVersion)
+			}
+			if choice.License.Licensing.Licensee != nil {
+				convertOrganizationalEntity(choice.License.Licensing.Licensee.Organization, specVersion)
+			}
+			if choice.License.Licensing.Purchaser != nil {
+				convertOrganizationalEntity(choice.License.Licensing.Purchaser.Organization, specVersion)
+			}
+		}
+	}
+}
+
+func convertOrganizationalEntity(org *OrganizationalEntity, specVersion SpecVersion) {
+	if org == nil {
+		return
+	}
+
+	if specVersion < SpecVersion1_5 {
+		org.BOMRef = ""
+
+		if org.Contact != nil {
+			for i := range *org.Contact {
+				convertOrganizationalContact(&(*org.Contact)[i], specVersion)
+			}
+		}
+	}
+
+	if specVersion < SpecVersion1_6 {
+		org.Address = nil
+	}
+}
+
+func convertOrganizationalContact(c *OrganizationalContact, specVersion SpecVersion) {
+	if c == nil {
+		return
+	}
+
+	if specVersion < SpecVersion1_5 {
+		c.BOMRef = ""
+	}
+}
+
+func convertModelCard(c *Component, specVersion SpecVersion) {
+	if c.ModelCard == nil {
+		return
+	}
+
+	if specVersion < SpecVersion1_6 {
+		if c.ModelCard.Considerations != nil {
+			c.ModelCard.Considerations.EnvironmentalConsiderations = nil
+		}
+	}
 }
 
 func convertVulnerabilities(vulns *[]Vulnerability, specVersion SpecVersion) {
@@ -271,6 +389,22 @@ func convertVulnerabilities(vulns *[]Vulnerability, specVersion SpecVersion) {
 			vuln.Workaround = ""
 		}
 
+		if specVersion < SpecVersion1_6 {
+			if vuln.Credits != nil {
+				if vuln.Credits.Organizations != nil {
+					for i := range *vuln.Credits.Organizations {
+						convertOrganizationalEntity(&(*vuln.Credits.Organizations)[i], specVersion)
+					}
+				}
+
+				if vuln.Credits.Individuals != nil {
+					for i := range *vuln.Credits.Individuals {
+						convertOrganizationalContact(&(*vuln.Credits.Individuals)[i], specVersion)
+					}
+				}
+			}
+		}
+
 		if vuln.Ratings != nil {
 			for j := range *vuln.Ratings {
 				rating := &(*vuln.Ratings)[j]
@@ -282,6 +416,25 @@ func convertVulnerabilities(vulns *[]Vulnerability, specVersion SpecVersion) {
 	}
 }
 
+func convertAnnotations(annotations *[]Annotation, specVersion SpecVersion) {
+	if annotations == nil {
+		return
+	}
+
+	if specVersion < SpecVersion1_6 {
+		for i := range *annotations {
+			ann := (*annotations)[i]
+
+			if ann.Annotator == nil {
+				continue
+			}
+
+			convertOrganizationalEntity(ann.Annotator.Organization, specVersion)
+			recurseService(ann.Annotator.Service, serviceConverter(specVersion))
+		}
+	}
+}
+
 // serviceConverter modifies a Service such that it adheres to a given SpecVersion.
 func serviceConverter(specVersion SpecVersion) func(*Service) {
 	return func(s *Service) {
@@ -293,6 +446,7 @@ func serviceConverter(specVersion SpecVersion) func(*Service) {
 			s.ReleaseNotes = nil
 		}
 
+		convertOrganizationalEntity(s.Provider, specVersion)
 		convertExternalReferences(s.ExternalReferences, specVersion)
 	}
 }
@@ -334,6 +488,12 @@ func convertTools(tools *ToolsChoice, specVersion SpecVersion) {
 		}
 	}
 
+	if tools.Services != nil {
+		for i := range *tools.Services {
+			convertOrganizationalEntity((*tools.Services)[i].Provider, specVersion)
+		}
+	}
+
 	if tools.Tools != nil {
 		for i := range *tools.Tools {
 			convertTool(&(*tools.Tools)[i], specVersion)