@cyclonedx/cyclonedx-library 9.0.0 → 9.2.0

package/src/serialize/xmlSerializer.web.ts

@@ -78,7 +78,7 @@ export class XmlSerializer extends XmlBaseSerializer {
     }
 
     if (typeof children === 'string' || typeof children === 'number') {
-      node.textContent = children.toString()
+      node.textContent = children.toString()  /* eslint-disable-line  no-param-reassign -- ack */
       return
     }
 

package/src/spec/consts.ts

@@ -17,6 +17,8 @@ SPDX-License-Identifier: Apache-2.0
 Copyright (c) OWASP Foundation. All Rights Reserved.
 */
 
+/* eslint-disable max-lines -- ack */
+
 import { ComponentType } from '../enums/componentType'
 import { ExternalReferenceType } from '../enums/externalReferenceType'
 import { HashAlgorithm } from '../enums/hashAlogorithm'
@@ -434,7 +436,122 @@ export const Spec1dot6: Readonly<_SpecProtocol> = Object.freeze(new _Spec(
   true
 ))
 
+
+/** Specification v1.7 */
+export const Spec1dot7: Readonly<_SpecProtocol> = Object.freeze(new _Spec(
+  Version.v1dot7,
+  [
+    Format.XML,
+    Format.JSON
+  ],
+  [
+    ComponentType.Application,
+    ComponentType.Framework,
+    ComponentType.Library,
+    ComponentType.Container,
+    ComponentType.Platform,
+    ComponentType.OperatingSystem,
+    ComponentType.Device,
+    ComponentType.DeviceDriver,
+    ComponentType.Firmware,
+    ComponentType.File,
+    ComponentType.MachineLearningModel,
+    ComponentType.Data,
+    ComponentType.CryptographicAsset
+  ],
+  [
+    HashAlgorithm.MD5,
+    HashAlgorithm['SHA-1'],
+    HashAlgorithm['SHA-256'],
+    HashAlgorithm['SHA-384'],
+    HashAlgorithm['SHA-512'],
+    HashAlgorithm['SHA3-256'],
+    HashAlgorithm['SHA3-384'],
+    HashAlgorithm['SHA3-512'],
+    HashAlgorithm['BLAKE2b-256'],
+    HashAlgorithm['BLAKE2b-384'],
+    HashAlgorithm['BLAKE2b-512'],
+    HashAlgorithm.BLAKE3,
+    HashAlgorithm['Streebog-256'],
+    HashAlgorithm['Streebog-512'],
+  ],
+  /^([a-fA-F0-9]{32})$|^([a-fA-F0-9]{40})$|^([a-fA-F0-9]{64})$|^([a-fA-F0-9]{96})$|^([a-fA-F0-9]{128})$/,
+  [
+    ExternalReferenceType.VCS,
+    ExternalReferenceType.IssueTracker,
+    ExternalReferenceType.Website,
+    ExternalReferenceType.Advisories,
+    ExternalReferenceType.BOM,
+    ExternalReferenceType.MailingList,
+    ExternalReferenceType.Social,
+    ExternalReferenceType.Chat,
+    ExternalReferenceType.Documentation,
+    ExternalReferenceType.Support,
+    ExternalReferenceType.SourceDistribution,
+    ExternalReferenceType.Distribution,
+    ExternalReferenceType.DistributionIntake,
+    ExternalReferenceType.License,
+    ExternalReferenceType.BuildMeta,
+    ExternalReferenceType.BuildSystem,
+    ExternalReferenceType.ReleaseNotes,
+    ExternalReferenceType.SecurityContact,
+    ExternalReferenceType.ModelCard,
+    ExternalReferenceType.Log,
+    ExternalReferenceType.Configuration,
+    ExternalReferenceType.Evidence,
+    ExternalReferenceType.Formulation,
+    ExternalReferenceType.Attestation,
+    ExternalReferenceType.ThreatModel,
+    ExternalReferenceType.AdversaryModel,
+    ExternalReferenceType.RiskAssessment,
+    ExternalReferenceType.VulnerabilityAssertion,
+    ExternalReferenceType.ExploitabilityStatement,
+    ExternalReferenceType.PentestReport,
+    ExternalReferenceType.StaticAnalysisReport,
+    ExternalReferenceType.DynamicAnalysisReport,
+    ExternalReferenceType.RuntimeAnalysisReport,
+    ExternalReferenceType.ComponentAnalysisReport,
+    ExternalReferenceType.MaturityReport,
+    ExternalReferenceType.CertificationReport,
+    ExternalReferenceType.CodifiedInfrastructure,
+    ExternalReferenceType.QualityMetrics,
+    ExternalReferenceType.POAM,
+    ExternalReferenceType.ElectronicSignature,
+    ExternalReferenceType.DigitalSignature,
+    ExternalReferenceType.RFC9116,
+    ExternalReferenceType.Citation,
+    ExternalReferenceType.Patent,
+    ExternalReferenceType.PatentAssertion,
+    ExternalReferenceType.PatentFamily,
+    ExternalReferenceType.RFC9116,
+    ExternalReferenceType.Other
+  ],
+  true,
+  true,
+  false,
+  true,
+  true,
+  [
+    VulnerabilityRatingMethod.CVSSv2,
+    VulnerabilityRatingMethod.CVSSv3,
+    VulnerabilityRatingMethod.CVSSv31,
+    VulnerabilityRatingMethod.CVSSv4,
+    VulnerabilityRatingMethod.OWASP,
+    VulnerabilityRatingMethod.SSVC,
+    VulnerabilityRatingMethod.Other
+  ],
+  true,
+  true,
+  true,
+  true,
+  true,
+  true,
+  true,
+  true
+))
+
 export const SpecVersionDict: Readonly<Partial<Record<Version, Readonly<_SpecProtocol>>>> = Object.freeze({
+  [Version.v1dot7]: Spec1dot7,
   [Version.v1dot6]: Spec1dot6,
   [Version.v1dot5]: Spec1dot5,
   [Version.v1dot4]: Spec1dot4,

package/src/spec/enums.ts

@@ -18,6 +18,7 @@ Copyright (c) OWASP Foundation. All Rights Reserved.
 */
 
 export enum Version {
+  v1dot7 = '1.7',
   v1dot6 = '1.6',
   v1dot5 = '1.5',
   v1dot4 = '1.4',

package/src/validation/jsonValidator.node.ts

@@ -43,6 +43,7 @@ abstract class BaseJsonValidator extends BaseValidator {
       try {
         this.#validatorCache = await makeValidator(this.#getSchemaFilePath(), {
           'http://cyclonedx.org/schema/spdx.SNAPSHOT.schema.json': FILES.SPDX.JSON_SCHEMA,
+          'http://cyclonedx.org/schema/cryptography-defs.SNAPSHOT.schema.json': FILES.CryptoDefs.JSON_SCHEMA,
           'http://cyclonedx.org/schema/jsf-0.82.SNAPSHOT.schema.json': FILES.JSF.JSON_SCHEMA
         })
       } catch (err) {

package/tsconfig.d.tsbuildinfo

@@ -1 +1 @@
-{"root":["./src/index.common.ts","./src/index.node.ts","./src/index.web.ts","./src/resources.node.ts","./src/spdx.ts"],"version":"5.9.2"}
+{"root":["./src/index.common.ts","./src/index.node.ts","./src/index.web.ts","./src/resources.node.ts","./src/spdx.ts"],"version":"5.9.3"}

package/tsconfig.node.tsbuildinfo

@@ -1 +1 @@
-{"root":["./src/index.node.ts","./src/_optPlug.node/__jsonValidators/ajv.ts","./src/_optPlug.node/__xmlStringifiers/xmlbuilder2.ts","./src/_optPlug.node/__xmlValidators/libxmljs2.ts"],"version":"5.9.2"}
+{"root":["./src/index.node.ts","./src/_optPlug.node/__jsonValidators/ajv.ts","./src/_optPlug.node/__xmlStringifiers/xmlbuilder2.ts","./src/_optPlug.node/__xmlValidators/libxmljs2.ts"],"version":"5.9.3"}

package/dist.d/_helpers/stringable.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"stringable.d.ts","sourceRoot":"","sources":["../../src/_helpers/stringable.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;EAiBE;AAEF,MAAM,WAAW,UAAU;IACzB,QAAQ,EAAE,MAAM,MAAM,CAAA;CACvB"}

package/dist.node/_helpers/stringable.js

@@ -1,21 +0,0 @@
-"use strict";
-/*!
-This file is part of CycloneDX JavaScript Library.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-   http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-
-SPDX-License-Identifier: Apache-2.0
-Copyright (c) OWASP Foundation. All Rights Reserved.
-*/
-Object.defineProperty(exports, "__esModule", { value: true });
-//# sourceMappingURL=stringable.js.map

package/dist.node/_helpers/stringable.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"stringable.js","sourceRoot":"","sources":["../../src/_helpers/stringable.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;EAiBE"}