CycloneDX · nscuro · Jun 15, 2024 · May 29, 2024
@@ -146,6 +146,7 @@ public void addComponent(Component component) {
 
     @JacksonXmlElementWrapper(localName = "services")
     @JacksonXmlProperty(localName = "service")
+    @VersionFilter(Version.VERSION_12)
     public List<Service> getServices() {
         return services;
     }
@@ -163,6 +164,7 @@ public void addService(Service service) {
 
     @JacksonXmlElementWrapper(useWrapping = false)
     @JsonDeserialize(using = DependencyDeserializer.class)
+    @VersionFilter(Version.VERSION_11)
     public List<Dependency> getDependencies() {
         return dependencies;
     }
@@ -198,6 +200,7 @@ public void setExternalReferences(List<ExternalReference> externalReferences) {
 
     @JacksonXmlElementWrapper(localName = "compositions")
     @JacksonXmlProperty(localName = "composition")
+    @VersionFilter(Version.VERSION_13)
     public List<Composition> getCompositions() {
         return compositions;
     }
@@ -208,6 +211,7 @@ public void setCompositions(List<Composition> compositions) {
 
     @JacksonXmlElementWrapper(localName = "formulation")
     @JacksonXmlProperty(localName = "formula")
+    @VersionFilter(Version.VERSION_15)
     public List<Formula> getFormulation() {
         return formulation;
     }
@@ -218,12 +222,14 @@ public void setFormulation(final List<Formula> formulation) {
 
     @JacksonXmlElementWrapper(localName = "vulnerabilities")
     @JacksonXmlProperty(localName = "vulnerability")
+    @VersionFilter(Version.VERSION_14)
     public List<Vulnerability> getVulnerabilities() { return vulnerabilities; }
 
     public void setVulnerabilities(List<Vulnerability> vulnerabilities) { this.vulnerabilities = vulnerabilities; }
 
     @JacksonXmlElementWrapper(localName = "annotations")
     @JacksonXmlProperty(localName = "annotation")
+    @VersionFilter(Version.VERSION_15)
     public List<Annotation> getAnnotations() {
         return annotations;
     }
@@ -234,6 +240,7 @@ public void setAnnotations(List<Annotation> annotations) {
 
     @JacksonXmlElementWrapper(localName = "properties")
     @JacksonXmlProperty(localName = "property")
+    @JsonInclude(JsonInclude.Include.NON_EMPTY)
     public List<Property> getProperties() {
         return properties;
     }

@@ -49,6 +49,7 @@
 @JsonInclude(JsonInclude.Include.NON_EMPTY)
 @JsonPropertyOrder(
     {"supplier",
+     "manufacturer",
      "author",
      "publisher",
      "group",
@@ -140,15 +141,20 @@ public String getScopeName() {
 
     @JacksonXmlProperty(isAttribute = true, localName = "bom-ref")
     @JsonProperty("bom-ref")
+    @VersionFilter(Version.VERSION_11)
     private String bomRef;
+
     @JacksonXmlProperty(isAttribute = true, localName = "mime-type")
     @JsonProperty("mime-type")
     private String mimeType;
+
     @VersionFilter(Version.VERSION_12)
     private OrganizationalEntity supplier;
+
     @Deprecated
     @VersionFilter(Version.VERSION_12)
     private String author;
+
     @VersionFilter(Version.VERSION_11)
     private String publisher;
     private String group;
@@ -161,24 +167,33 @@ public String getScopeName() {
     private String copyright;
     private String cpe;
     private String purl;
+
     @VersionFilter(Version.VERSION_16)
     private List<String> omniborId;
+
     @VersionFilter(Version.VERSION_16)
     private List<String> swhid;
     @VersionFilter(Version.VERSION_12)
     private Swid swid;
+
     private Boolean modified;
+
     @VersionFilter(Version.VERSION_11)
     private Pedigree pedigree;
+
     @VersionFilter(Version.VERSION_11)
     private List<ExternalReference> externalReferences;
     @VersionFilter(Version.VERSION_13)
     private List<Property> properties;
+
     private List<Component> components;
+
     @VersionFilter(Version.VERSION_13)
     private Evidence evidence;
+
     @JacksonXmlProperty(isAttribute = true)
     private Type type;
+
     @VersionFilter(Version.VERSION_14)
     private ReleaseNotes releaseNotes;
 

@@ -133,6 +133,7 @@ public void addDependency(BomReference dependency) {
 
     @JacksonXmlElementWrapper(localName = "vulnerabilities")
     @JacksonXmlProperty(localName = "vulnerability")
+    @VersionFilter(Version.VERSION_15)
     public List<BomReference> getVulnerabilities() { return vulnerabilities; }
 
     public void setVulnerabilities(List<BomReference> vulnerabilities) { this.vulnerabilities = vulnerabilities; }

@@ -99,6 +99,7 @@ public void addCopyright(Copyright copyright) {
     @JsonProperty("occurrences")
     @JacksonXmlElementWrapper(localName = "occurrences")
     @JacksonXmlProperty(localName = "occurrence")
+    @VersionFilter(Version.VERSION_15)
     public List<Occurrence> getOccurrences() {
         return occurrences;
     }
@@ -119,6 +120,7 @@ public void setCallstack(final Callstack callstack) {
     @JacksonXmlProperty(localName = "identity")
     @JsonProperty("identity")
     @JsonDeserialize(using = IdentityDeserializer.class)
+    @VersionFilter(Version.VERSION_15)
     public List<Identity> getIdentities() {
         return identities;
     }

@@ -73,6 +73,7 @@ public enum Type {
         BUILD_SYSTEM("build-system"),
         @JsonProperty("release-notes")
         RELEASE_NOTES("release-notes"),
+        @VersionFilter(Version.VERSION_15)
         @JsonProperty("security-contact")
         SECURITY_CONTACT("security-contact"),
         @JsonProperty("model_card")
@@ -180,6 +181,7 @@ public void setComment(String comment) {
 
     @JacksonXmlElementWrapper(localName = "hashes")
     @JacksonXmlProperty(localName = "hash")
+    @VersionFilter(Version.VERSION_13)
     public List<Hash> getHashes() {
         return hashes;
     }

@@ -23,6 +23,8 @@
 import com.fasterxml.jackson.annotation.JsonProperty;
 import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty;
 import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlText;
+import org.cyclonedx.Version;
+
 import java.util.Objects;
 
 @SuppressWarnings("unused")
@@ -37,11 +39,16 @@ public enum Algorithm {
         SHA_384("SHA-384"),
         SHA_512("SHA-512"),
         SHA3_256("SHA3-256"),
-        SHA3_384("SHA3-384"),
         SHA3_512("SHA3-512"),
+        @VersionFilter(Version.VERSION_12)
+        SHA3_384("SHA3-384"),
+        @VersionFilter(Version.VERSION_12)
         BLAKE2b_256("BLAKE2b-256"),
+        @VersionFilter(Version.VERSION_12)
         BLAKE2b_384("BLAKE2b-384"),
+        @VersionFilter(Version.VERSION_12)
         BLAKE2b_512("BLAKE2b-512"),
+        @VersionFilter(Version.VERSION_12)
         BLAKE3("BLAKE3");
 
         private final String spec;
@@ -53,6 +60,15 @@ public enum Algorithm {
         public String getSpec() {
             return spec;
         }
+
+        public static Algorithm fromSpec(String spec) {
+            for (Algorithm algorithm : values()) {
+                if (algorithm.spec.equalsIgnoreCase(spec)) {
+                    return algorithm;
+                }
+            }
+            throw new IllegalArgumentException("No enum constant with spec " + spec);
+        }
     }
 
     @JacksonXmlProperty(localName = "alg", isAttribute = true)

@@ -58,7 +58,10 @@ public class License extends ExtensibleElement {
 
     @JacksonXmlProperty(localName = "text")
     @JsonProperty("text")
+    @VersionFilter(Version.VERSION_11)
     private AttachmentText attachmentText;
+
+    @VersionFilter(Version.VERSION_11)
     private String url;
 
     @VersionFilter(Version.VERSION_15)
@@ -96,10 +99,12 @@ public void setLicensing(final Licensing licensing) {
         this.licensing = licensing;
     }
 
+    @VersionFilter(Version.VERSION_11)
     public String getUrl() {
         return url;
     }
 
+    @VersionFilter(Version.VERSION_11)
     public void setUrl(String url) {
         this.url = url;
     }

@@ -20,6 +20,7 @@
 
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonInclude;
+import com.fasterxml.jackson.annotation.JsonInclude.Include;
 import com.fasterxml.jackson.annotation.JsonPropertyOrder;
 import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
 import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty;
@@ -29,7 +30,7 @@
 import java.util.Objects;
 
 @JsonIgnoreProperties(ignoreUnknown = true)
-@JsonInclude(JsonInclude.Include.NON_NULL)
+@JsonInclude(Include.NON_EMPTY)
 @JsonPropertyOrder({"name", "value"})
 @JsonDeserialize(using = PropertyDeserializer.class)
 public class Property extends ExtensibleElement {

@@ -26,7 +26,7 @@
 import org.cyclonedx.Version;
 
 @Retention(RetentionPolicy.RUNTIME)
-@Target(ElementType.FIELD)
+@Target({ElementType.METHOD, ElementType.FIELD})
 public @interface VersionFilter {
   //Version where the attribute was introduced
   Version value();

@@ -392,10 +392,12 @@ public enum Method {
       CVSSV3("CVSSv3"),
       @JsonProperty("CVSSv31")
       CVSSV31("CVSSv31"),
+      @VersionFilter(org.cyclonedx.Version.VERSION_15)
       @JsonProperty("CVSSv4")
       CVSSV4("CVSSv4"),
       @JsonProperty("OWASP")
       OWASP("OWASP"),
+      @VersionFilter(org.cyclonedx.Version.VERSION_15)
       @JsonProperty("SSVC")
       SSVC("SSVC"),
       @JsonProperty("other")

@@ -34,15 +34,24 @@ public VersionJsonAnnotationIntrospector(final Version version) {
 
     @Override
     public boolean hasIgnoreMarker(final AnnotatedMember m) {
+        // Check if the field has the VersionFilter annotation
         if (m.hasAnnotation(VersionFilter.class)) {
+            // Get the VersionFilter annotation from the field
             VersionFilter filter = m.getAnnotation(VersionFilter.class);
+            // Check if the version specified in the annotation is greater than the current version
             if (filter.value().getVersion() > version.getVersion()) {
+                // If true, it means the field was introduced after the current version, so we should ignore it
                 return true;
             }
         }
+
+        // Check if the field has the XmlOnly annotation
         if (m.hasAnnotation(XmlOnly.class)) {
+            // If true, the field should be ignored for XML serialization
             return true;
         }
+
+        // If none of the above conditions are met, delegate to the superclass's hasIgnoreMarker method
         return super.hasIgnoreMarker(m);
     }
 }
@@ -34,15 +34,24 @@ public VersionXmlAnnotationIntrospector(final Version version) {
 
   @Override
   public boolean hasIgnoreMarker(final AnnotatedMember m) {
+    // Check if the field has the VersionFilter annotation
     if (m.hasAnnotation(VersionFilter.class)) {
+      // Get the VersionFilter annotation from the field
       VersionFilter filter = m.getAnnotation(VersionFilter.class);
+      // Check if the version specified in the annotation is greater than the current version
       if (filter.value().getVersion() > version.getVersion()) {
+        // If true, it means the field was introduced after the current version, so we should ignore it
         return true;
       }
     }
+
+    // Check if the field has the JsonOnly annotation
     if (m.hasAnnotation(JsonOnly.class)) {
+      // If true, the field should be ignored for XML serialization
       return true;
     }
+
+    // If none of the above conditions are met, delegate to the superclass's hasIgnoreMarker method
     return super.hasIgnoreMarker(m);
   }
 }