From b6dec4bbee2a11cc5246a05ef5ba3615755bdc3e Mon Sep 17 00:00:00 2001
From: Mike de Senna <desenna@gmail.com>
Date: Sat, 21 May 2022 09:43:32 -0400
Subject: [PATCH 1/3] fix: add properties to xml schema 1.4

Signed-off-by: Mike de Senna <desenna@gmail.com>
---
 schema/bom-1.4.xsd | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/schema/bom-1.4.xsd b/schema/bom-1.4.xsd
index 9b38b1cf..621c2cfd 100644
--- a/schema/bom-1.4.xsd
+++ b/schema/bom-1.4.xsd
@@ -2014,6 +2014,16 @@ limitations under the License.
                     </xs:sequence>
                 </xs:complexType>
             </xs:element>
+            <xs:element name="properties" type="bom:propertiesType" minOccurs="0" maxOccurs="1">
+                <xs:annotation>
+                    <xs:documentation>Provides the ability to document properties in a key/value store.
+                        This provides flexibility to include data not officially supported in the standard
+                        without having to use additional namespaces or create extensions. Property names
+                        of interest to the general public are encouraged to be registered in the
+                        CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy.
+                        Formal registration is OPTIONAL.</xs:documentation>
+                </xs:annotation>
+            </xs:element>
         </xs:sequence>
         <xs:attribute name="bom-ref" type="bom:refType">
             <xs:annotation>

From 9ff5277346935f3b5ab9a78b6e1e3fdacb110c0e Mon Sep 17 00:00:00 2001
From: Mike de Senna <desenna@gmail.com>
Date: Sat, 21 May 2022 09:45:48 -0400
Subject: [PATCH 2/3] fix: add properties to protobuf schema 1.4

Signed-off-by: Mike de Senna <desenna@gmail.com>
---
 schema/bom-1.4.proto | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/schema/bom-1.4.proto b/schema/bom-1.4.proto
index 35f5453b..b5947965 100644
--- a/schema/bom-1.4.proto
+++ b/schema/bom-1.4.proto
@@ -526,6 +526,8 @@ message Vulnerability {
   optional VulnerabilityAnalysis analysis = 16;
   // affects
   repeated VulnerabilityAffects affects = 17;
+  // Specifies optional, custom, properties
+  repeated Property properties = 18;
 }
 
 message VulnerabilityReference {

From 970eeb2995c16ea95124a224b7defc351dd563bd Mon Sep 17 00:00:00 2001
From: Mike de Senna <desenna@gmail.com>
Date: Tue, 24 May 2022 20:52:56 -0400
Subject: [PATCH 3/3] test: update test resources

Signed-off-by: Mike de Senna <desenna@gmail.com>
---
 .../resources/1.4/valid-vulnerability-1.4.json | 18 ++++++++++++++++++
 .../1.4/valid-vulnerability-1.4.textproto      | 16 ++++++++++++++++
 .../resources/1.4/valid-vulnerability-1.4.xml  |  6 ++++++
 3 files changed, 40 insertions(+)

diff --git a/tools/src/test/resources/1.4/valid-vulnerability-1.4.json b/tools/src/test/resources/1.4/valid-vulnerability-1.4.json
index b971cd04..667f5a61 100644
--- a/tools/src/test/resources/1.4/valid-vulnerability-1.4.json
+++ b/tools/src/test/resources/1.4/valid-vulnerability-1.4.json
@@ -116,6 +116,24 @@
             }
           ]
         }
+      ],
+      "properties": [
+        {
+          "name": "Foo",
+          "value": "Bar"
+        },
+        {
+          "name": "Foo",
+          "value": "You"
+        },
+        {
+          "name": "Foo",
+          "value": "Two"
+        },
+        {
+          "name": "Bar",
+          "value": "Foo"
+        }
       ]
     }
   ]
diff --git a/tools/src/test/resources/1.4/valid-vulnerability-1.4.textproto b/tools/src/test/resources/1.4/valid-vulnerability-1.4.textproto
index 6c0d0c66..3b2305e6 100644
--- a/tools/src/test/resources/1.4/valid-vulnerability-1.4.textproto
+++ b/tools/src/test/resources/1.4/valid-vulnerability-1.4.textproto
@@ -100,4 +100,20 @@ vulnerabilities {
       status: VULNERABILITY_AFFECTED_STATUS_AFFECTED
     }
   }
+  properties {
+    name: "Foo"
+    value: "Bar"
+  }
+  properties {
+    name: "Foo"
+    value: "You"
+  }
+  properties {
+    name: "Foo"
+    value: "Two"
+  }
+  properties {
+    name: "Bar"
+    value: "Foo"
+  }
 }
diff --git a/tools/src/test/resources/1.4/valid-vulnerability-1.4.xml b/tools/src/test/resources/1.4/valid-vulnerability-1.4.xml
index 131c7bac..8e21f552 100644
--- a/tools/src/test/resources/1.4/valid-vulnerability-1.4.xml
+++ b/tools/src/test/resources/1.4/valid-vulnerability-1.4.xml
@@ -116,6 +116,12 @@
                     </versions>
                 </target>
             </affects>
+            <properties>
+                <property name="Foo">Bar</property>
+                <property name="Foo">You</property>
+                <property name="Foo">Two</property>
+                <property name="Bar">Foo</property>
+            </properties>
         </vulnerability>
     </vulnerabilities>
 </bom>