Adapt test resources to ensure consistency between xml and json

Signed-off-by: andreas hilti <69210561+andreas-hilti@users.noreply.github.com>
CycloneDX · Aug 31, 2024 · 4ec3aad · 4ec3aad
1 parent 06f2e77
commit 4ec3aad
Show file tree

Hide file tree

Showing 29 changed files with 214 additions and 78 deletions.
diff --git a/tests/CycloneDX.Core.Tests/Resources/v1.6/valid-annotation-1.6.xml b/tests/CycloneDX.Core.Tests/Resources/v1.6/valid-annotation-1.6.xml
@@ -21,7 +21,7 @@
                     </contact>
                 </organization>
             </annotator>
-            <timestamp>2020-04-07T07:01:00Z</timestamp>
+            <timestamp>2022-01-01T00:00:00Z</timestamp>
             <text>This is a sample annotation made by an organization</text>
         </annotation>
         <annotation bom-ref="annotation-2">
@@ -35,8 +35,8 @@
                     <phone>800-555-1212</phone>
                 </individual>
             </annotator>
-            <timestamp>2020-04-07T07:01:00Z</timestamp>
-            <text>This is a sample annotation made by an person</text>
+            <timestamp>2022-01-01T00:00:00Z</timestamp>
+            <text>This is a sample annotation made by a person</text>
         </annotation>
         <annotation bom-ref="annotation-3">
             <subjects>
@@ -48,7 +48,7 @@
                     <version>9.1.2</version>
                 </component>
             </annotator>
-            <timestamp>2020-04-07T07:01:00Z</timestamp>
+            <timestamp>2022-01-01T00:00:00Z</timestamp>
             <text>This is a sample annotation made by a component</text>
         </annotation>
         <annotation bom-ref="annotation-4">
@@ -76,11 +76,11 @@
                     <authenticated>true</authenticated>
                     <x-trust-boundary>true</x-trust-boundary>
                     <data>
-                        <classification flow="bi-directional">pubic</classification>
+                        <classification flow="bi-directional">public</classification>
                     </data>
                 </service>
             </annotator>
-            <timestamp>2020-04-07T07:01:00Z</timestamp>
+            <timestamp>2022-01-01T00:00:00Z</timestamp>
             <text>This is a sample annotation made by a service</text>
         </annotation>
     </annotations>

diff --git a/tests/CycloneDX.Core.Tests/Resources/v1.6/valid-attestation-1.6.xml b/tests/CycloneDX.Core.Tests/Resources/v1.6/valid-attestation-1.6.xml
@@ -3,9 +3,9 @@
     <declarations>
         <assessors>
             <assessor bom-ref="assessor-1">
-                <thirdParty>false</thirdParty>
+                <thirdParty>true</thirdParty>
                 <organization>
-                    <name>Acme Inc</name>
+                    <name>Assessors Inc</name>
                 </organization>
             </assessor>
         </assessors>
@@ -25,7 +25,7 @@
                         <score>0.8</score>
                         <rationale>Conformance rationale here</rationale>
                         <mitigationStrategies>
-                            <mitigationStrategy>mitigations-1</mitigationStrategy>
+                            <mitigationStrategy>mitigationStrategy-1</mitigationStrategy>
                         </mitigationStrategies>
                     </conformance>
                     <confidence>
@@ -110,7 +110,7 @@
                     <contents>
                         <attachment content-type="text/plain">Mitigation strategy here</attachment>
                     </contents>
-                    <classification>Public</classification>
+                    <classification>Company Confidential</classification>
                     <sensitiveData>Describe sensitive data here</sensitiveData>
                 </data>
                 <created>2023-04-25T00:00:00+00:00</created>

diff --git a/tests/CycloneDX.Core.Tests/Resources/v1.6/valid-component-ref-1.6.json b/tests/CycloneDX.Core.Tests/Resources/v1.6/valid-component-ref-1.6.json
@@ -9,11 +9,19 @@
       "type": "library",
       "bom-ref": "123",
       "name": "acme-library",
-      "version": "1.0.0"
+      "version": "1.0.0",
+	  "components" : [
+		{
+		  "type": "library",
+		  "bom-ref": "456",
+		  "name": "acme-library",
+		  "version": "1.0.0"
+		}
+	  ]
     },
     {
       "type": "library",
-      "bom-ref": "456",
+      "bom-ref": "789",
       "name": "acme-library",
       "version": "1.0.0"
     }

diff --git a/tests/CycloneDX.Core.Tests/Resources/v1.6/valid-component-ref-1.6.textproto b/tests/CycloneDX.Core.Tests/Resources/v1.6/valid-component-ref-1.6.textproto
@@ -9,10 +9,16 @@ components {
   bom_ref: "123"
   name: "acme-library"
   version: "1.0.0"
+  components {
+    type: CLASSIFICATION_LIBRARY
+	  bom_ref: "456"
+	  name: "acme-library"
+	  version: "1.0.0"
+  }
 }
 components {
   type: CLASSIFICATION_LIBRARY
-  bom_ref: "456"
+  bom_ref: "789"
   name: "acme-library"
   version: "1.0.0"
 }
diff --git a/tests/CycloneDX.Core.Tests/Resources/v1.6/valid-compositions-1.6.xml b/tests/CycloneDX.Core.Tests/Resources/v1.6/valid-compositions-1.6.xml
@@ -21,7 +21,7 @@
         </component>
         <component type="library" bom-ref="pkg:maven/acme/library@3.0">
             <name>Acme Library</name>
-            <version>2.0</version>
+            <version>3.0</version>
             <purl>pkg:maven/acme/library@3.0</purl>
         </component>
     </components>
@@ -49,9 +49,9 @@
         </composition>
         <composition>
             <aggregate>incomplete_first_party_only</aggregate>
-            <assemblies>
-                <assembly ref="vulnerability-1"/>
-            </assemblies>
+            <vulnerabilities>
+                <vulnerability ref="vulnerability-1"/>
+            </vulnerabilities>
         </composition>
     </compositions>
     <vulnerabilities>

diff --git a/tests/CycloneDX.Core.Tests/Resources/v1.6/valid-cryptography-implementation-1.6.xml b/tests/CycloneDX.Core.Tests/Resources/v1.6/valid-cryptography-implementation-1.6.xml
@@ -31,11 +31,11 @@
             </cryptoProperties>
         </component>
         <component type="library" bom-ref="crypto-library">
-            <name>Crypto Library</name>
+            <name>Crypto library</name>
             <version>1.0.0</version>
         </component>
         <component type="library" bom-ref="some-library">
-            <name>Some Library</name>
+            <name>Some library</name>
             <version>1.0.0</version>
         </component>
     </components>

diff --git a/tests/CycloneDX.Core.Tests/Resources/v1.6/valid-dependency-1.6.xml b/tests/CycloneDX.Core.Tests/Resources/v1.6/valid-dependency-1.6.xml
@@ -2,15 +2,15 @@
 <bom serialNumber="urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" version="1" xmlns="http://cyclonedx.org/schema/bom/1.6">
     <components>
         <component type="library" bom-ref="library-a">
-            <name>acme-library-a</name>
+            <name>library-a</name>
             <version>1.0.0</version>
         </component>
         <component type="library" bom-ref="library-b">
-            <name>acme-library-b</name>
+            <name>library-b</name>
             <version>1.0.0</version>
         </component>
         <component type="library" bom-ref="library-c">
-            <name>acme-library-b</name>
+            <name>library-c</name>
             <version>1.0.0</version>
         </component>
     </components>

diff --git a/tests/CycloneDX.Core.Tests/Resources/v1.6/valid-external-reference-1.6.xml b/tests/CycloneDX.Core.Tests/Resources/v1.6/valid-external-reference-1.6.xml
@@ -2,6 +2,7 @@
 <bom serialNumber="urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" version="1" xmlns="http://cyclonedx.org/schema/bom/1.6">
     <components>
         <component type="library">
+			<publisher>Acme Inc</publisher>
             <group>org.example</group>
             <name>mylibrary</name>
             <version>1.0.0</version>
@@ -14,7 +15,7 @@
                     <url>https://example.org/support/sbom/portal-server/1.0.0</url>
                     <comment>An external SBOM that describes what this component includes</comment>
                     <hashes>
-                        <hash alg="SHA-256">f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b</hash>
+                        <hash alg="SHA-256">708f1f53b41f11f02d12a11b1a38d2905d47b099afc71a0f1124ef8582ec7313</hash>
                     </hashes>
                 </reference>
                 <reference type="documentation">

diff --git a/tests/CycloneDX.Core.Tests/Resources/v1.6/valid-formulation-1.6.json b/tests/CycloneDX.Core.Tests/Resources/v1.6/valid-formulation-1.6.json
@@ -246,7 +246,7 @@
             }
           ],
           "timeStart": "2023-01-01T00:00:00+00:00",
-          "timeEnd": "2023-01-01T00:00:00+10:00",
+          "timeEnd": "2023-01-01T00:00:10+00:00",
           "workspaces": [
             {
               "bom-ref": "workspace-1",

diff --git a/tests/CycloneDX.Core.Tests/Resources/v1.6/valid-formulation-1.6.textproto b/tests/CycloneDX.Core.Tests/Resources/v1.6/valid-formulation-1.6.textproto
@@ -286,7 +286,7 @@ formulation: [
           nanos: 0
         }
         timeEnd {
-          seconds: 1672495200
+          seconds: 1672531210
           nanos: 0
         }
         workspaces: [

diff --git a/tests/CycloneDX.Core.Tests/Resources/v1.6/valid-formulation-1.6.xml b/tests/CycloneDX.Core.Tests/Resources/v1.6/valid-formulation-1.6.xml
@@ -72,8 +72,8 @@
                                 </workspace>
                             </workspaces>
                             <runtimeTopology>
-                                <dependency ref="component-1">
-                                    <dependency ref="component-2" />
+                                <dependency ref="task-1">
+                                    <dependency ref="task-2" />
                                 </dependency>
                             </runtimeTopology>
                         </task>
@@ -84,11 +84,11 @@
                         </dependency>
                     </taskDependencies>
                     <taskTypes>
-                        <taskType>clean</taskType>
+                        <taskType>clone</taskType>
                         <taskType>build</taskType>
                     </taskTypes>
                     <trigger bom-ref="trigger-2">
-                        <uid>trigger-uid-1</uid>
+                        <uid>trigger-uid-2</uid>
                         <name>My trigger</name>
                         <description>Description here</description>
                         <resourceReferences>
@@ -101,7 +101,7 @@
                             <uid>event-1</uid>
                             <description>Description here</description>
                             <timeReceived>2023-01-01T00:00:00+00:00</timeReceived>
-                            <data>FooBar</data>
+                            <data>Foo/Bar</data>
                             <source>
                                 <ref>component-g</ref>
                             </source>
@@ -207,9 +207,9 @@
                         </output>
                     </outputs>
                     <timeStart>2023-01-01T00:00:00+00:00</timeStart>
-                    <timeEnd>2023-01-01T00:00:00+00:00</timeEnd>
+                    <timeEnd>2023-01-01T00:00:10+00:00</timeEnd>
                     <workspaces>
-                        <workspace bom-ref="workspace-2">
+                        <workspace bom-ref="workspace-1">
                             <uid>workspace-1</uid>
                             <name>My workspace</name>
                             <aliases>

diff --git a/tests/CycloneDX.Core.Tests/Resources/v1.6/valid-license-expression-1.6.json b/tests/CycloneDX.Core.Tests/Resources/v1.6/valid-license-expression-1.6.json
@@ -6,18 +6,39 @@
   "version": 1,
   "components": [
     {
-      "type": "library",
+      "type": "Application",
       "publisher": "Acme Inc",
       "group": "com.acme",
       "name": "tomcat-catalina",
       "version": "9.0.14",
+      "description": "Modified version of Apache Catalina",
+      "scope": "required",
+	  "hashes": [
+	    {
+          "alg": "MD5",
+		  "content": "3942447fac867ae5cdb3229b658f4d48"
+		},
+	    {
+          "alg": "SHA-1",
+		  "content": "e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a"
+		},
+	    {
+          "alg": "SHA-256",
+		  "content": "f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b"
+		},
+	    {
+          "alg": "SHA-512",
+		  "content": "e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282"
+		}
+	  ],	  
       "licenses": [
         {
           "expression": "EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0",
           "acknowledgement": "declared",
           "bom-ref": "my-license"
         }
-      ]
+      ],
+	  "purl": "pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar"	  	  
     }
   ]
 }
diff --git a/tests/CycloneDX.Core.Tests/Resources/v1.6/valid-license-expression-1.6.textproto b/tests/CycloneDX.Core.Tests/Resources/v1.6/valid-license-expression-1.6.textproto
@@ -5,13 +5,32 @@ spec_version: "1.6"
 version: 1
 serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79"
 components {
-  type: CLASSIFICATION_LIBRARY
+  type: CLASSIFICATION_APPLICATION
   publisher: "Acme Inc"
   group: "com.acme"
   name: "tomcat-catalina"
   version: "9.0.14"
+  description: "Modified version of Apache Catalina"
+  scope: SCOPE_REQUIRED
+  hashes {
+    alg: HASH_ALG_MD_5
+	value: "3942447fac867ae5cdb3229b658f4d48"
+  }
+  hashes {
+    alg: HASH_ALG_SHA_1
+	value: "e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a"
+  }
+  hashes {
+    alg: HASH_ALG_SHA_256
+	value: "f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b"
+  }
+  hashes {
+    alg: HASH_ALG_SHA_512
+	value: "e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282"
+  }    
   licenses {
     expression: "EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0"
     acknowledgement: LICENSE_ACKNOWLEDGEMENT_ENUMERATION_DECLARED
   }
+  purl: "pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar"  
 }
diff --git a/tests/CycloneDX.Core.Tests/Resources/v1.6/valid-license-expression-1.6.xml b/tests/CycloneDX.Core.Tests/Resources/v1.6/valid-license-expression-1.6.xml
@@ -15,9 +15,7 @@
                 <hash alg="SHA-512">e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282</hash>
             </hashes>
             <licenses>
-                <expression bom-ref="my-license" acknowledgement="declared">
-                    EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
-                </expression>
+                <expression bom-ref="my-license" acknowledgement="declared">EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0</expression>
             </licenses>
             <purl>pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar</purl>
         </component>

diff --git a/tests/CycloneDX.Core.Tests/Resources/v1.6/valid-license-id-1.6.json b/tests/CycloneDX.Core.Tests/Resources/v1.6/valid-license-id-1.6.json
@@ -6,11 +6,31 @@
   "version": 1,
   "components": [
     {
-      "type": "library",
+      "type": "Application",
       "publisher": "Acme Inc",
       "group": "com.acme",
       "name": "tomcat-catalina",
       "version": "9.0.14",
+      "description": "Modified version of Apache Catalina",
+      "scope": "required",
+	  "hashes": [
+	    {
+          "alg": "MD5",
+		  "content": "3942447fac867ae5cdb3229b658f4d48"
+		},
+	    {
+          "alg": "SHA-1",
+		  "content": "e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a"
+		},
+	    {
+          "alg": "SHA-256",
+		  "content": "f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b"
+		},
+	    {
+          "alg": "SHA-512",
+		  "content": "e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282"
+		}
+	  ],
       "licenses": [
         {
           "license": {
@@ -19,7 +39,8 @@
             "bom-ref": "my-license"
           }
         }
-      ]
+      ],
+	  "purl": "pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar"
     }
   ]
 }