Skip to content

Commit

Permalink
feat: validate now accepts components with external bom (#308)
Browse files Browse the repository at this point in the history
  • Loading branch information
@mmarseu
mmarseu authored Dec 3, 2024
1 parent fb94fe0 commit af6d772
Show file tree
Hide file tree
Showing 8 changed files with 860 additions and 620 deletions.
277 changes: 157 additions & 120 deletions cdxev/auxiliary/schema/bom-1.3-custom.schema.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -313,7 +313,6 @@
"required": [
"type",
"name",
"version",
"bom-ref"
],
"properties": {
Expand Down Expand Up @@ -541,76 +540,140 @@
}
}
},
"allOf": [
"anyOf": [
{
"anyOf": [
{
"required": [
"licenses"
],
"properties": {
"licenses": {
"minItems": 1
}
}
},
{
"required": [
"copyright"
],
"properties": {
"copyright": {
"minLength": 1
}
}
"properties": {
"licenses": {
"minItems": 1
}
]
}
},
{
"anyOf": [
{
"required": [
"supplier"
]
},
{
"required": [
"author"
]
"properties": {
"copyright": {
"minLength": 1
}
]
},
{
"if": {
"properties": {
"copyright": {
"pattern": "([Ff][Ee][Ss][Tt][Oo])"
}
}
],
"if": {
"$comment": "This condition is true for components which reference an external SBOM. Most non-standard requirements don't apply to these components.",
"required": [
"externalReferences"
],
"properties": {
"externalReferences": {
"contains": {
"properties": {
"type": {
"const": "bom"
}
}
},
}
}
}
},
"then": {
"$comment": "This 'then' schema produces a validation error which helps the validator logic recognize a component as referencing an external SBOM. It will not make validation fail.",
"required": [
"this_is_an_externally_described_component"
]
},
"else": {
"$comment": "These requirements only apply to components which DO NOT reference an external SBOM.",
"allOf": [
{
"required": [
"copyright"
"version"
]
},
{
"anyOf": [
{
"required": [
"licenses"
]
},
{
"required": [
"copyright"
]
}
]
},
{
"anyOf": [
{
"required": [
"supplier"
]
},
{
"required": [
"author"
]
}
]
},
"then": {
{
"if": {
"not": {
"allOf": [
{
"required": [
"licenses"
]
},
{
"properties": {
"copyright": {
"pattern": "([Ff][Ee][Ss][Tt][Oo])"
}
},
"required": [
"copyright"
]
},
"then": {
"if": {
"not": {
"allOf": [
{
"required": [
"licenses"
]
},
{
"properties": {
"copyright": {
"pattern": "([Ff][Ee][Ss][Tt][Oo])"
}
}
}
]
}
},
"then": {
"properties": {
"supplier": {
"properties": {
"copyright": {
"name": {
"pattern": "([Ff][Ee][Ss][Tt][Oo])"
}
}
}
]
},
"required": [
"supplier"
],
"dependencies": {
"supplier": {
"properties": {
"supplier": {
"required": [
"name"
]
}
}
}
}
}
},
"then": {
}
},
{
"if": {
"properties": {
"supplier": {
"properties": {
Expand All @@ -634,53 +697,48 @@
}
}
}
}
}
},
{
"if": {
"properties": {
"supplier": {
"properties": {
"name": {
"pattern": "([Ff][Ee][Ss][Tt][Oo])"
}
}
}
},
"required": [
"supplier"
],
"dependencies": {
"supplier": {
"then": {
"if": {
"not": {
"allOf": [
{
"required": [
"licenses"
]
},
{
"properties": {
"copyright": {
"pattern": "([Ff][Ee][Ss][Tt][Oo])"
}
}
}
]
}
},
"then": {
"properties": {
"supplier": {
"required": [
"name"
]
"copyright": {
"pattern": "([Ff][Ee][Ss][Tt][Oo])"
}
}
},
"required": [
"copyright"
]
}
}
},
"then": {
{
"if": {
"not": {
"allOf": [
{
"required": [
"licenses"
]
},
{
"properties": {
"copyright": {
"pattern": "([Ff][Ee][Ss][Tt][Oo])"
}
}
}
]
}
"properties": {
"author": {
"pattern": "([Ff][Ee][Ss][Tt][Oo])"
}
},
"required": [
"author"
]
},
"then": {
"properties": {
Expand All @@ -693,30 +751,8 @@
]
}
}
},
{
"if": {
"properties": {
"author": {
"pattern": "([Ff][Ee][Ss][Tt][Oo])"
}
},
"required": [
"author"
]
},
"then": {
"properties": {
"copyright": {
"pattern": "([Ff][Ee][Ss][Tt][Oo])"
}
},
"required": [
"copyright"
]
}
}
],
]
},
"additionalProperties": false
},
"swid": {
Expand Down Expand Up @@ -1124,7 +1160,8 @@
"type": "string",
"title": "URL",
"description": "The URL to the external reference",
"format": "iri-reference"
"format": "iri-reference",
"minLength": 1
},
"comment": {
"type": "string",
Expand Down
Loading

0 comments on commit af6d772

Please sign in to comment.