Merge pull request #428 from CycloneDX/Improve_backwards_compatibility

Serializer for Properties and Hashes for backwards compatibility

Author: nscuro

src/main/java/org/cyclonedx/generators/AbstractBomGenerator.java

@@ -5,8 +5,10 @@
 import org.cyclonedx.CycloneDxSchema;
 import org.cyclonedx.Version;
 import org.cyclonedx.model.Bom;
+import org.cyclonedx.util.serializer.CustomSerializerModifier;
 import org.cyclonedx.util.serializer.EvidenceSerializer;
 import org.cyclonedx.util.serializer.ExternalReferenceSerializer;
+import org.cyclonedx.util.serializer.HashSerializer;
 import org.cyclonedx.util.serializer.InputTypeSerializer;
 import org.cyclonedx.util.serializer.LicenseChoiceSerializer;
 import org.cyclonedx.util.serializer.LifecycleSerializer;
@@ -68,5 +70,13 @@ protected void setupObjectMapper(boolean isXml) {
     SimpleModule externalSerializer = new SimpleModule();
     externalSerializer.addSerializer(new ExternalReferenceSerializer(getSchemaVersion()));
     mapper.registerModule(externalSerializer);
+
+    SimpleModule hash1Module = new SimpleModule();
+    hash1Module.addSerializer(new HashSerializer(version));
+    mapper.registerModule(hash1Module);
+
+    SimpleModule propertiesModule = new SimpleModule();
+    propertiesModule.setSerializerModifier(new CustomSerializerModifier(isXml, version));
+    mapper.registerModule(propertiesModule);
   }
 }

src/main/java/org/cyclonedx/model/Component.java

@@ -183,6 +183,7 @@ public String getScopeName() {
 
     @VersionFilter(Version.VERSION_11)
     private List<ExternalReference> externalReferences;
+
     @VersionFilter(Version.VERSION_13)
     private List<Property> properties;
 

src/main/java/org/cyclonedx/model/formulation/common/InputType.java

@@ -1,7 +1,6 @@
 package org.cyclonedx.model.formulation.common;
 
 import java.util.List;
-import java.util.Objects;
 
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonInclude;

src/main/java/org/cyclonedx/util/deserializer/OrganizationalChoiceDeserializer.java

@@ -23,10 +23,8 @@
 import com.fasterxml.jackson.core.JsonParser;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.JsonDeserializer;
-import com.fasterxml.jackson.databind.node.ArrayNode;
 import com.fasterxml.jackson.databind.DeserializationContext;
 import com.fasterxml.jackson.databind.JsonNode;
-import com.fasterxml.jackson.databind.node.ObjectNode;
 import org.cyclonedx.model.OrganizationalChoice;
 import org.cyclonedx.model.OrganizationalContact;
 import org.cyclonedx.model.OrganizationalEntity;

src/main/java/org/cyclonedx/util/deserializer/TagsDeserializer.java

@@ -8,7 +8,6 @@
 import com.fasterxml.jackson.databind.DeserializationContext;
 import com.fasterxml.jackson.databind.JsonDeserializer;
 import com.fasterxml.jackson.databind.JsonNode;
-import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.databind.node.ArrayNode;
 import org.cyclonedx.model.component.Tags;
 

src/main/java/org/cyclonedx/util/serializer/CustomSerializerModifier.java

@@ -0,0 +1,69 @@
+package org.cyclonedx.util.serializer;
+
+import com.fasterxml.jackson.databind.BeanDescription;
+import com.fasterxml.jackson.databind.JsonSerializer;
+import com.fasterxml.jackson.databind.SerializationConfig;
+import com.fasterxml.jackson.databind.ser.BeanPropertyWriter;
+import com.fasterxml.jackson.databind.ser.BeanSerializerModifier;
+import org.cyclonedx.Version;
+import org.cyclonedx.model.Bom;
+
+import java.util.Iterator;
+import java.util.List;
+
+public class CustomSerializerModifier
+    extends BeanSerializerModifier
+{
+  private final Version version;
+
+  private final boolean isXml;
+
+  public CustomSerializerModifier(boolean isXml, Version version) {
+    this.version = version;
+    this.isXml = isXml;
+  }
+
+  @Override
+  public List<BeanPropertyWriter> changeProperties(
+      SerializationConfig config,
+      BeanDescription beanDesc,
+      List<BeanPropertyWriter> beanProperties)
+  {
+    //Properties were introduced in 1.3 for XML and 1.5 for JSON
+    //Meaning that we should only serialize properties if the version is 1.3 or higher for XML
+    //and 1.5 or higher for JSON
+    //This is to ensure backwards compatibility with older versions of the schema
+    if (Bom.class.isAssignableFrom(beanDesc.getBeanClass())) {
+      Iterator<BeanPropertyWriter> iterator = beanProperties.iterator();
+      while (iterator.hasNext()) {
+        BeanPropertyWriter writer = iterator.next();
+        if (isValidAttribute(writer)) {
+          if (shouldSerializeProperties(version)) {
+            JsonSerializer<?> serializer = new PropertiesSerializer(isXml);
+            writer.assignSerializer((JsonSerializer<Object>) serializer);
+          }
+          else {
+            // Remove the properties field from the list of properties
+            iterator.remove();
+          }
+        }
+      }
+    }
+    return beanProperties;
+  }
+
+  private boolean shouldSerializeProperties(Version version) {
+    // Check the version and decide if properties should be serialized
+    return (isXml && version.getVersion() >= Version.VERSION_13.getVersion())
+        || (!isXml && version.getVersion() >= Version.VERSION_15.getVersion());
+  }
+
+  private boolean isValidAttribute(BeanPropertyWriter writer) {
+    if (isXml) {
+      return "properties".equals(writer.getWrapperName().getSimpleName());
+    }
+    else {
+      return "properties".equals(writer.getName());
+    }
+  }
+}

src/main/java/org/cyclonedx/util/serializer/HashSerializer.java

@@ -0,0 +1,82 @@
+package org.cyclonedx.util.serializer;
+
+import java.io.IOException;
+
+import com.fasterxml.jackson.core.JsonGenerator;
+import com.fasterxml.jackson.databind.SerializerProvider;
+import com.fasterxml.jackson.databind.ser.std.StdSerializer;
+import com.fasterxml.jackson.dataformat.xml.ser.ToXmlGenerator;
+import org.cyclonedx.Version;
+import org.cyclonedx.model.Hash;
+import org.cyclonedx.model.Hash.Algorithm;
+import org.cyclonedx.model.VersionFilter;
+
+public class HashSerializer
+    extends StdSerializer<Hash>
+{
+  private final Version version;
+
+  public HashSerializer(final Version version) {
+    this(Hash.class, version);
+  }
+
+  public HashSerializer(final Class<Hash> t, final Version version) {
+    super(t);
+    this.version = version;
+  }
+
+  @Override
+  public void serialize(
+      final Hash hash, final JsonGenerator gen, final SerializerProvider provider) throws IOException
+  {
+    if (!shouldSerializeField(hash.getAlgorithm())) {
+      return;
+    }
+
+    if (gen instanceof ToXmlGenerator) {
+      serializeXml((ToXmlGenerator) gen, hash);
+    }
+    else {
+      serializeJson(gen, hash);
+    }
+  }
+
+  private void serializeXml(final ToXmlGenerator toXmlGenerator, final Hash hash) throws IOException {
+    toXmlGenerator.writeStartObject();
+
+    toXmlGenerator.setNextIsAttribute(true);
+    toXmlGenerator.writeFieldName("alg");
+    toXmlGenerator.writeString(hash.getAlgorithm());
+    toXmlGenerator.setNextIsAttribute(false);
+
+    toXmlGenerator.setNextIsUnwrapped(true);
+    toXmlGenerator.writeStringField("", hash.getValue());
+
+    toXmlGenerator.writeEndObject();
+  }
+
+  private void serializeJson(final JsonGenerator gen, final Hash hash)
+      throws IOException
+  {
+    gen.writeStartObject();
+    gen.writeStringField("alg", hash.getAlgorithm());
+    gen.writeStringField("content", hash.getValue());
+    gen.writeEndObject();
+  }
+
+  @Override
+  public Class<Hash> handledType() {
+    return Hash.class;
+  }
+
+  private boolean shouldSerializeField(String value) {
+    try {
+      Algorithm algorithm = Algorithm.fromSpec(value);
+      VersionFilter filter = algorithm.getClass().getField(algorithm.name()).getAnnotation(VersionFilter.class);
+      return filter == null || filter.value().getVersion() <= version.getVersion();
+    }
+    catch (NoSuchFieldException e) {
+      return false;
+    }
+  }
+}

src/main/java/org/cyclonedx/util/serializer/PropertiesSerializer.java

@@ -0,0 +1,66 @@
+package org.cyclonedx.util.serializer;
+
+import com.fasterxml.jackson.core.JsonGenerator;
+import com.fasterxml.jackson.databind.JsonSerializer;
+import com.fasterxml.jackson.databind.SerializerProvider;
+import com.fasterxml.jackson.dataformat.xml.ser.ToXmlGenerator;
+import org.apache.commons.collections4.CollectionUtils;
+import org.cyclonedx.model.Property;
+
+import java.io.IOException;
+import java.util.List;
+
+public class PropertiesSerializer
+    extends JsonSerializer<List<Property>>
+{
+  private boolean isXml;
+
+  public PropertiesSerializer(boolean isXml) {
+    this.isXml = isXml;
+  }
+
+  public PropertiesSerializer() {
+    // Default constructor
+  }
+
+  @Override
+  public void serialize(List<Property> properties, JsonGenerator jsonGenerator, SerializerProvider serializers)
+      throws IOException
+  {
+    if (CollectionUtils.isEmpty(properties)) {
+      return; // Do not serialize if the list is null or empty
+    }
+
+    if (isXml) {
+      ToXmlGenerator xmlGenerator = (ToXmlGenerator) jsonGenerator;
+      xmlGenerator.writeStartArray();
+      for (Property property : properties) {
+        xmlGenerator.writeStartObject("property");
+        xmlGenerator.setNextIsAttribute(true);
+        xmlGenerator.writeFieldName("name");
+        xmlGenerator.writeString(property.getName());
+        xmlGenerator.setNextIsAttribute(false);
+
+        xmlGenerator.setNextIsUnwrapped(true);
+        xmlGenerator.writeStringField("", property.getValue());
+        xmlGenerator.writeEndObject();
+      }
+      xmlGenerator.writeEndArray();
+    }
+    else {
+      jsonGenerator.writeStartArray();
+      for (Property property : properties) {
+        jsonGenerator.writeStartObject();
+        jsonGenerator.writeObjectField("name", property.getName());
+        jsonGenerator.writeObjectField("value", property.getValue());
+        jsonGenerator.writeEndObject();
+      }
+      jsonGenerator.writeEndArray();
+    }
+  }
+
+  @Override
+  public Class<List<Property>> handledType() {
+    return (Class<List<Property>>) (Class<?>) List.class;
+  }
+}