fix: JsvonValidator allow arbitrary $schema (#1060)

fixes
#1059

---------

Signed-off-by: Jan Kowalleck <[email protected]>

Author: jkowalleck

HISTORY.md

@@ -6,6 +6,12 @@ All notable changes to this project will be documented in this file.
 
 <!-- add unreleased items here -->
 
+* Fixes
+  * JsonValidator allow arbitrary `$schema` ([#1059] via [#1060])
+
+[#1059]: https://github.com/CycloneDX/cyclonedx-javascript-library/issues/1059
+[#1060]: https://github.com/CycloneDX/cyclonedx-javascript-library/pull/1060
+
 ## 6.6.0 -- 2024-04-26
 
 * Changed

res/schema/bom-1.2-strict.SNAPSHOT.schema.json

@@ -11,10 +11,7 @@
   "additionalProperties": false,
   "properties": {
     "$schema": {
-      "type": "string",
-      "enum": [
-        "http://cyclonedx.org/schema/bom-1.2b.schema.json"
-      ]
+      "type": "string"
     },
     "bomFormat": {
       "$id": "#/properties/bomFormat",

res/schema/bom-1.3-strict.SNAPSHOT.schema.json

@@ -11,10 +11,7 @@
   "additionalProperties": false,
   "properties": {
     "$schema": {
-      "type": "string",
-      "enum": [
-        "http://cyclonedx.org/schema/bom-1.3a.schema.json"
-      ]
+      "type": "string"
     },
     "bomFormat": {
       "$id": "#/properties/bomFormat",

res/schema/bom-1.4.SNAPSHOT.schema.json

@@ -11,10 +11,7 @@
   "additionalProperties": false,
   "properties": {
     "$schema": {
-      "type": "string",
-      "enum": [
-        "http://cyclonedx.org/schema/bom-1.4.schema.json"
-      ]
+      "type": "string"
     },
     "bomFormat": {
       "type": "string",

res/schema/bom-1.5.SNAPSHOT.schema.json

@@ -11,10 +11,7 @@
   "additionalProperties": false,
   "properties": {
     "$schema": {
-      "type": "string",
-      "enum": [
-        "http://cyclonedx.org/schema/bom-1.5.schema.json"
-      ]
+      "type": "string"
     },
     "bomFormat": {
       "type": "string",

tests/integration/Validation.JsonStrictValidator.test.js

@@ -85,6 +85,7 @@ describe('Validation.JsonStrictValidator', () => {
     it('valid passes', async () => {
       const validator = new JsonStrictValidator(version)
       const input = JSON.stringify({
+        $schema: `http://cyclonedx.org/schema/bom-${version}.schema.json`,
         bomFormat: 'CycloneDX',
         specVersion: version,
         components: [{

tests/integration/Validation.JsonValidator.test.js

@@ -85,6 +85,7 @@ describe('Validation.JsonValidator', () => {
     it('valid passes', async () => {
       const validator = new JsonValidator(version)
       const input = JSON.stringify({
+        $schema: `http://cyclonedx.org/schema/bom-${version}.schema.json`,
         bomFormat: 'CycloneDX',
         specVersion: version,
         components: [{

tools/schema-downloader/download.js

@@ -58,8 +58,12 @@ const BomJsonLax = Object.freeze({
   replace: Object.freeze([
     Object.freeze(['spdx.schema.json', 'spdx.SNAPSHOT.schema.json']),
     Object.freeze(['jsf-0.82.schema.json', 'jsf-0.82.SNAPSHOT.schema.json']),
-    /* fix "$schema" property to match $id */
-    Object.freeze([/("\$id": "(http:\/\/cyclonedx\.org\/schema\/bom.+?\.schema\.json)".*"enum": \[\s+")http:\/\/cyclonedx\.org\/schema\/bom.+?\.schema\.json"/sg, '$1$2"']),
+    /* "$schema" is not required but optional.
+       that enum constraint value there is complicated -> remove it.
+       See https://github.com/CycloneDX/specification/issues/402
+       See https://github.com/CycloneDX/specification/pull/403
+    */
+    Object.freeze([/,?\s*"enum"\s*:\s*\[\s*"http:\/\/cyclonedx\.org\/schema\/.+?\.schema\.json"\s*\]/sg, '']),
     Object.freeze([_bomRequired, _bomRequiredReplace])
     /* there was a case where the default value did not match the own pattern ...
         this is wrong in schema<1.5