@cyclonedx/cyclonedx-library 6.7.2 → 6.8.0

package/src/serialize/xml/normalize.ts

@@ -22,10 +22,13 @@ import type { SortableIterable } from '../../_helpers/sortable'
 import type { Stringable } from '../../_helpers/stringable'
 import { treeIteratorSymbol } from '../../_helpers/tree'
 import { escapeUri } from '../../_helpers/uri'
-import * as Models from '../../models'
+import type * as Models from '../../models'
+import { LicenseExpression, NamedLicense, SpdxLicense } from '../../models/license'
+import { NamedLifecycle } from '../../models/lifecycle'
+import { AffectedSingleVersion, AffectedVersionRange } from '../../models/vulnerability/affect'
 import { isSupportedSpdxId } from '../../spdx'
-import { Version as SpecVersion } from '../../spec'
 import type { _SpecProtocol as Spec } from '../../spec/_protocol'
+import { Version as SpecVersion } from '../../spec/enums'
 import type { NormalizerOptions } from '../types'
 import type { SimpleXml } from './types'
 import { XmlSchema } from './types'
@@ -287,7 +290,7 @@ export class MetadataNormalizer extends BaseXmlNormalizer<Models.Metadata> {
 
 export class LifecycleNormalizer extends BaseXmlNormalizer<Models.Lifecycle> {
   normalize (data: Models.Lifecycle, options: NormalizerOptions, elementName: string): SimpleXml.Element {
-    return data instanceof Models.NamedLifecycle
+    return data instanceof NamedLifecycle
       ? {
           type: 'element',
           name: elementName,
@@ -553,17 +556,17 @@ export class ComponentEvidenceNormalizer extends BaseXmlNormalizer<Models.Compon
 export class LicenseNormalizer extends BaseXmlNormalizer<Models.License> {
   normalize (data: Models.License, options: NormalizerOptions): SimpleXml.Element {
     switch (true) {
-      case data instanceof Models.NamedLicense:
+      case data instanceof NamedLicense:
         return this.#normalizeNamedLicense(data, options)
-      case data instanceof Models.SpdxLicense:
+      case data instanceof SpdxLicense:
         return isSupportedSpdxId(data.id)
           ? this.#normalizeSpdxLicense(data, options)
-          : this.#normalizeNamedLicense(new Models.NamedLicense(
+          : this.#normalizeNamedLicense(new NamedLicense(
             // prevent information loss -> convert to broader type
             data.id,
             { url: data.url }
           ), options)
-      case data instanceof Models.LicenseExpression:
+      case data instanceof LicenseExpression:
         return this.#normalizeLicenseExpression(data)
       /* c8 ignore start */
       default:
@@ -636,7 +639,7 @@ export class LicenseNormalizer extends BaseXmlNormalizer<Models.License> {
       : Array.from(data)
 
     if (licenses.length > 1) {
-      const expressions = licenses.filter(l => l instanceof Models.LicenseExpression) as Models.LicenseExpression[]
+      const expressions = licenses.filter(l => l instanceof LicenseExpression) as Models.LicenseExpression[]
       if (expressions.length > 0) {
         // could have thrown {@link RangeError} when there is more than one only {@link Models.LicenseExpression | LicenseExpression}.
         // but let's be graceful and just normalize to the most relevant choice: any expression
@@ -1086,9 +1089,9 @@ export class VulnerabilityAffectNormalizer extends BaseXmlNormalizer<Models.Vuln
 export class VulnerabilityAffectedVersionNormalizer extends BaseXmlNormalizer<Models.Vulnerability.AffectedVersion> {
   normalize (data: Models.Vulnerability.AffectedVersion, options: NormalizerOptions, elementName: string): SimpleXml.Element {
     switch (true) {
-      case data instanceof Models.Vulnerability.AffectedSingleVersion:
+      case data instanceof AffectedSingleVersion:
         return this.#normalizeAffectedSingleVersion(data, elementName)
-      case data instanceof Models.Vulnerability.AffectedVersionRange:
+      case data instanceof AffectedVersionRange:
         return this.#normalizeAffectedVersionRange(data, elementName)
       /* c8 ignore start */
       default:

package/src/serialize/xmlBaseSerializer.ts

@@ -18,7 +18,8 @@ Copyright (c) OWASP Foundation. All Rights Reserved.
 */
 
 import type { Bom } from '../models'
-import { Format, UnsupportedFormatError } from '../spec'
+import { Format } from '../spec/enums'
+import { UnsupportedFormatError } from '../spec/errors'
 import { BaseSerializer } from './baseSerializer'
 import type { NormalizerOptions } from './types'
 import type { Factory as NormalizerFactory } from './xml/normalize'

package/src/spec/consts.ts

@@ -17,7 +17,10 @@ SPDX-License-Identifier: Apache-2.0
 Copyright (c) OWASP Foundation. All Rights Reserved.
 */
 
-import { ComponentType, ExternalReferenceType, HashAlgorithm, Vulnerability } from '../enums'
+import { ComponentType } from '../enums/componentType'
+import { ExternalReferenceType } from '../enums/externalReferenceType'
+import { HashAlgorithm } from '../enums/hashAlogorithm'
+import { RatingMethod as VulnerabilityRatingMethod } from '../enums/vulnerability/ratingMethod'
 import type { _SpecProtocol } from './_protocol'
 import { _Spec } from './_protocol'
 import { Format, Version } from './enums'
@@ -204,11 +207,11 @@ export const Spec1dot4: Readonly<_SpecProtocol> = Object.freeze(new _Spec(
   true,
   true,
   [
-    Vulnerability.RatingMethod.CVSSv2,
-    Vulnerability.RatingMethod.CVSSv3,
-    Vulnerability.RatingMethod.CVSSv31,
-    Vulnerability.RatingMethod.OWASP,
-    Vulnerability.RatingMethod.Other
+    VulnerabilityRatingMethod.CVSSv2,
+    VulnerabilityRatingMethod.CVSSv3,
+    VulnerabilityRatingMethod.CVSSv31,
+    VulnerabilityRatingMethod.OWASP,
+    VulnerabilityRatingMethod.Other
   ],
   true,
   false,
@@ -301,13 +304,13 @@ export const Spec1dot5: Readonly<_SpecProtocol> = Object.freeze(new _Spec(
   true,
   true,
   [
-    Vulnerability.RatingMethod.CVSSv2,
-    Vulnerability.RatingMethod.CVSSv3,
-    Vulnerability.RatingMethod.CVSSv31,
-    Vulnerability.RatingMethod.CVSSv4,
-    Vulnerability.RatingMethod.OWASP,
-    Vulnerability.RatingMethod.SSVC,
-    Vulnerability.RatingMethod.Other
+    VulnerabilityRatingMethod.CVSSv2,
+    VulnerabilityRatingMethod.CVSSv3,
+    VulnerabilityRatingMethod.CVSSv31,
+    VulnerabilityRatingMethod.CVSSv4,
+    VulnerabilityRatingMethod.OWASP,
+    VulnerabilityRatingMethod.SSVC,
+    VulnerabilityRatingMethod.Other
   ],
   true,
   true,
@@ -405,13 +408,13 @@ export const Spec1dot6: Readonly<_SpecProtocol> = Object.freeze(new _Spec(
   true,
   true,
   [
-    Vulnerability.RatingMethod.CVSSv2,
-    Vulnerability.RatingMethod.CVSSv3,
-    Vulnerability.RatingMethod.CVSSv31,
-    Vulnerability.RatingMethod.CVSSv4,
-    Vulnerability.RatingMethod.OWASP,
-    Vulnerability.RatingMethod.SSVC,
-    Vulnerability.RatingMethod.Other
+    VulnerabilityRatingMethod.CVSSv2,
+    VulnerabilityRatingMethod.CVSSv3,
+    VulnerabilityRatingMethod.CVSSv31,
+    VulnerabilityRatingMethod.CVSSv4,
+    VulnerabilityRatingMethod.OWASP,
+    VulnerabilityRatingMethod.SSVC,
+    VulnerabilityRatingMethod.Other
   ],
   true,
   true,

package/src/spec/errors.ts

@@ -0,0 +1,21 @@
+/*!
+This file is part of CycloneDX JavaScript Library.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+SPDX-License-Identifier: Apache-2.0
+Copyright (c) OWASP Foundation. All Rights Reserved.
+*/
+
+export class UnsupportedFormatError extends Error {
+}

package/src/spec/index.ts

@@ -19,6 +19,4 @@ Copyright (c) OWASP Foundation. All Rights Reserved.
 
 export * from './consts'
 export * from './enums'
-
-export class UnsupportedFormatError extends Error {
-}
+export * from './errors'