From 349fc8cd072e90d81c0328f1d9dab16aa30fcf60 Mon Sep 17 00:00:00 2001 From: Tim Pickles Date: Wed, 29 May 2024 18:14:45 +0100 Subject: [PATCH] fix: add bom-ref to OrganizationalEntity/Contact Adds bom-ref to OrganizationalEntity and OrganizationalContact which was added in CycloneDX 1.5 Signed-off-by: Tim Pickles --- convert.go | 32 +++++++++++++++++++ cyclonedx.go | 8 +++-- ...dTripJSON-func1-valid-metadata-author.json | 1 + ...JSON-func1-valid-metadata-manufacture.json | 2 ++ ...undTripXML-func1-valid-metadata-author.xml | 2 +- ...ipXML-func1-valid-metadata-manufacture.xml | 4 +-- testdata/valid-metadata-author.json | 1 + testdata/valid-metadata-author.xml | 2 +- testdata/valid-metadata-manufacture.json | 2 ++ testdata/valid-metadata-manufacture.xml | 4 +-- 10 files changed, 49 insertions(+), 9 deletions(-) diff --git a/convert.go b/convert.go index ac27448..fbec5e3 100644 --- a/convert.go +++ b/convert.go @@ -71,6 +71,12 @@ func (b *BOM) convert(specVersion SpecVersion) { convertTools(b.Metadata.Tools, specVersion) convertOrganizationalEntity(b.Metadata.Manufacture, specVersion) convertOrganizationalEntity(b.Metadata.Supplier, specVersion) + + if b.Metadata.Authors != nil { + for i := range *b.Metadata.Authors { + convertOrganizationalContact(&(*b.Metadata.Authors)[i], specVersion) + } + } } if b.Components != nil { @@ -324,11 +330,31 @@ func convertOrganizationalEntity(org *OrganizationalEntity, specVersion SpecVers return } + if specVersion < SpecVersion1_5 { + org.BOMRef = "" + + if org.Contact != nil { + for i := range *org.Contact { + convertOrganizationalContact(&(*org.Contact)[i], specVersion) + } + } + } + if specVersion < SpecVersion1_6 { org.Address = nil } } +func convertOrganizationalContact(c *OrganizationalContact, specVersion SpecVersion) { + if c == nil { + return + } + + if specVersion < SpecVersion1_5 { + c.BOMRef = "" + } +} + func convertModelCard(c *Component, specVersion SpecVersion) { if c.ModelCard == nil { return @@ -364,6 +390,12 @@ func convertVulnerabilities(vulns *[]Vulnerability, specVersion SpecVersion) { convertOrganizationalEntity(&(*vuln.Credits.Organizations)[i], specVersion) } } + + if vuln.Credits.Individuals != nil { + for i := range *vuln.Credits.Individuals { + convertOrganizationalContact(&(*vuln.Credits.Individuals)[i], specVersion) + } + } } } diff --git a/cyclonedx.go b/cyclonedx.go index f530bb7..329ea2c 100644 --- a/cyclonedx.go +++ b/cyclonedx.go @@ -1124,12 +1124,14 @@ type Note struct { } type OrganizationalContact struct { - Name string `json:"name,omitempty" xml:"name,omitempty"` - Email string `json:"email,omitempty" xml:"email,omitempty"` - Phone string `json:"phone,omitempty" xml:"phone,omitempty"` + BOMRef string `json:"bom-ref,omitempty" xml:"bom-ref,attr,omitempty"` + Name string `json:"name,omitempty" xml:"name,omitempty"` + Email string `json:"email,omitempty" xml:"email,omitempty"` + Phone string `json:"phone,omitempty" xml:"phone,omitempty"` } type OrganizationalEntity struct { + BOMRef string `json:"bom-ref,omitempty" xml:"bom-ref,attr,omitempty"` Name string `json:"name" xml:"name"` Address *PostalAddress `json:"address,omitempty" xml:"address,omitempty"` URL *[]string `json:"url,omitempty" xml:"url,omitempty"` diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-metadata-author.json b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-metadata-author.json index b2c6e32..38d1580 100644 --- a/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-metadata-author.json +++ b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-metadata-author.json @@ -6,6 +6,7 @@ "metadata": { "authors": [ { + "bom-ref": "author-1", "name": "Samantha Wright", "email": "samantha.wright@example.com", "phone": "800-555-1212" diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-metadata-manufacture.json b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-metadata-manufacture.json index 2b15cca..a7f4880 100644 --- a/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-metadata-manufacture.json +++ b/testdata/snapshots/cyclonedx-go-TestRoundTripJSON-func1-valid-metadata-manufacture.json @@ -5,12 +5,14 @@ "version": 1, "metadata": { "manufacture": { + "bom-ref": "manufacture-1", "name": "Acme, Inc.", "url": [ "https://example.com" ], "contact": [ { + "bom-ref": "contact-1", "name": "Acme Professional Services", "email": "professional.services@example.com" } diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-metadata-author.xml b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-metadata-author.xml index 331bf09..9cc79e5 100644 --- a/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-metadata-author.xml +++ b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-metadata-author.xml @@ -2,7 +2,7 @@ - + Samantha Wright samantha.wright@example.com 800-555-1212 diff --git a/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-metadata-manufacture.xml b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-metadata-manufacture.xml index 74460c2..ac6b794 100644 --- a/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-metadata-manufacture.xml +++ b/testdata/snapshots/cyclonedx-go-TestRoundTripXML-func1-valid-metadata-manufacture.xml @@ -1,10 +1,10 @@ - + Acme, Inc. https://example.com - + Acme Professional Services professional.services@example.com diff --git a/testdata/valid-metadata-author.json b/testdata/valid-metadata-author.json index c63b706..c784009 100644 --- a/testdata/valid-metadata-author.json +++ b/testdata/valid-metadata-author.json @@ -6,6 +6,7 @@ "metadata": { "authors": [ { + "bom-ref": "author-1", "name": "Samantha Wright", "email": "samantha.wright@example.com", "phone": "800-555-1212" diff --git a/testdata/valid-metadata-author.xml b/testdata/valid-metadata-author.xml index a821778..13ea223 100644 --- a/testdata/valid-metadata-author.xml +++ b/testdata/valid-metadata-author.xml @@ -2,7 +2,7 @@ - + Samantha Wright samantha.wright@example.com 800-555-1212 diff --git a/testdata/valid-metadata-manufacture.json b/testdata/valid-metadata-manufacture.json index cbd80db..4895bdb 100644 --- a/testdata/valid-metadata-manufacture.json +++ b/testdata/valid-metadata-manufacture.json @@ -5,12 +5,14 @@ "version": 1, "metadata": { "manufacture": { + "bom-ref": "manufacture-1", "name": "Acme, Inc.", "url": [ "https://example.com" ], "contact": [ { + "bom-ref": "contact-1", "name": "Acme Professional Services", "email": "professional.services@example.com" } diff --git a/testdata/valid-metadata-manufacture.xml b/testdata/valid-metadata-manufacture.xml index 5f419f1..a262fac 100644 --- a/testdata/valid-metadata-manufacture.xml +++ b/testdata/valid-metadata-manufacture.xml @@ -1,10 +1,10 @@ - + Acme, Inc. https://example.com - + Acme Professional Services professional.services@example.com