wip

Signed-off-by: Jan Kowalleck <[email protected]>

Author: jkowalleck

tools/src/test/resources/1.7/invalid-citations-1.7.json

@@ -32,7 +32,7 @@
     {
       "bom-ref": "citation-1",
       "pointers": [ "/components/0/name" ],
-      "expressions": [ "expression here" ],
+      "expressions": [ "$..[?(@.bom-ref=='component-1')].version" ],
       "timestamp": "2025-05-01T14:00:00Z",
       "note": "Should not have both a pointer and expression."
     }

tools/src/test/resources/1.7/invalid-citations-1.7.textproto

@@ -17,7 +17,32 @@ components {
   bom_ref: "component-1"
   name: "example-lib"
   version: "1.2.3"
-
+  licenses {
+    license {
+      id: "Apache-2.0"
+    }
+  }
 }
 
-// continue here
+## !! NO formal check possible
+#citations {
+#  bom_ref: "citation-1"
+#  pointers: { pointer: "/components/0/name" }
+#  timestamp {
+#    seconds: 1746108000
+#    nanos: 0
+#  }
+#  note: "Should have at least one of the following property sets: property 'attributedTo' or property 'process'"
+#}
+
+
+citations {
+  bom_ref: "citation-1"
+  pointers: { pointer: "/components/0/name" }
+  expressions: { expression: "$..[?(bom_ref=='component-1')].version" }
+  timestamp {
+    seconds: 1746108000
+    nanos: 0
+  }
+  note: "Should not have both a pointer and expression."
+}

tools/src/test/resources/1.7/invalid-citations-1.7.xml

@@ -89,7 +89,7 @@
                 <pointer>/components/0/licenses/0/license/id</pointer>
             </pointers>
             <expressions>
-                <expression>expression here</expression>
+                <expression>//*[@bom-ref='component-1']/version</expression>
             </expressions>
             <timestamp>2025-05-01T14:05:00Z</timestamp>
             <process>task-license-scan</process>

tools/src/test/resources/1.7/valid-citations-1.7.json

@@ -46,6 +46,13 @@
     },
     {
       "bom-ref": "citation-3",
+      "expression": "$..[?(@.bom-ref=='component-1')].version",
+      "timestamp": "2025-05-01T14:00:00Z",
+      "process": "task-license-scan",
+      "note": "Semi-manually entered by Alice Example - with `process`"
+    },
+    {
+      "bom-ref": "citation-4",
       "expressions": [ "$.components[*].licenses[*].license.id" ],
       "timestamp": "2025-05-01T14:05:00Z",
       "attributedTo": "scan-tool-1",

tools/src/test/resources/1.7/valid-citations-1.7.textproto

@@ -41,7 +41,7 @@ citations [
     note: "Manually entered by Alice Example"
   },
   {
-    bom_ref: "citation-1"
+    bom_ref: "citation-2"
     pointers: { pointer: "/components/0/name" }
     timestamp: {
       seconds: 1746108000
@@ -52,6 +52,16 @@ citations [
   },
   {
     bom_ref: "citation-3"
+    expressions: { expression: "$..[?(bom_ref=='component-1')].version" }
+    timestamp: {
+      seconds: 1746108000
+      nanos: 0
+    }
+    process: "task-license-scan"
+    note: "Semi-manually entered by Alice Example - with `process`"
+  },
+  {
+    bom_ref: "citation-4"
     expressions: { expression: "$.components[*].licenses[*].license.id" }
     timestamp: {
       seconds: 1746108000

tools/src/test/resources/1.7/valid-citations-1.7.xml

@@ -67,6 +67,14 @@
             <note>Semi-manually entered by Alice Example - with `process`</note>
         </citation>
         <citation bom-ref="citation-3">
+            <expressions>
+                <expression>//*[@bom-ref='component-1']/version</expression>
+            </expressions>
+            <timestamp>2025-05-01T14:00:00Z</timestamp>
+            <attributedTo>person-1</attributedTo>
+            <note>Semi-manually entered by Alice Example - with `process`</note>
+        </citation>
+        <citation bom-ref="citation-4">
             <expressions>
                 <expression>/components/component/licenses/license/id</expression>
             </expressions>