feat: add factory method XsUri.make_bom_link()

cyclonedx/model/__init__.py

@@ -27,7 +27,8 @@
 from enum import Enum
 from functools import reduce
 from json import loads as json_loads
-from typing import Any, Dict, FrozenSet, Generator, Iterable, List, Optional, Tuple, Type
+from typing import Any, Dict, FrozenSet, Generator, Iterable, List, Optional, Tuple, Type, Union
+from uuid import UUID
 from warnings import warn
 from xml.etree.ElementTree import Element as XmlElement  # nosec B405
 
@@ -51,6 +52,7 @@
     SchemaVersion1Dot5,
     SchemaVersion1Dot6,
 )
+from .bom_ref import BomRef
 
 
 @serializable.serializable_enum
@@ -767,6 +769,28 @@ def deserialize(cls, o: Any) -> 'XsUri':
                 f'XsUri string supplied does not parse: {o!r}'
             ) from err
 
+    @classmethod
+    def make_bom_link(
+        cls,
+        serial_number: Union[UUID, str],
+        version: int = 1,
+        bom_ref: Optional[Union[str, BomRef]] = None
+    ) -> 'XsUri':
+        """
+        Generate a BOM-Link URI.
+
+        Args:
+            serial_number: The unique serial number of the BOM.
+            version: The version of the BOM. The default version is 1.
+            bom_ref: The unique identifier of the component, service, or vulnerability within the BOM.
+
+        Returns:
+            XsUri: Instance of XsUri with the generated BOM-Link URI.
+        """
+        bom_ref_part = f'#{bom_ref}' if bom_ref else ''
+        uri = f'urn:cdx:{serial_number}/{version}{bom_ref_part}'
+        return cls(uri)
+
 
 @serializable.serializable_class
 class ExternalReference:

cyclonedx/model/bom.py

@@ -37,7 +37,7 @@
     SchemaVersion1Dot6,
 )
 from ..serialization import LicenseRepositoryHelper, UrnUuidHelper
-from . import ExternalReference, Property
+from . import ExternalReference, Property, XsUri
 from .bom_ref import BomRef
 from .component import Component
 from .contact import OrganizationalContact, OrganizationalEntity
@@ -665,6 +665,21 @@ def register_dependency(self, target: Dependable, depends_on: Optional[Iterable[
     def urn(self) -> str:
         return f'urn:cdx:{self.serial_number}/{self.version}'
 
+    def get_bom_link(self, bom_ref: Union[str, BomRef]) -> XsUri:
+        """
+        Generate a BOM-Link URI.
+
+        Args:
+            bom_ref: The unique identifier of the component, service, or vulnerability within the BOM.
+
+        Returns:
+            XsUri: Instance of XsUri with the generated BOM-Link URI.
+
+        .. note:
+            See the CycloneDX Schema for BOM-Link: https://cyclonedx.org/capabilities/bomlink
+        """
+        return XsUri.make_bom_link(self.serial_number, self.version, bom_ref)
+
     def validate(self) -> bool:
         """
         Perform data-model level validations to make sure we have some known data integrity prior to attempting output

tests/test_model.py

@@ -19,6 +19,7 @@
 import datetime
 from enum import Enum
 from unittest import TestCase
+from uuid import uuid4
 
 from ddt import ddt, named_data
 
@@ -545,6 +546,19 @@ def test_sort(self) -> None:
         expected_uris = reorder(uris, expected_order)
         self.assertListEqual(sorted_uris, expected_uris)
 
+    def test_make_bom_link_without_bom_ref(self) -> None:
+        serial_number = uuid4()
+        version = 2
+        bom_link = XsUri.make_bom_link(serial_number, version)
+        self.assertEqual(bom_link, XsUri(f'urn:cdx:{serial_number}/{version}'))
+
+    def test_make_bom_link_with_bom_ref(self) -> None:
+        serial_number = uuid4()
+        version = 2
+        bom_ref = 'componentA'
+        bom_link = XsUri.make_bom_link(serial_number, version, bom_ref)
+        self.assertEqual(bom_link, XsUri(f'urn:cdx:{serial_number}/{version}#{bom_ref}'))
+
 
 class TestModelProperty(TestCase):
 

tests/test_model_bom.py

@@ -23,7 +23,7 @@
 from ddt import ddt, named_data
 
 from cyclonedx.exception.model import LicenseExpressionAlongWithOthersException
-from cyclonedx.model import Property
+from cyclonedx.model import Property, XsUri
 from cyclonedx.model.bom import Bom, BomMetaData
 from cyclonedx.model.bom_ref import BomRef
 from cyclonedx.model.component import Component, ComponentType
@@ -292,3 +292,11 @@ def test_regression_issue_539(self) -> None:
         self.assertEqual(1, len(d.dependencies))
         self.assertIs(component2.bom_ref, d.dependencies[0].ref)
         # endregion assert component1
+
+    def test_get_bom_link(self) -> None:
+        serial_number = uuid4()
+        version = 1
+        bom_ref = 'componentA'
+        bom = Bom(serial_number=serial_number, version=1)
+        bom_link = bom.get_bom_link(bom_ref=bom_ref)
+        self.assertEqual(bom_link, XsUri(f'urn:cdx:{serial_number}/{version}#{bom_ref}'))