Merge pull request #214 from CycloneDX/feat/support-bom-dependencies-no-cast

madpah · web-flow · commit 25515456f270 · 2022-04-20T13:15:08.000+01:00
no cast
diff --git a/cyclonedx/output/json.py b/cyclonedx/output/json.py
@@ -19,7 +19,7 @@
 
 import json
 from abc import abstractmethod
-from typing import Any, Dict, List, Optional, Union, cast
+from typing import Any, Dict, Iterable, List, Optional, Union
 
 from ..exception.output import FormatNotSupportedException
 from ..model.bom import Bom
@@ -56,7 +56,8 @@ def generate(self, force_regeneration: bool = False) -> None:
         if self.generated and not force_regeneration:
             return
 
-        self.get_bom().validate()
+        bom = self.get_bom()
+        bom.validate()
 
         schema_uri: Optional[str] = self._get_schema_uri()
         if not schema_uri:
@@ -65,32 +66,31 @@ def generate(self, force_regeneration: bool = False) -> None:
 
         extras = {}
         if self.bom_supports_dependencies():
-            dependencies: List[Dict[str, Union[str, List[str]]]] = []
-            if self.get_bom().metadata.component:
-                dependencies.append({
-                    'ref': str(cast(Component, self.get_bom().metadata.component).bom_ref),
-                    'dependsOn': [*map(str, cast(Component, self.get_bom().metadata.component).dependencies)]
-                })
-            for component in self.get_bom().components:
+            dep_components: Iterable[Component] = bom.components
+            if bom.metadata.component:
+                dep_components = [bom.metadata.component, *dep_components]
+            dependencies = []
+            for component in dep_components:
                 dependencies.append({
                     'ref': str(component.bom_ref),
                     'dependsOn': [*map(str, component.dependencies)]
                 })
             if dependencies:
                 extras["dependencies"] = dependencies
+            del dep_components
 
         if self.bom_supports_vulnerabilities():
             vulnerabilities: List[Dict[Any, Any]] = []
-            if self.get_bom().components:
-                for component in cast(List[Component], self.get_bom().components):
+            if bom.components:
+                for component in bom.components:
                     for vulnerability in component.get_vulnerabilities():
                         vulnerabilities.append(
                             json.loads(json.dumps(vulnerability, cls=CycloneDxJSONEncoder))
                         )
             if vulnerabilities:
                 extras["vulnerabilities"] = vulnerabilities
 
-        bom_json = json.loads(json.dumps(self.get_bom(), cls=CycloneDxJSONEncoder))
+        bom_json = json.loads(json.dumps(bom, cls=CycloneDxJSONEncoder))
         bom_json = json.loads(self._specialise_output_for_schema_version(bom_json=bom_json))
         self._json_output = json.dumps({**self._create_bom_element(), **bom_json, **extras})
 
diff --git a/cyclonedx/output/xml.py b/cyclonedx/output/xml.py
@@ -18,7 +18,7 @@
 # Copyright (c) OWASP Foundation. All Rights Reserved.
 
 import warnings
-from typing import Optional, Set, cast
+from typing import Iterable, Optional, Set
 from xml.etree import ElementTree
 
 from ..model import (
@@ -67,16 +67,17 @@ def generate(self, force_regeneration: bool = False) -> None:
         elif self.generated:
             return
 
-        self.get_bom().validate()
+        bom = self.get_bom()
+        bom.validate()
 
         if self.bom_supports_metadata():
             self._add_metadata_element()
 
-        components_element = ElementTree.SubElement(self._root_bom_element, 'components')
-
         has_vulnerabilities: bool = False
-        if self.get_bom().components:
-            for component in self.get_bom().components:
+
+        components_element = ElementTree.SubElement(self._root_bom_element, 'components')
+        if bom.components:
+            for component in bom.components:
                 component_element = self._add_component_element(component=component)
                 components_element.append(component_element)
                 if self.bom_supports_vulnerabilities_via_extension() and component.has_vulnerabilities():
@@ -96,41 +97,35 @@ def generate(self, force_regeneration: bool = False) -> None:
                 elif component.has_vulnerabilities():
                     has_vulnerabilities = True
 
-        if self.bom_supports_services():
-            if self.get_bom().services:
-                services_element = ElementTree.SubElement(self._root_bom_element, 'services')
-                for service in self.get_bom().services:
-                    services_element.append(self._add_service_element(service=service))
-
-        if self.bom_supports_external_references():
-            if self.get_bom().external_references:
-                self._add_external_references_to_element(
-                    ext_refs=self.get_bom().external_references,
-                    element=self._root_bom_element
-                )
+        if self.bom_supports_services() and bom.services:
+            services_element = ElementTree.SubElement(self._root_bom_element, 'services')
+            for service in bom.services:
+                services_element.append(self._add_service_element(service=service))
+
+        if self.bom_supports_external_references() and bom.external_references:
+            self._add_external_references_to_element(
+                ext_refs=bom.external_references,
+                element=self._root_bom_element
+            )
 
-        if self.bom_supports_dependencies() and (self.get_bom().metadata.component or self.get_bom().components):
+        if self.bom_supports_dependencies() and (bom.metadata.component or bom.components):
+            dep_components: Iterable[Component] = bom.components
+            if bom.metadata.component:
+                dep_components = [bom.metadata.component, *dep_components]
             dependencies_element = ElementTree.SubElement(self._root_bom_element, 'dependencies')
-            if self.get_bom().metadata.component:
-                dependency_element = ElementTree.SubElement(dependencies_element, 'dependency', {
-                    'ref': str(cast(Component, self.get_bom().metadata.component).bom_ref)
-                })
-                for dependency in cast(Component, self.get_bom().metadata.component).dependencies:
-                    ElementTree.SubElement(dependency_element, 'dependency', {
-                        'ref': str(dependency)
-                    })
-            for component in self.get_bom().components:
+            for component in dep_components:
                 dependency_element = ElementTree.SubElement(dependencies_element, 'dependency', {
                     'ref': str(component.bom_ref)
                 })
                 for dependency in component.dependencies:
                     ElementTree.SubElement(dependency_element, 'dependency', {
                         'ref': str(dependency)
                     })
+            del dep_components
 
         if self.bom_supports_vulnerabilities() and has_vulnerabilities:
             vulnerabilities_element = ElementTree.SubElement(self._root_bom_element, 'vulnerabilities')
-            for component in self.get_bom().components:
+            for component in bom.components:
                 for vulnerability in component.get_vulnerabilities():
                     vulnerabilities_element.append(
                         self._get_vulnerability_as_xml_element_post_1_4(vulnerability=vulnerability)
@@ -147,13 +142,14 @@ def get_target_namespace(self) -> str:
 
     # Builder Methods
     def _create_bom_element(self) -> ElementTree.Element:
+        bom = self.get_bom()
         root_attributes = {
             'xmlns': self.get_target_namespace(),
             'version': '1',
-            'serialNumber': self.get_bom().get_urn_uuid()
+            'serialNumber': bom.get_urn_uuid()
         }
 
-        if self.bom_supports_vulnerabilities_via_extension() and self.get_bom().has_vulnerabilities():
+        if self.bom_supports_vulnerabilities_via_extension() and bom.has_vulnerabilities():
             root_attributes['xmlns:v'] = Xml.VULNERABILITY_EXTENSION_NAMESPACE
             ElementTree.register_namespace('v', Xml.VULNERABILITY_EXTENSION_NAMESPACE)
 
diff --git a/tests/base.py b/tests/base.py
@@ -134,7 +134,7 @@ def assertValidAgainstSchema(self, bom_xml: str, schema_version: SchemaVersion)
     def assertEqualXml(self, a: str, b: str) -> None:
         diff_results = main.diff_texts(a, b, diff_options={'F': 0.5})
         diff_results = list(filter(lambda o: not isinstance(o, MoveNode), diff_results))
-        self.assertEqual(len(diff_results), 0, f'There are XML differences: {diff_results}')
+        self.assertEqual(len(diff_results), 0, f'There are XML differences: {diff_results}\n- {a}\n+ {b}')
 
     def assertEqualXmlBom(self, a: str, b: str, namespace: str) -> None:
         """
