feat: add classifier component field

Add a new field to components to specify whether the component is to
be understood as source or binary.

Signed-off-by: Christoph Steiger <christoph.steiger@siemens.com>

Author: Urist-McGit

schema/bom-1.7.schema.json

@@ -1159,6 +1159,20 @@
           "$ref": "#/definitions/signature",
           "title": "Signature",
           "description": "Enveloped signature in [JSON Signature Format (JSF)](https://cyberphone.github.io/doc/security/jsf.html)."
+        },
+        "classifier": {
+          "type": "string",
+          "enum": [
+            "binary",
+            "sources"
+          ],
+          "title": "Classifier",
+          "meta:enum": {
+            "binary": "The component can be classified as 'binary'. This is the case for most components. If a component includes both source and binary parts it is still considered 'binary'.",
+            "sources": "The component can be classified as 'sources'. Examples are Debian Source packages (as opposed to Debian Binary packages), or a source JAR in Java."
+          },
+          "description": "Specifies the classifier of the component. If the classifier is not specified, 'binary' SHOULD be assumed by the consumer of the BOM.",
+          "default": "binary"
         }
       },
       "allOf": [

schema/bom-1.7.xsd

@@ -812,6 +812,14 @@ limitations under the License.
                 </xs:annotation>
             </xs:element>
             <xs:element name="tags" type="bom:tagsType" minOccurs="0" maxOccurs="1" />
+            <xs:element name="classifier" type="bom:classifier" minOccurs="0" maxOccurs="1" default="binary">
+                <xs:annotation>
+		    <xs:documentation>
+			Specifies the classifier of the component. If the classifier is not specified, 'binary' SHOULD
+			be assumed by the consumer of the BOM.
+		    </xs:documentation>
+                </xs:annotation>
+            </xs:element>
             <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded">
                 <xs:annotation>
                     <xs:documentation>
@@ -1262,6 +1270,24 @@ limitations under the License.
         </xs:restriction>
     </xs:simpleType>
 
+    <xs:simpleType name="classifier">
+        <xs:restriction base="xs:string">
+            <xs:enumeration value="binary">
+                <xs:annotation>
+		    <xs:documentation>The component can be classified as 'binary'. This is the case for most
+			components. If a component includes both source and binary parts it is still considered
+		        'binary'.</xs:documentation>
+                </xs:annotation>
+            </xs:enumeration>
+            <xs:enumeration value="sources">
+                <xs:annotation>
+		    <xs:documentation>The component can be classified as 'sources'. Examples are Debian Source
+			packages (as opposed to Debian Binary packages), or a source JAR in Java.</xs:documentation>
+                </xs:annotation>
+            </xs:enumeration>
+        </xs:restriction>
+    </xs:simpleType>
+
     <xs:simpleType name="classification">
         <xs:restriction base="xs:string">
             <xs:enumeration value="application">

tools/src/test/resources/1.7/valid-classifier-1.7.json

@@ -0,0 +1,17 @@
+{
+  "$schema": "http://cyclonedx.org/schema/bom-1.7.schema.json",
+  "bomFormat": "CycloneDX",
+  "specVersion": "1.7",
+  "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",
+  "version": 1,
+  "components": [
+    {
+      "bom-ref": "pkg:deb/debian/curl@7.50.3-1?arch=source&distro=jessie",
+      "type": "application",
+      "classifier": "sources",
+      "name": "curl",
+      "version": "7.50.3-1",
+      "purl": "pkg:deb/debian/curl@7.50.3-1?arch=source&distro=jessie"
+    }
+  ]
+}

tools/src/test/resources/1.7/valid-classifier-1.7.textproto

@@ -0,0 +1,13 @@
+# proto-file: schema/bom-1.7.proto
+# proto-message: Bom
+
+spec_version: "1.7"
+version: 1
+serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79"
+components {
+  type: CLASSIFICATION_APPLICATION
+  name: "curl"
+  classifier: "sources"
+  version: "7.50.3-1"
+  purl: "pkg:deb/debian/curl@7.50.3-1?arch=source&distro=jessie"
+}