Add select CycloneDX v1.7 testcases to Go test (#142)

* Add select CycloneDX v1.7 testcases to Go test

Signed-off-by: Matt Rutkowski <[email protected]>

* Add select CycloneDX v1.7 testcases to Go test

Signed-off-by: Matt Rutkowski <[email protected]>

* Add select CycloneDX v1.7 testcases to Go test

Signed-off-by: Matt Rutkowski <[email protected]>

---------

Signed-off-by: Matt Rutkowski <[email protected]>

Author: mrutkows

.vscode/launch.json

@@ -61,7 +61,7 @@
             "request": "launch",
             "mode": "debug",
             "program": "main.go", // "program": "${file}",
-            "args": ["validate", "-i", "test/cyclonedx/cdx-1-5-mature-example-1.json"],
+            "args": ["validate", "-i", "test/cyclonedx/1.5/cdx-1-5-mature-example-1.json"],
             "dlvFlags": ["--check-go-version=false"]
         },
         {
@@ -81,7 +81,7 @@
             "request": "launch",
             "mode": "debug",
             "program": "main.go", // "program": "${file}",
-            "args": ["query", "-i", "test/cyclonedx/cdx-1-4-mature-example-1.json", "--select", "*", "--from", "metadata.component"],
+            "args": ["query", "-i", "test/cyclonedx/1.4/cdx-1-4-mature-example-1.json", "--select", "*", "--from", "metadata.component"],
             "dlvFlags": ["--check-go-version=false"]
         },
         {
@@ -91,7 +91,7 @@
             "request": "launch",
             "mode": "debug",
             "program": "main.go", // "program": "${file}",
-            "args": ["license", "list", "-i", "test/cyclonedx/cdx-1-3-license-list-complex.json", "--format", "json"],
+            "args": ["license", "list", "-i", "test/cyclonedx/1.3/cdx-1-3-license-list-complex.json", "--format", "json"],
             "dlvFlags": ["--check-go-version=false"]
         },
         {
@@ -101,7 +101,7 @@
             "request": "launch",
             "mode": "debug",
             "program": "main.go", // "program": "${file}",
-            "args": ["license", "list", "-i", "test/cyclonedx/cdx-1-3-license-list-complex.json", "--format", "json", "--summary"],
+            "args": ["license", "list", "-i", "test/cyclonedx/1.3/cdx-1-3-license-list-complex.json", "--format", "json", "--summary"],
             "dlvFlags": ["--check-go-version=false"]
         },
         {
@@ -111,7 +111,7 @@
             "request": "launch",
             "mode": "debug",
             "program": "main.go", // "program": "${file}",
-            "args": ["license", "list", "-i", "test/cyclonedx/cdx-1-3-license-list-complex.json", "--where", "usage-policy=needs-review|deny|UNDEFINED"],
+            "args": ["license", "list", "-i", "test/cyclonedx/1.3/cdx-1-3-license-list-complex.json", "--where", "usage-policy=needs-review|deny|UNDEFINED"],
             "dlvFlags": ["--check-go-version=false"]
         },
         {
@@ -121,7 +121,7 @@
             "request": "launch",
             "mode": "debug",
             "program": "main.go", // "program": "${file}",
-            "args": ["diff", "-i", "test/cyclonedx/cdx-1-4-mature-example-1.json", "--input-revision", "test/diff/cdx-1-4-mature-example-1-delta.json"],
+            "args": ["diff", "-i", "test/cyclonedx/1.4/cdx-1-4-mature-example-1.json", "--input-revision", "test/diff/cdx-1-4-mature-example-1-delta.json"],
             "dlvFlags": ["--check-go-version=false"]
         },
     ]

README.md

@@ -1606,13 +1606,13 @@ This example effectively extracts the first-order package manifest from the SBOM
 In this example, only the `--from` clause is needed to select an object.  The `--select` clause is omitted which is equivalent to using the "select all" wildcard character `*` which returns all fields and values from the `component` object.
 
 ```bash
-./sbom-utility query -i test/cyclonedx/cdx-1-4-mature-example-1.json --from metadata.component
+./sbom-utility query -i test/cyclonedx/1.4/cdx-1-4-mature-example-1.json --from metadata.component
 ```
 
 is equivalent to using the wildcard character (which may need to be enclosed in single or double quotes depending on your shell):
 
 ```bash
-./sbom-utility query -i test/cyclonedx/cdx-1-4-mature-example-1.json --select '*' --from metadata.component -q
+./sbom-utility query -i test/cyclonedx/1.4/cdx-1-4-mature-example-1.json --select '*' --from metadata.component -q
 ```
 
 ```json
@@ -1647,7 +1647,7 @@ is equivalent to using the wildcard character (which may need to be enclosed in
 In this example, the `--from` clause references the top-level `metadata.supplier` object.
 
 ```bash
-./sbom-utility query -i test/cyclonedx/cdx-1-4-mature-example-1.json --from metadata.supplier -q
+./sbom-utility query -i test/cyclonedx/1.4/cdx-1-4-mature-example-1.json --from metadata.supplier -q
 ```
 
 ```json
@@ -1686,7 +1686,7 @@ The result, which also uses the `--indent 2` flag:
 In this example, the `--from` filter will return the entire JSON components array.
 
 ```bash
-./sbom-utility query -i test/cyclonedx/cdx-1-4-mature-example-1.json --from components -q
+./sbom-utility query -i test/cyclonedx/1.4/cdx-1-4-mature-example-1.json --from components -q
 ```
 
 ```json
@@ -1736,7 +1736,7 @@ In this example, the `--from` filter will return the entire JSON components arra
 In this example, the `--where` filter will be applied to a set of `properties` results to only include entries that match the specified regex.
 
 ```bash
-./sbom-utility query -i test/cyclonedx/cdx-1-4-mature-example-1.json --from metadata.properties --where name=urn:example.com:classification -q
+./sbom-utility query -i test/cyclonedx/1.4/cdx-1-4-mature-example-1.json --from metadata.properties --where name=urn:example.com:classification -q
 ```
 
 ```json
@@ -1751,7 +1751,7 @@ In this example, the `--where` filter will be applied to a set of `properties` r
 additionally, you can apply a `--select` clause to simply obtain the matching entry's `value`:
 
 ```bash
-./sbom-utility query -i test/cyclonedx/cdx-1-4-mature-example-1.json --select value --from metadata.properties --where name=urn:example.com:classification -q
+./sbom-utility query -i test/cyclonedx/1.4/cdx-1-4-mature-example-1.json --select value --from metadata.properties --where name=urn:example.com:classification -q
 ```
 
 ```json
@@ -1935,7 +1935,7 @@ This example shows a few entries of the JSON output that exhibit the three types
 This example shows the default text output from using the summary flag:
 
 ```bash
-./sbom-utility license list -i test/cyclonedx/cdx-1-3-license-list.json --summary -q
+./sbom-utility license list -i test/cyclonedx/1.3/cdx-1-3-license-list.json --summary -q
 ```
 
 ```bash
@@ -1973,7 +1973,7 @@ The list command results can be filtered using the `--where` flag using the colu
 The following example shows filtering of component licenses using the `license-type` column where the license was described as a `name` value:
 
 ```bash
-./sbom-utility license list -i test/cyclonedx/cdx-1-3-license-list.json --summary --where license-type=name -q
+./sbom-utility license list -i test/cyclonedx/1.3/cdx-1-3-license-list.json --summary --where license-type=name -q
 ```
 
 ```bash
@@ -1990,7 +1990,7 @@ needs-review  name          UFL       ACME Application  pkg:app/[email protected]
 In another example, the list is filtered by the `usage-policy` where the value is `needs-review`:
 
 ```bash
-./sbom-utility license list -i test/cyclonedx/cdx-1-3-license-list.json --summary --where usage-policy=needs-review -q
+./sbom-utility license list -i test/cyclonedx/1.3/cdx-1-3-license-list.json --summary --where usage-policy=needs-review -q
 ```
 
 ```bash
@@ -2141,7 +2141,7 @@ Currently, all `resource list` command results are sorted by resource `type` the
 #### Example: resource list
 
 ```bash
-./sbom-utility resource list -i test/cyclonedx/cdx-1-3-resource-list.json -q
+./sbom-utility resource list -i test/cyclonedx/1.3/cdx-1-3-resource-list.json -q
 ```
 
 ```bash
@@ -2167,7 +2167,7 @@ service:example.com/myservices/foo  service                Foo
 This example uses the `type` flag to specific `service`.  The other valid type is `component`.  Future versions of CycloneDX schema will include more resource types such as "ml" (machine learning) or "tool".
 
 ```bash
-./sbom-utility resource list -i test/cyclonedx/cdx-1-3-resource-list.json --type service -q
+./sbom-utility resource list -i test/cyclonedx/1.3/cdx-1-3-resource-list.json --type service -q
 ```
 
 ```bash
@@ -2180,15 +2180,15 @@ service                Foo              Foo service  service:example.com/myservi
 **Note** The results would be equivalent to using the `--where` filter:
 
 ```bash
-./sbom-utility resource list -i test/cyclonedx/cdx-1-3-resource-list.json --where "resource-type=service" -q
+./sbom-utility resource list -i test/cyclonedx/1.3/cdx-1-3-resource-list.json --where "resource-type=service" -q
 ```
 
 ##### Example: list with `name` regex match
 
 This example uses the `where` filter on the `name` field. In this case we supply an exact "startswith" regex. for the `name` filter.
 
 ```bash
-./sbom-utility resource list -i test/cyclonedx/cdx-1-3-resource-list.json --where "name=Library A" -q
+./sbom-utility resource list -i test/cyclonedx/1.3/cdx-1-3-resource-list.json --where "name=Library A" -q
 ```
 
 ```bash
@@ -2532,7 +2532,7 @@ If you wish to build binaries for all supported combinations of `GOOS` and `GOAR
 Developers can run using the current source code in their local branch using `go run main.go`. For example:
 
 ```bash
-go run main.go validate -i test/cyclonedx/cdx-1-4-mature-example-1.json
+go run main.go validate -i test/cyclonedx/1.4/cdx-1-4-mature-example-1.json
 ```
 
 ### Debugging
@@ -2553,7 +2553,7 @@ In order to see global variables while debugging a specific configuration, you c
     "request": "launch",
     "mode": "debug",
     "program": "main.go",
-    "args": ["validate", "-i", "test/cyclonedx/cdx-1-3-min-required.json","-t"]
+    "args": ["validate", "-i", "test/cyclonedx/1.3/cdx-1-3-min-required.json","-t"]
 },
 ```
 

cmd/component_test.go

@@ -32,10 +32,8 @@ import (
 
 // Test "resource list" command
 const (
-	// test/cyclonedx/cdx-1-3-resource-list.json
+	// test/cyclonedx/1.3/cdx-1-3-resource-list.json
 	TEST_COMPONENT_LIST_CDX_1_3 = TEST_RESOURCE_LIST_CDX_1_3
-	// test/cyclonedx/cdx-1-5-mature-example-1.json
-	TEST_COMPONENT_LIST_CDX_1_5_MATURE = TEST_CDX_1_5_MATURE_EXAMPLE_1_BASE
 	// test/cyclonedx/1.6/cdx-1-6-valid-cbom-full-1.6.json
 	TEST_COMPONENT_LIST_CDX_1_6_CBOM = TEST_CDX_1_6_CRYPTO_BOM
 	// test/cyclonedx/1.6/cdx-1-6-valid-mlbom-environmental-considerations.json
@@ -172,9 +170,7 @@ func TestComponentListCdx13Markdown(t *testing.T) {
 // -------------------------------------------
 
 func TestComponentListCdx15MatureCsv(t *testing.T) {
-	ti := NewComponentTestInfoBasic(TEST_COMPONENT_LIST_CDX_1_5_MATURE, FORMAT_CSV, nil)
-	//ti.ListSummary = false
-	//ti.WhereClause = "version=2.0"
+	ti := NewComponentTestInfoBasic(TEST_CDX_1_5_MATURE_EXAMPLE_1_BASE, FORMAT_CSV, nil)
 	ti.ResultExpectedLineCount = 5 // title + 3 data + EOF LF
 	ti.ResultLineContainsValuesAtLineNum = 3
 	ti.ResultLineContainsValues = []string{"sample"}
@@ -197,7 +193,7 @@ func TestComponentListCdx16MachineLearningBOMCsv(t *testing.T) {
 	innerTestComponentList(t, ti, COMPONENT_TEST_DEFAULT_FLAGS)
 }
 
-// ./sbom-utility component list -i test/cyclonedx/cdx-1-3-resource-list.json --where "number-licenses=0"  --quiet --format=txt
+// ./sbom-utility component list -i test/cyclonedx/1.3/cdx-1-3-resource-list.json --where "number-licenses=0"  --quiet --format=txt
 //
 //	library  Library NoLicense  1.0.0  Library "NoLicense" description.  pkg:lib/[email protected]  0   0
 func TestComponentListCdx13WhereNumLicensesCsv(t *testing.T) {

cmd/license_test.go

@@ -31,15 +31,15 @@ import (
 
 const (
 	// Test "license list" command
-	TEST_LICENSE_LIST_CDX_1_3                         = "test/cyclonedx/cdx-1-3-license-list.json"
-	TEST_LICENSE_LIST_CDX_1_3_NONE_FOUND              = "test/cyclonedx/cdx-1-3-license-list-none-found.json"
-	TEST_LICENSE_LIST_CDX_1_4_NONE_FOUND              = "test/cyclonedx/cdx-1-4-license-list-none-found.json"
-	TEST_LICENSE_LIST_CDX_1_5_LICENSE_CHOICE_VARIANTS = "test/cyclonedx/cdx-1-5-license-choice-variants.json"
-	TEST_LICENSE_LIST_CDX_1_5_MATURE_EXAMPLE_1        = "test/cyclonedx/cdx-1-5-mature-example-1.json"
-
-	TEST_LICENSE_LIST_TEXT_CDX_1_4_INVALID_LICENSE_ID    = "test/cyclonedx/cdx-1-4-license-policy-invalid-spdx-id.json"
-	TEST_LICENSE_LIST_TEXT_CDX_1_4_INVALID_LICENSE_NAME  = "test/cyclonedx/cdx-1-4-license-policy-invalid-license-name.json"
-	TEST_LICENSE_LIST_CDX_1_4_LICENSE_EXPRESSION_IN_NAME = "test/cyclonedx/cdx-1-4-license-expression-in-name.json"
+	TEST_LICENSE_LIST_CDX_1_3                         = "test/cyclonedx/1.3/cdx-1-3-license-list.json"
+	TEST_LICENSE_LIST_CDX_1_3_NONE_FOUND              = "test/cyclonedx/1.3/cdx-1-3-license-list-none-found.json"
+	TEST_LICENSE_LIST_CDX_1_4_NONE_FOUND              = "test/cyclonedx/1.4/cdx-1-4-license-list-none-found.json"
+	TEST_LICENSE_LIST_CDX_1_5_LICENSE_CHOICE_VARIANTS = "test/cyclonedx/1.5/cdx-1-5-license-choice-variants.json"
+	TEST_LICENSE_LIST_CDX_1_5_MATURE_EXAMPLE_1        = TEST_CDX_1_5_MATURE_EXAMPLE_1_BASE
+
+	TEST_LICENSE_LIST_TEXT_CDX_1_4_INVALID_LICENSE_ID    = "test/cyclonedx/1.4/cdx-1-4-license-policy-invalid-spdx-id.json"
+	TEST_LICENSE_LIST_TEXT_CDX_1_4_INVALID_LICENSE_NAME  = "test/cyclonedx/1.4/cdx-1-4-license-policy-invalid-license-name.json"
+	TEST_LICENSE_LIST_CDX_1_4_LICENSE_EXPRESSION_IN_NAME = "test/cyclonedx/1.4/cdx-1-4-license-expression-in-name.json"
 )
 
 type LicenseTestInfo struct {
@@ -360,7 +360,7 @@ func TestLicenseListTextCdx15WherePURLTypeIsNPM(t *testing.T) {
 // Test custom marshal of CDXLicense (empty CDXAttachment)
 func TestLicenseListCdx13JsonEmptyAttachment(t *testing.T) {
 	lti := NewLicenseTestInfo(
-		"test/cyclonedx/cdx-1-3-license-list-no-attachment.json",
+		"test/cyclonedx/1.3/cdx-1-3-license-list-no-attachment.json",
 		FORMAT_JSON,
 		false)
 	lti.ResultExpectedLineCount = 37

cmd/resource_test.go

@@ -33,8 +33,8 @@ import (
 
 const (
 	// Test "resource list" command
-	TEST_RESOURCE_LIST_CDX_1_3            = "test/cyclonedx/cdx-1-3-resource-list.json"
-	TEST_RESOURCE_LIST_CDX_1_3_NONE_FOUND = "test/cyclonedx/cdx-1-3-resource-list-none-found.json"
+	TEST_RESOURCE_LIST_CDX_1_3            = "test/cyclonedx/1.3/cdx-1-3-resource-list.json"
+	TEST_RESOURCE_LIST_CDX_1_3_NONE_FOUND = "test/cyclonedx/1.3/cdx-1-3-resource-list-none-found.json"
 	TEST_RESOURCE_LIST_CDX_1_4_SAAS_1     = "examples/cyclonedx/SaaSBOM/apigateway-microservices-datastores/bom.json"
 )
 

cmd/validate.go

@@ -244,6 +244,8 @@ func LoadCompileSchemaDependencies(
 		if err != nil {
 			return
 		}
+	} else {
+		getLogger().Warningf("No schema dependencies found. bomSchemaInstance: %v", bomSchemaInstance)
 	}
 	return
 }
@@ -342,7 +344,7 @@ func Validate(writer io.Writer, persistentFlags utils.PersistentCommandFlags, va
 		// If the BOM schema has $refs to other schemas, attempt to load and compile
 		// them from those included as built-in resources
 		jsonBOMSchema, errLoadCompile = LoadCompileSchemaDependencies(jsonBOMSchemaLoader, bom.SchemaInfo, bom.SchemaInfo.Dependencies)
-		if err != nil {
+		if errLoadCompile != nil {
 			return INVALID, bom, schemaErrors, errLoadCompile
 		}
 	}