Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

support cdx 1.6 #288

Merged
merged 100 commits into from
Sep 14, 2024
Merged

support cdx 1.6 #288

Show file tree
Hide file tree
Changes from 87 commits
Commits
Show all changes
100 commits
Select commit Hold shift + click to select a range
b536b12
.
mtsfoni May 5, 2024
c523d5f
inbetween: xml enums still need to be fixed but roundtrip tests work
mtsfoni May 5, 2024
cfa84f1
fixed problems stemming from cdx 1.5 implementation
mtsfoni May 5, 2024
751d58b
DatasetChoices fix deserialization namespace problem
mtsfoni May 12, 2024
12be76e
Merge branch 'main' into cdx1.6
andreas-hilti Aug 18, 2024
3af1a24
Adapt interop and merge tests
andreas-hilti Aug 18, 2024
b7b46c0
Adapt core tests
andreas-hilti Aug 18, 2024
4484786
Further adapt core tests
andreas-hilti Aug 18, 2024
0cb39b2
Add missing snapshots
andreas-hilti Aug 18, 2024
c3a4c70
workaround for incorrect Protobuf Tools serialization
andreas-hilti Aug 19, 2024
4a70618
Merge pull request #318 from andreas-hilti/cdx1.6
mtsfoni Aug 24, 2024
6cadce3
Merge pull request #320 from andreas-hilti/cdx1.6_workaround
mtsfoni Aug 24, 2024
c61f2da
Adding Tests for Protobuff and Json
mtsfoni Aug 24, 2024
cb75e45
several fixes for JSON tests
andreas-hilti Aug 24, 2024
b2f9b73
add some snapshots
andreas-hilti Aug 24, 2024
553e39b
fix JSON validation
andreas-hilti Aug 24, 2024
896b8c8
support multiple EvidenceIdentities
andreas-hilti Aug 25, 2024
49c0e4a
add protobuf support for CBOM
andreas-hilti Aug 25, 2024
3318301
add missing snapshots
andreas-hilti Aug 25, 2024
41c7a28
CipherSuites via XmlArray with XmlArrayItem
mtsfoni Aug 25, 2024
10f4051
FixcryptoProperties.ObjectId for JSON
mtsfoni Aug 25, 2024
5596be0
OID now in Snapshots
mtsfoni Aug 25, 2024
0b62590
support tags for components and services
andreas-hilti Aug 25, 2024
890fc65
Generated Implementation for Declarations
mtsfoni Aug 25, 2024
241de12
fix style
andreas-hilti Aug 25, 2024
35d118a
support OmniborId and Swhid
andreas-hilti Aug 25, 2024
7a4d118
support component Authors and Manufacturer
andreas-hilti Aug 25, 2024
698cc86
support BOM Manufacturer
andreas-hilti Aug 25, 2024
c6837cf
Fully Implement Declarations
mtsfoni Aug 25, 2024
fc29339
Merge branch 'cdx1.6' into cdx1.6
mtsfoni Aug 25, 2024
650d024
Merge pull request #324 from andreas-hilti/cdx1.6
mtsfoni Aug 25, 2024
dc6c6d3
Merge branch 'cdx1.6' into cdx1.6_2
mtsfoni Aug 25, 2024
76b4af5
Merge pull request #326 from andreas-hilti/cdx1.6_2
mtsfoni Aug 25, 2024
737afae
Merge pull request #327 from andreas-hilti/cdx1.6_3
mtsfoni Aug 25, 2024
5555ab5
add support for license acknowledgment
andreas-hilti Aug 25, 2024
7bbcf65
add support for source-distribution
andreas-hilti Aug 25, 2024
7a83f21
Support for concludedValue
andreas-hilti Aug 25, 2024
607a96f
Merge pull request #330 from andreas-hilti/cdx1.6_5
mtsfoni Aug 25, 2024
269eced
Merge pull request #328 from andreas-hilti/cdx1.6
mtsfoni Aug 25, 2024
53921d1
Merge pull request #329 from andreas-hilti/cdx1.6_4
mtsfoni Aug 25, 2024
350846f
Delete 1.5 Snapshots in Json/1.6 folder
mtsfoni Aug 25, 2024
3fee8ce
Merge branch 'cdx1.6' of https://github.com/CycloneDX/cyclonedx-dotne…
mtsfoni Aug 25, 2024
38f32d1
Mostly EnvironmentalConsideration + Postal Address
mtsfoni Aug 25, 2024
d2a7513
Use EnumerateAllComponents for EnumerateAllDatasetChoices
mtsfoni Aug 25, 2024
5f17885
Simplify CryptoFunctions as XmlArray
mtsfoni Aug 25, 2024
f7bf988
Simpify XMLArrays in CryptoProperties.cs
mtsfoni Aug 25, 2024
544e2ad
Enum.Null in CryptoProperties
mtsfoni Aug 25, 2024
fbc2c5a
Fix enums for protobuf serialization
andreas-hilti Aug 27, 2024
1d0ac15
Fix CertificationLevel protobuf serialization
andreas-hilti Aug 27, 2024
5fed01c
Add Definitions/Standards
mtsfoni Aug 28, 2024
813592b
fix tests
mtsfoni Aug 28, 2024
f451724
Fix JSON serialization of ImplementationPlatform
andreas-hilti Aug 28, 2024
550e416
Fix all tests
mtsfoni Aug 28, 2024
34f1748
Fix JSON serialization of CertificationLevel
andreas-hilti Aug 28, 2024
42413d1
Merge pull request #333 from andreas-hilti/cdx1.6_enums
mtsfoni Aug 28, 2024
7eb3adb
Merge branch 'cdx1.6' into cdx1.6
mtsfoni Aug 28, 2024
e6ebe0c
Merge pull request #332 from andreas-hilti/cdx1.6
mtsfoni Aug 28, 2024
e6e7ed3
Fix Protobuf serialization of provides
andreas-hilti Aug 29, 2024
f371f49
Fix workflows
andreas-hilti Aug 29, 2024
bb9f366
Fix Protobuf serialization of DataFlow
andreas-hilti Aug 29, 2024
a0d4936
Fix JSON serialization of DatasetChoices
andreas-hilti Aug 30, 2024
b189c5f
Several fixes for EnergyConsumption
andreas-hilti Aug 30, 2024
58d4f9b
Fix Protobuf serialization of vulnerability rating score
andreas-hilti Aug 30, 2024
59a6703
Fix xml serialization of license expressions
andreas-hilti Aug 31, 2024
41aeaad
Fix protobuf serialization of DateTime
andreas-hilti Aug 31, 2024
cd7ee33
Fix protobuf serialization of lifecycle
andreas-hilti Aug 31, 2024
5a51bd4
Add deprecations for component.author and metatada.manufacture
andreas-hilti Aug 31, 2024
c3349da
Fix protobuf serialization of component and service tools
andreas-hilti Aug 31, 2024
505e0f3
Fix several enum serializations
andreas-hilti Sep 1, 2024
bb6d4c3
Merge pull request #334 from andreas-hilti/cdx1.6
mtsfoni Sep 1, 2024
b3fdd2b
Merge pull request #335 from andreas-hilti/cdx1.6_fix_formulation
mtsfoni Sep 1, 2024
6ef6d44
Merge pull request #336 from andreas-hilti/cdx1.6_fix_dataflow
mtsfoni Sep 1, 2024
ace9a63
Merge pull request #337 from andreas-hilti/cdx1.6_fix_datasetchoices
mtsfoni Sep 1, 2024
270d97c
Merge pull request #338 from andreas-hilti/cdx1.6_fix_energy_consumption
mtsfoni Sep 1, 2024
7ca440b
Merge pull request #339 from andreas-hilti/cdx1.6_rating_score
mtsfoni Sep 1, 2024
a38d8cd
Merge pull request #340 from andreas-hilti/cdx1.6_fix_license_seriali…
mtsfoni Sep 1, 2024
e2aa21a
Merge branch 'cdx1.6' into cdx1.6_fix_datetime_serialization
mtsfoni Sep 1, 2024
66a9f08
Merge pull request #341 from andreas-hilti/cdx1.6_fix_datetime_serial…
mtsfoni Sep 1, 2024
2755793
Merge pull request #342 from andreas-hilti/cdx1.6_fix_lifecycle
mtsfoni Sep 1, 2024
6909e5a
Merge pull request #344 from andreas-hilti/cdx1.6_fix_protobuf_tools
mtsfoni Sep 1, 2024
1903c63
Merge pull request #345 from andreas-hilti/cdx1.6_fix_enums
mtsfoni Sep 1, 2024
c03f0f6
Fix xml serialization for obsolete elements
andreas-hilti Sep 1, 2024
31112e8
merge attestations and standards
mtsfoni Sep 1, 2024
f6ea47b
missing added file
mtsfoni Sep 1, 2024
aee779e
address some codacy warnings
mtsfoni Sep 1, 2024
2da2b93
Address Codacy Issue
mtsfoni Sep 7, 2024
c2587df
Merge pull request #347 from CycloneDX/cdx1.6_mergeAttestationAndStan…
mtsfoni Sep 7, 2024
a0e6363
- Add missing license headers
mtsfoni Sep 7, 2024
d619fce
Test for merging attestation and standards
mtsfoni Sep 7, 2024
78a1f74
Merge pull request #343 from andreas-hilti/cdx1.6_deprecations
mtsfoni Sep 8, 2024
2100346
Add new locations of relevant types to EnumerateAll...-functions
mtsfoni Sep 8, 2024
30455bb
Merge branch 'cdx1.6' of https://github.com/CycloneDX/cyclonedx-dotne…
mtsfoni Sep 8, 2024
dbb4307
codacy
mtsfoni Sep 8, 2024
5d0fd96
Fix JSON serialization of Ikev2TransformTypes
andreas-hilti Sep 13, 2024
95fc397
Cleanup
andreas-hilti Sep 13, 2024
c06a8c7
Enhance Signature
andreas-hilti Sep 14, 2024
787f82c
Support multisignature and signaturechain
andreas-hilti Sep 14, 2024
1439ffa
Merge pull request #354 from andreas-hilti/cdx1.6_cleanup
mtsfoni Sep 14, 2024
027f183
Merge pull request #355 from andreas-hilti/cdx1.6_ikev2transformtypes
mtsfoni Sep 14, 2024
93484e7
Merge pull request #356 from andreas-hilti/cdx1.6_signature
mtsfoni Sep 14, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
170 changes: 148 additions & 22 deletions src/CycloneDX.Core/BomUtils.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,9 +17,11 @@

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text.RegularExpressions;
using CycloneDX.Models;
using CycloneDX.Models.Vulnerabilities;
using static CycloneDX.Models.EvidenceIdentity;

namespace CycloneDX
{
Expand Down Expand Up @@ -69,7 +71,8 @@ internal static Bom CopyBomAndDowngrade(Bom bom)
bomCopy.SerialNumber = null;
bomCopy.ExternalReferences = null;

EnumerateAllComponents(bomCopy, (component) => {
EnumerateAllComponents(bomCopy, (component) =>
{
component.BomRef = null;
component.Pedigree = null;
component.ExternalReferences = null;
Expand All @@ -82,7 +85,8 @@ internal static Bom CopyBomAndDowngrade(Bom bom)
bomCopy.Dependencies = null;
bomCopy.Services = null;

EnumerateAllComponents(bomCopy, (component) => {
EnumerateAllComponents(bomCopy, (component) =>
{
component.Author = null;
component.MimeType = null;
component.Supplier = null;
Expand All @@ -103,7 +107,8 @@ internal static Bom CopyBomAndDowngrade(Bom bom)
bomCopy.Metadata.Licenses = null;
bomCopy.Metadata.Properties = null;
}
EnumerateAllComponents(bomCopy, (component) => {
EnumerateAllComponents(bomCopy, (component) =>
{
component.Properties = null;
component.Evidence = null;
if (component.ExternalReferences != null)
Expand All @@ -114,7 +119,8 @@ internal static Bom CopyBomAndDowngrade(Bom bom)
}
}
});
EnumerateAllServices(bomCopy, (service) => {
EnumerateAllServices(bomCopy, (service) =>
{
service.Properties = null;
if (service.ExternalReferences != null)
{
Expand All @@ -128,14 +134,16 @@ internal static Bom CopyBomAndDowngrade(Bom bom)

if (bomCopy.SpecVersion < SpecificationVersion.v1_4)
{
EnumerateAllComponents(bomCopy, (component) => {
EnumerateAllComponents(bomCopy, (component) =>
{
component.ReleaseNotes = null;
if (component.Version == null)
{
component.Version = "0.0.0";
}
});
EnumerateAllServices(bomCopy, (service) => {
EnumerateAllServices(bomCopy, (service) =>
{
service.ReleaseNotes = null;
});
bomCopy.Vulnerabilities = null;
Expand All @@ -157,7 +165,7 @@ internal static Bom CopyBomAndDowngrade(Bom bom)
composition.Vulnerabilities = null;
}
}

EnumerateAllToolChoices(bomCopy, (toolchoice) =>
{
toolchoice.Components = null;
Expand All @@ -170,7 +178,7 @@ internal static Bom CopyBomAndDowngrade(Bom bom)
component.Data = null;
if ((int)component.Type > 8) component.Type = Component.Classification.Library;
});

EnumerateAllServices(bomCopy, (service) =>
{
service.TrustZone = null;
Expand All @@ -186,7 +194,7 @@ internal static Bom CopyBomAndDowngrade(Bom bom)
}
}
});

EnumerateAllVulnerabilities(bomCopy, (vulnerability) =>
{
vulnerability.Rejected = null;
Expand Down Expand Up @@ -215,19 +223,19 @@ internal static Bom CopyBomAndDowngrade(Bom bom)
}
}
});

EnumerateAllEvidence(bomCopy, (evidence) =>
{
evidence.Identity = null;
evidence.Occurrences = null;
evidence.Callstack = null;
});

EnumerateAllLicenseChoices(bomCopy, (licenseChoice) =>
{
licenseChoice.BomRef = null;
});

EnumerateAllLicenses(bomCopy, (license) =>
{
license.BomRef = null;
Expand All @@ -246,6 +254,79 @@ internal static Bom CopyBomAndDowngrade(Bom bom)
});
}

if (bomCopy.SpecVersion < SpecificationVersion.v1_6)
{
bomCopy.Declarations = null;
bomCopy.Definitions = null;

EnumerateAllComponents(bomCopy, (component) =>
{
component.CryptoProperties = null;
if (component.Type == Component.Classification.Cryptographic_Asset)
{
component.Type = Component.Classification.Library;
}
component.Tags = null;
component.OmniborId = null;
component.Swhid = null;
component.Authors = null;
component.Manufacturer = null;

if (component.ModelCard?.Considerations != null)
{
component.ModelCard.Considerations.EnvironmentalConsiderations = null;
}
});

EnumerateAllOrganizationalEntity(bomCopy, (oe) =>
{
oe.Address = null;
});

EnumerateAllServices(bomCopy, (service) =>
{
service.Tags = null;
});

if (bomCopy.Metadata != null)
{
bomCopy.Metadata.Manufacturer = null;
}

EnumerateAllDependencies(bomCopy, (dependency) =>
{
dependency.Provides = null;
});

EnumerateAllEvidence(bomCopy, (evidence) =>
{
if (evidence?.Identity?.Count > 1)
{
evidence.Identity.RemoveRange(1, evidence.Identity.Count - 1);
}
if (evidence.Identity?.Count == 1 &&
(evidence.Identity[0].Field == EvidenceFieldType.OmniborId
|| evidence.Identity[0].Field == EvidenceFieldType.Swhid))
{
evidence.Identity.Clear();
}
if (evidence.Identity?.Count == 1)
{
evidence.Identity[0].ConcludedValue = null;
}
});

EnumerateAllLicenseChoices(bomCopy, (licenseChoice) =>
{
if (licenseChoice.License != null)
{
licenseChoice.License.Acknowledgement = null;
}
licenseChoice.Acknowledgement = null;
});

}

// triggers a bunch of stuff, don't remove unless you know what you are doing
bomCopy.SpecVersion = bomCopy.SpecVersion;

Expand Down Expand Up @@ -280,7 +361,7 @@ public static void EnumerateAllComponents(Bom bom, Action<Component> callback)
if (currentComponent != null)
{
callback(currentComponent);

q.EnqueueMany(currentComponent.Components);
q.EnqueueMany(currentComponent.Pedigree?.Ancestors);
q.EnqueueMany(currentComponent.Pedigree?.Descendants);
Expand All @@ -292,9 +373,10 @@ public static void EnumerateAllComponents(Bom bom, Action<Component> callback)
public static void EnumerateAllServices(Bom bom, Action<Service> callback)
{
var q = new Queue<Service>();

q.EnqueueMany(bom.Metadata?.Tools?.Services);
q.EnqueueMany(bom.Services);
q.EnqueueMany(bom.Annotations?.Select(an => an.Annotator).Where(anor => anor.Service != null).Select(anor => anor.Service) ?? new List<Service>());

while (q.Count > 0)
{
Expand Down Expand Up @@ -323,7 +405,7 @@ public static void EnumerateAllVulnerabilities(Bom bom, Action<Vulnerability> ca
while (q.Count > 0)
{
var currentVulnerability = q.Dequeue();

callback(currentVulnerability);
}
}
Expand All @@ -334,7 +416,7 @@ public static void EnumerateAllEvidence(Bom bom, Action<Evidence> callback)
if (component.Evidence != null) callback(component.Evidence);
});
}

public static void EnumerateAllLicenses(Bom bom, Action<License> callback)
{
EnumerateAllLicenseChoices(bom, (licenseChoice) =>
Expand All @@ -351,7 +433,7 @@ public static void EnumerateAllLicenseChoices(Bom bom, Action<LicenseChoice> cal
{
callback(license);
}

}
EnumerateAllComponents(bom, (component) =>
{
Expand All @@ -363,7 +445,7 @@ public static void EnumerateAllLicenseChoices(Bom bom, Action<LicenseChoice> cal
}
}
});

EnumerateAllServices(bom, (service) =>
{
if (service.Licenses != null)
Expand Down Expand Up @@ -399,9 +481,9 @@ public static void EnumerateAllOrganizationalEntity(Bom bom, Action<Organization
if (annotation.Annotator?.Organization != null)
callback(annotation.Annotator.Organization);
}
}

}

EnumerateAllVulnerabilities(bom, (vulnerability) =>
{
if (vulnerability.Credits?.Organizations != null)
Expand All @@ -412,6 +494,20 @@ public static void EnumerateAllOrganizationalEntity(Bom bom, Action<Organization
EnumerateAllComponents(bom, (component) =>
{
if (component.Supplier != null) callback(component.Supplier);


component.ModelCard?.Considerations?.EnvironmentalConsiderations?.EnergyConsumptions?
.ForEach(energyConsumption =>
energyConsumption?.EnergyProviders?
.ForEach(energyProvider =>
{
if (energyProvider?.Organization != null)
{
callback(energyProvider.Organization);
}
}));


});
EnumerateAllServices(bom, (service) =>
{
Expand All @@ -431,7 +527,7 @@ public static void EnumerateAllOrganizationalContact(Bom bom, Action<Organizatio
}
}
});

EnumerateAllVulnerabilities(bom, (vulnerability) =>
{
if (vulnerability.Credits?.Individuals != null)
Expand All @@ -454,5 +550,35 @@ public static void EnumerateAllToolChoices(Bom bom, Action<ToolChoices> callback
callback(vuln.Tools);
});
}

public static void EnumerateAllDependencies(Bom bom, Action<Dependency> callback)
{
var q = new Queue<Dependency>();


q.EnqueueMany(bom.Dependencies);


while (q.Count > 0)
{
var currentDependency = q.Dequeue();
if (currentDependency != null)
{
callback(currentDependency);

q.EnqueueMany(currentDependency.Dependencies);
}
}
}

public static void EnumerateAllDatasetChoices(Bom bom, Action<DatasetChoices> callback)
{
EnumerateAllComponents(bom, (component) => {
if (component?.ModelCard?.ModelParameters?.Datasets != null)
{
callback(component.ModelCard.ModelParameters.Datasets);
}
});
}
}
}
Loading
Loading