Add logic to down-convert all components/services if there are Tools

Signed-off-by: Joshua Kugler <[email protected]>

Author: jkugler

cyclonedx/model/tool.py

@@ -312,7 +312,8 @@ def json_normalize(cls, o: ToolsRepository, *,
 
         result = {}
 
-        if view().schema_version_enum >= SchemaVersion1Dot5().schema_version_enum:  # type: ignore[union-attr, misc]
+        if (view().schema_version_enum >= SchemaVersion1Dot5().schema_version_enum  # type: ignore[union-attr, misc]
+                and not o.tools):
             if o.components:
                 result['components'] = [json_loads(Component.as_json(c, view_=view))  # type: ignore[attr-defined]
                                         for c in o.components]
@@ -324,12 +325,10 @@ def json_normalize(cls, o: ToolsRepository, *,
             if result:
                 return result
 
-        if ((o.components or o.services)
-                and view().schema_version_enum < SchemaVersion1Dot5().schema_version_enum):  # type: ignore[union-attr, misc] # noqa: disable=E501
-            # We "down-convert" Components and Services to Tools so we can render to older schemas
-            tools_to_render = cls.convert_new_to_old(o.components, o.services)
-        else:
-            tools_to_render = o.tools
+        tools_to_render: 'SortedSet[Tool]' = SortedSet(o.tools)
+        # We "down-convert" Components and Services to Tools so we can render to older schemas
+        # or when there are existing Tool objects
+        tools_to_render.update(cls.convert_new_to_old(o.components, o.services))
 
         return [json_loads(Tool.as_json(t, view_=view)) for t in tools_to_render]  # type: ignore[attr-defined]
 
@@ -367,7 +366,8 @@ def xml_normalize(cls, o: ToolsRepository, *,
 
         elem = Element(element_name)
 
-        if view().schema_version_enum >= SchemaVersion1Dot5().schema_version_enum:  # type: ignore[union-attr, misc]
+        if (view().schema_version_enum >= SchemaVersion1Dot5().schema_version_enum  # type: ignore[union-attr, misc]
+                and not o.tools):
             if o.components:
                 c_elem = Element('{' + xmlns + '}' + 'components')  # type: ignore[operator]
 
@@ -393,12 +393,10 @@ def xml_normalize(cls, o: ToolsRepository, *,
             if len(elem) > 0:
                 return elem
 
-        if ((o.components or o.services)
-                and view().schema_version_enum < SchemaVersion1Dot5().schema_version_enum):  # type: ignore[union-attr, misc] # noqa: disable=E501
-            # We "down-convert" Components and Services to Tools so we can render to older schemas
-            tools_to_render = cls.convert_new_to_old(o.components, o.services)
-        else:
-            tools_to_render = o.tools
+        tools_to_render: 'SortedSet[Tool]' = SortedSet(o.tools)
+        # We "down-convert" Components and Services to Tools so we can render to older schemas
+        # or when there are existing Tool objects
+        tools_to_render.update(cls.convert_new_to_old(o.components, o.services))
 
         elem.extend(
             t.as_xml(  # type: ignore[attr-defined]

tests/_data/models.py

@@ -38,7 +38,6 @@
     Note,
     NoteText,
     Property,
-    Tool,
     XsUri,
 )
 from cyclonedx.model.bom import Bom, BomMetaData
@@ -89,7 +88,7 @@
 from cyclonedx.model.license import DisjunctiveLicense, License, LicenseAcknowledgement, LicenseExpression
 from cyclonedx.model.release_note import ReleaseNotes
 from cyclonedx.model.service import Service
-from cyclonedx.model.tool import ToolsRepository
+from cyclonedx.model.tool import Tool, ToolsRepository
 from cyclonedx.model.vulnerability import (
     BomTarget,
     BomTargetVersionRange,
@@ -1060,6 +1059,17 @@ def get_bom_with_tools_with_component_and_service_migrate() -> Bom:
     )
 
 
+def get_bom_with_tools_with_component_and_service_and_tools_migrate() -> Bom:
+    tools = ToolsRepository()
+    tcomp = tools.components
+    tserv = tools.services
+    ttools = tools.tools
+    tcomp.add(Component(type=ComponentType.APPLICATION, name='test-component', version='1.2.3'))
+    tserv.add(Service(name='test-service', bom_ref='my-service'))
+    ttools.add(Tool(name='test-tool', version='1.33.7'))
+    return _make_bom(metadata=BomMetaData(tools=tools))
+
+
 def get_bom_for_issue_497_urls() -> Bom:
     """regression test for issue #497
     see https://github.com/CycloneDX/cyclonedx-python-lib/issues/497

tests/_data/snapshots/get_bom_with_tools_with_component_and_service_and_tools_migrate-1.0.xml.bin

@@ -0,0 +1,4 @@
+<?xml version="1.0" ?>
+<bom xmlns="http://cyclonedx.org/schema/bom/1.0" version="1">
+  <components/>
+</bom>

tests/_data/snapshots/get_bom_with_tools_with_component_and_service_and_tools_migrate-1.1.xml.bin

@@ -0,0 +1,4 @@
+<?xml version="1.0" ?>
+<bom xmlns="http://cyclonedx.org/schema/bom/1.1" serialNumber="urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac" version="1">
+  <components/>
+</bom>

tests/_data/snapshots/get_bom_with_tools_with_component_and_service_and_tools_migrate-1.2.json.bin

@@ -0,0 +1,23 @@
+{
+  "metadata": {
+    "timestamp": "2023-01-07T13:44:32.312678+00:00",
+    "tools": [
+      {
+        "name": "test-component",
+        "version": "1.2.3"
+      },
+      {
+        "name": "test-service"
+      },
+      {
+        "name": "test-tool",
+        "version": "1.33.7"
+      }
+    ]
+  },
+  "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac",
+  "version": 1,
+  "$schema": "http://cyclonedx.org/schema/bom-1.2b.schema.json",
+  "bomFormat": "CycloneDX",
+  "specVersion": "1.2"
+}

tests/_data/snapshots/get_bom_with_tools_with_component_and_service_and_tools_migrate-1.2.xml.bin

@@ -0,0 +1,19 @@
+<?xml version="1.0" ?>
+<bom xmlns="http://cyclonedx.org/schema/bom/1.2" serialNumber="urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac" version="1">
+  <metadata>
+    <timestamp>2023-01-07T13:44:32.312678+00:00</timestamp>
+    <tools>
+      <tool>
+        <name>test-component</name>
+        <version>1.2.3</version>
+      </tool>
+      <tool>
+        <name>test-service</name>
+      </tool>
+      <tool>
+        <name>test-tool</name>
+        <version>1.33.7</version>
+      </tool>
+    </tools>
+  </metadata>
+</bom>

tests/_data/snapshots/get_bom_with_tools_with_component_and_service_and_tools_migrate-1.3.json.bin

@@ -0,0 +1,23 @@
+{
+  "metadata": {
+    "timestamp": "2023-01-07T13:44:32.312678+00:00",
+    "tools": [
+      {
+        "name": "test-component",
+        "version": "1.2.3"
+      },
+      {
+        "name": "test-service"
+      },
+      {
+        "name": "test-tool",
+        "version": "1.33.7"
+      }
+    ]
+  },
+  "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac",
+  "version": 1,
+  "$schema": "http://cyclonedx.org/schema/bom-1.3a.schema.json",
+  "bomFormat": "CycloneDX",
+  "specVersion": "1.3"
+}

tests/_data/snapshots/get_bom_with_tools_with_component_and_service_and_tools_migrate-1.3.xml.bin

@@ -0,0 +1,19 @@
+<?xml version="1.0" ?>
+<bom xmlns="http://cyclonedx.org/schema/bom/1.3" serialNumber="urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac" version="1">
+  <metadata>
+    <timestamp>2023-01-07T13:44:32.312678+00:00</timestamp>
+    <tools>
+      <tool>
+        <name>test-component</name>
+        <version>1.2.3</version>
+      </tool>
+      <tool>
+        <name>test-service</name>
+      </tool>
+      <tool>
+        <name>test-tool</name>
+        <version>1.33.7</version>
+      </tool>
+    </tools>
+  </metadata>
+</bom>

tests/_data/snapshots/get_bom_with_tools_with_component_and_service_and_tools_migrate-1.4.json.bin

@@ -0,0 +1,23 @@
+{
+  "metadata": {
+    "timestamp": "2023-01-07T13:44:32.312678+00:00",
+    "tools": [
+      {
+        "name": "test-component",
+        "version": "1.2.3"
+      },
+      {
+        "name": "test-service"
+      },
+      {
+        "name": "test-tool",
+        "version": "1.33.7"
+      }
+    ]
+  },
+  "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac",
+  "version": 1,
+  "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json",
+  "bomFormat": "CycloneDX",
+  "specVersion": "1.4"
+}

tests/_data/snapshots/get_bom_with_tools_with_component_and_service_and_tools_migrate-1.4.xml.bin

@@ -0,0 +1,19 @@
+<?xml version="1.0" ?>
+<bom xmlns="http://cyclonedx.org/schema/bom/1.4" serialNumber="urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac" version="1">
+  <metadata>
+    <timestamp>2023-01-07T13:44:32.312678+00:00</timestamp>
+    <tools>
+      <tool>
+        <name>test-component</name>
+        <version>1.2.3</version>
+      </tool>
+      <tool>
+        <name>test-service</name>
+      </tool>
+      <tool>
+        <name>test-tool</name>
+        <version>1.33.7</version>
+      </tool>
+    </tools>
+  </metadata>
+</bom>