Skip to content

Commit

Permalink
Merge pull request #108 from CycloneDX/spec-v1.5-ertypes
Browse files Browse the repository at this point in the history
feat(spec1-5): add new external reference types
  • Loading branch information
nscuro committed Jun 27, 2023
2 parents b86543d + c45ba61 commit 7bb7999
Show file tree
Hide file tree
Showing 2 changed files with 66 additions and 19 deletions.
36 changes: 33 additions & 3 deletions convert.go
Expand Up @@ -139,9 +139,15 @@ func convertExternalReferences(extRefs *[]ExternalReference, specVersion SpecVer
return
}

if specVersion < SpecVersion1_3 {
for i := range *extRefs {
(*extRefs)[i].Hashes = nil
for i := range *extRefs {
extRef := &(*extRefs)[i]

if !specVersion.supportsExternalReferenceType(extRef.Type) {
extRef.Type = ERTypeOther
}

if specVersion < SpecVersion1_3 {
extRef.Hashes = nil
}
}
}
Expand Down Expand Up @@ -301,6 +307,30 @@ func (sv SpecVersion) supportsComponentType(cType ComponentType) bool {
return false
}

func (sv SpecVersion) supportsExternalReferenceType(ert ExternalReferenceType) bool {
switch ert {
case ERTypeAdversaryModel,
ERTypeAttestation,
ERTypeCertificationReport,
ERTypeCodifiedInfrastructure,
ERTypeComponentAnalysisReport,
ERTypeDistributionIntake,
ERTypeDynamicAnalysisReport,
ERTypeExploitabilityStatement,
ERTypeMaturityReport,
ERTypePentestReport,
ERTypeQualityMetrics,
ERTypeRiskAssessment,
ERTypeRuntimeAnalysisReport,
ERTypeStaticAnalysisReport,
ERTypeThreatModel,
ERTypeVulnerabilityAssertion:
return sv >= SpecVersion1_5
}

return sv >= SpecVersion1_1
}

func (sv SpecVersion) supportsHashAlgorithm(algo HashAlgorithm) bool {
switch algo {
case HashAlgoMD5, HashAlgoSHA1, HashAlgoSHA256, HashAlgoSHA384, HashAlgoSHA512, HashAlgoSHA3_256, HashAlgoSHA3_512:
Expand Down
49 changes: 33 additions & 16 deletions cyclonedx.go
Expand Up @@ -233,22 +233,39 @@ type ExternalReference struct {
type ExternalReferenceType string

const (
ERTypeAdvisories ExternalReferenceType = "advisories"
ERTypeBOM ExternalReferenceType = "bom"
ERTypeBuildMeta ExternalReferenceType = "build-meta"
ERTypeBuildSystem ExternalReferenceType = "build-system"
ERTypeChat ExternalReferenceType = "chat"
ERTypeDistribution ExternalReferenceType = "distribution"
ERTypeDocumentation ExternalReferenceType = "documentation"
ERTypeLicense ExternalReferenceType = "license"
ERTypeMailingList ExternalReferenceType = "mailing-list"
ERTypeOther ExternalReferenceType = "other"
ERTypeIssueTracker ExternalReferenceType = "issue-tracker"
ERTypeReleaseNotes ExternalReferenceType = "release-notes"
ERTypeSocial ExternalReferenceType = "social"
ERTypeSupport ExternalReferenceType = "support"
ERTypeVCS ExternalReferenceType = "vcs"
ERTypeWebsite ExternalReferenceType = "website"
ERTypeAdversaryModel ExternalReferenceType = "adversary-model"
ERTypeAdvisories ExternalReferenceType = "advisories"
ERTypeAttestation ExternalReferenceType = "attestation"
ERTypeBOM ExternalReferenceType = "bom"
ERTypeBuildMeta ExternalReferenceType = "build-meta"
ERTypeBuildSystem ExternalReferenceType = "build-system"
ERTypeCertificationReport ExternalReferenceType = "certification-report"
ERTypeChat ExternalReferenceType = "chat"
ERTypeCodifiedInfrastructure ExternalReferenceType = "codified-infrastructure"
ERTypeComponentAnalysisReport ExternalReferenceType = "component-analysis-report"
ERTypeDistribution ExternalReferenceType = "distribution"
ERTypeDistributionIntake ExternalReferenceType = "distribution-intake"
ERTypeDocumentation ExternalReferenceType = "documentation"
ERTypeDynamicAnalysisReport ExternalReferenceType = "dynamic-analysis-report"
ERTypeExploitabilityStatement ExternalReferenceType = "exploitability-statement"
ERTypeIssueTracker ExternalReferenceType = "issue-tracker"
ERTypeLicense ExternalReferenceType = "license"
ERTypeMailingList ExternalReferenceType = "mailing-list"
ERTypeMaturityReport ExternalReferenceType = "maturity-report"
ERTypeOther ExternalReferenceType = "other"
ERTypePentestReport ExternalReferenceType = "pentest-report"
ERTypeQualityMetrics ExternalReferenceType = "quality-metrics"
ERTypeReleaseNotes ExternalReferenceType = "release-notes"
ERTypeRiskAssessment ExternalReferenceType = "risk-assessment"
ERTypeRuntimeAnalysisReport ExternalReferenceType = "runtime-analysis-report"
ERTypeSecurityContact ExternalReferenceType = "security-contact"
ERTypeSocial ExternalReferenceType = "social"
ERTypeStaticAnalysisReport ExternalReferenceType = "static-analysis-report"
ERTypeSupport ExternalReferenceType = "support"
ERTypeThreatModel ExternalReferenceType = "threat-model"
ERTypeVCS ExternalReferenceType = "vcs"
ERTypeVulnerabilityAssertion ExternalReferenceType = "vulnerability-assertion"
ERTypeWebsite ExternalReferenceType = "website"
)

type Hash struct {
Expand Down

0 comments on commit 7bb7999

Please sign in to comment.