Switch json validator to opis/json-schema (#151)

* depend on `opis/json-schema` (see #80)
* implement according to new validator
* remove some helpers that are not needed anymore
* made JSON url normalization more constistent

Signed-off-by: Jan Kowalleck <[email protected]>

Author: jkowalleck

HISTORY.md

@@ -107,16 +107,22 @@ API changes
         This is considered a non-breaking change, because the behaviour was already documented in the API, even though there was no need for an implementation before.
     * `ExternalReferenceNormalizer` classes
       * Changed, so that it tries to convert unsupported types to "other", before it throws an `\DomainException` ([#137] via [#147])
+  * `JSON\Normalizers\ExternalReferenceNormalizer` class
+    * BREAKING: method `normalize` may throw `\UnexpectedValueException` when the url is invalid to format "ini-reference" (via [#151])
 * `\CycloneDX\Core\Spdx` namespace
   * BREAKING: renamed the class `License` -> `LicenseValidator` ([#133] via [#143])
 * `\CycloneDX\Core\Spec` namespace
   * BREAKING: completely reworked everything ([#139] via [#142])  
     See the code base for references
 * `\CycloneDX\Core\Validation` namespace
-  * `{Json,Xml}Validator` classes
-    * Added support for CycloneDX v1.4` ([#57] via [#65])
+  * `XmlValidator` classes
+    * Added support for CycloneDX v1.4 ([#57] via [#65])
+  * `JsonValidator` classes
+    * Added support for CycloneDX v1.4 ([#57] via [#65])
+    * Utilizes a much more competent validation library than before ([#80] via [#151])
   * `JsonStrictValidator` class
     * Added support for CycloneDX v1.4 ([#57] via [#65])
+    * Utilizes a much more competent validation library than before ([#80] via [#151])
   * `ValidatorInterface` interface
     * BREAKING: renamed interface to `Validator` ([#133] via [#143])
 
@@ -126,6 +132,7 @@ API changes
 [#57]: https://github.com/CycloneDX/cyclonedx-php-library/issues/57
 [#65]: https://github.com/CycloneDX/cyclonedx-php-library/pull/65
 [#66]: https://github.com/CycloneDX/cyclonedx-php-library/issues/66
+[#80]: https://github.com/CycloneDX/cyclonedx-php-library/issues/80
 [#114]: https://github.com/CycloneDX/cyclonedx-php-library/issues/114
 [#118]: https://github.com/CycloneDX/cyclonedx-php-library/pull/118
 [#123]: https://github.com/CycloneDX/cyclonedx-php-library/pull/123
@@ -140,6 +147,7 @@ API changes
 [#144]: https://github.com/CycloneDX/cyclonedx-php-library/pull/144
 [#146]: https://github.com/CycloneDX/cyclonedx-php-library/pull/146
 [#149]: https://github.com/CycloneDX/cyclonedx-php-library/pull/149
+[#151]: https://github.com/CycloneDX/cyclonedx-php-library/pull/151
 
 ## 1.6.3 - 2022-09-15
 

composer.json

@@ -34,8 +34,8 @@
         "ext-dom": "*",
         "ext-json": "*",
         "ext-libxml": "*",
-        "package-url/packageurl-php": "^1.0",
-        "swaggest/json-schema": "^0.12.35"
+        "opis/json-schema": "^2.0",
+        "package-url/packageurl-php": "^1.0"
     },
     "require-dev": {
         "ext-simplexml": "*",

res/bom-1.2-strict.SNAPSHOT.schema.json

@@ -12,10 +12,7 @@
   "additionalProperties": false,
   "properties": {
     "$schema": {
-      "type": "string",
-      "enum": [
-        "http://cyclonedx.org/schema/bom-1.2a.schema.json"
-      ]
+      "type": "string"
     },
     "bomFormat": {
       "$id": "#/properties/bomFormat",

res/bom-1.3-strict.SNAPSHOT.schema.json

@@ -12,10 +12,7 @@
   "additionalProperties": false,
   "properties": {
     "$schema": {
-      "type": "string",
-      "enum": [
-        "http://cyclonedx.org/schema/bom-1.3.schema.json"
-      ]
+      "type": "string"
     },
     "bomFormat": {
       "$id": "#/properties/bomFormat",

res/bom-1.4.SNAPSHOT.schema.json

@@ -12,10 +12,7 @@
   "additionalProperties": false,
   "properties": {
     "$schema": {
-      "type": "string",
-      "enum": [
-        "http://cyclonedx.org/schema/bom-1.4.schema.json"
-      ]
+      "type": "string"
     },
     "bomFormat": {
       "type": "string",

src/Core/Serialization/DOM/Normalizers/ExternalReferenceNormalizer.php

@@ -47,6 +47,12 @@ class ExternalReferenceNormalizer extends _BaseNormalizer
      */
     public function normalize(ExternalReference $externalReference): DOMElement
     {
+        $refURI = $externalReference->getUrl();
+        $anyURI = $this->encodeAnyUriBE($refURI);
+        if (null === $anyURI) {
+            throw new UnexpectedValueException("unable to make 'anyURI' from: $refURI");
+        }
+
         $factory = $this->getNormalizerFactory();
         $spec = $factory->getSpec();
 
@@ -59,14 +65,6 @@ public function normalize(ExternalReference $externalReference): DOMElement
             }
         }
 
-        $refURI = $externalReference->getUrl();
-        $anyURI = $this->encodeAnyUriBE($refURI);
-        if (null === $anyURI) {
-            // @codeCoverageIgnoreStart
-            throw new UnexpectedValueException("unable to make anyURI from: $refURI");
-            // @codeCoverageIgnoreEnd
-        }
-
         $doc = $factory->getDocument();
 
         return $this->simpleDomAppendChildren(

src/Core/Serialization/JSON/Normalizers/ExternalReferenceNormalizer.php

@@ -29,6 +29,8 @@
 use CycloneDX\Core\Models\ExternalReference;
 use CycloneDX\Core\Serialization\JSON\_BaseNormalizer;
 use DomainException;
+use Opis\JsonSchema\Formats\IriFormats;
+use UnexpectedValueException;
 
 /**
  * @author jkowalleck
@@ -38,10 +40,18 @@ class ExternalReferenceNormalizer extends _BaseNormalizer
     use NullAssertionTrait;
 
     /**
-     * @throws DomainException when the type was not supported by the spec
+     * @throws UnexpectedValueException when the url is invalid to IriReference format
+     * @throws DomainException          when the type was not supported by the spec
+     *
+     * @SuppressWarnings(PHPMD.StaticAccess)
      */
     public function normalize(ExternalReference $externalReference): array
     {
+        $url = $externalReference->getUrl();
+        if (false === IriFormats::iriReference($url)) {
+            throw new UnexpectedValueException("invalid to format 'IriReference': $url");
+        }
+
         $spec = $this->getNormalizerFactory()->getSpec();
         $type = $externalReference->getType();
         if (false === $spec->isSupportedExternalReferenceType($type)) {
@@ -55,7 +65,7 @@ public function normalize(ExternalReference $externalReference): array
         return array_filter(
             [
                 'type' => $type,
-                'url' => $externalReference->getUrl(),
+                'url' => $url,
                 'comment' => $externalReference->getComment(),
                 'hashes' => $this->normalizeHashes($externalReference->getHashes()),
             ],

src/Core/Serialization/JSON/Normalizers/ExternalReferenceRepositoryNormalizer.php

@@ -25,6 +25,8 @@
 
 use CycloneDX\Core\Collections\ExternalReferenceRepository;
 use CycloneDX\Core\Serialization\JSON\_BaseNormalizer;
+use DomainException;
+use UnexpectedValueException;
 
 /**
  * @author jkowalleck
@@ -44,7 +46,7 @@ public function normalize(ExternalReferenceRepository $repo): array
         foreach ($repo->getItems() as $externalReference) {
             try {
                 $item = $normalizer->normalize($externalReference);
-            } catch (\DomainException) {
+            } catch (DomainException|UnexpectedValueException) {
                 continue;
             }
             if (false === empty($item)) {

src/Core/Serialization/JSON/Normalizers/LicenseNormalizer.php

@@ -28,6 +28,7 @@
 use CycloneDX\Core\Models\License\DisjunctiveLicenseWithName;
 use CycloneDX\Core\Models\License\LicenseExpression;
 use CycloneDX\Core\Serialization\JSON\_BaseNormalizer;
+use Opis\JsonSchema\Formats\IriFormats;
 
 /**
  * @author jkowalleck
@@ -52,19 +53,23 @@ private function normalizeExpression(LicenseExpression $license): array
     }
 
     /**
-     * @SuppressWarnings(PHPMD.ShortVariable)
+     * @SuppressWarnings(PHPMD.ShortVariable) $id
+     * @SuppressWarnings(PHPMD.StaticAccess)
      */
     private function normalizeDisjunctive(DisjunctiveLicenseWithId|DisjunctiveLicenseWithName $license): array
     {
         [$id, $name] = $license instanceof DisjunctiveLicenseWithId
             ? [$license->getId(), null]
             : [null, $license->getName()];
+        $url = $license->getUrl();
 
         return ['license' => array_filter(
             [
                 'id' => $id,
                 'name' => $name,
-                'url' => $license->getUrl(),
+                'url' => null !== $url && IriFormats::iriReference($url)
+                    ? $url
+                    : null,
             ],
             [$this, 'isNotNull']
         )];

src/Core/Serialization/JsonSerializer.php

@@ -49,8 +49,8 @@ class JsonSerializer extends BaseSerializer
      */
     private const SCHEMA = [
         Version::v1dot1 => null, // unsupported version
-        Version::v1dot2 => 'http://cyclonedx.org/schema/bom-1.2a.schema.json',
-        Version::v1dot3 => 'http://cyclonedx.org/schema/bom-1.3.schema.json',
+        Version::v1dot2 => 'http://cyclonedx.org/schema/bom-1.2b.schema.json',
+        Version::v1dot3 => 'http://cyclonedx.org/schema/bom-1.3a.schema.json',
         Version::v1dot4 => 'http://cyclonedx.org/schema/bom-1.4.schema.json',
     ];