Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: support for deserialization from JSON and XML #290

Merged
merged 70 commits into from
Mar 3, 2023

Conversation

madpah
Copy link
Collaborator

@madpah madpah commented Aug 15, 2022

BREAKING CHANGE:

This development implements a (currently in Pre-Alpha) library developed specifically to address serialization and deserialization to/from JSON/XML and Pythonic Classes that utilise the @property decorator. See #185.

Included in this PR:

  • Ensuring all manner of CDX documents and be deserialized
  • Replacing the hard-coded serialization code with this library
  • Completing Test Coverage
  • Bringing the external library py-serializable to a stable state

Also in this PR are the following PR's/Features:

Current known limitations:

  • Requires Python >= 3.7 (see above)
  • (De-)serialization of Vulnerabilities in schema version < 1.4 is now NOT supported - prior to 1.4 - we have dropped support for the Vulnerabilities Schema Extension in this PR

@madpah madpah added this to the 3.0.0 milestone Aug 15, 2022
@madpah madpah added enhancement New feature or request breaking change labels Aug 15, 2022
@madpah madpah self-assigned this Aug 15, 2022
tests/data.py Outdated Show resolved Hide resolved
tests/test_output_json.py Outdated Show resolved Hide resolved
@javihernandez
Copy link

Hi @madpah,

first, thanks for your work on this python library, it really helped us in our first steps towards SBOM generation of some of the assets created in the AlmaLinux Build System, which is used to build the packages of the AlmaLinux OS distribution. As you can see here, I gave a try to this branch and although it already meets our expectations, and following @stevespringett's advice, I would like to mention that the bom-refs are missing after reusing an already existing SBOM. Is it maybe already in your radar and that you'll be fixing soon? Thanks and keep up the good work!

@pombredanne
Copy link

@madpah Hey! 'sup? what's the plan on this? Fancy some help?

@pombredanne
Copy link

If help is wanted, help could be provided ;)

@pombredanne
Copy link

@keshav-space We would likely use this for aboutcode-org/scancode.io#583 ;)

tests/test_output_json.py Outdated Show resolved Hide resolved
Signed-off-by: Paul Horton <[email protected]>
Signed-off-by: Paul Horton <[email protected]>
Signed-off-by: Paul Horton <[email protected]>
@madpah madpah marked this pull request as ready for review February 27, 2023 19:53
@madpah
Copy link
Collaborator Author

madpah commented Feb 27, 2023

@javihernandez - thanks for your patience. If you are able to retest this branch again now - I believe we have the Dependency work complete now.

FYI @jkowalleck @pombredanne

Copy link
Member

@jkowalleck jkowalleck left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

reviewed 9 / 136 files


  • 📝 marked breaking changes and enhancements that need to be documented in the changelog
  • ❓ had some questions that prevent me from approval
  • ❌ had some things that require changes and fixes that prevent me from approval

cyclonedx/factory/license.py Outdated Show resolved Hide resolved
cyclonedx/model/__init__.py Show resolved Hide resolved
cyclonedx/model/__init__.py Show resolved Hide resolved
cyclonedx/model/__init__.py Outdated Show resolved Hide resolved
cyclonedx/model/__init__.py Outdated Show resolved Hide resolved
cyclonedx/model/component.py Outdated Show resolved Hide resolved
cyclonedx/model/component.py Outdated Show resolved Hide resolved
cyclonedx/model/component.py Outdated Show resolved Hide resolved
cyclonedx/model/component.py Outdated Show resolved Hide resolved
cyclonedx/model/component.py Outdated Show resolved Hide resolved
Signed-off-by: Paul Horton <[email protected]>
Signed-off-by: Paul Horton <[email protected]>
…` making our models look odd

Signed-off-by: Paul Horton <[email protected]>
Copy link
Member

@jkowalleck jkowalleck left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍
Some notes on some parameters regarding shadowing.
Overall, I do not see any issues with your changes,

cyclonedx/model/__init__.py Show resolved Hide resolved
cyclonedx/model/__init__.py Outdated Show resolved Hide resolved
cyclonedx/model/__init__.py Show resolved Hide resolved
cyclonedx/model/component.py Show resolved Hide resolved
cyclonedx/model/component.py Show resolved Hide resolved
@madpah madpah merged commit 676c941 into dev/4.0.0 Mar 3, 2023
@madpah madpah deleted the feat/deserialization-to-object-model branch March 3, 2023 15:16
madpah added a commit that referenced this pull request Mar 20, 2023
Highlights of this release include:
* Support for De-serialization from JSON and XML to this Pythonic Model
* Deprecation of Python 3.6 support
* Support for Python 3.11
* Support for `BomLink`
* Support VEX without needing `Component` in the same `Bom`
* Support for `services` having `dependencies`

BREAKING CHANGE: Large portions of this library have been re-written for this release and many methods and contracts have changed.

Signed-off-by: Paul Horton <[email protected]>

* feat: support VEX without Components in the same BOM

BREAKING CHANGE: Model classes changed to relocated Vulnerability at Bom, not at Component

Signed-off-by: Paul Horton <[email protected]>

* feat: support VEX without Components in the same BOM

BREAKING CHANGE: Model classes changed to relocated Vulnerability at Bom, not at Component

Signed-off-by: Paul Horton <[email protected]>

feat: allow `version` of BOM to be defined

feat: allow `serial_number` of BOM to be prescribed

feat: add helper method to get URN for a BOM according to https://www.iana.org/assignments/urn-formal/cdx
Signed-off-by: Paul Horton <[email protected]>

* chore: fix release workflow

* chore: editorconfig

Signed-off-by: Jan Kowalleck <[email protected]>

* feat: support for deserialization from JSON and XML (#290)

BREAKING CHANGE:

* feat: drop Python 3.6 support

Signed-off-by: Hakan Dilek <[email protected]>
Signed-off-by: Paul Horton <[email protected]>
Co-authored-by: Hakan Dilek <[email protected]>
Co-authored-by: Hakan Dilek <[email protected]>

* fix: update `serializable` to include XML safety changes

Signed-off-by: Paul Horton <[email protected]>

* feat: Support for Python 3.11 (#349)

* feat: officially test and support Python 3.11

Signed-off-by: Paul Horton <[email protected]>

* removed unused imports

Signed-off-by: Paul Horton <[email protected]>

* bump `poetry` to `1.1.12` in CI

Signed-off-by: Paul Horton <[email protected]>

* fix: remove `toml` as dependency as not used and seems to be breaking Python 3.11 CI

Signed-off-by: Paul Horton <[email protected]>

* fix: removed `types-toml` from dependencies - not used

Signed-off-by: Paul Horton <[email protected]>

---------

Signed-off-by: Paul Horton <[email protected]>

* fix: removed `autopep8` in favour of `flake8` as both have conflicting dependencies now

Signed-off-by: Paul Horton <[email protected]>

* chore: bump dev dependencies

fix: removed `setuptools` as dependency
Signed-off-by: Paul Horton <[email protected]>

* tests: compoennt versions optional (#350)

* chore: exclude `venv*` from QA; add typing to QA

Signed-off-by: Jan Kowalleck <[email protected]>

* tests: component versions are optional

Signed-off-by: Jan Kowalleck <[email protected]>

---------

Signed-off-by: Jan Kowalleck <[email protected]>

* doc: doc updates for new deserialization feature

Signed-off-by: Paul Horton <[email protected]>

* doc: doc updates for contribution

Signed-off-by: Paul Horton <[email protected]>

---------

Signed-off-by: Paul Horton <[email protected]>
Signed-off-by: Jan Kowalleck <[email protected]>
Signed-off-by: Hakan Dilek <[email protected]>
Co-authored-by: Jan Kowalleck <[email protected]>
Co-authored-by: Hakan Dilek <[email protected]>
Co-authored-by: Hakan Dilek <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
breaking change enhancement New feature or request
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants