Initial commit of CycloneDX linter

Signed-off-by: Steve Springett <[email protected]>

Author: stevespringett

tools/src/main/js/linter/README.md

@@ -0,0 +1,75 @@
+# CycloneDX Schema Linter
+
+A modular linter for CycloneDX JSON schemas.
+
+## Requirements
+
+- Node.js >= 18.0.0
+- aspell with en_US and en_GB-ize dictionaries
+
+```bash
+# Ubuntu/Debian
+sudo apt-get install aspell aspell-en
+
+# macOS
+brew install aspell
+```
+
+## Usage
+
+```bash
+# Lint files
+node cli.js schema.json
+node cli.js schemas/*.schema.json
+
+# Exclude or include specific checks
+node cli.js --exclude formatting-indent schema.json
+node cli.js --include description-full-stop schema.json
+
+# Output formats: stylish (default), json, compact
+node cli.js --format json schema.json
+
+# List available checks
+node cli.js --list-checks
+```
+
+## Checks
+
+| Check | Description |
+|-------|-------------|
+| `schema-id-pattern` | Validates `$id` matches CycloneDX URL pattern |
+| `formatting-indent` | Validates 2-space indentation |
+| `description-full-stop` | Descriptions must end with full stop |
+| `meta-enum-full-stop` | `meta:enum` values must end with full stop |
+| `property-name-american-english` | Property names use American English |
+| `description-oxford-english` | Descriptions use Oxford English (British with -ize) |
+| `no-uppercase-rfc` | No uppercase RFC 2119 keywords (MUST, SHALL, etc.) |
+| `no-must-word` | Use "shall" instead of "must" per ISO style |
+| `additional-properties-false` | Objects must have `additionalProperties: false` |
+| `title-formatting` | Validates title formatting conventions |
+| `enum-value-formatting` | Validates enum value formatting and `meta:enum` coverage |
+| `ref-usage` | Suggests using `$ref` for repeated structures |
+| `duplicate-content` | Detects duplicate titles and descriptions |
+| `duplicate-definitions` | Detects duplicate definitions and missing `$ref` usage |
+
+## Configuration
+
+Create `.cdxlintrc.json` in your project root:
+
+```json
+{
+  "checks": {
+    "formatting-indent": {
+      "spaces": 2
+    }
+  },
+  "excludeChecks": ["description-oxford-english"],
+  "includeChecks": null
+}
+```
+
+## Running Tests
+
+```bash
+npm test
+```

tools/src/main/js/linter/checks/additional-properties-false.check.js

@@ -0,0 +1,123 @@
+/**
+ * CycloneDX Schema Linter - Additional Properties False Check
+ * 
+ * Validates that all object definitions have `additionalProperties: false`.
+ * This ensures strict schema validation and prevents unexpected properties.
+ * 
+ * @license Apache-2.0
+ */
+
+import { LintCheck, registerCheck, Severity, traverseSchema } from '../index.js';
+
+/**
+ * Check that validates additionalProperties is set to false on objects
+ */
+class AdditionalPropertiesFalseCheck extends LintCheck {
+  constructor() {
+    super(
+      'additional-properties-false',
+      'Additional Properties False',
+      'Validates that object definitions have additionalProperties set to false.',
+      Severity.ERROR
+    );
+  }
+
+  async run(schema, rawContent, config = {}) {
+    const issues = [];
+    
+    // Paths to exclude from checking (e.g., extension points)
+    const excludePaths = config.excludePaths || [];
+    
+    // Allow additionalProperties to be a schema (for pattern-based validation)
+    const allowSchema = config.allowSchema ?? false;
+    
+    traverseSchema(schema, (node, path, key, parent) => {
+      // Only check objects with 'properties' defined
+      if (typeof node !== 'object' || node === null || Array.isArray(node)) {
+        return;
+      }
+      
+      // Must have type: "object" or properties defined to be considered an object schema
+      const isObjectSchema = node.type === 'object' || 
+                             node.properties !== undefined ||
+                             node.patternProperties !== undefined;
+      
+      if (!isObjectSchema) return;
+      
+      // Skip excluded paths
+      if (excludePaths.some(excluded => path.includes(excluded))) return;
+      
+      // Skip if this is a $ref (references are validated separately)
+      if (node.$ref) return;
+      
+      // Skip certain schema composition keywords that don't need additionalProperties
+      if (key === 'if' || key === 'then' || key === 'else') return;
+      if (key === 'not') return;
+      
+      // Check additionalProperties
+      if (!('additionalProperties' in node)) {
+        // additionalProperties is not defined
+        if (node.properties || node.patternProperties) {
+          issues.push(this.createIssue(
+            'Object schema is missing "additionalProperties: false".',
+            path,
+            {
+              hasProperties: !!node.properties,
+              hasPatternProperties: !!node.patternProperties,
+              suggestion: 'Add "additionalProperties": false to prevent unexpected properties.'
+            }
+          ));
+        }
+      } else if (node.additionalProperties === true) {
+        // Explicitly set to true
+        issues.push(this.createIssue(
+          'Object schema has "additionalProperties: true". Set to false for strict validation.',
+          path,
+          {
+            current: true,
+            suggestion: 'Change "additionalProperties" to false.'
+          }
+        ));
+      } else if (node.additionalProperties !== false) {
+        // Set to a schema object
+        if (!allowSchema) {
+          // Check if it's an empty object (equivalent to true)
+          if (typeof node.additionalProperties === 'object' && 
+              Object.keys(node.additionalProperties).length === 0) {
+            issues.push(this.createIssue(
+              'Object schema has "additionalProperties: {}" which is equivalent to true. Set to false.',
+              path,
+              {
+                current: '{}',
+                suggestion: 'Change "additionalProperties" to false.'
+              },
+              Severity.WARNING
+            ));
+          } else {
+            // It's a schema - this might be intentional
+            issues.push(this.createIssue(
+              'Object schema has "additionalProperties" set to a schema. ' +
+              'Consider using false unless additional properties are intentionally allowed.',
+              path,
+              {
+                current: typeof node.additionalProperties,
+                suggestion: 'Review whether additional properties should be allowed.'
+              },
+              Severity.INFO
+            ));
+          }
+        }
+      }
+      // else: additionalProperties === false, which is correct
+    });
+    
+    return issues;
+  }
+}
+
+// Create and register the check
+const check = new AdditionalPropertiesFalseCheck();
+registerCheck(check);
+
+export { AdditionalPropertiesFalseCheck };
+export default check;

tools/src/main/js/linter/checks/description-full-stop.check.js

@@ -0,0 +1,110 @@
+/**
+ * CycloneDX Schema Linter - Description Full Stop Check
+ * 
+ * Validates that all property descriptions end with a full stop (period).
+ * This follows ISO House Style conventions for technical documentation.
+ * 
+ * @license Apache-2.0
+ */
+
+import { LintCheck, registerCheck, Severity, traverseSchema } from '../index.js';
+
+/**
+ * Check that validates descriptions end with a full stop
+ */
+class DescriptionFullStopCheck extends LintCheck {
+  constructor() {
+    super(
+      'description-full-stop',
+      'Description Full Stop',
+      'Validates that property descriptions end with a full stop.',
+      Severity.ERROR
+    );
+  }
+
+  async run(schema, rawContent, config = {}) {
+    const issues = [];
+    
+    // Characters that are acceptable at the end of a description
+    const validEndings = config.validEndings ?? ['.', '?', '!', ')'];
+    
+    // Paths to exclude from checking (e.g., examples)
+    const excludePaths = config.excludePaths ?? [];
+    
+    traverseSchema(schema, (node, path, key, parent) => {
+      // Only check 'description' properties
+      if (key !== 'description') return;
+      
+      // Skip if in excluded path
+      if (excludePaths.some(excluded => path.includes(excluded))) return;
+      
+      // Skip if not a string
+      if (typeof node !== 'string') return;
+      
+      // Skip empty descriptions
+      if (node.trim() === '') return;
+      
+      // Skip if inside meta:enum (handled by different check)
+      if (path.includes('meta:enum')) return;
+      
+      const trimmed = node.trim();
+      const lastChar = trimmed[trimmed.length - 1];
+      
+      // Check if the description ends with an acceptable character
+      if (!validEndings.includes(lastChar)) {
+        // Check for special cases like URLs at the end
+        if (this.isUrlEnding(trimmed)) {
+          // URLs at the end are acceptable if wrapped in markdown or similar
+          return;
+        }
+        
+        // Check for code blocks or inline code at the end
+        if (trimmed.endsWith('`') || trimmed.endsWith('```')) {
+          // Code at the end might be acceptable, but let's warn
+          issues.push(this.createIssue(
+            `Description ends with code block. Consider adding a full stop after.`,
+            path,
+            { 
+              ending: trimmed.substring(Math.max(0, trimmed.length - 30)),
+              lastChar
+            },
+            Severity.WARNING
+          ));
+          return;
+        }
+        
+        issues.push(this.createIssue(
+          `Description does not end with a full stop. Ends with: "${lastChar}"`,
+          path,
+          { 
+            ending: trimmed.substring(Math.max(0, trimmed.length - 30)),
+            lastChar,
+            suggestion: trimmed + '.'
+          }
+        ));
+      }
+    });
+    
+    return issues;
+  }
+  
+  /**
+   * Check if the description ends with a URL
+   */
+  isUrlEnding(text) {
+    // Pattern for URLs at the end of text
+    const urlPattern = /https?:\/\/[^\s]+$/;
+    
+    // Pattern for markdown links at the end
+    const markdownLinkPattern = /\]\([^)]+\)$/;
+    
+    return urlPattern.test(text) || markdownLinkPattern.test(text);
+  }
+}
+
+// Create and register the check
+const check = new DescriptionFullStopCheck();
+registerCheck(check);
+
+export { DescriptionFullStopCheck };
+export default check;