RubyGems - sbom-cyclonedx - Versions diffs - 0.1.0 → 0.2.0 - Mend

sbom-cyclonedx 0.1.0 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (368) hide show

checksums.yaml +4 -4
data/.gitignore +15 -0
data/.gitlab-ci.yml +49 -0
data/.rspec +3 -0
data/.rubocop.yml +72 -0
data/.vscode/settings.json +6 -0
data/CHANGELOG.md +9 -0
data/CODE_OF_CONDUCT.md +132 -0
data/Gemfile +26 -0
data/Gemfile.lock +179 -0
data/LICENSE.txt +21 -0
data/README.md +39 -0
data/Rakefile +36 -0
data/Steepfile +14 -0
data/bin/console +11 -0
data/bin/rbs_spec +9 -0
data/bin/setup +8 -0
data/bom-1.6.schema.json +7334 -0
data/lib/email_address_extension.rb +26 -0
data/lib/sbom/cyclone_dx/enum.rb +2178 -0
data/lib/sbom/cyclone_dx/field.rb +404 -0
data/lib/sbom/cyclone_dx/pattern.rb +43 -0
data/lib/sbom/cyclone_dx/record/advisory.rb +17 -0
data/lib/sbom/cyclone_dx/record/annotation.rb +46 -0
data/lib/sbom/cyclone_dx/record/attachment.rb +21 -0
data/lib/sbom/cyclone_dx/record/base.rb +244 -0
data/lib/sbom/cyclone_dx/record/cipher_suite.rb +23 -0
data/lib/sbom/cyclone_dx/record/co2_measure.rb +18 -0
data/lib/sbom/cyclone_dx/record/command.rb +18 -0
data/lib/sbom/cyclone_dx/record/commit.rb +25 -0
data/lib/sbom/cyclone_dx/record/component.rb +126 -0
data/lib/sbom/cyclone_dx/record/component_data.rb +46 -0
data/lib/sbom/cyclone_dx/record/component_evidence.rb +68 -0
data/lib/sbom/cyclone_dx/record/component_identity_evidence.rb +36 -0
data/lib/sbom/cyclone_dx/record/composition.rb +33 -0
data/lib/sbom/cyclone_dx/record/condition.rb +20 -0
data/lib/sbom/cyclone_dx/record/copyright.rb +16 -0
data/lib/sbom/cyclone_dx/record/crypto_properties.rb +137 -0
data/lib/sbom/cyclone_dx/record/data_governance.rb +21 -0
data/lib/sbom/cyclone_dx/record/data_governance_responsible_party.rb +22 -0
data/lib/sbom/cyclone_dx/record/declarations.rb +193 -0
data/lib/sbom/cyclone_dx/record/definitions.rb +17 -0
data/lib/sbom/cyclone_dx/record/dependency.rb +21 -0
data/lib/sbom/cyclone_dx/record/diff.rb +18 -0
data/lib/sbom/cyclone_dx/record/energy_consumption.rb +31 -0
data/lib/sbom/cyclone_dx/record/energy_measure.rb +18 -0
data/lib/sbom/cyclone_dx/record/energy_provider.rb +31 -0
data/lib/sbom/cyclone_dx/record/environmental_consideration.rb +20 -0
data/lib/sbom/cyclone_dx/record/event.rb +31 -0
data/lib/sbom/cyclone_dx/record/external_reference.rb +25 -0
data/lib/sbom/cyclone_dx/record/fairness_assessment.rb +22 -0
data/lib/sbom/cyclone_dx/record/formula.rb +29 -0
data/lib/sbom/cyclone_dx/record/graphic.rb +19 -0
data/lib/sbom/cyclone_dx/record/graphics_collection.rb +19 -0
data/lib/sbom/cyclone_dx/record/hash_data.rb +18 -0
data/lib/sbom/cyclone_dx/record/identifiable_action.rb +21 -0
data/lib/sbom/cyclone_dx/record/input.rb +34 -0
data/lib/sbom/cyclone_dx/record/input_output_ml_parameter.rb +17 -0
data/lib/sbom/cyclone_dx/record/issue.rb +36 -0
data/lib/sbom/cyclone_dx/record/license.rb +90 -0
data/lib/sbom/cyclone_dx/record/license_choice.rb +35 -0
data/lib/sbom/cyclone_dx/record/metadata.rb +55 -0
data/lib/sbom/cyclone_dx/record/model_card.rb +89 -0
data/lib/sbom/cyclone_dx/record/note.rb +20 -0
data/lib/sbom/cyclone_dx/record/organizational_contact.rb +26 -0
data/lib/sbom/cyclone_dx/record/organizational_entity.rb +28 -0
data/lib/sbom/cyclone_dx/record/output.rb +34 -0
data/lib/sbom/cyclone_dx/record/parameter.rb +20 -0
data/lib/sbom/cyclone_dx/record/patch.rb +23 -0
data/lib/sbom/cyclone_dx/record/performance_metric.rb +30 -0
data/lib/sbom/cyclone_dx/record/postal_address.rb +34 -0
data/lib/sbom/cyclone_dx/record/property.rb +18 -0
data/lib/sbom/cyclone_dx/record/rating.rb +27 -0
data/lib/sbom/cyclone_dx/record/release_notes.rb +44 -0
data/lib/sbom/cyclone_dx/record/resource_reference_choice.rb +22 -0
data/lib/sbom/cyclone_dx/record/risk.rb +18 -0
data/lib/sbom/cyclone_dx/record/root.rb +63 -0
data/lib/sbom/cyclone_dx/record/secured_by.rb +20 -0
data/lib/sbom/cyclone_dx/record/service.rb +54 -0
data/lib/sbom/cyclone_dx/record/service_data.rb +32 -0
data/lib/sbom/cyclone_dx/record/signature.rb +85 -0
data/lib/sbom/cyclone_dx/record/standard.rb +72 -0
data/lib/sbom/cyclone_dx/record/step.rb +24 -0
data/lib/sbom/cyclone_dx/record/swid.rb +29 -0
data/lib/sbom/cyclone_dx/record/task.rb +56 -0
data/lib/sbom/cyclone_dx/record/tools.rb +20 -0
data/lib/sbom/cyclone_dx/record/trigger.rb +48 -0
data/lib/sbom/cyclone_dx/record/version.rb +24 -0
data/lib/sbom/cyclone_dx/record/volume.rb +33 -0
data/lib/sbom/cyclone_dx/record/vulnerability.rb +119 -0
data/lib/sbom/cyclone_dx/record/vulnerability_source.rb +20 -0
data/lib/sbom/cyclone_dx/record/workflow.rb +59 -0
data/lib/sbom/cyclone_dx/record/workspace.rb +45 -0
data/lib/sbom/cyclone_dx/record.rb +12 -0
data/lib/sbom/cyclone_dx/validator/array_validator.rb +66 -0
data/lib/sbom/cyclone_dx/validator/base_validator.rb +43 -0
data/lib/sbom/cyclone_dx/validator/boolean_validator.rb +16 -0
data/lib/sbom/cyclone_dx/validator/date_time_validator.rb +29 -0
data/lib/sbom/cyclone_dx/validator/email_address_validator.rb +31 -0
data/lib/sbom/cyclone_dx/validator/float_validator.rb +30 -0
data/lib/sbom/cyclone_dx/validator/integer_validator.rb +30 -0
data/lib/sbom/cyclone_dx/validator/record_validator.rb +26 -0
data/lib/sbom/cyclone_dx/validator/string_validator.rb +33 -0
data/lib/sbom/cyclone_dx/validator/union_validator.rb +39 -0
data/lib/sbom/cyclone_dx/validator/uri_validator.rb +32 -0
data/lib/sbom/cyclone_dx/validator.rb +32 -0
data/lib/sbom/cyclone_dx/version.rb +7 -0
data/lib/sbom/cyclone_dx.rb +39 -0
data/rbs_collection.lock.yaml +288 -0
data/rbs_collection.yaml +31 -0
data/sbom-cyclone_dx.gemspec +32 -0
data/sig/email_address_extension.rbs +14 -0
data/sig/sbom/cyclone_dx/enum.rbs +93 -0
data/sig/sbom/cyclone_dx/field.rbs +434 -0
data/sig/sbom/cyclone_dx/pattern.rbs +24 -0
data/sig/sbom/cyclone_dx/record/advisory.rbs +19 -0
data/sig/sbom/cyclone_dx/record/annotation.rbs +63 -0
data/sig/sbom/cyclone_dx/record/attachment.rbs +24 -0
data/sig/sbom/cyclone_dx/record/base.rbs +62 -0
data/sig/sbom/cyclone_dx/record/cipher_suite.rbs +24 -0
data/sig/sbom/cyclone_dx/record/co2_measure.rbs +14 -0
data/sig/sbom/cyclone_dx/record/command.rbs +19 -0
data/sig/sbom/cyclone_dx/record/commit.rbs +34 -0
data/sig/sbom/cyclone_dx/record/component.rbs +203 -0
data/sig/sbom/cyclone_dx/record/component_data.rbs +73 -0
data/sig/sbom/cyclone_dx/record/component_evidence.rbs +115 -0
data/sig/sbom/cyclone_dx/record/component_identity_evidence.rbs +53 -0
data/sig/sbom/cyclone_dx/record/composition.rbs +39 -0
data/sig/sbom/cyclone_dx/record/condition.rbs +24 -0
data/sig/sbom/cyclone_dx/record/copyright.rbs +14 -0
data/sig/sbom/cyclone_dx/record/crypto_properties.rbs +268 -0
data/sig/sbom/cyclone_dx/record/data_governance.rbs +24 -0
data/sig/sbom/cyclone_dx/record/data_governance_responsible_party.rbs +19 -0
data/sig/sbom/cyclone_dx/record/declarations.rbs +352 -0
data/sig/sbom/cyclone_dx/record/definitions.rbs +14 -0
data/sig/sbom/cyclone_dx/record/dependency.rbs +24 -0
data/sig/sbom/cyclone_dx/record/diff.rbs +19 -0
data/sig/sbom/cyclone_dx/record/energy_consumption.rbs +39 -0
data/sig/sbom/cyclone_dx/record/energy_measure.rbs +14 -0
data/sig/sbom/cyclone_dx/record/energy_provider.rbs +39 -0
data/sig/sbom/cyclone_dx/record/environmental_consideration.rbs +19 -0
data/sig/sbom/cyclone_dx/record/event.rbs +44 -0
data/sig/sbom/cyclone_dx/record/external_reference.rbs +29 -0
data/sig/sbom/cyclone_dx/record/fairness_assessment.rbs +29 -0
data/sig/sbom/cyclone_dx/record/formula.rbs +34 -0
data/sig/sbom/cyclone_dx/record/graphic.rbs +19 -0
data/sig/sbom/cyclone_dx/record/graphics_collection.rbs +19 -0
data/sig/sbom/cyclone_dx/record/hash_data.rbs +19 -0
data/sig/sbom/cyclone_dx/record/identifiable_action.rbs +24 -0
data/sig/sbom/cyclone_dx/record/input.rbs +44 -0
data/sig/sbom/cyclone_dx/record/input_output_ml_parameter.rbs +14 -0
data/sig/sbom/cyclone_dx/record/issue.rbs +53 -0
data/sig/sbom/cyclone_dx/record/license.rbs +134 -0
data/sig/sbom/cyclone_dx/record/license_choice.rbs +39 -0
data/sig/sbom/cyclone_dx/record/metadata.rbs +82 -0
data/sig/sbom/cyclone_dx/record/model_card.rbs +143 -0
data/sig/sbom/cyclone_dx/record/note.rbs +19 -0
data/sig/sbom/cyclone_dx/record/organizational_contact.rbs +29 -0
data/sig/sbom/cyclone_dx/record/organizational_entity.rbs +34 -0
data/sig/sbom/cyclone_dx/record/output.rbs +44 -0
data/sig/sbom/cyclone_dx/record/parameter.rbs +24 -0
data/sig/sbom/cyclone_dx/record/patch.rbs +24 -0
data/sig/sbom/cyclone_dx/record/performance_metric.rbs +43 -0
data/sig/sbom/cyclone_dx/record/postal_address.rbs +44 -0
data/sig/sbom/cyclone_dx/record/property.rbs +19 -0
data/sig/sbom/cyclone_dx/record/rating.rbs +39 -0
data/sig/sbom/cyclone_dx/record/release_notes.rbs +64 -0
data/sig/sbom/cyclone_dx/record/resource_reference_choice.rbs +19 -0
data/sig/sbom/cyclone_dx/record/risk.rbs +19 -0
data/sig/sbom/cyclone_dx/record/root.rbs +84 -0
data/sig/sbom/cyclone_dx/record/secured_by.rbs +19 -0
data/sig/sbom/cyclone_dx/record/service.rbs +99 -0
data/sig/sbom/cyclone_dx/record/service_data.rbs +44 -0
data/sig/sbom/cyclone_dx/record/signature.rbs +130 -0
data/sig/sbom/cyclone_dx/record/standard.rbs +132 -0
data/sig/sbom/cyclone_dx/record/step.rbs +29 -0
data/sig/sbom/cyclone_dx/record/swid.rbs +44 -0
data/sig/sbom/cyclone_dx/record/task.rbs +84 -0
data/sig/sbom/cyclone_dx/record/tools.rbs +19 -0
data/sig/sbom/cyclone_dx/record/trigger.rbs +69 -0
data/sig/sbom/cyclone_dx/record/version.rbs +24 -0
data/sig/sbom/cyclone_dx/record/volume.rbs +49 -0
data/sig/sbom/cyclone_dx/record/vulnerability.rbs +209 -0
data/sig/sbom/cyclone_dx/record/vulnerability_source.rbs +19 -0
data/sig/sbom/cyclone_dx/record/workflow.rbs +94 -0
data/sig/sbom/cyclone_dx/record/workspace.rbs +69 -0
data/sig/sbom/cyclone_dx/record.rbs +161 -0
data/sig/sbom/cyclone_dx/type.rbs +16 -0
data/sig/sbom/cyclone_dx/validator/array_validator.rbs +31 -0
data/sig/sbom/cyclone_dx/validator/base_validator.rbs +21 -0
data/sig/sbom/cyclone_dx/validator/boolean_validator.rbs +9 -0
data/sig/sbom/cyclone_dx/validator/date_time_validator.rbs +10 -0
data/sig/sbom/cyclone_dx/validator/email_address_validator.rbs +10 -0
data/sig/sbom/cyclone_dx/validator/float_validator.rbs +12 -0
data/sig/sbom/cyclone_dx/validator/integer_validator.rbs +12 -0
data/sig/sbom/cyclone_dx/validator/record_validator.rbs +12 -0
data/sig/sbom/cyclone_dx/validator/string_validator.rbs +14 -0
data/sig/sbom/cyclone_dx/validator/union_validator.rbs +24 -0
data/sig/sbom/cyclone_dx/validator/uri_validator.rbs +10 -0
data/sig/sbom/cyclone_dx/validator.rbs +66 -0
data/sig/sbom/cyclone_dx.rbs +13 -0
data/sig/types.rbs +45 -0
data/spec/email_address_extension_spec.rb +27 -0
data/spec/factories/factory_helper.rb +78 -0
data/spec/factories/record/advisory_factory.rb +11 -0
data/spec/factories/record/annotation_factory.rb +63 -0
data/spec/factories/record/attachment_factory.rb +9 -0
data/spec/factories/record/cipher_suite_factory.rb +26 -0
data/spec/factories/record/co2_measure_factory.rb +9 -0
data/spec/factories/record/command_factory.rb +10 -0
data/spec/factories/record/commit_factory.rb +13 -0
data/spec/factories/record/component_data_factory.rb +28 -0
data/spec/factories/record/component_evidence_factory.rb +44 -0
data/spec/factories/record/component_factory.rb +102 -0
data/spec/factories/record/component_identity_evidence_factory.rb +25 -0
data/spec/factories/record/composition_factory.rb +20 -0
data/spec/factories/record/condition_factory.rb +11 -0
data/spec/factories/record/copyright_factory.rb +9 -0
data/spec/factories/record/crypto_properties_factory.rb +191 -0
data/spec/factories/record/data_governance_factory.rb +11 -0
data/spec/factories/record/data_governance_responsible_party_factory.rb +31 -0
data/spec/factories/record/declarations_factory.rb +145 -0
data/spec/factories/record/definitions_factory.rb +9 -0
data/spec/factories/record/dependency_factory.rb +12 -0
data/spec/factories/record/diff_factory.rb +24 -0
data/spec/factories/record/energy_consumption_factory.rb +15 -0
data/spec/factories/record/energy_measure_factory.rb +9 -0
data/spec/factories/record/energy_provider_factory.rb +15 -0
data/spec/factories/record/environmental_consideration_factory.rb +10 -0
data/spec/factories/record/event_factory.rb +15 -0
data/spec/factories/record/external_reference_factory.rb +13 -0
data/spec/factories/record/fairness_assessment_factory.rb +12 -0
data/spec/factories/record/formula_factory.rb +13 -0
data/spec/factories/record/graphic_factory.rb +10 -0
data/spec/factories/record/graphics_collection_factory.rb +10 -0
data/spec/factories/record/hash_data_factory.rb +10 -0
data/spec/factories/record/identifiable_action_factory.rb +11 -0
data/spec/factories/record/input_factory.rb +36 -0
data/spec/factories/record/input_output_ml_parameter_factory.rb +9 -0
data/spec/factories/record/issue_factory.rb +22 -0
data/spec/factories/record/license_choice_factory.rb +23 -0
data/spec/factories/record/license_factory.rb +99 -0
data/spec/factories/record/metadata_factory.rb +38 -0
data/spec/factories/record/model_card_factory.rb +59 -0
data/spec/factories/record/note_factory.rb +11 -0
data/spec/factories/record/organizational_contact_factory.rb +12 -0
data/spec/factories/record/organizational_entity_factory.rb +13 -0
data/spec/factories/record/output_factory.rb +32 -0
data/spec/factories/record/parameter_factory.rb +11 -0
data/spec/factories/record/patch_factory.rb +12 -0
data/spec/factories/record/performance_metric_factory.rb +20 -0
data/spec/factories/record/postal_address_factory.rb +14 -0
data/spec/factories/record/property_factory.rb +11 -0
data/spec/factories/record/rating_factory.rb +14 -0
data/spec/factories/record/release_notes_factory.rb +20 -0
data/spec/factories/record/resource_reference_choice_factory.rb +27 -0
data/spec/factories/record/risk_factory.rb +10 -0
data/spec/factories/record/root_factory.rb +23 -0
data/spec/factories/record/secured_by_factory.rb +10 -0
data/spec/factories/record/service_data_factory.rb +16 -0
data/spec/factories/record/service_factory.rb +27 -0
data/spec/factories/record/signature_factory.rb +50 -0
data/spec/factories/record/standard_factory.rb +37 -0
data/spec/factories/record/step_factory.rb +12 -0
data/spec/factories/record/swid_factory.rb +16 -0
data/spec/factories/record/task_factory.rb +24 -0
data/spec/factories/record/tools_factory.rb +10 -0
data/spec/factories/record/trigger_factory.rb +21 -0
data/spec/factories/record/version_factory.rb +19 -0
data/spec/factories/record/volume_factory.rb +16 -0
data/spec/factories/record/vulnerability_factory.rb +70 -0
data/spec/factories/record/vulnerability_source_factory.rb +10 -0
data/spec/factories/record/workflow_factory.rb +26 -0
data/spec/factories/record/workspace_factory.rb +21 -0
data/spec/factories/record_factory.rb +159 -0
data/spec/fixtures/cipher_info.yml +948 -0
data/spec/fixtures/purl_data.yml +0 -0
data/spec/sbom/cyclone_dx/enum_spec.rb +30 -0
data/spec/sbom/cyclone_dx/field_spec.rb +104 -0
data/spec/sbom/cyclone_dx/pattern_spec.rb +18 -0
data/spec/sbom/cyclone_dx/record/advisory_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/annotation_spec.rb +31 -0
data/spec/sbom/cyclone_dx/record/attachment_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/base_spec.rb +363 -0
data/spec/sbom/cyclone_dx/record/cipher_suite_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/co2_measure_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/command_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/commit_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/component_data_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/component_evidence_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/component_identity_evidence_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/component_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/composition_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/condition_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/copyright_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/crypto_properties_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/data_governance_responsible_party_spec.rb +19 -0
data/spec/sbom/cyclone_dx/record/data_governance_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/declarations_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/definitions_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/dependency_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/diff_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/energy_consumption_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/energy_measure_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/energy_provider_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/environmental_consideration_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/event_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/external_reference_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/fairness_assessment_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/formula_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/graphic_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/graphics_collection_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/hash_data_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/identifiable_action_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/input_output_ml_parameter_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/input_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/issue_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/license_choice_spec.rb +26 -0
data/spec/sbom/cyclone_dx/record/license_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/metadata_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/model_card_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/note_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/organizational_contact_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/organizational_entity_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/output_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/parameter_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/patch_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/performance_metric_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/postal_address_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/property_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/rating_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/release_notes_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/resource_reference_choice_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/risk_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/root_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/secured_by_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/service_data_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/service_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/signature_spec.rb +26 -0
data/spec/sbom/cyclone_dx/record/standard_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/step_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/swid_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/task_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/tools_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/trigger_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/version_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/volume_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/vulnerability_source_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/vulnerability_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/workflow_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record/workspace_spec.rb +14 -0
data/spec/sbom/cyclone_dx/record_spec.rb +7 -0
data/spec/sbom/cyclone_dx/validator/array_validator_spec.rb +184 -0
data/spec/sbom/cyclone_dx/validator/base_validator_spec.rb +71 -0
data/spec/sbom/cyclone_dx/validator/boolean_validator_spec.rb +26 -0
data/spec/sbom/cyclone_dx/validator/date_time_validator_spec.rb +28 -0
data/spec/sbom/cyclone_dx/validator/email_address_validator_spec.rb +23 -0
data/spec/sbom/cyclone_dx/validator/float_validator_spec.rb +71 -0
data/spec/sbom/cyclone_dx/validator/integer_validator_spec.rb +71 -0
data/spec/sbom/cyclone_dx/validator/record_validator_spec.rb +35 -0
data/spec/sbom/cyclone_dx/validator/string_validator_spec.rb +94 -0
data/spec/sbom/cyclone_dx/validator/union_validator_spec.rb +65 -0
data/spec/sbom/cyclone_dx/validator/uri_validator_spec.rb +21 -0
data/spec/sbom/cyclone_dx/validator_spec.rb +38 -0
data/spec/sbom/cyclone_dx/version_spec.rb +9 -0
data/spec/sbom/cyclone_dx_spec.rb +7 -0
data/spec/spec_helper.rb +39 -0
metadata +377 -6

data/lib/sbom/cyclone_dx/field.rb ADDED Viewed

@@ -0,0 +1,404 @@
+# frozen_string_literal: true
+require_relative "validator/array_validator"
+require_relative "validator/boolean_validator"
+require_relative "validator/date_time_validator"
+require_relative "validator/email_address_validator"
+require_relative "validator/float_validator"
+require_relative "validator/integer_validator"
+require_relative "validator/record_validator"
+require_relative "validator/string_validator"
+require_relative "validator/union_validator"
+require_relative "validator/uri_validator"
+require_relative "pattern"
+module SBOM
+  module CycloneDX
+    module Field # rubocop:disable Metrics/ModuleLength
+      class Base
+        attr_reader :errors, :value
+        def initialize
+          raise "Cannot instantiate abstract Field"
+        end
+        def value?
+          @value.nil?
+        end
+        def valid?
+          @errors = validator.validate(value)
+          @errors.empty?
+        end
+        %i[
+          field_name
+          validator
+          json_name
+          required?
+          const?
+          const
+          default?
+          default
+        ].each { |m| define_method(m) { self.class.public_send(m) } }
+        class << self
+          attr_reader :field_name, :validator, :json_name, :const
+          def required?
+            validator.required?
+          end
+          def const?
+            @const_present
+          end
+          def default
+            # Skip type-checking here because it is already checked, and Steep is cranky about these
+            default_value = _ = @default
+            return default_value unless default_value.is_a?(Proc)
+            default_value.call
+          end
+          def default?
+            @default_present
+          end
+        end
+      end
+      class ConstBase < Base
+        def initialize # rubocop:disable Lint/MissingSuper
+          raise "Cannot instantiate abstract Field" unless self.class < ConstBase
+          @errors = []
+          @value_set = true
+          @value = const
+        end
+      end
+      class PropBase < Base
+        def initialize(*value) # rubocop:disable Lint/MissingSuper
+          raise "Cannot instantiate abstract Field" unless self.class < PropBase
+          raise ArgumentError, "Wrong number of arguments" if value.size > 1
+          if value.empty?
+            unset_value
+            return
+          end
+          self.value = value.first
+        end
+        def value=(val)
+          if val.nil? && required?
+            @value_set = !default?
+            @value = default
+            return
+          end
+          @value_set = true
+          @value = val
+        end
+        def unset_value
+          @value_set = !default?
+          @value = default
+        end
+        def self.coerce(_value)
+          raise NotImplementedError
+        end
+      end
+      class << self # rubocop:disable Metrics/ClassLength
+        def array(field_name:, items:, unique: false, required: false, json_name: nil, const: :undefined, # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity
+                  default: :undefined)
+          validator = Validator::ArrayValidator.new(items: items, unique: unique, required: required)
+          Field(
+            field_name: field_name,
+            type: :array,
+            validator: validator,
+            json_name: json_name,
+            const: const,
+            default: default
+          ) do |value|
+            raise TypeError, "Expected Array, got #{value.class}" unless value.is_a?(::Array) || value.nil?
+            next value if value.nil?
+            value.map do |item|
+              next item if validator.raw_types.any? { |type| item.is_a?(type) } || item.nil?
+              if item.is_a?(Hash)
+                coerced_value = validator.raw_types.filter_map do |type|
+                  next nil unless type < SBOM::CycloneDX::Record::Base
+                  begin
+                    type.new(**item)
+                  rescue StandardError
+                    nil
+                  end
+                end
+                next coerced_value.first if coerced_value.any?
+              end
+              raise TypeError, "Expected one of #{items.to_json}, got #{value.class}"
+            end
+          end
+        end
+        def boolean(field_name:, json_name: nil, required: false, const: :undefined, default: :undefined) # rubocop:disable Metrics/MethodLength
+          Field(
+            field_name: field_name,
+            type: :boolean,
+            validator: SBOM::CycloneDX::Validator::BooleanValidator.new(required: required),
+            json_name: json_name,
+            const: const,
+            default: default
+          ) do |value|
+            next value if value.is_a?(TrueClass) || value.is_a?(FalseClass) || value.nil?
+            raise TypeError, "Expected Boolean, got #{value.class}"
+          end
+        end
+        def date_time(field_name:, json_name: nil, required: false, const: :undefined, default: :undefined) # rubocop:disable Metrics/MethodLength
+          Field(
+            field_name: field_name,
+            type: :date_time,
+            validator: SBOM::CycloneDX::Validator::DateTimeValidator.new(required: required),
+            json_name: json_name,
+            const: const,
+            default: default
+          ) do |value|
+            next value if value.is_a?(::Time) || value.is_a?(::DateTime) || value.is_a?(::String) || value.nil?
+            raise TypeError, "Expected Time, DateTime, or String, got #{value.class}"
+          end
+        end
+        def email_address(field_name:, json_name: nil, required: false, const: :undefined, default: :undefined) # rubocop:disable Metrics/MethodLength
+          Field(
+            field_name: field_name,
+            type: :email_address,
+            validator: SBOM::CycloneDX::Validator::EmailAddressValidator.new(required: required),
+            json_name: json_name,
+            const: const,
+            default: default
+          ) do |value|
+            next value if value.is_a?(EmailAddress::Address) || value.is_a?(String) || value.nil?
+            raise TypeError, "Expected EmailAddress::Address or String, got #{value.class}"
+          end
+        end
+        def float(field_name:, minimum: nil, maximum: nil, required: false, const: :undefined, default: :undefined, # rubocop:disable Metrics/MethodLength
+                  json_name: nil)
+          Field(
+            field_name: field_name,
+            type: :float,
+            validator: SBOM::CycloneDX::Validator::FloatValidator.new(
+              minimum: minimum,
+              maximum: maximum,
+              required: required
+            ),
+            json_name: json_name,
+            const: const,
+            default: default
+          ) do |value|
+            next value if value.is_a?(::Float) || value.nil?
+            raise TypeError, "Expected Float, got #{value.class}"
+          end
+        end
+        def integer(field_name:, minimum: nil, maximum: nil, required: false, const: :undefined, default: :undefined, # rubocop:disable Metrics/MethodLength
+                    json_name: nil)
+          Field(
+            field_name: field_name,
+            type: :integer,
+            validator: SBOM::CycloneDX::Validator::IntegerValidator.new(
+              minimum: minimum,
+              maximum: maximum,
+              required: required
+            ),
+            json_name: json_name,
+            const: const,
+            default: default
+          ) do |value|
+            next value if value.is_a?(::Integer) || value.nil?
+            raise TypeError, "Expected Integer, got #{value.class}"
+          end
+        end
+        def record(field_name:, klass:, json_name: nil, required: false, const: :undefined, default: :undefined) # rubocop:disable Metrics/MethodLength
+          Field(
+            field_name: field_name,
+            type: klass,
+            validator: SBOM::CycloneDX::Validator::RecordValidator.new(type: klass, required: required),
+            json_name: json_name,
+            const: const,
+            default: default
+          ) do |value|
+            next value if value.is_a?(klass) || value.nil?
+            next klass.new(**value) if value.is_a?(::Hash)
+            raise TypeError, "Expected #{klass.name}, got #{value.class}"
+          end
+        end
+        def string( # rubocop:disable Metrics/MethodLength
+          field_name:,
+          enum: nil,
+          max_length: nil,
+          min_length: nil,
+          pattern: Pattern::DEFAULT,
+          required: false,
+          const: :undefined,
+          default: :undefined,
+          json_name: nil
+        )
+          Field(
+            field_name: field_name,
+            type: :string,
+            validator: SBOM::CycloneDX::Validator::StringValidator.new(
+              enum: enum,
+              max_length: max_length,
+              min_length: min_length,
+              pattern: pattern,
+              required: required
+            ),
+            json_name: json_name,
+            const: const,
+            default: default
+          ) do |value|
+            next value if value.is_a?(::String) || value.nil?
+            raise TypeError, "Expected String, got #{value.class}"
+          end
+        end
+        def union(field_name:, of:, required: false, const: :undefined, default: :undefined, json_name: nil) # rubocop:disable Metrics/MethodLength, Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
+          validator = SBOM::CycloneDX::Validator::UnionValidator.new(required: required, of: of)
+          Field(
+            field_name: field_name,
+            type: :union,
+            validator: validator,
+            json_name: json_name,
+            const: const,
+            default: default
+          ) do |value|
+            next value if validator.raw_types.any? { |type| value.is_a?(type) } || value.nil?
+            if value.is_a?(Hash)
+              coerced_value = validator.raw_types.filter_map do |type|
+                next nil unless type < SBOM::CycloneDX::Record::Base
+                begin
+                  type.new(**value)
+                rescue StandardError
+                  nil
+                end
+              end
+              next coerced_value.first if coerced_value.any?
+            end
+            raise TypeError, "Expected one of #{of.map(&:to_s).join(", ")}, got #{value.class}"
+          end
+        end
+        def uri(field_name:, json_name: nil, required: false, const: :undefined, default: :undefined) # rubocop:disable Metrics/MethodLength
+          Field(
+            field_name: field_name,
+            type: :uri,
+            validator: SBOM::CycloneDX::Validator::URIValidator.new(required: required),
+            json_name: json_name,
+            const: const,
+            default: default
+          ) do |value|
+            next value if value.is_a?(::URI::Generic) || value.is_a?(::String) || value.nil?
+            raise TypeError, "Expected URI or String, got #{value.class}"
+          end
+        end
+        private
+        def make_const_default_hash(const, default)
+          raise ArgumentError, "Can not set both :const and :default" if const != :undefined && default != :undefined
+          return { const: const } if const != :undefined
+          return { default: default } if default != :undefined
+          {}
+        end
+        def Field(field_name:, type:, validator:, json_name: nil, const: :undefined, default: :undefined, &coerce_block) # rubocop:disable Metrics/MethodLength, Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity, Naming/MethodName
+          const_and_default_set = const != :undefined && default != :undefined
+          raise "Can not set both :const and :default" if const_and_default_set
+          const_present = const != :undefined
+          const_value = const_present ? const : nil #: fieldValue
+          default_present = default != :undefined
+          default_value = default_present ? default : nil #: defaultValue[fieldValue]
+          json_name ||= field_name.to_s.camelize(:lower)
+          const_and_default = {} #: { ?const: fieldValue?, ?default: defaultValue[fieldValue]? }
+          const_and_default[:const] = const_value if const_present
+          const_and_default[:default] = default_value if default_present
+          validate_types(type, validator, **const_and_default)
+          base_klass = const_present ? ConstBase : PropBase
+          _ = Class.new(base_klass).tap do |field_class|
+            field_class.instance_variable_set(:@field_name, field_name)
+            field_class.instance_variable_set(:@validator, validator)
+            field_class.instance_variable_set(:@json_name, json_name)
+            field_class.instance_variable_set(:@const_present, const_present)
+            field_class.instance_variable_set(:@const, const_value)
+            field_class.instance_variable_set(:@default_present, default_present)
+            field_class.instance_variable_set(:@default, default_value)
+            field_class.define_singleton_method(:coerce, &coerce_block)
+          end
+        end
+        def validate_types(type, validator, **const_and_default) # rubocop:disable Metrics/CyclomaticComplexity,Metrics/MethodLength,Metrics/AbcSize,Metrics/PerceivedComplexity
+          const_set = const_and_default.key?(:const)
+          const = const_and_default[:const]
+          default_set = const_and_default.key?(:default)
+          default = const_and_default[:default].then { |dv| dv.is_a?(Proc) ? dv.call : dv }
+          validator_klass =
+            case type
+            when :array then Validator::ArrayValidator
+            when :boolean then Validator::BooleanValidator
+            when :date_time then Validator::DateTimeValidator
+            when :email_address then Validator::EmailAddressValidator
+            when :float then Validator::FloatValidator
+            when :integer then Validator::IntegerValidator
+            when Class then Validator::RecordValidator
+            when :string then Validator::StringValidator
+            when :union then Validator::UnionValidator
+            when :uri then Validator::URIValidator
+            else raise "Unknown type: #{type}"
+            end
+          unless validator.is_a?(validator_klass)
+            raise TypeError, "Incorrect validator #{validator.class.name} for #{type}"
+          end
+          const_errors = const_set ? validator.validate(const) : [] #: ::Array[String]
+          default_errors = default_set ? validator.validate(default) : [] #: ::Array[String]
+          raise "Invalid value for const:\n#{const_errors.join("\n")}" if const_errors.any?
+          raise "Invalid value for default:\n#{default_errors.join("\n")}" if default_errors.any?
+        end
+      end
+    end
+  end
+end

data/lib/sbom/cyclone_dx/pattern.rb ADDED Viewed

@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+module SBOM
+  module CycloneDX
+    module Pattern
+      # While we currently only support Regexp patterns, this may change in the future. Some of the relevant
+      # standards/specifications use BNF grammars, which may not be representable as Regexp patterns.
+      UUID = /[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/
+      CDX_URN_FRAGMENT = %r{([a-z0-9._~!$&'()*+,;=:@/?-]|%[0-9a-f][0-9a-f])+}i
+      CDX_BOM_VERSION = /[1-9][0-9]*/
+      CDX_URN_NSS = %r{#{UUID}/#{CDX_BOM_VERSION}}
+      CDX_URN_ASSIGNED_NAME = /urn:cdx:#{CDX_URN_NSS}/
+      CDX_URN = /#{CDX_URN_ASSIGNED_NAME}(##{CDX_URN_FRAGMENT})?/
+      BOM_SERIAL_NUMBER = /urn:uuid:#{UUID}/
+      CDX_URN_WITH_FRAGMENT = /#{CDX_URN_ASSIGNED_NAME}##{CDX_URN_FRAGMENT}/
+      REF_LINK = /(?!urn:cdx:)#{CDX_URN_FRAGMENT}+/
+      REF_OR_CDX_URN = /(#{REF_LINK}|#{CDX_URN_WITH_FRAGMENT})/
+      HASH_VALUE = /([a-fA-F0-9]{32}|[a-fA-F0-9]{40}|[a-fA-F0-9]{64}|[a-fA-F0-9]{96}|[a-fA-F0-9]{128})/
+      LOCALE = /([a-z]{2})(-[A-Z]{2})?/
+      MIME_TYPE = %r{[-+a-z0-9.]+/[-+a-z0-9.]+}
+      OPEN_CRE = /CRE:[0-9]+-[0-9]+/
+      CONTENT_TYPE = %r{
+        ([0-9A-Za-z!#$%&'*+.^_`|~-]+|x-(?:[0-9A-Za-z!#$%&'*+.^_`|~-]+))
+        /
+        ([0-9A-Za-z!#$%&'*+.^_`|~-]+)
+        ((?:[ \t]*;[ \t]*[0-9A-Za-z!#$%&'*+.^_`|~-]+=(?:[0-9A-Za-z!#$%&'*+.^_`|~-]+|"(?:[^"\\]|\\.)*"))*)
+      }x
+      # This is used when no patern is provided for validation
+      DEFAULT = /.*/m
+      def self.match_exactly?(pattern, value)
+        /\A#{pattern}\z/.match?(value)
+      end
+    end
+  end
+end

data/lib/sbom/cyclone_dx/record/advisory.rb ADDED Viewed

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+require "uri"
+require_relative "base"
+# Advisory - Title and location where advisory information can be obtained. An advisory is a notification of a threat to a component, service, or system.
+module SBOM
+  module CycloneDX
+    module Record
+      # Schema name: Advisory
+      class Advisory < Base
+        prop :title, :string
+        prop :url, :uri, required: true
+      end
+    end
+  end
+end

data/lib/sbom/cyclone_dx/record/annotation.rb ADDED Viewed

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+require_relative "../pattern"
+require_relative "base"
+require_relative "component"
+require_relative "organizational_contact"
+require_relative "organizational_entity"
+require_relative "service"
+require_relative "signature"
+# Annotations - A comment, note, explanation, or similar textual content which provides additional context to the object(s) being annotated.
+module SBOM
+  module CycloneDX
+    module Record
+      # Schema name: Annotation
+      class Annotation < Base
+        # Schema name: Annotator
+        class Annotator < Base
+          # Organization - The organization that created the annotation
+          prop :organization, OrganizationalEntity
+          # Individual - The person that created the annotation
+          prop :individual, OrganizationalContact
+          # Component - The tool or component that created the annotation
+          prop :component, Component
+          # Service - The service that created the annotation
+          prop :service, Service
+          validate :organization, :individual, :component, :service, presence: :any
+        end
+        # BOM Reference - An optional identifier which can be used to reference the annotation elsewhere in the BOM. Every bom-ref must be unique within the BOM. Value SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links.
+        prop :bom_ref, :string, pattern: Pattern::REF_LINK, json_name: "bom-ref"
+        # Subjects - The object in the BOM identified by its bom-ref. This is often a component or service, but may be any object type supporting bom-refs.
+        prop :subjects, :array, items: [:string, pattern: Pattern::REF_OR_CDX_URN], unique: true, required: true
+        # Annotator - The organization, person, component, or service which created the textual content of the annotation.
+        prop :annotator, Annotator, required: true
+        # Timestamp - The date and time (timestamp) when the annotation was created.
+        prop :timestamp, :date_time, required: true
+        # Text - The textual content of the annotation.
+        prop :text, :string, required: true
+        # Signature - Enveloped signature in [JSON Signature Format (JSF)](https://cyberphone.github.io/doc/security/jsf.html).
+        prop :signature, :union, of: [Signature::JSFSignature, Signature::SignatureChain, Signature::SignerList]
+      end
+    end
+  end
+end

data/lib/sbom/cyclone_dx/record/attachment.rb ADDED Viewed

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+require_relative "../pattern"
+require_relative "base"
+# Attachment - Specifies the metadata and content for an attachment.
+module SBOM
+  module CycloneDX
+    module Record
+      # Schema name: Attachment
+      class Attachment < Base
+        # Content-Type - Specifies the format and nature of the data being attached, helping systems correctly interpret and process the content. Common content type examples include `application/json` for JSON data and `text/plain` for plan text documents.  [RFC 2045 section 5.1](https://www.ietf.org/rfc/rfc2045.html#section-5.1) outlines the structure and use of content types. For a comprehensive list of registered content types, refer to the [IANA media types registry](https://www.iana.org/assignments/media-types/media-types.xhtml).
+        prop :content_type, :string, pattern: Pattern::CONTENT_TYPE, required: true, default: "text/plain"
+        # Attachment Text - The attachment data. Proactive controls such as input validation and sanitization should be employed to prevent misuse of attachment text.
+        prop :content, :string, required: true
+        # Encoding - Specifies the optional encoding the text is represented in.
+        const :encoding, :string, "base64"
+      end
+    end
+  end
+end