Merge branch '9.0.0-dev' into refactor/rename-spdx-is_compound_expression

jkowalleck · web-flow · commit a213628cb052 · 2025-02-12T17:40:33.000+01:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,64 +2,14 @@
 
 
 
-## v9.0.0-rc.1 (2025-02-12)
+## v8.8.0 (2025-02-12)
 
-### Breaking
-
-* feat!: BomRef affect equality/comparisson (#754)
-
-For some this is considered a bug-fix, for others this is a feature - it
-is a breaking change anyway since it modifies the order of things.
-
-----
-
-TODO:
-- [x] **every** symbol that has a property `bom-ref` MUST utilize it for
-dunder methods `hash`,`eq`,`gt`,`lt`,...
-- [x] add new test cases from #753
-- [x] add new test cases from #540
-- [x] add new test cases from #677
-- [x] create new tests snapshots (if applicable)
-
-----
-
-&gt; [!important]
-&gt; depends on #755
-
-supersedes #678
-closes #678
-
-fixes #753
-fixes #540
-fixes #677
-
----------
-
-Signed-off-by: wkoot &lt;3715211+wkoot@users.noreply.github.com&gt;
-Signed-off-by: Jan Kowalleck &lt;jan.kowalleck@gmail.com&gt;
-Co-authored-by: wkoot &lt;3715211+wkoot@users.noreply.github.com&gt; ([`46bc3f5`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/46bc3f53b9302159b7fa684d3cf78b08928ba731))
-
-* chore(deps)!: `py-serializable==^1.1.1` -&gt; `^2.0.0` (#775)
-
-bump to `py-serializable` v2.0.0:
-&lt;https://github.com/madpah/serializable/releases/tag/v2.0.0&gt;
-This is considered a breaking change, as downstream users might rely on
-the same package&#39;s previous version.
-
-Signed-off-by: Jan Kowalleck &lt;jan.kowalleck@gmail.com&gt; ([`7c20c8e`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/7c20c8e44fbc3de2942dd2f2ad298be2bd17614b))
+### Feature
 
-* refactor!: streamline comparison/hashing functions (#755)
+* feat: add `cyclonedx.model.crypto.ProtocolProperties.crypto_refs` (#767)
 
-we have different methods of object comparison here and there, some work
-on tuples, other on hashes, other on different structures.
-
-this PR streamlines this.
-
-these changes might cause breaking changes for downstream users.
-
----------
 
-Signed-off-by: Jan Kowalleck &lt;jan.kowalleck@gmail.com&gt; ([`fd9b755`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/fd9b7559a49bdaf3f6d9fe9fea54db8a65958c01))
+Signed-off-by: Indivar Mishra &lt;indimishra@gmail.com&gt; ([`beb35f5`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/beb35f55e3e75d625db45e4ff084dee02e919ef6))
 
 
 ## v8.7.0 (2025-02-06)
diff --git a/cyclonedx/model/contact.py b/cyclonedx/model/contact.py
@@ -254,23 +254,23 @@ def phone(self) -> Optional[str]:
     def phone(self, phone: Optional[str]) -> None:
         self._phone = phone
 
+    def __comparable_tuple(self) -> _ComparableTuple:
+        return _ComparableTuple((
+            self.name, self.email, self.phone
+        ))
+
     def __eq__(self, other: object) -> bool:
         if isinstance(other, OrganizationalContact):
-            return hash(other) == hash(self)
+            return self.__comparable_tuple() == other.__comparable_tuple()
         return False
 
     def __lt__(self, other: Any) -> bool:
         if isinstance(other, OrganizationalContact):
-            return _ComparableTuple((
-                self.name, self.email, self.phone
-            )) < _ComparableTuple((
-                other.name, other.email, other.phone
-            ))
+            return self.__comparable_tuple() < other.__comparable_tuple()
         return NotImplemented
 
     def __hash__(self) -> int:
-        # TODO
-        return hash((self.name, self.phone, self.email))
+        return hash(self.__comparable_tuple())
 
     def __repr__(self) -> str:
         return f'<OrganizationalContact name={self.name}, email={self.email}, phone={self.phone}>'
@@ -364,19 +364,23 @@ def contacts(self) -> 'SortedSet[OrganizationalContact]':
     def contacts(self, contacts: Iterable[OrganizationalContact]) -> None:
         self._contacts = SortedSet(contacts)
 
+    def __comparable_tuple(self) -> _ComparableTuple:
+        return _ComparableTuple((
+            self.name, _ComparableTuple(self.urls), _ComparableTuple(self.contacts)
+        ))
+
     def __eq__(self, other: object) -> bool:
         if isinstance(other, OrganizationalEntity):
-            return hash(other) == hash(self)
+            return self.__comparable_tuple() == other.__comparable_tuple()
         return False
 
     def __lt__(self, other: Any) -> bool:
         if isinstance(other, OrganizationalEntity):
-            return hash(self) < hash(other)
+            return self.__comparable_tuple() < other.__comparable_tuple()
         return NotImplemented
 
     def __hash__(self) -> int:
-        # TODO
-        return hash((self.name, tuple(self.urls), tuple(self.contacts)))
+        return hash(self.__comparable_tuple())
 
     def __repr__(self) -> str:
         return f'<OrganizationalEntity name={self.name}>'
diff --git a/cyclonedx/model/crypto.py b/cyclonedx/model/crypto.py
@@ -494,16 +494,20 @@ def nist_quantum_security_level(self, nist_quantum_security_level: Optional[int]
             )
         self._nist_quantum_security_level = nist_quantum_security_level
 
+    def __comparable_tuple(self) -> _ComparableTuple:
+        return _ComparableTuple((
+            self.primitive, self._parameter_set_identifier, self.curve, self.execution_environment,
+            self.implementation_platform, _ComparableTuple(self.certification_levels), self.mode, self.padding,
+            _ComparableTuple(self.crypto_functions), self.classical_security_level, self.nist_quantum_security_level,
+        ))
+
     def __eq__(self, other: object) -> bool:
         if isinstance(other, AlgorithmProperties):
-            return hash(other) == hash(self)
+            return self.__comparable_tuple() == other.__comparable_tuple()
         return False
 
     def __hash__(self) -> int:
-        # TODO
-        return hash((self.primitive, self._parameter_set_identifier, self.curve, self.execution_environment,
-                     self.implementation_platform, tuple(self.certification_levels), self.mode, self.padding,
-                     tuple(self.crypto_functions), self.classical_security_level, self.nist_quantum_security_level,))
+        return hash(self.__comparable_tuple())
 
     def __repr__(self) -> str:
         return f'<AlgorithmProperties primitive={self.primitive}, execution_environment={self.execution_environment}>'
@@ -1336,11 +1340,13 @@ def __init__(
         version: Optional[str] = None,
         cipher_suites: Optional[Iterable[ProtocolPropertiesCipherSuite]] = None,
         ikev2_transform_types: Optional[Ikev2TransformTypes] = None,
+        crypto_refs: Optional[Iterable[BomRef]] = None,
     ) -> None:
         self.type = type
         self.version = version
         self.cipher_suites = cipher_suites or []  # type:ignore[assignment]
         self.ikev2_transform_types = ikev2_transform_types
+        self.crypto_refs = crypto_refs or []  # type:ignore[assignment]
 
     @property
     @serializable.xml_sequence(10)
@@ -1403,9 +1409,29 @@ def ikev2_transform_types(self) -> Optional[Ikev2TransformTypes]:
     def ikev2_transform_types(self, ikev2_transform_types: Optional[Ikev2TransformTypes]) -> None:
         self._ikev2_transform_types = ikev2_transform_types
 
+    @property
+    @serializable.xml_array(serializable.XmlArraySerializationType.FLAT, 'cryptoRef')
+    @serializable.json_name('cryptoRefArray')
+    def crypto_refs(self) -> 'SortedSet[BomRef]':
+        """
+        A list of protocol-related cryptographic assets.
+
+        Returns:
+            `Iterable[BomRef]`
+        """
+        return self._crypto_refs
+
+    @crypto_refs.setter
+    def crypto_refs(self, crypto_refs: Iterable[BomRef]) -> None:
+        self._crypto_refs = SortedSet(crypto_refs)
+
     def __comparable_tuple(self) -> _ComparableTuple:
         return _ComparableTuple((
-            self.type, self.version, _ComparableTuple(self.cipher_suites), self.ikev2_transform_types
+            self.type,
+            self.version,
+            _ComparableTuple(self.cipher_suites),
+            self.ikev2_transform_types,
+            _ComparableTuple(self.crypto_refs)
         ))
 
     def __eq__(self, other: object) -> bool:
diff --git a/cyclonedx/model/vulnerability.py b/cyclonedx/model/vulnerability.py
@@ -461,22 +461,23 @@ def url(self) -> Optional[XsUri]:
     def url(self, url: Optional[XsUri]) -> None:
         self._url = url
 
+    def __comparable_tuple(self) -> _ComparableTuple:
+        return _ComparableTuple((
+            self.name, self.url
+        ))
+
     def __eq__(self, other: object) -> bool:
         if isinstance(other, VulnerabilitySource):
-            return hash(other) == hash(self)
+            return self.__comparable_tuple() == other.__comparable_tuple()
         return False
 
     def __lt__(self, other: Any) -> bool:
         if isinstance(other, VulnerabilitySource):
-            return _ComparableTuple((
-                self.name, self.url
-            )) < _ComparableTuple((
-                other.name, other.url
-            ))
+            return self.__comparable_tuple() < other.__comparable_tuple()
         return NotImplemented
 
     def __hash__(self) -> int:
-        return hash((self.name, self.url))
+        return hash(self.__comparable_tuple())
 
     def __repr__(self) -> str:
         return f'<VulnerabilityAdvisory name={self.name}, url={self.url}>'
diff --git a/tests/_data/models.py b/tests/_data/models.py
@@ -239,6 +239,7 @@ def get_crypto_properties_protocol() -> CryptoProperties:
                     ]
                 )
             ],
+            crypto_refs=[BomRef('for-test-2'), BomRef('for-test-1')],
         ),
         oid='an-oid-here'
     )
diff --git a/tests/_data/snapshots/get_bom_v1_6_with_crypto_protocol-1.6.json.bin b/tests/_data/snapshots/get_bom_v1_6_with_crypto_protocol-1.6.json.bin
@@ -38,6 +38,10 @@
               "name": "TLS_CHACHA20_POLY1305_SHA256"
             }
           ],
+          "cryptoRefArray": [
+            "for-test-1",
+            "for-test-2"
+          ],
           "type": "tls",
           "version": "1.3"
         }
diff --git a/tests/_data/snapshots/get_bom_v1_6_with_crypto_protocol-1.6.xml.bin b/tests/_data/snapshots/get_bom_v1_6_with_crypto_protocol-1.6.xml.bin
@@ -44,6 +44,8 @@
               </identifiers>
             </cipherSuite>
           </cipherSuites>
+          <cryptoRef>for-test-1</cryptoRef>
+          <cryptoRef>for-test-2</cryptoRef>
         </protocolProperties>
         <oid>an-oid-here</oid>
       </cryptoProperties>
diff --git a/tests/test_deserialize_json.py b/tests/test_deserialize_json.py
@@ -116,7 +116,7 @@ def test_regression_issue764(self) -> None:
 
     def test_regression_issue690(self) -> None:
         """
-        regressio test for issue#690.
+        regression test for issue#690.
         see https://github.com/CycloneDX/cyclonedx-python-lib/issues/690
         """
         json_file = join(OWN_DATA_DIRECTORY, 'json',

Original file line number	Diff line number	Diff line change
`@@ -239,6 +239,7 @@ def get_crypto_properties_protocol() -> CryptoProperties:`
`239`	`239`	`]`
`240`	`240`	`)`
`241`	`241`	`],`
	`242`	`+ crypto_refs=[BomRef('for-test-2'), BomRef('for-test-1')],`
`242`	`243`	`),`
`243`	`244`	`oid='an-oid-here'`
`244`	`245`	`)`
Original file line number	Diff line number	Diff line change
`@@ -38,6 +38,10 @@`
`38`	`38`	`"name": "TLS_CHACHA20_POLY1305_SHA256"`
`39`	`39`	`}`
`40`	`40`	`],`
	`41`	`+ "cryptoRefArray": [`
	`42`	`+ "for-test-1",`
	`43`	`+ "for-test-2"`
	`44`	`+ ],`
`41`	`45`	`"type": "tls",`
`42`	`46`	`"version": "1.3"`
`43`	`47`	`}`