feat: add cyclonedx.model.dependency.Dependency.provides #691
Description
Library Version: 7.6.1
Description:
Steps to Reproduce:
- Use the example JSON provided in the CycloneDX bom-examples repository.
- Run the following script:
import json
from cyclonedx.model.bom import Bom
# source: https://github.com/CycloneDX/bom-examples/blob/c0436d86cd60693f01d19fe1aacfd01e70e17036/CBOM/Example-With-Dependencies/bom.json
sample = '''{
"bomFormat": "CycloneDX",
"specVersion": "1.6",
"serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",
"version": 1,
"metadata": {
"component": {
"type": "application",
"bom-ref": "acme-application",
"name": "Acme Application",
"version": "1.0"
}
},
"components": [
{
"type": "cryptographic-asset",
"bom-ref": "aes128gcm",
"name": "AES",
"cryptoProperties": {
"assetType": "algorithm",
"algorithmProperties": {
"primitive": "ae",
"parameterSetIdentifier": "128",
"executionEnvironment": "software-plain-ram",
"implementationPlatform": "x86_64",
"certificationLevel": [ "none" ],
"mode": "gcm",
"cryptoFunctions": ["keygen", "encrypt", "decrypt", "tag"],
"classicalSecurityLevel": 128,
"nistQuantumSecurityLevel": 1
},
"oid": "2.16.840.1.101.3.4.1.6"
}
},
{
"type": "library",
"bom-ref": "crypto-library",
"name": "Crypto library",
"version": "1.0.0"
},
{
"type": "library",
"bom-ref": "some-library",
"name": "Some library",
"version": "1.0.0"
}
],
"dependencies": [
{
"ref": "acme-application",
"dependsOn": ["crypto-library"]
},
{
"ref": "crypto-library",
"provides": ["aes128gcm"],
"dependsOn": ["some-library"]
}
]
}'''
data = json.loads(sample)
Bom.from_json(data=data)Observed Behavior:
The code fails with the following exception:
Traceback (most recent call last):
...
ValueError: Unexpected key provides/provides in data being serialized to cyclonedx.model.dependency.Dependency
Environment:
- Python version:
3.10 - Operating System:
macOS - Library version:
7.6.1
Let me know if this works!
Metadata
Metadata
Assignees
Type
Projects
Milestone
Relationships
Participants
Activity
[-]ValueError: Unexpected key provides/provides in data being serialized to cyclonedx.model.dependency.Dependency[/-][+]feat: add `cyclonedx.model.dependency.Dependency.provides`[/+]jkowalleck commentedon Oct 7, 2024
Not a bug, but a lack of a feature.
CycloneDX python library is a community effort, everybody is free to add the bits and pieces they need. see #633
In this case, it is the property
cyclonedx.model.dependency.Dependency.providesthat needs to be added.near
cyclonedx-python-lib/cyclonedx/model/dependency.py
Line 51 in 2aea159
If you are interested in providing the missing feature, please let me know.
Then, you should follow our contributing guidelines, and you may open a pullrequest to add the missing feature.
jkowalleck commentedon Oct 7, 2024
see also: #537
uzairchhapra commentedon Nov 4, 2024
@jkowalleck I am interested in contributing for this feature. I have started working on it and can release a PR shortly.
jkowalleck commentedon Nov 5, 2024
That is fantastic, @uzairchhapra .
Feel free to open a work-in-progress "draft" pullrequest early.
cyclonedx.model.dependency.Dependency.provides#735