Fixed mapping to have a list of BomReference for provides; added tests

Signed-off-by: Andrea Vibelli <[email protected]>

Author: vibe13

src/main/java/org/cyclonedx/model/Dependency.java

@@ -39,8 +39,9 @@ public class Dependency extends BomReference {
 
     @VersionFilter(Version.VERSION_16)
     @JsonProperty("provides")
+    @JacksonXmlElementWrapper(useWrapping = false)
     @JacksonXmlProperty(localName = "provides")
-    private List<Dependency> provides;
+    private List<BomReference> provides;
 
     public Dependency(final String ref) {
         super(ref);
@@ -66,18 +67,15 @@ public void addDependency(final Dependency dependency) {
         }
     }
 
-    @VersionFilter(Version.VERSION_16)
-    public List<Dependency> getProvides() {
+    public List<BomReference> getProvides() {
         return provides;
     }
 
-    @VersionFilter(Version.VERSION_16)
-    public void setProvides(final List<Dependency> provides) {
+    public void setProvides(final List<BomReference> provides) {
         this.provides = provides;
     }
 
-    @VersionFilter(Version.VERSION_16)
-    public void addProvides(final Dependency dependency) {
+    public void addProvides(final BomReference dependency) {
         if (provides == null) {
             provides = new ArrayList<>();
         }

src/main/java/org/cyclonedx/util/serializer/DependencySerializer.java

@@ -34,6 +34,7 @@
 import org.apache.commons.collections4.CollectionUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.cyclonedx.CycloneDxSchema;
+import org.cyclonedx.model.BomReference;
 import org.cyclonedx.model.Dependency;
 import org.cyclonedx.model.DependencyList;
 
@@ -99,7 +100,7 @@ private void writeJSONDependenciesWithGenerator(final JsonGenerator generator, f
           generator.writeEndArray();
           if (CollectionUtils.isNotEmpty(dependency.getProvides())) {
             generator.writeArrayFieldStart("provides");
-            for (Dependency subDependency : dependency.getProvides()) {
+            for (BomReference subDependency : dependency.getProvides()) {
               generator.writeString(subDependency.getRef());
             }
             generator.writeEndArray();
@@ -141,24 +142,42 @@ private void writeXMLDependency(final Dependency dependency, final ToXmlGenerato
     generator.writeString(dependency.getRef());
     generator.setNextIsAttribute(false);
 
+    // Write provides
+    if (CollectionUtils.isNotEmpty(dependency.getProvides())) {
+        writeXMLProvides(dependency, generator);
+    }
+
     if (CollectionUtils.isNotEmpty(dependency.getDependencies())) {
       for (Dependency subDependency : dependency.getDependencies()) {
         // You got Shay'd
         writeXMLDependency(subDependency, generator);
       }
     }
 
-    if (CollectionUtils.isNotEmpty(dependency.getProvides())) {
-      for (Dependency subDependency : dependency.getProvides()) {
-        writeXMLDependency(subDependency, generator);
-      }
+    if (CollectionUtils.isNotEmpty(dependency.getDependencies())) {
+      generator.writeEndArray();
     }
 
-    if (CollectionUtils.isNotEmpty(dependency.getDependencies())) {
-    generator.writeEndArray();
+    generator.writeEndObject();
   }
 
-    generator.writeEndObject();
+  private void writeXMLProvides(final Dependency dependency, final ToXmlGenerator generator)
+      throws IOException, XMLStreamException
+  {
+    QName qName = new QName("provides");
+    generator.setNextName(qName);
+    generator.writeFieldName(qName.getLocalPart());
+    generator.writeStartArray();
+
+    for (BomReference ref : dependency.getProvides()) {
+      generator.writeStartObject();
+      generator.setNextIsAttribute(true);
+      generator.writeFieldName("ref");
+      generator.writeString(ref.getRef());
+      generator.setNextIsAttribute(false);
+      generator.writeEndObject();
+    }
+    generator.writeEndArray();
   }
 
   private void processNamespace(final ToXmlGenerator toXmlGenerator, final String dependencies)

src/test/java/org/cyclonedx/BomJsonGeneratorTest.java

@@ -20,23 +20,20 @@
 
 import com.fasterxml.jackson.databind.JsonNode;
 
-import java.io.FileReader;
 import java.nio.charset.StandardCharsets;
 import org.apache.commons.io.IOUtils;
-import org.cyclonedx.exception.GeneratorException;
 import org.cyclonedx.generators.BomGeneratorFactory;
 import org.cyclonedx.generators.json.BomJsonGenerator;
 import org.cyclonedx.generators.xml.BomXmlGenerator;
 import org.cyclonedx.model.Bom;
 import org.cyclonedx.model.Component;
+import org.cyclonedx.model.Dependency;
 import org.cyclonedx.model.Component.Type;
 import org.cyclonedx.model.License;
 import org.cyclonedx.model.LicenseChoice;
 import org.cyclonedx.model.Metadata;
-import org.cyclonedx.model.OrganizationalContact;
 import org.cyclonedx.model.Service;
 import org.cyclonedx.model.license.Expression;
-import org.cyclonedx.model.metadata.ToolInformation;
 import org.cyclonedx.parsers.JsonParser;
 import org.cyclonedx.parsers.XmlParser;
 import org.junit.jupiter.api.AfterEach;
@@ -52,10 +49,6 @@
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.LinkedList;
-import java.util.List;
-import java.util.UUID;
 import java.util.stream.Stream;
 import java.util.Objects;
 
@@ -336,6 +329,72 @@ public void schema16_testAttestations_json() throws Exception {
         assertTrue(parser.isValid(loadedFile, version));
     }
 
+    @Test
+    public void schema16_testDependencyProvides_json() throws Exception {
+        Version version = Version.VERSION_16;
+        Bom bom = createCommonJsonBom("/1.6/valid-dependency-provides-1.6.json");
+
+        BomJsonGenerator generator = BomGeneratorFactory.createJson(version, bom);
+        File loadedFile = writeToFile(generator.toJsonString());
+
+        JsonParser parser = new JsonParser();
+        assertTrue(parser.isValid(loadedFile, version));
+
+        Bom parsedBom = parser.parse(loadedFile);
+        assertNotNull(parsedBom.getDependencies());
+        assertEquals(3, parsedBom.getDependencies().size());
+        // Test dependency library-a
+        Dependency libA = parsedBom.getDependencies().get(0);
+        assertEquals("library-a", libA.getRef());
+        assertNotNull(libA.getDependencies());
+        assertEquals(0, libA.getDependencies().size());
+        assertNull(libA.getProvides());
+        // Test dependency library-b
+        Dependency libB = parsedBom.getDependencies().get(1);
+        assertEquals("library-b", libB.getRef());
+        assertEquals(1, libB.getDependencies().size());
+        assertEquals("library-c", libB.getDependencies().get(0).getRef());
+        // Test dependency library-c
+        Dependency libC = parsedBom.getDependencies().get(2);
+        assertEquals("library-c", libC.getRef());
+        assertNotNull(libC.getDependencies());
+        assertNotNull(libC.getProvides());
+        assertEquals("library-d", libC.getProvides().get(0).getRef());
+    }
+
+    @Test
+    public void schema16_testDependencyProvides() throws Exception {
+        Version version = Version.VERSION_16;
+        Bom bom = createCommonXmlBom("/1.6/valid-dependency-provides-1.6.xml");
+
+        BomJsonGenerator generator = BomGeneratorFactory.createJson(version, bom);
+        File loadedFile = writeToFile(generator.toJsonString());
+
+        JsonParser parser = new JsonParser();
+        assertTrue(parser.isValid(loadedFile, version));
+
+        Bom parsedBom = parser.parse(loadedFile);
+        assertNotNull(parsedBom.getDependencies());
+        assertEquals(3, parsedBom.getDependencies().size());
+        // Test dependency library-a
+        Dependency libA = parsedBom.getDependencies().get(0);
+        assertEquals("library-a", libA.getRef());
+        assertNotNull(libA.getDependencies());
+        assertEquals(0, libA.getDependencies().size());
+        assertNull(libA.getProvides());
+        // Test dependency library-b
+        Dependency libB = parsedBom.getDependencies().get(1);
+        assertEquals("library-b", libB.getRef());
+        assertEquals(1, libB.getDependencies().size());
+        assertEquals("library-c", libB.getDependencies().get(0).getRef());
+        // Test dependency library-c
+        Dependency libC = parsedBom.getDependencies().get(2);
+        assertEquals("library-c", libC.getRef());
+        assertNotNull(libC.getDependencies());
+        assertNotNull(libC.getProvides());
+        assertEquals("library-d", libC.getProvides().get(0).getRef());
+    }
+
     @Test
     public void schema16_testCompositions() throws Exception {
         Version version = Version.VERSION_16;

src/test/java/org/cyclonedx/BomXmlGeneratorTest.java

@@ -28,6 +28,7 @@
 import org.cyclonedx.model.Bom;
 import org.cyclonedx.model.Component;
 import org.cyclonedx.model.Component.Type;
+import org.cyclonedx.model.Dependency;
 import org.cyclonedx.model.ExtensibleType;
 import org.cyclonedx.model.ExternalReference;
 import org.cyclonedx.model.License;
@@ -454,6 +455,70 @@ public void schema16_testAttestations_xml() throws Exception {
         assertTrue(parser.isValid(loadedFile, version));
     }
 
+    @Test
+    public void schema16_testDependencyProvides() throws Exception {
+        Version version = Version.VERSION_16;
+        Bom bom = createCommonJsonBom("/1.6/valid-dependency-provides-1.6.json");
+
+        BomXmlGenerator generator = BomGeneratorFactory.createXml(version, bom);
+        File loadedFile = writeToFile(generator.toXmlString());
+
+        XmlParser parser = new XmlParser();
+        assertTrue(parser.isValid(loadedFile, version));
+
+        Bom parsedBom = parser.parse(loadedFile);
+        assertNotNull(parsedBom.getDependencies());
+        assertEquals(3, parsedBom.getDependencies().size());
+        // Test dependency library-a
+        Dependency libA = parsedBom.getDependencies().get(0);
+        assertEquals("library-a", libA.getRef());
+        assertNull(libA.getDependencies());
+        assertNull(libA.getProvides());
+        // Test dependency library-b
+        Dependency libB = parsedBom.getDependencies().get(1);
+        assertEquals("library-b", libB.getRef());
+        assertEquals(1, libB.getDependencies().size());
+        assertEquals("library-c", libB.getDependencies().get(0).getRef());
+        // Test dependency library-c
+        Dependency libC = parsedBom.getDependencies().get(2);
+        assertEquals("library-c", libC.getRef());
+        assertNull(libC.getDependencies());
+        assertNotNull(libC.getProvides());
+        assertEquals("library-d", libC.getProvides().get(0).getRef());
+    }
+
+    @Test
+    public void schema16_testDependencyProvides_xml() throws Exception {
+        Version version = Version.VERSION_16;
+        Bom bom = createCommonBomXml("/1.6/valid-dependency-provides-1.6.xml");
+
+        BomXmlGenerator generator = BomGeneratorFactory.createXml(version, bom);
+        File loadedFile = writeToFile(generator.toXmlString());
+
+        XmlParser parser = new XmlParser();
+        assertTrue(parser.isValid(loadedFile, version));
+
+        Bom parsedBom = parser.parse(loadedFile);
+        assertNotNull(parsedBom.getDependencies());
+        assertEquals(3, parsedBom.getDependencies().size());
+        // Test dependency library-a
+        Dependency libA = parsedBom.getDependencies().get(0);
+        assertEquals("library-a", libA.getRef());
+        assertNull(libA.getDependencies());
+        assertNull(libA.getProvides());
+        // Test dependency library-b
+        Dependency libB = parsedBom.getDependencies().get(1);
+        assertEquals("library-b", libB.getRef());
+        assertEquals(1, libB.getDependencies().size());
+        assertEquals("library-c", libB.getDependencies().get(0).getRef());
+        // Test dependency library-c
+        Dependency libC = parsedBom.getDependencies().get(2);
+        assertEquals("library-c", libC.getRef());
+        assertNull(libC.getDependencies());
+        assertNotNull(libC.getProvides());
+        assertEquals("library-d", libC.getProvides().get(0).getRef());
+    }
+
     private void addSignature(Bom bom) {
         List<Attribute> attributes = new ArrayList<>();
         attributes.add(new Attribute("xmlns", "http://www.w3.org/2000/09/xmldsig#"));

src/test/resources/1.6/valid-dependency-1.6.json

@@ -22,12 +22,6 @@
       "type": "library",
       "name": "library-c",
       "version": "1.0.0"
-    },
-    {
-      "bom-ref": "library-d",
-      "type": "library",
-      "name": "library-d",
-      "version": "1.0.0"
     }
   ],
   "dependencies": [
@@ -40,12 +34,6 @@
       "dependsOn": [
         "library-c"
       ]
-    },
-    {
-      "ref": "library-c",
-      "provides": [
-        "library-d"
-      ]
     }
   ]
-}
+}

src/test/resources/1.6/valid-dependency-1.6.textproto

@@ -22,12 +22,6 @@ components {
   name: "library-c"
   version: "1.0.0"
 }
-components {
-  type: CLASSIFICATION_LIBRARY
-  bom_ref: "library-d"
-  name: "library-d"
-  version: "1.0.0"
-}
 dependencies {
   ref: "library-a"
 }
@@ -36,9 +30,4 @@ dependencies {
   dependencies {
     ref: "library-c"
   }
-}
-dependencies {
-    ref: "library-c"
-    provides: ["library-d"]
-  }
 }

src/test/resources/1.6/valid-dependency-1.6.xml

@@ -13,18 +13,11 @@
             <name>library-c</name>
             <version>1.0.0</version>
         </component>
-        <component type="library" bom-ref="library-d">
-            <name>library-d</name>
-            <version>1.0.0</version>
-        </component>
     </components>
     <dependencies>
         <dependency ref="library-a"/>
         <dependency ref="library-b">
             <dependency ref="library-c"/>
         </dependency>
-        <dependency ref="library-c">
-            <provides ref="library-d"/>
-        </dependency>
     </dependencies>
-</bom>
+</bom>