feat!: ignore unknown properties when deserializing (#853)

when deserializing JSON: ignore unknown/unsupported properties
when deserializing XML: ignore unknown/unsupported attributes and
elements

this is considered a **BREAKING Change**, as the old behavior was to
throw an error when deserializing unknown/unsupported features - which
no longer happens, instead, unknown/unsupported features are simply
ignored.

-----

- fixes #850 

-----

---------

Signed-off-by: Jan Kowalleck <[email protected]>

Author: jkowalleck

cyclonedx/model/__init__.py

@@ -676,7 +676,7 @@ def deserialize(cls, o: Any) -> ExternalReferenceType:
         return ExternalReferenceType(o)
 
 
-@serializable.serializable_class
+@serializable.serializable_class(ignore_unknown_during_deserialization=True)
 class XsUri(serializable.helpers.BaseHelper):
     """
     Helper class that allows us to perform validation on data strings that are defined as xs:anyURI
@@ -802,7 +802,7 @@ def is_bom_link(self) -> bool:
         return self._uri.startswith(_BOM_LINK_PREFIX)
 
 
-@serializable.serializable_class
+@serializable.serializable_class(ignore_unknown_during_deserialization=True)
 class ExternalReference:
     """
     This is our internal representation of an ExternalReference complex type that can be used in multiple places within
@@ -914,7 +914,7 @@ def __repr__(self) -> str:
         return f'<ExternalReference {self.type.name}, {self.url}>'
 
 
-@serializable.serializable_class
+@serializable.serializable_class(ignore_unknown_during_deserialization=True)
 class Property:
     """
     This is our internal representation of `propertyType` complex type that can be used in multiple places within
@@ -989,7 +989,7 @@ def __repr__(self) -> str:
         return f'<Property name={self.name}>'
 
 
-@serializable.serializable_class
+@serializable.serializable_class(ignore_unknown_during_deserialization=True)
 class NoteText:
     """
     This is our internal representation of the Note.text complex type that can be used in multiple places within
@@ -1081,7 +1081,7 @@ def __repr__(self) -> str:
         return f'<NoteText content_type={self.content_type}, encoding={self.encoding}>'
 
 
-@serializable.serializable_class
+@serializable.serializable_class(ignore_unknown_during_deserialization=True)
 class Note:
     """
     This is our internal representation of the Note complex type that can be used in multiple places within
@@ -1166,7 +1166,7 @@ def __repr__(self) -> str:
         return f'<Note id={id(self)}, locale={self.locale}>'
 
 
-@serializable.serializable_class
+@serializable.serializable_class(ignore_unknown_during_deserialization=True)
 class IdentifiableAction:
     """
     This is our internal representation of the `identifiableActionType` complex type.
@@ -1252,7 +1252,7 @@ def __repr__(self) -> str:
         return f'<IdentifiableAction name={self.name}, email={self.email}>'
 
 
-@serializable.serializable_class
+@serializable.serializable_class(ignore_unknown_during_deserialization=True)
 class Copyright:
     """
     This is our internal representation of the `copyrightsType` complex type.

cyclonedx/model/bom.py

@@ -55,7 +55,7 @@
     from packageurl import PackageURL
 
 
-@serializable.serializable_class
+@serializable.serializable_class(ignore_unknown_during_deserialization=True)
 class BomMetaData:
     """
     This is our internal representation of the metadata complex type within the CycloneDX standard.
@@ -314,7 +314,7 @@ def __repr__(self) -> str:
         return f'<BomMetaData timestamp={self.timestamp}, component={self.component}>'
 
 
-@serializable.serializable_class(ignore_during_deserialization=['$schema', 'bom_format', 'spec_version'])
+@serializable.serializable_class(ignore_unknown_during_deserialization=True)
 class Bom:
     """
     This is our internal representation of a bill-of-materials (BOM).

cyclonedx/model/bom_ref.py

@@ -28,7 +28,7 @@
     _T_BR = TypeVar('_T_BR', bound='BomRef')
 
 
-@serializable.serializable_class
+@serializable.serializable_class(ignore_unknown_during_deserialization=True)
 class BomRef(serializable.helpers.BaseHelper):
     """
     An identifier that can be used to reference objects elsewhere in the BOM.

cyclonedx/model/component.py

@@ -66,7 +66,7 @@
 from .release_note import ReleaseNotes
 
 
-@serializable.serializable_class
+@serializable.serializable_class(ignore_unknown_during_deserialization=True)
 class Commit:
     """
     Our internal representation of the `commitType` complex type.
@@ -326,7 +326,7 @@ def deserialize(cls, o: Any) -> ComponentType:
         return ComponentType(o)
 
 
-@serializable.serializable_class
+@serializable.serializable_class(ignore_unknown_during_deserialization=True)
 class Diff:
     """
     Our internal representation of the `diffType` complex type.
@@ -408,7 +408,7 @@ class PatchClassification(str, Enum):
     UNOFFICIAL = 'unofficial'
 
 
-@serializable.serializable_class
+@serializable.serializable_class(ignore_unknown_during_deserialization=True)
 class Patch:
     """
     Our internal representation of the `patchType` complex type.
@@ -498,7 +498,7 @@ def __repr__(self) -> str:
         return f'<Patch type={self.type}, id={id(self)}>'
 
 
-@serializable.serializable_class
+@serializable.serializable_class(ignore_unknown_during_deserialization=True)
 class Pedigree:
     """
     Our internal representation of the `pedigreeType` complex type.
@@ -661,7 +661,7 @@ def __repr__(self) -> str:
         return f'<Pedigree id={id(self)}, hash={hash(self)}>'
 
 
-@serializable.serializable_class
+@serializable.serializable_class(ignore_unknown_during_deserialization=True)
 class Swid:
     """
     Our internal representation of the `swidType` complex type.
@@ -813,7 +813,7 @@ def __repr__(self) -> str:
         return f'<Swid tagId={self.tag_id}, name={self.name}, version={self.version}>'
 
 
-@serializable.serializable_class
+@serializable.serializable_class(ignore_unknown_during_deserialization=True)
 class OmniborId(serializable.helpers.BaseHelper):
     """
     Helper class that allows us to perform validation on data strings that must conform to
@@ -872,7 +872,7 @@ def __str__(self) -> str:
         return self._id
 
 
-@serializable.serializable_class
+@serializable.serializable_class(ignore_unknown_during_deserialization=True)
 class Swhid(serializable.helpers.BaseHelper):
     """
     Helper class that allows us to perform validation on data strings that must conform to
@@ -931,7 +931,7 @@ def __str__(self) -> str:
         return self._id
 
 
-@serializable.serializable_class
+@serializable.serializable_class(ignore_unknown_during_deserialization=True)
 class Component(Dependable):
     """
     This is our internal representation of a Component within a Bom.

cyclonedx/model/component_evidence.py

@@ -75,7 +75,7 @@ class AnalysisTechnique(str, Enum):
     OTHER = 'other'
 
 
-@serializable.serializable_class
+@serializable.serializable_class(ignore_unknown_during_deserialization=True)
 class Method:
     """
     Represents a method used to extract and/or analyze evidence.
@@ -181,7 +181,7 @@ def xml_denormalize(cls, o: 'XmlElement', *,
         return [BomRef(value=t.get('ref')) for t in o]
 
 
-@serializable.serializable_class
+@serializable.serializable_class(ignore_unknown_during_deserialization=True)
 class Identity:
     """
     Our internal representation of the `identityType` complex type.
@@ -288,7 +288,7 @@ def __repr__(self) -> str:
             f' methods={self.methods}, tools={self.tools}>'
 
 
-@serializable.serializable_class
+@serializable.serializable_class(ignore_unknown_during_deserialization=True)
 class Occurrence:
     """
     Our internal representation of the `occurrenceType` complex type.
@@ -423,7 +423,7 @@ def __repr__(self) -> str:
         return f'<Occurrence location={self.location}, line={self.line}, symbol={self.symbol}>'
 
 
-@serializable.serializable_class
+@serializable.serializable_class(ignore_unknown_during_deserialization=True)
 class CallStackFrame:
     """
     Represents an individual frame in a call stack.
@@ -567,7 +567,7 @@ def __repr__(self) -> str:
                f' line={self.line}, column={self.column}, full_filename={self.full_filename}>'
 
 
-@serializable.serializable_class
+@serializable.serializable_class(ignore_unknown_during_deserialization=True)
 class CallStack:
     """
     Our internal representation of the `callStackType` complex type.
@@ -622,7 +622,7 @@ def __repr__(self) -> str:
         return f'<CallStack frames={len(self.frames)}>'
 
 
-@serializable.serializable_class
+@serializable.serializable_class(ignore_unknown_during_deserialization=True)
 class ComponentEvidence:
     """
     Our internal representation of the `componentEvidenceType` complex type.

cyclonedx/model/contact.py

@@ -29,7 +29,7 @@
 from .bom_ref import BomRef
 
 
-@serializable.serializable_class
+@serializable.serializable_class(ignore_unknown_during_deserialization=True)
 class PostalAddress:
     """
     This is our internal representation of the `postalAddressType` complex type that can be used in multiple places
@@ -187,7 +187,7 @@ def __repr__(self) -> str:
         return f'<PostalAddress bom-ref={self.bom_ref}, street_address={self.street_address}, country={self.country}>'
 
 
-@serializable.serializable_class
+@serializable.serializable_class(ignore_unknown_during_deserialization=True)
 class OrganizationalContact:
     """
     This is our internal representation of the `organizationalContact` complex type that can be used in multiple places
@@ -277,7 +277,7 @@ def __repr__(self) -> str:
         return f'<OrganizationalContact name={self.name}, email={self.email}, phone={self.phone}>'
 
 
-@serializable.serializable_class
+@serializable.serializable_class(ignore_unknown_during_deserialization=True)
 class OrganizationalEntity:
     """
     This is our internal representation of the `organizationalEntity` complex type that can be used in multiple places

cyclonedx/model/crypto.py

@@ -263,7 +263,7 @@ class CryptoFunction(str, Enum):
     UNKNOWN = 'unknown'
 
 
-@serializable.serializable_class
+@serializable.serializable_class(ignore_unknown_during_deserialization=True)
 class AlgorithmProperties:
     """
     This is our internal representation of the cryptoPropertiesType.algorithmProperties ENUM type within the CycloneDX
@@ -514,7 +514,7 @@ def __repr__(self) -> str:
         return f'<AlgorithmProperties primitive={self.primitive}, execution_environment={self.execution_environment}>'
 
 
-@serializable.serializable_class
+@serializable.serializable_class(ignore_unknown_during_deserialization=True)
 class CertificateProperties:
     """
     This is our internal representation of the `cryptoPropertiesType.certificateProperties` complex type within
@@ -746,7 +746,7 @@ class RelatedCryptoMaterialState(str, Enum):
     SUSPENDED = 'suspended'
 
 
-@serializable.serializable_class
+@serializable.serializable_class(ignore_unknown_during_deserialization=True)
 class RelatedCryptoMaterialSecuredBy:
     """
     This is our internal representation of the `cryptoPropertiesType.relatedCryptoMaterialProperties.securedBy` complex
@@ -817,7 +817,7 @@ def __repr__(self) -> str:
         return f'<RelatedCryptoMaterialSecuredBy mechanism={self.mechanism}, algorithm_ref={self.algorithm_ref}>'
 
 
-@serializable.serializable_class
+@serializable.serializable_class(ignore_unknown_during_deserialization=True)
 class RelatedCryptoMaterialProperties:
     """
     This is our internal representation of the `cryptoPropertiesType.relatedCryptoMaterialProperties` complex type
@@ -1086,7 +1086,7 @@ class ProtocolPropertiesType(str, Enum):
     UNKNOWN = 'unknown'
 
 
-@serializable.serializable_class
+@serializable.serializable_class(ignore_unknown_during_deserialization=True)
 class ProtocolPropertiesCipherSuite:
     """
     This is our internal representation of the `cryptoPropertiesType.protocolProperties.cipherSuites.cipherSuite`
@@ -1179,7 +1179,7 @@ def __repr__(self) -> str:
         return f'<ProtocolPropertiesCipherSuite name={self.name}>'
 
 
-@serializable.serializable_class
+@serializable.serializable_class(ignore_unknown_during_deserialization=True)
 class Ikev2TransformTypes:
     """
     This is our internal representation of the `cryptoPropertiesType.protocolProperties.ikev2TransformTypes`
@@ -1321,7 +1321,7 @@ def __repr__(self) -> str:
         return f'<Ikev2TransformTypes esn={self.esn}>'
 
 
-@serializable.serializable_class
+@serializable.serializable_class(ignore_unknown_during_deserialization=True)
 class ProtocolProperties:
     """
     This is our internal representation of the `cryptoPropertiesType.protocolProperties` complex type within
@@ -1447,7 +1447,7 @@ def __repr__(self) -> str:
         return f'<ProtocolProperties type={self.type}, version={self.version}>'
 
 
-@serializable.serializable_class
+@serializable.serializable_class(ignore_unknown_during_deserialization=True)
 class CryptoProperties:
     """
     This is our internal representation of the `cryptoPropertiesType` complex type within CycloneDX standard.

cyclonedx/model/definition.py

@@ -35,7 +35,7 @@
     _T_CreId = TypeVar('_T_CreId', bound='CreId')
 
 
-@serializable.serializable_class
+@serializable.serializable_class(ignore_unknown_during_deserialization=True)
 class CreId(serializable.helpers.BaseHelper):
     """
     Helper class that allows us to perform validation on data strings that must conform to
@@ -89,7 +89,7 @@ def __str__(self) -> str:
         return self._id
 
 
-@serializable.serializable_class
+@serializable.serializable_class(ignore_unknown_during_deserialization=True)
 class Requirement:
     """
     A requirement comprising a standard.
@@ -282,7 +282,7 @@ def __repr__(self) -> str:
             f'title={self.title}, text={self.text}, parent={self.parent}>'
 
 
-@serializable.serializable_class
+@serializable.serializable_class(ignore_unknown_during_deserialization=True)
 class Level:
     """
     Level of compliance for a standard.
@@ -397,7 +397,7 @@ def __repr__(self) -> str:
             f'title={self.title}, description={self.description}>'
 
 
-@serializable.serializable_class
+@serializable.serializable_class(ignore_unknown_during_deserialization=True)
 class Standard:
     """
     A standard of regulations, industry or organizational-specific standards, maturity models, best practices,
@@ -574,7 +574,10 @@ def __repr__(self) -> str:
             f'description={self.description}, owner={self.owner}>'
 
 
-@serializable.serializable_class(name='definitions')
+@serializable.serializable_class(
+    name='definitions',
+    ignore_unknown_during_deserialization=True
+)
 class Definitions:
     """
     The repository for definitions

cyclonedx/model/dependency.py

@@ -47,7 +47,7 @@ def deserialize(cls, o: Any) -> set['Dependency']:
         return dependencies
 
 
-@serializable.serializable_class
+@serializable.serializable_class(ignore_unknown_during_deserialization=True)
 class Dependency:
     """
     Models a Dependency within a BOM.

cyclonedx/model/issue.py

@@ -39,7 +39,7 @@ class IssueClassification(str, Enum):
     SECURITY = 'security'
 
 
-@serializable.serializable_class
+@serializable.serializable_class(ignore_unknown_during_deserialization=True)
 class IssueTypeSource:
     """
     This is our internal representation ofa source within the IssueType complex type that can be used in multiple
@@ -108,7 +108,7 @@ def __repr__(self) -> str:
         return f'<IssueTypeSource name={self._name}, url={self.url}>'
 
 
-@serializable.serializable_class
+@serializable.serializable_class(ignore_unknown_during_deserialization=True)
 class IssueType:
     """
     This is our internal representation of an IssueType complex type that can be used in multiple places within