refactor: revisit type:ignore (#507)

* refactor: remove uspecific type-ignores

Signed-off-by: Jan Kowalleck <[email protected]>

* refactor: revisi all type ignores

Signed-off-by: Jan Kowalleck <[email protected]>

---------

Signed-off-by: Jan Kowalleck <[email protected]>

Author: jkowalleck

cyclonedx/model/__init__.py

@@ -685,7 +685,7 @@ def __init__(self, *, type: ExternalReferenceType, url: XsUri, comment: Optional
         self.url = url
         self.comment = comment
         self.type = type
-        self.hashes = hashes or []  # type: ignore
+        self.hashes = hashes or []  # type:ignore[assignment]
 
     @property
     @serializable.xml_sequence(1)
@@ -1115,8 +1115,8 @@ def __init__(self, *, name: Optional[str] = None, urls: Optional[Iterable[XsUri]
                 'One of name, urls or contacts must be supplied for an OrganizationalEntity - none supplied.'
             )
         self.name = name
-        self.urls = urls or []  # type: ignore
-        self.contacts = contacts or []  # type: ignore
+        self.urls = urls or []  # type:ignore[assignment]
+        self.contacts = contacts or []  # type:ignore[assignment]
 
     @property
     @serializable.xml_sequence(1)
@@ -1204,8 +1204,8 @@ def __init__(self, *, vendor: Optional[str] = None, name: Optional[str] = None,
         self.vendor = vendor
         self.name = name
         self.version = version
-        self.hashes = hashes or []  # type: ignore
-        self.external_references = external_references or []  # type: ignore
+        self.hashes = hashes or []  # type:ignore[assignment]
+        self.external_references = external_references or []  # type:ignore[assignment]
 
     @property
     @serializable.xml_sequence(1)

cyclonedx/model/bom.py

@@ -65,13 +65,13 @@ def __init__(self, *, tools: Optional[Iterable[Tool]] = None,
                  properties: Optional[Iterable[Property]] = None,
                  timestamp: Optional[datetime] = None) -> None:
         self.timestamp = timestamp or _get_now_utc()
-        self.tools = tools or []  # type: ignore
-        self.authors = authors or []  # type: ignore
+        self.tools = tools or []  # type:ignore[assignment]
+        self.authors = authors or []  # type:ignore[assignment]
         self.component = component
         self.manufacture = manufacture
         self.supplier = supplier
-        self.licenses = licenses or []  # type: ignore
-        self.properties = properties or []  # type: ignore
+        self.licenses = licenses or []  # type:ignore[assignment]
+        self.properties = properties or []  # type:ignore[assignment]
 
         if not tools:
             self.tools.add(ThisTool)
@@ -284,7 +284,7 @@ def __init__(self, *, components: Optional[Iterable[Component]] = None,
         self.services = services or []  # type:ignore[assignment]
         self.external_references = external_references or []  # type:ignore[assignment]
         self.vulnerabilities = vulnerabilities or []  # type:ignore[assignment]
-        self.dependencies = dependencies or SortedSet()  # type:ignore[assignment]
+        self.dependencies = dependencies or []  # type:ignore[assignment]
 
     @property
     @serializable.type_mapping(UrnUuidHelper)
@@ -553,22 +553,21 @@ def has_vulnerabilities(self) -> bool:
 
     def register_dependency(self, target: Dependable, depends_on: Optional[Iterable[Dependable]] = None) -> None:
         _d = next(filter(lambda _d: _d.ref == target.bom_ref, self.dependencies), None)
-
-        if _d and depends_on:
+        if _d:
             # Dependency Target already registered - but it might have new dependencies to add
-            _d.dependencies = _d.dependencies.union(  # type: ignore
-                set(map(lambda _d: Dependency(ref=_d.bom_ref), depends_on)) if depends_on else []
-            )
-        elif not _d:
+            if depends_on:
+                _d.dependencies.update(map(lambda _d: Dependency(ref=_d.bom_ref), depends_on))
+        else:
             # First time we are seeing this target as a Dependency
             self._dependencies.add(Dependency(
                 ref=target.bom_ref,
                 dependencies=map(lambda _dep: Dependency(ref=_dep.bom_ref), depends_on) if depends_on else []
             ))
 
-        # Ensure dependents are registered with no further dependents in the Dependency Graph as per CDX specification
-        for _d2 in depends_on if depends_on else []:
-            self.register_dependency(target=_d2, depends_on=None)
+        if depends_on:
+            # Ensure dependents are registered with no further dependents in the DependencyGraph
+            for _d2 in depends_on:
+                self.register_dependency(target=_d2, depends_on=None)
 
     def urn(self) -> str:
         return f'urn:cdx:{self.serial_number}/{self.version}'

cyclonedx/model/component.py

@@ -195,8 +195,8 @@ def __init__(self, *, licenses: Optional[Iterable[License]] = None,
                 'At least one of `licenses` or `copyright` must be supplied for a `ComponentEvidence`.'
             )
 
-        self.licenses = licenses or []  # type: ignore
-        self.copyright = copyright or []  # type: ignore
+        self.licenses = licenses or []  # type:ignore[assignment]
+        self.copyright = copyright or []  # type:ignore[assignment]
 
     # @property
     # ...
@@ -498,7 +498,7 @@ def __init__(self, *, type: PatchClassification, diff: Optional[Diff] = None,
                  resolves: Optional[Iterable[IssueType]] = None) -> None:
         self.type = type
         self.diff = diff
-        self.resolves = resolves or []  # type: ignore
+        self.resolves = resolves or []  # type:ignore[assignment]
 
     @property
     @serializable.xml_attribute()
@@ -593,11 +593,11 @@ def __init__(self, *, ancestors: Optional[Iterable['Component']] = None,
                 'provided for `Pedigree`'
             )
 
-        self.ancestors = ancestors or []  # type: ignore
-        self.descendants = descendants or []  # type: ignore
-        self.variants = variants or []  # type: ignore
-        self.commits = commits or []  # type: ignore
-        self.patches = patches or []  # type: ignore
+        self.ancestors = ancestors or []  # type:ignore[assignment]
+        self.descendants = descendants or []  # type:ignore[assignment]
+        self.variants = variants or []  # type:ignore[assignment]
+        self.commits = commits or []  # type:ignore[assignment]
+        self.patches = patches or []  # type:ignore[assignment]
         self.notes = notes
 
     @property
@@ -927,17 +927,17 @@ def __init__(self, *,
         self.version = version
         self.description = description
         self.scope = scope
-        self.hashes = hashes or []  # type: ignore
-        self.licenses = licenses or []  # type: ignore
+        self.hashes = hashes or []  # type:ignore[assignment]
+        self.licenses = licenses or []  # type:ignore[assignment]
         self.copyright = copyright
         self.cpe = cpe
         self.purl = purl
         self.swid = swid
         self.modified = modified
         self.pedigree = pedigree
-        self.external_references = external_references or []  # type: ignore
-        self.properties = properties or []  # type: ignore
-        self.components = components or []  # type: ignore
+        self.external_references = external_references or []  # type:ignore[assignment]
+        self.properties = properties or []  # type:ignore[assignment]
+        self.components = components or []  # type:ignore[assignment]
         self.evidence = evidence
         self.release_notes = release_notes
 

cyclonedx/model/issue.py

@@ -122,7 +122,7 @@ def __init__(self, *, type: IssueClassification, id: Optional[str] = None, name:
         self.name = name
         self.description = description
         self.source = source
-        self.references = references or []  # type: ignore
+        self.references = references or []  # type:ignore[assignment]
 
     @property
     @serializable.xml_attribute()

cyclonedx/model/release_note.py

@@ -45,11 +45,11 @@ def __init__(self, *, type: str, title: Optional[str] = None, featured_image: Op
         self.social_image = social_image
         self.description = description
         self.timestamp = timestamp
-        self.aliases = aliases or []  # type: ignore
-        self.tags = tags or []  # type: ignore
-        self.resolves = resolves or []  # type: ignore
-        self.notes = notes or []  # type: ignore
-        self.properties = properties or []  # type: ignore
+        self.aliases = aliases or []  # type:ignore[assignment]
+        self.tags = tags or []  # type:ignore[assignment]
+        self.resolves = resolves or []  # type:ignore[assignment]
+        self.notes = notes or []  # type:ignore[assignment]
+        self.properties = properties or []  # type:ignore[assignment]
 
     @property
     @serializable.xml_sequence(1)

cyclonedx/model/service.py

@@ -67,15 +67,15 @@ def __init__(self, *, name: str, bom_ref: Optional[Union[str, BomRef]] = None,
         self.name = name
         self.version = version
         self.description = description
-        self.endpoints = endpoints or []  # type: ignore
+        self.endpoints = endpoints or []  # type:ignore[assignment]
         self.authenticated = authenticated
         self.x_trust_boundary = x_trust_boundary
-        self.data = data or []  # type: ignore
-        self.licenses = licenses or []  # type: ignore
-        self.external_references = external_references or []  # type: ignore
-        self.services = services or []  # type: ignore
+        self.data = data or []  # type:ignore[assignment]
+        self.licenses = licenses or []  # type:ignore[assignment]
+        self.external_references = external_references or []  # type:ignore[assignment]
+        self.services = services or []  # type:ignore[assignment]
         self.release_notes = release_notes
-        self.properties = properties or []  # type: ignore
+        self.properties = properties or []  # type:ignore[assignment]
 
     @property
     @serializable.json_name('bom-ref')

cyclonedx/model/vulnerability.py

@@ -155,7 +155,7 @@ class BomTarget:
 
     def __init__(self, *, ref: str, versions: Optional[Iterable[BomTargetVersionRange]] = None) -> None:
         self.ref = ref
-        self.versions = versions or []  # type: ignore
+        self.versions = versions or []  # type:ignore[assignment]
 
     @property
     @serializable.xml_sequence(1)
@@ -222,7 +222,7 @@ def __init__(self, *, state: Optional[ImpactAnalysisState] = None,
             )
         self.state = state
         self.justification = justification
-        self.responses = responses or []  # type: ignore
+        self.responses = responses or []  # type:ignore[assignment]
         self.detail = detail
 
     @property
@@ -587,7 +587,7 @@ def get_value_pre_1_4(self) -> str:
         """
         if self == VulnerabilityScoreSource.OWASP:
             return 'OWASP Risk'
-        return self.value  # type: ignore
+        return self.value  # type:ignore[no-any-return]
 
 
 class _VulnerabilityScoreSourceSerializationHelper(serializable.helpers.BaseHelper):
@@ -836,8 +836,8 @@ def __init__(self, *, organizations: Optional[Iterable[OrganizationalEntity]] =
             raise NoPropertiesProvidedException(
                 'One of `organizations` or `individuals` must be populated - neither were'
             )
-        self.organizations = organizations or []  # type: ignore
-        self.individuals = individuals or []  # type: ignore
+        self.organizations = organizations or []  # type:ignore[assignment]
+        self.individuals = individuals or []  # type:ignore[assignment]
 
     @property
     @serializable.xml_array(serializable.XmlArraySerializationType.NESTED, 'organization')
@@ -919,21 +919,21 @@ def __init__(self, *,
             self._bom_ref = BomRef(value=str(bom_ref) if bom_ref else None)
         self.id = id
         self.source = source
-        self.references = references or []  # type: ignore
-        self.ratings = ratings or []  # type: ignore
-        self.cwes = cwes or []  # type: ignore
+        self.references = references or []  # type:ignore[assignment]
+        self.ratings = ratings or []  # type:ignore[assignment]
+        self.cwes = cwes or []  # type:ignore[assignment]
         self.description = description
         self.detail = detail
         self.recommendation = recommendation
-        self.advisories = advisories or []  # type: ignore
+        self.advisories = advisories or []  # type:ignore[assignment]
         self.created = created
         self.published = published
         self.updated = updated
         self.credits = credits
-        self.tools = tools or []  # type: ignore
+        self.tools = tools or []  # type:ignore[assignment]
         self.analysis = analysis
-        self.affects = affects or []  # type: ignore
-        self.properties = properties or []  # type: ignore
+        self.affects = affects or []  # type:ignore[assignment]
+        self.properties = properties or []  # type:ignore[assignment]
 
     @property
     @serializable.json_name('bom-ref')

cyclonedx/spdx.py

@@ -22,7 +22,7 @@
 from json import load as json_load
 from typing import TYPE_CHECKING, Dict, Optional, Set
 
-from license_expression import get_spdx_licensing  # type: ignore
+from license_expression import get_spdx_licensing  # type:ignore[import-untyped]
 
 from .schema._res import SPDX_JSON as __SPDX_JSON_SCHEMA