Missing support for Data object for Service properties in CDX 1.6

[lucamrgs]

Dear implementers, it appears to me that the Data object for the Services property is not correctly implemented (see https://cyclonedx.org/docs/1.6/json/#services_items_data). I am trying to instantiate a Service, and upon populating the data property, I get this hint from the docs

The DataClassification class is defined as

@serializable.serializable_class
class DataClassification:
    """
    This is our internal representation of the `dataClassificationType` complex type within the CycloneDX standard.

    DataClassification might be deprecated since CycloneDX 1.5, but it is not deprecated in this library.
    In fact, this library will try to provide a compatibility layer if needed.

    .. note::
        See the CycloneDX Schema for dataClassificationType:
        https://cyclonedx.org/docs/1.4/xml/#type_dataClassificationType
    """

    def __init__(
        self, *,
        flow: DataFlow,
        classification: str
    ) -> None:
        self.flow = flow
        self.classification = classification

    @property
    @serializable.xml_attribute()
    def flow(self) -> DataFlow:
        """
        Specifies the flow direction of the data.

        Valid values are: inbound, outbound, bi-directional, and unknown.

        Direction is relative to the service.

        - Inbound flow states that data enters the service
        - Outbound flow states that data leaves the service
        - Bi-directional states that data flows both ways
        - Unknown states that the direction is not known

        Returns:
            `DataFlow`
        """
        return self._flow

    @flow.setter
    def flow(self, flow: DataFlow) -> None:
        self._flow = flow

    @property
    @serializable.xml_name('.')
    @serializable.xml_string(serializable.XmlStringSerializationType.NORMALIZED_STRING)
    def classification(self) -> str:
        """
        Data classification tags data according to its type, sensitivity, and value if altered, stolen, or destroyed.

        Returns:
            `str`
        """
        return self._classification

    @classification.setter
    def classification(self, classification: str) -> None:
        self._classification = classification

    def __eq__(self, other: object) -> bool:
        if isinstance(other, DataClassification):
            return hash(other) == hash(self)
        return False

    def __lt__(self, other: object) -> bool:
        if isinstance(other, DataClassification):
            return _ComparableTuple((
                self.flow, self.classification
            )) < _ComparableTuple((
                other.flow, other.classification
            ))
        return NotImplemented

    def __hash__(self) -> int:
        return hash((self.flow, self.classification))

    def __repr__(self) -> str:
        return f'<DataClassification flow={self.flow}>'

Which seems to be missing the "source" and "destination" properties.

This my poetry.lock entry for cyclonedx-python-lib

name = "cyclonedx-python-lib"
version = "7.6.0"
description = "Python library for CycloneDX"
optional = false
python-versions = "<4.0,>=3.8"
files = [
    {file = "cyclonedx_python_lib-7.6.0-py3-none-any.whl", hash = "sha256:30655e89e5f987dc8d57835919748d71589fafeb33ff1dec45048eb72eda3cf9"},
    {file = "cyclonedx_python_lib-7.6.0.tar.gz", hash = "sha256:fa481d5f0d82728cb6a32e55f8ba9c666ba75a2bd99eb643228e3011c56bb5c4"},
]

Would it be possible for you to adjust this, or let me know what I could do otherwise? Thank you!

[jkowalleck]

Hello @lucamrgs

According to https://github.com/CycloneDX/cyclonedx-python-lib/issues/633#issue-2353045434 I'd invite you to provide the missing features. Just open a pullrequest with the according implementation and tests.

[lucamrgs]

Hi @jkowalleck, thanks for the note. Unfortunately I do not have extensive time to go through the project architecture and understand exactly how to modify the code, to implement the change consistently. I.e., I think it would take me some time.

Since it's still a somewhat minor change and related to implementing correctly the CDX spec, would you know anyone who would be able to implement it quickly?

I'd still try to give it a go if not. Thank you for consideration.

[jkowalleck]

I'd still try to give it a go if not. Thank you for consideration.

take your time, no rush.

It is always best to have the users of a library themselves implement the features they need, since they know their constraints best and could provide proper test cases.