Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feat: Support CBOM (1.6 specification) (#140) #142

Closed
wants to merge 14 commits into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 6 additions & 6 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout Repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # tag=v4.1.1
uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # tag=v4.1.5
- name: Check license headers
uses: apache/skywalking-eyes@438e4ea5682269933ea2c8b5608662e52af26959 # tag=v0.4.0
with:
Expand All @@ -29,15 +29,15 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout Repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # tag=v4.1.1
uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # tag=v4.1.5
- name: Setup Go
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # tag=v5.0.0
uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # tag=v5.0.1
with:
go-version: "1.20"
check-latest: true
cache: false
- name: Run golangci-lint
uses: golangci/golangci-lint-action@3cfe3a4abbb849e10058ce4af15d205b6da42804 # tag=v4.0.0
uses: golangci/golangci-lint-action@a4f60bb28d35aeee14e6880718e0c85ff1882e64 # tag=v6.0.1
with:
version: latest
args: --verbose
Expand All @@ -54,11 +54,11 @@ jobs:
- "1.20"
steps:
- name: Setup Go
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # tag=v5.0.0
uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # tag=v5.0.1
with:
go-version: ${{ matrix.go }}
check-latest: true
- name: Checkout Repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # tag=v4.1.1
uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # tag=v4.1.5
- name: Test
run: make test
4 changes: 2 additions & 2 deletions .github/workflows/goreleaser.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,11 +16,11 @@ jobs:
contents: write
steps:
- name: Checkout Repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # tag=v4.1.1
uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # tag=v4.1.5
with:
fetch-depth: 0
- name: Setup Go
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # tag=v5.0.0
uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # tag=v5.0.1
with:
go-version: "1.20"
check-latest: true
Expand Down
2 changes: 1 addition & 1 deletion Dockerfile.gitpod
Original file line number Diff line number Diff line change
Expand Up @@ -15,4 +15,4 @@
# SPDX-License-Identifier: Apache-2.0
# Copyright (c) OWASP Foundation. All Rights Reserved.

FROM gitpod/workspace-go:latest@sha256:9118b9398357b5136e6dd026dd357503c2e4ad385c097b2ba596af6f2d5a2b6b
FROM gitpod/workspace-go:latest@sha256:8b9a0f68edeb1e05f78a4988a18125feb9603a33e2726b12dc7e462e4cbbdac0
264 changes: 264 additions & 0 deletions cyclonedx.go
Original file line number Diff line number Diff line change
Expand Up @@ -131,11 +131,29 @@ type CallstackFrame struct {
FullFilename string `json:"fullFilename,omitempty" xml:"fullFilename,omitempty"`
}

type CertificateProperties struct {
SubjectName string `json:"subjectName,omitempty" xml:"subjectName,omitempty"`
IssuerName string `json:"issuerName,omitempty" xml:"issuerName,omitempty"`
NotValidBefore string `json:"notValidBefore,omitempty" xml:"notValidBefore,omitempty"`
NotValidAfter string `json:"notValidAfter,omitempty" xml:"notValidAfter,omitempty"`
SignatureAlgorithmRef BOMReference `json:"signatureAlgorithmRef,omitempty" xml:"signatureAlgorithmRef,omitempty"`
SubjectPublicKeyRef BOMReference `json:"subjectPublicKeyRef,omitempty" xml:"subjectPublicKeyRef,omitempty"`
CertificateFormat string `json:"certificateFormat,omitempty" xml:"certificateFormat,omitempty"`
CertificateExtension string `json:"certificateExtension,omitempty" xml:"certificateExtension,omitempty"`
}

type CipherSuite struct {
Name string `json:"name,omitempty" xml:"name,omitempty"`
Algorithms *[]BOMReference `json:"algorithms,omitempty" xml:"algorithms,omitempty"`
Identifiers *[]string `json:"identifiers,omitempty" xml:"identifiers,omitempty"`
}

type ComponentType string

const (
ComponentTypeApplication ComponentType = "application"
ComponentTypeContainer ComponentType = "container"
ComponentTypeCryptographicAsset ComponentType = "cryptographic-asset"
ComponentTypeData ComponentType = "data"
ComponentTypeDevice ComponentType = "device"
ComponentTypeDeviceDriver ComponentType = "device-driver"
Expand Down Expand Up @@ -183,6 +201,7 @@ type Component struct {
ReleaseNotes *ReleaseNotes `json:"releaseNotes,omitempty" xml:"releaseNotes,omitempty"`
ModelCard *MLModelCard `json:"modelCard,omitempty" xml:"modelCard,omitempty"`
Data *ComponentData `json:"data,omitempty" xml:"data,omitempty"`
CryptoProperties *CryptoProperties `json:"cryptoProperties,omitempty" xml:"cryptoProperties,omitempty"`
}

type ComponentData struct {
Expand Down Expand Up @@ -266,6 +285,193 @@ type Credits struct {
Individuals *[]OrganizationalContact `json:"individuals,omitempty" xml:"individuals>individual,omitempty"`
}

type CryptoAlgorithmMode string

const (
CryptoAlgorithmModeCBC CryptoAlgorithmMode = "cbc"
CryptoAlgorithmModeECB CryptoAlgorithmMode = "ecb"
CryptoAlgorithmModeCCM CryptoAlgorithmMode = "ccm"
CryptoAlgorithmModeGCM CryptoAlgorithmMode = "gcm"
CryptoAlgorithmModeCFB CryptoAlgorithmMode = "cfb"
CryptoAlgorithmModeOFB CryptoAlgorithmMode = "ofb"
CryptoAlgorithmModeCTR CryptoAlgorithmMode = "ctr"
CryptoAlgorithmModeOther CryptoAlgorithmMode = "other"
CryptoAlgorithmModeUnknown CryptoAlgorithmMode = "unknown"
)

type CryptoAlgorithmProperties struct {
Primitive CryptoPrimitive `json:"primitive,omitempty" xml:"primitive,omitempty"`
ParameterSetIdentifier string `json:"parameterSetIdentifier,omitempty" xml:"parameterSetIdentifier,omitempty"`
Curve string `json:"curve,omitempty" xml:"curve,omitempty"`
ExecutionEnvironment CryptoExecutionEnvironment `json:"executionEnvironment,omitempty" xml:"executionEnvironment,omitempty"`
ImplementationPlatform ImplementationPlatform `json:"implementationPlatform,omitempty" xml:"implementationPlatform,omitempty"`
CertificationLevel *[]CryptoCertificationLevel `json:"certificationLevel,omitempty" xml:"certificationLevel,omitempty"`
Mode CryptoAlgorithmMode `json:"mode,omitempty" xml:"mode,omitempty"`
Padding CryptoPadding `json:"padding,omitempty" xml:"padding,omitempty"`
CryptoFunctions *[]CryptoFunction `json:"cryptoFunctions,omitempty" xml:"cryptoFunctions>cryptoFunction,omitempty"`
ClassicalSecurityLevel *int `json:"classicalSecurityLevel,omitempty" xml:"classicalSecurityLevel,omitempty"`
NistQuantumSecurityLevel *int `json:"nistQuantumSecurityLevel" xml:"nistQuantumSecurityLevel"`
}

type CryptoAssetType string

const (
CryptoAssetTypeAlgorithm CryptoAssetType = "algorithm"
CryptoAssetTypeCertificate CryptoAssetType = "certificate"
CryptoAssetTypeProtocol CryptoAssetType = "protocol"
CryptoAssetTypeRelatedCryptoMaterial CryptoAssetType = "related-crypto-material"
)

type CryptoCertificationLevel string

const (
CryptoCertificationLevelNone CryptoCertificationLevel = "none"
CryptoCertificationLevelFIPS140_1_L1 CryptoCertificationLevel = "fips140-1-l1"
CryptoCertificationLevelFIPS140_1_L2 CryptoCertificationLevel = "fips140-1-l2"
CryptoCertificationLevelFIPS140_1_L3 CryptoCertificationLevel = "fips140-1-l3"
CryptoCertificationLevelFIPS140_1_L4 CryptoCertificationLevel = "fips140-1-l4"
CryptoCertificationLevelFIPS140_2_L1 CryptoCertificationLevel = "fips140-2-l1"
CryptoCertificationLevelFIPS140_2_L2 CryptoCertificationLevel = "fips140-2-l2"
CryptoCertificationLevelFIPS140_2_L3 CryptoCertificationLevel = "fips140-2-l3"
CryptoCertificationLevelFIPS140_2_L4 CryptoCertificationLevel = "fips140-2-l4"
CryptoCertificationLevelFIPS140_3_L1 CryptoCertificationLevel = "fips140-3-l1"
CryptoCertificationLevelFIPS140_3_L2 CryptoCertificationLevel = "fips140-3-l2"
CryptoCertificationLevelFIPS140_3_L3 CryptoCertificationLevel = "fips140-3-l3"
CryptoCertificationLevelFIPS140_3_L4 CryptoCertificationLevel = "fips140-3-l4"
CryptoCertificationLevelCCEAL1 CryptoCertificationLevel = "cc-eal1"
CryptoCertificationLevelCCEAL1Plus CryptoCertificationLevel = "cc-eal1+"
CryptoCertificationLevelCCEAL2 CryptoCertificationLevel = "cc-eal2"
CryptoCertificationLevelCCEAL2Plus CryptoCertificationLevel = "cc-eal2+"
CryptoCertificationLevelCCEAL3 CryptoCertificationLevel = "cc-eal3"
CryptoCertificationLevelCCEAL3Plus CryptoCertificationLevel = "cc-eal3+"
CryptoCertificationLevelCCEAL4 CryptoCertificationLevel = "cc-eal4"
CryptoCertificationLevelCCEAL4Plus CryptoCertificationLevel = "cc-eal4+"
CryptoCertificationLevelCCEAL5 CryptoCertificationLevel = "cc-eal5"
CryptoCertificationLevelCCEAL5Plus CryptoCertificationLevel = "cc-eal5+"
CryptoCertificationLevelCCEAL6 CryptoCertificationLevel = "cc-eal6"
CryptoCertificationLevelCCEAL6Plus CryptoCertificationLevel = "cc-eal6+"
CryptoCertificationLevelCCEAL7 CryptoCertificationLevel = "cc-eal7"
CryptoCertificationLevelCCEAL7Plus CryptoCertificationLevel = "cc-eal7+"
CryptoCertificationLevelOther CryptoCertificationLevel = "other"
CryptoCertificationLevelUnknown CryptoCertificationLevel = "unknown"
)

type CryptoExecutionEnvironment string

const (
CryptoExecutionEnvironmentSoftwarePlainRAM CryptoExecutionEnvironment = "software-plain-ram"
CryptoExecutionEnvironmentSoftwareEncryptedRAM CryptoExecutionEnvironment = "software-encrypted-ram"
CryptoExecutionEnvironmentSoftwareTEE CryptoExecutionEnvironment = "software-tee"
CryptoExecutionEnvironmentHardware CryptoExecutionEnvironment = "hardware"
CryptoExecutionEnvironmentOther CryptoExecutionEnvironment = "other"
CryptoExecutionEnvironmentUnknown CryptoExecutionEnvironment = "unknown"
)

type CryptoFunction string

const (
CryptoFunctionGenerate CryptoFunction = "generate"
CryptoFunctionKeygen CryptoFunction = "keygen"
CryptoFunctionEncrypt CryptoFunction = "encrypt"
CryptoFunctionDecrypt CryptoFunction = "decrypt"
CryptoFunctionDigest CryptoFunction = "digest"
CryptoFunctionTag CryptoFunction = "tag"
CryptoFunctionKeyderive CryptoFunction = "keyderive"
CryptoFunctionSign CryptoFunction = "sign"
CryptoFunctionVerify CryptoFunction = "verify"
CryptoFunctionEncapsulate CryptoFunction = "encapsulate"
CryptoFunctionDecapsulate CryptoFunction = "decapsulate"
CryptoFunctionOther CryptoFunction = "other"
CryptoFunctionUnknown CryptoFunction = "unknown"
)

type CryptoKeyState string

const (
CryptoKeyStatePreActivation CryptoKeyState = "pre-activation"
CryptoKeyStateActive CryptoKeyState = "active"
CryptoKeyStateSuspended CryptoKeyState = "suspended"
CryptoKeyStateDeactivated CryptoKeyState = "deactivated"
CryptoKeyStateCompromised CryptoKeyState = "compromised"
CryptoKeyStateDestroyed CryptoKeyState = "destroyed"
)

type CryptoPadding string

const (
CryptoPaddingPKCS5 CryptoPadding = "pkcs5"
CryptoPaddingPKCS7 CryptoPadding = "pkcs7"
CryptoPaddingPKCS1v15 CryptoPadding = "pkcs1v15"
CryptoPaddingOAEP CryptoPadding = "oaep"
CryptoPaddingRaw CryptoPadding = "raw"
CryptoPaddingOther CryptoPadding = "other"
CryptoPaddingUnknown CryptoPadding = "unknown"
)

type CryptoPrimitive string

const (
CryptoPrimitiveDRBG CryptoPrimitive = "drbg"
CryptoPrimitiveMAC CryptoPrimitive = "mac"
CryptoPrimitiveBlockCipher CryptoPrimitive = "block-cipher"
CryptoPrimitiveStreamCipher CryptoPrimitive = "stream-cipher"
CryptoPrimitiveSignature CryptoPrimitive = "signature"
CryptoPrimitiveHash CryptoPrimitive = "hash"
CryptoPrimitivePKE CryptoPrimitive = "pke"
CryptoPrimitiveXOF CryptoPrimitive = "xof"
CryptoPrimitiveKDF CryptoPrimitive = "kdf"
CryptoPrimitiveKeyAgree CryptoPrimitive = "key-agree"
CryptoPrimitiveKEM CryptoPrimitive = "kem"
CryptoPrimitiveAE CryptoPrimitive = "ae"
CryptoPrimitiveCombiner CryptoPrimitive = "combiner"
CryptoPrimitiveOther CryptoPrimitive = "other"
CryptoPrimitiveUnknown CryptoPrimitive = "unknown"
)

type CryptoProperties struct {
AssetType CryptoAssetType `json:"assetType" xml:"assetType"`
AlgorithmProperties *CryptoAlgorithmProperties `json:"algorithmProperties,omitempty" xml:"algorithmProperties,omitempty"`
CertificateProperties *CertificateProperties `json:"certificateProperties,omitempty" xml:"certificateProperties,omitempty"`
RelatedCryptoMaterialProperties *RelatedCryptoMaterialProperties `json:"relatedCryptoMaterialProperties,omitempty" xml:"relatedCryptoMaterialProperties,omitempty"`
ProtocolProperties *CryptoProtocolProperties `json:"protocolProperties,omitempty" xml:"protocolProperties,omitempty"`
OID string `json:"oid,omitempty" xml:"oid,omitempty"`
}

type CryptoProtocolProperties struct {
Type CryptoProtocolType `json:"type,omitempty" xml:"type,omitempty"`
Version string `json:"version,omitempty" xml:"version,omitempty"`
CipherSuites *[]CipherSuite `json:"cipherSuites,omitempty" xml:"cipherSuites,omitempty"`
IKEv2TransformTypes *IKEv2TransformTypes `json:"ikev2TransformTypes,omitempty" xml:"ikev2TransformTypes,omitempty"`
CryptoRefArray *[]BOMReference `json:"cryptoRefArray,omitempty" xml:"cryptoRefArray,omitempty"`
}

type CryptoProtocolType string

const (
CryptoProtocolTypeTLS CryptoProtocolType = "tls"
CryptoProtocolTypeSSH CryptoProtocolType = "ssh"
CryptoProtocolTypeIPSec CryptoProtocolType = "ipsec"
CryptoProtocolTypeIKE CryptoProtocolType = "ike"
CryptoProtocolTypeSSTP CryptoProtocolType = "sstp"
CryptoProtocolTypeWPA CryptoProtocolType = "wpa"
CryptoProtocolTypeOther CryptoProtocolType = "other"
CryptoProtocolTypeUnknown CryptoProtocolType = "unknown"
)

type IKEv2TransformTypes struct {
Encr *[]BOMReference `json:"encr,omitempty" xml:"encr,omitempty"`
PRF *[]BOMReference `json:"prf,omitempty" xml:"prf,omitempty"`
Integ *[]BOMReference `json:"integ,omitempty" xml:"integ,omitempty"`
KE *[]BOMReference `json:"ke,omitempty" xml:"ke,omitempty"`
ESN bool `json:"esn" xml:"esn"`
Auth *[]BOMReference `json:"auth,omitempty" xml:"auth,omitempty"`
}

type SecuredBy struct {
Mechanism string `json:"mechanism,omitempty" xml:"mechanism,omitempty"`
AlgorithmRef BOMReference `json:"algorithmRef,omitempty" xml:"algorithmRef,omitempty"`
}

type DataClassification struct {
Flow DataFlow `json:"flow" xml:"flow,attr"`
Classification string `json:"classification" xml:",chardata"`
Expand Down Expand Up @@ -481,6 +687,25 @@ const (
IASNotAffected ImpactAnalysisState = "not_affected"
)

type ImplementationPlatform string

const (
ImplementationPlatformGeneric ImplementationPlatform = "generic"
ImplementationPlatformX86_32 ImplementationPlatform = "x86_32"
ImplementationPlatformX86_64 ImplementationPlatform = "x86_64"
ImplementationPlatformARMv7A ImplementationPlatform = "armv7-a"
ImplementationPlatformARMv7M ImplementationPlatform = "armv7-m"
ImplementationPlatformARMv8A ImplementationPlatform = "armv8-a"
ImplementationPlatformARMv8M ImplementationPlatform = "armv8-m"
ImplementationPlatformARMv9A ImplementationPlatform = "armv9-a"
ImplementationPlatformARMv9M ImplementationPlatform = "armv9-m"
ImplementationPlatformS390x ImplementationPlatform = "s390x"
ImplementationPlatformPPC64 ImplementationPlatform = "ppc64"
ImplementationPlatformPPC64LE ImplementationPlatform = "ppc64le"
ImplementationPlatformOther ImplementationPlatform = "other"
ImplementationPlatformUnknown ImplementationPlatform = "unknown"
)

type Issue struct {
ID string `json:"id" xml:"id"`
Name string `json:"name,omitempty" xml:"name,omitempty"`
Expand Down Expand Up @@ -736,6 +961,45 @@ type Property struct {
Value string `json:"value" xml:",chardata"`
}

type RelatedCryptoMaterialProperties struct {
Type RelatedCryptoMaterialType `json:"type,omitempty" xml:"type,omitempty"`
ID string `json:"id,omitempty" xml:"id,omitempty"`
State CryptoKeyState `json:"state,omitempty" xml:"state,omitempty"`
AlgorithmRef BOMReference `json:"algorithmRef,omitempty" xml:"algorithmRef,omitempty"`
CreationDate string `json:"creationDate,omitempty" xml:"creationDate,omitempty"`
ActivationDate string `json:"activationDate,omitempty" xml:"activationDate,omitempty"`
UpdateDate string `json:"updateDate,omitempty" xml:"updateDate,omitempty"`
ExpirationDate string `json:"expirationDate,omitempty" xml:"expirationDate,omitempty"`
Value string `json:"value,omitempty" xml:"value,omitempty"`
Size *int `json:"size,omitempty" xml:"size,omitempty"`
Format string `json:"format,omitempty" xml:"format,omitempty"`
SecuredBy *SecuredBy `json:"securedBy,omitempty" xml:"securedBy,omitempty"`
}

type RelatedCryptoMaterialType string

const (
RelatedCryptoMaterialTypePrivateKey RelatedCryptoMaterialType = "private-key"
RelatedCryptoMaterialTypePublicKey RelatedCryptoMaterialType = "public-key"
RelatedCryptoMaterialTypeSecretKey RelatedCryptoMaterialType = "secret-key"
RelatedCryptoMaterialTypeKey RelatedCryptoMaterialType = "key"
RelatedCryptoMaterialTypeCiphertext RelatedCryptoMaterialType = "ciphertext"
RelatedCryptoMaterialTypeSignature RelatedCryptoMaterialType = "signature"
RelatedCryptoMaterialTypeDigest RelatedCryptoMaterialType = "digest"
RelatedCryptoMaterialTypeInitializationVector RelatedCryptoMaterialType = "initialization-vector"
RelatedCryptoMaterialTypeNonce RelatedCryptoMaterialType = "nonce"
RelatedCryptoMaterialTypeSeed RelatedCryptoMaterialType = "seed"
RelatedCryptoMaterialTypeSalt RelatedCryptoMaterialType = "salt"
RelatedCryptoMaterialTypeSharedSecret RelatedCryptoMaterialType = "shared-secret"
RelatedCryptoMaterialTypeTag RelatedCryptoMaterialType = "tag"
RelatedCryptoMaterialTypeAdditionalData RelatedCryptoMaterialType = "additional-data"
RelatedCryptoMaterialTypePassword RelatedCryptoMaterialType = "password"
RelatedCryptoMaterialTypeCredential RelatedCryptoMaterialType = "credential"
RelatedCryptoMaterialTypeToken RelatedCryptoMaterialType = "token"
RelatedCryptoMaterialTypeOther RelatedCryptoMaterialType = "other"
RelatedCryptoMaterialTypeUnknown RelatedCryptoMaterialType = "unknown"
)

type ReleaseNotes struct {
Type string `json:"type" xml:"type"`
Title string `json:"title,omitempty" xml:"title,omitempty"`
Expand Down