Update JSON and XML tests to 1.6. Update cyclonedx.core.java to 9.0.2. Starting prototyping the XML Catalog tests

Signed-off-by: Nicolas-Peiffer <[email protected]>

Author: Nicolas-Peiffer

schema/xmlcatalog.xml

@@ -1,12 +1,41 @@
 <?xml version="1.0"?>
+<!--
+CycloneDX Software Bill-of-Material (SBoM) Specification
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<!--
+  This XML catalog provides mappings for CycloneDX schemas.
+  The catalog maps schema URLs to local XSD files to facilitate schema
+  validation without needing internet access.
+  Namespace: urn:oasis:names:tc:entity:xmlns:xml:catalog
+-->
 <!-- to prevent unintendedn notwork access, we do not set a DTD/XSD in this XML -->
 <catalog xmlns="urn:oasis:names:tc:entity:xmlns:xml:catalog">
-  <uri name="http://cyclonedx.org/schema/spdx"    uri="spdx.xsd"/>
+
+  <!-- SPDX BOM Schema -->
+  <uri name="http://cyclonedx.org/schema/spdx" uri="spdx.xsd"/>
+
+  <!-- CycloneDX BOM Schemas -->
   <uri name="http://cyclonedx.org/schema/bom/1.0" uri="bom-1.0.xsd"/>
   <uri name="http://cyclonedx.org/schema/bom/1.1" uri="bom-1.1.xsd"/>
   <uri name="http://cyclonedx.org/schema/bom/1.2" uri="bom-1.2.xsd"/>
   <uri name="http://cyclonedx.org/schema/bom/1.3" uri="bom-1.3.xsd"/>
   <uri name="http://cyclonedx.org/schema/bom/1.4" uri="bom-1.4.xsd"/>
   <uri name="http://cyclonedx.org/schema/bom/1.5" uri="bom-1.5.xsd"/>
   <uri name="http://cyclonedx.org/schema/bom/1.6" uri="bom-1.6.xsd"/>
+
+  <!-- Placeholder for future schemas, where 1.x is the next CycloneDX Spec Version -->
+  <!-- <uri name="http://cyclonedx.org/schema/bom/1.x" uri="bom-1.x.xsd"/> -->
+
 </catalog>

tools/pom.xml

@@ -55,7 +55,7 @@
         <lib.commons.lang3.version>3.6</lib.commons.lang3.version>
         <lib.commons.text.version>1.12.0</lib.commons.text.version>
         <lib.unirest.version>1.4.9</lib.unirest.version>
-        <lib.cyclonedx.core.java.version>8.0.3</lib.cyclonedx.core.java.version>
+        <lib.cyclonedx.core.java.version>9.0.2</lib.cyclonedx.core.java.version>
     </properties>
 
     <scm>

tools/src/test/java/org/cyclonedx/schema/BaseSchemaVerificationTest.java

@@ -29,6 +29,7 @@ List<String> getAllResources() throws Exception {
         files.addAll(getResources("1.3/"));
         files.addAll(getResources("1.4/"));
         files.addAll(getResources("1.5/"));
+        files.addAll(getResources("1.6/"));
         return files;
     }
 

tools/src/test/java/org/cyclonedx/schema/JsonSchemaVerificationTest.java

@@ -13,15 +13,16 @@
  */
 package org.cyclonedx.schema;
 
-import org.cyclonedx.CycloneDxSchema;
-import org.cyclonedx.parsers.JsonParser;
-import org.junit.jupiter.api.DynamicTest;
-import org.junit.jupiter.api.TestFactory;
 import java.io.File;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.List;
 
+import org.cyclonedx.parsers.JsonParser;
+import org.cyclonedx.Version;
+import org.junit.jupiter.api.DynamicTest;
+import org.junit.jupiter.api.TestFactory;
+
 import static org.junit.jupiter.api.Assertions.assertTrue;
 import static org.junit.jupiter.api.Assertions.assertFalse;
 
@@ -33,15 +34,17 @@ Collection<DynamicTest> dynamicTestsWithCollection() throws Exception {
         final List<DynamicTest> dynamicTests = new ArrayList<>();
         for (final String file: files) {
             if (file.endsWith(".json")) {
-                final CycloneDxSchema.Version schemaVersion;
+                final Version schemaVersion;
                 if (file.endsWith("-1.2.json")) {
-                    schemaVersion = CycloneDxSchema.Version.VERSION_12;
+                    schemaVersion = Version.VERSION_12;
                 } else if (file.endsWith("-1.3.json")) {
-                    schemaVersion = CycloneDxSchema.Version.VERSION_13;
+                    schemaVersion = Version.VERSION_13;
                 } else if (file.endsWith("-1.4.json")) {
-                    schemaVersion = CycloneDxSchema.Version.VERSION_14;
+                    schemaVersion = Version.VERSION_14;
                 } else if (file.endsWith("-1.5.json")) {
-                    schemaVersion = CycloneDxSchema.Version.VERSION_15;
+                    schemaVersion = Version.VERSION_15;
+                } else if (file.endsWith("-1.6.json")) {
+                    schemaVersion = Version.VERSION_16;
                 } else {
                     schemaVersion = null;
                 }
@@ -57,7 +60,7 @@ Collection<DynamicTest> dynamicTestsWithCollection() throws Exception {
         return dynamicTests;
     }
 
-    private boolean isValidJson(CycloneDxSchema.Version version, String resource) throws Exception {
+    private boolean isValidJson(Version version, String resource) throws Exception {
         final File file = new File(this.getClass().getResource(resource).getFile());
         final JsonParser parser = new JsonParser();
         return parser.isValid(file, version);

tools/src/test/java/org/cyclonedx/schema/XmlCatalogVerificationTest.java

@@ -0,0 +1,98 @@
+package org.cyclonedx.schema;
+
+import org.junit.jupiter.api.Assertions;
+import org.junit.jupiter.api.DynamicTest;
+import org.junit.jupiter.api.TestFactory;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+import org.xml.sax.InputSource;
+import org.xml.sax.SAXException;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+
+import java.io.InputStream;
+import java.io.IOException;
+import java.io.StringReader;
+import java.nio.charset.StandardCharsets;
+import java.util.ArrayList;
+import java.util.List;
+
+import static org.junit.jupiter.api.Assertions.assertTrue;
+import static org.junit.jupiter.api.DynamicTest.dynamicTest;
+
+public class XmlCatalogVerificationTest {
+
+    /**
+     * Tests the XML catalog by parsing the xmlcatalog.xml file and checking if the namespaces
+     * in the XSD schema files match the namespaces defined in the xmlcatalog.xml file.
+     *
+     * @return  a list of dynamic tests for each URI in the xmlcatalog.xml file
+     * @throws IOException                  if an I/O error occurs while reading the XML catalog file
+     * @throws ParserConfigurationException if a parser configuration error occurs
+     * @throws SAXException                 if a SAX error occurs while parsing the XML catalog file
+     */
+    @TestFactory
+    public List<DynamicTest> testXmlCatalog() throws IOException, ParserConfigurationException, SAXException {
+        // Define the path to the XML catalog file
+        String xmlCatalogFilename = "xmlcatalog.xml";
+
+        // Load the XML catalog file from the classpath
+        ClassLoader classLoader = getClass().getClassLoader();
+        InputStream xmlCatalogStream = classLoader.getResourceAsStream(xmlCatalogFilename);
+
+        Assertions.assertNotNull(xmlCatalogStream, "XML catalog file not found");
+
+        // Parse the xmlcatalog.xml file
+        DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+        DocumentBuilder builder = factory.newDocumentBuilder();
+        Document xmlCatalogDocument = builder.parse(new InputSource(xmlCatalogStream));
+
+        // Get the XML catalog elements
+        NodeList xmlCatalogElements = xmlCatalogDocument.getDocumentElement().getChildNodes();
+
+        // List to hold dynamic tests
+        List<DynamicTest> dynamicTests = new ArrayList<>();
+
+        // Iterate through the XML catalog elements
+        for (int i = 0; i < xmlCatalogElements.getLength(); i++) {
+            Node xmlCatalogElement = xmlCatalogElements.item(i);
+            if (xmlCatalogElement.getNodeName().equals("uri")) {
+                String uriName = xmlCatalogElement.getAttributes().getNamedItem("name").getTextContent();
+                String xsdLocalFilename = xmlCatalogElement.getAttributes().getNamedItem("uri").getTextContent();
+
+                // Create a dynamic test for each URI
+                dynamicTests.add(dynamicTest("Testing URI: " + uriName, () -> {
+                    // Load the XSD schema file from the classpath
+                    InputStream xsdSchemaFileStream = classLoader.getResourceAsStream(xsdLocalFilename);
+                    Assertions.assertNotNull(xsdSchemaFileStream, "The following file is missing: " + xsdLocalFilename);
+
+                    // Read the XSD local file content
+                    String xsdContent = new String(xsdSchemaFileStream.readAllBytes(), StandardCharsets.UTF_8);
+
+                    // Parse the XSD file content to a Document object
+                    Document xsdDocument = builder.parse(new InputSource(new StringReader(xsdContent)));
+
+                    // Check if the XSD document contains the expected namespace
+                    NodeList schemaNodes = xsdDocument.getElementsByTagNameNS("*", "schema");
+                    boolean namespaceFound = false;
+                    for (int j = 0; j < schemaNodes.getLength(); j++) {
+                        Node schemaNode = schemaNodes.item(j);
+                        String targetNamespace = schemaNode.getAttributes().getNamedItem("targetNamespace").getTextContent();
+                        System.out.println("uriName.equals(targetNamespace)" + uriName.equals(targetNamespace));
+                        if (uriName.equals(targetNamespace)) {
+                            namespaceFound = true;
+                            break;
+                        }
+                    }
+                    assertTrue(namespaceFound, "The namespace " + uriName + " is not present in file " + xsdLocalFilename);
+                }));
+            }
+        }
+
+        return dynamicTests;
+    }
+}

tools/src/test/java/org/cyclonedx/schema/XmlSchemaVerificationTest.java

@@ -13,39 +13,48 @@
  */
 package org.cyclonedx.schema;
 
-import org.cyclonedx.CycloneDxSchema;
-import org.cyclonedx.parsers.XmlParser;
-import org.junit.jupiter.api.DynamicTest;
-import org.junit.jupiter.api.TestFactory;
 import java.io.File;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.List;
 
+import org.cyclonedx.parsers.XmlParser;
+import org.cyclonedx.Version;
+import org.junit.jupiter.api.DynamicTest;
+import org.junit.jupiter.api.TestFactory;
+
 import static org.junit.jupiter.api.Assertions.assertTrue;
 import static org.junit.jupiter.api.Assertions.assertFalse;
 
 public class XmlSchemaVerificationTest extends BaseSchemaVerificationTest {
 
     @TestFactory
+    /**
+     * Generates a collection of dynamic tests based on the available XML files.
+     *
+     * @return Collection<DynamicTest> a collection of dynamic tests
+     * @throws Exception if an error occurs during the generation of the dynamic tests
+     */
     Collection<DynamicTest> dynamicTestsWithCollection() throws Exception {
         final List<String> files = getAllResources();
         final List<DynamicTest> dynamicTests = new ArrayList<>();
         for (final String file: files) {
             if (file.endsWith(".xml")) {
-                final CycloneDxSchema.Version schemaVersion;
+                final Version schemaVersion;
                 if (file.endsWith("-1.0.xml")) {
-                    schemaVersion = CycloneDxSchema.Version.VERSION_10;
+                    schemaVersion = Version.VERSION_10;
                 } else if (file.endsWith("-1.1.xml")) {
-                    schemaVersion = CycloneDxSchema.Version.VERSION_11;
+                    schemaVersion = Version.VERSION_11;
                 } else if (file.endsWith("-1.2.xml")) {
-                    schemaVersion = CycloneDxSchema.Version.VERSION_12;
+                    schemaVersion = Version.VERSION_12;
                 } else if (file.endsWith("-1.3.xml")) {
-                    schemaVersion = CycloneDxSchema.Version.VERSION_13;
+                    schemaVersion = Version.VERSION_13;
                 } else if (file.endsWith("-1.4.xml")) {
-                    schemaVersion = CycloneDxSchema.Version.VERSION_14;
+                    schemaVersion = Version.VERSION_14;
                 } else if (file.endsWith("-1.5.xml")) {
-                    schemaVersion = CycloneDxSchema.Version.VERSION_15;
+                    schemaVersion = Version.VERSION_15;
+                } else if (file.endsWith("-1.6.xml")) {
+                    schemaVersion = Version.VERSION_16;
                 } else {
                     schemaVersion = null;
                 }
@@ -61,7 +70,15 @@ Collection<DynamicTest> dynamicTestsWithCollection() throws Exception {
         return dynamicTests;
     }
 
-    private boolean isValid(CycloneDxSchema.Version version, String resource) throws Exception {
+    /**
+     * Validates the given XML file against the specified CycloneDX schema version.
+     *
+     * @param  version   the CycloneDX schema version to validate against
+     * @param  resource  the path to the XML file to be validated
+     * @return boolean   true if the XML file is valid according to the specified schema version, false otherwise
+     * @throws Exception if an error occurs during the validation process
+     */
+    private boolean isValid(Version version, String resource) throws Exception {
         final File file = new File(this.getClass().getResource(resource).getFile());
         final XmlParser parser = new XmlParser();
         return parser.isValid(file, version);