Merge branch 'main' into feat/BomRef-affects-comparissons-equality

CycloneDX · Jan 20, 2025 · 008a797 · 008a797
2 parents 4778a11 + 6003feb
commit 008a797
Show file tree

Hide file tree

Showing 17 changed files with 220 additions and 183 deletions.
diff --git a/cyclonedx/model/__init__.py b/cyclonedx/model/__init__.py
@@ -64,7 +64,7 @@ class DataFlow(str, Enum):
     This is our internal representation of the dataFlowType simple type within the CycloneDX standard.
 
     .. note::
-        See the CycloneDX Schema: https://cyclonedx.org/docs/1.4/xml/#type_dataFlowType
+        See the CycloneDX Schema: https://cyclonedx.org/docs/1.6/xml/#type_dataFlowType
     """
     INBOUND = 'inbound'
     OUTBOUND = 'outbound'
@@ -82,7 +82,7 @@ class DataClassification:
 
     .. note::
         See the CycloneDX Schema for dataClassificationType:
-        https://cyclonedx.org/docs/1.4/xml/#type_dataClassificationType
+        https://cyclonedx.org/docs/1.6/xml/#type_dataClassificationType
     """
 
     def __init__(
@@ -160,7 +160,7 @@ class Encoding(str, Enum):
     This is our internal representation of the encoding simple type within the CycloneDX standard.
 
     .. note::
-        See the CycloneDX Schema: https://cyclonedx.org/docs/1.4/#type_encoding
+        See the CycloneDX Schema: https://cyclonedx.org/docs/1.6/#type_encoding
     """
     BASE_64 = 'base64'
 
@@ -171,7 +171,7 @@ class AttachedText:
     This is our internal representation of the `attachedTextType` complex type within the CycloneDX standard.
 
     .. note::
-        See the CycloneDX Schema for hashType: https://cyclonedx.org/docs/1.3/#type_attachedTextType
+        See the CycloneDX Schema for hashType: https://cyclonedx.org/docs/1.6/#type_attachedTextType
     """
 
     DEFAULT_CONTENT_TYPE = 'text/plain'
@@ -263,7 +263,7 @@ class HashAlgorithm(str, Enum):
     This is our internal representation of the hashAlg simple type within the CycloneDX standard.
 
     .. note::
-        See the CycloneDX Schema: https://cyclonedx.org/docs/1.3/#type_hashAlg
+        See the CycloneDX Schema: https://cyclonedx.org/docs/1.6/#type_hashAlg
     """
     # see `_HashTypeRepositorySerializationHelper.__CASES` for view/case map
     BLAKE2B_256 = 'BLAKE2b-256'  # Only supported in >= 1.2
@@ -386,7 +386,7 @@ class HashType:
     This is our internal representation of the hashType complex type within the CycloneDX standard.
 
     .. note::
-        See the CycloneDX Schema for hashType: https://cyclonedx.org/docs/1.3/#type_hashType
+        See the CycloneDX Schema for hashType: https://cyclonedx.org/docs/1.6/#type_hashType
     """
 
     @staticmethod
@@ -542,7 +542,7 @@ class ExternalReferenceType(str, Enum):
     Enum object that defines the permissible 'types' for an External Reference according to the CycloneDX schema.
 
     .. note::
-        See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.3/#type_externalReferenceType
+        See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.6/#type_externalReferenceType
     """
     # see `_ExternalReferenceSerializationHelper.__CASES` for view/case map
     ADVERSARY_MODEL = 'adversary-model'  # Only supported in >= 1.5
@@ -810,7 +810,7 @@ class ExternalReference:
     a CycloneDX BOM document.
 
     .. note::
-        See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.3/#type_externalReference
+        See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.6/#type_externalReference
     """
 
     def __init__(
@@ -923,7 +923,7 @@ class Property:
     a CycloneDX BOM document.
 
     .. note::
-        See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.4/xml/#type_propertyType
+        See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.6/xml/#type_propertyType
 
     Specifies an individual property with a name and value.
     """
@@ -997,7 +997,7 @@ class NoteText:
     a CycloneDX BOM document.
 
     .. note::
-        See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.4/xml/#type_releaseNotesType
+        See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.6/xml/#type_releaseNotesType
     """
 
     DEFAULT_CONTENT_TYPE: str = 'text/plain'
@@ -1088,7 +1088,7 @@ class Note:
     a CycloneDX BOM document.
 
     .. note::
-        See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.4/xml/#type_releaseNotesType
+        See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.6/xml/#type_releaseNotesType
 
     @todo: Replace ``NoteText`` with ``AttachedText``?
     """
@@ -1171,7 +1171,7 @@ class IdentifiableAction:
     This is our internal representation of the `identifiableActionType` complex type.
 
     .. note::
-        See the CycloneDX specification: https://cyclonedx.org/docs/1.4/xml/#type_identifiableActionType
+        See the CycloneDX specification: https://cyclonedx.org/docs/1.6/xml/#type_identifiableActionType
     """
 
     def __init__(
@@ -1261,7 +1261,7 @@ class Copyright:
     This is our internal representation of the `copyrightsType` complex type.
 
     .. note::
-        See the CycloneDX specification: https://cyclonedx.org/docs/1.4/xml/#type_copyrightsType
+        See the CycloneDX specification: https://cyclonedx.org/docs/1.6/xml/#type_copyrightsType
     """
 
     def __init__(

diff --git a/cyclonedx/model/bom.py b/cyclonedx/model/bom.py
@@ -36,14 +36,14 @@
     SchemaVersion1Dot5,
     SchemaVersion1Dot6,
 )
-from ..serialization import LicenseRepositoryHelper, UrnUuidHelper
+from ..serialization import UrnUuidHelper
 from . import _BOM_LINK_PREFIX, ExternalReference, Property
 from .bom_ref import BomRef
 from .component import Component
 from .contact import OrganizationalContact, OrganizationalEntity
 from .definition import Definitions
 from .dependency import Dependable, Dependency
-from .license import License, LicenseExpression, LicenseRepository
+from .license import License, LicenseExpression, LicenseRepository, _LicenseRepositorySerializationHelper
 from .lifecycle import Lifecycle, LifecycleRepository, _LifecycleRepositoryHelper
 from .service import Service
 from .tool import Tool, ToolRepository, _ToolRepositoryHelper
@@ -59,7 +59,7 @@ class BomMetaData:
     This is our internal representation of the metadata complex type within the CycloneDX standard.
 
     .. note::
-        See the CycloneDX Schema for Bom metadata: https://cyclonedx.org/docs/1.5/#type_metadata
+        See the CycloneDX Schema for Bom metadata: https://cyclonedx.org/docs/1.6/#type_metadata
     """
 
     def __init__(
@@ -254,7 +254,7 @@ def supplier(self, supplier: Optional[OrganizationalEntity]) -> None:
     @serializable.view(SchemaVersion1Dot4)
     @serializable.view(SchemaVersion1Dot5)
     @serializable.view(SchemaVersion1Dot6)
-    @serializable.type_mapping(LicenseRepositoryHelper)
+    @serializable.type_mapping(_LicenseRepositorySerializationHelper)
     @serializable.xml_sequence(9)
     def licenses(self) -> LicenseRepository:
         """
@@ -394,7 +394,7 @@ def metadata(self) -> BomMetaData:
             Metadata object instance for this Bom.
 
         .. note::
-            See the CycloneDX Schema for Bom metadata: https://cyclonedx.org/docs/1.3/#type_metadata
+            See the CycloneDX Schema for Bom metadata: https://cyclonedx.org/docs/1.6/#type_metadata
         """
         return self._metadata
 

diff --git a/cyclonedx/model/bom_ref.py b/cyclonedx/model/bom_ref.py
@@ -16,10 +16,20 @@
 # Copyright (c) OWASP Foundation. All Rights Reserved.
 
 
-from typing import Any, Optional
+from typing import TYPE_CHECKING, Any, Optional
 
+import serializable
 
-class BomRef:
+from ..exception.serialization import CycloneDxDeserializationException, SerializationOfUnexpectedValueException
+
+if TYPE_CHECKING:  # pragma: no cover
+    from typing import Type, TypeVar
+
+    _T_BR = TypeVar('_T_BR', bound='BomRef')
+
+
+@serializable.serializable_class
+class BomRef(serializable.helpers.BaseHelper):
     """
     An identifier that can be used to reference objects elsewhere in the BOM.
 
@@ -33,6 +43,8 @@ def __init__(self, value: Optional[str] = None) -> None:
         self.value = value
 
     @property
+    @serializable.json_name('.')
+    @serializable.xml_name('.')
     def value(self) -> Optional[str]:
         return self._value
 
@@ -67,3 +79,23 @@ def __str__(self) -> str:
 
     def __bool__(self) -> bool:
         return self._value is not None
+
+    # region impl BaseHelper
+
+    @classmethod
+    def serialize(cls, o: Any) -> Optional[str]:
+        if isinstance(o, cls):
+            return o.value
+        raise SerializationOfUnexpectedValueException(
+            f'Attempt to serialize a non-BomRef: {o!r}')
+
+    @classmethod
+    def deserialize(cls: 'Type[_T_BR]', o: Any) -> '_T_BR':
+        try:
+            return cls(value=str(o))
+        except ValueError as err:
+            raise CycloneDxDeserializationException(
+                f'BomRef string supplied does not parse: {o!r}'
+            ) from err
+
+    # endregion impl BaseHelper
diff --git a/cyclonedx/model/component.py b/cyclonedx/model/component.py
@@ -44,7 +44,7 @@
     SchemaVersion1Dot5,
     SchemaVersion1Dot6,
 )
-from ..serialization import BomRefHelper, LicenseRepositoryHelper, PackageUrl as PackageUrlSH
+from ..serialization import PackageUrl as PackageUrlSH
 from . import (
     AttachedText,
     Copyright,
@@ -61,7 +61,7 @@
 from .crypto import CryptoProperties
 from .dependency import Dependable
 from .issue import IssueType
-from .license import License, LicenseRepository
+from .license import License, LicenseRepository, _LicenseRepositorySerializationHelper
 from .release_note import ReleaseNotes
 
 
@@ -71,7 +71,7 @@ class Commit:
     Our internal representation of the `commitType` complex type.
 
     .. note::
-        See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.4/xml/#type_commitType
+        See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.6/xml/#type_commitType
     """
 
     def __init__(
@@ -200,7 +200,7 @@ class ComponentEvidence:
     Provides the ability to document evidence collected through various forms of extraction or analysis.
 
     .. note::
-        See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.4/xml/#type_componentEvidenceType
+        See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.6/xml/#type_componentEvidenceType
     """
 
     def __init__(
@@ -250,7 +250,7 @@ def __init__(
     #    ... # TODO since CDX1.5
 
     @property
-    @serializable.type_mapping(LicenseRepositoryHelper)
+    @serializable.type_mapping(_LicenseRepositorySerializationHelper)
     @serializable.xml_sequence(4)
     def licenses(self) -> LicenseRepository:
         """
@@ -299,7 +299,7 @@ class ComponentScope(str, Enum):
     Enum object that defines the permissable 'scopes' for a Component according to the CycloneDX schema.
 
     .. note::
-        See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.3/#type_scope
+        See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.6/#type_scope
     """
     # see `_ComponentScopeSerializationHelper.__CASES` for view/case map
     REQUIRED = 'required'
@@ -355,7 +355,7 @@ class ComponentType(str, Enum):
     Enum object that defines the permissible 'types' for a Component according to the CycloneDX schema.
 
     .. note::
-        See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.3/#type_classification
+        See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.6/#type_classification
     """
     # see `_ComponentTypeSerializationHelper.__CASES` for view/case map
     APPLICATION = 'application'
@@ -434,7 +434,7 @@ class Diff:
     Our internal representation of the `diffType` complex type.
 
     .. note::
-        See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.4/xml/#type_diffType
+        See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.6/xml/#type_diffType
     """
 
     def __init__(
@@ -505,7 +505,7 @@ class PatchClassification(str, Enum):
     Enum object that defines the permissible `patchClassification`s.
 
     .. note::
-        See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.4/xml/#type_patchClassification
+        See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.6/xml/#type_patchClassification
     """
     BACKPORT = 'backport'
     CHERRY_PICK = 'cherry-pick'
@@ -519,7 +519,7 @@ class Patch:
     Our internal representation of the `patchType` complex type.
 
     .. note::
-        See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.4/xml/#type_patchType
+        See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.6/xml/#type_patchType
     """
 
     def __init__(
@@ -612,7 +612,7 @@ class Pedigree:
     may not be known.
 
     .. note::
-        See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.4/xml/#type_pedigreeType
+        See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.6/xml/#type_pedigreeType
     """
 
     def __init__(
@@ -769,7 +769,7 @@ class Swid:
     Our internal representation of the `swidType` complex type.
 
     .. note::
-        See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.4/xml/#type_swidType
+        See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.6/xml/#type_swidType
     """
 
     def __init__(
@@ -1029,7 +1029,7 @@ class Component(Dependable):
     This is our internal representation of a Component within a Bom.
 
     .. note::
-        See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.3/#type_component
+        See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.6/#type_component
     """
 
     @staticmethod
@@ -1171,7 +1171,7 @@ def mime_type(self, mime_type: Optional[str]) -> None:
 
     @property
     @serializable.json_name('bom-ref')
-    @serializable.type_mapping(BomRefHelper)
+    @serializable.type_mapping(BomRef)
     @serializable.view(SchemaVersion1Dot1)
     @serializable.view(SchemaVersion1Dot2)
     @serializable.view(SchemaVersion1Dot3)
@@ -1407,7 +1407,7 @@ def hashes(self, hashes: Iterable[HashType]) -> None:
     @serializable.view(SchemaVersion1Dot4)
     @serializable.view(SchemaVersion1Dot5)
     @serializable.view(SchemaVersion1Dot6)
-    @serializable.type_mapping(LicenseRepositoryHelper)
+    @serializable.type_mapping(_LicenseRepositorySerializationHelper)
     @serializable.xml_sequence(12)
     def licenses(self) -> LicenseRepository:
         """
@@ -1789,4 +1789,4 @@ def __hash__(self) -> int:
 
     def __repr__(self) -> str:
         return f'<Component bom-ref={self.bom_ref!r}, group={self.group}, name={self.name}, ' \
-               f'version={self.version}, type={self.type}>'
+            f'version={self.version}, type={self.type}>'
diff --git a/cyclonedx/model/contact.py b/cyclonedx/model/contact.py
@@ -25,7 +25,6 @@
 from .._internal.compare import ComparableTuple as _ComparableTuple
 from ..exception.model import NoPropertiesProvidedException
 from ..schema.schema import SchemaVersion1Dot6
-from ..serialization import BomRefHelper
 from . import XsUri
 from .bom_ref import BomRef
 
@@ -60,7 +59,7 @@ def __init__(
 
     @property
     @serializable.json_name('bom-ref')
-    @serializable.type_mapping(BomRefHelper)
+    @serializable.type_mapping(BomRef)
     @serializable.xml_attribute()
     @serializable.xml_name('bom-ref')
     def bom_ref(self) -> Optional[BomRef]:
@@ -194,7 +193,7 @@ class OrganizationalContact:
     within a CycloneDX BOM document.
 
     .. note::
-        See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.4/xml/#type_organizationalContact
+        See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.6/xml/#type_organizationalContact
     """
 
     def __init__(
@@ -287,7 +286,7 @@ class OrganizationalEntity:
     within a CycloneDX BOM document.
 
     .. note::
-        See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.4/xml/#type_organizationalEntity
+        See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.6/xml/#type_organizationalEntity
     """
 
     def __init__(