forked from CycloneDX/sbom-utility
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Support schema error results to be ouptut in JSON format including cu…
…stom format flags (CycloneDX#40) * Create a framework for validation error special case handling Signed-off-by: Matt Rutkowski <[email protected]> * Create a framework for validation error special case handling Signed-off-by: Matt Rutkowski <[email protected]> * Adjust JSON output formatting as an array Signed-off-by: Matt Rutkowski <[email protected]> * Use an ordered map to control JSON output marshaling order Signed-off-by: Matt Rutkowski <[email protected]> * Use an ordered map to control JSON output marshaling order Signed-off-by: Matt Rutkowski <[email protected]> * Use an ordered map to control JSON output marshaling order Signed-off-by: Matt Rutkowski <[email protected]> * Use an ordered map to control JSON output marshaling order Signed-off-by: Matt Rutkowski <[email protected]> * Separate format related functions into their own file Signed-off-by: Matt Rutkowski <[email protected]> * Separate format related functions into their own file Signed-off-by: Matt Rutkowski <[email protected]> * Format value for unique item error Signed-off-by: Matt Rutkowski <[email protected]> * Consolidate validation flags and use on top-level API call Signed-off-by: Matt Rutkowski <[email protected]> * Adjust JSON error result output prefix and indent Signed-off-by: Matt Rutkowski <[email protected]> * Add validation test case for bad iri-format Signed-off-by: Matt Rutkowski <[email protected]> * Add validation test case for bad iri-format Signed-off-by: Matt Rutkowski <[email protected]> * Consolidate persistent command flags into a struct Signed-off-by: Matt Rutkowski <[email protected]> * represent array type, index and item as a map in json error results Signed-off-by: Matt Rutkowski <[email protected]> * Support flag true|false on validate command Signed-off-by: Matt Rutkowski <[email protected]> * Fix even more Sonatype errors that seem to chnage every time I touch an old file Signed-off-by: Matt Rutkowski <[email protected]> * Adjust help for validate given new formats/flags Signed-off-by: Matt Rutkowski <[email protected]> * Update README to show validate JSON output and new flags Signed-off-by: Matt Rutkowski <[email protected]> * buffer JSON output for unit tests Signed-off-by: Matt Rutkowski <[email protected]> * Update the text format logic to mirror new json formatting Signed-off-by: Matt Rutkowski <[email protected]> * Update the text format logic to mirror new json formatting Signed-off-by: Matt Rutkowski <[email protected]> * Update the text format logic to mirror new json formatting Signed-off-by: Matt Rutkowski <[email protected]> * Streamline json and text formatting paths Signed-off-by: Matt Rutkowski <[email protected]> * Adjust colorized indent to match normal indent Signed-off-by: Matt Rutkowski <[email protected]> * Add additional test assertions to validate # errs and error conext Signed-off-by: Matt Rutkowski <[email protected]> * Assure forced schema file tests reset to default schema Signed-off-by: Matt Rutkowski <[email protected]> --------- Signed-off-by: Matt Rutkowski <[email protected]>
- Loading branch information
1 parent
3c712dd
commit 2c7ffbc
Showing
37 changed files
with
1,237 additions
and
334 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -804,11 +804,15 @@ The following flags can be used to improve performance when formatting error out | |
|
||
##### `--error-limit` flag | ||
|
||
Use the `--error-limit x` flag to reduce the formatted error result output to the first `x` errors. By default, only the first 10 errors are output with an informational messaging indicating `x/y` errors were shown. | ||
Use the `--error-limit x` (default: `10`) flag to reduce the formatted error result output to the first `x` errors. By default, only the first 10 errors are output with an informational messaging indicating `x/y` errors were shown. | ||
|
||
##### `--error-value` flag | ||
|
||
Use the `--error-value=true|false` (default: `true`) flag to reduce the formatted error result output by not showing the `value` field which shows detailed information about the failing data in the BOM. | ||
|
||
##### `--colorize` flag | ||
|
||
Use the `--colorize=true|false` flag to add/remove color formatting to error result output. By default, formatted error output is colorized to help with human readability; for automated use, it can be turned off. | ||
Use the `--colorize=true|false` (default: `false`) flag to add/remove color formatting to error result `txt` formatted output. By default, `txt` formatted error output is colorized to help with human readability; for automated use, it can be turned off. | ||
|
||
#### Validate Examples | ||
|
||
|
@@ -911,6 +915,108 @@ The details include the full context of the failing `metadata.properties` object | |
]] | ||
``` | ||
|
||
#### Example: Validate using "JSON" format | ||
|
||
The JSON format will provide an `array` of schema error results that can be post-processed as part of validation toolchain. | ||
|
||
```bash | ||
./sbom-utility validate -i test/validation/cdx-1-4-validate-err-components-unique-items-1.json --format json --quiet | ||
``` | ||
|
||
```json | ||
[ | ||
{ | ||
"type": "unique", | ||
"field": "components", | ||
"context": "(root).components", | ||
"description": "array items[1,2] must be unique", | ||
"value": { | ||
"type": "array", | ||
"index": 1, | ||
"item": { | ||
"bom-ref": "pkg:npm/[email protected]", | ||
"description": "Node.js body parsing middleware", | ||
"hashes": [ | ||
{ | ||
"alg": "SHA-1", | ||
"content": "96b2709e57c9c4e09a6fd66a8fd979844f69f08a" | ||
} | ||
], | ||
"licenses": [ | ||
{ | ||
"license": { | ||
"id": "MIT" | ||
} | ||
} | ||
], | ||
"name": "body-parser", | ||
"purl": "pkg:npm/[email protected]", | ||
"type": "library", | ||
"version": "1.19.0" | ||
} | ||
} | ||
}, | ||
{ | ||
"type": "unique", | ||
"field": "components", | ||
"context": "(root).components", | ||
"description": "array items[2,4] must be unique", | ||
"value": { | ||
"type": "array", | ||
"index": 2, | ||
"item": { | ||
"bom-ref": "pkg:npm/[email protected]", | ||
"description": "Node.js body parsing middleware", | ||
"hashes": [ | ||
{ | ||
"alg": "SHA-1", | ||
"content": "96b2709e57c9c4e09a6fd66a8fd979844f69f08a" | ||
} | ||
], | ||
"licenses": [ | ||
{ | ||
"license": { | ||
"id": "MIT" | ||
} | ||
} | ||
], | ||
"name": "body-parser", | ||
"purl": "pkg:npm/[email protected]", | ||
"type": "library", | ||
"version": "1.19.0" | ||
} | ||
} | ||
} | ||
] | ||
``` | ||
|
||
##### Reducing output size using `error-value=false` flag | ||
|
||
In many cases, BOMs may have many errors and having the `value` information details included can be too verbose and lead to large output files to inspect. In those cases, simply set the `error-value` flag to `false`. | ||
|
||
Rerunning the same command with this flag set to false yields a reduced set of information. | ||
|
||
```bash | ||
./sbom-utility validate -i test/validation/cdx-1-4-validate-err-components-unique-items-1.json --format json --error-value=false --quiet | ||
``` | ||
|
||
```json | ||
[ | ||
{ | ||
"type": "unique", | ||
"field": "components", | ||
"context": "(root).components", | ||
"description": "array items[1,2] must be unique" | ||
}, | ||
{ | ||
"type": "unique", | ||
"field": "components", | ||
"context": "(root).components", | ||
"description": "array items[2,4] must be unique" | ||
} | ||
] | ||
``` | ||
|
||
--- | ||
|
||
### Vulnerability | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.