RubyGems - sbom-cyclonedx - Versions diffs - 0.1.0 → 0.2.0 - Mend

sbom-cyclonedx 0.1.0 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (368) hide show

checksums.yaml +4 -4
data/.gitignore +15 -0
data/.gitlab-ci.yml +49 -0
data/.rspec +3 -0
data/.rubocop.yml +72 -0
data/.vscode/settings.json +6 -0
data/CHANGELOG.md +9 -0
data/CODE_OF_CONDUCT.md +132 -0
data/Gemfile +26 -0
data/Gemfile.lock +179 -0
data/LICENSE.txt +21 -0
data/README.md +39 -0
data/Rakefile +36 -0
data/Steepfile +14 -0
data/bin/console +11 -0
data/bin/rbs_spec +9 -0
data/bin/setup +8 -0
data/bom-1.6.schema.json +7334 -0
data/lib/email_address_extension.rb +26 -0
data/lib/sbom/cyclone_dx/enum.rb +2178 -0
data/lib/sbom/cyclone_dx/field.rb +404 -0
data/lib/sbom/cyclone_dx/pattern.rb +43 -0
data/lib/sbom/cyclone_dx/record/advisory.rb +17 -0
data/lib/sbom/cyclone_dx/record/annotation.rb +46 -0
data/lib/sbom/cyclone_dx/record/attachment.rb +21 -0
data/lib/sbom/cyclone_dx/record/base.rb +244 -0
data/lib/sbom/cyclone_dx/record/cipher_suite.rb +23 -0
data/lib/sbom/cyclone_dx/record/co2_measure.rb +18 -0
data/lib/sbom/cyclone_dx/record/command.rb +18 -0
data/lib/sbom/cyclone_dx/record/commit.rb +25 -0
data/lib/sbom/cyclone_dx/record/component.rb +126 -0
data/lib/sbom/cyclone_dx/record/component_data.rb +46 -0
data/lib/sbom/cyclone_dx/record/component_evidence.rb +68 -0
data/lib/sbom/cyclone_dx/record/component_identity_evidence.rb +36 -0
data/lib/sbom/cyclone_dx/record/composition.rb +33 -0
data/lib/sbom/cyclone_dx/record/condition.rb +20 -0
data/lib/sbom/cyclone_dx/record/copyright.rb +16 -0
data/lib/sbom/cyclone_dx/record/crypto_properties.rb +137 -0
data/lib/sbom/cyclone_dx/record/data_governance.rb +21 -0
data/lib/sbom/cyclone_dx/record/data_governance_responsible_party.rb +22 -0
data/lib/sbom/cyclone_dx/record/declarations.rb +193 -0
data/lib/sbom/cyclone_dx/record/definitions.rb +17 -0
data/lib/sbom/cyclone_dx/record/dependency.rb +21 -0
data/lib/sbom/cyclone_dx/record/diff.rb +18 -0
data/lib/sbom/cyclone_dx/record/energy_consumption.rb +31 -0
data/lib/sbom/cyclone_dx/record/energy_measure.rb +18 -0
data/lib/sbom/cyclone_dx/record/energy_provider.rb +31 -0
data/lib/sbom/cyclone_dx/record/environmental_consideration.rb +20 -0
data/lib/sbom/cyclone_dx/record/event.rb +31 -0
data/lib/sbom/cyclone_dx/record/external_reference.rb +25 -0
data/lib/sbom/cyclone_dx/record/fairness_assessment.rb +22 -0
data/lib/sbom/cyclone_dx/record/formula.rb +29 -0
data/lib/sbom/cyclone_dx/record/graphic.rb +19 -0
data/lib/sbom/cyclone_dx/record/graphics_collection.rb +19 -0
data/lib/sbom/cyclone_dx/record/hash_data.rb +18 -0
data/lib/sbom/cyclone_dx/record/identifiable_action.rb +21 -0
data/lib/sbom/cyclone_dx/record/input.rb +34 -0
data/lib/sbom/cyclone_dx/record/input_output_ml_parameter.rb +17 -0
data/lib/sbom/cyclone_dx/record/issue.rb +36 -0
data/lib/sbom/cyclone_dx/record/license.rb +90 -0
data/lib/sbom/cyclone_dx/record/license_choice.rb +35 -0
data/lib/sbom/cyclone_dx/record/metadata.rb +55 -0
data/lib/sbom/cyclone_dx/record/model_card.rb +89 -0
data/lib/sbom/cyclone_dx/record/note.rb +20 -0
data/lib/sbom/cyclone_dx/record/organizational_contact.rb +26 -0
data/lib/sbom/cyclone_dx/record/organizational_entity.rb +28 -0
data/lib/sbom/cyclone_dx/record/output.rb +34 -0
data/lib/sbom/cyclone_dx/record/parameter.rb +20 -0
data/lib/sbom/cyclone_dx/record/patch.rb +23 -0
data/lib/sbom/cyclone_dx/record/performance_metric.rb +30 -0
data/lib/sbom/cyclone_dx/record/postal_address.rb +34 -0
data/lib/sbom/cyclone_dx/record/property.rb +18 -0
data/lib/sbom/cyclone_dx/record/rating.rb +27 -0
data/lib/sbom/cyclone_dx/record/release_notes.rb +44 -0
data/lib/sbom/cyclone_dx/record/resource_reference_choice.rb +22 -0
data/lib/sbom/cyclone_dx/record/risk.rb +18 -0
data/lib/sbom/cyclone_dx/record/root.rb +63 -0
data/lib/sbom/cyclone_dx/record/secured_by.rb +20 -0
data/lib/sbom/cyclone_dx/record/service.rb +54 -0
data/lib/sbom/cyclone_dx/record/service_data.rb +32 -0
data/lib/sbom/cyclone_dx/record/signature.rb +85 -0
data/lib/sbom/cyclone_dx/record/standard.rb +72 -0
data/lib/sbom/cyclone_dx/record/step.rb +24 -0
data/lib/sbom/cyclone_dx/record/swid.rb +29 -0
data/lib/sbom/cyclone_dx/record/task.rb +56 -0
data/lib/sbom/cyclone_dx/record/tools.rb +20 -0
data/lib/sbom/cyclone_dx/record/trigger.rb +48 -0
data/lib/sbom/cyclone_dx/record/version.rb +24 -0
data/lib/sbom/cyclone_dx/record/volume.rb +33 -0
data/lib/sbom/cyclone_dx/record/vulnerability.rb +119 -0
data/lib/sbom/cyclone_dx/record/vulnerability_source.rb +20 -0
data/lib/sbom/cyclone_dx/record/workflow.rb +59 -0
data/lib/sbom/cyclone_dx/record/workspace.rb +45 -0
data/lib/sbom/cyclone_dx/record.rb +12 -0
data/lib/sbom/cyclone_dx/validator/array_validator.rb +66 -0
data/lib/sbom/cyclone_dx/validator/base_validator.rb +43 -0
data/lib/sbom/cyclone_dx/validator/boolean_validator.rb +16 -0
data/lib/sbom/cyclone_dx/validator/date_time_validator.rb +29 -0
data/lib/sbom/cyclone_dx/validator/email_address_validator.rb +31 -0
data/lib/sbom/cyclone_dx/validator/float_validator.rb +30 -0
data/lib/sbom/cyclone_dx/validator/integer_validator.rb +30 -0
data/lib/sbom/cyclone_dx/validator/record_validator.rb +26 -0
data/lib/sbom/cyclone_dx/validator/string_validator.rb +33 -0
data/lib/sbom/cyclone_dx/validator/union_validator.rb +39 -0
data/lib/sbom/cyclone_dx/validator/uri_validator.rb +32 -0
data/lib/sbom/cyclone_dx/validator.rb +32 -0
data/lib/sbom/cyclone_dx/version.rb +7 -0
data/lib/sbom/cyclone_dx.rb +39 -0
data/rbs_collection.lock.yaml +288 -0
data/rbs_collection.yaml +31 -0
data/sbom-cyclone_dx.gemspec +32 -0
data/sig/email_address_extension.rbs +14 -0
data/sig/sbom/cyclone_dx/enum.rbs +93 -0
data/sig/sbom/cyclone_dx/field.rbs +434 -0
data/sig/sbom/cyclone_dx/pattern.rbs +24 -0
data/sig/sbom/cyclone_dx/record/advisory.rbs +19 -0
data/sig/sbom/cyclone_dx/record/annotation.rbs +63 -0
data/sig/sbom/cyclone_dx/record/attachment.rbs +24 -0
data/sig/sbom/cyclone_dx/record/base.rbs +62 -0
data/sig/sbom/cyclone_dx/record/cipher_suite.rbs +24 -0
data/sig/sbom/cyclone_dx/record/co2_measure.rbs +14 -0
data/sig/sbom/cyclone_dx/record/command.rbs +19 -0
data/sig/sbom/cyclone_dx/record/commit.rbs +34 -0
data/sig/sbom/cyclone_dx/record/component.rbs +203 -0
data/sig/sbom/cyclone_dx/record/component_data.rbs +73 -0
data/sig/sbom/cyclone_dx/record/component_evidence.rbs +115 -0
data/sig/sbom/cyclone_dx/record/component_identity_evidence.rbs +53 -0
data/sig/sbom/cyclone_dx/record/composition.rbs +39 -0
data/sig/sbom/cyclone_dx/record/condition.rbs +24 -0
data/sig/sbom/cyclone_dx/record/copyright.rbs +14 -0
data/sig/sbom/cyclone_dx/record/crypto_properties.rbs +268 -0
data/sig/sbom/cyclone_dx/record/data_governance.rbs +24 -0
data/sig/sbom/cyclone_dx/record/data_governance_responsible_party.rbs +19 -0
data/sig/sbom/cyclone_dx/record/declarations.rbs +352 -0
data/sig/sbom/cyclone_dx/record/definitions.rbs +14 -0
data/sig/sbom/cyclone_dx/record/dependency.rbs +24 -0
data/sig/sbom/cyclone_dx/record/diff.rbs +19 -0
data/sig/sbom/cyclone_dx/record/energy_consumption.rbs +39 -0
data/sig/sbom/cyclone_dx/record/energy_measure.rbs +14 -0
data/sig/sbom/cyclone_dx/record/energy_provider.rbs +39 -0
data/sig/sbom/cyclone_dx/record/environmental_consideration.rbs +19 -0
data/sig/sbom/cyclone_dx/record/event.rbs +44 -0
data/sig/sbom/cyclone_dx/record/external_reference.rbs +29 -0
data/sig/sbom/cyclone_dx/record/fairness_assessment.rbs +29 -0
data/sig/sbom/cyclone_dx/record/formula.rbs +34 -0
data/sig/sbom/cyclone_dx/record/graphic.rbs +19 -0
data/sig/sbom/cyclone_dx/record/graphics_collection.rbs +19 -0
data/sig/sbom/cyclone_dx/record/hash_data.rbs +19 -0
data/sig/sbom/cyclone_dx/record/identifiable_action.rbs +24 -0
data/sig/sbom/cyclone_dx/record/input.rbs +44 -0
data/sig/sbom/cyclone_dx/record/input_output_ml_parameter.rbs +14 -0
data/sig/sbom/cyclone_dx/record/issue.rbs +53 -0
data/sig/sbom/cyclone_dx/record/license.rbs +134 -0
data/sig/sbom/cyclone_dx/record/license_choice.rbs +39 -0
data/sig/sbom/cyclone_dx/record/metadata.rbs +82 -0
data/sig/sbom/cyclone_dx/record/model_card.rbs +143 -0
data/sig/sbom/cyclone_dx/record/note.rbs +19 -0
data/sig/sbom/cyclone_dx/record/organizational_contact.rbs +29 -0
data/sig/sbom/cyclone_dx/record/organizational_entity.rbs +34 -0
data/sig/sbom/cyclone_dx/record/output.rbs +44 -0
data/sig/sbom/cyclone_dx/record/parameter.rbs +24 -0
data/sig/sbom/cyclone_dx/record/patch.rbs +24 -0
data/sig/sbom/cyclone_dx/record/performance_metric.rbs +43 -0
data/sig/sbom/cyclone_dx/record/postal_address.rbs +44 -0
data/sig/sbom/cyclone_dx/record/property.rbs +19 -0
data/sig/sbom/cyclone_dx/record/rating.rbs +39 -0
data/sig/sbom/cyclone_dx/record/release_notes.rbs +64 -0
data/sig/sbom/cyclone_dx/record/resource_reference_choice.rbs +19 -0
data/sig/sbom/cyclone_dx/record/risk.rbs +19 -0
data/sig/sbom/cyclone_dx/record/root.rbs +84 -0
data/sig/sbom/cyclone_dx/record/secured_by.rbs +19 -0
data/sig/sbom/cyclone_dx/record/service.rbs +99 -0
data/sig/sbom/cyclone_dx/record/service_data.rbs +44 -0
data/sig/sbom/cyclone_dx/record/signature.rbs +130 -0
data/sig/sbom/cyclone_dx/record/standard.rbs +132 -0
data/sig/sbom/cyclone_dx/record/step.rbs +29 -0
data/sig/sbom/cyclone_dx/record/swid.rbs +44 -0
data/sig/sbom/cyclone_dx/record/task.rbs +84 -0
data/sig/sbom/cyclone_dx/record/tools.rbs +19 -0
data/sig/sbom/cyclone_dx/record/trigger.rbs +69 -0
data/sig/sbom/cyclone_dx/record/version.rbs +24 -0
data/sig/sbom/cyclone_dx/record/volume.rbs +49 -0
data/sig/sbom/cyclone_dx/record/vulnerability.rbs +209 -0
data/sig/sbom/cyclone_dx/record/vulnerability_source.rbs +19 -0
data/sig/sbom/cyclone_dx/record/workflow.rbs +94 -0
data/sig/sbom/cyclone_dx/record/workspace.rbs +69 -0
data/sig/sbom/cyclone_dx/record.rbs +161 -0
data/sig/sbom/cyclone_dx/type.rbs +16 -0
data/sig/sbom/cyclone_dx/validator/array_validator.rbs +31 -0
data/sig/sbom/cyclone_dx/validator/base_validator.rbs +21 -0
data/sig/sbom/cyclone_dx/validator/boolean_validator.rbs +9 -0
data/sig/sbom/cyclone_dx/validator/date_time_validator.rbs +10 -0
data/sig/sbom/cyclone_dx/validator/email_address_validator.rbs +10 -0
data/sig/sbom/cyclone_dx/validator/float_validator.rbs +12 -0
data/sig/sbom/cyclone_dx/validator/integer_validator.rbs +12 -0
data/sig/sbom/cyclone_dx/validator/record_validator.rbs +12 -0
data/sig/sbom/cyclone_dx/validator/string_validator.rbs +14 -0
data/sig/sbom/cyclone_dx/validator/union_validator.rbs +24 -0
data/sig/sbom/cyclone_dx/validator/uri_validator.rbs +10 -0
data/sig/sbom/cyclone_dx/validator.rbs +66 -0
data/sig/sbom/cyclone_dx.rbs +13 -0
data/sig/types.rbs +45 -0
data/spec/email_address_extension_spec.rb +27 -0
data/spec/factories/factory_helper.rb +78 -0
data/spec/factories/record/advisory_factory.rb +11 -0
data/spec/factories/record/annotation_factory.rb +63 -0
data/spec/factories/record/attachment_factory.rb +9 -0
data/spec/factories/record/cipher_suite_factory.rb +26 -0
data/spec/factories/record/co2_measure_factory.rb +9 -0
data/spec/factories/record/command_factory.rb +10 -0
data/spec/factories/record/commit_factory.rb +13 -0
data/spec/factories/record/component_data_factory.rb +28 -0
data/spec/factories/record/component_evidence_factory.rb +44 -0
data/spec/factories/record/component_factory.rb +102 -0
data/spec/factories/record/component_identity_evidence_factory.rb +25 -0
data/spec/factories/record/composition_factory.rb +20 -0
data/spec/factories/record/condition_factory.rb +11 -0
data/spec/factories/record/copyright_factory.rb +9 -0
data/spec/factories/record/crypto_properties_factory.rb +191 -0
data/spec/factories/record/data_governance_factory.rb +11 -0
data/spec/factories/record/data_governance_responsible_party_factory.rb +31 -0
data/spec/factories/record/declarations_factory.rb +145 -0
data/spec/factories/record/definitions_factory.rb +9 -0
data/spec/factories/record/dependency_factory.rb +12 -0
data/spec/factories/record/diff_factory.rb +24 -0
data/spec/factories/record/energy_consumption_factory.rb +15 -0
data/spec/factories/record/energy_measure_factory.rb +9 -0
data/spec/factories/record/energy_provider_factory.rb +15 -0
data/spec/factories/record/environmental_consideration_factory.rb +10 -0
data/spec/factories/record/event_factory.rb +15 -0
data/spec/factories/record/external_reference_factory.rb +13 -0
data/spec/factories/record/fairness_assessment_factory.rb +12 -0
data/spec/factories/record/formula_factory.rb +13 -0
data/spec/factories/record/graphic_factory.rb +10 -0
data/spec/factories/record/graphics_collection_factory.rb +10 -0
data/spec/factories/record/hash_data_factory.rb +10 -0
data/spec/factories/record/identifiable_action_factory.rb +11 -0
data/spec/factories/record/input_factory.rb +36 -0
data/spec/factories/record/input_output_ml_parameter_factory.rb +9 -0
data/spec/factories/record/issue_factory.rb +22 -0
data/spec/factories/record/license_choice_factory.rb +23 -0
data/spec/factories/record/license_factory.rb +99 -0
data/spec/factories/record/metadata_factory.rb +38 -0
data/spec/factories/record/model_card_factory.rb +59 -0
data/spec/factories/record/note_factory.rb +11 -0
data/spec/factories/record/organizational_contact_factory.rb +12 -0
data/spec/factories/record/organizational_entity_factory.rb +13 -0
data/spec/factories/record/output_factory.rb +32 -0
data/spec/factories/record/parameter_factory.rb +11 -0
data/spec/factories/record/patch_factory.rb +12 -0
data/spec/factories/record/performance_metric_factory.rb +20 -0
data/spec/factories/record/postal_address_factory.rb +14 -0
data/spec/factories/record/property_factory.rb +11 -0
data/spec/factories/record/rating_factory.rb +14 -0
data/spec/factories/record/release_notes_factory.rb +20 -0
data/spec/factories/record/resource_reference_choice_factory.rb +27 -0
data/spec/factories/record/risk_factory.rb +10 -0
data/spec/factories/record/root_factory.rb +23 -0
data/spec/factories/record/secured_by_factory.rb +10 -0
data/spec/factories/record/service_data_factory.rb +16 -0
data/spec/factories/record/service_factory.rb +27 -0
data/spec/factories/record/signature_factory.rb +50 -0
data/spec/factories/record/standard_factory.rb +37 -0
data/spec/factories/record/step_factory.rb +12 -0
data/spec/factories/record/swid_factory.rb +16 -0
data/spec/factories/record/task_factory.rb +24 -0
data/spec/factories/record/tools_factory.rb +10 -0
data/spec/factories/record/trigger_factory.rb +21 -0
data/spec/factories/record/version_factory.rb +19 -0
data/spec/factories/record/volume_factory.rb +16 -0
data/spec/factories/record/vulnerability_factory.rb +70 -0
data/spec/factories/record/vulnerability_source_factory.rb +10 -0
data/spec/factories/record/workflow_factory.rb +26 -0
data/spec/factories/record/workspace_factory.rb +21 -0
data/spec/factories/record_factory.rb +159 -0
data/spec/fixtures/cipher_info.yml +948 -0
data/spec/fixtures/purl_data.yml +0 -0
data/spec/sbom/cyclone_dx/enum_spec.rb +30 -0
data/spec/sbom/cyclone_dx/field_spec.rb +104 -0
data/spec/sbom/cyclone_dx/pattern_spec.rb +18 -0
data/spec/sbom/cyclone_dx/record/advisory_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/annotation_spec.rb +31 -0
data/spec/sbom/cyclone_dx/record/attachment_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/base_spec.rb +363 -0
data/spec/sbom/cyclone_dx/record/cipher_suite_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/co2_measure_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/command_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/commit_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/component_data_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/component_evidence_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/component_identity_evidence_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/component_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/composition_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/condition_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/copyright_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/crypto_properties_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/data_governance_responsible_party_spec.rb +19 -0
data/spec/sbom/cyclone_dx/record/data_governance_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/declarations_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/definitions_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/dependency_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/diff_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/energy_consumption_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/energy_measure_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/energy_provider_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/environmental_consideration_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/event_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/external_reference_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/fairness_assessment_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/formula_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/graphic_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/graphics_collection_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/hash_data_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/identifiable_action_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/input_output_ml_parameter_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/input_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/issue_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/license_choice_spec.rb +26 -0
data/spec/sbom/cyclone_dx/record/license_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/metadata_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/model_card_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/note_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/organizational_contact_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/organizational_entity_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/output_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/parameter_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/patch_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/performance_metric_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/postal_address_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/property_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/rating_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/release_notes_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/resource_reference_choice_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/risk_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/root_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/secured_by_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/service_data_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/service_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/signature_spec.rb +26 -0
data/spec/sbom/cyclone_dx/record/standard_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/step_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/swid_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/task_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/tools_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/trigger_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/version_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/volume_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/vulnerability_source_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/vulnerability_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/workflow_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/workspace_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record_spec.rb +7 -0
data/spec/sbom/cyclone_dx/validator/array_validator_spec.rb +184 -0
data/spec/sbom/cyclone_dx/validator/base_validator_spec.rb +71 -0
data/spec/sbom/cyclone_dx/validator/boolean_validator_spec.rb +26 -0
data/spec/sbom/cyclone_dx/validator/date_time_validator_spec.rb +28 -0
data/spec/sbom/cyclone_dx/validator/email_address_validator_spec.rb +23 -0
data/spec/sbom/cyclone_dx/validator/float_validator_spec.rb +71 -0
data/spec/sbom/cyclone_dx/validator/integer_validator_spec.rb +71 -0
data/spec/sbom/cyclone_dx/validator/record_validator_spec.rb +35 -0
data/spec/sbom/cyclone_dx/validator/string_validator_spec.rb +94 -0
data/spec/sbom/cyclone_dx/validator/union_validator_spec.rb +65 -0
data/spec/sbom/cyclone_dx/validator/uri_validator_spec.rb +21 -0
data/spec/sbom/cyclone_dx/validator_spec.rb +38 -0
data/spec/sbom/cyclone_dx/version_spec.rb +9 -0
data/spec/sbom/cyclone_dx_spec.rb +7 -0
data/spec/spec_helper.rb +39 -0
metadata +377 -6

data/lib/sbom/cyclone_dx/validator/record_validator.rb ADDED Viewed

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+require_relative "base_validator"
+module SBOM
+  module CycloneDX
+    # TODO: Add helpful errors
+    module Validator
+      class RecordValidator < BaseValidator
+        def initialize(type:, required: false)
+          super(type, required: required)
+          @record_type = type
+        end
+        def validate(value)
+          rv = super
+          return rv unless value.is_a?(@record_type)
+          rv += value.valid? ? [] : value.formatted_errors
+          rv.compact
+        end
+      end
+    end
+  end
+end

data/lib/sbom/cyclone_dx/validator/string_validator.rb ADDED Viewed

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+require_relative "base_validator"
+require_relative "../pattern"
+module SBOM
+  module CycloneDX
+    # TODO: Add helpful errors
+    module Validator
+      class StringValidator < BaseValidator
+        # TODO: Validate max/min_length >= 0 and max_length >= min_length
+        def initialize(enum: nil, max_length: nil, min_length: nil, pattern: Pattern::DEFAULT, required: true)
+          super(String, required: required)
+          @enum = enum
+          @length_range = (min_length..max_length)
+          @pattern = pattern
+        end
+        def validate(value)
+          rv = super
+          return rv unless value.is_a?(String)
+          rv << "Value is not within enum" if @enum&.exclude?(value)
+          rv << "Value is not within length range" unless @length_range.cover?(value.length)
+          rv << "Value does not match pattern" unless Pattern.match_exactly?(@pattern, value)
+          rv
+        end
+      end
+    end
+  end
+end

data/lib/sbom/cyclone_dx/validator/union_validator.rb ADDED Viewed

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+require_relative "base_validator"
+require_relative "../validator"
+module SBOM
+  module CycloneDX
+    # TODO: Add helpful errors
+    module Validator
+      class UnionValidator < BaseValidator
+        def initialize(of:, required: false)
+          super(required: required)
+          @nested_validators = []
+          of.each do |union_item|
+            (klass, validator_params) = union_item.is_a?(Array) ? union_item : [union_item, {}]
+            @nested_validators << Validator.for(klass, required: required, **validator_params)
+          end
+        end
+        def validate(value)
+          # TODO: Build message based on type and params, e.g.
+          # "Expected one of: [String, Integer], got: Float"
+          # "Expected one of: [String with length <= 2, Integer with maximum 99], got: String with length 3"
+          rv = @nested_validators.map { |validator| validator.validate(value) }
+          return [] if rv.any?(&:empty?)
+          rv.flatten
+        end
+        def raw_types
+          @nested_validators.flat_map(&:raw_types)
+        end
+      end
+    end
+  end
+end

data/lib/sbom/cyclone_dx/validator/uri_validator.rb ADDED Viewed

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+require "uri"
+require_relative "base_validator"
+module SBOM
+  module CycloneDX
+    # TODO: Add helpful errors
+    module Validator
+      class URIValidator < BaseValidator
+        def initialize(required: false)
+          super(::URI::Generic, String, required: required)
+        end
+        def validate(value)
+          rv = super
+          return rv unless value.is_a?(::URI::Generic) || value.is_a?(String)
+          begin
+            # Steep is, for some reason, looking at OpenURI's ::URI, and not ::URI from stdlib...
+            uri_value = value.is_a?(URI::Generic) ? value : URI.parse(value)
+            return rv if uri_value.scheme.present? && uri_value.host.present?
+          rescue NoMethodError, URI::Error
+            # Do nothing, all errors handled below
+          end
+          rv << "Invalid URI"
+        end
+      end
+    end
+  end
+end

data/lib/sbom/cyclone_dx/validator.rb ADDED Viewed

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+Dir[File.join(".", "validator", "*.rb")].each { |file| require_relative file }
+module SBOM
+  module CycloneDX
+    module Validator
+      SIMPLE_TYPES = %i[boolean date_time email_address float integer string uri].freeze
+      class << self
+        def for(type, **kwargs) # rubocop:disable Metrics/CyclomaticComplexity,Metrics/MethodLength,Metrics/AbcSize
+          case type
+          when :array then ArrayValidator.new(items: kwargs.fetch(:items), **kwargs)
+          when :boolean then BooleanValidator.new(**kwargs)
+          when :date_time then DateTimeValidator.new(**kwargs)
+          when :email_address then EmailAddressValidator.new(**kwargs)
+          when :float then FloatValidator.new(**kwargs)
+          when :integer then IntegerValidator.new(**kwargs)
+          when :string then StringValidator.new(**kwargs)
+          when :union then UnionValidator.new(of: kwargs.fetch(:of), **kwargs)
+          when :uri then URIValidator.new(**kwargs)
+          when Class
+            raise ArgumentError, "Unsupported type: #{type.name}" unless type < Record::Base
+            RecordValidator.new(type: type, **kwargs)
+          else raise ArgumentError, "Unsupported type: #{type}"
+          end
+        end
+      end
+    end
+  end
+end

data/lib/sbom/cyclone_dx/version.rb ADDED Viewed

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+module SBOM
+  module CycloneDX
+    VERSION = "0.2.0"
+  end
+end

data/lib/sbom/cyclone_dx.rb ADDED Viewed

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+require_relative "../email_address_extension"
+require_relative "cyclone_dx/enum"
+require_relative "cyclone_dx/field"
+require_relative "cyclone_dx/pattern"
+require_relative "cyclone_dx/record"
+require_relative "cyclone_dx/validator"
+require_relative "cyclone_dx/version"
+require "json"
+# Disable DNS lookup and host validation for the EmailAddress gem, so we don't accidentally hit the network.
+# We also override this in the EmailAddressExtension module, but this is a good safety net.
+(_ = EmailAddress::Config).configure({ dns_lookup: :off, host_validation: :syntax })
+module SBOM
+  module CycloneDX
+    class Error < StandardError; end
+    class << self
+      def create(hash)
+        Record::Root.new(**hash)
+      end
+      def load(file)
+        parse(file.read)
+      end
+      def parse(string)
+        json_hash = JSON.parse(string, symbolize_names: true)
+        Record::Root.json_create(json_hash)
+      end
+      def json_create(hash)
+        Record::Root.json_create(hash)
+      end
+    end
+  end
+end

data/rbs_collection.lock.yaml ADDED Viewed

@@ -0,0 +1,288 @@
+---
+path: ".gem_rbs_collection"
+gems:
+- name: activesupport
+  version: '7.0'
+  source:
+    type: git
+    name: ruby/gem_rbs_collection
+    revision: 56038c8a383c25bae14a891e3c0cc5c2e5a9c976
+    remote: https://github.com/ruby/gem_rbs_collection.git
+    repo_dir: gems
+- name: ast
+  version: '2.4'
+  source:
+    type: git
+    name: ruby/gem_rbs_collection
+    revision: 56038c8a383c25bae14a891e3c0cc5c2e5a9c976
+    remote: https://github.com/ruby/gem_rbs_collection.git
+    repo_dir: gems
+- name: base64
+  version: '0'
+  source:
+    type: git
+    name: ruby/rbs
+    revision: e1636a79d553715cbf40343c6d33b4dd0fe8c2f3
+    remote: https://github.com/ruby/rbs.git
+    repo_dir: stdlib
+- name: benchmark
+  version: '0'
+  source:
+    type: git
+    name: ruby/rbs
+    revision: e1636a79d553715cbf40343c6d33b4dd0fe8c2f3
+    remote: https://github.com/ruby/rbs.git
+    repo_dir: stdlib
+- name: bigdecimal
+  version: '0'
+  source:
+    type: git
+    name: ruby/rbs
+    revision: e1636a79d553715cbf40343c6d33b4dd0fe8c2f3
+    remote: https://github.com/ruby/rbs.git
+    repo_dir: stdlib
+- name: concurrent-ruby
+  version: '1.1'
+  source:
+    type: git
+    name: ruby/gem_rbs_collection
+    revision: 56038c8a383c25bae14a891e3c0cc5c2e5a9c976
+    remote: https://github.com/ruby/gem_rbs_collection.git
+    repo_dir: gems
+- name: connection_pool
+  version: '2.4'
+  source:
+    type: git
+    name: ruby/gem_rbs_collection
+    revision: 56038c8a383c25bae14a891e3c0cc5c2e5a9c976
+    remote: https://github.com/ruby/gem_rbs_collection.git
+    repo_dir: gems
+- name: date
+  version: '0'
+  source:
+    type: stdlib
+- name: dbm
+  version: '0'
+  source:
+    type: stdlib
+- name: diff-lcs
+  version: '1.5'
+  source:
+    type: git
+    name: ruby/gem_rbs_collection
+    revision: 56038c8a383c25bae14a891e3c0cc5c2e5a9c976
+    remote: https://github.com/ruby/gem_rbs_collection.git
+    repo_dir: gems
+- name: digest
+  version: '0'
+  source:
+    type: stdlib
+- name: email_address
+  version: '0.2'
+  source:
+    type: git
+    name: ruby/gem_rbs_collection
+    revision: 56038c8a383c25bae14a891e3c0cc5c2e5a9c976
+    remote: https://github.com/ruby/gem_rbs_collection.git
+    repo_dir: gems
+- name: erb
+  version: '0'
+  source:
+    type: stdlib
+- name: faker
+  version: '2.23'
+  source:
+    type: git
+    name: ruby/gem_rbs_collection
+    revision: 56038c8a383c25bae14a891e3c0cc5c2e5a9c976
+    remote: https://github.com/ruby/gem_rbs_collection.git
+    repo_dir: gems
+- name: fileutils
+  version: '0'
+  source:
+    type: stdlib
+- name: i18n
+  version: '1.10'
+  source:
+    type: git
+    name: ruby/gem_rbs_collection
+    revision: 56038c8a383c25bae14a891e3c0cc5c2e5a9c976
+    remote: https://github.com/ruby/gem_rbs_collection.git
+    repo_dir: gems
+- name: io-console
+  version: '0'
+  source:
+    type: git
+    name: ruby/rbs
+    revision: e1636a79d553715cbf40343c6d33b4dd0fe8c2f3
+    remote: https://github.com/ruby/rbs.git
+    repo_dir: stdlib
+- name: json
+  version: '0'
+  source:
+    type: git
+    name: ruby/rbs
+    revision: e1636a79d553715cbf40343c6d33b4dd0fe8c2f3
+    remote: https://github.com/ruby/rbs.git
+    repo_dir: stdlib
+- name: logger
+  version: '0'
+  source:
+    type: stdlib
+- name: minitest
+  version: '0'
+  source:
+    type: stdlib
+- name: monitor
+  version: '0'
+  source:
+    type: stdlib
+- name: mutex_m
+  version: '0'
+  source:
+    type: git
+    name: ruby/rbs
+    revision: e1636a79d553715cbf40343c6d33b4dd0fe8c2f3
+    remote: https://github.com/ruby/rbs.git
+    repo_dir: stdlib
+- name: openssl
+  version: '0'
+  source:
+    type: stdlib
+- name: optparse
+  version: '0'
+  source:
+    type: stdlib
+- name: parallel
+  version: '1.20'
+  source:
+    type: git
+    name: ruby/gem_rbs_collection
+    revision: 56038c8a383c25bae14a891e3c0cc5c2e5a9c976
+    remote: https://github.com/ruby/gem_rbs_collection.git
+    repo_dir: gems
+- name: parser
+  version: '3.2'
+  source:
+    type: git
+    name: ruby/gem_rbs_collection
+    revision: 56038c8a383c25bae14a891e3c0cc5c2e5a9c976
+    remote: https://github.com/ruby/gem_rbs_collection.git
+    repo_dir: gems
+- name: pathname
+  version: '0'
+  source:
+    type: stdlib
+- name: pstore
+  version: '0'
+  source:
+    type: stdlib
+- name: psych
+  version: '0'
+  source:
+    type: git
+    name: ruby/rbs
+    revision: e1636a79d553715cbf40343c6d33b4dd0fe8c2f3
+    remote: https://github.com/ruby/rbs.git
+    repo_dir: stdlib
+- name: rainbow
+  version: '3.0'
+  source:
+    type: git
+    name: ruby/gem_rbs_collection
+    revision: 56038c8a383c25bae14a891e3c0cc5c2e5a9c976
+    remote: https://github.com/ruby/gem_rbs_collection.git
+    repo_dir: gems
+- name: rake
+  version: '13.0'
+  source:
+    type: git
+    name: ruby/gem_rbs_collection
+    revision: 56038c8a383c25bae14a891e3c0cc5c2e5a9c976
+    remote: https://github.com/ruby/gem_rbs_collection.git
+    repo_dir: gems
+- name: rbs
+  version: 3.7.0
+  source:
+    type: rubygems
+- name: rdoc
+  version: '0'
+  source:
+    type: git
+    name: ruby/rbs
+    revision: e1636a79d553715cbf40343c6d33b4dd0fe8c2f3
+    remote: https://github.com/ruby/rbs.git
+    repo_dir: stdlib
+- name: regexp_parser
+  version: '2.8'
+  source:
+    type: git
+    name: ruby/gem_rbs_collection
+    revision: 56038c8a383c25bae14a891e3c0cc5c2e5a9c976
+    remote: https://github.com/ruby/gem_rbs_collection.git
+    repo_dir: gems
+- name: rubocop
+  version: '1.57'
+  source:
+    type: git
+    name: ruby/gem_rbs_collection
+    revision: 56038c8a383c25bae14a891e3c0cc5c2e5a9c976
+    remote: https://github.com/ruby/gem_rbs_collection.git
+    repo_dir: gems
+- name: rubocop-ast
+  version: '1.30'
+  source:
+    type: git
+    name: ruby/gem_rbs_collection
+    revision: 56038c8a383c25bae14a891e3c0cc5c2e5a9c976
+    remote: https://github.com/ruby/gem_rbs_collection.git
+    repo_dir: gems
+- name: securerandom
+  version: '0'
+  source:
+    type: stdlib
+- name: singleton
+  version: '0'
+  source:
+    type: stdlib
+- name: socket
+  version: '0'
+  source:
+    type: stdlib
+- name: stringio
+  version: '0'
+  source:
+    type: git
+    name: ruby/rbs
+    revision: e1636a79d553715cbf40343c6d33b4dd0fe8c2f3
+    remote: https://github.com/ruby/rbs.git
+    repo_dir: stdlib
+- name: time
+  version: '0'
+  source:
+    type: stdlib
+- name: timeout
+  version: '0'
+  source:
+    type: stdlib
+- name: tsort
+  version: '0'
+  source:
+    type: stdlib
+- name: tzinfo
+  version: '2.0'
+  source:
+    type: git
+    name: ruby/gem_rbs_collection
+    revision: 56038c8a383c25bae14a891e3c0cc5c2e5a9c976
+    remote: https://github.com/ruby/gem_rbs_collection.git
+    repo_dir: gems
+- name: uri
+  version: '0'
+  source:
+    type: git
+    name: ruby/rbs
+    revision: e1636a79d553715cbf40343c6d33b4dd0fe8c2f3
+    remote: https://github.com/ruby/rbs.git
+    repo_dir: stdlib
+gemfile_lock_path: Gemfile.lock

data/rbs_collection.yaml ADDED Viewed

@@ -0,0 +1,31 @@
+# Download sources
+sources:
+  - type: git
+    name: ruby/gem_rbs_collection
+    remote: https://github.com/ruby/gem_rbs_collection.git
+    revision: main
+    repo_dir: gems
+  - type: git
+    name: ruby/rbs
+    remote: https://github.com/ruby/rbs.git
+    revision: master
+    repo_dir: stdlib
+# You can specify local directories as sources also.
+# - type: local
+#   path: path/to/your/local/repository
+# A directory to install the downloaded RBSs
+path: .gem_rbs_collection
+# gems:
+#   # If you want to avoid installing rbs files for gems, you can specify them here.
+#   - name: GEM_NAME
+#     ignore: true
+gems:
+  - name: email_address
+    ignore: false
+  - name: uri
+    ignore: false
+  - name: json
+    ignore: false

data/sbom-cyclone_dx.gemspec ADDED Viewed

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+require_relative "lib/sbom/cyclone_dx/version"
+Gem::Specification.new do |spec|
+  spec.name = "sbom-cyclonedx"
+  spec.version = SBOM::CycloneDX::VERSION
+  spec.authors = ["Rob Trame"]
+  spec.email = ["rtrame@hackerone.com"]
+  spec.summary = "Gem for generating/parsing CycloneDX JSON SBOMs"
+  spec.description = "Gem for generating/parsing CycloneDX JSON SBOMs"
+  spec.homepage = "https://github.com/Hacker0x01/sbom-cyclonedx"
+  spec.license = "MIT"
+  spec.required_ruby_version = ">= 3.0.0"
+  # spec.metadata["allowed_push_host"] = "TODO: Set to your gem server 'https://example.com'"
+  spec.metadata["homepage_uri"] = spec.homepage
+  spec.metadata["source_code_uri"] = "https://github.com/Hacker0x01/sbom-cyclonedx"
+  spec.metadata["changelog_uri"] = "https://github.com/Hacker0x01/sbom-cyclonedx/blob/main/CHANGELOG.md"
+  spec.files = `git ls-files`.split("\n")
+  spec.bindir = "bin"
+  spec.executables = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+  spec.add_dependency "activesupport", ">= 6.1", "< 8"
+  spec.add_dependency "email_address", "~> 0.2", ">= 0.2.4"
+  spec.metadata["rubygems_mfa_required"] = "true"
+end

data/sig/email_address_extension.rbs ADDED Viewed

@@ -0,0 +1,14 @@
+interface _EmailAddress
+  def initialize: (String, ?Hash[Symbol, untyped], ?String) -> void
+end
+module EmailAddressExtension
+  include _EmailAddress
+  def to_json: (*untyped) -> ::String
+  def as_json: (*untyped) -> ::String
+end
+class EmailAddress::Address
+  prepend EmailAddressExtension
+end

data/sig/sbom/cyclone_dx/enum.rbs ADDED Viewed

@@ -0,0 +1,93 @@
+module SBOM
+  module CycloneDX
+    module Enum
+      ACCESS_MODE: ::Array[String]
+      ACTIVITY: ::Array[String]
+      AFFECTED_STATUS: ::Array[String]
+      AGGREGATE_TYPE: ::Array[String]
+      ALGORITHM_MODE: ::Array[String]
+      ASSET_TYPE: ::Array[String]
+      CERTIFICATION_LEVEL: ::Array[String]
+      COMPONENT_DATA_TYPE: ::Array[String]
+      COMPONENT_TYPE: ::Array[String]
+      CRYPTO_FUNCTION: ::Array[String]
+      DATA_FLOW_DIRECTION: ::Array[String]
+      ENERGY_SOURCE: ::Array[String]
+      EXECUTION_ENVIRONMENT: ::Array[String]
+      EXTERNAL_REFERENCE_TYPE: ::Array[String]
+      FIELD: ::Array[String]
+      HASH_ALG: ::Array[String]
+      IMPACT_ANALYSIS_JUSTIFICATION: ::Array[String]
+      IMPACT_ANALYSIS_STATE: ::Array[String]
+      IMPLEMENTATION_PLATFORM: ::Array[String]
+      ISSUE_TYPE: ::Array[String]
+      LEARNING_TYPE: ::Array[String]
+      LICENSE_ACKNOWLEDGEMENT: ::Array[String]
+      LICENSE_ID: ::Array[String]
+      LICENSE_TYPE: ::Array[String]
+      OUTPUT_TYPE: ::Array[String]
+      PADDING: ::Array[String]
+      PATCH_TYPE: ::Array[String]
+      PHASE: ::Array[String]
+      PRIMITIVE: ::Array[String]
+      PROTOCOL_TYPE: ::Array[String]
+      RELATED_CRYPTO_MATERIAL_STATE: ::Array[String]
+      RELATED_CRYPTO_MATERIAL_TYPE: ::Array[String]
+      RESPONSE: ::Array[String]
+      SCOPE: ::Array[String]
+      SCORE_METHOD: ::Array[String]
+      SEVERITY: ::Array[String]
+      SIGNATURE_ALGORITHM: ::Array[String]
+      SIGNATURE_KEY_TYPE: ::Array[String]
+      SIGNATURE_EC_CRV: ::Array[String]
+      SIGNATURE_OKP_CRV: ::Array[String]
+      TASK_TYPE: ::Array[String]
+      TECHNIQUE: ::Array[String]
+      TRIGGER_TYPE: ::Array[String]
+      VOLUME_MODE: ::Array[String]
+    end
+  end
+end