Update JSON schema to latest versions of CycloneDX v1.5-dev and SPDX …

…2.3.1 development (#32) * Minor cleanup of license command constants Signed-off-by: Matt Rutkowski <mrutkows@us.ibm.com> * Update the v1.5 development schema to most recent Signed-off-by: Matt Rutkowski <mrutkows@us.ibm.com> * Update the SPDX 2.3.1 development JSON schema Signed-off-by: Matt Rutkowski <mrutkows@us.ibm.com> --------- Signed-off-by: Matt Rutkowski <mrutkows@us.ibm.com>
CycloneDX · May 24, 2023 · 8956b98 · 8956b98
1 parent 76e5502
commit 8956b98
Show file tree

Hide file tree

Showing 4 changed files with 840 additions and 57 deletions.
diff --git a/README.md b/README.md
@@ -545,9 +545,11 @@ The `query` command does not support output results.
 
 #### Query examples
 
-##### Example: Select a JSON object
+##### Example: Extract the top-level `component` information from an SBOM
 
-In this example, only the `--from` clause is needed to select an object.  The `--select` clause is omitted which is equivalent to using the "select all" wildcard character `*` which returns all fields and values from the object.
+This example effectively extracts the first-order package manifest from the SBOM.
+
+In this example, only the `--from` clause is needed to select an object.  The `--select` clause is omitted which is equivalent to using the "select all" wildcard character `*` which returns all fields and values from the `component` object.
 
 ```bash
 ./sbom-utility query -i test/cyclonedx/cdx-1-4-mature-example-1.json --from metadata.component
@@ -556,7 +558,7 @@ In this example, only the `--from` clause is needed to select an object.  The `-
 is equivalent to using the wildcard character (which may need to be enclosed in single or double quotes depending on your shell):
 
 ```bash
-./sbom-utility query -i test/cyclonedx/cdx-1-4-mature-example-1.json --select '*' --from metadata.component
+./sbom-utility query -i test/cyclonedx/cdx-1-4-mature-example-1.json --select '*' --from metadata.component --quiet
 ```
 
 ```json
@@ -586,9 +588,31 @@ is equivalent to using the wildcard character (which may need to be enclosed in
   ...
 ```
 
-##### Example: Select fields from JSON object
+##### Example: Extract the `supplier` of the SBOM
+
+In this example, the `--from` clause references the top-level `metadata.supplier` object.
+
+```bash
+./sbom-utility query -i test/cyclonedx/cdx-1-4-mature-example-1.json --from metadata.supplier --quiet
+```
+
+```json
+{
+  "contact": [
+    {
+      "email": "distribution@example.com"
+    }
+  ],
+  "name": "Example Co. Distribution Dept.",
+  "url": [
+    "https://example.com/software/"
+  ]
+}
+```
+
+##### Example: Extract just the SBOM component's `name` and `version`
 
-In this example, the `--from` clause references the  singleton JSON object `component` found under the top-level `metadata` object. It then reduces the resultant JSON object to only return the `name` and `value` fields and their values as requested on the `--select` clause.
+In this example, the `--from` clause references the singleton JSON object `component` found under the top-level `metadata` object. It then reduces the resultant JSON object to only return the `name` and `value` fields and their values as requested on the `--select` clause.
 
 ```bash
 ./sbom-utility query --select name,version --from metadata.component -i examples/cyclonedx/BOM/juice-shop-11.1.2/bom.json

diff --git a/cmd/license.go b/cmd/license.go
@@ -48,8 +48,16 @@ const (
 	LC_TYPE_EXPRESSION
 )
 
-// Declare a fixed-sized array for LC type names
-var LC_TYPE_NAMES = [...]string{"invalid", "id", "name", "expression"}
+// LicenseChoice - corresponding (name) values for license choice types
+const (
+	LC_VALUE_INVALID    = "invalid"
+	LC_VALUE_ID         = "id"
+	LC_VALUE_NAME       = "name"
+	LC_VALUE_EXPRESSION = "expression"
+)
+
+// Declare a fixed-sized array for LC type name indexed lookup
+var LC_TYPE_NAMES = [...]string{LC_VALUE_INVALID, LC_VALUE_ID, LC_VALUE_NAME, LC_VALUE_EXPRESSION}
 
 const (
 	LC_LOC_UNKNOWN = iota
@@ -59,12 +67,6 @@ const (
 	LC_LOC_SERVICES
 )
 
-const (
-	LC_VALUE_ID         = "id"
-	LC_VALUE_NAME       = "name"
-	LC_VALUE_EXPRESSION = "expression"
-)
-
 var CDX_LICENSE_LOCATION_NAMES = map[int]string{
 	LC_LOC_UNKNOWN:            "unknown",
 	LC_LOC_METADATA_COMPONENT: "metadata.component",
@@ -75,18 +77,18 @@ var CDX_LICENSE_LOCATION_NAMES = map[int]string{
 
 // Note: the "License" property is used as hashmap key
 type LicenseInfo struct {
-	UsagePolicy            string `json:"usage-policy"`
-	LicenseChoiceTypeValue int    `json:"license-type-value"`
-	LicenseChoiceType      string `json:"license-type"`
-	License                string `json:"license"`
-	ResourceName           string `json:"resource-name"`
-	BomRef                 string `json:"bom-ref"`
-	BomLocationValue       int    `json:"bom-location-value"`
-	BomLocation            string `json:"bom-location"`
-	LicenseChoice          schema.CDXLicenseChoice
-	Policy                 LicensePolicy
-	Component              schema.CDXComponent
-	Service                schema.CDXService
+	UsagePolicy            string                  `json:"usage-policy"`
+	LicenseChoiceTypeValue int                     `json:"license-type-value"`
+	LicenseChoiceType      string                  `json:"license-type"`
+	License                string                  `json:"license"`
+	ResourceName           string                  `json:"resource-name"`
+	BomRef                 string                  `json:"bom-ref"`
+	BomLocationValue       int                     `json:"bom-location-value"`
+	BomLocation            string                  `json:"bom-location"`
+	LicenseChoice          schema.CDXLicenseChoice // Do not marshal
+	Policy                 LicensePolicy           // Do not marshal
+	Component              schema.CDXComponent     // Do not marshal
+	Service                schema.CDXService       // Do not marshal
 }
 
 // License hashmap