feat: Add XML schema validation (Fixes #1507)

[anthonyharrison]

No description provided.

[BreadGenie]

Doesn't conventional commits follow type: commit message instead of [type] commit message?

[BreadGenie]

It might be better to use docstrings instead of comments according to PEP8.

[anthonyharrison]

@BreadGenie - Thanks I have fixed my conventional commits formatting error and I will; update comments to PEP8 convention later and resubmit pull request

[terriko]

This one was also affected by my bad CI update. Could you rebase to origin/main so I'm sure the tests are running correctly in CI?

[anthonyharrison]

@terriko Is this failure another NVD access issue ? I can't get it to fail on the copy on my local machine.

[terriko]

Looks like the defaults PR caused a conflict with this one. Sorry! But yes, I think the failure in longtests was due to NVD rate limit. If I could only make it through my PRs and get to the point of fixing stuff myself... I think I'll have have to prioritize the CI NVD Key enablement later this week.

[codecov-commenter]

Codecov Report

Merging #1544 (58c7497) into main (84715ba) will increase coverage by 1.90%.
The diff coverage is 81.73%.

@@            Coverage Diff             @@
##             main    #1544      +/-   ##
==========================================
+ Coverage   81.44%   83.35%   +1.90%     
==========================================
  Files         290      291       +1     
  Lines        5811     5859      +48     
  Branches      957      963       +6     
==========================================
+ Hits         4733     4884     +151     
+ Misses        856      754     -102     
+ Partials      222      221       -1     

Flag	Coverage Δ
longtests	83.35% <81.73%> (+1.90%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
cve_bin_tool/checkers/xml2.py	88.63% <ø> (+27.27%)	⬆️
cve_bin_tool/version_scanner.py	76.95% <60.00%> (+0.64%)	⬆️
cve_bin_tool/sbom_manager/spdx_parser.py	87.15% <66.66%> (-1.53%)	⬇️
cve_bin_tool/sbom_manager/cyclonedx_parser.py	84.78% <88.88%> (+3.38%)	⬆️
cve_bin_tool/cli.py	72.48% <100.00%> (+2.75%)	⬆️
cve_bin_tool/sbom_manager/__init__.py	94.91% <100.00%> (-3.34%)	⬇️
cve_bin_tool/sbom_manager/swid_parser.py	87.50% <100.00%> (+1.78%)	⬆️
cve_bin_tool/validator.py	100.00% <100.00%> (ø)
test/test_sbom.py	100.00% <100.00%> (ø)
cve_bin_tool/nvd_api.py	75.00% <0.00%> (-9.49%)	⬇️
... and 10 more

📣 Codecov can now indicate which changes are the most critical in Pull Requests. Learn more

[Molkree]

Failure on CVE scan is probably due to the extra newline in requirements.csv, @anthonyharrison

[terriko]

I think this is ready to go, but it's still failing more tests than main is (main is only failing quiet_mode). I've updated the branch to main and hopefully that should clean up the problem?

[terriko]

Pinging @anthonyharrison -- looks like we've got a version conflict that looks beyond what I should be resolving in the web interface.

[terriko]

Needs conflict in version_scanner resolved.

[terriko]

@anthonyharrison I've taken a stab at resolving the merge conflict (it was some type checking stuff) but it looks like I broke something. (edit: looks like the tests finally ran, but some things definitely broke. I'm going to re-run a few of them because it's unclear to me why documentation, for example, didn't pass.)

[terriko]

Looks like the tests are happy again. Thanks!