Specify SSC in rule_schema_v2.atd

test plan:
see related semgrep PR

Author: aryx

rule_schema_v2.atd

@@ -74,9 +74,13 @@ type rule = {
      ?match_ <json name="match">: formula option;
      ?taint: taint option;
      ?extract: extract option;
-     (* TODO: steps, secrets, sca *)
+     (* TODO: steps, secrets *)
      (* TODO? product: product; *)
 
+     (* can work with match/taint/..., maybe not extract *)
+     ?project_depends_on <json name="r2c-internal-project-depends-on">:
+        project_depends_on option;
+
      (* alt: later: could be replaced by a pattern-filename: *)
      ?paths: paths option;
 
@@ -400,9 +404,43 @@ type propagator = {
 <json adapter.ocaml="Rule_schema_v2_adapter.Formula">
 
 (*****************************************************************************)
-(* TODO: SSC *)
+(* Supply chain *)
 (*****************************************************************************)
 
+(* need an adapter there too *)
+type project_depends_on = [
+  | DependsBasic <json name="B"> of project_depends_on_basic
+  | DependsEither <json name="E"> of project_depends_on_either
+]
+<json adapter.ocaml="Rule_schema_v2_adapter.ProjectDependsOn">
+
+type project_depends_on_basic = {
+  namespace: namespace;
+  package: string;
+  version: semver_range;
+}
+
+type project_depends_on_either = {
+  depends_on_either <json name="depends-on-either">:
+    project_depends_on_basic list;
+}
+
+(* coupling: semgrep_output_v1.ecosystem (better name than namespace) *)
+type namespace = [
+  | Npm <json name="npm">
+  | Pypi  <json name="pypi">
+  | Gem <json name="gem">
+  | Gomod <json name="gomod">
+  | Cargo <json name="cargo">
+  | Maven <json name="maven">
+  | Composer <json name="composer">
+  | Nuget <json name="nuget">
+  | Pub <json name="pub">
+]
+
+(* ex: < 0.0.8 *)
+type semver_range = string
+
 (*****************************************************************************)
 (* TODO: Extract mode *)
 (*****************************************************************************)

rule_schema_v2_adapter.ml

@@ -20,7 +20,6 @@ end
 
 module Condition = struct
 
-  (** Convert from original json to ATD-compatible json *)
   let normalize (orig : Yojson.Safe.t ) : Yojson.Safe.t =
     match orig with
     | `Assoc (("comparison", cmp)::rest) ->
@@ -30,6 +29,7 @@ module Condition = struct
        (* TODO: check at least one of type/types/... is specified *)
        `List [`String "M";
             `Assoc (("metavariable", mvar)::rest)]
+    (* alt: we could do the String vs List in a separate adapter *) 
     | `Assoc [("focus", `String x)] ->
        `List [`String "F";
             `Assoc [("focus", `List [`String x])]]
@@ -38,23 +38,34 @@ module Condition = struct
             `Assoc [("focus", `List x)]]
     | x -> x
 
-  (** Convert from ATD-compatible json to original json *)
   let restore  (_atd : Yojson.Safe.t) : Yojson.Safe.t =
-    (* not needed for now; we care just about parsing *)
     failwith "Rule_schema_v2_adapter.Condition.restore not implemented"
 end
 
 module BySideEffect = struct
 
-  (** Convert from original json to ATD-compatible json *)
   let normalize (orig : Yojson.Safe.t ) : Yojson.Safe.t =
     match orig with
     | `Bool true -> `String "true"
     | `Bool false -> `String "false"
     | x -> x
 
-  (** Convert from ATD-compatible json to original json *)
   let restore  (_atd : Yojson.Safe.t) : Yojson.Safe.t =
-    (* not needed for now; we care just about parsing *)
     failwith "Rule_schema_v2_adapter.BySideEffect.restore not implemented"
 end
+
+module ProjectDependsOn = struct
+
+  let normalize (orig : Yojson.Safe.t ) : Yojson.Safe.t =
+    match orig with
+    | `Assoc [("depends-on-either", arr)] ->
+       `List [`String "E";
+            `Assoc [("depends-on-either", arr)]]
+    | `Assoc (xs) ->
+       `List [`String "B";
+            `Assoc xs]
+    | x -> x
+
+  let restore  (_atd : Yojson.Safe.t) : Yojson.Safe.t =
+    failwith "Rule_schema_v2_adapter.ProjectDependsOn.restore not implemented"
+end