diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 517a0a8..06df550 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -17,7 +17,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repository - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # tag=v4.1.1 + uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # tag=v4.1.5 - name: Check license headers uses: apache/skywalking-eyes@438e4ea5682269933ea2c8b5608662e52af26959 # tag=v0.4.0 with: @@ -29,15 +29,15 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repository - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # tag=v4.1.1 + uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # tag=v4.1.5 - name: Setup Go - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # tag=v5.0.0 + uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # tag=v5.0.1 with: go-version: "1.20" check-latest: true cache: false - name: Run golangci-lint - uses: golangci/golangci-lint-action@3cfe3a4abbb849e10058ce4af15d205b6da42804 # tag=v4.0.0 + uses: golangci/golangci-lint-action@a4f60bb28d35aeee14e6880718e0c85ff1882e64 # tag=v6.0.1 with: version: latest args: --verbose @@ -54,11 +54,11 @@ jobs: - "1.20" steps: - name: Setup Go - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # tag=v5.0.0 + uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # tag=v5.0.1 with: go-version: ${{ matrix.go }} check-latest: true - name: Checkout Repository - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # tag=v4.1.1 + uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # tag=v4.1.5 - name: Test run: make test diff --git a/.github/workflows/goreleaser.yml b/.github/workflows/goreleaser.yml index ff8872f..cdffb16 100644 --- a/.github/workflows/goreleaser.yml +++ b/.github/workflows/goreleaser.yml @@ -16,11 +16,11 @@ jobs: contents: write steps: - name: Checkout Repository - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # tag=v4.1.1 + uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # tag=v4.1.5 with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # tag=v5.0.0 + uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # tag=v5.0.1 with: go-version: "1.20" check-latest: true diff --git a/Dockerfile.gitpod b/Dockerfile.gitpod index 1e8422f..074c641 100644 --- a/Dockerfile.gitpod +++ b/Dockerfile.gitpod @@ -15,4 +15,4 @@ # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. -FROM gitpod/workspace-go:latest@sha256:9118b9398357b5136e6dd026dd357503c2e4ad385c097b2ba596af6f2d5a2b6b +FROM gitpod/workspace-go:latest@sha256:8b9a0f68edeb1e05f78a4988a18125feb9603a33e2726b12dc7e462e4cbbdac0 diff --git a/cyclonedx.go b/cyclonedx.go index e51e687..64be905 100644 --- a/cyclonedx.go +++ b/cyclonedx.go @@ -131,11 +131,29 @@ type CallstackFrame struct { FullFilename string `json:"fullFilename,omitempty" xml:"fullFilename,omitempty"` } +type CertificateProperties struct { + SubjectName string `json:"subjectName,omitempty" xml:"subjectName,omitempty"` + IssuerName string `json:"issuerName,omitempty" xml:"issuerName,omitempty"` + NotValidBefore string `json:"notValidBefore,omitempty" xml:"notValidBefore,omitempty"` + NotValidAfter string `json:"notValidAfter,omitempty" xml:"notValidAfter,omitempty"` + SignatureAlgorithmRef BOMReference `json:"signatureAlgorithmRef,omitempty" xml:"signatureAlgorithmRef,omitempty"` + SubjectPublicKeyRef BOMReference `json:"subjectPublicKeyRef,omitempty" xml:"subjectPublicKeyRef,omitempty"` + CertificateFormat string `json:"certificateFormat,omitempty" xml:"certificateFormat,omitempty"` + CertificateExtension string `json:"certificateExtension,omitempty" xml:"certificateExtension,omitempty"` +} + +type CipherSuite struct { + Name string `json:"name,omitempty" xml:"name,omitempty"` + Algorithms *[]BOMReference `json:"algorithms,omitempty" xml:"algorithms,omitempty"` + Identifiers *[]string `json:"identifiers,omitempty" xml:"identifiers,omitempty"` +} + type ComponentType string const ( ComponentTypeApplication ComponentType = "application" ComponentTypeContainer ComponentType = "container" + ComponentTypeCryptographicAsset ComponentType = "cryptographic-asset" ComponentTypeData ComponentType = "data" ComponentTypeDevice ComponentType = "device" ComponentTypeDeviceDriver ComponentType = "device-driver" @@ -183,6 +201,7 @@ type Component struct { ReleaseNotes *ReleaseNotes `json:"releaseNotes,omitempty" xml:"releaseNotes,omitempty"` ModelCard *MLModelCard `json:"modelCard,omitempty" xml:"modelCard,omitempty"` Data *ComponentData `json:"data,omitempty" xml:"data,omitempty"` + CryptoProperties *CryptoProperties `json:"cryptoProperties,omitempty" xml:"cryptoProperties,omitempty"` } type ComponentData struct { @@ -266,6 +285,193 @@ type Credits struct { Individuals *[]OrganizationalContact `json:"individuals,omitempty" xml:"individuals>individual,omitempty"` } +type CryptoAlgorithmMode string + +const ( + CryptoAlgorithmModeCBC CryptoAlgorithmMode = "cbc" + CryptoAlgorithmModeECB CryptoAlgorithmMode = "ecb" + CryptoAlgorithmModeCCM CryptoAlgorithmMode = "ccm" + CryptoAlgorithmModeGCM CryptoAlgorithmMode = "gcm" + CryptoAlgorithmModeCFB CryptoAlgorithmMode = "cfb" + CryptoAlgorithmModeOFB CryptoAlgorithmMode = "ofb" + CryptoAlgorithmModeCTR CryptoAlgorithmMode = "ctr" + CryptoAlgorithmModeOther CryptoAlgorithmMode = "other" + CryptoAlgorithmModeUnknown CryptoAlgorithmMode = "unknown" +) + +type CryptoAlgorithmProperties struct { + Primitive CryptoPrimitive `json:"primitive,omitempty" xml:"primitive,omitempty"` + ParameterSetIdentifier string `json:"parameterSetIdentifier,omitempty" xml:"parameterSetIdentifier,omitempty"` + Curve string `json:"curve,omitempty" xml:"curve,omitempty"` + ExecutionEnvironment CryptoExecutionEnvironment `json:"executionEnvironment,omitempty" xml:"executionEnvironment,omitempty"` + ImplementationPlatform ImplementationPlatform `json:"implementationPlatform,omitempty" xml:"implementationPlatform,omitempty"` + CertificationLevel *[]CryptoCertificationLevel `json:"certificationLevel,omitempty" xml:"certificationLevel,omitempty"` + Mode CryptoAlgorithmMode `json:"mode,omitempty" xml:"mode,omitempty"` + Padding CryptoPadding `json:"padding,omitempty" xml:"padding,omitempty"` + CryptoFunctions *[]CryptoFunction `json:"cryptoFunctions,omitempty" xml:"cryptoFunctions>cryptoFunction,omitempty"` + ClassicalSecurityLevel *int `json:"classicalSecurityLevel,omitempty" xml:"classicalSecurityLevel,omitempty"` + NistQuantumSecurityLevel *int `json:"nistQuantumSecurityLevel" xml:"nistQuantumSecurityLevel"` +} + +type CryptoAssetType string + +const ( + CryptoAssetTypeAlgorithm CryptoAssetType = "algorithm" + CryptoAssetTypeCertificate CryptoAssetType = "certificate" + CryptoAssetTypeProtocol CryptoAssetType = "protocol" + CryptoAssetTypeRelatedCryptoMaterial CryptoAssetType = "related-crypto-material" +) + +type CryptoCertificationLevel string + +const ( + CryptoCertificationLevelNone CryptoCertificationLevel = "none" + CryptoCertificationLevelFIPS140_1_L1 CryptoCertificationLevel = "fips140-1-l1" + CryptoCertificationLevelFIPS140_1_L2 CryptoCertificationLevel = "fips140-1-l2" + CryptoCertificationLevelFIPS140_1_L3 CryptoCertificationLevel = "fips140-1-l3" + CryptoCertificationLevelFIPS140_1_L4 CryptoCertificationLevel = "fips140-1-l4" + CryptoCertificationLevelFIPS140_2_L1 CryptoCertificationLevel = "fips140-2-l1" + CryptoCertificationLevelFIPS140_2_L2 CryptoCertificationLevel = "fips140-2-l2" + CryptoCertificationLevelFIPS140_2_L3 CryptoCertificationLevel = "fips140-2-l3" + CryptoCertificationLevelFIPS140_2_L4 CryptoCertificationLevel = "fips140-2-l4" + CryptoCertificationLevelFIPS140_3_L1 CryptoCertificationLevel = "fips140-3-l1" + CryptoCertificationLevelFIPS140_3_L2 CryptoCertificationLevel = "fips140-3-l2" + CryptoCertificationLevelFIPS140_3_L3 CryptoCertificationLevel = "fips140-3-l3" + CryptoCertificationLevelFIPS140_3_L4 CryptoCertificationLevel = "fips140-3-l4" + CryptoCertificationLevelCCEAL1 CryptoCertificationLevel = "cc-eal1" + CryptoCertificationLevelCCEAL1Plus CryptoCertificationLevel = "cc-eal1+" + CryptoCertificationLevelCCEAL2 CryptoCertificationLevel = "cc-eal2" + CryptoCertificationLevelCCEAL2Plus CryptoCertificationLevel = "cc-eal2+" + CryptoCertificationLevelCCEAL3 CryptoCertificationLevel = "cc-eal3" + CryptoCertificationLevelCCEAL3Plus CryptoCertificationLevel = "cc-eal3+" + CryptoCertificationLevelCCEAL4 CryptoCertificationLevel = "cc-eal4" + CryptoCertificationLevelCCEAL4Plus CryptoCertificationLevel = "cc-eal4+" + CryptoCertificationLevelCCEAL5 CryptoCertificationLevel = "cc-eal5" + CryptoCertificationLevelCCEAL5Plus CryptoCertificationLevel = "cc-eal5+" + CryptoCertificationLevelCCEAL6 CryptoCertificationLevel = "cc-eal6" + CryptoCertificationLevelCCEAL6Plus CryptoCertificationLevel = "cc-eal6+" + CryptoCertificationLevelCCEAL7 CryptoCertificationLevel = "cc-eal7" + CryptoCertificationLevelCCEAL7Plus CryptoCertificationLevel = "cc-eal7+" + CryptoCertificationLevelOther CryptoCertificationLevel = "other" + CryptoCertificationLevelUnknown CryptoCertificationLevel = "unknown" +) + +type CryptoExecutionEnvironment string + +const ( + CryptoExecutionEnvironmentSoftwarePlainRAM CryptoExecutionEnvironment = "software-plain-ram" + CryptoExecutionEnvironmentSoftwareEncryptedRAM CryptoExecutionEnvironment = "software-encrypted-ram" + CryptoExecutionEnvironmentSoftwareTEE CryptoExecutionEnvironment = "software-tee" + CryptoExecutionEnvironmentHardware CryptoExecutionEnvironment = "hardware" + CryptoExecutionEnvironmentOther CryptoExecutionEnvironment = "other" + CryptoExecutionEnvironmentUnknown CryptoExecutionEnvironment = "unknown" +) + +type CryptoFunction string + +const ( + CryptoFunctionGenerate CryptoFunction = "generate" + CryptoFunctionKeygen CryptoFunction = "keygen" + CryptoFunctionEncrypt CryptoFunction = "encrypt" + CryptoFunctionDecrypt CryptoFunction = "decrypt" + CryptoFunctionDigest CryptoFunction = "digest" + CryptoFunctionTag CryptoFunction = "tag" + CryptoFunctionKeyderive CryptoFunction = "keyderive" + CryptoFunctionSign CryptoFunction = "sign" + CryptoFunctionVerify CryptoFunction = "verify" + CryptoFunctionEncapsulate CryptoFunction = "encapsulate" + CryptoFunctionDecapsulate CryptoFunction = "decapsulate" + CryptoFunctionOther CryptoFunction = "other" + CryptoFunctionUnknown CryptoFunction = "unknown" +) + +type CryptoKeyState string + +const ( + CryptoKeyStatePreActivation CryptoKeyState = "pre-activation" + CryptoKeyStateActive CryptoKeyState = "active" + CryptoKeyStateSuspended CryptoKeyState = "suspended" + CryptoKeyStateDeactivated CryptoKeyState = "deactivated" + CryptoKeyStateCompromised CryptoKeyState = "compromised" + CryptoKeyStateDestroyed CryptoKeyState = "destroyed" +) + +type CryptoPadding string + +const ( + CryptoPaddingPKCS5 CryptoPadding = "pkcs5" + CryptoPaddingPKCS7 CryptoPadding = "pkcs7" + CryptoPaddingPKCS1v15 CryptoPadding = "pkcs1v15" + CryptoPaddingOAEP CryptoPadding = "oaep" + CryptoPaddingRaw CryptoPadding = "raw" + CryptoPaddingOther CryptoPadding = "other" + CryptoPaddingUnknown CryptoPadding = "unknown" +) + +type CryptoPrimitive string + +const ( + CryptoPrimitiveDRBG CryptoPrimitive = "drbg" + CryptoPrimitiveMAC CryptoPrimitive = "mac" + CryptoPrimitiveBlockCipher CryptoPrimitive = "block-cipher" + CryptoPrimitiveStreamCipher CryptoPrimitive = "stream-cipher" + CryptoPrimitiveSignature CryptoPrimitive = "signature" + CryptoPrimitiveHash CryptoPrimitive = "hash" + CryptoPrimitivePKE CryptoPrimitive = "pke" + CryptoPrimitiveXOF CryptoPrimitive = "xof" + CryptoPrimitiveKDF CryptoPrimitive = "kdf" + CryptoPrimitiveKeyAgree CryptoPrimitive = "key-agree" + CryptoPrimitiveKEM CryptoPrimitive = "kem" + CryptoPrimitiveAE CryptoPrimitive = "ae" + CryptoPrimitiveCombiner CryptoPrimitive = "combiner" + CryptoPrimitiveOther CryptoPrimitive = "other" + CryptoPrimitiveUnknown CryptoPrimitive = "unknown" +) + +type CryptoProperties struct { + AssetType CryptoAssetType `json:"assetType" xml:"assetType"` + AlgorithmProperties *CryptoAlgorithmProperties `json:"algorithmProperties,omitempty" xml:"algorithmProperties,omitempty"` + CertificateProperties *CertificateProperties `json:"certificateProperties,omitempty" xml:"certificateProperties,omitempty"` + RelatedCryptoMaterialProperties *RelatedCryptoMaterialProperties `json:"relatedCryptoMaterialProperties,omitempty" xml:"relatedCryptoMaterialProperties,omitempty"` + ProtocolProperties *CryptoProtocolProperties `json:"protocolProperties,omitempty" xml:"protocolProperties,omitempty"` + OID string `json:"oid,omitempty" xml:"oid,omitempty"` +} + +type CryptoProtocolProperties struct { + Type CryptoProtocolType `json:"type,omitempty" xml:"type,omitempty"` + Version string `json:"version,omitempty" xml:"version,omitempty"` + CipherSuites *[]CipherSuite `json:"cipherSuites,omitempty" xml:"cipherSuites,omitempty"` + IKEv2TransformTypes *IKEv2TransformTypes `json:"ikev2TransformTypes,omitempty" xml:"ikev2TransformTypes,omitempty"` + CryptoRefArray *[]BOMReference `json:"cryptoRefArray,omitempty" xml:"cryptoRefArray,omitempty"` +} + +type CryptoProtocolType string + +const ( + CryptoProtocolTypeTLS CryptoProtocolType = "tls" + CryptoProtocolTypeSSH CryptoProtocolType = "ssh" + CryptoProtocolTypeIPSec CryptoProtocolType = "ipsec" + CryptoProtocolTypeIKE CryptoProtocolType = "ike" + CryptoProtocolTypeSSTP CryptoProtocolType = "sstp" + CryptoProtocolTypeWPA CryptoProtocolType = "wpa" + CryptoProtocolTypeOther CryptoProtocolType = "other" + CryptoProtocolTypeUnknown CryptoProtocolType = "unknown" +) + +type IKEv2TransformTypes struct { + Encr *[]BOMReference `json:"encr,omitempty" xml:"encr,omitempty"` + PRF *[]BOMReference `json:"prf,omitempty" xml:"prf,omitempty"` + Integ *[]BOMReference `json:"integ,omitempty" xml:"integ,omitempty"` + KE *[]BOMReference `json:"ke,omitempty" xml:"ke,omitempty"` + ESN bool `json:"esn" xml:"esn"` + Auth *[]BOMReference `json:"auth,omitempty" xml:"auth,omitempty"` +} + +type SecuredBy struct { + Mechanism string `json:"mechanism,omitempty" xml:"mechanism,omitempty"` + AlgorithmRef BOMReference `json:"algorithmRef,omitempty" xml:"algorithmRef,omitempty"` +} + type DataClassification struct { Flow DataFlow `json:"flow" xml:"flow,attr"` Classification string `json:"classification" xml:",chardata"` @@ -481,6 +687,25 @@ const ( IASNotAffected ImpactAnalysisState = "not_affected" ) +type ImplementationPlatform string + +const ( + ImplementationPlatformGeneric ImplementationPlatform = "generic" + ImplementationPlatformX86_32 ImplementationPlatform = "x86_32" + ImplementationPlatformX86_64 ImplementationPlatform = "x86_64" + ImplementationPlatformARMv7A ImplementationPlatform = "armv7-a" + ImplementationPlatformARMv7M ImplementationPlatform = "armv7-m" + ImplementationPlatformARMv8A ImplementationPlatform = "armv8-a" + ImplementationPlatformARMv8M ImplementationPlatform = "armv8-m" + ImplementationPlatformARMv9A ImplementationPlatform = "armv9-a" + ImplementationPlatformARMv9M ImplementationPlatform = "armv9-m" + ImplementationPlatformS390x ImplementationPlatform = "s390x" + ImplementationPlatformPPC64 ImplementationPlatform = "ppc64" + ImplementationPlatformPPC64LE ImplementationPlatform = "ppc64le" + ImplementationPlatformOther ImplementationPlatform = "other" + ImplementationPlatformUnknown ImplementationPlatform = "unknown" +) + type Issue struct { ID string `json:"id" xml:"id"` Name string `json:"name,omitempty" xml:"name,omitempty"` @@ -736,6 +961,45 @@ type Property struct { Value string `json:"value" xml:",chardata"` } +type RelatedCryptoMaterialProperties struct { + Type RelatedCryptoMaterialType `json:"type,omitempty" xml:"type,omitempty"` + ID string `json:"id,omitempty" xml:"id,omitempty"` + State CryptoKeyState `json:"state,omitempty" xml:"state,omitempty"` + AlgorithmRef BOMReference `json:"algorithmRef,omitempty" xml:"algorithmRef,omitempty"` + CreationDate string `json:"creationDate,omitempty" xml:"creationDate,omitempty"` + ActivationDate string `json:"activationDate,omitempty" xml:"activationDate,omitempty"` + UpdateDate string `json:"updateDate,omitempty" xml:"updateDate,omitempty"` + ExpirationDate string `json:"expirationDate,omitempty" xml:"expirationDate,omitempty"` + Value string `json:"value,omitempty" xml:"value,omitempty"` + Size *int `json:"size,omitempty" xml:"size,omitempty"` + Format string `json:"format,omitempty" xml:"format,omitempty"` + SecuredBy *SecuredBy `json:"securedBy,omitempty" xml:"securedBy,omitempty"` +} + +type RelatedCryptoMaterialType string + +const ( + RelatedCryptoMaterialTypePrivateKey RelatedCryptoMaterialType = "private-key" + RelatedCryptoMaterialTypePublicKey RelatedCryptoMaterialType = "public-key" + RelatedCryptoMaterialTypeSecretKey RelatedCryptoMaterialType = "secret-key" + RelatedCryptoMaterialTypeKey RelatedCryptoMaterialType = "key" + RelatedCryptoMaterialTypeCiphertext RelatedCryptoMaterialType = "ciphertext" + RelatedCryptoMaterialTypeSignature RelatedCryptoMaterialType = "signature" + RelatedCryptoMaterialTypeDigest RelatedCryptoMaterialType = "digest" + RelatedCryptoMaterialTypeInitializationVector RelatedCryptoMaterialType = "initialization-vector" + RelatedCryptoMaterialTypeNonce RelatedCryptoMaterialType = "nonce" + RelatedCryptoMaterialTypeSeed RelatedCryptoMaterialType = "seed" + RelatedCryptoMaterialTypeSalt RelatedCryptoMaterialType = "salt" + RelatedCryptoMaterialTypeSharedSecret RelatedCryptoMaterialType = "shared-secret" + RelatedCryptoMaterialTypeTag RelatedCryptoMaterialType = "tag" + RelatedCryptoMaterialTypeAdditionalData RelatedCryptoMaterialType = "additional-data" + RelatedCryptoMaterialTypePassword RelatedCryptoMaterialType = "password" + RelatedCryptoMaterialTypeCredential RelatedCryptoMaterialType = "credential" + RelatedCryptoMaterialTypeToken RelatedCryptoMaterialType = "token" + RelatedCryptoMaterialTypeOther RelatedCryptoMaterialType = "other" + RelatedCryptoMaterialTypeUnknown RelatedCryptoMaterialType = "unknown" +) + type ReleaseNotes struct { Type string `json:"type" xml:"type"` Title string `json:"title,omitempty" xml:"title,omitempty"`