RubyGems - sbom-cyclonedx - Versions diffs - 0.1.0 → 0.2.0 - Mend

sbom-cyclonedx 0.1.0 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (368) hide show

checksums.yaml +4 -4
data/.gitignore +15 -0
data/.gitlab-ci.yml +49 -0
data/.rspec +3 -0
data/.rubocop.yml +72 -0
data/.vscode/settings.json +6 -0
data/CHANGELOG.md +9 -0
data/CODE_OF_CONDUCT.md +132 -0
data/Gemfile +26 -0
data/Gemfile.lock +179 -0
data/LICENSE.txt +21 -0
data/README.md +39 -0
data/Rakefile +36 -0
data/Steepfile +14 -0
data/bin/console +11 -0
data/bin/rbs_spec +9 -0
data/bin/setup +8 -0
data/bom-1.6.schema.json +7334 -0
data/lib/email_address_extension.rb +26 -0
data/lib/sbom/cyclone_dx/enum.rb +2178 -0
data/lib/sbom/cyclone_dx/field.rb +404 -0
data/lib/sbom/cyclone_dx/pattern.rb +43 -0
data/lib/sbom/cyclone_dx/record/advisory.rb +17 -0
data/lib/sbom/cyclone_dx/record/annotation.rb +46 -0
data/lib/sbom/cyclone_dx/record/attachment.rb +21 -0
data/lib/sbom/cyclone_dx/record/base.rb +244 -0
data/lib/sbom/cyclone_dx/record/cipher_suite.rb +23 -0
data/lib/sbom/cyclone_dx/record/co2_measure.rb +18 -0
data/lib/sbom/cyclone_dx/record/command.rb +18 -0
data/lib/sbom/cyclone_dx/record/commit.rb +25 -0
data/lib/sbom/cyclone_dx/record/component.rb +126 -0
data/lib/sbom/cyclone_dx/record/component_data.rb +46 -0
data/lib/sbom/cyclone_dx/record/component_evidence.rb +68 -0
data/lib/sbom/cyclone_dx/record/component_identity_evidence.rb +36 -0
data/lib/sbom/cyclone_dx/record/composition.rb +33 -0
data/lib/sbom/cyclone_dx/record/condition.rb +20 -0
data/lib/sbom/cyclone_dx/record/copyright.rb +16 -0
data/lib/sbom/cyclone_dx/record/crypto_properties.rb +137 -0
data/lib/sbom/cyclone_dx/record/data_governance.rb +21 -0
data/lib/sbom/cyclone_dx/record/data_governance_responsible_party.rb +22 -0
data/lib/sbom/cyclone_dx/record/declarations.rb +193 -0
data/lib/sbom/cyclone_dx/record/definitions.rb +17 -0
data/lib/sbom/cyclone_dx/record/dependency.rb +21 -0
data/lib/sbom/cyclone_dx/record/diff.rb +18 -0
data/lib/sbom/cyclone_dx/record/energy_consumption.rb +31 -0
data/lib/sbom/cyclone_dx/record/energy_measure.rb +18 -0
data/lib/sbom/cyclone_dx/record/energy_provider.rb +31 -0
data/lib/sbom/cyclone_dx/record/environmental_consideration.rb +20 -0
data/lib/sbom/cyclone_dx/record/event.rb +31 -0
data/lib/sbom/cyclone_dx/record/external_reference.rb +25 -0
data/lib/sbom/cyclone_dx/record/fairness_assessment.rb +22 -0
data/lib/sbom/cyclone_dx/record/formula.rb +29 -0
data/lib/sbom/cyclone_dx/record/graphic.rb +19 -0
data/lib/sbom/cyclone_dx/record/graphics_collection.rb +19 -0
data/lib/sbom/cyclone_dx/record/hash_data.rb +18 -0
data/lib/sbom/cyclone_dx/record/identifiable_action.rb +21 -0
data/lib/sbom/cyclone_dx/record/input.rb +34 -0
data/lib/sbom/cyclone_dx/record/input_output_ml_parameter.rb +17 -0
data/lib/sbom/cyclone_dx/record/issue.rb +36 -0
data/lib/sbom/cyclone_dx/record/license.rb +90 -0
data/lib/sbom/cyclone_dx/record/license_choice.rb +35 -0
data/lib/sbom/cyclone_dx/record/metadata.rb +55 -0
data/lib/sbom/cyclone_dx/record/model_card.rb +89 -0
data/lib/sbom/cyclone_dx/record/note.rb +20 -0
data/lib/sbom/cyclone_dx/record/organizational_contact.rb +26 -0
data/lib/sbom/cyclone_dx/record/organizational_entity.rb +28 -0
data/lib/sbom/cyclone_dx/record/output.rb +34 -0
data/lib/sbom/cyclone_dx/record/parameter.rb +20 -0
data/lib/sbom/cyclone_dx/record/patch.rb +23 -0
data/lib/sbom/cyclone_dx/record/performance_metric.rb +30 -0
data/lib/sbom/cyclone_dx/record/postal_address.rb +34 -0
data/lib/sbom/cyclone_dx/record/property.rb +18 -0
data/lib/sbom/cyclone_dx/record/rating.rb +27 -0
data/lib/sbom/cyclone_dx/record/release_notes.rb +44 -0
data/lib/sbom/cyclone_dx/record/resource_reference_choice.rb +22 -0
data/lib/sbom/cyclone_dx/record/risk.rb +18 -0
data/lib/sbom/cyclone_dx/record/root.rb +63 -0
data/lib/sbom/cyclone_dx/record/secured_by.rb +20 -0
data/lib/sbom/cyclone_dx/record/service.rb +54 -0
data/lib/sbom/cyclone_dx/record/service_data.rb +32 -0
data/lib/sbom/cyclone_dx/record/signature.rb +85 -0
data/lib/sbom/cyclone_dx/record/standard.rb +72 -0
data/lib/sbom/cyclone_dx/record/step.rb +24 -0
data/lib/sbom/cyclone_dx/record/swid.rb +29 -0
data/lib/sbom/cyclone_dx/record/task.rb +56 -0
data/lib/sbom/cyclone_dx/record/tools.rb +20 -0
data/lib/sbom/cyclone_dx/record/trigger.rb +48 -0
data/lib/sbom/cyclone_dx/record/version.rb +24 -0
data/lib/sbom/cyclone_dx/record/volume.rb +33 -0
data/lib/sbom/cyclone_dx/record/vulnerability.rb +119 -0
data/lib/sbom/cyclone_dx/record/vulnerability_source.rb +20 -0
data/lib/sbom/cyclone_dx/record/workflow.rb +59 -0
data/lib/sbom/cyclone_dx/record/workspace.rb +45 -0
data/lib/sbom/cyclone_dx/record.rb +12 -0
data/lib/sbom/cyclone_dx/validator/array_validator.rb +66 -0
data/lib/sbom/cyclone_dx/validator/base_validator.rb +43 -0
data/lib/sbom/cyclone_dx/validator/boolean_validator.rb +16 -0
data/lib/sbom/cyclone_dx/validator/date_time_validator.rb +29 -0
data/lib/sbom/cyclone_dx/validator/email_address_validator.rb +31 -0
data/lib/sbom/cyclone_dx/validator/float_validator.rb +30 -0
data/lib/sbom/cyclone_dx/validator/integer_validator.rb +30 -0
data/lib/sbom/cyclone_dx/validator/record_validator.rb +26 -0
data/lib/sbom/cyclone_dx/validator/string_validator.rb +33 -0
data/lib/sbom/cyclone_dx/validator/union_validator.rb +39 -0
data/lib/sbom/cyclone_dx/validator/uri_validator.rb +32 -0
data/lib/sbom/cyclone_dx/validator.rb +32 -0
data/lib/sbom/cyclone_dx/version.rb +7 -0
data/lib/sbom/cyclone_dx.rb +39 -0
data/rbs_collection.lock.yaml +288 -0
data/rbs_collection.yaml +31 -0
data/sbom-cyclone_dx.gemspec +32 -0
data/sig/email_address_extension.rbs +14 -0
data/sig/sbom/cyclone_dx/enum.rbs +93 -0
data/sig/sbom/cyclone_dx/field.rbs +434 -0
data/sig/sbom/cyclone_dx/pattern.rbs +24 -0
data/sig/sbom/cyclone_dx/record/advisory.rbs +19 -0
data/sig/sbom/cyclone_dx/record/annotation.rbs +63 -0
data/sig/sbom/cyclone_dx/record/attachment.rbs +24 -0
data/sig/sbom/cyclone_dx/record/base.rbs +62 -0
data/sig/sbom/cyclone_dx/record/cipher_suite.rbs +24 -0
data/sig/sbom/cyclone_dx/record/co2_measure.rbs +14 -0
data/sig/sbom/cyclone_dx/record/command.rbs +19 -0
data/sig/sbom/cyclone_dx/record/commit.rbs +34 -0
data/sig/sbom/cyclone_dx/record/component.rbs +203 -0
data/sig/sbom/cyclone_dx/record/component_data.rbs +73 -0
data/sig/sbom/cyclone_dx/record/component_evidence.rbs +115 -0
data/sig/sbom/cyclone_dx/record/component_identity_evidence.rbs +53 -0
data/sig/sbom/cyclone_dx/record/composition.rbs +39 -0
data/sig/sbom/cyclone_dx/record/condition.rbs +24 -0
data/sig/sbom/cyclone_dx/record/copyright.rbs +14 -0
data/sig/sbom/cyclone_dx/record/crypto_properties.rbs +268 -0
data/sig/sbom/cyclone_dx/record/data_governance.rbs +24 -0
data/sig/sbom/cyclone_dx/record/data_governance_responsible_party.rbs +19 -0
data/sig/sbom/cyclone_dx/record/declarations.rbs +352 -0
data/sig/sbom/cyclone_dx/record/definitions.rbs +14 -0
data/sig/sbom/cyclone_dx/record/dependency.rbs +24 -0
data/sig/sbom/cyclone_dx/record/diff.rbs +19 -0
data/sig/sbom/cyclone_dx/record/energy_consumption.rbs +39 -0
data/sig/sbom/cyclone_dx/record/energy_measure.rbs +14 -0
data/sig/sbom/cyclone_dx/record/energy_provider.rbs +39 -0
data/sig/sbom/cyclone_dx/record/environmental_consideration.rbs +19 -0
data/sig/sbom/cyclone_dx/record/event.rbs +44 -0
data/sig/sbom/cyclone_dx/record/external_reference.rbs +29 -0
data/sig/sbom/cyclone_dx/record/fairness_assessment.rbs +29 -0
data/sig/sbom/cyclone_dx/record/formula.rbs +34 -0
data/sig/sbom/cyclone_dx/record/graphic.rbs +19 -0
data/sig/sbom/cyclone_dx/record/graphics_collection.rbs +19 -0
data/sig/sbom/cyclone_dx/record/hash_data.rbs +19 -0
data/sig/sbom/cyclone_dx/record/identifiable_action.rbs +24 -0
data/sig/sbom/cyclone_dx/record/input.rbs +44 -0
data/sig/sbom/cyclone_dx/record/input_output_ml_parameter.rbs +14 -0
data/sig/sbom/cyclone_dx/record/issue.rbs +53 -0
data/sig/sbom/cyclone_dx/record/license.rbs +134 -0
data/sig/sbom/cyclone_dx/record/license_choice.rbs +39 -0
data/sig/sbom/cyclone_dx/record/metadata.rbs +82 -0
data/sig/sbom/cyclone_dx/record/model_card.rbs +143 -0
data/sig/sbom/cyclone_dx/record/note.rbs +19 -0
data/sig/sbom/cyclone_dx/record/organizational_contact.rbs +29 -0
data/sig/sbom/cyclone_dx/record/organizational_entity.rbs +34 -0
data/sig/sbom/cyclone_dx/record/output.rbs +44 -0
data/sig/sbom/cyclone_dx/record/parameter.rbs +24 -0
data/sig/sbom/cyclone_dx/record/patch.rbs +24 -0
data/sig/sbom/cyclone_dx/record/performance_metric.rbs +43 -0
data/sig/sbom/cyclone_dx/record/postal_address.rbs +44 -0
data/sig/sbom/cyclone_dx/record/property.rbs +19 -0
data/sig/sbom/cyclone_dx/record/rating.rbs +39 -0
data/sig/sbom/cyclone_dx/record/release_notes.rbs +64 -0
data/sig/sbom/cyclone_dx/record/resource_reference_choice.rbs +19 -0
data/sig/sbom/cyclone_dx/record/risk.rbs +19 -0
data/sig/sbom/cyclone_dx/record/root.rbs +84 -0
data/sig/sbom/cyclone_dx/record/secured_by.rbs +19 -0
data/sig/sbom/cyclone_dx/record/service.rbs +99 -0
data/sig/sbom/cyclone_dx/record/service_data.rbs +44 -0
data/sig/sbom/cyclone_dx/record/signature.rbs +130 -0
data/sig/sbom/cyclone_dx/record/standard.rbs +132 -0
data/sig/sbom/cyclone_dx/record/step.rbs +29 -0
data/sig/sbom/cyclone_dx/record/swid.rbs +44 -0
data/sig/sbom/cyclone_dx/record/task.rbs +84 -0
data/sig/sbom/cyclone_dx/record/tools.rbs +19 -0
data/sig/sbom/cyclone_dx/record/trigger.rbs +69 -0
data/sig/sbom/cyclone_dx/record/version.rbs +24 -0
data/sig/sbom/cyclone_dx/record/volume.rbs +49 -0
data/sig/sbom/cyclone_dx/record/vulnerability.rbs +209 -0
data/sig/sbom/cyclone_dx/record/vulnerability_source.rbs +19 -0
data/sig/sbom/cyclone_dx/record/workflow.rbs +94 -0
data/sig/sbom/cyclone_dx/record/workspace.rbs +69 -0
data/sig/sbom/cyclone_dx/record.rbs +161 -0
data/sig/sbom/cyclone_dx/type.rbs +16 -0
data/sig/sbom/cyclone_dx/validator/array_validator.rbs +31 -0
data/sig/sbom/cyclone_dx/validator/base_validator.rbs +21 -0
data/sig/sbom/cyclone_dx/validator/boolean_validator.rbs +9 -0
data/sig/sbom/cyclone_dx/validator/date_time_validator.rbs +10 -0
data/sig/sbom/cyclone_dx/validator/email_address_validator.rbs +10 -0
data/sig/sbom/cyclone_dx/validator/float_validator.rbs +12 -0
data/sig/sbom/cyclone_dx/validator/integer_validator.rbs +12 -0
data/sig/sbom/cyclone_dx/validator/record_validator.rbs +12 -0
data/sig/sbom/cyclone_dx/validator/string_validator.rbs +14 -0
data/sig/sbom/cyclone_dx/validator/union_validator.rbs +24 -0
data/sig/sbom/cyclone_dx/validator/uri_validator.rbs +10 -0
data/sig/sbom/cyclone_dx/validator.rbs +66 -0
data/sig/sbom/cyclone_dx.rbs +13 -0
data/sig/types.rbs +45 -0
data/spec/email_address_extension_spec.rb +27 -0
data/spec/factories/factory_helper.rb +78 -0
data/spec/factories/record/advisory_factory.rb +11 -0
data/spec/factories/record/annotation_factory.rb +63 -0
data/spec/factories/record/attachment_factory.rb +9 -0
data/spec/factories/record/cipher_suite_factory.rb +26 -0
data/spec/factories/record/co2_measure_factory.rb +9 -0
data/spec/factories/record/command_factory.rb +10 -0
data/spec/factories/record/commit_factory.rb +13 -0
data/spec/factories/record/component_data_factory.rb +28 -0
data/spec/factories/record/component_evidence_factory.rb +44 -0
data/spec/factories/record/component_factory.rb +102 -0
data/spec/factories/record/component_identity_evidence_factory.rb +25 -0
data/spec/factories/record/composition_factory.rb +20 -0
data/spec/factories/record/condition_factory.rb +11 -0
data/spec/factories/record/copyright_factory.rb +9 -0
data/spec/factories/record/crypto_properties_factory.rb +191 -0
data/spec/factories/record/data_governance_factory.rb +11 -0
data/spec/factories/record/data_governance_responsible_party_factory.rb +31 -0
data/spec/factories/record/declarations_factory.rb +145 -0
data/spec/factories/record/definitions_factory.rb +9 -0
data/spec/factories/record/dependency_factory.rb +12 -0
data/spec/factories/record/diff_factory.rb +24 -0
data/spec/factories/record/energy_consumption_factory.rb +15 -0
data/spec/factories/record/energy_measure_factory.rb +9 -0
data/spec/factories/record/energy_provider_factory.rb +15 -0
data/spec/factories/record/environmental_consideration_factory.rb +10 -0
data/spec/factories/record/event_factory.rb +15 -0
data/spec/factories/record/external_reference_factory.rb +13 -0
data/spec/factories/record/fairness_assessment_factory.rb +12 -0
data/spec/factories/record/formula_factory.rb +13 -0
data/spec/factories/record/graphic_factory.rb +10 -0
data/spec/factories/record/graphics_collection_factory.rb +10 -0
data/spec/factories/record/hash_data_factory.rb +10 -0
data/spec/factories/record/identifiable_action_factory.rb +11 -0
data/spec/factories/record/input_factory.rb +36 -0
data/spec/factories/record/input_output_ml_parameter_factory.rb +9 -0
data/spec/factories/record/issue_factory.rb +22 -0
data/spec/factories/record/license_choice_factory.rb +23 -0
data/spec/factories/record/license_factory.rb +99 -0
data/spec/factories/record/metadata_factory.rb +38 -0
data/spec/factories/record/model_card_factory.rb +59 -0
data/spec/factories/record/note_factory.rb +11 -0
data/spec/factories/record/organizational_contact_factory.rb +12 -0
data/spec/factories/record/organizational_entity_factory.rb +13 -0
data/spec/factories/record/output_factory.rb +32 -0
data/spec/factories/record/parameter_factory.rb +11 -0
data/spec/factories/record/patch_factory.rb +12 -0
data/spec/factories/record/performance_metric_factory.rb +20 -0
data/spec/factories/record/postal_address_factory.rb +14 -0
data/spec/factories/record/property_factory.rb +11 -0
data/spec/factories/record/rating_factory.rb +14 -0
data/spec/factories/record/release_notes_factory.rb +20 -0
data/spec/factories/record/resource_reference_choice_factory.rb +27 -0
data/spec/factories/record/risk_factory.rb +10 -0
data/spec/factories/record/root_factory.rb +23 -0
data/spec/factories/record/secured_by_factory.rb +10 -0
data/spec/factories/record/service_data_factory.rb +16 -0
data/spec/factories/record/service_factory.rb +27 -0
data/spec/factories/record/signature_factory.rb +50 -0
data/spec/factories/record/standard_factory.rb +37 -0
data/spec/factories/record/step_factory.rb +12 -0
data/spec/factories/record/swid_factory.rb +16 -0
data/spec/factories/record/task_factory.rb +24 -0
data/spec/factories/record/tools_factory.rb +10 -0
data/spec/factories/record/trigger_factory.rb +21 -0
data/spec/factories/record/version_factory.rb +19 -0
data/spec/factories/record/volume_factory.rb +16 -0
data/spec/factories/record/vulnerability_factory.rb +70 -0
data/spec/factories/record/vulnerability_source_factory.rb +10 -0
data/spec/factories/record/workflow_factory.rb +26 -0
data/spec/factories/record/workspace_factory.rb +21 -0
data/spec/factories/record_factory.rb +159 -0
data/spec/fixtures/cipher_info.yml +948 -0
data/spec/fixtures/purl_data.yml +0 -0
data/spec/sbom/cyclone_dx/enum_spec.rb +30 -0
data/spec/sbom/cyclone_dx/field_spec.rb +104 -0
data/spec/sbom/cyclone_dx/pattern_spec.rb +18 -0
data/spec/sbom/cyclone_dx/record/advisory_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/annotation_spec.rb +31 -0
data/spec/sbom/cyclone_dx/record/attachment_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/base_spec.rb +363 -0
data/spec/sbom/cyclone_dx/record/cipher_suite_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/co2_measure_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/command_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/commit_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/component_data_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/component_evidence_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/component_identity_evidence_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/component_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/composition_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/condition_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/copyright_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/crypto_properties_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/data_governance_responsible_party_spec.rb +19 -0
data/spec/sbom/cyclone_dx/record/data_governance_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/declarations_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/definitions_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/dependency_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/diff_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/energy_consumption_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/energy_measure_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/energy_provider_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/environmental_consideration_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/event_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/external_reference_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/fairness_assessment_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/formula_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/graphic_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/graphics_collection_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/hash_data_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/identifiable_action_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/input_output_ml_parameter_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/input_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/issue_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/license_choice_spec.rb +26 -0
data/spec/sbom/cyclone_dx/record/license_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/metadata_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/model_card_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/note_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/organizational_contact_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/organizational_entity_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/output_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/parameter_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/patch_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/performance_metric_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/postal_address_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/property_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/rating_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/release_notes_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/resource_reference_choice_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/risk_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/root_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/secured_by_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/service_data_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/service_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/signature_spec.rb +26 -0
data/spec/sbom/cyclone_dx/record/standard_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/step_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/swid_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/task_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/tools_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/trigger_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/version_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/volume_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/vulnerability_source_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/vulnerability_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/workflow_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/workspace_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record_spec.rb +7 -0
data/spec/sbom/cyclone_dx/validator/array_validator_spec.rb +184 -0
data/spec/sbom/cyclone_dx/validator/base_validator_spec.rb +71 -0
data/spec/sbom/cyclone_dx/validator/boolean_validator_spec.rb +26 -0
data/spec/sbom/cyclone_dx/validator/date_time_validator_spec.rb +28 -0
data/spec/sbom/cyclone_dx/validator/email_address_validator_spec.rb +23 -0
data/spec/sbom/cyclone_dx/validator/float_validator_spec.rb +71 -0
data/spec/sbom/cyclone_dx/validator/integer_validator_spec.rb +71 -0
data/spec/sbom/cyclone_dx/validator/record_validator_spec.rb +35 -0
data/spec/sbom/cyclone_dx/validator/string_validator_spec.rb +94 -0
data/spec/sbom/cyclone_dx/validator/union_validator_spec.rb +65 -0
data/spec/sbom/cyclone_dx/validator/uri_validator_spec.rb +21 -0
data/spec/sbom/cyclone_dx/validator_spec.rb +38 -0
data/spec/sbom/cyclone_dx/version_spec.rb +9 -0
data/spec/sbom/cyclone_dx_spec.rb +7 -0
data/spec/spec_helper.rb +39 -0
metadata +377 -6

data/spec/factories/record/service_factory.rb ADDED Viewed

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+FactoryBot.define do
+  factory :service, parent: :record, class: "SBOM::CycloneDX::Record::Service" do
+    name { Faker::App.name }
+    trait :all_fields do
+      bom_ref { generate(:ref_link) }
+      provider { association :organizational_entity }
+      group { Faker::Lorem.word }
+      version { Faker::App.semantic_version }
+      description { Faker::Lorem.sentence }
+      endpoints { Array.new(rand(0..3)) { generate(:url) } }
+      authenticated { Faker::Boolean.boolean }
+      x_trust_boundary { Faker::Boolean.boolean }
+      trust_zone { Faker::Lorem.word }
+      data { association_list(:service_data) }
+      licenses { license_choice_list }
+      external_references { association_list(:external_reference) }
+      services { association_list(:service) }
+      release_notes { association :release_notes }
+      properties { association_list(:property) }
+      tags { Array.new(rand(0..3)) { Faker::Lorem.word } }
+      signature { generate_signature }
+    end
+  end
+end

data/spec/factories/record/signature_factory.rb ADDED Viewed

@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+FactoryBot.define do
+  # This will almost not pass cursory validation, but is good enough for these specs
+  factory :jsf_signature, parent: :record, class: "SBOM::CycloneDX::Record::Signature::JSFSignature" do
+    algorithm { SBOM::CycloneDX::Enum::SIGNATURE_ALGORITHM.sample }
+    value { Base64.encode64(SecureRandom.bytes(64)) }
+    trait :all_fields do
+      key_id { SecureRandom.uuid }
+      public_key { generate_association(%i[ec okp rsa]) }
+      certificate_path { Array.new(rand(1..3)) { Base64.encode64(SecureRandom.bytes(534)) } }
+      excludes { Faker::Lorem.words(number: rand(1..3)).map(&:downcase) }
+    end
+  end
+  factory :signature_chain, parent: :record, class: "SBOM::CycloneDX::Record::Signature::SignatureChain" do
+    trait :all_fields do
+      signatures { association_list(:jsf_signature) }
+    end
+  end
+  factory :signer_list, parent: :record, class: "SBOM::CycloneDX::Record::Signature::SignerList" do
+    trait :all_fields do
+      signers { association_list(:jsf_signature) }
+    end
+  end
+  factory :ec, parent: :record, class: "SBOM::CycloneDX::Record::Signature::JSFSignature::PublicKey::EC" do
+    crv { SBOM::CycloneDX::Enum::SIGNATURE_EC_CRV.sample }
+    x { Base64.encode64(SecureRandom.bytes(32)) }
+    y { Base64.encode64(SecureRandom.bytes(32)) }
+    trait :all_fields
+  end
+  factory :okp, parent: :record, class: "SBOM::CycloneDX::Record::Signature::JSFSignature::PublicKey::OKP" do
+    crv { SBOM::CycloneDX::Enum::SIGNATURE_OKP_CRV.sample }
+    x { Base64.encode64(SecureRandom.bytes(32)) }
+    trait :all_fields
+  end
+  factory :rsa, parent: :record, class: "SBOM::CycloneDX::Record::Signature::JSFSignature::PublicKey::RSA" do
+    n { Base64.encode64(rand(1..4096).to_s) }
+    e { Base64.encode64(rand(1..4096).to_s) }
+    trait :all_fields
+  end
+end

data/spec/factories/record/standard_factory.rb ADDED Viewed

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+FactoryBot.define do
+  factory :standard, parent: :record, class: "SBOM::CycloneDX::Record::Standard" do
+    trait :all_fields do
+      bom_ref { generate(:ref_link) }
+      name { Faker::Lorem.word }
+      version { Faker::App.semantic_version }
+      description { Faker::Lorem.sentence }
+      owner { Faker::Company.name }
+      requirements { association_list(:requirement) }
+      levels { association_list(:level) }
+      external_references { association_list(:external_reference) }
+      signature { generate_signature }
+    end
+  end
+  factory :level, parent: :record, class: "SBOM::CycloneDX::Record::Standard::Level" do
+    bom_ref { generate(:ref_link) }
+    identifier { Faker::Lorem.word }
+    title { Faker::Lorem.word }
+    description { Faker::Lorem.sentence }
+    requirements { Array.new(rand(0..2)) { generate(:ref_link) } }
+  end
+  factory :requirement, parent: :record, class: "SBOM::CycloneDX::Record::Standard::Requirement" do
+    bom_ref { generate(:ref_link) }
+    identifier { Faker::Lorem.word }
+    title { Faker::Lorem.word }
+    text { Faker::Lorem.paragraph }
+    descriptions { Array.new(rand(0..2)) { Faker::Lorem.sentence } }
+    open_cre { Array.new(rand(0..3)) { generate(:open_cre) } }
+    parent { generate(:ref_link) }
+    properties { association_list(:property) }
+    external_references { association_list(:external_reference) }
+  end
+end

data/spec/factories/record/step_factory.rb ADDED Viewed

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+FactoryBot.define do
+  factory :step, parent: :record, class: "SBOM::CycloneDX::Record::Step" do
+    trait :all_fields do
+      name { Faker::Lorem.word }
+      description { Faker::Lorem.sentence }
+      commands { association_list(:command) }
+      properties { association_list(:property) }
+    end
+  end
+end

data/spec/factories/record/swid_factory.rb ADDED Viewed

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+FactoryBot.define do
+  factory :swid, parent: :record, class: "SBOM::CycloneDX::Record::SWID" do
+    tag_id { "tag_id" }
+    name { "name" }
+    trait :all_fields do
+      version { Faker::App.semantic_version }
+      tag_version { rand(0..100) }
+      patch { Faker::Boolean.boolean }
+      text { association(:attachment) }
+      url { generate(:url) }
+    end
+  end
+end

data/spec/factories/record/task_factory.rb ADDED Viewed

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+FactoryBot.define do
+  factory :task, parent: :record, class: "SBOM::CycloneDX::Record::Task" do
+    bom_ref { generate(:ref_link) }
+    uid { Faker::Lorem.characters(number: 16) }
+    trait :all_fields do
+      name { Faker::Lorem.word }
+      description { Faker::Lorem.sentence }
+      resource_references { association_list(:resource_reference_choice) }
+      task_types { SBOM::CycloneDX::Enum::TASK_TYPE.sample(rand(1..3)) }
+      trigger { association(:trigger) }
+      steps { association_list(:step) }
+      inputs { association_list(:input) }
+      outputs { association_list(:output) }
+      time_start { Faker::Time.backward(days: 367) }
+      time_end { time_start + rand(1..100).hours }
+      workspaces { association_list(:workspace) }
+      runtime_topology { association_list(:dependency) }
+      properties { association_list(:property) }
+    end
+  end
+end

data/spec/factories/record/tools_factory.rb ADDED Viewed

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+FactoryBot.define do
+  factory :tools, parent: :record, class: "SBOM::CycloneDX::Record::Tools" do
+    trait :all_fields do
+      components { association_list(:component) }
+      services { association_list(:service) }
+    end
+  end
+end

data/spec/factories/record/trigger_factory.rb ADDED Viewed

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+FactoryBot.define do
+  factory :trigger, parent: :record, class: "SBOM::CycloneDX::Record::Trigger" do
+    bom_ref { generate(:ref_link) }
+    uid { Faker::Lorem.characters(number: 16) }
+    type { SBOM::CycloneDX::Enum::TRIGGER_TYPE.sample }
+    trait :all_fields do
+      name { Faker::Lorem.word }
+      description { Faker::Lorem.sentence }
+      resource_references { association_list(:resource_reference_choice) }
+      event { association(:event) }
+      conditions { association_list(:condition) }
+      time_activated { Faker::Time.backward(days: 367) }
+      inputs { association_list(:input) }
+      outputs { association_list(:output) }
+      properties { association_list(:property) }
+    end
+  end
+end

data/spec/factories/record/version_factory.rb ADDED Viewed

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+FactoryBot.define do
+  factory :version, parent: :record, class: "SBOM::CycloneDX::Record::Version" do
+    transient do
+      version_type { %i[fixed range].sample }
+    end
+    trait(:fixed) { version_type { :fixed } }
+    trait(:range) { version_type { :range } }
+    version { Faker::App.semantic_version if version_type == :fixed }
+    range { ">=#{Faker::App.semantic_version}" if version_type == :range }
+    trait :all_fields do
+      status { SBOM::CycloneDX::Enum::AFFECTED_STATUS.sample }
+    end
+  end
+end

data/spec/factories/record/volume_factory.rb ADDED Viewed

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+FactoryBot.define do
+  factory :volume, parent: :record, class: "SBOM::CycloneDX::Record::Volume" do
+    trait :all_fields do
+      uid { Faker::Lorem.characters(number: 16) }
+      name { Faker::Lorem.word }
+      mode { SBOM::CycloneDX::Enum::VOLUME_MODE.sample }
+      path { Faker::File.dir }
+      size_allocated { "#{rand(0..1023)}#{["", "K", "M", "G", "T", "P"].sample}B" }
+      persistent { Faker::Boolean.boolean }
+      remote { Faker::Boolean.boolean }
+      properties { association_list(:property) }
+    end
+  end
+end

data/spec/factories/record/vulnerability_factory.rb ADDED Viewed

@@ -0,0 +1,70 @@
+# frozen_string_literal: true
+FactoryBot.define do
+  factory :vulnerability, parent: :record, class: "SBOM::CycloneDX::Record::Vulnerability" do
+    trait :all_fields do
+      bom_ref { generate(:ref_link) }
+      id { "CVE-#{rand(2015..2024)}-#{rand(100_000..999_999)}" }
+      source { association(:vulnerability_source) }
+      references { association_list(:reference) }
+      ratings { association_list(:rating) }
+      cwes { Array.new(rand(1..3)) { rand(1..999) } }
+      description { Faker::Lorem.sentence }
+      detail { Faker::Lorem.paragraph }
+      recommendation { Faker::Lorem.sentence }
+      workaround { Faker::Lorem.sentence }
+      proof_of_concept { association(:proof_of_concept) }
+      advisories { association_list(:advisory) }
+      created { Faker::Time.backward(days: 367) }
+      published { created + rand(1..7).days }
+      updated { published + rand(1..30).days }
+      rejected { updated + rand(1..30).days }
+      credits { association(:credits) }
+      tools { association(:tools) }
+      analysis { association(:analysis) }
+      affects { association_list(:affects) }
+      properties { association_list(:property) }
+    end
+  end
+  factory :analysis, parent: :record, class: "SBOM::CycloneDX::Record::Vulnerability::Analysis" do
+    trait :all_fields do
+      state { SBOM::CycloneDX::Enum::IMPACT_ANALYSIS_STATE.sample }
+      justification { SBOM::CycloneDX::Enum::IMPACT_ANALYSIS_JUSTIFICATION.sample }
+      response { SBOM::CycloneDX::Enum::RESPONSE.sample(rand(1..3)) }
+      detail { Faker::Lorem.paragraph }
+      first_issued { Faker::Time.backward(days: 367) }
+      last_updated { first_issued + rand(1..30).days }
+    end
+  end
+  factory :affects, parent: :record, class: "SBOM::CycloneDX::Record::Vulnerability::Affects" do
+    ref { generate(:ref_or_cdx_urn) }
+    trait :all_fields do
+      versions { association_list(:version) }
+    end
+  end
+  factory :credits, parent: :record, class: "SBOM::CycloneDX::Record::Vulnerability::Credits" do
+    trait :all_fields do
+      organizations { association_list(:organizational_entity) }
+      individuals { association_list(:organizational_contact) }
+    end
+  end
+  factory :proof_of_concept, parent: :record, class: "SBOM::CycloneDX::Record::Vulnerability::ProofOfConcept" do
+    trait :all_fields do
+      reproduction_steps { Faker::Lorem.paragraph }
+      environment { Faker::Lorem.word }
+      supporting_material { association_list(:attachment) }
+    end
+  end
+  factory :reference, parent: :record, class: "SBOM::CycloneDX::Record::Vulnerability::Reference" do
+    id { "CVE-#{rand(2015..2024)}-#{rand(100_000..999_999)}" }
+    source { association(:vulnerability_source) }
+    trait :all_fields
+  end
+end

data/spec/factories/record/vulnerability_source_factory.rb ADDED Viewed

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+FactoryBot.define do
+  factory :vulnerability_source, parent: :record, class: "SBOM::CycloneDX::Record::VulnerabilitySource" do
+    trait :all_fields do
+      url { generate(:url).to_s }
+      name { Faker::Lorem.word }
+    end
+  end
+end

data/spec/factories/record/workflow_factory.rb ADDED Viewed

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+FactoryBot.define do
+  factory :workflow, parent: :record, class: "SBOM::CycloneDX::Record::Workflow" do
+    bom_ref { generate(:ref_link) }
+    uid { SecureRandom.uuid }
+    trait :all_fields do
+      name { Faker::Lorem.word }
+      description { Faker::Lorem.sentence }
+      resource_references { association_list(:resource_reference_choice) }
+      tasks { association_list(:task) }
+      task_dependencies { association_list(:dependency) }
+      task_types { SBOM::CycloneDX::Enum::TASK_TYPE.sample(rand(1..3)) }
+      trigger { association(:trigger) }
+      steps { association_list(:step) }
+      inputs { association_list(:input) }
+      outputs { association_list(:output) }
+      time_start { Faker::Time.backward(days: 367) }
+      time_end { time_start + rand(1..100).hours }
+      workspaces { association_list(:workspace) }
+      runtime_topology { association_list(:dependency) }
+      properties { association_list(:property) }
+    end
+  end
+end

data/spec/factories/record/workspace_factory.rb ADDED Viewed

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+FactoryBot.define do
+  factory :workspace, parent: :record, class: "SBOM::CycloneDX::Record::Workspace" do
+    bom_ref { generate(:ref_link) }
+    uid { Faker::Lorem.characters(number: 16) }
+    trait :all_fields do
+      name { Faker::Lorem.word }
+      aliases { Faker::Lorem.words(number: rand(1..3)) }
+      description { Faker::Lorem.sentence }
+      resource_references { association_list(:resource_reference_choice) }
+      access_mode { SBOM::CycloneDX::Enum::ACCESS_MODE.sample }
+      mount_path { Faker::File.dir }
+      managed_data_type { Faker::Lorem.word }
+      volume_request { Faker::Lorem.word }
+      volume { association(:volume) }
+      properties { association_list(:property) }
+    end
+  end
+end

data/spec/factories/record_factory.rb ADDED Viewed

@@ -0,0 +1,159 @@
+# frozen_string_literal: true
+require "faker"
+require "i18n"
+require "sbom/cyclone_dx"
+require "sbom/cyclone_dx/record"
+module SBOM
+  module CycloneDX
+    module Record
+      module MockRecord
+        # Schema name: Basic
+        class Basic < Base
+          prop :string_value, :string
+        end
+        # Schema name: AllTypes
+        class AllTypes < Base
+          prop :string_value, :string
+          prop :integer_value, :integer
+          prop :float_value, :float
+          prop :boolean_value, :boolean
+          prop :basic_record_value, Basic
+          prop :array_value, :array, items: :string
+          prop :datetime_value, :date_time
+          prop :uri_value, :uri
+          prop :union_value, :union, of: %i[string integer]
+          prop :email_address_value, :email_address
+        end
+        # Schema name: RequiredMembers
+        class RequiredMembers < Base
+          prop :always_required, :string, required: true
+          prop :any_required_a, :string
+          prop :any_required_b, :string
+          prop :one_required_a, :string
+          prop :one_required_b, :string
+          prop :impl_required_a, :string
+          prop :impl_required_b, :string
+          prop :optional, :string
+          validate :any_required_a, :any_required_b, presence: :any
+          validate :one_required_a, :one_required_b, presence: :one
+          validate(:impl_required_a, :impl_required_b) { |a, b| a.nil? || b.present? }
+        end
+      end
+    end
+  end
+end
+FactoryBot.define do
+  factory :record, class: "SBOM::CycloneDX::Record" do
+    initialize_with { new(**attributes) }
+    factory :mock_record, class: "SBOM::CycloneDX::Record" do
+      trait :string_value do
+        string_value { Faker::Lorem.sentence }
+      end
+      trait :integer_value do
+        integer_value { rand(1..100) }
+      end
+      trait :float_value do
+        float_value { rand(1..100) + rand(0.01..0.99) }
+      end
+      trait :boolean_value do
+        boolean_value { [true, false].sample }
+      end
+      trait :basic_record_value do
+        basic_record_value { basic_record }
+      end
+      trait :array_value do
+        array_value { Faker::Lorem.words(number: 4) }
+      end
+      trait :datetime_value do
+        datetime_value { Faker::Time.between(from: DateTime.now - 2, to: DateTime.now) }
+      end
+      trait :uri_value do
+        uri_value { [URI.parse(Faker::Internet.url), Faker::Internet.url].sample }
+      end
+      trait :union_value do
+        union_value { [Faker::Marketing.buzzwords, rand(1..100)].sample }
+      end
+      trait :email_address_value do
+        email_address_value do
+          [EmailAddress::Address.new(Faker::Internet.email), Faker::Internet.email].sample
+        end
+      end
+      factory :basic_record, class: "SBOM::CycloneDX::Record::MockRecord::Basic", traits: [:string_value]
+      factory :all_types_record, class: "SBOM::CycloneDX::Record::MockRecord::AllTypes", traits: %i[
+        string_value
+        integer_value
+        float_value
+        boolean_value
+        basic_record_value
+        array_value
+        datetime_value
+        uri_value
+        union_value
+        email_address_value
+      ]
+      factory :required_members_record, class: "SBOM::CycloneDX::Record::MockRecord::RequiredMembers" do
+        trait :valid do
+          always_required { Faker::Lorem.word }
+          any_required_b { Faker::Lorem.word }
+          one_required_b { Faker::Lorem.word }
+        end
+        trait :missing_always_required do
+          any_required_b { Faker::Lorem.word }
+          one_required_b { Faker::Lorem.word }
+        end
+        trait :missing_any_required do
+          always_required { Faker::Lorem.word }
+          one_required_b { Faker::Lorem.word }
+        end
+        trait :missing_one_required do
+          always_required { Faker::Lorem.word }
+          any_required_b { Faker::Lorem.word }
+        end
+        trait :both_one_required do
+          always_required { Faker::Lorem.word }
+          any_required_b { Faker::Lorem.word }
+          one_required_a { Faker::Lorem.word }
+          one_required_b { Faker::Lorem.word }
+        end
+        trait :having_impl_required do
+          always_required { Faker::Lorem.word }
+          any_required_b { Faker::Lorem.word }
+          one_required_b { Faker::Lorem.word }
+          impl_required_a { Faker::Lorem.word }
+          impl_required_b { Faker::Lorem.word }
+        end
+        trait :having_impl_required_missing do
+          always_required { Faker::Lorem.word }
+          any_required_b { Faker::Lorem.word }
+          one_required_b { Faker::Lorem.word }
+          impl_required_a { Faker::Lorem.word }
+        end
+      end
+    end
+  end
+end