Skip to content

Commit

Permalink
feat: support for CycloneDX schema 1.4.2 - adds `vulnerability.prop…
Browse files Browse the repository at this point in the history
…erties` to the schema
  • Loading branch information
madpah authored Jul 21, 2022
2 parents d720a5f + db7445c commit 32e7929
Show file tree
Hide file tree
Showing 9 changed files with 1,678 additions and 1,433 deletions.
21 changes: 19 additions & 2 deletions cyclonedx/model/vulnerability.py
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@
from sortedcontainers import SortedSet

from ..exception.model import MutuallyExclusivePropertiesException, NoPropertiesProvidedException
from . import ComparableTuple, OrganizationalContact, OrganizationalEntity, Tool, XsUri
from . import ComparableTuple, OrganizationalContact, OrganizationalEntity, Property, Tool, XsUri
from .bom_ref import BomRef
from .impact_analysis import (
ImpactAnalysisAffectedStatus,
Expand Down Expand Up @@ -788,6 +788,7 @@ def __init__(self, *, bom_ref: Optional[str] = None, id: Optional[str] = None,
credits: Optional[VulnerabilityCredits] = None,
tools: Optional[Iterable[Tool]] = None, analysis: Optional[VulnerabilityAnalysis] = None,
affects_targets: Optional[Iterable[BomTarget]] = None,
properties: Optional[Iterable[Property]] = None,
# Deprecated Parameters kept for backwards compatibility
source_name: Optional[str] = None, source_url: Optional[str] = None,
recommendations: Optional[Iterable[str]] = None) -> None:
Expand All @@ -808,6 +809,7 @@ def __init__(self, *, bom_ref: Optional[str] = None, id: Optional[str] = None,
self.tools = tools or [] # type: ignore
self.analysis = analysis
self.affects = affects_targets or [] # type: ignore
self.properties = properties or [] # type: ignore

if source_name or source_url:
warnings.warn('`source_name` and `source_url` are deprecated - use `source`', DeprecationWarning)
Expand Down Expand Up @@ -1062,6 +1064,21 @@ def affects(self) -> "SortedSet[BomTarget]":
def affects(self, affects_targets: Iterable[BomTarget]) -> None:
self._affects = SortedSet(affects_targets)

@property
def properties(self) -> "SortedSet[Property]":
"""
Provides the ability to document properties in a key/value store. This provides flexibility to include data not
officially supported in the standard without having to use additional namespaces or create extensions.
Return:
Set of `Property`
"""
return self._properties

@properties.setter
def properties(self, properties: Iterable[Property]) -> None:
self._properties = SortedSet(properties)

def __eq__(self, other: object) -> bool:
if isinstance(other, Vulnerability):
return hash(other) == hash(self)
Expand All @@ -1079,7 +1096,7 @@ def __hash__(self) -> int:
return hash((
self.id, self.source, tuple(self.references), tuple(self.ratings), tuple(self.cwes), self.description,
self.detail, self.recommendation, tuple(self.advisories), self.created, self.published, self.updated,
self.credits, tuple(self.tools), self.analysis, tuple(self.affects)
self.credits, tuple(self.tools), self.analysis, tuple(self.affects), tuple(self.properties)
))

def __repr__(self) -> str:
Expand Down
4 changes: 4 additions & 0 deletions cyclonedx/output/xml.py
Original file line number Diff line number Diff line change
Expand Up @@ -688,6 +688,10 @@ def _get_vulnerability_as_xml_element_post_1_4(self, vulnerability: Vulnerabilit
for version in target.versions:
Xml._add_bom_target_version_range(parent_element=v_target_versions_element, version=version)

# properties
if vulnerability.properties:
Xml._add_properties_element(properties=vulnerability.properties, parent_element=vulnerability_element)

return vulnerability_element

@staticmethod
Expand Down
12 changes: 11 additions & 1 deletion cyclonedx/schema/bom-1.4.xsd
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ limitations under the License.
targetNamespace="http://cyclonedx.org/schema/bom/1.4"
vc:minVersion="1.0"
vc:maxVersion="1.1"
version="1.4.1">
version="1.4.2">

<xs:import namespace="http://cyclonedx.org/schema/spdx" schemaLocation="spdx.xsd"/>

Expand Down Expand Up @@ -2014,6 +2014,16 @@ limitations under the License.
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="properties" type="bom:propertiesType" minOccurs="0" maxOccurs="1">
<xs:annotation>
<xs:documentation>Provides the ability to document properties in a key/value store.
This provides flexibility to include data not officially supported in the standard
without having to use additional namespaces or create extensions. Property names
of interest to the general public are encouraged to be registered in the
CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy.
Formal registration is OPTIONAL.</xs:documentation>
</xs:annotation>
</xs:element>
</xs:sequence>
<xs:attribute name="bom-ref" type="bom:refType">
<xs:annotation>
Expand Down
Loading

0 comments on commit 32e7929

Please sign in to comment.