Removed seq min/max. Moved name/description to attributes in XSD. Updated all examples to include name/description.

stevespringett · stevespringett · commit c47884ffa7d9 · 2023-03-19T09:53:36.000-05:00
Signed-off-by: Steve Springett &lt;steve@springett.us&gt;
diff --git a/schema/bom-1.5.xsd b/schema/bom-1.5.xsd
@@ -1564,22 +1564,12 @@ limitations under the License.
                                 <xs:documentation>Specifies the data classification.</xs:documentation>
                             </xs:annotation>
                             <xs:complexType>
-                                <xs:sequence minOccurs="0" maxOccurs="1">
+                                <xs:sequence>
                                     <xs:element name="classification" type="bom:dataClassificationType" minOccurs="0" maxOccurs="1">
                                         <xs:annotation>
                                             <xs:documentation>Specifies the data classification.</xs:documentation>
                                         </xs:annotation>
                                     </xs:element>
-                                    <xs:element name="name" type="xs:string" minOccurs="0" maxOccurs="1">
-                                        <xs:annotation>
-                                            <xs:documentation>Name for the defined data.</xs:documentation>
-                                        </xs:annotation>
-                                    </xs:element>
-                                    <xs:element name="description" type="xs:string" minOccurs="0" maxOccurs="1">
-                                        <xs:annotation>
-                                            <xs:documentation>Short description of the data content and usage.</xs:documentation>
-                                        </xs:annotation>
-                                    </xs:element>
                                     <xs:element name="source" minOccurs="0" maxOccurs="1">
                                         <xs:annotation>
                                             <xs:documentation>The URI, URL, or BOM-Link of the components or services the data came in from.</xs:documentation>
@@ -1601,6 +1591,26 @@ limitations under the License.
                                         </xs:complexType>
                                     </xs:element>
                                 </xs:sequence>
+                                <xs:attribute name="name" type="xs:string" use="optional">
+                                    <xs:annotation>
+                                        <xs:documentation>
+                                            Name for the defined data.
+                                        </xs:documentation>
+                                    </xs:annotation>
+                                </xs:attribute>
+                                <xs:attribute name="description" type="xs:string" use="optional">
+                                    <xs:annotation>
+                                        <xs:documentation>
+                                            Short description of the data content and usage.
+                                        </xs:documentation>
+                                    </xs:annotation>
+                                </xs:attribute>
+                                <xs:anyAttribute namespace="##any" processContents="lax">
+                                    <xs:annotation>
+                                        <xs:documentation>User-defined attributes may be used on this element as long as they
+                                            do not have the same name as an existing attribute used by the schema.</xs:documentation>
+                                    </xs:annotation>
+                                </xs:anyAttribute>
                             </xs:complexType>
                         </xs:element>
                     </xs:choice>
diff --git a/tools/src/test/resources/1.5/valid-saasbom-1.5.json b/tools/src/test/resources/1.5/valid-saasbom-1.5.json
@@ -30,6 +30,8 @@
       "trustZone": "Acme Public Zone",
       "data": [
         {
+          "name": "Consumer to Stock Service",
+          "description": "Traffic to/from consumer to service",
           "classification": "Customer",
           "flow": "bi-directional",
           "source": [
@@ -40,6 +42,8 @@
           ]
         },
         {
+          "name": "Stock Service to MS-1",
+          "description": "Traffic to/from stock service to microservice-1",
           "classification": "PII",
           "flow": "bi-directional",
           "source": [
@@ -50,6 +54,8 @@
           ]
         },
         {
+          "name": "Stock Service to MS-2",
+          "description": "Traffic to/from stock service to microservice-2",
           "classification": "PIFI",
           "flow": "bi-directional",
           "source": [
@@ -60,6 +66,8 @@
           ]
         },
         {
+          "name": "Stock Service to MS-3",
+          "description": "Traffic to/from stock service to microservice-3",
           "classification": "Public",
           "flow": "bi-directional",
           "source": [
@@ -94,6 +102,8 @@
           "trustZone": "Acme Private Zone",
           "data": [
             {
+              "name": "Stock Service to MS-1",
+              "description": "Traffic to/from stock service to microservice-1",
               "classification": "PII",
               "flow": "bi-directional",
               "source": [
@@ -104,6 +114,8 @@
               ]
             },
             {
+              "name": "MS-1 to Database",
+              "description": "Traffic to/from microservice-1 to database",
               "classification": "PII",
               "flow": "bi-directional",
               "source": [
@@ -138,6 +150,8 @@
           "trustZone": "Acme Private Zone",
           "data": [
             {
+              "name": "Stock Service to MS-2",
+              "description": "Traffic to/from stock service to microservice-2",
               "classification": "PIFI",
               "flow": "bi-directional",
               "source": [
@@ -172,6 +186,8 @@
           "trustZone": "Acme Private Zone",
           "data": [
             {
+              "name": "Stock Service to MS-3",
+              "description": "Traffic to/from stock service to microservice-3",
               "classification": "Public",
               "flow": "bi-directional",
               "source": [
@@ -182,6 +198,8 @@
               ]
             },
             {
+              "name": "MS-3 to S3",
+              "description": "Data pushed from microservice-3 to S3 bucket",
               "classification": "Public",
               "flow": "outbound",
               "destination": [
@@ -209,6 +227,8 @@
           "trustZone": "Acme Private Zone",
           "data": [
             {
+              "name": "MS-1 to Database",
+              "description": "Traffic to/from microservice-1 to database",
               "classification": "PII",
               "flow": "bi-directional",
               "source": [
@@ -232,6 +252,8 @@
           "trustZone": "Public Internet",
           "data": [
             {
+              "name": "MS-3 to S3",
+              "description": "Data pushed from microservice-3 to S3 bucket",
               "classification": "Public",
               "flow": "inbound",
               "source": [
diff --git a/tools/src/test/resources/1.5/valid-saasbom-1.5.textproto b/tools/src/test/resources/1.5/valid-saasbom-1.5.textproto
@@ -29,24 +29,32 @@ services {
   data {
     flow: DATA_FLOW_BI_DIRECTIONAL
     value: "Customer"
+    name: "Consumer to Stock Service",
+    description: "Traffic to/from consumer to service"
     source: "https://0.0.0.0"
     destination: "https://0.0.0.0"
   }
   data {
     flow: DATA_FLOW_BI_DIRECTIONAL
     value: "PII"
+    name: "Stock Service to MS-1"
+    description: "Traffic to/from stock service to microservice-1"
     source: "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1.example.com"
     destination: "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1.example.com"
   }
   data {
     flow: DATA_FLOW_BI_DIRECTIONAL
     value: "PIFI"
+    name: "Stock Service to MS-2"
+    description: "Traffic to/from stock service to microservice-2"
     source: "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-2.example.com"
     destination: "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-2.example.com"
   }
   data {
     flow: DATA_FLOW_BI_DIRECTIONAL
     value: "Public"
+    name: "Stock Service to MS-3"
+    description: "Traffic to/from stock service to microservice-3"
     source: "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-3.example.com"
     destination: "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-3.example.com"
   }
@@ -69,12 +77,16 @@ services {
     data {
       flow: DATA_FLOW_BI_DIRECTIONAL
       value: "PII"
+      name: "Stock Service to MS-1"
+      description: "Traffic to/from stock service to microservice-1"
       source: "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service"
       destination: "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service"
     }
     data {
       flow: DATA_FLOW_BI_DIRECTIONAL
       value: "PII"
+      name: "MS-1 to Database"
+      description: "Traffic to/from microservice-1 to database"
       source: "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1-pgsql.example.com"
       destination: "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1-pgsql.example.com"
     }
@@ -98,6 +110,8 @@ services {
     data {
       flow: DATA_FLOW_BI_DIRECTIONAL
       value: "PIFI"
+      name: "Stock Service to MS-2"
+      description: "Traffic to/from stock service to microservice-2"
       source: "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service"
       destination: "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service"
     }
@@ -121,12 +135,16 @@ services {
     data {
       flow: DATA_FLOW_BI_DIRECTIONAL
       value: "Public"
+      name: "Stock Service to MS-3"
+      description: "Traffic to/from stock service to microservice-3"
       source: "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service"
       destination: "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service"
     }
     data {
       flow: DATA_FLOW_OUTBOUND
       value: "Public"
+      name: "MS-3 to S3"
+      description: "Data pushed from microservice-3 to S3 bucket"
       destination: "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#s3-example.amazon.com"
     }
     external_references {
@@ -146,6 +164,8 @@ services {
     data {
       flow: DATA_FLOW_BI_DIRECTIONAL
       value: "PII"
+      name: "MS-1 to Database"
+      description: "Traffic to/from microservice-1 to database"
       source: "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1.example.com"
       destination: "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1.example.com"
     }
@@ -161,6 +181,8 @@ services {
     data {
       flow: DATA_FLOW_INBOUND
       value: "PII"
+      name: "MS-3 to S3"
+      description: "Data pushed from microservice-3 to S3 bucket"
       source: "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-3.example.com"
     }
   }
diff --git a/tools/src/test/resources/1.5/valid-saasbom-1.5.xml b/tools/src/test/resources/1.5/valid-saasbom-1.5.xml
@@ -22,7 +22,7 @@
             <authenticated>true</authenticated>
             <trustZone>Acme Public Zone</trustZone>
             <data>
-                <dataflow>
+                <dataflow name="Consumer to Stock Service" description="Traffic to/from consumer to service">
                     <classification flow="bi-directional">Customer</classification>
                     <source>
                         <url>https://0.0.0.0</url>
@@ -31,7 +31,7 @@
                         <url>https://0.0.0.0</url>
                     </destination>
                 </dataflow>
-                <dataflow>
+                <dataflow name="Stock Service to MS-1" description="Traffic to/from stock service to microservice-1">
                     <classification flow="bi-directional">PII</classification>
                     <source>
                         <url>urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1.example.com</url>
@@ -40,7 +40,7 @@
                         <url>urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1.example.com</url>
                     </destination>
                 </dataflow>
-                <dataflow>
+                <dataflow name="Stock Service to MS-2" description="Traffic to/from stock service to microservice-2">
                     <classification flow="bi-directional">PIFI</classification>
                     <source>
                         <url>urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-2.example.com</url>
@@ -49,7 +49,7 @@
                         <url>urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-2.example.com</url>
                     </destination>
                 </dataflow>
-                <dataflow>
+                <dataflow name="Stock Service to MS-3" description="Traffic to/from stock service to microservice-3">
                     <classification flow="bi-directional">Public</classification>
                     <source>
                         <url>urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-3.example.com</url>
@@ -78,7 +78,7 @@
                     <authenticated>true</authenticated>
                     <trustZone>Acme Private Zone</trustZone>
                     <data>
-                        <dataflow>
+                        <dataflow name="Stock Service to MS-1" description="Traffic to/from stock service to microservice-1">
                             <classification flow="bi-directional">PII</classification>
                             <source>
                                 <url>urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service</url>
@@ -87,7 +87,7 @@
                                 <url>urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service</url>
                             </destination>
                         </dataflow>
-                        <dataflow>
+                        <dataflow name="MS-1 to Database" description="Traffic to/from microservice-1 to database">
                             <classification flow="bi-directional">PII</classification>
                             <source>
                                 <url>urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1-pgsql.example.com</url>
@@ -116,7 +116,7 @@
                     <authenticated>true</authenticated>
                     <trustZone>Acme Private Zone</trustZone>
                     <data>
-                        <dataflow>
+                        <dataflow name="Stock Service to MS-2" description="Traffic to/from stock service to microservice-2">
                             <classification flow="bi-directional">PII</classification>
                             <source>
                                 <url>urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service</url>
@@ -145,7 +145,7 @@
                     <authenticated>true</authenticated>
                     <trustZone>Acme Private Zone</trustZone>
                     <data>
-                        <dataflow>
+                        <dataflow name="Stock Service to MS-3" description="Traffic to/from stock service to microservice-3">
                             <classification flow="bi-directional">PII</classification>
                             <source>
                                 <url>urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service</url>
@@ -154,7 +154,7 @@
                                 <url>urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service</url>
                             </destination>
                         </dataflow>
-                        <dataflow>
+                        <dataflow name="MS-3 to S3" description="Data pushed from microservice-3 to S3 bucket">
                             <classification flow="outbound">Public</classification>
                             <destination>
                                 <url>urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#s3-example.amazon.com</url>
@@ -178,7 +178,7 @@
                     <authenticated>true</authenticated>
                     <trustZone>Acme Private Zone</trustZone>
                     <data>
-                        <dataflow>
+                        <dataflow name="MS-1 to Database" description="Traffic to/from microservice-1 to database">
                             <classification flow="bi-directional">PII</classification>
                             <source>
                                 <url>urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1.example.com</url>
@@ -199,7 +199,7 @@
                     <authenticated>true</authenticated>
                     <trustZone>Public Internet</trustZone>
                     <data>
-                        <dataflow>
+                        <dataflow name="MS-3 to S3" description="Data pushed from microservice-3 to S3 bucket">
                             <classification flow="inbound">Public</classification>
                             <source>
                                 <url>urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-3.example.com</url>
