-
-
Notifications
You must be signed in to change notification settings - Fork 41
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* Added CPE to component Setting CPE was missing for component, now it is possible to set CPE and output CPE for a component. Signed-off-by: Jens Lucius <[email protected]> * Fixing problems with CPE addition - Fixed styling errors - Added reference to CPE Spec - Adding CPE parameter as last parameter to not break arguments Signed-off-by: Jens Lucius <[email protected]> * Again fixes for Style and CPE reference Missing in the last commit Signed-off-by: Jens Lucius <[email protected]> * Added CPE as argument before deprecated arguments Signed-off-by: Jens Lucius <[email protected]> * Added testing for CPE addition and error fixing - Added output tests for CPE in XML and JSON - Fixes style error in components - Fixes order for CPE output in XML (CPE has to come before PURL) Signed-off-by: Jens Lucius <[email protected]> * Fixed output tests CPE was still in the wrong position in one of the tests - fixed Signed-off-by: Jens Lucius <[email protected]> * Fixed minor test fixtures issues - cpe was still in wrong position in 1.2 JSON - Indentation fixed in 1.4 JSON Signed-off-by: Jens Lucius <[email protected]> * Fixed missing comma in JSON 1.2 test file Signed-off-by: Jens Lucius <[email protected]>
- Loading branch information
Showing
12 changed files
with
396 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
<?xml version="1.0" encoding="UTF-8"?> | ||
<bom xmlns="http://cyclonedx.org/schema/bom/1.0" version="1"> | ||
<components> | ||
<component type="library"> | ||
<name>setuptools</name> | ||
<version>50.3.2</version> | ||
<cpe>cpe:2.3:a:python:setuptools:50.3.2:*:*:*:*:*:*:*</cpe> | ||
<purl>pkg:pypi/[email protected]?extension=tar.gz</purl> | ||
<modified>false</modified> | ||
</component> | ||
</components> | ||
</bom> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
<?xml version="1.0" encoding="UTF-8"?> | ||
<bom xmlns="http://cyclonedx.org/schema/bom/1.1" version="1" | ||
serialNumber="urn:uuid:b409670b-e3e3-4691-b1ee-8eff057d74f5"> | ||
<components> | ||
<component type="library" bom-ref="pkg:pypi/[email protected]?extension=tar.gz"> | ||
<name>setuptools</name> | ||
<version>50.3.2</version> | ||
<cpe>cpe:2.3:a:python:setuptools:50.3.2:*:*:*:*:*:*:*</cpe> | ||
<purl>pkg:pypi/[email protected]?extension=tar.gz</purl> | ||
</component> | ||
</components> | ||
</bom> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
{ | ||
"$schema": "http://cyclonedx.org/schema/bom-1.2a.schema.json", | ||
"bomFormat": "CycloneDX", | ||
"specVersion": "1.2", | ||
"serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", | ||
"version": 1, | ||
"metadata": { | ||
"timestamp": "2021-09-01T10:50:42.051979+00:00", | ||
"tools": [ | ||
{ | ||
"vendor": "CycloneDX", | ||
"name": "cyclonedx-python-lib", | ||
"version": "VERSION" | ||
} | ||
] | ||
}, | ||
"components": [ | ||
{ | ||
"type": "library", | ||
"bom-ref": "pkg:pypi/[email protected]?extension=tar.gz", | ||
"author": "Test Author", | ||
"name": "setuptools", | ||
"version": "50.3.2", | ||
"cpe": "cpe:2.3:a:python:setuptools:50.3.2:*:*:*:*:*:*:*", | ||
"purl": "pkg:pypi/[email protected]?extension=tar.gz" | ||
} | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
<?xml version="1.0" encoding="UTF-8"?> | ||
<bom xmlns="http://cyclonedx.org/schema/bom/1.2" version="1"> | ||
<metadata> | ||
<timestamp>2021-09-01T10:50:42.051979+00:00</timestamp> | ||
<tools> | ||
<tool> | ||
<vendor>CycloneDX</vendor> | ||
<name>cyclonedx-python-lib</name> | ||
<version>VERSION</version> | ||
</tool> | ||
</tools> | ||
</metadata> | ||
<components> | ||
<component type="library" bom-ref="pkg:pypi/[email protected]?extension=tar.gz"> | ||
<name>setuptools</name> | ||
<version>50.3.2</version> | ||
<cpe>cpe:2.3:a:python:setuptools:50.3.2:*:*:*:*:*:*:*</cpe> | ||
<purl>pkg:pypi/[email protected]?extension=tar.gz</purl> | ||
</component> | ||
</components> | ||
</bom> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
{ | ||
"$schema": "http://cyclonedx.org/schema/bom-1.3.schema.json", | ||
"bomFormat": "CycloneDX", | ||
"specVersion": "1.3", | ||
"serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", | ||
"version": 1, | ||
"metadata": { | ||
"timestamp": "2021-09-01T10:50:42.051979+00:00", | ||
"tools": [ | ||
{ | ||
"vendor": "CycloneDX", | ||
"name": "cyclonedx-python-lib", | ||
"version": "VERSION" | ||
} | ||
] | ||
}, | ||
"components": [ | ||
{ | ||
"type": "library", | ||
"name": "setuptools", | ||
"version": "50.3.2", | ||
"cpe": "cpe:2.3:a:python:setuptools:50.3.2:*:*:*:*:*:*:*", | ||
"purl": "pkg:pypi/[email protected]?extension=tar.gz", | ||
"bom-ref": "pkg:pypi/[email protected]?extension=tar.gz", | ||
"licenses": [ | ||
{ | ||
"expression": "MIT License" | ||
} | ||
] | ||
} | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
<?xml version="1.0" encoding="UTF-8"?> | ||
<bom xmlns="http://cyclonedx.org/schema/bom/1.3" version="1"> | ||
<metadata> | ||
<timestamp>2021-09-01T10:50:42.051979+00:00</timestamp> | ||
<tools> | ||
<tool> | ||
<vendor>CycloneDX</vendor> | ||
<name>cyclonedx-python-lib</name> | ||
<version>VERSION</version> | ||
</tool> | ||
</tools> | ||
</metadata> | ||
<components> | ||
<component type="library" bom-ref="pkg:pypi/[email protected]?extension=tar.gz"> | ||
<name>setuptools</name> | ||
<version>50.3.2</version> | ||
<cpe>cpe:2.3:a:python:setuptools:50.3.2:*:*:*:*:*:*:*</cpe> | ||
<purl>pkg:pypi/[email protected]?extension=tar.gz</purl> | ||
</component> | ||
</components> | ||
</bom> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,61 @@ | ||
{ | ||
"$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", | ||
"bomFormat": "CycloneDX", | ||
"specVersion": "1.4", | ||
"serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", | ||
"version": 1, | ||
"metadata": { | ||
"timestamp": "2021-09-01T10:50:42.051979+00:00", | ||
"tools": [ | ||
{ | ||
"vendor": "CycloneDX", | ||
"name": "cyclonedx-python-lib", | ||
"version": "VERSION", | ||
"externalReferences": [ | ||
{ | ||
"type": "build-system", | ||
"url": "https://github.com/CycloneDX/cyclonedx-python-lib/actions" | ||
}, | ||
{ | ||
"type": "distribution", | ||
"url": "https://pypi.org/project/cyclonedx-python-lib/" | ||
}, | ||
{ | ||
"type": "documentation", | ||
"url": "https://cyclonedx.github.io/cyclonedx-python-lib/" | ||
}, | ||
{ | ||
"type": "issue-tracker", | ||
"url": "https://github.com/CycloneDX/cyclonedx-python-lib/issues" | ||
}, | ||
{ | ||
"type": "license", | ||
"url": "https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/LICENSE" | ||
}, | ||
{ | ||
"type": "release-notes", | ||
"url": "https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/CHANGELOG.md" | ||
}, | ||
{ | ||
"type": "vcs", | ||
"url": "https://github.com/CycloneDX/cyclonedx-python-lib" | ||
}, | ||
{ | ||
"type": "website", | ||
"url": "https://cyclonedx.org" | ||
} | ||
] | ||
} | ||
] | ||
}, | ||
"components": [ | ||
{ | ||
"type": "library", | ||
"name": "setuptools", | ||
"version": "50.3.2", | ||
"cpe": "cpe:2.3:a:python:setuptools:50.3.2:*:*:*:*:*:*:*", | ||
"purl": "pkg:pypi/[email protected]?extension=tar.gz", | ||
"bom-ref": "pkg:pypi/[email protected]?extension=tar.gz" | ||
} | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,47 @@ | ||
<?xml version="1.0" encoding="UTF-8"?> | ||
<bom xmlns="http://cyclonedx.org/schema/bom/1.4" version="1"> | ||
<metadata> | ||
<timestamp>2021-09-01T10:50:42.051979+00:00</timestamp> | ||
<tools> | ||
<tool> | ||
<vendor>CycloneDX</vendor> | ||
<name>cyclonedx-python-lib</name> | ||
<version>VERSION</version> | ||
<externalReferences> | ||
<reference type="build-system"> | ||
<url>https://github.com/CycloneDX/cyclonedx-python-lib/actions</url> | ||
</reference> | ||
<reference type="distribution"> | ||
<url>https://pypi.org/project/cyclonedx-python-lib/</url> | ||
</reference> | ||
<reference type="documentation"> | ||
<url>https://cyclonedx.github.io/cyclonedx-python-lib/</url> | ||
</reference> | ||
<reference type="issue-tracker"> | ||
<url>https://github.com/CycloneDX/cyclonedx-python-lib/issues</url> | ||
</reference> | ||
<reference type="license"> | ||
<url>https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/LICENSE</url> | ||
</reference> | ||
<reference type="release-notes"> | ||
<url>https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/CHANGELOG.md</url> | ||
</reference> | ||
<reference type="vcs"> | ||
<url>https://github.com/CycloneDX/cyclonedx-python-lib</url> | ||
</reference> | ||
<reference type="website"> | ||
<url>https://cyclonedx.org</url> | ||
</reference> | ||
</externalReferences> | ||
</tool> | ||
</tools> | ||
</metadata> | ||
<components> | ||
<component type="library" bom-ref="pkg:pypi/[email protected]?extension=tar.gz"> | ||
<name>setuptools</name> | ||
<version>50.3.2</version> | ||
<cpe>cpe:2.3:a:python:setuptools:50.3.2:*:*:*:*:*:*:*</cpe> | ||
<purl>pkg:pypi/[email protected]?extension=tar.gz</purl> | ||
</component> | ||
</components> | ||
</bom> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -90,6 +90,60 @@ def test_simple_bom_v1_2(self) -> None: | |
self.assertEqualJsonBom(expected_json.read(), outputter.output_as_string()) | ||
expected_json.close() | ||
|
||
def test_simple_bom_v1_4_with_cpe(self) -> None: | ||
bom = Bom() | ||
c = Component( | ||
name='setuptools', version='50.3.2', bom_ref='pkg:pypi/[email protected]?extension=tar.gz', | ||
cpe='cpe:2.3:a:python:setuptools:50.3.2:*:*:*:*:*:*:*', | ||
purl=PackageURL( | ||
type='pypi', name='setuptools', version='50.3.2', qualifiers='extension=tar.gz' | ||
) | ||
) | ||
bom.add_component(c) | ||
|
||
outputter = get_instance(bom=bom, output_format=OutputFormat.JSON, schema_version=SchemaVersion.V1_4) | ||
self.assertIsInstance(outputter, JsonV1Dot4) | ||
with open(join(dirname(__file__), 'fixtures/bom_v1.4_setuptools_with_cpe.json')) as expected_json: | ||
self.assertValidAgainstSchema(bom_json=outputter.output_as_string(), schema_version=SchemaVersion.V1_4) | ||
self.assertEqualJsonBom(expected_json.read(), outputter.output_as_string()) | ||
expected_json.close() | ||
|
||
def test_simple_bom_v1_3_with_cpe(self) -> None: | ||
bom = Bom() | ||
c = Component( | ||
name='setuptools', version='50.3.2', bom_ref='pkg:pypi/[email protected]?extension=tar.gz', | ||
cpe='cpe:2.3:a:python:setuptools:50.3.2:*:*:*:*:*:*:*', | ||
purl=PackageURL( | ||
type='pypi', name='setuptools', version='50.3.2', qualifiers='extension=tar.gz' | ||
), license_str='MIT License' | ||
) | ||
bom.add_component(c) | ||
|
||
outputter = get_instance(bom=bom, output_format=OutputFormat.JSON) | ||
self.assertIsInstance(outputter, JsonV1Dot3) | ||
with open(join(dirname(__file__), 'fixtures/bom_v1.3_setuptools_with_cpe.json')) as expected_json: | ||
self.assertValidAgainstSchema(bom_json=outputter.output_as_string(), schema_version=SchemaVersion.V1_3) | ||
self.assertEqualJsonBom(expected_json.read(), outputter.output_as_string()) | ||
expected_json.close() | ||
|
||
def test_simple_bom_v1_2_with_cpe(self) -> None: | ||
bom = Bom() | ||
bom.add_component( | ||
Component( | ||
name='setuptools', version='50.3.2', bom_ref='pkg:pypi/[email protected]?extension=tar.gz', | ||
cpe='cpe:2.3:a:python:setuptools:50.3.2:*:*:*:*:*:*:*', | ||
purl=PackageURL( | ||
type='pypi', name='setuptools', version='50.3.2', qualifiers='extension=tar.gz' | ||
), author='Test Author' | ||
) | ||
) | ||
outputter = get_instance(bom=bom, output_format=OutputFormat.JSON, schema_version=SchemaVersion.V1_2) | ||
self.assertIsInstance(outputter, JsonV1Dot2) | ||
with open(join(dirname(__file__), 'fixtures/bom_v1.2_setuptools_with_cpe.json')) as expected_json: | ||
self.assertValidAgainstSchema(bom_json=outputter.output_as_string(), schema_version=SchemaVersion.V1_2) | ||
self.assertEqualJsonBom(expected_json.read(), outputter.output_as_string()) | ||
expected_json.close() | ||
|
||
def test_bom_v1_3_with_component_hashes(self) -> None: | ||
bom = Bom() | ||
c = Component( | ||
|
Oops, something went wrong.