From e876a1740c0badcfe6f913af0d1caa610179a759 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Thu, 22 Feb 2024 20:36:08 +0100 Subject: [PATCH 01/28] wip Signed-off-by: Jan Kowalleck --- buf.yaml | 19 ++++ schema/bom-1.6.proto | 238 ++++++++++++++++++++++++------------------- 2 files changed, 155 insertions(+), 102 deletions(-) create mode 100644 buf.yaml diff --git a/buf.yaml b/buf.yaml new file mode 100644 index 00000000..54340787 --- /dev/null +++ b/buf.yaml @@ -0,0 +1,19 @@ +# This is the config for "Buf" - a ProtocolBuffer linter/checker/more +# see https://buf.build/docs/configuration/v1/buf-yaml + +version: v1 +lint: # https://buf.build/docs/configuration/v1/buf-yaml#lint + use: + - DEFAULT # https://buf.build/docs/lint/rules#default + except: + # directory/file layout does not match the recommendation/framework of the tool + - DIRECTORY_SAME_PACKAGE # https://buf.build/docs/lint/rules#directory_same_package + - PACKAGE_DIRECTORY_MATCH # https://buf.build/docs/lint/rules#package_lower_snake_case + - FILE_LOWER_SNAKE_CASE # https://buf.build/docs/lint/rules#file_lower_snake_case + # we do not stick to the following best-practices and recommendations: + # (this shall be fixed with the upcoming CycloneDX v2.0 release + - PACKAGE_VERSION_SUFFIX # https://buf.build/docs/lint/rules#package_version_suffix + - FIELD_LOWER_SNAKE_CASE # https://buf.build/docs/lint/rules#field_lower_snake_case + allow_comment_ignores: true + # breaking: # https://buf.build/docs/configuration/v1/buf-yaml#breaking + # use: \ No newline at end of file diff --git a/schema/bom-1.6.proto b/schema/bom-1.6.proto index 0023df1f..a5394c0e 100644 --- a/schema/bom-1.6.proto +++ b/schema/bom-1.6.proto @@ -168,6 +168,7 @@ message DataFlow { } // Specifies the flow direction of the data. Valid values are: inbound, outbound, bi-directional, and unknown. Direction is relative to the service. Inbound flow states that data enters the service. Outbound flow states that data leaves the service. Bi-directional states that data flows both ways, and unknown states that the direction is not known. +// buf:lint:ignore ENUM_VALUE_PREFIX -- Enum value names should be prefixed with "DATA_FLOW_DIRECTION_" enum DataFlowDirection { DATA_FLOW_NULL = 0; DATA_FLOW_INBOUND = 1; @@ -407,6 +408,7 @@ message OrganizationalEntityOrContact { } } +// buf:lint:ignore ENUM_VALUE_PREFIX -- Enum value names should be prefixed with "LICENSING_TYPE_ENUM_" enum LicensingTypeEnum { LICENSING_TYPE_NULL = 0; // A license that grants use of software solely for the purpose of education or research. @@ -744,6 +746,7 @@ message EvidenceOccurrences { optional string additionalContext = 6; } +// buf:lint:ignore ENUM_VALUE_PREFIX -- Enum value names should be prefixed with "EVIDENCE_FIELD_TYPE_" enum EvidenceFieldType { EVIDENCE_FIELD_NULL = 0; EVIDENCE_FIELD_GROUP = 1; @@ -936,6 +939,7 @@ message VulnerabilityAnalysis { enum ImpactAnalysisState { // An undefined impact analysis state + // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- `null` is our fallback IMPACT_ANALYSIS_STATE_NULL = 0; // The vulnerability has been remediated. IMPACT_ANALYSIS_STATE_RESOLVED = 1; @@ -953,6 +957,7 @@ enum ImpactAnalysisState { enum ImpactAnalysisJustification { // An undefined impact analysis justification + // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- `null` is our fallback IMPACT_ANALYSIS_JUSTIFICATION_NULL = 0; // The code has been removed or tree-shaked. IMPACT_ANALYSIS_JUSTIFICATION_CODE_NOT_PRESENT = 1; @@ -1001,8 +1006,9 @@ message VulnerabilityAffectedVersions { optional VulnerabilityAffectedStatus status = 3; } +// The vulnerability status of a given version or range of versions of a product. The statuses 'affected' and 'unaffected' indicate that the version is affected or unaffected by the vulnerability. The status 'unknown' indicates that it is unknown or unspecified whether the given version is affected. There can be many reasons for an 'unknown' status, including that an investigation has not been undertaken or that a vendor has not disclosed the status. enum VulnerabilityAffectedStatus { - // The vulnerability status of a given version or range of versions of a product. The statuses 'affected' and 'unaffected' indicate that the version is affected or unaffected by the vulnerability. The status 'unknown' indicates that it is unknown or unspecified whether the given version is affected. There can be many reasons for an 'unknown' status, including that an investigation has not been undertaken or that a vendor has not disclosed the status. + // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- actually, value 0 is reserved for fallbacks ... this shall be fixed in v2.0 VULNERABILITY_AFFECTED_STATUS_UNKNOWN = 0; VULNERABILITY_AFFECTED_STATUS_AFFECTED = 1; VULNERABILITY_AFFECTED_STATUS_NOT_AFFECTED = 2; @@ -1132,6 +1138,7 @@ message ModelCard { } enum ModelParameterApproachType { + // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- actually, value 0 is reserved for fallbacks ... this shall be fixed in v2.0 MODEL_PARAMETER_APPROACH_TYPE_SUPERVISED = 0; MODEL_PARAMETER_APPROACH_TYPE_UNSUPERVISED = 1; MODEL_PARAMETER_APPROACH_TYPE_REINFORCED_LEARNING = 2; @@ -1187,6 +1194,7 @@ message DataGovernance { enum ComponentDataType { // Any type of code, code snippet, or data-as-code + // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- actually, value 0 is reserved for fallbacks ... this shall be fixed in v2.0 COMPONENT_DATA_TYPE_SOURCE_CODE = 0; // Parameters or settings that may be used by other components. COMPONENT_DATA_TYPE_CONFIGURATION = 1; @@ -1345,6 +1353,7 @@ message Workspace { optional Volume volume = 12; enum AccessMode { + // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- actually, value 0 is reserved for fallbacks ... this shall be fixed in v2.0 ACCESS_MODE_READ_ONLY = 0; ACCESS_MODE_READ_WRITE = 1; ACCESS_MODE_READ_WRITE_ONCE = 2; @@ -1373,6 +1382,7 @@ message Volume { repeated Property properties = 8; enum VolumeMode { + // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- actually, value 0 is reserved for fallbacks ... this shall be fixed in v2.0 VOLUME_MODE_FILESYSTEM = 0; VOLUME_MODE_BLOCK = 1; } @@ -1406,6 +1416,7 @@ message Trigger { repeated OutputType outputs = 12; enum TriggerType { + // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- actually, value 0 is reserved for fallbacks ... this shall be fixed in v2.0 TRIGGER_TYPE_MANUAL = 0; TRIGGER_TYPE_API = 1; TRIGGER_TYPE_WEBHOOK = 2; @@ -1465,7 +1476,9 @@ message OutputType { // Additional properties of the output data. repeated Property properties = 7; + // buf:lint:ignore ENUM_VALUE_PREFIX -- Enum value names should be prefixed with "OUTPUT_TYPE_TYPE_" enum OutputTypeType { + // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- actually, value 0 is reserved for fallbacks ... this shall be fixed in v2.0 OUTPUT_TYPE_ARTIFACT = 0; OUTPUT_TYPE_ATTESTATION = 1; OUTPUT_TYPE_LOG = 2; @@ -1494,6 +1507,7 @@ message Condition { enum TaskType { // A task that copies software or data used to accomplish other tasks in the workflow. + // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- actually, value 0 is reserved for fallbacks ... this shall be fixed in v2.0 TASK_TYPE_COPY = 0; // A task that clones a software repository into the workflow in order to retrieve its source code or data for use in a build step. TASK_TYPE_CLONE = 1; @@ -1727,87 +1741,101 @@ message Definition { message CryptoProperties { enum CryptoAssetType { - CRYPTO_ASSET_TYPE_ALGORITHM = 0; - CRYPTO_ASSET_TYPE_CERTIFICATE = 1; - CRYPTO_ASSET_TYPE_PROTOCOL = 2; - CRYPTO_ASSET_TYPE_RELATED_CRYPTO_MATERIAL = 3; + // Default + CRYPTO_ASSET_TYPE_UNSPECIFIED = 0; + CRYPTO_ASSET_TYPE_ALGORITHM = 1; + CRYPTO_ASSET_TYPE_CERTIFICATE = 2; + CRYPTO_ASSET_TYPE_PROTOCOL = 3; + CRYPTO_ASSET_TYPE_RELATED_CRYPTO_MATERIAL = 4; } message AlgorithmProperties { enum CryptoPrimitive { - CRYPTO_PRIMITIVE_DRBG = 0; - CRYPTO_PRIMITIVE_MAC = 1; - CRYPTO_PRIMITIVE_BLOCK_CIPHER = 2; - CRYPTO_PRIMITIVE_STREAM_CIPHER = 3; - CRYPTO_PRIMITIVE_SIGNATURE = 4; - CRYPTO_PRIMITIVE_HASH = 5; - CRYPTO_PRIMITIVE_PKE = 6; - CRYPTO_PRIMITIVE_XOF = 7; - CRYPTO_PRIMITIVE_KDF = 8; - CRYPTO_PRIMITIVE_KEY_AGREE = 9; - CRYPTO_PRIMITIVE_KEM = 10; - CRYPTO_PRIMITIVE_AE = 11; - CRYPTO_PRIMITIVE_COMBINER = 12; - CRYPTO_PRIMITIVE_OTHER = 13; - CRYPTO_PRIMITIVE_UNKNOWN = 14; + // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- we use the well-known case "unknown" as our default value + CRYPTO_PRIMITIVE_UNKNOWN = 0; + // none of the following + CRYPTO_PRIMITIVE_OTHER = 1; + CRYPTO_PRIMITIVE_DRBG = 2; + CRYPTO_PRIMITIVE_MAC = 3; + CRYPTO_PRIMITIVE_BLOCK_CIPHER = 4; + CRYPTO_PRIMITIVE_STREAM_CIPHER = 5; + CRYPTO_PRIMITIVE_SIGNATURE = 6; + CRYPTO_PRIMITIVE_HASH = 7; + CRYPTO_PRIMITIVE_PKE = 8; + CRYPTO_PRIMITIVE_XOF = 9; + CRYPTO_PRIMITIVE_KDF = 10; + CRYPTO_PRIMITIVE_KEY_AGREE = 11; + CRYPTO_PRIMITIVE_KEM = 12; + CRYPTO_PRIMITIVE_AE = 13; + CRYPTO_PRIMITIVE_COMBINER = 14; } enum CryptoExecutionEnvironment { - CRYPTO_EXECUTION_ENVIRONMENT_SOFTWARE_PLAIN_RAM = 0; - CRYPTO_EXECUTION_ENVIRONMENT_SOFTWARE_ENCRYPTED_RAM = 1; - CRYPTO_EXECUTION_ENVIRONMENT_SOFTWARE_TEE = 2; - CRYPTO_EXECUTION_ENVIRONMENT_HARDWARE = 3; - CRYPTO_EXECUTION_ENVIRONMENT_OTHER = 4; - CRYPTO_EXECUTION_ENVIRONMENT_UNKNOWN = 5; + // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- we use the well-known case "unknown" as our default value + CRYPTO_EXECUTION_ENVIRONMENT_UNKNOWN = 0; + // none of the following + CRYPTO_EXECUTION_ENVIRONMENT_OTHER = 1; + CRYPTO_EXECUTION_ENVIRONMENT_SOFTWARE_PLAIN_RAM = 2; + CRYPTO_EXECUTION_ENVIRONMENT_SOFTWARE_ENCRYPTED_RAM = 3; + CRYPTO_EXECUTION_ENVIRONMENT_SOFTWARE_TEE = 4; + CRYPTO_EXECUTION_ENVIRONMENT_HARDWARE = 5; } enum CryptoImplementationPlatform { - CRYPTO_IMPLEMENTATION_PLATFORM_GENERIC = 0; - CRYPTO_IMPLEMENTATION_PLATFORM_X86_32 = 1; - CRYPTO_IMPLEMENTATION_PLATFORM_X86_64 = 2; - CRYPTO_IMPLEMENTATION_PLATFORM_ARMV7A = 3; - CRYPTO_IMPLEMENTATION_PLATFORM_ARMV7M = 4; - CRYPTO_IMPLEMENTATION_PLATFORM_ARMV8A = 5; - CRYPTO_IMPLEMENTATION_PLATFORM_ARMV8M = 6; - CRYPTO_IMPLEMENTATION_PLATFORM_ARMV9A = 7; - CRYPTO_IMPLEMENTATION_PLATFORM_ARMV9M = 8; - CRYPTO_IMPLEMENTATION_PLATFORM_X390X = 9; - CRYPTO_IMPLEMENTATION_PLATFORM_PPC64 = 10; - CRYPTO_IMPLEMENTATION_PLATFORM_PPC64LE = 11; - CRYPTO_IMPLEMENTATION_PLATFORM_OTHER = 12; - CRYPTO_IMPLEMENTATION_PLATFORM_UNKNOWN = 13; + // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- we use the well-known case "unknown" as our default value + CRYPTO_IMPLEMENTATION_PLATFORM_UNKNOWN = 0; + // none of the following + CRYPTO_IMPLEMENTATION_PLATFORM_OTHER = 1; + CRYPTO_IMPLEMENTATION_PLATFORM_GENERIC = 2; + CRYPTO_IMPLEMENTATION_PLATFORM_X86_32 = 3; + CRYPTO_IMPLEMENTATION_PLATFORM_X86_64 = 4; + CRYPTO_IMPLEMENTATION_PLATFORM_ARMV7A = 5; + CRYPTO_IMPLEMENTATION_PLATFORM_ARMV7M = 6; + CRYPTO_IMPLEMENTATION_PLATFORM_ARMV8A = 7; + CRYPTO_IMPLEMENTATION_PLATFORM_ARMV8M = 8; + CRYPTO_IMPLEMENTATION_PLATFORM_ARMV9A = 9; + CRYPTO_IMPLEMENTATION_PLATFORM_ARMV9M = 10; + CRYPTO_IMPLEMENTATION_PLATFORM_X390X = 11; + CRYPTO_IMPLEMENTATION_PLATFORM_PPC64 = 12; + CRYPTO_IMPLEMENTATION_PLATFORM_PPC64LE = 13; } enum CryptoAlgorithmMode { - CRYPTO_ALGORITHM_MODE_CBC = 0; - CRYPTO_ALGORITHM_MODE_ECB = 1; - CRYPTO_ALGORITHM_MODE_CCM = 2; - CRYPTO_ALGORITHM_MODE_GCM = 3; - CRYPTO_ALGORITHM_MODE_CFB = 4; - CRYPTO_ALGORITHM_MODE_OFB = 5; - CRYPTO_ALGORITHM_MODE_CTR = 6; - CRYPTO_ALGORITHM_MODE_OTHER = 7; - CRYPTO_ALGORITHM_MODE_UNKNOWN = 8; + // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- we use the well-known case "unknown" as our default value + CRYPTO_ALGORITHM_MODE_UNKNOWN = 0; + // none of the following + CRYPTO_ALGORITHM_MODE_OTHER = 1; + CRYPTO_ALGORITHM_MODE_CBC = 2; + CRYPTO_ALGORITHM_MODE_ECB = 3; + CRYPTO_ALGORITHM_MODE_CCM = 4; + CRYPTO_ALGORITHM_MODE_GCM = 5; + CRYPTO_ALGORITHM_MODE_CFB = 6; + CRYPTO_ALGORITHM_MODE_OFB = 7; + CRYPTO_ALGORITHM_MODE_CTR = 8; } enum CryptoAlgorithmPadding { - CRYPTO_ALGORITHM_PADDING_PKCS5 = 0; - CRYPTO_ALGORITHM_PADDING_PKCS7 = 1; - CRYPTO_ALGORITHM_PADDING_PKCS1V15 = 2; - CRYPTO_ALGORITHM_PADDING_OAEP = 3; - CRYPTO_ALGORITHM_PADDING_RAW = 4; - CRYPTO_ALGORITHM_PADDING_OTHER = 5; - CRYPTO_ALGORITHM_PADDING_UNKNOWN = 6; + // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- we use the well-known case "unknown" as our default value + CRYPTO_ALGORITHM_PADDING_UNKNOWN = 0; + // none of the following + CRYPTO_ALGORITHM_PADDING_OTHER = 1; + CRYPTO_ALGORITHM_PADDING_PKCS5 = 2; + CRYPTO_ALGORITHM_PADDING_PKCS7 = 3; + CRYPTO_ALGORITHM_PADDING_PKCS1V15 = 4; + CRYPTO_ALGORITHM_PADDING_OAEP = 5; + CRYPTO_ALGORITHM_PADDING_RAW = 6; } enum CryptoAlgorithmFunction { - CRYPTO_ALGORITHM_FUNCTION_GENERATE = 0; - CRYPTO_ALGORITHM_FUNCTION_KEYGEN = 1; - CRYPTO_ALGORITHM_FUNCTION_ENCRYPT = 2; - CRYPTO_ALGORITHM_FUNCTION_DECRYPT = 3; - CRYPTO_ALGORITHM_FUNCTION_DIGEST = 4; - CRYPTO_ALGORITHM_FUNCTION_TAG = 5; - CRYPTO_ALGORITHM_FUNCTION_KEYDERIVE = 6; - CRYPTO_ALGORITHM_FUNCTION_SIGN = 7; - CRYPTO_ALGORITHM_FUNCTION_VERIFY = 8; - CRYPTO_ALGORITHM_FUNCTION_ENCAPSULATE = 9; - CRYPTO_ALGORITHM_FUNCTION_DECAPSULATE = 10; - CRYPTO_ALGORITHM_FUNCTION_OTHER = 11; - CRYPTO_ALGORITHM_FUNCTION_UNKNOWN = 12; + // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- we use the well-known case "unknown" as our default value + CRYPTO_ALGORITHM_FUNCTION_UNKNOWN = 0; + // none of the following + CRYPTO_ALGORITHM_FUNCTION_OTHER = 1; + CRYPTO_ALGORITHM_FUNCTION_GENERATE = 2; + CRYPTO_ALGORITHM_FUNCTION_KEYGEN = 3; + CRYPTO_ALGORITHM_FUNCTION_ENCRYPT = 4; + CRYPTO_ALGORITHM_FUNCTION_DECRYPT = 5; + CRYPTO_ALGORITHM_FUNCTION_DIGEST = 6; + CRYPTO_ALGORITHM_FUNCTION_TAG = 7; + CRYPTO_ALGORITHM_FUNCTION_KEYDERIVE = 8; + CRYPTO_ALGORITHM_FUNCTION_SIGN = 9; + CRYPTO_ALGORITHM_FUNCTION_VERIFY = 10; + CRYPTO_ALGORITHM_FUNCTION_ENCAPSULATE = 11; + CRYPTO_ALGORITHM_FUNCTION_DECAPSULATE = 12; } // Cryptographic building blocks used in higher-level cryptographic systems and protocols. Primitives represent different cryptographic routines: deterministic random bit generators (drbg, e.g. CTR_DRBG from NIST SP800-90A-r1), message authentication codes (mac, e.g. HMAC-SHA-256), blockciphers (e.g. AES), streamciphers (e.g. Salsa20), signatures (e.g. ECDSA), hash functions (e.g. SHA-256), public-key encryption schemes (pke, e.g. RSA), extended output functions (xof, e.g. SHAKE256), key derivation functions (e.g. pbkdf2), key agreement algorithms (e.g. ECDH), key encapsulation mechanisms (e.g. ML-KEM), authenticated encryption (ae, e.g. AES-GCM) and the combination of multiple algorithms (combiner, e.g. SP800-56Cr2). optional CryptoPrimitive primitive = 1; @@ -1852,33 +1880,37 @@ message CryptoProperties { } // end of CertificateProperties message RelatedCryptoMaterialProperties { enum CryptoRelatedType { - CRYPTO_RELATED_TYPE_PRIVATE_KEY = 0; - CRYPTO_RELATED_TYPE_PUBLIC_KEY = 1; - CRYPTO_RELATED_TYPE_SECRET_KEY = 2; - CRYPTO_RELATED_TYPE_KEY = 3; - CRYPTO_RELATED_TYPE_CIPHERTEXT = 4; - CRYPTO_RELATED_TYPE_SIGNATURE = 5; - CRYPTO_RELATED_TYPE_DIGEST = 6; - CRYPTO_RELATED_TYPE_INITIALIZATION_VECTOR = 7; - CRYPTO_RELATED_TYPE_NONCE = 8; - CRYPTO_RELATED_TYPE_SEED = 9; - CRYPTO_RELATED_TYPE_SALT = 10; - CRYPTO_RELATED_TYPE_SHARED_SECRET = 11; - CRYPTO_RELATED_TYPE_TAG = 12; - CRYPTO_RELATED_TYPE_ADDITIONAL_DATA = 13; - CRYPTO_RELATED_TYPE_PASSWORD = 14; - CRYPTO_RELATED_TYPE_CREDENTIAL = 15; - CRYPTO_RELATED_TYPE_TOKEN = 16; - CRYPTO_RELATED_TYPE_OTHER = 17; - CRYPTO_RELATED_TYPE_UNKNOWN = 18; + // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- we use the well-known case "unknown" as our default value + CRYPTO_RELATED_TYPE_UNKNOWN = 0; + // none of the following + CRYPTO_RELATED_TYPE_OTHER = 1; + CRYPTO_RELATED_TYPE_PRIVATE_KEY = 2; + CRYPTO_RELATED_TYPE_PUBLIC_KEY = 3; + CRYPTO_RELATED_TYPE_SECRET_KEY = 4; + CRYPTO_RELATED_TYPE_KEY = 5; + CRYPTO_RELATED_TYPE_CIPHERTEXT = 6; + CRYPTO_RELATED_TYPE_SIGNATURE = 7; + CRYPTO_RELATED_TYPE_DIGEST = 8; + CRYPTO_RELATED_TYPE_INITIALIZATION_VECTOR = 9; + CRYPTO_RELATED_TYPE_NONCE = 10; + CRYPTO_RELATED_TYPE_SEED = 11; + CRYPTO_RELATED_TYPE_SALT = 12; + CRYPTO_RELATED_TYPE_SHARED_SECRET = 13; + CRYPTO_RELATED_TYPE_TAG = 14; + CRYPTO_RELATED_TYPE_ADDITIONAL_DATA = 15; + CRYPTO_RELATED_TYPE_PASSWORD = 16; + CRYPTO_RELATED_TYPE_CREDENTIAL = 17; + CRYPTO_RELATED_TYPE_TOKEN = 18; } enum CryptoRelatedState { - CRYPTO_RELATED_STATE_PRE_ACTIVATION = 0; - CRYPTO_RELATED_STATE_ACTIVE = 1; - CRYPTO_RELATED_STATE_SUSPENDED = 2; - CRYPTO_RELATED_STATE_DEACTIVATED = 3; - CRYPTO_RELATED_STATE_COMPROMISED = 4; - CRYPTO_RELATED_STATE_DESTROYED = 5; + // Default + CRYPTO_RELATED_STATE_UNSPECIFIED = 0; + CRYPTO_RELATED_STATE_PRE_ACTIVATION = 1; + CRYPTO_RELATED_STATE_ACTIVE = 2; + CRYPTO_RELATED_STATE_SUSPENDED = 3; + CRYPTO_RELATED_STATE_DEACTIVATED = 4; + CRYPTO_RELATED_STATE_COMPROMISED = 5; + CRYPTO_RELATED_STATE_DESTROYED = 6; } message CryptoRelatedSecuredBy { // Specifies the mechanism by which the cryptographic asset is secured by. Examples include HSM, TPM, SGX, Software, and None @@ -1913,14 +1945,16 @@ message CryptoProperties { } // end of RelatedCryptoMaterialProperties message ProtocolProperties { enum CryptoProtocolType { - CRYPTO_PROTOCOL_TYPE_TLS = 0; - CRYPTO_PROTOCOL_TYPE_SSH = 1; - CRYPTO_PROTOCOL_TYPE_IPSEC = 2; - CRYPTO_PROTOCOL_TYPE_IKE = 3; - CRYPTO_PROTOCOL_TYPE_SSTP = 4; - CRYPTO_PROTOCOL_TYPE_WPA = 5; - CRYPTO_PROTOCOL_TYPE_OTHER = 6; - CRYPTO_PROTOCOL_TYPE_UNKNOWN = 7; + // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- we use the well-known case "unknown" as our default value + CRYPTO_PROTOCOL_TYPE_UNKNOWN = 0; + // none of the following + CRYPTO_PROTOCOL_TYPE_OTHER = 1; + CRYPTO_PROTOCOL_TYPE_TLS = 2; + CRYPTO_PROTOCOL_TYPE_SSH = 3; + CRYPTO_PROTOCOL_TYPE_IPSEC = 4; + CRYPTO_PROTOCOL_TYPE_IKE = 5; + CRYPTO_PROTOCOL_TYPE_SSTP = 6; + CRYPTO_PROTOCOL_TYPE_WPA = 7; } message CryptoProtocolCipherSuite { // A common name for the cipher suite. For example: TLS_DHE_RSA_WITH_AES_128_CCM From 8b0d07eb0a94872b4e29bedfaa260eeac0574fe5 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Fri, 23 Feb 2024 13:20:02 +0100 Subject: [PATCH 02/28] wip Signed-off-by: Jan Kowalleck --- schema/bom-1.6.proto | 264 ++++++++++++++++++++++++------------------- 1 file changed, 148 insertions(+), 116 deletions(-) diff --git a/schema/bom-1.6.proto b/schema/bom-1.6.proto index a5394c0e..743bfc87 100644 --- a/schema/bom-1.6.proto +++ b/schema/bom-1.6.proto @@ -46,6 +46,7 @@ message Bom { } enum Classification { + // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- `null` is our fallback, doubling `unspecified` CLASSIFICATION_NULL = 0; // A software application. Refer to https://en.wikipedia.org/wiki/Application_software for information about applications. CLASSIFICATION_APPLICATION = 1; @@ -170,6 +171,7 @@ message DataFlow { // Specifies the flow direction of the data. Valid values are: inbound, outbound, bi-directional, and unknown. Direction is relative to the service. Inbound flow states that data enters the service. Outbound flow states that data leaves the service. Bi-directional states that data flows both ways, and unknown states that the direction is not known. // buf:lint:ignore ENUM_VALUE_PREFIX -- Enum value names should be prefixed with "DATA_FLOW_DIRECTION_" enum DataFlowDirection { + // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- `null` is our fallback, doubling `unspecified` DATA_FLOW_NULL = 0; DATA_FLOW_INBOUND = 1; DATA_FLOW_OUTBOUND = 2; @@ -206,6 +208,7 @@ message ExternalReference { enum ExternalReferenceType { // Use this if no other types accurately describe the purpose of the external reference + // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- `other` is our fallback, doubling `unspecified` EXTERNAL_REFERENCE_TYPE_OTHER = 0; // Version Control System EXTERNAL_REFERENCE_TYPE_VCS = 1; @@ -292,6 +295,7 @@ enum ExternalReferenceType { } enum HashAlg { + // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- `null` is our fallback, doubling `unspecified` HASH_ALG_NULL = 0; HASH_ALG_MD_5 = 1; HASH_ALG_SHA_1 = 2; @@ -325,6 +329,7 @@ message IdentifiableAction { } enum IssueClassification { + // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- `null` is our fallback, doubling `unspecified` ISSUE_CLASSIFICATION_NULL = 0; // A fault, flaw, or bug in software ISSUE_CLASSIFICATION_DEFECT = 1; @@ -410,6 +415,7 @@ message OrganizationalEntityOrContact { // buf:lint:ignore ENUM_VALUE_PREFIX -- Enum value names should be prefixed with "LICENSING_TYPE_ENUM_" enum LicensingTypeEnum { + // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- `null` is our fallback, doubling `unspecified` LICENSING_TYPE_NULL = 0; // A license that grants use of software solely for the purpose of education or research. LICENSING_TYPE_ACADEMIC = 1; @@ -481,6 +487,7 @@ message Lifecycles { enum LifecyclePhase { // BOM produced early in the development lifecycle containing inventory of components and services that are proposed or planned to be used. The inventory may need to be procured, retrieved, or resourced prior to use. + // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- value `0` is a fallback(meaning "unspecified") in protobuf3. this usage here is an error, it shall be fixed with v2.0 of this very schema LIFECYCLE_PHASE_DESIGN = 0; // BOM consisting of information obtained prior to a build process and may contain source files and development artifacts and manifests. The inventory may need to be resolved and retrieved prior to use. LIFECYCLE_PHASE_PRE_BUILD = 1; @@ -519,6 +526,7 @@ message OrganizationalEntity { } enum PatchClassification { + // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- `null` is our fallback, doubling `unspecified` PATCH_CLASSIFICATION_NULL = 0; // A patch which is not developed by the creators or maintainers of the software being patched. Refer to https://en.wikipedia.org/wiki/Unofficial_patch PATCH_CLASSIFICATION_UNOFFICIAL = 1; @@ -642,6 +650,7 @@ message Property { enum Aggregate { // The relationship completeness is not specified. + // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- `not specified` is our fallback, doubling `unspecified` AGGREGATE_NOT_SPECIFIED = 0; // The relationship is complete. No further relationships including constituent components, services, or dependencies are known to exist. AGGREGATE_COMPLETE = 1; @@ -748,6 +757,7 @@ message EvidenceOccurrences { // buf:lint:ignore ENUM_VALUE_PREFIX -- Enum value names should be prefixed with "EVIDENCE_FIELD_TYPE_" enum EvidenceFieldType { + // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- `null` is our fallback, doubling `unspecified` EVIDENCE_FIELD_NULL = 0; EVIDENCE_FIELD_GROUP = 1; EVIDENCE_FIELD_NAME = 2; @@ -759,6 +769,7 @@ enum EvidenceFieldType { } enum EvidenceTechnique { + // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- value `0` is a fallback(meaning "unspecified") in protobuf3. this usage here is an error, it shall be fixed with v2.0 of this very schema EVIDENCE_TECHNIQUE_SOURCE_CODE_ANALYSIS = 0; EVIDENCE_TECHNIQUE_BINARY_ANALYSIS = 1; EVIDENCE_TECHNIQUE_MANIFEST_ANALYSIS = 2; @@ -880,6 +891,7 @@ message VulnerabilityRating { } enum Severity { + // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- `unknown` is our fallback, doubling `unspecified` SEVERITY_UNKNOWN = 0; SEVERITY_CRITICAL = 1; SEVERITY_HIGH = 2; @@ -891,6 +903,7 @@ enum Severity { enum ScoreMethod { // An undefined score method + // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- `null` is our fallback, doubling `unspecified` SCORE_METHOD_NULL = 0; // Common Vulnerability Scoring System v2 - https://www.first.org/cvss/v2/ SCORE_METHOD_CVSSV2 = 1; @@ -939,7 +952,7 @@ message VulnerabilityAnalysis { enum ImpactAnalysisState { // An undefined impact analysis state - // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- `null` is our fallback + // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- `null` is our fallback, doubling `unspecified` IMPACT_ANALYSIS_STATE_NULL = 0; // The vulnerability has been remediated. IMPACT_ANALYSIS_STATE_RESOLVED = 1; @@ -957,7 +970,7 @@ enum ImpactAnalysisState { enum ImpactAnalysisJustification { // An undefined impact analysis justification - // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- `null` is our fallback + // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- `null` is our fallback, doubling `unspecified` IMPACT_ANALYSIS_JUSTIFICATION_NULL = 0; // The code has been removed or tree-shaked. IMPACT_ANALYSIS_JUSTIFICATION_CODE_NOT_PRESENT = 1; @@ -980,6 +993,8 @@ enum ImpactAnalysisJustification { } enum VulnerabilityResponse { + // unspecified value + // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- `null` is our fallback, doubling `unspecified` VULNERABILITY_RESPONSE_NULL = 0; VULNERABILITY_RESPONSE_CAN_NOT_FIX = 1; VULNERABILITY_RESPONSE_WILL_NOT_FIX = 2; @@ -1008,7 +1023,8 @@ message VulnerabilityAffectedVersions { // The vulnerability status of a given version or range of versions of a product. The statuses 'affected' and 'unaffected' indicate that the version is affected or unaffected by the vulnerability. The status 'unknown' indicates that it is unknown or unspecified whether the given version is affected. There can be many reasons for an 'unknown' status, including that an investigation has not been undertaken or that a vendor has not disclosed the status. enum VulnerabilityAffectedStatus { - // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- actually, value 0 is reserved for fallbacks ... this shall be fixed in v2.0 + // It is unknown (or unspecified) whether the given version is affected. + // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- `unknown` is our fallback, doubling `unspecified` VULNERABILITY_AFFECTED_STATUS_UNKNOWN = 0; VULNERABILITY_AFFECTED_STATUS_AFFECTED = 1; VULNERABILITY_AFFECTED_STATUS_NOT_AFFECTED = 2; @@ -1138,7 +1154,7 @@ message ModelCard { } enum ModelParameterApproachType { - // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- actually, value 0 is reserved for fallbacks ... this shall be fixed in v2.0 + // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- value `0` is a fallback(meaning "unspecified") in protobuf3. this usage here is an error, it shall be fixed with v2.0 of this very schema MODEL_PARAMETER_APPROACH_TYPE_SUPERVISED = 0; MODEL_PARAMETER_APPROACH_TYPE_UNSUPERVISED = 1; MODEL_PARAMETER_APPROACH_TYPE_REINFORCED_LEARNING = 2; @@ -1194,7 +1210,7 @@ message DataGovernance { enum ComponentDataType { // Any type of code, code snippet, or data-as-code - // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- actually, value 0 is reserved for fallbacks ... this shall be fixed in v2.0 + // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- value `0` is a fallback(meaning "unspecified") in protobuf3. this usage here is an error, it shall be fixed with v2.0 of this very schema COMPONENT_DATA_TYPE_SOURCE_CODE = 0; // Parameters or settings that may be used by other components. COMPONENT_DATA_TYPE_CONFIGURATION = 1; @@ -1353,7 +1369,7 @@ message Workspace { optional Volume volume = 12; enum AccessMode { - // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- actually, value 0 is reserved for fallbacks ... this shall be fixed in v2.0 + // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- value `0` is a fallback(meaning "unspecified") in protobuf3. this usage here is an error, it shall be fixed with v2.0 of this very schema ACCESS_MODE_READ_ONLY = 0; ACCESS_MODE_READ_WRITE = 1; ACCESS_MODE_READ_WRITE_ONCE = 2; @@ -1382,7 +1398,7 @@ message Volume { repeated Property properties = 8; enum VolumeMode { - // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- actually, value 0 is reserved for fallbacks ... this shall be fixed in v2.0 + // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- value `0` is a fallback(meaning "unspecified") in protobuf3. this usage here is an error, it shall be fixed with v2.0 of this very schema VOLUME_MODE_FILESYSTEM = 0; VOLUME_MODE_BLOCK = 1; } @@ -1416,7 +1432,7 @@ message Trigger { repeated OutputType outputs = 12; enum TriggerType { - // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- actually, value 0 is reserved for fallbacks ... this shall be fixed in v2.0 + // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- value `0` is a fallback(meaning "unspecified") in protobuf3. this usage here is an error, it shall be fixed with v2.0 of this very schema TRIGGER_TYPE_MANUAL = 0; TRIGGER_TYPE_API = 1; TRIGGER_TYPE_WEBHOOK = 2; @@ -1478,7 +1494,7 @@ message OutputType { // buf:lint:ignore ENUM_VALUE_PREFIX -- Enum value names should be prefixed with "OUTPUT_TYPE_TYPE_" enum OutputTypeType { - // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- actually, value 0 is reserved for fallbacks ... this shall be fixed in v2.0 + // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- value `0` is a fallback(meaning "unspecified") in protobuf3. this usage here is an error, it shall be fixed with v2.0 of this very schema OUTPUT_TYPE_ARTIFACT = 0; OUTPUT_TYPE_ATTESTATION = 1; OUTPUT_TYPE_LOG = 2; @@ -1507,7 +1523,7 @@ message Condition { enum TaskType { // A task that copies software or data used to accomplish other tasks in the workflow. - // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- actually, value 0 is reserved for fallbacks ... this shall be fixed in v2.0 + // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- value `0` is a fallback(meaning "unspecified") in protobuf3. this usage here is an error, it shall be fixed with v2.0 of this very schema TASK_TYPE_COPY = 0; // A task that clones a software repository into the workflow in order to retrieve its source code or data for use in a build step. TASK_TYPE_CLONE = 1; @@ -1741,7 +1757,7 @@ message Definition { message CryptoProperties { enum CryptoAssetType { - // Default + // ProtoBuff's default value CRYPTO_ASSET_TYPE_UNSPECIFIED = 0; CRYPTO_ASSET_TYPE_ALGORITHM = 1; CRYPTO_ASSET_TYPE_CERTIFICATE = 2; @@ -1750,92 +1766,104 @@ message CryptoProperties { } message AlgorithmProperties { enum CryptoPrimitive { - // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- we use the well-known case "unknown" as our default value - CRYPTO_PRIMITIVE_UNKNOWN = 0; - // none of the following - CRYPTO_PRIMITIVE_OTHER = 1; - CRYPTO_PRIMITIVE_DRBG = 2; - CRYPTO_PRIMITIVE_MAC = 3; - CRYPTO_PRIMITIVE_BLOCK_CIPHER = 4; - CRYPTO_PRIMITIVE_STREAM_CIPHER = 5; - CRYPTO_PRIMITIVE_SIGNATURE = 6; - CRYPTO_PRIMITIVE_HASH = 7; - CRYPTO_PRIMITIVE_PKE = 8; - CRYPTO_PRIMITIVE_XOF = 9; - CRYPTO_PRIMITIVE_KDF = 10; - CRYPTO_PRIMITIVE_KEY_AGREE = 11; - CRYPTO_PRIMITIVE_KEM = 12; - CRYPTO_PRIMITIVE_AE = 13; - CRYPTO_PRIMITIVE_COMBINER = 14; + // ProtoBuff's default value -- it differs from "unknown" + CRYPTO_PRIMITIVE_UNSPECIFIED = 0; + // The primitive is not known + CRYPTO_PRIMITIVE_UNKNOWN = 1; + // Another primitive type - none of the following + CRYPTO_PRIMITIVE_OTHER = 2; + CRYPTO_PRIMITIVE_DRBG = 3; + CRYPTO_PRIMITIVE_MAC = 4; + CRYPTO_PRIMITIVE_BLOCK_CIPHER = 5; + CRYPTO_PRIMITIVE_STREAM_CIPHER = 6; + CRYPTO_PRIMITIVE_SIGNATURE = 7; + CRYPTO_PRIMITIVE_HASH = 8; + CRYPTO_PRIMITIVE_PKE = 9; + CRYPTO_PRIMITIVE_XOF = 10; + CRYPTO_PRIMITIVE_KDF = 11; + CRYPTO_PRIMITIVE_KEY_AGREE = 12; + CRYPTO_PRIMITIVE_KEM = 13; + CRYPTO_PRIMITIVE_AE = 14; + CRYPTO_PRIMITIVE_COMBINER = 15; } enum CryptoExecutionEnvironment { - // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- we use the well-known case "unknown" as our default value - CRYPTO_EXECUTION_ENVIRONMENT_UNKNOWN = 0; - // none of the following - CRYPTO_EXECUTION_ENVIRONMENT_OTHER = 1; - CRYPTO_EXECUTION_ENVIRONMENT_SOFTWARE_PLAIN_RAM = 2; - CRYPTO_EXECUTION_ENVIRONMENT_SOFTWARE_ENCRYPTED_RAM = 3; - CRYPTO_EXECUTION_ENVIRONMENT_SOFTWARE_TEE = 4; - CRYPTO_EXECUTION_ENVIRONMENT_HARDWARE = 5; + // ProtoBuff's default value -- it differs from "unknown" + CRYPTO_EXECUTION_ENVIRONMENT_UNSPECIFIED = 0; + // The execution environment is not known + CRYPTO_EXECUTION_ENVIRONMENT_UNKNOWN = 1; + // Another implementation environment - none of the following + CRYPTO_EXECUTION_ENVIRONMENT_OTHER = 2; + CRYPTO_EXECUTION_ENVIRONMENT_SOFTWARE_PLAIN_RAM = 3; + CRYPTO_EXECUTION_ENVIRONMENT_SOFTWARE_ENCRYPTED_RAM = 4; + CRYPTO_EXECUTION_ENVIRONMENT_SOFTWARE_TEE = 5; + CRYPTO_EXECUTION_ENVIRONMENT_HARDWARE = 6; } enum CryptoImplementationPlatform { - // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- we use the well-known case "unknown" as our default value - CRYPTO_IMPLEMENTATION_PLATFORM_UNKNOWN = 0; + // ProtoBuff's default value -- it differs from "unknown" + CRYPTO_IMPLEMENTATION_PLATFORM_UNSPECIFIED = 0; + // the platform is not known + CRYPTO_IMPLEMENTATION_PLATFORM_UNKNOWN = 1; // none of the following - CRYPTO_IMPLEMENTATION_PLATFORM_OTHER = 1; - CRYPTO_IMPLEMENTATION_PLATFORM_GENERIC = 2; - CRYPTO_IMPLEMENTATION_PLATFORM_X86_32 = 3; - CRYPTO_IMPLEMENTATION_PLATFORM_X86_64 = 4; - CRYPTO_IMPLEMENTATION_PLATFORM_ARMV7A = 5; - CRYPTO_IMPLEMENTATION_PLATFORM_ARMV7M = 6; - CRYPTO_IMPLEMENTATION_PLATFORM_ARMV8A = 7; - CRYPTO_IMPLEMENTATION_PLATFORM_ARMV8M = 8; - CRYPTO_IMPLEMENTATION_PLATFORM_ARMV9A = 9; - CRYPTO_IMPLEMENTATION_PLATFORM_ARMV9M = 10; - CRYPTO_IMPLEMENTATION_PLATFORM_X390X = 11; - CRYPTO_IMPLEMENTATION_PLATFORM_PPC64 = 12; - CRYPTO_IMPLEMENTATION_PLATFORM_PPC64LE = 13; + CRYPTO_IMPLEMENTATION_PLATFORM_OTHER = 2; + CRYPTO_IMPLEMENTATION_PLATFORM_GENERIC = 3; + CRYPTO_IMPLEMENTATION_PLATFORM_X86_32 = 4; + CRYPTO_IMPLEMENTATION_PLATFORM_X86_64 = 5; + CRYPTO_IMPLEMENTATION_PLATFORM_ARMV7A = 6; + CRYPTO_IMPLEMENTATION_PLATFORM_ARMV7M = 7; + CRYPTO_IMPLEMENTATION_PLATFORM_ARMV8A = 8; + CRYPTO_IMPLEMENTATION_PLATFORM_ARMV8M = 9; + CRYPTO_IMPLEMENTATION_PLATFORM_ARMV9A = 10; + CRYPTO_IMPLEMENTATION_PLATFORM_ARMV9M = 11; + CRYPTO_IMPLEMENTATION_PLATFORM_X390X = 12; + CRYPTO_IMPLEMENTATION_PLATFORM_PPC64 = 13; + CRYPTO_IMPLEMENTATION_PLATFORM_PPC64LE = 14; } enum CryptoAlgorithmMode { - // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- we use the well-known case "unknown" as our default value - CRYPTO_ALGORITHM_MODE_UNKNOWN = 0; - // none of the following - CRYPTO_ALGORITHM_MODE_OTHER = 1; - CRYPTO_ALGORITHM_MODE_CBC = 2; - CRYPTO_ALGORITHM_MODE_ECB = 3; - CRYPTO_ALGORITHM_MODE_CCM = 4; - CRYPTO_ALGORITHM_MODE_GCM = 5; - CRYPTO_ALGORITHM_MODE_CFB = 6; - CRYPTO_ALGORITHM_MODE_OFB = 7; - CRYPTO_ALGORITHM_MODE_CTR = 8; + // ProtoBuff's default value -- it differs from "unknown" + CRYPTO_ALGORITHM_MODE_UNSPECIFIED = 0; + // The mode of operation is not known + CRYPTO_ALGORITHM_MODE_UNKNOWN = 1; + // Another mode of operation - none of the following + CRYPTO_ALGORITHM_MODE_OTHER = 2; + CRYPTO_ALGORITHM_MODE_CBC = 3; + CRYPTO_ALGORITHM_MODE_ECB = 4; + CRYPTO_ALGORITHM_MODE_CCM = 5; + CRYPTO_ALGORITHM_MODE_GCM = 6; + CRYPTO_ALGORITHM_MODE_CFB = 7; + CRYPTO_ALGORITHM_MODE_OFB = 8; + CRYPTO_ALGORITHM_MODE_CTR = 9; } enum CryptoAlgorithmPadding { - // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- we use the well-known case "unknown" as our default value - CRYPTO_ALGORITHM_PADDING_UNKNOWN = 0; - // none of the following - CRYPTO_ALGORITHM_PADDING_OTHER = 1; - CRYPTO_ALGORITHM_PADDING_PKCS5 = 2; - CRYPTO_ALGORITHM_PADDING_PKCS7 = 3; - CRYPTO_ALGORITHM_PADDING_PKCS1V15 = 4; - CRYPTO_ALGORITHM_PADDING_OAEP = 5; - CRYPTO_ALGORITHM_PADDING_RAW = 6; + // ProtoBuff's default value -- it differs from "unknown" + CRYPTO_ALGORITHM_PADDING_UNSPECIFIED = 0; + // The padding scheme is not known + CRYPTO_ALGORITHM_PADDING_UNKNOWN = 1; + // Another padding scheme - none of the following + CRYPTO_ALGORITHM_PADDING_OTHER = 2; + CRYPTO_ALGORITHM_PADDING_PKCS5 = 3; + CRYPTO_ALGORITHM_PADDING_PKCS7 = 4; + CRYPTO_ALGORITHM_PADDING_PKCS1V15 = 5; + CRYPTO_ALGORITHM_PADDING_OAEP = 6; + CRYPTO_ALGORITHM_PADDING_RAW = 7; } enum CryptoAlgorithmFunction { - // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- we use the well-known case "unknown" as our default value - CRYPTO_ALGORITHM_FUNCTION_UNKNOWN = 0; + // ProtoBuff's default value -- it differs from "unknown" + CRYPTO_ALGORITHM_FUNCTION_UNSPECIFIED = 0; + // meaning "there is some, but it is unclear which one" + CRYPTO_ALGORITHM_FUNCTION_UNKNOWN = 1; // none of the following - CRYPTO_ALGORITHM_FUNCTION_OTHER = 1; - CRYPTO_ALGORITHM_FUNCTION_GENERATE = 2; - CRYPTO_ALGORITHM_FUNCTION_KEYGEN = 3; - CRYPTO_ALGORITHM_FUNCTION_ENCRYPT = 4; - CRYPTO_ALGORITHM_FUNCTION_DECRYPT = 5; - CRYPTO_ALGORITHM_FUNCTION_DIGEST = 6; - CRYPTO_ALGORITHM_FUNCTION_TAG = 7; - CRYPTO_ALGORITHM_FUNCTION_KEYDERIVE = 8; - CRYPTO_ALGORITHM_FUNCTION_SIGN = 9; - CRYPTO_ALGORITHM_FUNCTION_VERIFY = 10; - CRYPTO_ALGORITHM_FUNCTION_ENCAPSULATE = 11; - CRYPTO_ALGORITHM_FUNCTION_DECAPSULATE = 12; + CRYPTO_ALGORITHM_FUNCTION_OTHER = 2; + CRYPTO_ALGORITHM_FUNCTION_GENERATE = 3; + CRYPTO_ALGORITHM_FUNCTION_KEYGEN = 4; + CRYPTO_ALGORITHM_FUNCTION_ENCRYPT = 5; + CRYPTO_ALGORITHM_FUNCTION_DECRYPT = 6; + CRYPTO_ALGORITHM_FUNCTION_DIGEST = 7; + CRYPTO_ALGORITHM_FUNCTION_TAG = 8; + CRYPTO_ALGORITHM_FUNCTION_KEYDERIVE = 9; + CRYPTO_ALGORITHM_FUNCTION_SIGN = 10; + CRYPTO_ALGORITHM_FUNCTION_VERIFY = 11; + CRYPTO_ALGORITHM_FUNCTION_ENCAPSULATE = 12; + CRYPTO_ALGORITHM_FUNCTION_DECAPSULATE = 13; } // Cryptographic building blocks used in higher-level cryptographic systems and protocols. Primitives represent different cryptographic routines: deterministic random bit generators (drbg, e.g. CTR_DRBG from NIST SP800-90A-r1), message authentication codes (mac, e.g. HMAC-SHA-256), blockciphers (e.g. AES), streamciphers (e.g. Salsa20), signatures (e.g. ECDSA), hash functions (e.g. SHA-256), public-key encryption schemes (pke, e.g. RSA), extended output functions (xof, e.g. SHAKE256), key derivation functions (e.g. pbkdf2), key agreement algorithms (e.g. ECDH), key encapsulation mechanisms (e.g. ML-KEM), authenticated encryption (ae, e.g. AES-GCM) and the combination of multiple algorithms (combiner, e.g. SP800-56Cr2). optional CryptoPrimitive primitive = 1; @@ -1880,27 +1908,29 @@ message CryptoProperties { } // end of CertificateProperties message RelatedCryptoMaterialProperties { enum CryptoRelatedType { - // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- we use the well-known case "unknown" as our default value - CRYPTO_RELATED_TYPE_UNKNOWN = 0; - // none of the following - CRYPTO_RELATED_TYPE_OTHER = 1; - CRYPTO_RELATED_TYPE_PRIVATE_KEY = 2; - CRYPTO_RELATED_TYPE_PUBLIC_KEY = 3; - CRYPTO_RELATED_TYPE_SECRET_KEY = 4; - CRYPTO_RELATED_TYPE_KEY = 5; - CRYPTO_RELATED_TYPE_CIPHERTEXT = 6; - CRYPTO_RELATED_TYPE_SIGNATURE = 7; - CRYPTO_RELATED_TYPE_DIGEST = 8; - CRYPTO_RELATED_TYPE_INITIALIZATION_VECTOR = 9; - CRYPTO_RELATED_TYPE_NONCE = 10; - CRYPTO_RELATED_TYPE_SEED = 11; - CRYPTO_RELATED_TYPE_SALT = 12; - CRYPTO_RELATED_TYPE_SHARED_SECRET = 13; - CRYPTO_RELATED_TYPE_TAG = 14; - CRYPTO_RELATED_TYPE_ADDITIONAL_DATA = 15; - CRYPTO_RELATED_TYPE_PASSWORD = 16; - CRYPTO_RELATED_TYPE_CREDENTIAL = 17; - CRYPTO_RELATED_TYPE_TOKEN = 18; + // ProtoBuff's default value -- it differs from "unknown" + CRYPTO_RELATED_TYPE_UNSPECIFIED = 0; + // The type of cryptographic asset is not known. + CRYPTO_RELATED_TYPE_UNKNOWN = 1; + // Another type of cryptographic asset - none of the following + CRYPTO_RELATED_TYPE_OTHER = 2; + CRYPTO_RELATED_TYPE_PRIVATE_KEY = 3; + CRYPTO_RELATED_TYPE_PUBLIC_KEY = 4; + CRYPTO_RELATED_TYPE_SECRET_KEY = 5; + CRYPTO_RELATED_TYPE_KEY = 6; + CRYPTO_RELATED_TYPE_CIPHERTEXT = 7; + CRYPTO_RELATED_TYPE_SIGNATURE = 8; + CRYPTO_RELATED_TYPE_DIGEST = 9; + CRYPTO_RELATED_TYPE_INITIALIZATION_VECTOR = 10; + CRYPTO_RELATED_TYPE_NONCE = 11; + CRYPTO_RELATED_TYPE_SEED = 12; + CRYPTO_RELATED_TYPE_SALT = 13; + CRYPTO_RELATED_TYPE_SHARED_SECRET = 14; + CRYPTO_RELATED_TYPE_TAG = 15; + CRYPTO_RELATED_TYPE_ADDITIONAL_DATA = 16; + CRYPTO_RELATED_TYPE_PASSWORD = 17; + CRYPTO_RELATED_TYPE_CREDENTIAL = 18; + CRYPTO_RELATED_TYPE_TOKEN = 19; } enum CryptoRelatedState { // Default @@ -1945,16 +1975,18 @@ message CryptoProperties { } // end of RelatedCryptoMaterialProperties message ProtocolProperties { enum CryptoProtocolType { - // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- we use the well-known case "unknown" as our default value - CRYPTO_PROTOCOL_TYPE_UNKNOWN = 0; - // none of the following - CRYPTO_PROTOCOL_TYPE_OTHER = 1; - CRYPTO_PROTOCOL_TYPE_TLS = 2; - CRYPTO_PROTOCOL_TYPE_SSH = 3; - CRYPTO_PROTOCOL_TYPE_IPSEC = 4; - CRYPTO_PROTOCOL_TYPE_IKE = 5; - CRYPTO_PROTOCOL_TYPE_SSTP = 6; - CRYPTO_PROTOCOL_TYPE_WPA = 7; + // ProtoBuff's default value -- it differs from "unknown" + CRYPTO_PROTOCOL_TYPE_UNSPECIFIED = 0; + // The protocol type is not known + CRYPTO_PROTOCOL_TYPE_UNKNOWN = 1; + // Another protocol type - none of the following + CRYPTO_PROTOCOL_TYPE_OTHER = 2; + CRYPTO_PROTOCOL_TYPE_TLS = 3; + CRYPTO_PROTOCOL_TYPE_SSH = 4; + CRYPTO_PROTOCOL_TYPE_IPSEC = 5; + CRYPTO_PROTOCOL_TYPE_IKE = 6; + CRYPTO_PROTOCOL_TYPE_SSTP = 7; + CRYPTO_PROTOCOL_TYPE_WPA = 8; } message CryptoProtocolCipherSuite { // A common name for the cipher suite. For example: TLS_DHE_RSA_WITH_AES_128_CCM From b67cb78da458d7fb197a3f9910014f797210b915 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Fri, 23 Feb 2024 13:27:32 +0100 Subject: [PATCH 03/28] finished protobuf lint config Signed-off-by: Jan Kowalleck --- buf.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/buf.yaml b/buf.yaml index 54340787..dc679c64 100644 --- a/buf.yaml +++ b/buf.yaml @@ -14,6 +14,12 @@ lint: # https://buf.build/docs/configuration/v1/buf-yaml#lint # (this shall be fixed with the upcoming CycloneDX v2.0 release - PACKAGE_VERSION_SUFFIX # https://buf.build/docs/lint/rules#package_version_suffix - FIELD_LOWER_SNAKE_CASE # https://buf.build/docs/lint/rules#field_lower_snake_case + ignore_only: + DEFAULT: # https://buf.build/docs/lint/rules#default + # exising schema files may not stick to the rules -- this is acknowledged. + - schema/bom-1.5.proto + - schema/bom-1.4.proto + - schema/bom-1.3.proto allow_comment_ignores: true # breaking: # https://buf.build/docs/configuration/v1/buf-yaml#breaking # use: \ No newline at end of file From f9b68b0882cf9d252b187c1982b2fd5151d7e1bd Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Fri, 23 Feb 2024 13:29:04 +0100 Subject: [PATCH 04/28] docs Signed-off-by: Jan Kowalleck --- buf.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/buf.yaml b/buf.yaml index dc679c64..8327e967 100644 --- a/buf.yaml +++ b/buf.yaml @@ -11,7 +11,7 @@ lint: # https://buf.build/docs/configuration/v1/buf-yaml#lint - PACKAGE_DIRECTORY_MATCH # https://buf.build/docs/lint/rules#package_lower_snake_case - FILE_LOWER_SNAKE_CASE # https://buf.build/docs/lint/rules#file_lower_snake_case # we do not stick to the following best-practices and recommendations: - # (this shall be fixed with the upcoming CycloneDX v2.0 release + # (shall be fixed with v2.0 of this very schema) - PACKAGE_VERSION_SUFFIX # https://buf.build/docs/lint/rules#package_version_suffix - FIELD_LOWER_SNAKE_CASE # https://buf.build/docs/lint/rules#field_lower_snake_case ignore_only: From 38d75fb873b86be2c13ea75a4d14023995bf6bb8 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Fri, 23 Feb 2024 13:29:20 +0100 Subject: [PATCH 05/28] docs Signed-off-by: Jan Kowalleck --- buf.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/buf.yaml b/buf.yaml index 8327e967..33be6671 100644 --- a/buf.yaml +++ b/buf.yaml @@ -1,6 +1,5 @@ # This is the config for "Buf" - a ProtocolBuffer linter/checker/more # see https://buf.build/docs/configuration/v1/buf-yaml - version: v1 lint: # https://buf.build/docs/configuration/v1/buf-yaml#lint use: From 87a3fab22db1a4ca35a4c2735bb403d0cbd180d7 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Fri, 23 Feb 2024 13:29:44 +0100 Subject: [PATCH 06/28] docs Signed-off-by: Jan Kowalleck --- buf.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/buf.yaml b/buf.yaml index 33be6671..13711c3d 100644 --- a/buf.yaml +++ b/buf.yaml @@ -16,9 +16,9 @@ lint: # https://buf.build/docs/configuration/v1/buf-yaml#lint ignore_only: DEFAULT: # https://buf.build/docs/lint/rules#default # exising schema files may not stick to the rules -- this is acknowledged. - - schema/bom-1.5.proto - - schema/bom-1.4.proto - - schema/bom-1.3.proto + - "schema/bom-1.5.proto" + - "schema/bom-1.4.proto" + - "schema/bom-1.3.proto" allow_comment_ignores: true # breaking: # https://buf.build/docs/configuration/v1/buf-yaml#breaking # use: \ No newline at end of file From f34a21f44dee5e880c1f7d3f6152510a19ee3747 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Fri, 23 Feb 2024 13:32:34 +0100 Subject: [PATCH 07/28] docs Signed-off-by: Jan Kowalleck --- buf.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/buf.yaml b/buf.yaml index 13711c3d..4336f9a1 100644 --- a/buf.yaml +++ b/buf.yaml @@ -19,6 +19,6 @@ lint: # https://buf.build/docs/configuration/v1/buf-yaml#lint - "schema/bom-1.5.proto" - "schema/bom-1.4.proto" - "schema/bom-1.3.proto" - allow_comment_ignores: true - # breaking: # https://buf.build/docs/configuration/v1/buf-yaml#breaking - # use: \ No newline at end of file + allow_comment_ignores: true # the so-called "baseline" is done by annotating exceptions +# breaking: # https://buf.build/docs/configuration/v1/buf-yaml#breaking +# use: \ No newline at end of file From fd036a2974be7dc12418cae78fb73aeb26046082 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Fri, 23 Feb 2024 14:05:31 +0100 Subject: [PATCH 08/28] CT Signed-off-by: Jan Kowalleck --- .github/workflows/test_proto.yml | 24 ++++++++++++++++++++++ proto-test/*.textproto | 0 tools/src/test/proto-test.sh | 34 +++++++++++++++++++++++++++----- 3 files changed, 53 insertions(+), 5 deletions(-) create mode 100644 .github/workflows/test_proto.yml create mode 100644 proto-test/*.textproto diff --git a/.github/workflows/test_proto.yml b/.github/workflows/test_proto.yml new file mode 100644 index 00000000..8dfd1d35 --- /dev/null +++ b/.github/workflows/test_proto.yml @@ -0,0 +1,24 @@ +# docs: https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions + +name: CT ProtoBuf + +on: + push: + branches: ['master', 'main'] + pull_request: + workflow_dispatch: + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + test: + timeout-minutes: 30 + runs-on: ubuntu-latest + steps: + - name: Checkout + # see https://github.com/actions/checkout + uses: actions/checkout@v4 + - name: run tests + run: tools/src/test/proto-test.sh \ No newline at end of file diff --git a/proto-test/*.textproto b/proto-test/*.textproto new file mode 100644 index 00000000..e69de29b diff --git a/tools/src/test/proto-test.sh b/tools/src/test/proto-test.sh index fa3377aa..894954df 100755 --- a/tools/src/test/proto-test.sh +++ b/tools/src/test/proto-test.sh @@ -1,6 +1,30 @@ #!/usr/bin/env bash -mkdir -p proto-test -for filename in resources/1.3/*.textproto; -do - protoc --proto_path=../../../schema/ --encode=cyclonedx.v1_3.Bom bom-1.3-SNAPSHOT.proto < $filename | protoc --proto_path=../../../schema/ --decode=cyclonedx.v1_3.Bom bom-1.3-SNAPSHOT.proto > proto-test/${filename##*/} -done; \ No newline at end of file +set -ex + +if [[ -n "$CI" ]] +then + LOG_FORMAT="github-actions" +else + LOG_FORMAT="json" +fi + +# lint protobuf schema files +docker run \ + --volume "$(pwd):/workspace" \ + --workdir /workspace \ + bufbuild/buf:1.29.0 \ + lint --error-format "$LOG_FORMAT" + +# check protobuf schema files for breaking changes +# docker run \ +# --volume "$(pwd):/workspace" \ +# --workdir /workspace \ +# bufbuild/buf:1.29.0 \ +# breaking + +# test all examples against the schema files +# mkdir -p proto-test +# for filename in resources/1.3/*.textproto; +# do +# protoc --proto_path=../../../schema/ --encode=cyclonedx.v1_3.Bom bom-1.3-SNAPSHOT.proto < $filename | protoc --proto_path=../../../schema/ --decode=cyclonedx.v1_3.Bom bom-1.3-SNAPSHOT.proto > proto-test/${filename##*/} +# done \ No newline at end of file From 17796aa656e29d23fcea8006b37d43278a02811d Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Fri, 23 Feb 2024 14:31:21 +0100 Subject: [PATCH 09/28] dependabot for docker Signed-off-by: Jan Kowalleck --- .github/dependabot.yml | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index d56bb1e7..5baaf962 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,5 +1,4 @@ -# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates - +# https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file version: 2 updates: - package-ecosystem: 'github-actions' @@ -12,3 +11,13 @@ updates: prefix: 'chore' ## prefix maximum string length of 15 include: 'scope' open-pull-requests-limit: 999 + - package-ecosystem: 'docker' + directory: '/' + schedule: + interval: 'weekly' + day: 'saturday' + labels: [ 'dependencies' ] + commit-message: + prefix: 'chore' ## prefix maximum string length of 15 + include: 'scope' + open-pull-requests-limit: 999 From f733770d4dcc6138d8a1aa876d7dafddbcb8c214 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Fri, 23 Feb 2024 14:42:18 +0100 Subject: [PATCH 10/28] wip Signed-off-by: Jan Kowalleck --- tools/src/test/proto-test.sh | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/tools/src/test/proto-test.sh b/tools/src/test/proto-test.sh index 894954df..17c76fa9 100755 --- a/tools/src/test/proto-test.sh +++ b/tools/src/test/proto-test.sh @@ -1,7 +1,10 @@ #!/usr/bin/env bash -set -ex +set -uex -if [[ -n "$CI" ]] +THIS_DIR="$(dirname "$0")" +REPO_ROOT="$(realpath "$THIS_DIR/../../..")" + +if [[ -n "${CI:-}" ]] then LOG_FORMAT="github-actions" else @@ -10,17 +13,17 @@ fi # lint protobuf schema files docker run \ - --volume "$(pwd):/workspace" \ + --volume "$REPO_ROOT:/workspace" \ --workdir /workspace \ bufbuild/buf:1.29.0 \ lint --error-format "$LOG_FORMAT" # check protobuf schema files for breaking changes -# docker run \ -# --volume "$(pwd):/workspace" \ -# --workdir /workspace \ -# bufbuild/buf:1.29.0 \ -# breaking +docker run \ + --volume "$REPO_ROOT:/workspace" \ + --workdir /workspace \ + bufbuild/buf:1.29.0 \ + breaking --help # test all examples against the schema files # mkdir -p proto-test From 62f214e2cb630e2ce978f7b55105125ca77d6c35 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Fri, 23 Feb 2024 15:54:06 +0100 Subject: [PATCH 11/28] wip Signed-off-by: Jan Kowalleck --- buf.yaml | 5 ++- tools/src/test/proto-test.sh | 78 ++++++++++++++++++++++++++---------- 2 files changed, 59 insertions(+), 24 deletions(-) diff --git a/buf.yaml b/buf.yaml index 4336f9a1..dc2e85d3 100644 --- a/buf.yaml +++ b/buf.yaml @@ -20,5 +20,6 @@ lint: # https://buf.build/docs/configuration/v1/buf-yaml#lint - "schema/bom-1.4.proto" - "schema/bom-1.3.proto" allow_comment_ignores: true # the so-called "baseline" is done by annotating exceptions -# breaking: # https://buf.build/docs/configuration/v1/buf-yaml#breaking -# use: \ No newline at end of file +breaking: # https://buf.build/docs/configuration/v1/buf-yaml#breaking + use: + - FILE \ No newline at end of file diff --git a/tools/src/test/proto-test.sh b/tools/src/test/proto-test.sh index 17c76fa9..6a4b5367 100755 --- a/tools/src/test/proto-test.sh +++ b/tools/src/test/proto-test.sh @@ -1,8 +1,8 @@ #!/usr/bin/env bash -set -uex +set -ue THIS_DIR="$(dirname "$0")" -REPO_ROOT="$(realpath "$THIS_DIR/../../..")" +REPO_ROOT="$(realpath "${THIS_DIR}/../../..")" if [[ -n "${CI:-}" ]] then @@ -11,23 +11,57 @@ else LOG_FORMAT="json" fi -# lint protobuf schema files -docker run \ - --volume "$REPO_ROOT:/workspace" \ - --workdir /workspace \ - bufbuild/buf:1.29.0 \ - lint --error-format "$LOG_FORMAT" - -# check protobuf schema files for breaking changes -docker run \ - --volume "$REPO_ROOT:/workspace" \ - --workdir /workspace \ - bufbuild/buf:1.29.0 \ - breaking --help - -# test all examples against the schema files -# mkdir -p proto-test -# for filename in resources/1.3/*.textproto; -# do -# protoc --proto_path=../../../schema/ --encode=cyclonedx.v1_3.Bom bom-1.3-SNAPSHOT.proto < $filename | protoc --proto_path=../../../schema/ --decode=cyclonedx.v1_3.Bom bom-1.3-SNAPSHOT.proto > proto-test/${filename##*/} -# done \ No newline at end of file +function test-schema-lint () { + echo '> lint schema files' >&2 + + docker run \ + --volume "${REPO_ROOT}:/workspace" \ + --workdir /workspace \ + bufbuild/buf:1.29.0 \ + lint --error-format "$LOG_FORMAT" +} + + +function test-schema-breaking () { + echo '> test schema for breaking changes' >&2 + + return 0 # WIP + + docker run \ + --volume "${REPO_ROOT}:/workspace" \ + --workdir /workspace \ + bufbuild/buf:1.29.0 \ + breaking 'schema/bom-1.6.proto' --against 'schema/bom-1.5.proto' --error-format "$LOG_FORMAT" +} + +function test-schema-functional () { + echo '> test all examples against the schema files' >&2 + + return 0 # WIP + + mkdir -p proto-test + for filename in resources/1.3/*.textproto; + do + protoc --proto_path=../../../schema/ --encode=cyclonedx.v1_3.Bom bom-1.3-SNAPSHOT.proto < $filename | protoc --proto_path=../../../schema/ --decode=cyclonedx.v1_3.Bom bom-1.3-SNAPSHOT.proto > proto-test/${filename##*/} + done +} + +case "${1:-test}" in + 'lint') + test-schema-lint + ;; + 'breaking') + test-schema-breaking + ;; + 'functional') + test-schema-functional + ;; + 'test') + test-schema-lint + test-schema-breaking + test-schema-functional + ;; + *) + echo 'unexpected argument. known arguments: lint,breaking,functional,test' + exit 1 +esac \ No newline at end of file From 9ad0ebe62480181959066eea90436179afd48add Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Fri, 23 Feb 2024 17:23:39 +0100 Subject: [PATCH 12/28] wip Signed-off-by: Jan Kowalleck --- buf.yaml | 7 +++-- tools/src/test/proto-test.sh | 59 +++++++++++++++++++++++++----------- 2 files changed, 46 insertions(+), 20 deletions(-) diff --git a/buf.yaml b/buf.yaml index dc2e85d3..1bf89d05 100644 --- a/buf.yaml +++ b/buf.yaml @@ -2,7 +2,7 @@ # see https://buf.build/docs/configuration/v1/buf-yaml version: v1 lint: # https://buf.build/docs/configuration/v1/buf-yaml#lint - use: + use: # see https://buf.build/docs/lint/rules - DEFAULT # https://buf.build/docs/lint/rules#default except: # directory/file layout does not match the recommendation/framework of the tool @@ -21,5 +21,6 @@ lint: # https://buf.build/docs/configuration/v1/buf-yaml#lint - "schema/bom-1.3.proto" allow_comment_ignores: true # the so-called "baseline" is done by annotating exceptions breaking: # https://buf.build/docs/configuration/v1/buf-yaml#breaking - use: - - FILE \ No newline at end of file + use: # see https://buf.build/docs/breaking/overview#rules-and-categories + - FILE + - WIRE_JSON \ No newline at end of file diff --git a/tools/src/test/proto-test.sh b/tools/src/test/proto-test.sh index 6a4b5367..2457e7b3 100755 --- a/tools/src/test/proto-test.sh +++ b/tools/src/test/proto-test.sh @@ -1,37 +1,62 @@ #!/usr/bin/env bash -set -ue +set -uex THIS_DIR="$(dirname "$0")" REPO_ROOT="$(realpath "${THIS_DIR}/../../..")" -if [[ -n "${CI:-}" ]] -then - LOG_FORMAT="github-actions" -else - LOG_FORMAT="json" -fi +# paths relative to $REPO_ROOT +BUF_CONFIG='buf.yaml' +SCHEMA_DIR='schema' function test-schema-lint () { - echo '> lint schema files' >&2 + echo '> lint schema files' >&2 - docker run \ - --volume "${REPO_ROOT}:/workspace" \ + if [[ -n "${CI:-}" ]] + then + LOG_FORMAT='github-actions' + else + LOG_FORMAT='text' + fi + + docker run --rm \ + --volume "${REPO_ROOT}/${SCHEMA_DIR}:/workspace/${SCHEMA_DIR}:ro" \ + --volume "${REPO_ROOT}/${BUF_CONFIG}:/workspace/buf.yaml:ro" \ --workdir /workspace \ bufbuild/buf:1.29.0 \ - lint --error-format "$LOG_FORMAT" + lint \ + --error-format "$LOG_FORMAT" \ + --config 'buf.yaml' } function test-schema-breaking () { echo '> test schema for breaking changes' >&2 - return 0 # WIP + if [[ -n "${CI:-}" ]] + then + LOG_FORMAT='github-actions' + else + LOG_FORMAT='text' + fi - docker run \ - --volume "${REPO_ROOT}:/workspace" \ - --workdir /workspace \ - bufbuild/buf:1.29.0 \ - breaking 'schema/bom-1.6.proto' --against 'schema/bom-1.5.proto' --error-format "$LOG_FORMAT" + function run-test() { + echo "> new:${1} -VS- old:${2}" >&2 + # stick with the original paths, so the reporting makes sense... + docker run --rm \ + --volume "${REPO_ROOT}/${SCHEMA_DIR}/bom-${1}.proto:/workspace/${SCHEMA_DIR}/bom-${1}.proto:ro" \ + --volume "${REPO_ROOT}/${SCHEMA_DIR}/bom-${2}.proto:/workspace/${SCHEMA_DIR}_old/bom-${1}.proto:ro" \ + --workdir /workspace \ + bufbuild/buf:1.29.0 \ + breaking "${SCHEMA_DIR}/" \ + --against "${SCHEMA_DIR}_old/" \ + --error-format "$LOG_FORMAT" \ + --config '{"version":"v1","breaking":{"use":["FILE","WIRE_JSON"],"except":["FILE_SAME_PACKAGE"]}}' + # scope is to detect changes from one version to the other -> so ignore "FILE_SAME_PACKAGE" + } + + run-test '1.6' '1.5' + run-test '1.5' '1.4' + run-test '1.4' '1.3' } function test-schema-functional () { From b57036cc904b08cb13660d97229bc6cfc3e7209e Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Fri, 23 Feb 2024 17:24:57 +0100 Subject: [PATCH 13/28] wip Signed-off-by: Jan Kowalleck --- .github/workflows/test_proto.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/test_proto.yml b/.github/workflows/test_proto.yml index 8dfd1d35..1d9eecb0 100644 --- a/.github/workflows/test_proto.yml +++ b/.github/workflows/test_proto.yml @@ -21,4 +21,7 @@ jobs: # see https://github.com/actions/checkout uses: actions/checkout@v4 - name: run tests - run: tools/src/test/proto-test.sh \ No newline at end of file + run: tools/src/test/proto-test.sh + + # TODO: check for breaking changes from this commit to master + # example: https://github.com/DependencyTrack/hyades/blob/main/.github/workflows/buf.yml \ No newline at end of file From 13faf7d275dc92da6f9e28d72e3528c70608a165 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Fri, 23 Feb 2024 17:43:12 +0100 Subject: [PATCH 14/28] wip Signed-off-by: Jan Kowalleck --- tools/src/test/proto-test.sh | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/tools/src/test/proto-test.sh b/tools/src/test/proto-test.sh index 2457e7b3..3e5ee7aa 100755 --- a/tools/src/test/proto-test.sh +++ b/tools/src/test/proto-test.sh @@ -1,5 +1,5 @@ #!/usr/bin/env bash -set -uex +set -ue THIS_DIR="$(dirname "$0")" REPO_ROOT="$(realpath "${THIS_DIR}/../../..")" @@ -29,8 +29,8 @@ function test-schema-lint () { } -function test-schema-breaking () { - echo '> test schema for breaking changes' >&2 +function test-schema-breaking-v2v () { + echo '> test schema for breaking changes v2v' >&2 if [[ -n "${CI:-}" ]] then @@ -39,8 +39,11 @@ function test-schema-breaking () { LOG_FORMAT='text' fi + # scope is to detect changes from one version to the other -> so ignore "FILE_SAME_PACKAGE" + BUF_CFG='{"version":"v1","breaking":{"use":["FILE","WIRE_JSON"],"except":["FILE_SAME_PACKAGE"]}}' + function run-test() { - echo "> new:${1} -VS- old:${2}" >&2 + echo ">> new:${1} -VS- old:${2}" >&2 # stick with the original paths, so the reporting makes sense... docker run --rm \ --volume "${REPO_ROOT}/${SCHEMA_DIR}/bom-${1}.proto:/workspace/${SCHEMA_DIR}/bom-${1}.proto:ro" \ @@ -50,12 +53,11 @@ function test-schema-breaking () { breaking "${SCHEMA_DIR}/" \ --against "${SCHEMA_DIR}_old/" \ --error-format "$LOG_FORMAT" \ - --config '{"version":"v1","breaking":{"use":["FILE","WIRE_JSON"],"except":["FILE_SAME_PACKAGE"]}}' - # scope is to detect changes from one version to the other -> so ignore "FILE_SAME_PACKAGE" + --config "$BUF_CFG" } run-test '1.6' '1.5' - run-test '1.5' '1.4' + echo '>> skip testing' '1.5' '1.4' # <-- had breaking changes, which is acknowledged ... run-test '1.4' '1.3' } @@ -76,14 +78,14 @@ case "${1:-test}" in test-schema-lint ;; 'breaking') - test-schema-breaking + test-schema-breaking-v2v ;; 'functional') test-schema-functional ;; 'test') test-schema-lint - test-schema-breaking + test-schema-breaking-v2v test-schema-functional ;; *) From 975dfe1e0940a68ec05ad6dd0c579fc3d9a68e9f Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sat, 24 Feb 2024 14:14:55 +0100 Subject: [PATCH 15/28] wip Signed-off-by: Jan Kowalleck --- .github/workflows/test_proto.yml | 2 +- tools/src/test/proto-test.sh | 94 ------------- tools/src/test/proto/buf_breaking-remote.yaml | 7 + .../src/test/proto/buf_breaking-version.yaml | 10 ++ .../src/test/proto/buf_lint.yaml | 6 +- tools/src/test/proto/test.sh | 123 ++++++++++++++++++ 6 files changed, 142 insertions(+), 100 deletions(-) delete mode 100755 tools/src/test/proto-test.sh create mode 100644 tools/src/test/proto/buf_breaking-remote.yaml create mode 100644 tools/src/test/proto/buf_breaking-version.yaml rename buf.yaml => tools/src/test/proto/buf_lint.yaml (82%) create mode 100755 tools/src/test/proto/test.sh diff --git a/.github/workflows/test_proto.yml b/.github/workflows/test_proto.yml index 1d9eecb0..8801eec5 100644 --- a/.github/workflows/test_proto.yml +++ b/.github/workflows/test_proto.yml @@ -21,7 +21,7 @@ jobs: # see https://github.com/actions/checkout uses: actions/checkout@v4 - name: run tests - run: tools/src/test/proto-test.sh + run: tools/src/test/proto/test.sh # TODO: check for breaking changes from this commit to master # example: https://github.com/DependencyTrack/hyades/blob/main/.github/workflows/buf.yml \ No newline at end of file diff --git a/tools/src/test/proto-test.sh b/tools/src/test/proto-test.sh deleted file mode 100755 index 3e5ee7aa..00000000 --- a/tools/src/test/proto-test.sh +++ /dev/null @@ -1,94 +0,0 @@ -#!/usr/bin/env bash -set -ue - -THIS_DIR="$(dirname "$0")" -REPO_ROOT="$(realpath "${THIS_DIR}/../../..")" - -# paths relative to $REPO_ROOT -BUF_CONFIG='buf.yaml' -SCHEMA_DIR='schema' - -function test-schema-lint () { - echo '> lint schema files' >&2 - - if [[ -n "${CI:-}" ]] - then - LOG_FORMAT='github-actions' - else - LOG_FORMAT='text' - fi - - docker run --rm \ - --volume "${REPO_ROOT}/${SCHEMA_DIR}:/workspace/${SCHEMA_DIR}:ro" \ - --volume "${REPO_ROOT}/${BUF_CONFIG}:/workspace/buf.yaml:ro" \ - --workdir /workspace \ - bufbuild/buf:1.29.0 \ - lint \ - --error-format "$LOG_FORMAT" \ - --config 'buf.yaml' -} - - -function test-schema-breaking-v2v () { - echo '> test schema for breaking changes v2v' >&2 - - if [[ -n "${CI:-}" ]] - then - LOG_FORMAT='github-actions' - else - LOG_FORMAT='text' - fi - - # scope is to detect changes from one version to the other -> so ignore "FILE_SAME_PACKAGE" - BUF_CFG='{"version":"v1","breaking":{"use":["FILE","WIRE_JSON"],"except":["FILE_SAME_PACKAGE"]}}' - - function run-test() { - echo ">> new:${1} -VS- old:${2}" >&2 - # stick with the original paths, so the reporting makes sense... - docker run --rm \ - --volume "${REPO_ROOT}/${SCHEMA_DIR}/bom-${1}.proto:/workspace/${SCHEMA_DIR}/bom-${1}.proto:ro" \ - --volume "${REPO_ROOT}/${SCHEMA_DIR}/bom-${2}.proto:/workspace/${SCHEMA_DIR}_old/bom-${1}.proto:ro" \ - --workdir /workspace \ - bufbuild/buf:1.29.0 \ - breaking "${SCHEMA_DIR}/" \ - --against "${SCHEMA_DIR}_old/" \ - --error-format "$LOG_FORMAT" \ - --config "$BUF_CFG" - } - - run-test '1.6' '1.5' - echo '>> skip testing' '1.5' '1.4' # <-- had breaking changes, which is acknowledged ... - run-test '1.4' '1.3' -} - -function test-schema-functional () { - echo '> test all examples against the schema files' >&2 - - return 0 # WIP - - mkdir -p proto-test - for filename in resources/1.3/*.textproto; - do - protoc --proto_path=../../../schema/ --encode=cyclonedx.v1_3.Bom bom-1.3-SNAPSHOT.proto < $filename | protoc --proto_path=../../../schema/ --decode=cyclonedx.v1_3.Bom bom-1.3-SNAPSHOT.proto > proto-test/${filename##*/} - done -} - -case "${1:-test}" in - 'lint') - test-schema-lint - ;; - 'breaking') - test-schema-breaking-v2v - ;; - 'functional') - test-schema-functional - ;; - 'test') - test-schema-lint - test-schema-breaking-v2v - test-schema-functional - ;; - *) - echo 'unexpected argument. known arguments: lint,breaking,functional,test' - exit 1 -esac \ No newline at end of file diff --git a/tools/src/test/proto/buf_breaking-remote.yaml b/tools/src/test/proto/buf_breaking-remote.yaml new file mode 100644 index 00000000..7c3dbf25 --- /dev/null +++ b/tools/src/test/proto/buf_breaking-remote.yaml @@ -0,0 +1,7 @@ +# This is the config for "Buf" - a ProtocolBuffer linter/checker/more +# see https://buf.build/docs/configuration/v1/buf-yaml +version: v1 +breaking: # https://buf.build/docs/configuration/v1/buf-yaml#breaking + use: # see https://buf.build/docs/breaking/overview#rules-and-categories + - FILE + - WIRE_JSON \ No newline at end of file diff --git a/tools/src/test/proto/buf_breaking-version.yaml b/tools/src/test/proto/buf_breaking-version.yaml new file mode 100644 index 00000000..fcc81b05 --- /dev/null +++ b/tools/src/test/proto/buf_breaking-version.yaml @@ -0,0 +1,10 @@ +# This is the config for "Buf" - a ProtocolBuffer linter/checker/more +# see https://buf.build/docs/configuration/v1/buf-yaml +version: v1 +breaking: # https://buf.build/docs/configuration/v1/buf-yaml#breaking + use: # see https://buf.build/docs/breaking/overview#rules-and-categories + - FILE + - WIRE_JSON + except: + # scope is to detect changes from one version to the other -> so ignore "FILE_SAME_PACKAGE" + - FILE_SAME_PACKAGE \ No newline at end of file diff --git a/buf.yaml b/tools/src/test/proto/buf_lint.yaml similarity index 82% rename from buf.yaml rename to tools/src/test/proto/buf_lint.yaml index 1bf89d05..0b78a3cb 100644 --- a/buf.yaml +++ b/tools/src/test/proto/buf_lint.yaml @@ -15,12 +15,8 @@ lint: # https://buf.build/docs/configuration/v1/buf-yaml#lint - FIELD_LOWER_SNAKE_CASE # https://buf.build/docs/lint/rules#field_lower_snake_case ignore_only: DEFAULT: # https://buf.build/docs/lint/rules#default - # exising schema files may not stick to the rules -- this is acknowledged. + # legacy schema files may NOT stick to the rules -- this is acknowledged. - "schema/bom-1.5.proto" - "schema/bom-1.4.proto" - "schema/bom-1.3.proto" allow_comment_ignores: true # the so-called "baseline" is done by annotating exceptions -breaking: # https://buf.build/docs/configuration/v1/buf-yaml#breaking - use: # see https://buf.build/docs/breaking/overview#rules-and-categories - - FILE - - WIRE_JSON \ No newline at end of file diff --git a/tools/src/test/proto/test.sh b/tools/src/test/proto/test.sh new file mode 100755 index 00000000..0eb93e28 --- /dev/null +++ b/tools/src/test/proto/test.sh @@ -0,0 +1,123 @@ +#!/usr/bin/env bash +set -ue + +THIS_DIR="$(dirname "$0")" +REPO_ROOT="$(realpath "${THIS_DIR}/../../../..")" + +# paths relative to $REPO_ROOT +SCHEMA_DIR='schema' + +REMOTE='https://github.com/CycloneDX/specification.git' + +function schema-lint () { + echo '> lint schema files' >&2 + + if [[ -n "${CI:-}" ]] + then + LOG_FORMAT='github-actions' + else + LOG_FORMAT='text' + fi + + docker run --rm \ + --volume "${REPO_ROOT}/${SCHEMA_DIR}:/workspace/${SCHEMA_DIR}:ro" \ + --volume "${THIS_DIR}/buf_lint.yaml:/workspace/buf.yaml:ro" \ + --workdir '/workspace' \ + bufbuild/buf:1.29.0 \ + lint --path "$SCHEMA_DIR" \ + --config 'buf.yaml' \ + --error-format "$LOG_FORMAT" +} + + +function schema-breaking-version () { + echo '> test schema for breaking changes against previous version' >&2 + + if [[ -n "${CI:-}" ]] + then + LOG_FORMAT='github-actions' + else + LOG_FORMAT='text' + fi + + function compare() { + echo ">> compare new:${1} -VS- old:${2}" >&2 + # stick with the original paths, so the reporting makes sense... + docker run --rm \ + --volume "${REPO_ROOT}/${SCHEMA_DIR}/bom-${1}.proto:/workspace/${SCHEMA_DIR}/bom-${1}.proto:ro" \ + --volume "${REPO_ROOT}/${SCHEMA_DIR}/bom-${2}.proto:/workspace/${SCHEMA_DIR}_old/bom-${1}.proto:ro" \ + --volume "${THIS_DIR}/buf_breaking-version.yaml:/workspace/buf.yaml:ro" \ + --workdir '/workspace' \ + bufbuild/buf:1.29.0 \ + breaking "$SCHEMA_DIR" --against "${SCHEMA_DIR}_old" \ + --config 'buf.yaml' \ + --error-format "$LOG_FORMAT" + } + + compare '1.6' '1.5' + echo '>> skip compare' '1.5' '1.4' # <-- had breaking changes, which is acknowledged ... + compare '1.4' '1.3' +} + +function schema-breaking-remote () { + echo '> test schema for breaking changes against remote' >&2 + + if [[ -n "${CI:-}" ]] + then + LOG_FORMAT='github-actions' + else + LOG_FORMAT='text' + fi + + docker run --rm \ + --volume "${REPO_ROOT}/${SCHEMA_DIR}:/workspace/${SCHEMA_DIR}:ro" \ + --volume "${THIS_DIR}/buf_breaking-remote.yaml:/workspace/buf.yaml:ro" \ + --workdir '/workspace' \ + bufbuild/buf:1.29.0 \ + breaking "$SCHEMA_DIR" --against "${REMOTE}#subdir=${SCHEMA_DIR}" \ + --config 'buf.yaml' \ + --error-format "$LOG_FORMAT" +} + +function schema-functional () { + echo '> test all examples against the schema files' >&2 + + return 0 # WIP + + mkdir -p proto-test + for filename in resources/1.3/*.textproto; + do + protoc --proto_path=../../../schema/ --encode=cyclonedx.v1_3.Bom bom-1.3-SNAPSHOT.proto < $filename | protoc --proto_path=../../../schema/ --decode=cyclonedx.v1_3.Bom bom-1.3-SNAPSHOT.proto > proto-test/${filename##*/} + done +} + +case "${1:-all}" in + 'schema-lint') + schema-lint + ;; + 'schema-breaking-version') + schema-breaking-version + ;; + 'schema-breaking-remote') + schema-breaking-remote + ;; + 'schema-breaking') + schema-breaking-version + schema-breaking-remote + ;; + 'schema-functional') + schema-functional + ;; + 'all') + # all the above + schema-lint + schema-breaking-version + schema-breaking-remote + schema-functional + ;; + *) + echo 'unexpected argument. known arguments:' \ + 'schema-lint,schema-breaking-version,schema-breaking-remote,schema-breaking,schema-functional,all' + exit 1 + ;; +esac \ No newline at end of file From 6a7c6e0fb5f004019da190c25bf900f29a612ea9 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sat, 24 Feb 2024 14:18:31 +0100 Subject: [PATCH 16/28] wip Signed-off-by: Jan Kowalleck --- .github/workflows/test_proto.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/test_proto.yml b/.github/workflows/test_proto.yml index 8801eec5..b5a83fe9 100644 --- a/.github/workflows/test_proto.yml +++ b/.github/workflows/test_proto.yml @@ -17,6 +17,7 @@ jobs: timeout-minutes: 30 runs-on: ubuntu-latest steps: + - run: env - name: Checkout # see https://github.com/actions/checkout uses: actions/checkout@v4 From ba3fa7c8a958ee8cd6046624eb6ead17991ca0b5 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sat, 24 Feb 2024 14:30:08 +0100 Subject: [PATCH 17/28] wip Signed-off-by: Jan Kowalleck --- .github/workflows/test_proto.yml | 4 ---- tools/src/test/proto/test.sh | 8 ++++---- 2 files changed, 4 insertions(+), 8 deletions(-) diff --git a/.github/workflows/test_proto.yml b/.github/workflows/test_proto.yml index b5a83fe9..ed0d8bc6 100644 --- a/.github/workflows/test_proto.yml +++ b/.github/workflows/test_proto.yml @@ -17,12 +17,8 @@ jobs: timeout-minutes: 30 runs-on: ubuntu-latest steps: - - run: env - name: Checkout # see https://github.com/actions/checkout uses: actions/checkout@v4 - name: run tests run: tools/src/test/proto/test.sh - - # TODO: check for breaking changes from this commit to master - # example: https://github.com/DependencyTrack/hyades/blob/main/.github/workflows/buf.yml \ No newline at end of file diff --git a/tools/src/test/proto/test.sh b/tools/src/test/proto/test.sh index 0eb93e28..f682c2be 100755 --- a/tools/src/test/proto/test.sh +++ b/tools/src/test/proto/test.sh @@ -1,5 +1,5 @@ #!/usr/bin/env bash -set -ue +set -uex THIS_DIR="$(dirname "$0")" REPO_ROOT="$(realpath "${THIS_DIR}/../../../..")" @@ -7,7 +7,7 @@ REPO_ROOT="$(realpath "${THIS_DIR}/../../../..")" # paths relative to $REPO_ROOT SCHEMA_DIR='schema' -REMOTE='https://github.com/CycloneDX/specification.git' +REMOTE="https://github.com/${GITHUB_REPOSITORY:-CycloneDX/specification}.git" function schema-lint () { echo '> lint schema files' >&2 @@ -33,7 +33,7 @@ function schema-lint () { function schema-breaking-version () { echo '> test schema for breaking changes against previous version' >&2 - if [[ -n "${CI:-}" ]] + if [[ -n "${GITHUB_WORKFLOW:-}" ]] then LOG_FORMAT='github-actions' else @@ -62,7 +62,7 @@ function schema-breaking-version () { function schema-breaking-remote () { echo '> test schema for breaking changes against remote' >&2 - if [[ -n "${CI:-}" ]] + if [[ -n "${GITHUB_WORKFLOW:-}" ]] then LOG_FORMAT='github-actions' else From 9117fea98f981acc06ef29185ec5054e190de2e1 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sat, 24 Feb 2024 14:35:36 +0100 Subject: [PATCH 18/28] wip Signed-off-by: Jan Kowalleck --- tools/src/test/proto/test.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/src/test/proto/test.sh b/tools/src/test/proto/test.sh index f682c2be..d419bc42 100755 --- a/tools/src/test/proto/test.sh +++ b/tools/src/test/proto/test.sh @@ -1,7 +1,7 @@ #!/usr/bin/env bash -set -uex +set -ue -THIS_DIR="$(dirname "$0")" +THIS_DIR="$(realpath "$(dirname "$0")")" REPO_ROOT="$(realpath "${THIS_DIR}/../../../..")" # paths relative to $REPO_ROOT From 7d2ffc3f5e8f4b5aff7160d656b8c26e120daba8 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sat, 24 Feb 2024 14:36:35 +0100 Subject: [PATCH 19/28] wip Signed-off-by: Jan Kowalleck --- tools/src/test/proto/test.sh | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/tools/src/test/proto/test.sh b/tools/src/test/proto/test.sh index d419bc42..069483c4 100755 --- a/tools/src/test/proto/test.sh +++ b/tools/src/test/proto/test.sh @@ -1,10 +1,10 @@ #!/usr/bin/env bash set -ue -THIS_DIR="$(realpath "$(dirname "$0")")" -REPO_ROOT="$(realpath "${THIS_DIR}/../../../..")" +THIS_PATH="$(realpath "$(dirname "$0")")" +ROOT_PATH="$(realpath "${THIS_PATH}/../../../..")" -# paths relative to $REPO_ROOT +# paths relative to $ROOT_PATH SCHEMA_DIR='schema' REMOTE="https://github.com/${GITHUB_REPOSITORY:-CycloneDX/specification}.git" @@ -20,8 +20,8 @@ function schema-lint () { fi docker run --rm \ - --volume "${REPO_ROOT}/${SCHEMA_DIR}:/workspace/${SCHEMA_DIR}:ro" \ - --volume "${THIS_DIR}/buf_lint.yaml:/workspace/buf.yaml:ro" \ + --volume "${ROOT_PATH}/${SCHEMA_DIR}:/workspace/${SCHEMA_DIR}:ro" \ + --volume "${THIS_PATH}/buf_lint.yaml:/workspace/buf.yaml:ro" \ --workdir '/workspace' \ bufbuild/buf:1.29.0 \ lint --path "$SCHEMA_DIR" \ @@ -44,9 +44,9 @@ function schema-breaking-version () { echo ">> compare new:${1} -VS- old:${2}" >&2 # stick with the original paths, so the reporting makes sense... docker run --rm \ - --volume "${REPO_ROOT}/${SCHEMA_DIR}/bom-${1}.proto:/workspace/${SCHEMA_DIR}/bom-${1}.proto:ro" \ - --volume "${REPO_ROOT}/${SCHEMA_DIR}/bom-${2}.proto:/workspace/${SCHEMA_DIR}_old/bom-${1}.proto:ro" \ - --volume "${THIS_DIR}/buf_breaking-version.yaml:/workspace/buf.yaml:ro" \ + --volume "${ROOT_PATH}/${SCHEMA_DIR}/bom-${1}.proto:/workspace/${SCHEMA_DIR}/bom-${1}.proto:ro" \ + --volume "${ROOT_PATH}/${SCHEMA_DIR}/bom-${2}.proto:/workspace/${SCHEMA_DIR}_old/bom-${1}.proto:ro" \ + --volume "${THIS_PATH}/buf_breaking-version.yaml:/workspace/buf.yaml:ro" \ --workdir '/workspace' \ bufbuild/buf:1.29.0 \ breaking "$SCHEMA_DIR" --against "${SCHEMA_DIR}_old" \ @@ -70,8 +70,8 @@ function schema-breaking-remote () { fi docker run --rm \ - --volume "${REPO_ROOT}/${SCHEMA_DIR}:/workspace/${SCHEMA_DIR}:ro" \ - --volume "${THIS_DIR}/buf_breaking-remote.yaml:/workspace/buf.yaml:ro" \ + --volume "${ROOT_PATH}/${SCHEMA_DIR}:/workspace/${SCHEMA_DIR}:ro" \ + --volume "${THIS_PATH}/buf_breaking-remote.yaml:/workspace/buf.yaml:ro" \ --workdir '/workspace' \ bufbuild/buf:1.29.0 \ breaking "$SCHEMA_DIR" --against "${REMOTE}#subdir=${SCHEMA_DIR}" \ From 441fd9ee11266842060ba5ea38736af253d16ee8 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sat, 24 Feb 2024 14:38:40 +0100 Subject: [PATCH 20/28] wip Signed-off-by: Jan Kowalleck --- .github/workflows/test_proto.yml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test_proto.yml b/.github/workflows/test_proto.yml index ed0d8bc6..0dfe8cae 100644 --- a/.github/workflows/test_proto.yml +++ b/.github/workflows/test_proto.yml @@ -12,6 +12,10 @@ concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true +defaults: + run: + working-directory: tools/src/test/proto + jobs: test: timeout-minutes: 30 @@ -20,5 +24,5 @@ jobs: - name: Checkout # see https://github.com/actions/checkout uses: actions/checkout@v4 - - name: run tests - run: tools/src/test/proto/test.sh + - name: Run test + run: ./test.sh From 7c15cf94d6c2ae4126b5d93b7d56c235c3173e20 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sat, 24 Feb 2024 14:41:04 +0100 Subject: [PATCH 21/28] wip Signed-off-by: Jan Kowalleck --- tools/src/test/proto/test.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/src/test/proto/test.sh b/tools/src/test/proto/test.sh index 069483c4..38797509 100755 --- a/tools/src/test/proto/test.sh +++ b/tools/src/test/proto/test.sh @@ -82,6 +82,7 @@ function schema-breaking-remote () { function schema-functional () { echo '> test all examples against the schema files' >&2 + echo 'TODO' # @TODO return 0 # WIP mkdir -p proto-test From 878162c6ef235929fd2648cb10750d155cd9c816 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sat, 24 Feb 2024 14:43:45 +0100 Subject: [PATCH 22/28] wip Signed-off-by: Jan Kowalleck --- tools/src/test/proto/test.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/src/test/proto/test.sh b/tools/src/test/proto/test.sh index 38797509..cf3325b3 100755 --- a/tools/src/test/proto/test.sh +++ b/tools/src/test/proto/test.sh @@ -55,7 +55,7 @@ function schema-breaking-version () { } compare '1.6' '1.5' - echo '>> skip compare' '1.5' '1.4' # <-- had breaking changes, which is acknowledged ... + echo '>> skip compare' '1.5' '1.4' >&2 # <-- had breaking changes, which is acknowledged ... compare '1.4' '1.3' } From 8dbfee7df9219a001a22d5bca8a1d286cfd0ffd9 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sat, 24 Feb 2024 19:35:58 +0100 Subject: [PATCH 23/28] tidy Signed-off-by: Jan Kowalleck --- proto-test/*.textproto | 0 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 proto-test/*.textproto diff --git a/proto-test/*.textproto b/proto-test/*.textproto deleted file mode 100644 index e69de29b..00000000 From 8db0967c11cb913ac3c7a9a037159338df3f3bd9 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Wed, 28 Feb 2024 13:56:02 +0100 Subject: [PATCH 24/28] wip Signed-off-by: Jan Kowalleck --- tools/src/test/proto/Dockerfile | 9 +++ tools/src/test/proto/install_protoc.sh | 52 ++++++++++++++++++ tools/src/test/proto/test.sh | 76 ++++++++++++++++++++++---- 3 files changed, 125 insertions(+), 12 deletions(-) create mode 100644 tools/src/test/proto/Dockerfile create mode 100644 tools/src/test/proto/install_protoc.sh diff --git a/tools/src/test/proto/Dockerfile b/tools/src/test/proto/Dockerfile new file mode 100644 index 00000000..19f82d7f --- /dev/null +++ b/tools/src/test/proto/Dockerfile @@ -0,0 +1,9 @@ +FROM bufbuild/buf:1.29.0 +ENTRYPOINT [] + +ARG PROTOC_VERSION="25.3" +ADD --chmod=777 install_protoc.sh /tmp/install_protoc.sh +RUN /tmp/install_protoc.sh "$PROTOC_VERSION" +RUN rm /tmp/install_protoc.sh +ENV PATH="${PATH}:/opt/protoc/bin" + diff --git a/tools/src/test/proto/install_protoc.sh b/tools/src/test/proto/install_protoc.sh new file mode 100644 index 00000000..b7b8e508 --- /dev/null +++ b/tools/src/test/proto/install_protoc.sh @@ -0,0 +1,52 @@ +#!/usr/bin/env sh +set -ue + +PROTOC_VERSION="$1" + +REMOTE_PATTERN="https://github.com/protocolbuffers/protobuf/releases/download/v${PROTOC_VERSION}/protoc-${PROTOC_VERSION}-linux-{ARCH}.zip" +# {ARCH} is one of: aarch_64 ppcle_64 s390_64 x86_32 x86_64 + +C_LONG_BIT="$(getconf LONG_BIT)" +M_ARCH="$(uname -m)" +case "${M_ARCH}" in + 'aarch64' | 'aarch64_be' | 'armv8b' | 'armv8l' | 'arm') + if [ "$C_LONG_BIT" != '64' ] + then + echo "unsupported C_LONG_BIT: ${C_LONG_BIT}" >&2 + exit 2 + fi + R_ARCH='aarch_64' + ;; + 'ppc64le' | 'ppcle' | 'ppc64' | 'ppc') + if [ "$C_LONG_BIT" != '64' ] + then + echo "unsupported C_LONG_BIT: ${C_LONG_BIT}" >&2 + exit 2 + fi + R_ARCH='ppcle_64' + ;; + 's390x' | 's390') + if [ "$C_LONG_BIT" != '64' ] + then + echo "unsupported C_LONG_BIT: ${C_LONG_BIT}" >&2 + exit 2 + fi + R_ARCH='s390_64' + ;; + 'i386' | 'i686' | 'x86_64') + if [ "$C_LONG_BIT" = '64' ] + then + R_ARCH='x86_64' + else + R_ARCH='x86_32' + fi + ;; + *) + echo "unmapped M_ARCH: ${M_ARCH}" >&2 + exit 1 + ;; +esac + +REMOTE="$(echo "$REMOTE_PATTERN" | sed "s/{ARCH}/${R_ARCH}/")" +wget -qO- "${REMOTE}" | unzip -d /opt/protoc - +chmod a+x /opt/protoc/bin/protoc diff --git a/tools/src/test/proto/test.sh b/tools/src/test/proto/test.sh index cf3325b3..885664ed 100755 --- a/tools/src/test/proto/test.sh +++ b/tools/src/test/proto/test.sh @@ -1,14 +1,22 @@ #!/usr/bin/env bash -set -ue +set -uex THIS_PATH="$(realpath "$(dirname "$0")")" ROOT_PATH="$(realpath "${THIS_PATH}/../../../..")" # paths relative to $ROOT_PATH SCHEMA_DIR='schema' +TEST_RES_DIR='tools/src/test/resources' REMOTE="https://github.com/${GITHUB_REPOSITORY:-CycloneDX/specification}.git" +DOCKER_IMG_NAME='cdx_schema_testing_protobuf' + +function prepare() { + echo '> preparing runner image' >&2 + docker build --tag "$DOCKER_IMG_NAME" "$THIS_PATH" +} + function schema-lint () { echo '> lint schema files' >&2 @@ -23,10 +31,12 @@ function schema-lint () { --volume "${ROOT_PATH}/${SCHEMA_DIR}:/workspace/${SCHEMA_DIR}:ro" \ --volume "${THIS_PATH}/buf_lint.yaml:/workspace/buf.yaml:ro" \ --workdir '/workspace' \ - bufbuild/buf:1.29.0 \ - lint --path "$SCHEMA_DIR" \ + "$DOCKER_IMG_NAME" \ + buf lint --path "$SCHEMA_DIR" \ --config 'buf.yaml' \ --error-format "$LOG_FORMAT" + + echo '>> OK.' >&2 } @@ -48,15 +58,17 @@ function schema-breaking-version () { --volume "${ROOT_PATH}/${SCHEMA_DIR}/bom-${2}.proto:/workspace/${SCHEMA_DIR}_old/bom-${1}.proto:ro" \ --volume "${THIS_PATH}/buf_breaking-version.yaml:/workspace/buf.yaml:ro" \ --workdir '/workspace' \ - bufbuild/buf:1.29.0 \ - breaking "$SCHEMA_DIR" --against "${SCHEMA_DIR}_old" \ + "$DOCKER_IMG_NAME" \ + buf breaking "$SCHEMA_DIR" --against "${SCHEMA_DIR}_old" \ --config 'buf.yaml' \ --error-format "$LOG_FORMAT" } compare '1.6' '1.5' - echo '>> skip compare' '1.5' '1.4' >&2 # <-- had breaking changes, which is acknowledged ... + echo '>> skip compare' '1.5' '1.4' >&2 # <-- had breaking changes, which is acknowledged compare '1.4' '1.3' + + echo '>> OK.' >&2 } function schema-breaking-remote () { @@ -73,44 +85,83 @@ function schema-breaking-remote () { --volume "${ROOT_PATH}/${SCHEMA_DIR}:/workspace/${SCHEMA_DIR}:ro" \ --volume "${THIS_PATH}/buf_breaking-remote.yaml:/workspace/buf.yaml:ro" \ --workdir '/workspace' \ - bufbuild/buf:1.29.0 \ - breaking "$SCHEMA_DIR" --against "${REMOTE}#subdir=${SCHEMA_DIR}" \ + "$DOCKER_IMG_NAME" \ + buf breaking "$SCHEMA_DIR" --against "${REMOTE}#subdir=${SCHEMA_DIR}" \ --config 'buf.yaml' \ --error-format "$LOG_FORMAT" + + echo '>> OK.' >&2 } function schema-functional () { - echo '> test all examples against the schema files' >&2 + echo '> test all examples against the respective schema' >&2 + + function validate() { + FILE="$1" + SCHEMA_VERS="$2" + MESSAGE="cyclonedx.v${SCHEMA_VERS/./_}.Bom" + + echo ">> validate ${FILE} as ${MESSAGE}" >&2 + + docker run --rm \ + --volume "${ROOT_PATH}/${SCHEMA_DIR}:/workspace/${SCHEMA_DIR}:ro" \ + --volume "${FILE}:/workspace/test_res:ro" \ + --workdir '/workspace' \ + "$DOCKER_IMG_NAME" \ + buf convert "${SCHEMA_DIR}/bom-${SCHEMA_VERS}.proto" \ + --type "$MESSAGE" \ + --from 'test_res#format=txtpb' \ + --to /dev/null + } + + shopt -s globstar + for test_res in "$ROOT_PATH"/"$TEST_RES_DIR"/*/valid-*.textproto + do + SCHEMA_VERS="$(basename "$(dirname "$test_res")")" + validate "$test_res" "$SCHEMA_VERS" + done echo 'TODO' # @TODO return 0 # WIP + ## buf convert schema/bom-1.6.proto --type cyclonedx.v1_6.Bom --from tools/src/test/resources/1.6/_test.textproto'#format=txtpb' + ## + mkdir -p proto-test - for filename in resources/1.3/*.textproto; + for filename in resources/*/*.textproto; do - protoc --proto_path=../../../schema/ --encode=cyclonedx.v1_3.Bom bom-1.3-SNAPSHOT.proto < $filename | protoc --proto_path=../../../schema/ --decode=cyclonedx.v1_3.Bom bom-1.3-SNAPSHOT.proto > proto-test/${filename##*/} + protoc --proto_path=../../../schema/ --encode=cyclonedx.v1_3.Bom bom-1.3-SNAPSHOT.proto < $filename |\ + protoc --proto_path=../../../schema/ --decode=cyclonedx.v1_3.Bom bom-1.3-SNAPSHOT.proto > proto-test/${filename##*/} done + + echo '>> OK.' >&2 } case "${1:-all}" in 'schema-lint') + prepare schema-lint ;; 'schema-breaking-version') + prepare schema-breaking-version ;; 'schema-breaking-remote') + prepare schema-breaking-remote ;; 'schema-breaking') + prepare schema-breaking-version schema-breaking-remote ;; 'schema-functional') + prepare schema-functional ;; 'all') # all the above + prepare schema-lint schema-breaking-version schema-breaking-remote @@ -118,7 +169,8 @@ case "${1:-all}" in ;; *) echo 'unexpected argument. known arguments:' \ - 'schema-lint,schema-breaking-version,schema-breaking-remote,schema-breaking,schema-functional,all' + 'schema-lint,schema-breaking-version,schema-breaking-remote,schema-breaking,schema-functional,all' \ + >&2 exit 1 ;; esac \ No newline at end of file From 405fd3e47bf8e98df4951c6b459af4a5210c6725 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Wed, 28 Feb 2024 14:06:20 +0100 Subject: [PATCH 25/28] wip Signed-off-by: Jan Kowalleck --- tools/src/test/proto/Dockerfile | 9 ---- tools/src/test/proto/install_protoc.sh | 52 --------------------- tools/src/test/proto/test.sh | 64 +++++++++++--------------- 3 files changed, 26 insertions(+), 99 deletions(-) delete mode 100644 tools/src/test/proto/Dockerfile delete mode 100644 tools/src/test/proto/install_protoc.sh diff --git a/tools/src/test/proto/Dockerfile b/tools/src/test/proto/Dockerfile deleted file mode 100644 index 19f82d7f..00000000 --- a/tools/src/test/proto/Dockerfile +++ /dev/null @@ -1,9 +0,0 @@ -FROM bufbuild/buf:1.29.0 -ENTRYPOINT [] - -ARG PROTOC_VERSION="25.3" -ADD --chmod=777 install_protoc.sh /tmp/install_protoc.sh -RUN /tmp/install_protoc.sh "$PROTOC_VERSION" -RUN rm /tmp/install_protoc.sh -ENV PATH="${PATH}:/opt/protoc/bin" - diff --git a/tools/src/test/proto/install_protoc.sh b/tools/src/test/proto/install_protoc.sh deleted file mode 100644 index b7b8e508..00000000 --- a/tools/src/test/proto/install_protoc.sh +++ /dev/null @@ -1,52 +0,0 @@ -#!/usr/bin/env sh -set -ue - -PROTOC_VERSION="$1" - -REMOTE_PATTERN="https://github.com/protocolbuffers/protobuf/releases/download/v${PROTOC_VERSION}/protoc-${PROTOC_VERSION}-linux-{ARCH}.zip" -# {ARCH} is one of: aarch_64 ppcle_64 s390_64 x86_32 x86_64 - -C_LONG_BIT="$(getconf LONG_BIT)" -M_ARCH="$(uname -m)" -case "${M_ARCH}" in - 'aarch64' | 'aarch64_be' | 'armv8b' | 'armv8l' | 'arm') - if [ "$C_LONG_BIT" != '64' ] - then - echo "unsupported C_LONG_BIT: ${C_LONG_BIT}" >&2 - exit 2 - fi - R_ARCH='aarch_64' - ;; - 'ppc64le' | 'ppcle' | 'ppc64' | 'ppc') - if [ "$C_LONG_BIT" != '64' ] - then - echo "unsupported C_LONG_BIT: ${C_LONG_BIT}" >&2 - exit 2 - fi - R_ARCH='ppcle_64' - ;; - 's390x' | 's390') - if [ "$C_LONG_BIT" != '64' ] - then - echo "unsupported C_LONG_BIT: ${C_LONG_BIT}" >&2 - exit 2 - fi - R_ARCH='s390_64' - ;; - 'i386' | 'i686' | 'x86_64') - if [ "$C_LONG_BIT" = '64' ] - then - R_ARCH='x86_64' - else - R_ARCH='x86_32' - fi - ;; - *) - echo "unmapped M_ARCH: ${M_ARCH}" >&2 - exit 1 - ;; -esac - -REMOTE="$(echo "$REMOTE_PATTERN" | sed "s/{ARCH}/${R_ARCH}/")" -wget -qO- "${REMOTE}" | unzip -d /opt/protoc - -chmod a+x /opt/protoc/bin/protoc diff --git a/tools/src/test/proto/test.sh b/tools/src/test/proto/test.sh index 885664ed..5f0625ed 100755 --- a/tools/src/test/proto/test.sh +++ b/tools/src/test/proto/test.sh @@ -10,12 +10,9 @@ TEST_RES_DIR='tools/src/test/resources' REMOTE="https://github.com/${GITHUB_REPOSITORY:-CycloneDX/specification}.git" -DOCKER_IMG_NAME='cdx_schema_testing_protobuf' -function prepare() { - echo '> preparing runner image' >&2 - docker build --tag "$DOCKER_IMG_NAME" "$THIS_PATH" -} +## ---- + function schema-lint () { echo '> lint schema files' >&2 @@ -31,8 +28,8 @@ function schema-lint () { --volume "${ROOT_PATH}/${SCHEMA_DIR}:/workspace/${SCHEMA_DIR}:ro" \ --volume "${THIS_PATH}/buf_lint.yaml:/workspace/buf.yaml:ro" \ --workdir '/workspace' \ - "$DOCKER_IMG_NAME" \ - buf lint --path "$SCHEMA_DIR" \ + bufbuild/buf:1.29.0 \ + lint --path "$SCHEMA_DIR" \ --config 'buf.yaml' \ --error-format "$LOG_FORMAT" @@ -51,15 +48,19 @@ function schema-breaking-version () { fi function compare() { - echo ">> compare new:${1} -VS- old:${2}" >&2 + NEW="${1}" + OLD="${2}" + + echo ">> compare new:${NEW} -VS- old:${OLD}" >&2 # stick with the original paths, so the reporting makes sense... docker run --rm \ - --volume "${ROOT_PATH}/${SCHEMA_DIR}/bom-${1}.proto:/workspace/${SCHEMA_DIR}/bom-${1}.proto:ro" \ - --volume "${ROOT_PATH}/${SCHEMA_DIR}/bom-${2}.proto:/workspace/${SCHEMA_DIR}_old/bom-${1}.proto:ro" \ + --volume "${ROOT_PATH}/${SCHEMA_DIR}/bom-${NEW}.proto:/workspace/${SCHEMA_DIR}/bom-${NEW}.proto:ro" \ + --volume "${ROOT_PATH}/${SCHEMA_DIR}/bom-${OLD}.proto:/workspace/${SCHEMA_DIR}_old/bom-${NEW}.proto:ro" \ --volume "${THIS_PATH}/buf_breaking-version.yaml:/workspace/buf.yaml:ro" \ --workdir '/workspace' \ - "$DOCKER_IMG_NAME" \ - buf breaking "$SCHEMA_DIR" --against "${SCHEMA_DIR}_old" \ + bufbuild/buf:1.29.0 \ + breaking "$SCHEMA_DIR" \ + --against "${SCHEMA_DIR}_old" \ --config 'buf.yaml' \ --error-format "$LOG_FORMAT" } @@ -85,8 +86,9 @@ function schema-breaking-remote () { --volume "${ROOT_PATH}/${SCHEMA_DIR}:/workspace/${SCHEMA_DIR}:ro" \ --volume "${THIS_PATH}/buf_breaking-remote.yaml:/workspace/buf.yaml:ro" \ --workdir '/workspace' \ - "$DOCKER_IMG_NAME" \ - buf breaking "$SCHEMA_DIR" --against "${REMOTE}#subdir=${SCHEMA_DIR}" \ + bufbuild/buf:1.29.0 \ + breaking "$SCHEMA_DIR" \ + --against "${REMOTE}#subdir=${SCHEMA_DIR}" \ --config 'buf.yaml' \ --error-format "$LOG_FORMAT" @@ -99,19 +101,20 @@ function schema-functional () { function validate() { FILE="$1" SCHEMA_VERS="$2" + SCHEMA_FILE="bom-${SCHEMA_VERS}.proto" MESSAGE="cyclonedx.v${SCHEMA_VERS/./_}.Bom" - echo ">> validate ${FILE} as ${MESSAGE}" >&2 + echo ">> validate ${FILE} as ${MESSAGE} of ${SCHEMA_FILE}" >&2 docker run --rm \ --volume "${ROOT_PATH}/${SCHEMA_DIR}:/workspace/${SCHEMA_DIR}:ro" \ --volume "${FILE}:/workspace/test_res:ro" \ --workdir '/workspace' \ - "$DOCKER_IMG_NAME" \ - buf convert "${SCHEMA_DIR}/bom-${SCHEMA_VERS}.proto" \ - --type "$MESSAGE" \ - --from 'test_res#format=txtpb' \ - --to /dev/null + bufbuild/buf:1.29.0 \ + convert "${SCHEMA_DIR}/${SCHEMA_FILE}" \ + --type "$MESSAGE" \ + --from 'test_res#format=txtpb' \ + --to /dev/null } shopt -s globstar @@ -121,47 +124,32 @@ function schema-functional () { validate "$test_res" "$SCHEMA_VERS" done - echo 'TODO' # @TODO - return 0 # WIP + echo '>> OK.' >&2 +} - ## buf convert schema/bom-1.6.proto --type cyclonedx.v1_6.Bom --from tools/src/test/resources/1.6/_test.textproto'#format=txtpb' - ## - mkdir -p proto-test - for filename in resources/*/*.textproto; - do - protoc --proto_path=../../../schema/ --encode=cyclonedx.v1_3.Bom bom-1.3-SNAPSHOT.proto < $filename |\ - protoc --proto_path=../../../schema/ --decode=cyclonedx.v1_3.Bom bom-1.3-SNAPSHOT.proto > proto-test/${filename##*/} - done +## ---- - echo '>> OK.' >&2 -} case "${1:-all}" in 'schema-lint') - prepare schema-lint ;; 'schema-breaking-version') - prepare schema-breaking-version ;; 'schema-breaking-remote') - prepare schema-breaking-remote ;; 'schema-breaking') - prepare schema-breaking-version schema-breaking-remote ;; 'schema-functional') - prepare schema-functional ;; 'all') # all the above - prepare schema-lint schema-breaking-version schema-breaking-remote From 2c04989e67932b651da74152b7a49cc9fcca90e7 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Wed, 28 Feb 2024 14:06:54 +0100 Subject: [PATCH 26/28] wip Signed-off-by: Jan Kowalleck --- tools/src/test/proto/test.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/src/test/proto/test.sh b/tools/src/test/proto/test.sh index 5f0625ed..d36b6dd8 100755 --- a/tools/src/test/proto/test.sh +++ b/tools/src/test/proto/test.sh @@ -1,5 +1,5 @@ #!/usr/bin/env bash -set -uex +set -ue THIS_PATH="$(realpath "$(dirname "$0")")" ROOT_PATH="$(realpath "${THIS_PATH}/../../../..")" From a67922a0c522058c8b9c936e61eab237bf595050 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Wed, 28 Feb 2024 14:20:05 +0100 Subject: [PATCH 27/28] fix protobuf examples Signed-off-by: Jan Kowalleck --- tools/src/test/resources/1.4/valid-release-notes-1.4.textproto | 2 +- tools/src/test/resources/1.5/valid-release-notes-1.5.textproto | 2 +- tools/src/test/resources/1.6/valid-release-notes-1.6.textproto | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/tools/src/test/resources/1.4/valid-release-notes-1.4.textproto b/tools/src/test/resources/1.4/valid-release-notes-1.4.textproto index 2d2b7ca1..b728ca92 100644 --- a/tools/src/test/resources/1.4/valid-release-notes-1.4.textproto +++ b/tools/src/test/resources/1.4/valid-release-notes-1.4.textproto @@ -85,7 +85,7 @@ services { url: "http://api.partner.org/swagger" } releaseNotes: { - type: RELEASE_TYPE_MAJOR + type: "major" title: "My new release" featuredImage: "https://example.com/featured_image.png" socialImage: "https://example.com/social_image.png" diff --git a/tools/src/test/resources/1.5/valid-release-notes-1.5.textproto b/tools/src/test/resources/1.5/valid-release-notes-1.5.textproto index 0c6c0d40..b113d108 100644 --- a/tools/src/test/resources/1.5/valid-release-notes-1.5.textproto +++ b/tools/src/test/resources/1.5/valid-release-notes-1.5.textproto @@ -85,7 +85,7 @@ services { url: "http://api.partner.org/swagger" } releaseNotes: { - type: RELEASE_TYPE_MAJOR + type: "major" title: "My new release" featuredImage: "https://example.com/featured_image.png" socialImage: "https://example.com/social_image.png" diff --git a/tools/src/test/resources/1.6/valid-release-notes-1.6.textproto b/tools/src/test/resources/1.6/valid-release-notes-1.6.textproto index f2a79cd7..a227035a 100644 --- a/tools/src/test/resources/1.6/valid-release-notes-1.6.textproto +++ b/tools/src/test/resources/1.6/valid-release-notes-1.6.textproto @@ -85,7 +85,7 @@ services { url: "http://api.partner.org/swagger" } releaseNotes: { - type: RELEASE_TYPE_MAJOR + type: "major" title: "My new release" featuredImage: "https://example.com/featured_image.png" socialImage: "https://example.com/social_image.png" From 97abbe722aa3b9a5396ec145908a6698821fdec4 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Wed, 28 Feb 2024 14:26:39 +0100 Subject: [PATCH 28/28] cleanup Signed-off-by: Jan Kowalleck --- tools/src/test/proto/test.sh | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/tools/src/test/proto/test.sh b/tools/src/test/proto/test.sh index d36b6dd8..a09b4dc7 100755 --- a/tools/src/test/proto/test.sh +++ b/tools/src/test/proto/test.sh @@ -48,19 +48,20 @@ function schema-breaking-version () { fi function compare() { - NEW="${1}" - OLD="${2}" + NEW="bom-${1}.proto" + OLD="bom-${2}.proto" + SCHEMA_DIR_OLD="${SCHEMA_DIR}_old" echo ">> compare new:${NEW} -VS- old:${OLD}" >&2 - # stick with the original paths, so the reporting makes sense... + # stick with the original path of "$NEW", so the reporting makes sense... docker run --rm \ - --volume "${ROOT_PATH}/${SCHEMA_DIR}/bom-${NEW}.proto:/workspace/${SCHEMA_DIR}/bom-${NEW}.proto:ro" \ - --volume "${ROOT_PATH}/${SCHEMA_DIR}/bom-${OLD}.proto:/workspace/${SCHEMA_DIR}_old/bom-${NEW}.proto:ro" \ + --volume "${ROOT_PATH}/${SCHEMA_DIR}/${NEW}:/workspace/${SCHEMA_DIR}/${NEW}:ro" \ + --volume "${ROOT_PATH}/${SCHEMA_DIR}/${OLD}:/workspace/${SCHEMA_DIR_OLD}/${NEW}:ro" \ --volume "${THIS_PATH}/buf_breaking-version.yaml:/workspace/buf.yaml:ro" \ --workdir '/workspace' \ bufbuild/buf:1.29.0 \ breaking "$SCHEMA_DIR" \ - --against "${SCHEMA_DIR}_old" \ + --against "$SCHEMA_DIR_OLD" \ --config 'buf.yaml' \ --error-format "$LOG_FORMAT" } @@ -104,7 +105,7 @@ function schema-functional () { SCHEMA_FILE="bom-${SCHEMA_VERS}.proto" MESSAGE="cyclonedx.v${SCHEMA_VERS/./_}.Bom" - echo ">> validate ${FILE} as ${MESSAGE} of ${SCHEMA_FILE}" >&2 + echo ">> validate $(realpath --relative-to="$PWD" "$FILE") as ${MESSAGE} of ${SCHEMA_FILE}" >&2 docker run --rm \ --volume "${ROOT_PATH}/${SCHEMA_DIR}:/workspace/${SCHEMA_DIR}:ro" \