From bca5f759aa022070feafd7675aa5b724c55aee7c Mon Sep 17 00:00:00 2001
From: Jens Reimann <ctron@dentrassi.de>
Date: Mon, 9 Dec 2024 16:10:11 +0100
Subject: [PATCH] chore: extend loader detection for cyclonedx 1.6

---
 modules/ingestor/src/service/advisory/csaf/loader.rs |  9 +++++----
 modules/ingestor/src/service/format.rs               | 10 ++++++++--
 2 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/modules/ingestor/src/service/advisory/csaf/loader.rs b/modules/ingestor/src/service/advisory/csaf/loader.rs
index 37977d3c..047aa2ba 100644
--- a/modules/ingestor/src/service/advisory/csaf/loader.rs
+++ b/modules/ingestor/src/service/advisory/csaf/loader.rs
@@ -1,4 +1,3 @@
-use crate::service::advisory::csaf::util::gen_identifier;
 use crate::{
     graph::{
         advisory::{
@@ -8,7 +7,10 @@ use crate::{
         Graph,
     },
     model::IngestResult,
-    service::{advisory::csaf::StatusCreator, Error, Warnings},
+    service::{
+        advisory::csaf::{util::gen_identifier, StatusCreator},
+        Error, Warnings,
+    },
 };
 use csaf::{
     vulnerability::{ProductStatus, Vulnerability},
@@ -17,8 +19,7 @@ use csaf::{
 use sbom_walker::report::ReportSink;
 use sea_orm::{ConnectionTrait, TransactionTrait};
 use semver::Version;
-use std::fmt::Debug;
-use std::str::FromStr;
+use std::{fmt::Debug, str::FromStr};
 use time::OffsetDateTime;
 use tracing::instrument;
 use trustify_common::{hashing::Digests, id::Id};
diff --git a/modules/ingestor/src/service/format.rs b/modules/ingestor/src/service/format.rs
index 7ed60eeb..5602268a 100644
--- a/modules/ingestor/src/service/format.rs
+++ b/modules/ingestor/src/service/format.rs
@@ -191,9 +191,9 @@ impl<'g> Format {
 
     pub fn is_cyclonedx(bytes: &[u8]) -> Result<bool, Error> {
         match masked(depth(1).and(key("specVersion")), bytes) {
-            Ok(Some(x)) if matches!(x.as_str(), "1.3" | "1.4" | "1.5") => Ok(true),
+            Ok(Some(x)) if matches!(x.as_str(), "1.3" | "1.4" | "1.5" | "1.6") => Ok(true),
             Ok(Some(x)) => Err(Error::UnsupportedFormat(format!(
-                "CycloneDX version {x} is unsupported; try 1.3, 1.4, or 1.5"
+                "CycloneDX version {x} is unsupported; try 1.3, 1.4, 1.5, 1.6"
             ))),
             Err(_) | Ok(None) => Ok(false),
         }
@@ -293,6 +293,12 @@ mod test {
             Ok(Format::CycloneDX)
         ));
 
+        let cyclone = document_bytes("cyclonedx/simple_1dot6.json").await?;
+        assert!(matches!(
+            Format::from_bytes(&cyclone),
+            Ok(Format::CycloneDX)
+        ));
+
         let spdx = document_bytes("ubi9-9.2-755.1697625012.json").await?;
         assert!(matches!(Format::from_bytes(&spdx), Ok(Format::SPDX)));