feat: support for non-PyPi Components - PackageURL type is now definable when creating a Component

madpah · madpah · commit fde79e02705b · 2021-10-11T11:44:10.000+01:00
Signed-off-by: Paul Horton &lt;phorton@sonatype.com&gt;
diff --git a/cyclonedx/model/component.py b/cyclonedx/model/component.py
@@ -23,8 +23,6 @@
 
 from .vulnerability import Vulnerability
 
-PURL_TYPE_PREFIX = 'pypi'
-
 
 class ComponentType(Enum):
     """
@@ -51,6 +49,7 @@ class Component:
         See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.3/#type_component
     """
     _type: ComponentType
+    _package_url_type: str
     _name: str
     _version: str
     _qualifiers: str
@@ -62,12 +61,13 @@ class Component:
     _vulnerabilites: List[Vulnerability] = []
 
     def __init__(self, name: str, version: str, qualifiers: str = None,
-                 component_type: ComponentType = ComponentType.LIBRARY):
+                 component_type: ComponentType = ComponentType.LIBRARY, package_url_type: str = 'pypi'):
         self._name = name
         self._version = version
         self._type = component_type
         self._qualifiers = qualifiers
         self._vulnerabilites = []
+        self._package_url_type = package_url_type
 
     def add_vulnerability(self, vulnerability: Vulnerability):
         """
@@ -125,7 +125,7 @@ def get_purl(self) -> str:
         Returns:
             PackageURL that reflects this Component as `str`.
         """
-        base_purl = 'pkg:{}/{}@{}'.format(PURL_TYPE_PREFIX, self._name, self._version)
+        base_purl = 'pkg:{}/{}@{}'.format(self._package_url_type, self._name, self._version)
         if self._qualifiers:
             base_purl = '{}?{}'.format(base_purl, self._qualifiers)
         return base_purl
@@ -213,7 +213,7 @@ def to_package_url(self) -> PackageURL:
             `packageurl.PackageURL` instance which represents this Component.
         """""
         return PackageURL(
-            type=PURL_TYPE_PREFIX,
+            type=self._package_url_type,
             name=self._name,
             version=self._version,
             qualifiers=self._qualifiers
diff --git a/tests/test_component.py b/tests/test_component.py
@@ -31,6 +31,9 @@ def setUpClass(cls) -> None:
         cls._component: Component = Component(name='setuptools', version='50.3.2')
         cls._component_with_qualifiers: Component = Component(name='setuptools', version='50.3.2',
                                                               qualifiers='extension=tar.gz')
+        cls._component_generic_file: Component = Component(
+            name='/test.py', version='UNKNOWN', package_url_type='generic'
+        )
 
     def test_purl_correct(self):
         self.assertEqual(
@@ -95,3 +98,9 @@ def test_as_package_url_3(self):
             type='pypi', name='setuptools', version='50.3.2', qualifiers='extension=tar.gz'
         )
         self.assertEqual(TestComponent._component_with_qualifiers.to_package_url(), purl)
+
+    def test_custom_package_url_type(self):
+        purl = PackageURL(
+            type='generic', name='/test.py', version='UNKNOWN'
+        )
+        self.assertEqual(TestComponent._component_generic_file.to_package_url(), purl)
