wip

Signed-off-by: Jan Kowalleck <[email protected]>

Author: jkowalleck

cyclonedx/_internal/type.py

@@ -0,0 +1,25 @@
+# This file is part of CycloneDX Python Library
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) OWASP Foundation. All Rights Reserved.
+
+
+from typing import Optional, TypeGuard, TypeVar
+
+_T = TypeVar('_T')
+
+
+def is_not_none(val: Optional[_T]) -> TypeGuard[_T]:
+    return val is not None

cyclonedx/model/contact.py

@@ -24,7 +24,7 @@
 
 from .._internal.bom_ref import bom_ref_from_str as _bom_ref_from_str
 from .._internal.compare import ComparableTuple as _ComparableTuple
-from ..schema.schema import SchemaVersion1Dot6, SchemaVersion1Dot5
+from ..schema.schema import SchemaVersion1Dot5, SchemaVersion1Dot6
 from . import XsUri
 from .bom_ref import BomRef
 

cyclonedx/model/license.py

@@ -29,12 +29,13 @@
 import py_serializable as serializable
 from sortedcontainers import SortedSet
 
+from .._internal.bom_ref import bom_ref_from_str as _bom_ref_from_str
 from .._internal.compare import ComparableTuple as _ComparableTuple
 from ..exception.model import MutuallyExclusivePropertiesException
 from ..exception.serialization import CycloneDxDeserializationException
-from ..schema.schema import SchemaVersion1Dot6, SchemaVersion1Dot5
-from . import AttachedText, XsUri, BomRef
-from .._internal.bom_ref import bom_ref_from_str as _bom_ref_from_str
+from ..schema.schema import SchemaVersion1Dot5, SchemaVersion1Dot6
+from . import AttachedText, XsUri
+from .bom_ref import BomRef
 
 
 @serializable.serializable_enum
@@ -112,7 +113,6 @@ def bom_ref(self) -> BomRef:
         """
         return self._bom_ref
 
-
     @property
     @serializable.xml_sequence(1)
     def id(self) -> Optional[str]:
@@ -300,7 +300,6 @@ def bom_ref(self) -> BomRef:
         """
         return self._bom_ref
 
-
     @property
     @serializable.xml_name('.')
     @serializable.xml_string(serializable.XmlStringSerializationType.NORMALIZED_STRING)

cyclonedx/output/__init__.py

@@ -28,11 +28,14 @@
 from random import random
 from typing import TYPE_CHECKING, Any, Literal, Optional, Union, overload
 
+from .._internal.type import is_not_none
 from ..schema import OutputFormat, SchemaVersion
 
 if TYPE_CHECKING:  # pragma: no cover
     from ..model.bom import Bom
     from ..model.bom_ref import BomRef
+    from ..model.contact import OrganizationalEntity
+    from ..model.license import License
     from .json import Json as JsonOutputter
     from .xml import Xml as XmlOutputter
 
@@ -170,8 +173,28 @@ def _make_unique(self) -> str:
 
     @classmethod
     def from_bom(cls, bom: 'Bom', prefix: str = 'BomRef') -> 'BomRefDiscriminator':
-        return cls(chain(
-            map(lambda c: c.bom_ref, bom._get_all_components()),
-            map(lambda s: s.bom_ref, bom.services),
-            map(lambda v: v.bom_ref, bom.vulnerabilities)
-        ), prefix)
+        components = tuple(bom._get_all_components())
+        services = tuple(bom.services)
+        vulnerabilities = tuple(bom.vulnerabilities)
+        orgs: tuple['OrganizationalEntity', ...] = tuple(filter(is_not_none, chain(  # type:ignore[arg-type]
+            (bom.metadata.manufacture, bom.metadata.manufacturer, bom.metadata.supplier),
+            chain.from_iterable((c.manufacturer, c.supplier,) for c in components),
+            (s.provider for s in services),
+            chain.from_iterable(v.credits.organizations for v in vulnerabilities if v.credits),
+        )))
+        licenses: Iterable['License'] = chain(
+            bom.metadata.licenses,
+            chain.from_iterable(c.licenses for c in components),
+            chain.from_iterable(c.evidence.licenses for c in components if c.evidence is not None),
+            chain.from_iterable(s.licenses for s in services),
+        )
+        return cls(
+            (i.bom_ref for i in chain(  # type:ignore[attr-defined]
+                components,
+                services,
+                vulnerabilities,
+                orgs,
+                (o.address for o in orgs if o.address is not None),
+                licenses,
+            )),
+            prefix)