feat: Add missing provides mapping to Dependency to comply with CycloneDX 1.6 spec

vibe13 · vibe13 · commit c05258b9e519 · 2025-01-28T14:52:19.000+01:00
diff --git a/src/main/java/org/cyclonedx/model/Dependency.java b/src/main/java/org/cyclonedx/model/Dependency.java
@@ -18,6 +18,7 @@
  */
 package org.cyclonedx.model;
 
+import org.cyclonedx.Version;
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonInclude;
 import com.fasterxml.jackson.annotation.JsonProperty;
@@ -36,6 +37,11 @@ public class Dependency extends BomReference {
     @JacksonXmlProperty(localName = "dependency")
     private List<Dependency> dependencies;
 
+    @VersionFilter(Version.VERSION_16)
+    @JsonProperty("provides")
+    @JacksonXmlProperty(localName = "provides")
+    private List<Dependency> provides;
+
     public Dependency(final String ref) {
         super(ref);
     }
@@ -60,6 +66,26 @@ public void addDependency(final Dependency dependency) {
         }
     }
 
+    @VersionFilter(Version.VERSION_16)
+    public List<Dependency> getProvides() {
+        return provides;
+    }
+
+    @VersionFilter(Version.VERSION_16)
+    public void setProvides(final List<Dependency> provides) {
+        this.provides = provides;
+    }
+
+    @VersionFilter(Version.VERSION_16)
+    public void addProvides(final Dependency dependency) {
+        if (provides == null) {
+            provides = new ArrayList<>();
+        }
+        boolean found = provides.stream().anyMatch(d -> d.getRef().equals(dependency.getRef()));
+        if (!found) {
+            provides.add(dependency);
+        }
+    }
     @Override
     public boolean equals(Object o) {
         if (this == o) return true;
diff --git a/src/main/java/org/cyclonedx/util/serializer/DependencySerializer.java b/src/main/java/org/cyclonedx/util/serializer/DependencySerializer.java
@@ -97,6 +97,13 @@ private void writeJSONDependenciesWithGenerator(final JsonGenerator generator, f
             }
           }
           generator.writeEndArray();
+          if (CollectionUtils.isNotEmpty(dependency.getProvides())) {
+            generator.writeArrayFieldStart("provides");
+            for (Dependency subDependency : dependency.getProvides()) {
+              generator.writeString(subDependency.getRef());
+            }
+            generator.writeEndArray();
+          }
           generator.writeEndObject();
         }
       }
@@ -141,6 +148,12 @@ private void writeXMLDependency(final Dependency dependency, final ToXmlGenerato
       }
     }
 
+    if (CollectionUtils.isNotEmpty(dependency.getProvides())) {
+      for (Dependency subDependency : dependency.getProvides()) {
+        writeXMLDependency(subDependency, generator);
+      }
+    }
+
     if (CollectionUtils.isNotEmpty(dependency.getDependencies())) {
     generator.writeEndArray();
   }
diff --git a/src/test/resources/1.6/valid-dependency-1.6.json b/src/test/resources/1.6/valid-dependency-1.6.json
@@ -22,6 +22,12 @@
       "type": "library",
       "name": "library-c",
       "version": "1.0.0"
+    },
+    {
+      "bom-ref": "library-d",
+      "type": "library",
+      "name": "library-d",
+      "version": "1.0.0"
     }
   ],
   "dependencies": [
@@ -34,6 +40,12 @@
       "dependsOn": [
         "library-c"
       ]
+    },
+    {
+      "ref": "library-c",
+      "provides": [
+        "library-d"
+      ]
     }
   ]
 }
diff --git a/src/test/resources/1.6/valid-dependency-1.6.textproto b/src/test/resources/1.6/valid-dependency-1.6.textproto
@@ -22,6 +22,12 @@ components {
   name: "library-c"
   version: "1.0.0"
 }
+components {
+  type: CLASSIFICATION_LIBRARY
+  bom_ref: "library-d"
+  name: "library-d"
+  version: "1.0.0"
+}
 dependencies {
   ref: "library-a"
 }
@@ -31,3 +37,8 @@ dependencies {
     ref: "library-c"
   }
 }
+dependencies {
+    ref: "library-c"
+    provides: ["library-d"]
+  }
+}
diff --git a/src/test/resources/1.6/valid-dependency-1.6.xml b/src/test/resources/1.6/valid-dependency-1.6.xml
@@ -13,11 +13,18 @@
             <name>library-c</name>
             <version>1.0.0</version>
         </component>
+        <component type="library" bom-ref="library-d">
+            <name>library-d</name>
+            <version>1.0.0</version>
+        </component>
     </components>
     <dependencies>
         <dependency ref="library-a"/>
         <dependency ref="library-b">
             <dependency ref="library-c"/>
         </dependency>
+        <dependency ref="library-c">
+            <provides ref="library-d"/>
+        </dependency>
     </dependencies>
 </bom>

Original file line number	Diff line number	Diff line change
`@@ -97,6 +97,13 @@ private void writeJSONDependenciesWithGenerator(final JsonGenerator generator, f`
`97`	`97`	`}`
`98`	`98`	`}`
`99`	`99`	`generator.writeEndArray();`
	`100`	`+ if (CollectionUtils.isNotEmpty(dependency.getProvides())) {`
	`101`	`+ generator.writeArrayFieldStart("provides");`
	`102`	`+ for (Dependency subDependency : dependency.getProvides()) {`
	`103`	`+ generator.writeString(subDependency.getRef());`
	`104`	`+ }`
	`105`	`+ generator.writeEndArray();`
	`106`	`+ }`
`100`	`107`	`generator.writeEndObject();`
`101`	`108`	`}`
`102`	`109`	`}`
`@@ -141,6 +148,12 @@ private void writeXMLDependency(final Dependency dependency, final ToXmlGenerato`
`141`	`148`	`}`
`142`	`149`	`}`
`143`	`150`
	`151`	`+ if (CollectionUtils.isNotEmpty(dependency.getProvides())) {`
	`152`	`+ for (Dependency subDependency : dependency.getProvides()) {`
	`153`	`+ writeXMLDependency(subDependency, generator);`
	`154`	`+ }`
	`155`	`+ }`
	`156`	`+`
`144`	`157`	`if (CollectionUtils.isNotEmpty(dependency.getDependencies())) {`
`145`	`158`	`generator.writeEndArray();`
`146`	`159`	`}`
Original file line number	Diff line number	Diff line change
`@@ -22,6 +22,12 @@`
`22`	`22`	`"type": "library",`
`23`	`23`	`"name": "library-c",`
`24`	`24`	`"version": "1.0.0"`
	`25`	`+ },`
	`26`	`+ {`
	`27`	`+ "bom-ref": "library-d",`
	`28`	`+ "type": "library",`
	`29`	`+ "name": "library-d",`
	`30`	`+ "version": "1.0.0"`
`25`	`31`	`}`
`26`	`32`	`],`
`27`	`33`	`"dependencies": [`
`@@ -34,6 +40,12 @@`
`34`	`40`	`"dependsOn": [`
`35`	`41`	`"library-c"`
`36`	`42`	`]`
	`43`	`+ },`
	`44`	`+ {`
	`45`	`+ "ref": "library-c",`
	`46`	`+ "provides": [`
	`47`	`+ "library-d"`
	`48`	`+ ]`
`37`	`49`	`}`
`38`	`50`	`]`
`39`	`51`	`}`
Original file line number	Diff line number	Diff line change
`@@ -22,6 +22,12 @@ components {`
`22`	`22`	`name: "library-c"`
`23`	`23`	`version: "1.0.0"`
`24`	`24`	`}`
	`25`	`+components {`
	`26`	`+ type: CLASSIFICATION_LIBRARY`
	`27`	`+ bom_ref: "library-d"`
	`28`	`+ name: "library-d"`
	`29`	`+ version: "1.0.0"`
	`30`	`+}`
`25`	`31`	`dependencies {`
`26`	`32`	`ref: "library-a"`
`27`	`33`	`}`
`@@ -31,3 +37,8 @@ dependencies {`
`31`	`37`	`ref: "library-c"`
`32`	`38`	`}`
`33`	`39`	`}`
	`40`	`+dependencies {`
	`41`	`+ ref: "library-c"`
	`42`	`+ provides: ["library-d"]`
	`43`	`+ }`
	`44`	`+}`