Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feat: prevent unknwon enums from rendering #496

Merged
merged 34 commits into from
Nov 30, 2023
Merged

Feat: prevent unknwon enums from rendering #496

merged 34 commits into from
Nov 30, 2023

Conversation

jkowalleck
Copy link
Member

@jkowalleck jkowalleck commented Nov 28, 2023
edited
Loading

  • fixes [FEAT] assert valid CycloneDX xml/json when using "unknown" enum cases #490
  • BC: Component serialization may throw cyclonedx.exception.serialization.SerializationOfUnsupportedComponentTypeException
  • feat: serialization have own exceptions of cyclonedx.exception.serialization.*
  • tests: lots of (functional) tests related to enums and serialization
  • misc: bump py-serializable@^0.15 -> @^0.16

details & progress:

  • DataFlow
  • Encoding
  • HashAlgorithm
  • ExternalReferenceType
    convert "unknown" to other
  • component.ComponentScope
  • component.ComponentType. > tests done, migrator open
    Unclear how to proceed. dropping the info is a bad idea here.
    Best would be to throw an exception and abort the rendering.
  • component.PatchClassification
  • impact_analysis.ImpactAnalysisAffectedStatus
  • impact_analysis.ImpactAnalysisJustification
  • impact_analysis.ImpactAnalysisResponse
  • impact_analysis.ImpactAnalysisState
  • issue.IssueClassification
  • vulnerability.VulnerabilityScoreSource
    convert "unknown" to other
  • vulnerability.VulnerabilitySeverity

@jkowalleck jkowalleck added this to the 6.0.0 milestone Nov 28, 2023
@jkowalleck jkowalleck added enhancement New feature or request QA Quality Assurance labels Nov 28, 2023
@jkowalleck jkowalleck linked an issue Nov 28, 2023 that may be closed by this pull request
[FEAT] assert valid CycloneDX xml/json when using "unknown" enum cases #490
Closed
14 tasks
@jkowalleck
tests: enum value range
14f3cf9 
Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck
tests: enum tidy
fdc8c9d 
Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck
tests: enum Encoding
3b46f76 
Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck
tests: enums
ae2a87a 
Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck
tests: enums
878b846 
Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck
tests: enums
8ebcdbe 
Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck
tests: enums
68586ce 
Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck
tests: enums
20d7a93 
Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck
tests: enums
e5fcfa6 
Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck
tests: enums
4791e49 
Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck
tests: enums
989e240 
Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck
tidy
b842293 
Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck
add enum's @serializable.serializable_enum
9ee9676 
Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck
enums filter: HashType
024737f 
Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck
tidy
cf55379 
Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck
tidy
0563167 
Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck
tidy
e47afd4 
Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck
tidy
a34bf69 
Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck
tidy
2ce07a7 
Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck
bump py-serializable
a64ebfc 
Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck
enums migrate: ExternalReferenceType
117b547 
Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck
enums migrate: ExternalReferenceType
1452e2a 
Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck
enum migrate: VulnerabilityScoreSource
63aca98 
Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck
enum migrate: VulnerabilityScoreSource
97d3983 
Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck
enums migrate: ComponentScope
1f7e6d3 
Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck
enums migrate: ComponentScope
c0324d3 
Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck
tests: fix enum: DataFlow
ee3257f 
Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck
more precise serialization errors
932720e 
Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck
handle CompnentType
24cf9d0 
Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck
test: raised on handle CompnentType
da7ce56 
Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck
tidy
00497d6 
Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck
reprod
0f83621 
Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck
cleanup
3661af8 
Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck jkowalleck force-pushed the feat/prevent-unknwon-enums-from-rendering branch from 6dfd5f8 to 3661af8 Compare November 30, 2023 11:15
@jkowalleck
cleanup
181f531 
Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck jkowalleck marked this pull request as ready for review November 30, 2023 11:21
@jkowalleck jkowalleck requested a review from a team as a code owner November 30, 2023 11:21
@codacy-production Codacy Production
Copy link

Coverage summary from Codacy

See diff coverage on Codacy

Coverage variation Diff coverage
+0.16% 90.26% (target: 80.00%)
Coverage variation details
Coverable lines Covered lines Coverage
Common ancestor commit (ac1f48a) 3245 3061 94.33%
Head commit (181f531) 3394 (+149) 3207 (+146) 94.49% (+0.16%)

Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: <coverage of head commit> - <coverage of common ancestor commit>

Diff coverage details
Coverable lines Covered lines Diff coverage
Pull request (#496) 195 176 90.26%

Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: <covered lines added or modified>/<coverable lines added or modified> * 100%

See your quality gate settings    Change summary preferences

@jkowalleck jkowalleck mentioned this pull request Nov 30, 2023
Merged
@jkowalleck jkowalleck merged commit 6c204f7 into 6.0.0-dev Nov 30, 2023
44 checks passed
@jkowalleck jkowalleck deleted the feat/prevent-unknwon-enums-from-rendering branch November 30, 2023 11:40
jkowalleck added a commit that referenced this pull request Dec 10, 2023
@jkowalleck @Churro
feat!: v6.0.0 (#492)
74865f8 
### Breaking Changes

* Removed symbols that were already marked as deprecated (via [#493])
* Removed symbols in `parser.*` ([#489] via [#495])
* Removed `output.LATEST_SUPPORTED_SCHEMA_VERSION` ([#491] via [#494])
* Serialization of unsupported enum values might downgrade/migrate/omit them  ([#490] via [#496])  
  Handling might raise warnings if a data loss occurred due to omitting.  
  The result is a guaranteed valid XML/JSON, since no (enum-)invalid values are rendered.
* Serialization of any `model.component.Component` with unsupported `type` raises `exception.serialization.SerializationOfUnsupportedComponentTypeException` ([#490] via [#496])
* Object `model.bom_ref.BomRef`'s property `value` defaults to `Null`, was arbitrary `UUID` ([#504] via [#505])  
  This change does not affect serialization. All `bom-ref`s are guaranteed to have unique values on rendering.
* Removed helpers from public API ([#503] via [#506])

### Added

* Basic support for CycloneDX 1.5 ([#404] via [#488])
  * No data models were enhanced nor added, yet.  
    Pull requests to add functionality are welcome.
  * Existing enumerable got new cases, to reflect features of CycloneDX 1.5 ([#404] via [#488])
  * Outputters were enabled to render CycloneDX 1.5 ([#404] via [#488])

### Tests

* Created (regression/unit/integration/functional) tests for CycloneDX 1.5 ([#404] via [#488])
* Created (regression/functional) tests for Enums' handling and completeness ([#490] via [#496])

### Misc

* Bumped dependency `py-serializable@^0.16`, was `@^0.15` (via [#496])


----

### API Changes — the details for migration

* Added new sub-package `exception.serialization` (via [#496])
* Removed class `models.ComparableTuple` ([#503] via [#506])
* Enum `model.ExternalReferenceType` got new cases, to reflect features for CycloneDX 1.5 ([#404] via [#488])
* Removed function `models.get_now_utc` ([#503] via [#506])
* Removed function `models.sha1sum` ([#503] via [#506])
* Enum `model.component.ComponentType` got new cases, to reflect features for CycloneDX 1.5 ([#404] via [#488])
* Removed `model.component.Component.__init__()`'s deprecated optional kwarg `namespace` (via [#493])  
  Use kwarg `group` instead.
* Removed `model.component.Component.__init__()`'s deprecated optional kwarg `license_str` (via [#493])  
  Use kwarg `licenses` instead.
* Removed deprecated method `model.component.Component.get_namespace()` (via [#493])
* Removed class `models.dependency.DependencyDependencies` ([#503] via [#506])
* Removed `model.vulnerability.Vulnerability.__init__()`'s deprecated optional kwarg `source_name` (via [#493])  
  Use kwarg `source` instead.
* Removed `model.vulnerability.Vulnerability.__init__()`'s deprecated optional kwarg `source_url` (via [#493])  
  Use kwarg `source` instead.
* Removed `model.vulnerability.Vulnerability.__init__()`'s deprecated optional kwarg `recommendations` (via [#493])  
  Use kwarg `recommendation` instead.
* Removed `model.vulnerability.VulnerabilityRating.__init__()`'s deprecated optional kwarg `score_base` (via [#493])  
  Use kwarg `score` instead.
* Enum `model.vulnerability.VulnerabilityScoreSource` got new cases, to reflect features for CycloneDX 1.5 ([#404] via [#488])
* Removed `output.LATEST_SUPPORTED_SCHEMA_VERSION` ([#491] via [#494])
* Removed deprecated function `output.get_instance()` (via [#493])  
  Use function `output.make_outputter()` instead.
* Added new class `output.json.JsonV1Dot5`, to reflect CycloneDX 1.5 ([#404] via [#488])
* Added new item to dict `output.json.BY_SCHEMA_VERSION`, to reflect CycloneDX 1.5 ([#404] via [#488])
* Added new class `output.xml.XmlV1Dot5`, to reflect CycloneDX 1.5 ([#404] via [#488])
* Added new item to dict `output.xml.BY_SCHEMA_VERSION`, to reflect CycloneDX 1.5 ([#404] via [#488])
* Removed class `parser.ParserWarning` ([#489] via [#495])
* Removed class `parser.BaseParser` ([#489] via [#495])
* Enum `schema.SchemaVersion` got new case `V1_5`, to reflect CycloneDX 1.5 ([#404] via [#488])


[#404]: #404
[#488]: #488
[#489]: #489
[#490]: #490
[#491]: #491
[#493]: #493
[#494]: #494
[#495]: #495
[#496]: #496
[#503]: #503
[#504]: #504
[#505]: #505
[#506]: #506

---------

Signed-off-by: Johannes Feichtner <[email protected]>
Signed-off-by: Jan Kowalleck <[email protected]>
Signed-off-by: semantic-release <semantic-release>
Co-authored-by: Johannes Feichtner <[email protected]>
Co-authored-by: semantic-release <semantic-release>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
breaking change enhancement New feature or request QA Quality Assurance
Projects
None yet
Milestone
6.0.0
Development

Successfully merging this pull request may close these issues.

[FEAT] assert valid CycloneDX xml/json when using "unknown" enum cases
1 participant
@jkowalleck