JSON result: add $schema

jkowalleck · jkowalleck · commit b920af95b846 · 2021-12-19T14:35:49.000+01:00
Signed-off-by: Jan Kowalleck &lt;jan.kowalleck@gmail.com&gt;
diff --git a/HISTORY.md b/HISTORY.md
@@ -4,6 +4,12 @@ All notable changes to this project will be documented in this file.
 
 ## unreleased
 
+* Added
+  * Resulting JSON files hold the correct `$schema`. ([#43] via [#42])
+
+[#43]: https://github.com/CycloneDX/cyclonedx-php-library/issues/43
+[#42]: https://github.com/CycloneDX/cyclonedx-php-library/pull/42
+
 ## 1.3.1 - 2021-12-03
 
 * Fixed
diff --git a/res/bom-1.2-strict.SNAPSHOT.schema.json b/res/bom-1.2-strict.SNAPSHOT.schema.json
@@ -5,12 +5,19 @@
   "title": "CycloneDX Software Bill-of-Material Specification",
   "$comment" : "CycloneDX JSON schema is published under the terms of the Apache License 2.0.",
   "required": [
+    "$schema",
     "bomFormat",
     "specVersion",
     "version"
   ],
   "additionalProperties": false,
   "properties": {
+    "$schema": {
+      "type": "string",
+      "enum": [
+        "http://cyclonedx.org/schema/bom-1.2a.schema.json"
+      ]
+    },
     "bomFormat": {
       "$id": "#/properties/bomFormat",
       "type": "string",
diff --git a/res/bom-1.3-strict.SNAPSHOT.schema.json b/res/bom-1.3-strict.SNAPSHOT.schema.json
@@ -5,12 +5,19 @@
   "title": "CycloneDX Software Bill-of-Material Specification",
   "$comment" : "CycloneDX JSON schema is published under the terms of the Apache License 2.0.",
   "required": [
+    "$schema",
     "bomFormat",
     "specVersion",
     "version"
   ],
   "additionalProperties": false,
   "properties": {
+    "$schema": {
+      "type": "string",
+      "enum": [
+        "http://cyclonedx.org/schema/bom-1.3.schema.json"
+      ]
+    },
     "bomFormat": {
       "$id": "#/properties/bomFormat",
       "type": "string",
diff --git a/src/Core/Serialize/JsonSerializer.php b/src/Core/Serialize/JsonSerializer.php
@@ -24,6 +24,7 @@
 namespace CycloneDX\Core\Serialize;
 
 use CycloneDX\Core\Models\Bom;
+use CycloneDX\Core\Spec\Version;
 use DomainException;
 
 /**
@@ -39,6 +40,25 @@ class JsonSerializer extends BaseSerializer
         | \JSON_UNESCAPED_SLASHES // urls become shorter
         | \JSON_PRETTY_PRINT;
 
+    /**
+     * @var string[]|null[]
+     * @psalm-var array<Version::V_*, ?string>
+     */
+    private const SCHEMA = [
+        Version::V_1_1 => null,
+        Version::V_1_2 => 'http://cyclonedx.org/schema/bom-1.2a.schema.json',
+        Version::V_1_3 => 'http://cyclonedx.org/schema/bom-1.3.schema.json',
+    ];
+
+    private function getSchemaBase(): array
+    {
+        $schema = self::SCHEMA[$this->getSpec()->getVersion()];
+
+        return null === $schema
+            ? [] // @codeCoverageIgnore
+            : ['$schema' => $schema];
+    }
+
     /**
      * @throws DomainException if something was not supported
      */
@@ -48,7 +68,7 @@ protected function normalize(Bom $bom): string
             ->makeForBom()
             ->normalize($bom);
 
-        $json = json_encode($data, self::NORMALIZE_OPTIONS);
+        $json = json_encode($this->getSchemaBase() + $data, self::NORMALIZE_OPTIONS);
         \assert(false !== $json); // as option JSON_THROW_ON_ERROR is expected to be set
 
         return $json;
diff --git a/tests/Core/Serialize/JsonSerializerTest.php b/tests/Core/Serialize/JsonSerializerTest.php
@@ -60,6 +60,7 @@ public function testSerialize(): void
         self::assertJsonStringEqualsJsonString(
             <<<'JSON'
                 {
+                    "$schema": "http://cyclonedx.org/schema/bom-1.2a.schema.json",
                     "bomFormat": "CycloneDX",
                     "specVersion": "1.2",
                     "version": 0,
diff --git a/tests/Core/Validation/Validators/JsonStrictValidatorTest.php b/tests/Core/Validation/Validators/JsonStrictValidatorTest.php
@@ -106,6 +106,7 @@ public function testValidateDataPasses(): void
         $spec = $this->createConfiguredMock(SpecInterface::class, ['getVersion' => '1.2']);
         $validator = new JsonStrictValidator($spec);
         $data = (object) [
+            '$schema' => 'http://cyclonedx.org/schema/bom-1.2a.schema.json',
             'bomFormat' => 'CycloneDX',
             'specVersion' => '1.2',
             'version' => 1,
@@ -137,6 +138,7 @@ public function testValidateDataFails(): void
         $spec = $this->createConfiguredMock(SpecInterface::class, ['getVersion' => '1.2']);
         $validator = new JsonStrictValidator($spec);
         $data = (object) [
+            '$schema' => 'http://cyclonedx.org/schema/bom-1.2a.schema.json',
             'bomFormat' => 'CycloneDX',
             'specVersion' => '1.2',
             'version' => 1,

Original file line number	Diff line number	Diff line change
`@@ -60,6 +60,7 @@ public function testSerialize(): void`
`60`	`60`	`self::assertJsonStringEqualsJsonString(`
`61`	`61`	`<<<'JSON'`
`62`	`62`	`{`
	`63`	`+ "$schema": "http://cyclonedx.org/schema/bom-1.2a.schema.json",`
`63`	`64`	`"bomFormat": "CycloneDX",`
`64`	`65`	`"specVersion": "1.2",`
`65`	`66`	`"version": 0,`