per proto3 schema definition, enum values of 0 are, per definition, used as "unspecified" or "fallback" values.
see https://protobuf.dev/programming-guides/enum/
enum Enum {
A = 0;
B = 1;
}
message Msg {
optional Enum enum = 1;
}
Closed enums will parse the value 2 and store it in the message’s unknown field set. Accessors will report the field as being unset and will return the enum’s default value.
Therefore, enum value of 0 MUST be revisited.
The CDX v1.x protobuf schema has default values for enums, where XML/JSON does not.
And this is for the fact, that protobuf schema uses value 0, where it should not.
When these enum values would be changed, this would be a breaking change.
This is a followup of #385
examples for wrong usage of 0 in enums:
EvidenceTechnique defaults to EVIDENCE_TECHNIQUE_SOURCE_CODE_ANALYSIS
|
enum EvidenceTechnique { |
|
EVIDENCE_TECHNIQUE_SOURCE_CODE_ANALYSIS = 0; |
|
EVIDENCE_TECHNIQUE_BINARY_ANALYSIS = 1; |
|
EVIDENCE_TECHNIQUE_MANIFEST_ANALYSIS = 2; |
|
EVIDENCE_TECHNIQUE_AST_FINGERPRINT = 3; |
|
EVIDENCE_TECHNIQUE_HASH_COMPARISON = 4; |
|
EVIDENCE_TECHNIQUE_INSTRUMENTATION = 5; |
|
EVIDENCE_TECHNIQUE_DYNAMIC_ANALYSIS = 6; |
|
EVIDENCE_TECHNIQUE_FILENAME = 7; |
|
EVIDENCE_TECHNIQUE_ATTESTATION = 8; |
|
EVIDENCE_TECHNIQUE_OTHER = 9; |
|
} |
ModelParameterApproachType defaults to MODEL_PARAMETER_APPROACH_TYPE_SUPERVISED
|
enum ModelParameterApproachType { |
|
MODEL_PARAMETER_APPROACH_TYPE_SUPERVISED = 0; |
|
MODEL_PARAMETER_APPROACH_TYPE_UNSUPERVISED = 1; |
|
MODEL_PARAMETER_APPROACH_TYPE_REINFORCED_LEARNING = 2; |
|
MODEL_PARAMETER_APPROACH_TYPE_SEMI_SUPERVISED = 3; |
|
MODEL_PARAMETER_APPROACH_TYPE_SELF_SUPERVISED = 4; |
|
} |
ComponentDataType defaults to COMPONENT_DATA_TYPE_SOURCE_CODE
|
enum ComponentDataType { |
|
// Any type of code, code snippet, or data-as-code |
|
COMPONENT_DATA_TYPE_SOURCE_CODE = 0; |
|
// Parameters or settings that may be used by other components. |
|
COMPONENT_DATA_TYPE_CONFIGURATION = 1; |
|
// A collection of data. |
|
COMPONENT_DATA_TYPE_DATASET = 2; |
|
// Data that can be used to create new instances of what the definition defines. |
|
COMPONENT_DATA_TYPE_DEFINITION = 3; |
|
// Any other type of data that does not fit into existing definitions. |
|
COMPONENT_DATA_TYPE_OTHER = 4; |
|
} |
per proto3 schema definition, enum values of
0are, per definition, used as "unspecified" or "fallback" values.see https://protobuf.dev/programming-guides/enum/
Therefore, enum value of
0MUST be revisited.The CDX v1.x protobuf schema has default values for enums, where XML/JSON does not.
And this is for the fact, that protobuf schema uses value
0, where it should not.When these enum values would be changed, this would be a breaking change.
This is a followup of #385
examples for wrong usage of
0in enums:EvidenceTechniquedefaults toEVIDENCE_TECHNIQUE_SOURCE_CODE_ANALYSISspecification/schema/bom-1.5.proto
Lines 720 to 731 in 8af880d
ModelParameterApproachTypedefaults toMODEL_PARAMETER_APPROACH_TYPE_SUPERVISEDspecification/schema/bom-1.5.proto
Lines 1096 to 1102 in 8af880d
ComponentDataTypedefaults toCOMPONENT_DATA_TYPE_SOURCE_CODEspecification/schema/bom-1.5.proto
Lines 1150 to 1161 in 8af880d