Merge pull request #750 from Shnatsel/test-only-schema

Use `jsonschema` only as a dev-dependency

cyclonedx-bom/Cargo.toml

@@ -5,6 +5,7 @@ description = "CycloneDX Software Bill of Materials Library"
 categories = ["encoding", "parser-implementations"]
 keywords = ["sbom", "bom", "components", "dependencies", "owasp"]
 readme = "README.md"
+exclude = ["tests/", "test-utils/"]
 
 authors.workspace = true
 edition.workspace = true
@@ -17,7 +18,6 @@ rust-version.workspace = true
 base64 = "0.21.2"
 fluent-uri = "0.1.4"
 indexmap = "2.2.2"
-jsonschema = "0.17.1"
 once_cell = "1.18.0"
 ordered-float = { version = "4.2.0", default-features = false }
 purl = { version = "0.1.3", default-features = false }
@@ -35,3 +35,4 @@ strum = { version = "0.26.2", features = ["derive"] }
 [dev-dependencies]
 insta = { version = "1.33.0", features = ["glob", "json"] }
 pretty_assertions = "1.4.0"
+test-utils = {path = "test-utils"}

cyclonedx-bom/src/lib.rs

@@ -126,7 +126,6 @@ pub mod errors;
 pub mod external_models;
 pub mod models;
 pub mod prelude;
-pub mod schema;
 pub mod validation;
 
 mod specs;

cyclonedx-bom/src/models/bom.rs

@@ -46,8 +46,6 @@ use super::vulnerability::Vulnerability;
 
 /// Represents the spec version of a BOM.
 #[derive(Debug, Serialize, Deserialize, PartialEq, Eq, Clone, Copy, PartialOrd, strum::Display)]
-#[repr(u16)]
-#[non_exhaustive]
 pub enum SpecVersion {
     #[strum(to_string = "1.3")]
     #[serde(rename = "1.3")]
@@ -155,11 +153,6 @@ impl Bom {
         reader: R,
         version: SpecVersion,
     ) -> Result<Self, crate::errors::JsonReadError> {
-        // While the SpecVersion enum is non-exhaustive in the public API
-        // (and it probably shouldn't be!), we can match exhaustively here
-        // which avoids issues which crop up when the API user has to match:
-        // https://github.com/CycloneDX/cyclonedx-rust-cargo/pull/722
-        // https://github.com/CycloneDX/cyclonedx-rust-cargo/pull/723
         match version {
             SpecVersion::V1_3 => Self::parse_from_json_v1_3(reader),
             SpecVersion::V1_4 => Self::parse_from_json_v1_4(reader),
@@ -173,8 +166,6 @@ impl Bom {
         writer: &mut W,
         version: SpecVersion,
     ) -> Result<(), crate::errors::JsonWriteError> {
-        // See `parse_from_json_with_version` for an explanation
-        // why we do this match here and why API users shouldn't do it
         match version {
             SpecVersion::V1_3 => self.output_as_json_v1_3(writer),
             SpecVersion::V1_4 => self.output_as_json_v1_4(writer),
@@ -187,8 +178,6 @@ impl Bom {
         reader: R,
         version: SpecVersion,
     ) -> Result<Self, crate::errors::XmlReadError> {
-        // See `parse_from_json_with_version` for an explanation
-        // why we do this match here and why API users shouldn't do it
         match version {
             SpecVersion::V1_3 => Self::parse_from_xml_v1_3(reader),
             SpecVersion::V1_4 => Self::parse_from_xml_v1_4(reader),
@@ -202,8 +191,6 @@ impl Bom {
         writer: &mut W,
         version: SpecVersion,
     ) -> Result<(), crate::errors::XmlWriteError> {
-        // See `parse_from_json_with_version` for an explanation
-        // why we do this match here and why API users shouldn't do it
         match version {
             SpecVersion::V1_3 => self.output_as_xml_v1_3(writer),
             SpecVersion::V1_4 => self.output_as_xml_v1_4(writer),

cyclonedx-bom/test-utils/Cargo.toml

@@ -0,0 +1,10 @@
+[package]
+name = "test-utils"
+version = "0.1.0"
+edition = "2021"
+publish = false
+
+[dependencies]
+jsonschema = { version = "0.17.1", default-features = false }
+cyclonedx-bom = { path = ".." }
+serde_json = "1.0.108"

cyclonedx-bom/src/schema.rs → cyclonedx-bom/test-utils/src/lib.rs

@@ -18,7 +18,7 @@
 
 use jsonschema::{error::ValidationErrorKind, paths::JSONPointer, JSONSchema};
 
-use crate::models::bom::SpecVersion;
+use cyclonedx_bom::models::bom::SpecVersion;
 
 #[derive(Debug)]
 pub struct ValidationError {
@@ -51,7 +51,7 @@ impl ValidationError {
 ///
 /// ```rust
 /// use cyclonedx_bom::prelude::*;
-/// use cyclonedx_bom::schema::validate_json_with_schema;
+/// use test_utils::validate_json_with_schema;
 ///
 /// let bom_json = r#"{
 ///   "bomFormat": "CycloneDX",
@@ -116,41 +116,42 @@ fn with_idn_email(_s: &str) -> bool {
 
 #[cfg(test)]
 mod test {
-    use crate::{models::bom::SpecVersion, schema::validate_json_with_schema};
+    use super::validate_json_with_schema;
+    use cyclonedx_bom::models::bom::SpecVersion;
 
     #[test]
     fn it_should_validate_version_13() {
         let input = r#"
-{
-  "bomFormat": "CycloneDX",
-  "specVersion": "1.3",
-  "version": 1,
-  "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",
-  "components": [
-    {
-      "type": "library",
-      "name": "acme-library-a",
-      "version": "1.0.0",
-      "components": [
-        {
-          "type": "library",
-          "name": "acme-library-b",
-          "version": "2.0.0"
-        }
-      ]
-    }
-  ],
-  "services": [
-    {
-      "name": "acme-service-a",
-      "services": [
-        {
-          "name": "acme-service-b"
-        }
-      ]
-    }
-  ]
-}"#;
+ {
+   "bomFormat": "CycloneDX",
+   "specVersion": "1.3",
+   "version": 1,
+   "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",
+   "components": [
+     {
+       "type": "library",
+       "name": "acme-library-a",
+       "version": "1.0.0",
+       "components": [
+         {
+           "type": "library",
+           "name": "acme-library-b",
+           "version": "2.0.0"
+         }
+       ]
+     }
+   ],
+   "services": [
+     {
+       "name": "acme-service-a",
+       "services": [
+         {
+           "name": "acme-service-b"
+         }
+       ]
+     }
+   ]
+ }"#;
         let json = serde_json::from_str(input).expect("Failed to parse JSON");
         assert!(validate_json_with_schema(&json, SpecVersion::V1_3).is_ok());
     }

cyclonedx-bom/tests/specification_tests_v1_3.rs

@@ -1,7 +1,7 @@
 mod v1_3 {
     use cyclonedx_bom::models::bom::{Bom, SpecVersion};
-    use cyclonedx_bom::schema::validate_json_with_schema;
     use cyclonedx_bom::validation::Validate;
+    use test_utils::validate_json_with_schema;
 
     #[test]
     fn it_should_parse_all_of_the_valid_xml_specifications() {

cyclonedx-bom/tests/specification_tests_v1_4.rs

@@ -1,7 +1,7 @@
 mod v1_4 {
     use cyclonedx_bom::models::bom::{Bom, SpecVersion};
-    use cyclonedx_bom::schema::validate_json_with_schema;
     use cyclonedx_bom::validation::Validate;
+    use test_utils::validate_json_with_schema;
 
     #[test]
     fn it_should_parse_all_of_the_valid_xml_specifications() {

cyclonedx-bom/tests/specification_tests_v1_5.rs

@@ -1,7 +1,7 @@
 mod v1_5 {
     use cyclonedx_bom::models::bom::{Bom, SpecVersion};
-    use cyclonedx_bom::schema::validate_json_with_schema;
     use cyclonedx_bom::validation::Validate;
+    use test_utils::validate_json_with_schema;
 
     #[test]
     fn it_should_parse_all_of_the_valid_xml_specifications() {