search

CycloneDX / cyclonedx-python-lib

Python implementation of OWASP CycloneDX
https://cyclonedx.org/
Apache License 2.0
68 stars 38 forks source link

feat: add `cyclonedx.model.dependency.Dependency.provides` #691

Open chistyakov opened 5 days ago

chistyakov commented 5 days ago

Library Version: 7.6.1

Description:

Steps to Reproduce:

  1. Use the example JSON provided in the CycloneDX bom-examples repository.
  2. Run the following script:
import json
from cyclonedx.model.bom import Bom

# source: https://github.com/CycloneDX/bom-examples/blob/c0436d86cd60693f01d19fe1aacfd01e70e17036/CBOM/Example-With-Dependencies/bom.json

sample = '''{
  "bomFormat": "CycloneDX",
  "specVersion": "1.6",
  "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",
  "version": 1,
  "metadata": {
    "component": {
      "type": "application",
      "bom-ref": "acme-application",
      "name": "Acme Application",
      "version": "1.0"
    }
  },
  "components": [
    {
      "type": "cryptographic-asset",
      "bom-ref": "aes128gcm",
      "name": "AES",
      "cryptoProperties": {
        "assetType": "algorithm",
        "algorithmProperties": {
          "primitive": "ae",
          "parameterSetIdentifier": "128",
          "executionEnvironment": "software-plain-ram",
          "implementationPlatform": "x86_64",
          "certificationLevel": [ "none" ],
          "mode": "gcm",
          "cryptoFunctions": ["keygen", "encrypt", "decrypt", "tag"],
          "classicalSecurityLevel": 128,
          "nistQuantumSecurityLevel": 1
        },
        "oid": "2.16.840.1.101.3.4.1.6"
      }
    },
    {
      "type": "library",
      "bom-ref": "crypto-library",
      "name": "Crypto library",
      "version": "1.0.0"
    },
    {
      "type": "library",
      "bom-ref": "some-library",
      "name": "Some library",
      "version": "1.0.0"
    }
  ],
  "dependencies": [
    {
      "ref": "acme-application",
      "dependsOn": ["crypto-library"]
    },
    {
      "ref": "crypto-library",
      "provides": ["aes128gcm"],
      "dependsOn": ["some-library"]
    }
  ]
}'''

data = json.loads(sample)

Bom.from_json(data=data)

Observed Behavior: The code fails with the following exception:

Traceback (most recent call last):
  ...
ValueError: Unexpected key provides/provides in data being serialized to cyclonedx.model.dependency.Dependency

Environment:

Let me know if this works!

jkowalleck commented 2 days ago

Not a bug, but a lack of a feature.

CycloneDX python library is a community effort, everybody is free to add the bits and pieces they need. see https://github.com/CycloneDX/cyclonedx-python-lib/issues/633

In this case, it is the property cyclonedx.model.dependency.Dependency.provides that needs to be added. near https://github.com/CycloneDX/cyclonedx-python-lib/blob/2aea159d9a137bd268b5b21e69f927dbc8f0c086/cyclonedx/model/dependency.py#L51

If you are interested in providing the missing feature, please let me know.
Then, you should follow our contributing guidelines, and you may open a pullrequest to add the missing feature.

jkowalleck commented 2 days ago

see also: #537