Added callstack support back into spec and test cases.

stevespringett · stevespringett · commit d294a99138fa · 2023-04-22T15:06:40.000-05:00
Signed-off-by: Steve Springett &lt;steve@springett.us&gt;
diff --git a/schema/bom-1.5.schema.json b/schema/bom-1.5.schema.json
@@ -1345,6 +1345,66 @@
             }
           }
         },
+        "callstack": {
+          "type": "object",
+          "description": "Evidence of the components use through the callstack.",
+          "additionalProperties": false,
+          "properties": {
+            "frames": {
+              "type": "array",
+              "title": "Methods",
+              "additionalItems": false,
+              "items": {
+                "type": "object",
+                "required": [
+                  "module"
+                ],
+                "additionalProperties": false,
+                "properties": {
+                  "package": {
+                    "title": "Package",
+                    "description": "A package organizes modules into namespaces, providing a unique namespace for each type it contains.",
+                    "type": "string"
+                  },
+                  "module": {
+                    "title": "Module",
+                    "description": "A module or class that encloses functions/methods and other code.",
+                    "type": "string"
+                  },
+                  "function": {
+                    "title": "Function",
+                    "description": "A block of code designed to perform a particular task.",
+                    "type": "string"
+                  },
+                  "parameters": {
+                    "title": "Parameters",
+                    "description": "Optional arguments that are passed to the module or function.",
+                    "type": "array",
+                    "additionalItems": false,
+                    "items": {
+                      "type": "string"
+                    }
+                  },
+                  "line": {
+                    "title": "Line",
+                    "description": "The line number the code that is called resides on.",
+                    "type": "integer"
+                  },
+                  "column": {
+                    "title": "Column",
+                    "description": "The column the code that is called resides.",
+                    "type": "integer"
+                  },
+                  "fullFilename": {
+                    "title": "Full Filename",
+                    "description": "The full path and filename of the module.",
+                    "type": "string"
+                  }
+                }
+              }
+            }
+          }
+        },
         "licenses": {
           "type": "array",
           "additionalItems": false,
diff --git a/schema/bom-1.5.xsd b/schema/bom-1.5.xsd
@@ -1824,6 +1824,81 @@ limitations under the License.
                     </xs:sequence>
                 </xs:complexType>
             </xs:element>
+            <xs:element name="callstack" minOccurs="0" maxOccurs="1">
+                <xs:annotation>
+                    <xs:documentation>Evidence of the components use through the callstack.</xs:documentation>
+                </xs:annotation>
+                <xs:complexType>
+                    <xs:sequence>
+                        <xs:element name="frames" minOccurs="0" maxOccurs="1">
+                            <xs:complexType>
+                                <xs:sequence>
+                                    <xs:element name="frame" minOccurs="0" maxOccurs="unbounded">
+                                        <xs:complexType>
+                                            <xs:sequence>
+                                                <xs:element name="package" type="xs:string" minOccurs="0" maxOccurs="1">
+                                                    <xs:annotation>
+                                                        <xs:documentation>A package organizes modules into namespaces, providing a unique namespace for each type it contains.</xs:documentation>
+                                                    </xs:annotation>
+                                                </xs:element>
+                                                <xs:element name="module" type="xs:string" minOccurs="1" maxOccurs="1">
+                                                    <xs:annotation>
+                                                        <xs:documentation>A module or class that encloses functions/methods and other code.</xs:documentation>
+                                                    </xs:annotation>
+                                                </xs:element>
+                                                <xs:element name="function" type="xs:string" minOccurs="0" maxOccurs="1">
+                                                    <xs:annotation>
+                                                        <xs:documentation>A block of code designed to perform a particular task.</xs:documentation>
+                                                    </xs:annotation>
+                                                </xs:element>
+                                                <xs:element name="parameters" minOccurs="0" maxOccurs="1">
+                                                    <xs:annotation>
+                                                        <xs:documentation>Optional arguments that are passed to the module or function.</xs:documentation>
+                                                    </xs:annotation>
+                                                    <xs:complexType>
+                                                        <xs:sequence>
+                                                            <xs:element name="parameter" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+                                                        </xs:sequence>
+                                                    </xs:complexType>
+                                                </xs:element>
+                                                <xs:element name="line" type="xs:integer" minOccurs="0" maxOccurs="1">
+                                                    <xs:annotation>
+                                                        <xs:documentation>The line number the code that is called resides on.</xs:documentation>
+                                                    </xs:annotation>
+                                                </xs:element>
+                                                <xs:element name="column" type="xs:integer" minOccurs="0" maxOccurs="1">
+                                                    <xs:annotation>
+                                                        <xs:documentation>The column the code that is called resides.</xs:documentation>
+                                                    </xs:annotation>
+                                                </xs:element>
+                                                <xs:element name="fullFilename" type="xs:string" minOccurs="0" maxOccurs="1">
+                                                    <xs:annotation>
+                                                        <xs:documentation>The full path and filename of the module.</xs:documentation>
+                                                    </xs:annotation>
+                                                </xs:element>
+                                            </xs:sequence>
+                                        </xs:complexType>
+                                    </xs:element>
+                                </xs:sequence>
+                            </xs:complexType>
+                        </xs:element>
+                        <xs:element name="tools" minOccurs="0" maxOccurs="1">
+                            <xs:annotation>
+                                <xs:documentation>
+                                    The object in the BOM identified by its bom-ref. This is often a component or service,
+                                    but may be any object type supporting bom-refs. Tools used for analysis should already
+                                    be defined in the BOM, either in the metadata/tools, components, or formulation.
+                                </xs:documentation>
+                            </xs:annotation>
+                            <xs:complexType>
+                                <xs:sequence>
+                                    <xs:element name="tool" type="bom:bomReferenceType" minOccurs="0" maxOccurs="unbounded"/>
+                                </xs:sequence>
+                            </xs:complexType>
+                        </xs:element>
+                    </xs:sequence>
+                </xs:complexType>
+            </xs:element>
             <xs:element name="licenses" type="bom:licenseChoiceType" minOccurs="0" maxOccurs="1"/>
             <xs:element name="copyright" type="bom:copyrightsType" minOccurs="0" maxOccurs="1"/>
             <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded">
diff --git a/tools/src/test/resources/1.5/valid-evidence-1.5.json b/tools/src/test/resources/1.5/valid-evidence-1.5.json
@@ -53,6 +53,29 @@
             "location": "/another/path/to/component"
           }
         ],
+        "callstack": {
+          "frames": [
+            {
+
+              "package": "com.apache.logging.log4j.core",
+              "module": "Logger.class",
+              "function": "logMessage",
+              "parameters": [
+                "com.acme.HelloWorld", "Level.INFO", "null", "Hello World"
+              ],
+              "line": 150,
+              "column": 17,
+              "fullFilename": "/path/to/log4j-core-2.14.0.jar!/org/apache/logging/log4j/core/Logger.class",
+            },
+            {
+              "module": "HelloWorld.class",
+              "function": "main",
+              "line": 20,
+              "column": 12,
+              "fullFilename": "/path/to/HelloWorld.class"
+            }
+          ]
+        },
         "licenses": [
           {
             "license": {
diff --git a/tools/src/test/resources/1.5/valid-evidence-1.5.textproto b/tools/src/test/resources/1.5/valid-evidence-1.5.textproto
@@ -52,6 +52,28 @@ components {
         location: "/another/path/to/component"
       }
     ],
+    callstack: {
+      frames: [
+        {
+          package: "com.apache.logging.log4j.core"
+          module: "Logger.class"
+          function: "logMessage"
+          parameters: [
+            "com.acme.HelloWorld", "Level.INFO", "null", "Hello World"
+          ],
+          line: 150
+          column: 17
+          fullFilename: "/path/to/log4j-core-2.14.0.jar!/org/apache/logging/log4j/core/Logger.class"
+        },
+        {
+          module: "HelloWorld.class"
+          function: "main"
+          line: 20
+          column: 12
+          fullFilename: "/path/to/HelloWorld.class"
+        }
+      ]
+    },
     licenses {
       license {
         id: "Apache-2.0"
diff --git a/tools/src/test/resources/1.5/valid-evidence-1.5.xml b/tools/src/test/resources/1.5/valid-evidence-1.5.xml
@@ -45,6 +45,31 @@
                         <location>/another/path/to/component</location>
                     </occurrence>
                 </occurrences>
+                <callstack>
+                    <frames>
+                        <frame>
+                            <package>com.apache.logging.log4j.core</package>
+                            <module>Logger.class</module>
+                            <function>logMessage</function>
+                            <parameters>
+                                <parameter>com.acme.HelloWorld</parameter>
+                                <parameter>Level.INFO</parameter>
+                                <parameter>null</parameter>
+                                <parameter>Hello World</parameter>
+                            </parameters>
+                            <line>150</line>
+                            <column>17</column>
+                            <fullFilename>/path/to/log4j-core-2.14.0.jar!/org/apache/logging/log4j/core/Logger.class</fullFilename>
+                        </frame>
+                        <frame>
+                            <module>HelloWorld.class</module>
+                            <function>main</function>
+                            <line>20</line>
+                            <column>12</column>
+                            <fullFilename>/path/to/HelloWorld.class</fullFilename>
+                        </frame>
+                    </frames>
+                </callstack>
                 <licenses>
                     <license>
                         <id>Apache-2.0</id>
