Added initial support for testing multiple CycloneDX specifications from a single test file

Author: giterlizzi

Changes

@@ -2,11 +2,12 @@ Change history for SBOM::CycloneDX
 
 1.0? 2026-01-??
     - Improved support for CycloneDX 1.7 (https://cyclonedx.org/docs/1.7/json/)
-    - Added "patent" and "patentFamily" support (CycloneDX 1.7)
     - Improved documentations
     - Improved ENUM classes
-    - Remove '$schema' in CycloneDX < 1.5
+    - Added "patent" and "patentFamily" support (CycloneDX 1.7)
+    - Added initial support for testing multiple CycloneDX specifications from a single test file
     - Added new tests
+    - Remove '$schema' in CycloneDX < 1.5
 
 1.06 2026-01-15
     - Added initial support for CycloneDX 1.7 (https://cyclonedx.org/docs/1.7/json/)

MANIFEST

@@ -134,23 +134,18 @@ MANIFEST			This list of files
 README.md
 t/00-load.t
 t/10-enum.t
-t/50-invalid-empty-component-1.6.t
-t/50-invalid-license-id-1.6.t
-t/50-invalid-license-missing-id-and-name-1.6.t
-t/50-invalid-metadata-license-1.6.t
-t/50-invalid-metadata-timestamp-1.6.t
-t/50-invalid-missing-component-type-1.6.t
-t/50-valid-component-swid-1.6.t
-t/50-valid-license-id-1.6.t
-t/50-valid-metadata-author-1.6.t
-t/50-valid-metadata-license-1.6.t
-t/50-valid-metadata-lifecycle-1.6.t
-t/50-valid-minimal-viable-1.2.t
-t/50-valid-minimal-viable-1.3.t
-t/50-valid-minimal-viable-1.4.t
-t/50-valid-minimal-viable-1.5.t
-t/50-valid-minimal-viable-1.6.t
-t/50-valid-minimal-viable-1.7.t
+t/50-invalid-empty-component.t
+t/50-invalid-license-id.t
+t/50-invalid-license-missing-id-and-name.t
+t/50-invalid-metadata-license.t
+t/50-invalid-missing-component-type.t
+t/50-valid-component-swid.t
+t/50-valid-dependency.t
+t/50-valid-license-id.t
+t/50-valid-metadata-author.t
+t/50-valid-metadata-license.t
+t/50-valid-metadata-lifecycle.t
+t/50-valid-minimal-viable.t
 t/60-json-schema.t
 t/61-json-schema-test-data.t
 t/lib/Test/CycloneDX.pm

lib/SBOM/CycloneDX.pm

@@ -30,7 +30,7 @@ use constant JSON_SCHEMA_1_5 => 'http://cyclonedx.org/schema/bom-1.5.schema.json
 use constant JSON_SCHEMA_1_6 => 'http://cyclonedx.org/schema/bom-1.6.schema.json';
 use constant JSON_SCHEMA_1_7 => 'http://cyclonedx.org/schema/bom-1.7.schema.json';
 
-our $VERSION = 1.06_1;
+our $VERSION = 1.06_2;
 
 our %JSON_SCHEMA = (
     '1.2' => JSON_SCHEMA_1_2,

t/50-invalid-empty-component-1.6.t

@@ -0,0 +1,34 @@
+#!perl
+
+use strict;
+use warnings;
+use v5.10;
+
+use FindBin '$RealBin';
+use lib "$RealBin/lib";
+
+use Test::More;
+use Test::CycloneDX qw(bom_spec bom_test_data is_bom isnt_valid_bom);
+
+use SBOM::CycloneDX;
+use SBOM::CycloneDX::License;
+use SBOM::CycloneDX::Component;
+
+for my $spec_version (qw[1.3 1.4 1.5 1.6 1.7]) {
+
+    subtest "CycloneDX $spec_version - Invalid Empty Component" => sub {
+
+        my $bom_test_data = bom_test_data('invalid-empty-component', $spec_version);
+
+        my $bom = bom_spec($spec_version);
+
+        eval { $bom->components->push(SBOM::CycloneDX::Component->new(type => 'library')) };
+
+        isnt $@, '';
+        diag $@;
+
+    };
+
+}
+
+done_testing();

t/50-invalid-empty-component.t

@@ -0,0 +1,41 @@
+#!perl
+
+use strict;
+use warnings;
+use v5.10;
+
+use FindBin '$RealBin';
+use lib "$RealBin/lib";
+
+use Test::More;
+use Test::CycloneDX qw(bom_spec bom_test_data is_bom isnt_valid_bom);
+
+use SBOM::CycloneDX;
+use SBOM::CycloneDX::License;
+use SBOM::CycloneDX::Component;
+
+for my $spec_version (qw[1.2 1.3 1.4 1.5 1.6 1.7]) {
+
+    subtest "CycloneDX $spec_version - Invalid License ID" => sub {
+
+        my $bom_test_data = bom_test_data('invalid-license-id', $spec_version);
+
+        my $bom = bom_spec($spec_version);
+
+        $bom->components->push(SBOM::CycloneDX::Component->new(
+            type      => 'library',
+            publisher => 'Acme Inc',
+            group     => 'com.acme',
+            name      => 'tomcat-catalina',
+            version   => '9.0.14',
+            licenses  => [SBOM::CycloneDX::License->new(id => 'Apache-2')]
+        ));
+
+        is_bom $bom;
+        is $bom->spec_version, $spec_version;
+        isnt_valid_bom $bom;
+
+    };
+
+}
+done_testing();

t/50-invalid-license-id-1.6.t

@@ -0,0 +1,41 @@
+#!perl
+
+use strict;
+use warnings;
+use v5.10;
+
+use FindBin '$RealBin';
+use lib "$RealBin/lib";
+
+use Test::More;
+use Test::CycloneDX qw(bom_spec bom_test_data is_bom isnt_valid_bom);
+
+use SBOM::CycloneDX;
+use SBOM::CycloneDX::License;
+use SBOM::CycloneDX::Component;
+
+for my $spec_version (qw[1.6 1.7]) {
+
+    subtest "CycloneDX $spec_version - Invalid License Missing ID and Name" => sub {
+
+        my $bom_test_data = bom_test_data('invalid-license-missing-id-and-name', $spec_version);
+
+        my $bom = bom_spec($spec_version);
+
+        $bom->components->push(SBOM::CycloneDX::Component->new(
+            type        => 'library',
+            name        => 'license-with-no-id-nor-name',
+            version     => '23',
+            description => 'testcase for issue#288',
+            licenses    => [SBOM::CycloneDX::License->new]
+        ));
+
+        is_bom $bom;
+        is $bom->spec_version, $spec_version;
+        isnt_valid_bom $bom;
+
+    };
+
+}
+
+done_testing();