Skeleton support for 'author' + v1.1 and v1.0 for JSON added (along with tests).

Author: madpah

cyclonedx/model/cyclonedx.py

@@ -5,7 +5,7 @@
 
 class ComponentType(Enum):
     """
-    Enum object that defines the permissable 'types' for a Component according to the CycloneDX
+    Enum object that defines the permissible 'types' for a Component according to the CycloneDX
     schemas.
     """
     APPLICATION = 'application'
@@ -27,12 +27,18 @@ class Component:
     _version: str
     _qualifiers: str
 
-    def __init__(self, name: str, version: str, qualifiers: str = None, type: ComponentType = ComponentType.LIBRARY):
+    _author: str = None
+
+    def __init__(self, name: str, version: str, qualifiers: str = None,
+                 component_type: ComponentType = ComponentType.LIBRARY):
         self._name = name
         self._version = version
-        self._type = type
+        self._type = component_type
         self._qualifiers = qualifiers
 
+    def get_author(self) -> str:
+        return self._author
+
     def get_name(self) -> str:
         return self._name
 
@@ -48,6 +54,9 @@ def get_type(self) -> ComponentType:
     def get_version(self) -> str:
         return self._version
 
+    def set_author(self, author: str):
+        self._author = author
+
     def __eq__(self, other):
         return other.get_purl() == self.get_purl()
 

cyclonedx/output/json.py

@@ -14,26 +14,40 @@ def output_to_file(self, filename: str):
         pass
 
     def _get_json(self) -> dict:
-        components = list(map(Json._get_component_as_dict, self.get_bom().get_components()))
+        components = list(map(self._get_component_as_dict, self.get_bom().get_components()))
 
-        return {
+        response = {
             "bomFormat": "CycloneDX",
             "specVersion": str(self._get_schema_version()),
             "serialNumber": self.get_bom().get_urn_uuid(),
             "version": 1,
-            "metadata": self._get_metadata_as_dict(),
             "components": components
         }
 
-    @staticmethod
-    def _get_component_as_dict(component: Component) -> dict:
-        return {
+        if self._bom_supports_metadata():
+            response['metadata'] = self._get_metadata_as_dict()
+
+        return response
+
+    def _get_component_as_dict(self, component: Component) -> dict:
+        c = {
             "type": component.get_type().value,
             "name": component.get_name(),
             "version": component.get_version(),
             "purl": component.get_purl()
         }
 
+        if self._component_supports_author() and component.get_author() is not None:
+            c['author'] = component.get_author()
+
+        return c
+
+    def _bom_supports_metadata(self) -> bool:
+        return True
+
+    def _component_supports_author(self) -> bool:
+        return True
+
     def _get_metadata_as_dict(self) -> dict:
         metadata = self.get_bom().get_metadata()
         return {
@@ -45,6 +59,30 @@ def _get_schema_version(self) -> str:
         pass
 
 
+class JsonV1Dot0(Json):
+
+    def _get_schema_version(self) -> str:
+        return '1.0'
+
+    def _bom_supports_metadata(self) -> bool:
+        return False
+
+    def _component_supports_author(self) -> bool:
+        return False
+
+
+class JsonV1Dot1(Json):
+
+    def _get_schema_version(self) -> str:
+        return '1.1'
+
+    def _bom_supports_metadata(self) -> bool:
+        return False
+
+    def _component_supports_author(self) -> bool:
+        return False
+
+
 class JsonV1Dot2(Json):
 
     def _get_schema_version(self) -> str:

cyclonedx/output/xml.py

@@ -62,16 +62,19 @@ def _get_component_as_xml_element(self, component: Component) -> ElementTree.Ele
         if self._component_supports_bom_ref_attribute():
             element_attributes['bom-ref'] = component.get_purl()
 
-        element = ElementTree.Element('component', element_attributes)
+        component_element = ElementTree.Element('component', element_attributes)
+
+        if self._component_supports_author() and component.get_author() is not None:
+            ElementTree.SubElement(component_element, 'author').text = component.get_author()
 
         # if publisher and publisher != "UNKNOWN":
         #     ElementTree.SubElement(component, "publisher").text = re.sub(RE_XML_ILLEGAL, "?", publisher)
 
         # if name and name != "UNKNOWN":
-        ElementTree.SubElement(element, 'name').text = component.get_name()
+        ElementTree.SubElement(component_element, 'name').text = component.get_name()
 
         # if version and version != "UNKNOWN":
-        ElementTree.SubElement(element, 'version').text = component.get_version()
+        ElementTree.SubElement(component_element, 'version').text = component.get_version()
 
         # if description and description != "UNKNOWN":
         #     ElementTree.SubElement(component, "description").text = re.sub(RE_XML_ILLEGAL, "?", description)
@@ -90,11 +93,11 @@ def _get_component_as_xml_element(self, component: Component) -> ElementTree.Ele
         #             component_license.license.name)
 
         # if purl:
-        ElementTree.SubElement(element, 'purl').text = component.get_purl()
+        ElementTree.SubElement(component_element, 'purl').text = component.get_purl()
 
         # ElementTree.SubElement(component, "modified").text = modified if modified else "false"
 
-        return element
+        return component_element
 
     def _add_metadata(self, bom: ElementTree.Element) -> ElementTree.Element:
         metadata_e = ElementTree.SubElement(bom, 'metadata')
@@ -104,6 +107,9 @@ def _add_metadata(self, bom: ElementTree.Element) -> ElementTree.Element:
     def _bom_supports_metadata(self) -> bool:
         return True
 
+    def _component_supports_author(self) -> bool:
+        return True
+
     def _component_supports_bom_ref_attribute(self) -> bool:
         return True
 
@@ -126,6 +132,9 @@ def _bom_supports_metadata(self) -> bool:
     def _component_supports_bom_ref_attribute(self) -> bool:
         return False
 
+    def _component_supports_author(self) -> bool:
+        return False
+
 
 class XmlV1Dot1(Xml):
 
@@ -135,6 +144,9 @@ def _get_schema_version(self) -> str:
     def _bom_supports_metadata(self) -> bool:
         return False
 
+    def _component_supports_author(self) -> bool:
+        return False
+
 
 class XmlV1Dot2(Xml):
 

cyclonedx/parser/environment.py

@@ -12,5 +12,14 @@ class EnvironmentParser(BaseParser):
 
     def __init__(self):
         import pkg_resources
+        from importlib.metadata import metadata
+
+        i: pkg_resources.DistInfoDistribution
         for i in iter(pkg_resources.working_set):
-            self._components.append(Component(name=i.project_name, version=i.version, type='pypi'))
+            c = Component(name=i.project_name, version=i.version)
+            i_metadata = metadata(i.project_name)
+
+            if 'Author' in i_metadata.keys():
+                c.set_author(i_metadata.get('Author'))
+
+            self._components.append(c)

tests/test_e2e_environment.py

@@ -1,16 +1,45 @@
+import json
 from unittest import TestCase
+from xml.etree import ElementTree
 
+from cyclonedx.model.bom import Bom
+from cyclonedx.output import get_instance, OutputFormat
+from cyclonedx.output.json import Json
+from cyclonedx.output.xml import Xml
 from cyclonedx.parser.environment import EnvironmentParser
 
 
-class TestRequirementsParser(TestCase):
+class TestE2EEnvironment(TestCase):
 
-    def test_simple(self):
-        """
-        @todo This test is a vague as it will detect the unique environment where tests are being executed -
-                so is this valid?
+    def test_json_defaults(self):
+        outputter: Json = get_instance(bom=Bom.from_parser(EnvironmentParser()), output_format=OutputFormat.JSON)
+        bom_json = json.loads(outputter.output_as_string())
+        component_this_library = next(
+            (x for x in bom_json['components'] if x['purl'] == 'pkg:pypi/[email protected]'), None
+        )
 
-        :return:
-        """
-        parser = EnvironmentParser()
-        self.assertGreater(parser.component_count(), 1)
+        self.assertTrue('author' in component_this_library.keys(), 'author is missing from JSON BOM')
+        self.assertEqual(component_this_library['author'], 'Sonatype Community')
+        self.assertEqual(component_this_library['name'], 'cyclonedx-python-lib')
+        self.assertEqual(component_this_library['version'], '0.0.1')
+
+    def test_xml_defaults(self):
+        outputter: Xml = get_instance(bom=Bom.from_parser(EnvironmentParser()))
+
+        # Check we have cyclonedx-python-lib version 0.0.1 with Author, Name and Version
+        bom_xml_e = ElementTree.fromstring(outputter.output_as_string())
+        component_this_library = bom_xml_e.find('./{{{}}}components/{{{}}}component[@bom-ref=\'pkg:pypi/{}\']'.format(
+            outputter.get_target_namespace(), outputter.get_target_namespace(), '[email protected]'
+        ))
+
+        author = component_this_library.find('./{{{}}}author'.format(outputter.get_target_namespace()))
+        self.assertIsNotNone(author, 'No author element but one was expected.')
+        self.assertEqual(author.text, 'Sonatype Community')
+
+        name = component_this_library.find('./{{{}}}name'.format(outputter.get_target_namespace()))
+        self.assertIsNotNone(name, 'No name element but one was expected.')
+        self.assertEqual(name.text, 'cyclonedx-python-lib')
+
+        version = component_this_library.find('./{{{}}}version'.format(outputter.get_target_namespace()))
+        self.assertIsNotNone(version, 'No version element but one was expected.')
+        self.assertEqual(version.text, '0.0.1')