diff --git a/cyclonedx/output/__init__.py b/cyclonedx/output/__init__.py index 95f66e0e..6cc8f2b1 100644 --- a/cyclonedx/output/__init__.py +++ b/cyclonedx/output/__init__.py @@ -33,6 +33,9 @@ if TYPE_CHECKING: # pragma: no cover from ..model.bom import Bom from ..model.bom_ref import BomRef + from ..model.contact import OrganizationalContact, OrganizationalEntity, PostalAddress + from ..model.definition import Level, Requirement, Standard + from ..model.license import License from .json import Json as JsonOutputter from .xml import Xml as XmlOutputter @@ -170,8 +173,47 @@ def _make_unique(self) -> str: @classmethod def from_bom(cls, bom: 'Bom', prefix: str = 'BomRef') -> 'BomRefDiscriminator': - return cls(chain( - map(lambda c: c.bom_ref, bom._get_all_components()), - map(lambda s: s.bom_ref, bom.services), - map(lambda v: v.bom_ref, bom.vulnerabilities) - ), prefix) + """ + Create an instance containing EVERY ``bom-ref`` in the bom. + """ + + components = tuple(bom._get_all_components()) + services = tuple(bom.services) + vulnerabilities = tuple(bom.vulnerabilities) + orgs: tuple['OrganizationalEntity', ...] = tuple(filter(lambda o: o is not None, chain( # type:ignore[arg-type] + (bom.metadata.manufacture, bom.metadata.manufacturer, bom.metadata.supplier), + chain.from_iterable((c.manufacturer, c.supplier,) for c in components), + (s.provider for s in services), + chain.from_iterable(v.credits.organizations for v in vulnerabilities if v.credits), + ))) + contacts: Iterable['OrganizationalContact'] = chain( + bom.metadata.authors, + chain.from_iterable(c.authors for c in components), + chain.from_iterable(v.credits.individuals for v in vulnerabilities if v.credits), + chain.from_iterable(o.contacts for o in orgs), + ) + addresses: Iterable['PostalAddress'] = (o.address for o in orgs if o.address is not None) + licenses: Iterable['License'] = chain( + bom.metadata.licenses, + chain.from_iterable(c.licenses for c in components), + chain.from_iterable(c.evidence.licenses for c in components if c.evidence is not None), + chain.from_iterable(s.licenses for s in services), + ) + standards: tuple['Standard', ...] = () \ + if bom.definitions is None \ + else tuple(bom.definitions.standards) + requirements: Iterable['Requirement'] = chain.from_iterable(s.requirements for s in standards) + levels: Iterable['Level'] = chain.from_iterable(s.levels for s in standards) + relevant_bom_refs: Iterable['BomRef'] = (i.bom_ref for i in chain( + components, + services, + vulnerabilities, + orgs, + contacts, + addresses, + licenses, + standards, + requirements, + levels, + )) + return cls(relevant_bom_refs, prefix) diff --git a/tests/_data/models.py b/tests/_data/models.py index 8d3a089d..bde59e7c 100644 --- a/tests/_data/models.py +++ b/tests/_data/models.py @@ -21,7 +21,7 @@ from datetime import datetime, timezone from decimal import Decimal from inspect import getmembers, isfunction -from typing import Any, Optional +from typing import Any from uuid import UUID # See https://github.com/package-url/packageurl-python/issues/65 @@ -284,8 +284,9 @@ def get_crypto_properties_related_material() -> CryptoProperties: def get_bom_with_component_setuptools_with_v16_fields() -> Bom: component = get_component_setuptools_simple() - component.manufacturer = get_org_entity_1() - component.authors = [get_org_contact_1(), get_org_contact_2()] + component.manufacturer = get_org_entity_1(f'_{component.bom_ref.value}_manufacturer') + component.authors = [get_org_contact_1(f'_{component.bom_ref.value}_authors1'), + get_org_contact_2(f'_{component.bom_ref.value}_authors2')] component.omnibor_ids = [OmniborId('gitoid:blob:sha1:261eeb9e9f8b2b4b0d119366dda99c6fd7d35c64')] component.swhids = [ Swhid('swh:1:cnt:94a9ed024d3859793618152ea559a168bbcbb5e2'), @@ -306,16 +307,18 @@ def get_bom_with_component_setuptools_with_v16_fields() -> Bom: def get_bom_with_component_setuptools_with_v16_fields_omnibor_id_invalid() -> Bom: component = get_component_setuptools_simple() - component.manufacturer = get_org_entity_1() - component.authors = [get_org_contact_1(), get_org_contact_2()] + component.manufacturer = get_org_entity_1(f'_{component.bom_ref.value}_manufacturer') + component.authors = [get_org_contact_1(f'_{component.bom_ref.value}_authors1'), + get_org_contact_2(f'_{component.bom_ref.value}_authors2')] component.omnibor_ids = [OmniborId('gitoid:stuff:sha1:261eeb9e9f8b2b4b0d119366dda99c6fd7d35c64')] return _make_bom(components=[component]) def get_bom_with_component_setuptools_with_v16_fields_swhid_invalid() -> Bom: component = get_component_setuptools_simple() - component.manufacturer = get_org_entity_1() - component.authors = [get_org_contact_1(), get_org_contact_2()] + component.manufacturer = get_org_entity_1(f'_{component.bom_ref.value}_manufacturer') + component.authors = [get_org_contact_1(f'_{component.bom_ref.value}_authors1'), + get_org_contact_2(f'_{component.bom_ref.value}_authors2')] component.omnibor_ids = [OmniborId('gitoid:blob:sha1:261eeb9e9f8b2b4b0d119366dda99c6fd7d35c64')] component.swhids = [ Swhid('swh:1:cntp:94a9ed024d3859793618152ea559a168bbcbb5e2'), @@ -324,7 +327,7 @@ def get_bom_with_component_setuptools_with_v16_fields_swhid_invalid() -> Bom: def get_component_crypto_asset_algorithm( - bom_ref: Optional[str] = '8182921e-0588-472e-b8f9-9c527c68f067' + bom_ref: str = '8182921e-0588-472e-b8f9-9c527c68f067' ) -> Component: return Component( name='My Algorithm', version='1.0', type=ComponentType.CRYPTOGRAPHIC_ASSET, @@ -335,7 +338,7 @@ def get_component_crypto_asset_algorithm( def get_component_crypto_asset_certificate( - bom_ref: Optional[str] = '1f4ed1e4-582a-4fa0-8c38-1b4facc16972' + bom_ref: str = '1f4ed1e4-582a-4fa0-8c38-1b4facc16972' ) -> Component: return Component( name='My Certificate', version='1.0', type=ComponentType.CRYPTOGRAPHIC_ASSET, @@ -346,7 +349,7 @@ def get_component_crypto_asset_certificate( def get_component_crypto_asset_protocol_tls_v13( - bom_ref: Optional[str] = '26b1ce0f-bec6-4bfe-9db1-03b75a4ed1ec' + bom_ref: str = '26b1ce0f-bec6-4bfe-9db1-03b75a4ed1ec' ) -> Component: return Component( name='TLS', version='v1.3', type=ComponentType.CRYPTOGRAPHIC_ASSET, @@ -357,7 +360,7 @@ def get_component_crypto_asset_protocol_tls_v13( def get_component_crypto_asset_related_material( - bom_ref: Optional[str] = '332b3cee-078c-4789-ab15-887565b6fac5' + bom_ref: str = '332b3cee-078c-4789-ab15-887565b6fac5' ) -> Component: return Component( name='My Encrypted Thing', version='1.0', type=ComponentType.CRYPTOGRAPHIC_ASSET, @@ -476,7 +479,7 @@ def get_bom_with_component_evidence() -> Bom: bom.metadata.component = Component( name='root-component', type=ComponentType.APPLICATION, - licenses=[DisjunctiveLicense(id='MIT')], + licenses=[DisjunctiveLicense(bom_ref='root_c_license', id='MIT')], bom_ref='myApp', ) component = Component( @@ -485,7 +488,7 @@ def get_bom_with_component_evidence() -> Bom: purl=PackageURL( type='pypi', name='setuptools', version='50.3.2', qualifiers='extension=tar.gz' ), - licenses=[DisjunctiveLicense(id='MIT')], + licenses=[DisjunctiveLicense(bom_ref='c_license', id='MIT')], author='Test Author' ) component.evidence = get_component_evidence_basic(tools=[tool_component]) @@ -533,9 +536,9 @@ def get_bom_with_component_setuptools_with_vulnerability() -> Bom: tzinfo=timezone.utc), credits=VulnerabilityCredits( organizations=[ - get_org_entity_1() + get_org_entity_1('_vuln_credits_org') ], - individuals=[get_org_contact_2()] + individuals=[get_org_contact_2('_vuln_credits_ind')] ), tools=ToolRepository(tools=( Tool(vendor='CycloneDX', name='cyclonedx-python-lib'), @@ -567,12 +570,13 @@ def get_bom_with_component_toml_1() -> Bom: def get_bom_just_complete_metadata() -> Bom: bom = _make_bom() - bom.metadata.authors = [get_org_contact_1(), get_org_contact_2()] + bom.metadata.authors = [get_org_contact_1('_bom_authors'), get_org_contact_2('_bom_authors')] bom.metadata.component = get_component_setuptools_complete() - bom.metadata.component.manufacturer = get_org_entity_1() - bom.metadata.manufacture = get_org_entity_1() # Deprecated from v1.6 onwards - bom.metadata.supplier = get_org_entity_2() + bom.metadata.component.manufacturer = get_org_entity_1('_rc_manufacturer') + bom.metadata.manufacture = get_org_entity_1('_bom_manufacture') # Deprecated from v1.6 onwards + bom.metadata.supplier = get_org_entity_2('_bom_supplier') bom.metadata.licenses = [DisjunctiveLicense( + bom_ref='bom_license', id='Apache-2.0', url=XsUri('https://www.apache.org/licenses/LICENSE-2.0.txt'), text=AttachedText( @@ -608,7 +612,7 @@ def get_bom_with_services_complex() -> Bom: bom = _make_bom(services=[ Service( name='my-first-service', bom_ref='my-specific-bom-ref-for-my-first-service', - provider=get_org_entity_1(), group='a-group', version='1.2.3', + provider=get_org_entity_1('_s1'), group='a-group', version='1.2.3', description='Description goes here', endpoints=[ XsUri('/api/thing/1'), XsUri('/api/thing/2') @@ -616,7 +620,7 @@ def get_bom_with_services_complex() -> Bom: authenticated=False, x_trust_boundary=True, data=[ DataClassification(flow=DataFlow.OUTBOUND, classification='public') ], - licenses=[DisjunctiveLicense(name='Commercial')], + licenses=[DisjunctiveLicense(bom_ref='service_license', name='Commercial')], external_references=[ get_external_reference_1() ], @@ -636,7 +640,7 @@ def get_bom_with_nested_services() -> Bom: bom = _make_bom(services=[ Service( name='my-first-service', bom_ref='my-specific-bom-ref-for-my-first-service', - provider=get_org_entity_1(), group='a-group', version='1.2.3', + provider=get_org_entity_1('_s1'), group='a-group', version='1.2.3', description='Description goes here', endpoints=[ XsUri('/api/thing/1'), XsUri('/api/thing/2') @@ -644,7 +648,7 @@ def get_bom_with_nested_services() -> Bom: authenticated=False, x_trust_boundary=True, data=[ DataClassification(flow=DataFlow.OUTBOUND, classification='public') ], - licenses=[DisjunctiveLicense(name='Commercial')], + licenses=[DisjunctiveLicense(bom_ref='service_license', name='Commercial')], external_references=[ get_external_reference_1() ], @@ -655,7 +659,7 @@ def get_bom_with_nested_services() -> Bom: ), Service( name='second-nested-service', bom_ref='my-specific-bom-ref-for-second-nested-service', - provider=get_org_entity_1(), group='no-group', version='3.2.1', + provider=get_org_entity_1('_s2'), group='no-group', version='3.2.1', authenticated=True, x_trust_boundary=False, ) ], @@ -668,7 +672,7 @@ def get_bom_with_nested_services() -> Bom: Service( name='yet-another-nested-service', bom_ref='yet-another-nested-service', - provider=get_org_entity_1(), group='what-group', version='6.5.4' + provider=get_org_entity_1('_s3'), group='what-group', version='6.5.4' ), Service( name='another-nested-service', @@ -754,7 +758,7 @@ def get_bom_for_issue_328_components() -> Bom: def get_component_setuptools_complete(include_pedigree: bool = True) -> Component: component = get_component_setuptools_simple(bom_ref='my-specific-bom-ref-for-dings') - component.supplier = get_org_entity_1() + component.supplier = get_org_entity_1(f'_{component.bom_ref.value}') component.publisher = 'CycloneDX' component.description = 'This component is awesome' component.scope = ComponentScope.REQUIRED @@ -831,7 +835,7 @@ def get_component_evidence_basic(tools: Iterable[Component]) -> ComponentEvidenc ) ] ), - licenses=[DisjunctiveLicense(id='MIT')], + licenses=[DisjunctiveLicense(bom_ref='evidence_license', id='MIT')], copyright=[ Copyright(text='Commercial'), Copyright(text='Commercial 2') ] @@ -839,7 +843,7 @@ def get_component_evidence_basic(tools: Iterable[Component]) -> ComponentEvidenc def get_component_setuptools_simple( - bom_ref: Optional[str] = 'pkg:pypi/setuptools@50.3.2?extension=tar.gz' + bom_ref: str = 'pkg:pypi/setuptools@50.3.2?extension=tar.gz' ) -> Component: return Component( name='setuptools', version='50.3.2', @@ -847,25 +851,25 @@ def get_component_setuptools_simple( purl=PackageURL( type='pypi', name='setuptools', version='50.3.2', qualifiers='extension=tar.gz' ), - licenses=[DisjunctiveLicense(id='MIT')], + licenses=[DisjunctiveLicense(bom_ref=f'{bom_ref}_license', id='MIT')], author='Test Author' ) -def get_component_setuptools_simple_no_version(bom_ref: Optional[str] = None) -> Component: +def get_component_setuptools_simple_no_version(bom_ref: str = 'pkg:pypi/setuptools?extension=tar.gz') -> Component: return Component( - name='setuptools', bom_ref=bom_ref or 'pkg:pypi/setuptools?extension=tar.gz', + name='setuptools', bom_ref=bom_ref, purl=PackageURL( type='pypi', name='setuptools', qualifiers='extension=tar.gz' ), - licenses=[DisjunctiveLicense(id='MIT')], + licenses=[DisjunctiveLicense(bom_ref=f'{bom_ref}_license', id='MIT')], author='Test Author' ) -def get_component_toml_with_hashes_with_references(bom_ref: Optional[str] = None) -> Component: +def get_component_toml_with_hashes_with_references(bom_ref: str = 'pkg:pypi/toml@0.10.2?extension=tar.gz') -> Component: return Component( - name='toml', version='0.10.2', bom_ref=bom_ref or 'pkg:pypi/toml@0.10.2?extension=tar.gz', + name='toml', version='0.10.2', bom_ref=bom_ref, purl=PackageURL( type='pypi', name='toml', version='0.10.2', qualifiers='extension=tar.gz' ), hashes=[ @@ -919,34 +923,43 @@ def get_issue_2() -> IssueType: ) -def get_org_contact_1() -> OrganizationalContact: - return OrganizationalContact(name='Paul Horton', email='paul.horton@owasp.org') +def get_org_contact_1(br_postfix: str = '') -> OrganizationalContact: + return OrganizationalContact( + bom_ref=f'OrganizationalContact_ph{br_postfix}', + name='Paul Horton', email='paul.horton@owasp.org') -def get_org_contact_2() -> OrganizationalContact: - return OrganizationalContact(name='A N Other', email='someone@somewhere.tld', phone='+44 (0)1234 567890') +def get_org_contact_2(br_postfix: str = '') -> OrganizationalContact: + return OrganizationalContact( + bom_ref=f'OrganizationalContact_ano{br_postfix}', + name='A N Other', email='someone@somewhere.tld', phone='+44 (0)1234 567890') -def get_postal_address_1() -> PostalAddress: - return PostalAddress(country='GB', region='England', locality='Cheshire', street_address='100 Main Street') +def get_postal_address_1(br_postfix: str = '') -> PostalAddress: + return PostalAddress(bom_ref=f'PostalAddress_1{br_postfix}', + country='GB', region='England', locality='Cheshire', street_address='100 Main Street') -def get_postal_address_2() -> PostalAddress: - return PostalAddress(country='US', region='Texas', locality='Austin', street_address='100 Yee-Ha Street', +def get_postal_address_2(br_postfix: str = '') -> PostalAddress: + return PostalAddress(bom_ref=f'PostalAddress_2{br_postfix}', + country='US', region='Texas', locality='Austin', street_address='100 Yee-Ha Street', postal_code='12345', post_office_box_number='105a') -def get_org_entity_1() -> OrganizationalEntity: +def get_org_entity_1(br_postfix: str = '') -> OrganizationalEntity: return OrganizationalEntity( + bom_ref=f'OrganizationalEntity_cdx{br_postfix}', name='CycloneDX', urls=[XsUri('https://cyclonedx.org'), XsUri('https://cyclonedx.org/docs')], - contacts=[get_org_contact_1(), get_org_contact_2()], address=get_postal_address_1() + contacts=[get_org_contact_1(br_postfix), get_org_contact_2(br_postfix)], + address=get_postal_address_1(br_postfix) ) -def get_org_entity_2() -> OrganizationalEntity: +def get_org_entity_2(br_postfix: str = '') -> OrganizationalEntity: return OrganizationalEntity( - name='Cyclone DX', urls=[XsUri('https://cyclonedx.org/')], contacts=[get_org_contact_2()], - address=get_postal_address_2() + bom_ref=f'OrganizationalEntity_cd_x{br_postfix}', + name='Cyclone DX', urls=[XsUri('https://cyclonedx.org/')], contacts=[get_org_contact_2(br_postfix)], + address=get_postal_address_2(br_postfix) ) @@ -1051,39 +1064,47 @@ def get_vulnerability_source_owasp() -> VulnerabilitySource: def get_bom_with_licenses() -> Bom: return _make_bom( metadata=BomMetaData( - licenses=[DisjunctiveLicense(id='CC-BY-1.0')], + licenses=[DisjunctiveLicense(bom_ref='bom_license', id='CC-BY-1.0')], component=Component(name='app', type=ComponentType.APPLICATION, bom_ref='my-app', - licenses=[DisjunctiveLicense(name='proprietary')]) + licenses=[DisjunctiveLicense(bom_ref='root_component_license', name='proprietary')]) ), components=[ Component(name='c-with-expression', type=ComponentType.LIBRARY, bom_ref='C1', - licenses=[LicenseExpression(value='Apache-2.0 OR MIT', + licenses=[LicenseExpression(bom_ref='C1_license', + value='Apache-2.0 OR MIT', acknowledgement=LicenseAcknowledgement.CONCLUDED)]), Component(name='c-with-SPDX', type=ComponentType.LIBRARY, bom_ref='C2', - licenses=[DisjunctiveLicense(id='Apache-2.0', + licenses=[DisjunctiveLicense(bom_ref='C2_license', + id='Apache-2.0', url=XsUri('https://www.apache.org/licenses/LICENSE-2.0.html'), acknowledgement=LicenseAcknowledgement.CONCLUDED)]), Component(name='c-with-name', type=ComponentType.LIBRARY, bom_ref='C3', licenses=[ - DisjunctiveLicense(name='some commercial license', + DisjunctiveLicense(bom_ref='c-with-name_license_1', + name='some commercial license', text=AttachedText(content='this is a license text')), - DisjunctiveLicense(name='some additional', + DisjunctiveLicense(bom_ref='c-with-name_license_2', + name='some additional', text=AttachedText(content='this is additional license text')), ]), ], services=[ Service(name='s-with-expression', bom_ref='S1', - licenses=[LicenseExpression(value='Apache-2.0 OR MIT', + licenses=[LicenseExpression(bom_ref='S1_license', + value='Apache-2.0 OR MIT', acknowledgement=LicenseAcknowledgement.DECLARED)]), Service(name='s-with-SPDX', bom_ref='S2', - licenses=[DisjunctiveLicense(id='Apache-2.0', + licenses=[DisjunctiveLicense(bom_ref='S2_license', + id='Apache-2.0', url=XsUri('https://www.apache.org/licenses/LICENSE-2.0.html'), acknowledgement=LicenseAcknowledgement.DECLARED)]), Service(name='s-with-name', bom_ref='S3', licenses=[ - DisjunctiveLicense(name='some commercial license', + DisjunctiveLicense(bom_ref='S3_license1', + name='some commercial license', text=AttachedText(content='this is a license text')), - DisjunctiveLicense(name='some additional', + DisjunctiveLicense(bom_ref='S3_license2', + name='some additional', text=AttachedText(content='this is additional license text')), ]), ]) @@ -1140,20 +1161,21 @@ def get_bom_service_licenses_invalid() -> Bom: def get_bom_with_multiple_licenses() -> Bom: - multi_licenses = ( - DisjunctiveLicense(id='MIT'), - DisjunctiveLicense(name='foo license'), - ) + def multi_licenses(br_prefix: str) -> tuple[DisjunctiveLicense, ...]: + return ( + DisjunctiveLicense(bom_ref=f'{br_prefix}_license_mit', id='MIT'), + DisjunctiveLicense(bom_ref=f'{br_prefix}_license_foo', name='foo license'), + ) return _make_bom( metadata=BomMetaData( - licenses=multi_licenses, + licenses=multi_licenses('bom'), component=Component(name='app', type=ComponentType.APPLICATION, bom_ref='my-app', - licenses=multi_licenses) + licenses=multi_licenses('my-app')) ), components=[Component(name='comp', type=ComponentType.LIBRARY, bom_ref='my-compo', - licenses=multi_licenses)], + licenses=multi_licenses('my-compo'))], services=[Service(name='serv', bom_ref='my-serv', - licenses=multi_licenses)] + licenses=multi_licenses('my-serv'))] ) diff --git a/tests/_data/snapshots/enum_Encoding-1.5.json.bin b/tests/_data/snapshots/enum_Encoding-1.5.json.bin index 6ca365ee..5d452088 100644 --- a/tests/_data/snapshots/enum_Encoding-1.5.json.bin +++ b/tests/_data/snapshots/enum_Encoding-1.5.json.bin @@ -5,6 +5,7 @@ "licenses": [ { "license": { + "bom-ref": "dummy_license", "name": "att.encoding: BASE_64", "text": { "content": "att.encoding: BASE_64", diff --git a/tests/_data/snapshots/enum_Encoding-1.5.xml.bin b/tests/_data/snapshots/enum_Encoding-1.5.xml.bin index 6f25b2f8..f57798ba 100644 --- a/tests/_data/snapshots/enum_Encoding-1.5.xml.bin +++ b/tests/_data/snapshots/enum_Encoding-1.5.xml.bin @@ -7,7 +7,7 @@ dummy - + att.encoding: BASE_64 att.encoding: BASE_64 diff --git a/tests/_data/snapshots/enum_Encoding-1.6.json.bin b/tests/_data/snapshots/enum_Encoding-1.6.json.bin index f3d470e0..19edf46f 100644 --- a/tests/_data/snapshots/enum_Encoding-1.6.json.bin +++ b/tests/_data/snapshots/enum_Encoding-1.6.json.bin @@ -5,6 +5,7 @@ "licenses": [ { "license": { + "bom-ref": "dummy_license", "name": "att.encoding: BASE_64", "text": { "content": "att.encoding: BASE_64", diff --git a/tests/_data/snapshots/enum_Encoding-1.6.xml.bin b/tests/_data/snapshots/enum_Encoding-1.6.xml.bin index c2b00d13..9eb04db0 100644 --- a/tests/_data/snapshots/enum_Encoding-1.6.xml.bin +++ b/tests/_data/snapshots/enum_Encoding-1.6.xml.bin @@ -7,7 +7,7 @@ dummy - + att.encoding: BASE_64 att.encoding: BASE_64 diff --git a/tests/_data/snapshots/get_bom_just_complete_metadata-1.5.json.bin b/tests/_data/snapshots/get_bom_just_complete_metadata-1.5.json.bin index c3e653c7..a6f9c7aa 100644 --- a/tests/_data/snapshots/get_bom_just_complete_metadata-1.5.json.bin +++ b/tests/_data/snapshots/get_bom_just_complete_metadata-1.5.json.bin @@ -7,11 +7,13 @@ "metadata": { "authors": [ { + "bom-ref": "OrganizationalContact_ano_bom_authors", "email": "someone@somewhere.tld", "name": "A N Other", "phone": "+44 (0)1234 567890" }, { + "bom-ref": "OrganizationalContact_ph_bom_authors", "email": "paul.horton@owasp.org", "name": "Paul Horton" } @@ -26,6 +28,7 @@ "licenses": [ { "license": { + "bom-ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz_license", "id": "MIT" } } @@ -91,6 +94,7 @@ "licenses": [ { "license": { + "bom-ref": "my-specific-bom-ref-for-dings_license", "id": "MIT" } } @@ -104,6 +108,7 @@ "licenses": [ { "license": { + "bom-ref": "ccc8d7ee-4b9c-4750-aee0-a72585152291_license", "id": "MIT" } } @@ -119,6 +124,7 @@ "licenses": [ { "license": { + "bom-ref": "8a3893b3-9923-4adb-a1d3-47456636ba0a_license", "id": "MIT" } } @@ -141,6 +147,7 @@ "licenses": [ { "license": { + "bom-ref": "28b2d8ce-def0-446f-a221-58dee0b44acc_license", "id": "MIT" } } @@ -197,6 +204,7 @@ "licenses": [ { "license": { + "bom-ref": "ded1d73e-1fca-4302-b520-f1bc53979958_license", "id": "MIT" } } @@ -307,13 +315,16 @@ }, "scope": "required", "supplier": { + "bom-ref": "OrganizationalEntity_cdx_my-specific-bom-ref-for-dings", "contact": [ { + "bom-ref": "OrganizationalContact_ano_my-specific-bom-ref-for-dings", "email": "someone@somewhere.tld", "name": "A N Other", "phone": "+44 (0)1234 567890" }, { + "bom-ref": "OrganizationalContact_ph_my-specific-bom-ref-for-dings", "email": "paul.horton@owasp.org", "name": "Paul Horton" } @@ -340,6 +351,7 @@ "licenses": [ { "license": { + "bom-ref": "bom_license", "id": "Apache-2.0", "text": { "content": "VGVzdCBjb250ZW50IC0gdGhpcyBpcyBub3QgdGhlIEFwYWNoZSAyLjAgbGljZW5zZSE=", @@ -356,13 +368,16 @@ } ], "manufacture": { + "bom-ref": "OrganizationalEntity_cdx_bom_manufacture", "contact": [ { + "bom-ref": "OrganizationalContact_ano_bom_manufacture", "email": "someone@somewhere.tld", "name": "A N Other", "phone": "+44 (0)1234 567890" }, { + "bom-ref": "OrganizationalContact_ph_bom_manufacture", "email": "paul.horton@owasp.org", "name": "Paul Horton" } @@ -384,8 +399,10 @@ } ], "supplier": { + "bom-ref": "OrganizationalEntity_cd_x_bom_supplier", "contact": [ { + "bom-ref": "OrganizationalContact_ano_bom_supplier", "email": "someone@somewhere.tld", "name": "A N Other", "phone": "+44 (0)1234 567890" diff --git a/tests/_data/snapshots/get_bom_just_complete_metadata-1.5.xml.bin b/tests/_data/snapshots/get_bom_just_complete_metadata-1.5.xml.bin index 0280b1ad..027590ce 100644 --- a/tests/_data/snapshots/get_bom_just_complete_metadata-1.5.xml.bin +++ b/tests/_data/snapshots/get_bom_just_complete_metadata-1.5.xml.bin @@ -8,27 +8,27 @@ - + A N Other someone@somewhere.tld +44 (0)1234 567890 - + Paul Horton paul.horton@owasp.org - + CycloneDX https://cyclonedx.org https://cyclonedx.org/docs - + A N Other someone@somewhere.tld +44 (0)1234 567890 - + Paul Horton paul.horton@owasp.org @@ -40,7 +40,7 @@ This component is awesome required - + MIT @@ -57,7 +57,7 @@ setuptools 50.3.2 - + MIT @@ -67,7 +67,7 @@ Test Author setuptools - + MIT @@ -79,7 +79,7 @@ Test Author setuptools - + MIT @@ -109,7 +109,7 @@ setuptools 50.3.2 - + MIT @@ -168,7 +168,7 @@ setuptools 50.3.2 - + MIT @@ -243,31 +243,31 @@ - + CycloneDX https://cyclonedx.org https://cyclonedx.org/docs - + A N Other someone@somewhere.tld +44 (0)1234 567890 - + Paul Horton paul.horton@owasp.org - + Cyclone DX https://cyclonedx.org/ - + A N Other someone@somewhere.tld +44 (0)1234 567890 - + Apache-2.0 VGVzdCBjb250ZW50IC0gdGhpcyBpcyBub3QgdGhlIEFwYWNoZSAyLjAgbGljZW5zZSE= https://www.apache.org/licenses/LICENSE-2.0.txt diff --git a/tests/_data/snapshots/get_bom_just_complete_metadata-1.6.json.bin b/tests/_data/snapshots/get_bom_just_complete_metadata-1.6.json.bin index ff9232be..4b661b95 100644 --- a/tests/_data/snapshots/get_bom_just_complete_metadata-1.6.json.bin +++ b/tests/_data/snapshots/get_bom_just_complete_metadata-1.6.json.bin @@ -7,11 +7,13 @@ "metadata": { "authors": [ { + "bom-ref": "OrganizationalContact_ano_bom_authors", "email": "someone@somewhere.tld", "name": "A N Other", "phone": "+44 (0)1234 567890" }, { + "bom-ref": "OrganizationalContact_ph_bom_authors", "email": "paul.horton@owasp.org", "name": "Paul Horton" } @@ -26,6 +28,7 @@ "licenses": [ { "license": { + "bom-ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz_license", "id": "MIT" } } @@ -91,24 +94,29 @@ "licenses": [ { "license": { + "bom-ref": "my-specific-bom-ref-for-dings_license", "id": "MIT" } } ], "manufacturer": { "address": { + "bom-ref": "PostalAddress_1_rc_manufacturer", "country": "GB", "locality": "Cheshire", "region": "England", "streetAddress": "100 Main Street" }, + "bom-ref": "OrganizationalEntity_cdx_rc_manufacturer", "contact": [ { + "bom-ref": "OrganizationalContact_ano_rc_manufacturer", "email": "someone@somewhere.tld", "name": "A N Other", "phone": "+44 (0)1234 567890" }, { + "bom-ref": "OrganizationalContact_ph_rc_manufacturer", "email": "paul.horton@owasp.org", "name": "Paul Horton" } @@ -128,6 +136,7 @@ "licenses": [ { "license": { + "bom-ref": "ccc8d7ee-4b9c-4750-aee0-a72585152291_license", "id": "MIT" } } @@ -143,6 +152,7 @@ "licenses": [ { "license": { + "bom-ref": "8a3893b3-9923-4adb-a1d3-47456636ba0a_license", "id": "MIT" } } @@ -165,6 +175,7 @@ "licenses": [ { "license": { + "bom-ref": "28b2d8ce-def0-446f-a221-58dee0b44acc_license", "id": "MIT" } } @@ -221,6 +232,7 @@ "licenses": [ { "license": { + "bom-ref": "ded1d73e-1fca-4302-b520-f1bc53979958_license", "id": "MIT" } } @@ -332,18 +344,22 @@ "scope": "required", "supplier": { "address": { + "bom-ref": "PostalAddress_1_my-specific-bom-ref-for-dings", "country": "GB", "locality": "Cheshire", "region": "England", "streetAddress": "100 Main Street" }, + "bom-ref": "OrganizationalEntity_cdx_my-specific-bom-ref-for-dings", "contact": [ { + "bom-ref": "OrganizationalContact_ano_my-specific-bom-ref-for-dings", "email": "someone@somewhere.tld", "name": "A N Other", "phone": "+44 (0)1234 567890" }, { + "bom-ref": "OrganizationalContact_ph_my-specific-bom-ref-for-dings", "email": "paul.horton@owasp.org", "name": "Paul Horton" } @@ -370,6 +386,7 @@ "licenses": [ { "license": { + "bom-ref": "bom_license", "id": "Apache-2.0", "text": { "content": "VGVzdCBjb250ZW50IC0gdGhpcyBpcyBub3QgdGhlIEFwYWNoZSAyLjAgbGljZW5zZSE=", @@ -387,18 +404,22 @@ ], "manufacture": { "address": { + "bom-ref": "PostalAddress_1_bom_manufacture", "country": "GB", "locality": "Cheshire", "region": "England", "streetAddress": "100 Main Street" }, + "bom-ref": "OrganizationalEntity_cdx_bom_manufacture", "contact": [ { + "bom-ref": "OrganizationalContact_ano_bom_manufacture", "email": "someone@somewhere.tld", "name": "A N Other", "phone": "+44 (0)1234 567890" }, { + "bom-ref": "OrganizationalContact_ph_bom_manufacture", "email": "paul.horton@owasp.org", "name": "Paul Horton" } @@ -421,6 +442,7 @@ ], "supplier": { "address": { + "bom-ref": "PostalAddress_2_bom_supplier", "country": "US", "locality": "Austin", "postOfficeBoxNumber": "105a", @@ -428,8 +450,10 @@ "region": "Texas", "streetAddress": "100 Yee-Ha Street" }, + "bom-ref": "OrganizationalEntity_cd_x_bom_supplier", "contact": [ { + "bom-ref": "OrganizationalContact_ano_bom_supplier", "email": "someone@somewhere.tld", "name": "A N Other", "phone": "+44 (0)1234 567890" diff --git a/tests/_data/snapshots/get_bom_just_complete_metadata-1.6.xml.bin b/tests/_data/snapshots/get_bom_just_complete_metadata-1.6.xml.bin index 1c0dc447..51434aac 100644 --- a/tests/_data/snapshots/get_bom_just_complete_metadata-1.6.xml.bin +++ b/tests/_data/snapshots/get_bom_just_complete_metadata-1.6.xml.bin @@ -8,20 +8,20 @@ - + A N Other someone@somewhere.tld +44 (0)1234 567890 - + Paul Horton paul.horton@owasp.org - + CycloneDX -
+
GB England Cheshire @@ -29,19 +29,19 @@
https://cyclonedx.org https://cyclonedx.org/docs - + A N Other someone@somewhere.tld +44 (0)1234 567890 - + Paul Horton paul.horton@owasp.org - + CycloneDX -
+
GB England Cheshire @@ -49,12 +49,12 @@
https://cyclonedx.org https://cyclonedx.org/docs - + A N Other someone@somewhere.tld +44 (0)1234 567890 - + Paul Horton paul.horton@owasp.org @@ -66,7 +66,7 @@ This component is awesome required - + MIT @@ -83,7 +83,7 @@ setuptools 50.3.2 - + MIT @@ -93,7 +93,7 @@ Test Author setuptools - + MIT @@ -105,7 +105,7 @@ Test Author setuptools - + MIT @@ -135,7 +135,7 @@ setuptools 50.3.2 - + MIT @@ -194,7 +194,7 @@ setuptools 50.3.2 - + MIT @@ -269,9 +269,9 @@ - + CycloneDX -
+
GB England Cheshire @@ -279,19 +279,19 @@
https://cyclonedx.org https://cyclonedx.org/docs - + A N Other someone@somewhere.tld +44 (0)1234 567890 - + Paul Horton paul.horton@owasp.org - + Cyclone DX -
+
US Texas Austin @@ -300,14 +300,14 @@ 100 Yee-Ha Street
https://cyclonedx.org/ - + A N Other someone@somewhere.tld +44 (0)1234 567890 - + Apache-2.0 VGVzdCBjb250ZW50IC0gdGhpcyBpcyBub3QgdGhlIEFwYWNoZSAyLjAgbGljZW5zZSE= https://www.apache.org/licenses/LICENSE-2.0.txt diff --git a/tests/_data/snapshots/get_bom_with_component_evidence-1.5.json.bin b/tests/_data/snapshots/get_bom_with_component_evidence-1.5.json.bin index 927c25de..ffa74112 100644 --- a/tests/_data/snapshots/get_bom_with_component_evidence-1.5.json.bin +++ b/tests/_data/snapshots/get_bom_with_component_evidence-1.5.json.bin @@ -45,6 +45,7 @@ "licenses": [ { "license": { + "bom-ref": "evidence_license", "id": "MIT" } } @@ -58,6 +59,7 @@ "licenses": [ { "license": { + "bom-ref": "c_license", "id": "MIT" } } @@ -85,6 +87,7 @@ "licenses": [ { "license": { + "bom-ref": "root_c_license", "id": "MIT" } } diff --git a/tests/_data/snapshots/get_bom_with_component_evidence-1.5.xml.bin b/tests/_data/snapshots/get_bom_with_component_evidence-1.5.xml.bin index 32aa5e81..03797c82 100644 --- a/tests/_data/snapshots/get_bom_with_component_evidence-1.5.xml.bin +++ b/tests/_data/snapshots/get_bom_with_component_evidence-1.5.xml.bin @@ -12,7 +12,7 @@ root-component - + MIT @@ -24,7 +24,7 @@ setuptools 50.3.2 - + MIT @@ -66,7 +66,7 @@ - + MIT diff --git a/tests/_data/snapshots/get_bom_with_component_evidence-1.6.json.bin b/tests/_data/snapshots/get_bom_with_component_evidence-1.6.json.bin index ceeb6976..63042c86 100644 --- a/tests/_data/snapshots/get_bom_with_component_evidence-1.6.json.bin +++ b/tests/_data/snapshots/get_bom_with_component_evidence-1.6.json.bin @@ -63,6 +63,7 @@ "licenses": [ { "license": { + "bom-ref": "evidence_license", "id": "MIT" } } @@ -80,6 +81,7 @@ "licenses": [ { "license": { + "bom-ref": "c_license", "id": "MIT" } } @@ -107,6 +109,7 @@ "licenses": [ { "license": { + "bom-ref": "root_c_license", "id": "MIT" } } diff --git a/tests/_data/snapshots/get_bom_with_component_evidence-1.6.xml.bin b/tests/_data/snapshots/get_bom_with_component_evidence-1.6.xml.bin index 40dfb764..df4b0568 100644 --- a/tests/_data/snapshots/get_bom_with_component_evidence-1.6.xml.bin +++ b/tests/_data/snapshots/get_bom_with_component_evidence-1.6.xml.bin @@ -12,7 +12,7 @@ root-component - + MIT @@ -24,7 +24,7 @@ setuptools 50.3.2 - + MIT @@ -86,7 +86,7 @@ - + MIT diff --git a/tests/_data/snapshots/get_bom_with_component_setuptools_basic-1.5.json.bin b/tests/_data/snapshots/get_bom_with_component_setuptools_basic-1.5.json.bin index 907820fb..870ac7c3 100644 --- a/tests/_data/snapshots/get_bom_with_component_setuptools_basic-1.5.json.bin +++ b/tests/_data/snapshots/get_bom_with_component_setuptools_basic-1.5.json.bin @@ -6,6 +6,7 @@ "licenses": [ { "license": { + "bom-ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz_license", "id": "MIT" } } diff --git a/tests/_data/snapshots/get_bom_with_component_setuptools_basic-1.5.xml.bin b/tests/_data/snapshots/get_bom_with_component_setuptools_basic-1.5.xml.bin index 4d9bbf6d..0a49c2c4 100644 --- a/tests/_data/snapshots/get_bom_with_component_setuptools_basic-1.5.xml.bin +++ b/tests/_data/snapshots/get_bom_with_component_setuptools_basic-1.5.xml.bin @@ -9,7 +9,7 @@ setuptools 50.3.2 - + MIT diff --git a/tests/_data/snapshots/get_bom_with_component_setuptools_basic-1.6.json.bin b/tests/_data/snapshots/get_bom_with_component_setuptools_basic-1.6.json.bin index 801b3e18..ac574455 100644 --- a/tests/_data/snapshots/get_bom_with_component_setuptools_basic-1.6.json.bin +++ b/tests/_data/snapshots/get_bom_with_component_setuptools_basic-1.6.json.bin @@ -6,6 +6,7 @@ "licenses": [ { "license": { + "bom-ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz_license", "id": "MIT" } } diff --git a/tests/_data/snapshots/get_bom_with_component_setuptools_basic-1.6.xml.bin b/tests/_data/snapshots/get_bom_with_component_setuptools_basic-1.6.xml.bin index 6de92d82..462a976b 100644 --- a/tests/_data/snapshots/get_bom_with_component_setuptools_basic-1.6.xml.bin +++ b/tests/_data/snapshots/get_bom_with_component_setuptools_basic-1.6.xml.bin @@ -9,7 +9,7 @@ setuptools 50.3.2 - + MIT diff --git a/tests/_data/snapshots/get_bom_with_component_setuptools_complete-1.5.json.bin b/tests/_data/snapshots/get_bom_with_component_setuptools_complete-1.5.json.bin index 3f9b5e77..22746128 100644 --- a/tests/_data/snapshots/get_bom_with_component_setuptools_complete-1.5.json.bin +++ b/tests/_data/snapshots/get_bom_with_component_setuptools_complete-1.5.json.bin @@ -10,6 +10,7 @@ "licenses": [ { "license": { + "bom-ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz_license", "id": "MIT" } } @@ -75,6 +76,7 @@ "licenses": [ { "license": { + "bom-ref": "my-specific-bom-ref-for-dings_license", "id": "MIT" } } @@ -88,6 +90,7 @@ "licenses": [ { "license": { + "bom-ref": "ccc8d7ee-4b9c-4750-aee0-a72585152291_license", "id": "MIT" } } @@ -103,6 +106,7 @@ "licenses": [ { "license": { + "bom-ref": "8a3893b3-9923-4adb-a1d3-47456636ba0a_license", "id": "MIT" } } @@ -125,6 +129,7 @@ "licenses": [ { "license": { + "bom-ref": "28b2d8ce-def0-446f-a221-58dee0b44acc_license", "id": "MIT" } } @@ -181,6 +186,7 @@ "licenses": [ { "license": { + "bom-ref": "ded1d73e-1fca-4302-b520-f1bc53979958_license", "id": "MIT" } } @@ -291,13 +297,16 @@ }, "scope": "required", "supplier": { + "bom-ref": "OrganizationalEntity_cdx_my-specific-bom-ref-for-dings", "contact": [ { + "bom-ref": "OrganizationalContact_ano_my-specific-bom-ref-for-dings", "email": "someone@somewhere.tld", "name": "A N Other", "phone": "+44 (0)1234 567890" }, { + "bom-ref": "OrganizationalContact_ph_my-specific-bom-ref-for-dings", "email": "paul.horton@owasp.org", "name": "Paul Horton" } diff --git a/tests/_data/snapshots/get_bom_with_component_setuptools_complete-1.5.xml.bin b/tests/_data/snapshots/get_bom_with_component_setuptools_complete-1.5.xml.bin index 8a04634c..28545dfa 100644 --- a/tests/_data/snapshots/get_bom_with_component_setuptools_complete-1.5.xml.bin +++ b/tests/_data/snapshots/get_bom_with_component_setuptools_complete-1.5.xml.bin @@ -5,16 +5,16 @@ - + CycloneDX https://cyclonedx.org https://cyclonedx.org/docs - + A N Other someone@somewhere.tld +44 (0)1234 567890 - + Paul Horton paul.horton@owasp.org @@ -26,7 +26,7 @@ This component is awesome required - + MIT @@ -43,7 +43,7 @@ setuptools 50.3.2 - + MIT @@ -53,7 +53,7 @@ Test Author setuptools - + MIT @@ -65,7 +65,7 @@ Test Author setuptools - + MIT @@ -95,7 +95,7 @@ setuptools 50.3.2 - + MIT @@ -154,7 +154,7 @@ setuptools 50.3.2 - + MIT diff --git a/tests/_data/snapshots/get_bom_with_component_setuptools_complete-1.6.json.bin b/tests/_data/snapshots/get_bom_with_component_setuptools_complete-1.6.json.bin index edd7c212..716e463b 100644 --- a/tests/_data/snapshots/get_bom_with_component_setuptools_complete-1.6.json.bin +++ b/tests/_data/snapshots/get_bom_with_component_setuptools_complete-1.6.json.bin @@ -10,6 +10,7 @@ "licenses": [ { "license": { + "bom-ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz_license", "id": "MIT" } } @@ -75,6 +76,7 @@ "licenses": [ { "license": { + "bom-ref": "my-specific-bom-ref-for-dings_license", "id": "MIT" } } @@ -88,6 +90,7 @@ "licenses": [ { "license": { + "bom-ref": "ccc8d7ee-4b9c-4750-aee0-a72585152291_license", "id": "MIT" } } @@ -103,6 +106,7 @@ "licenses": [ { "license": { + "bom-ref": "8a3893b3-9923-4adb-a1d3-47456636ba0a_license", "id": "MIT" } } @@ -125,6 +129,7 @@ "licenses": [ { "license": { + "bom-ref": "28b2d8ce-def0-446f-a221-58dee0b44acc_license", "id": "MIT" } } @@ -181,6 +186,7 @@ "licenses": [ { "license": { + "bom-ref": "ded1d73e-1fca-4302-b520-f1bc53979958_license", "id": "MIT" } } @@ -292,18 +298,22 @@ "scope": "required", "supplier": { "address": { + "bom-ref": "PostalAddress_1_my-specific-bom-ref-for-dings", "country": "GB", "locality": "Cheshire", "region": "England", "streetAddress": "100 Main Street" }, + "bom-ref": "OrganizationalEntity_cdx_my-specific-bom-ref-for-dings", "contact": [ { + "bom-ref": "OrganizationalContact_ano_my-specific-bom-ref-for-dings", "email": "someone@somewhere.tld", "name": "A N Other", "phone": "+44 (0)1234 567890" }, { + "bom-ref": "OrganizationalContact_ph_my-specific-bom-ref-for-dings", "email": "paul.horton@owasp.org", "name": "Paul Horton" } diff --git a/tests/_data/snapshots/get_bom_with_component_setuptools_complete-1.6.xml.bin b/tests/_data/snapshots/get_bom_with_component_setuptools_complete-1.6.xml.bin index 2d5c0d92..071307f8 100644 --- a/tests/_data/snapshots/get_bom_with_component_setuptools_complete-1.6.xml.bin +++ b/tests/_data/snapshots/get_bom_with_component_setuptools_complete-1.6.xml.bin @@ -5,9 +5,9 @@ - + CycloneDX -
+
GB England Cheshire @@ -15,12 +15,12 @@
https://cyclonedx.org https://cyclonedx.org/docs - + A N Other someone@somewhere.tld +44 (0)1234 567890 - + Paul Horton paul.horton@owasp.org @@ -32,7 +32,7 @@ This component is awesome required - + MIT @@ -49,7 +49,7 @@ setuptools 50.3.2 - + MIT @@ -59,7 +59,7 @@ Test Author setuptools - + MIT @@ -71,7 +71,7 @@ Test Author setuptools - + MIT @@ -101,7 +101,7 @@ setuptools 50.3.2 - + MIT @@ -160,7 +160,7 @@ setuptools 50.3.2 - + MIT diff --git a/tests/_data/snapshots/get_bom_with_component_setuptools_no_component_version-1.5.json.bin b/tests/_data/snapshots/get_bom_with_component_setuptools_no_component_version-1.5.json.bin index d071aec9..7b3a59b0 100644 --- a/tests/_data/snapshots/get_bom_with_component_setuptools_no_component_version-1.5.json.bin +++ b/tests/_data/snapshots/get_bom_with_component_setuptools_no_component_version-1.5.json.bin @@ -6,6 +6,7 @@ "licenses": [ { "license": { + "bom-ref": "pkg:pypi/setuptools?extension=tar.gz_license", "id": "MIT" } } diff --git a/tests/_data/snapshots/get_bom_with_component_setuptools_no_component_version-1.5.xml.bin b/tests/_data/snapshots/get_bom_with_component_setuptools_no_component_version-1.5.xml.bin index 3c66a841..f7b6c3fe 100644 --- a/tests/_data/snapshots/get_bom_with_component_setuptools_no_component_version-1.5.xml.bin +++ b/tests/_data/snapshots/get_bom_with_component_setuptools_no_component_version-1.5.xml.bin @@ -8,7 +8,7 @@ Test Author setuptools - + MIT diff --git a/tests/_data/snapshots/get_bom_with_component_setuptools_no_component_version-1.6.json.bin b/tests/_data/snapshots/get_bom_with_component_setuptools_no_component_version-1.6.json.bin index cf65f782..14b7ccd0 100644 --- a/tests/_data/snapshots/get_bom_with_component_setuptools_no_component_version-1.6.json.bin +++ b/tests/_data/snapshots/get_bom_with_component_setuptools_no_component_version-1.6.json.bin @@ -6,6 +6,7 @@ "licenses": [ { "license": { + "bom-ref": "pkg:pypi/setuptools?extension=tar.gz_license", "id": "MIT" } } diff --git a/tests/_data/snapshots/get_bom_with_component_setuptools_no_component_version-1.6.xml.bin b/tests/_data/snapshots/get_bom_with_component_setuptools_no_component_version-1.6.xml.bin index dc1bc798..d39c9f7d 100644 --- a/tests/_data/snapshots/get_bom_with_component_setuptools_no_component_version-1.6.xml.bin +++ b/tests/_data/snapshots/get_bom_with_component_setuptools_no_component_version-1.6.xml.bin @@ -8,7 +8,7 @@ Test Author setuptools - + MIT diff --git a/tests/_data/snapshots/get_bom_with_component_setuptools_with_cpe-1.5.json.bin b/tests/_data/snapshots/get_bom_with_component_setuptools_with_cpe-1.5.json.bin index 2a276928..73874e03 100644 --- a/tests/_data/snapshots/get_bom_with_component_setuptools_with_cpe-1.5.json.bin +++ b/tests/_data/snapshots/get_bom_with_component_setuptools_with_cpe-1.5.json.bin @@ -7,6 +7,7 @@ "licenses": [ { "license": { + "bom-ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz_license", "id": "MIT" } } diff --git a/tests/_data/snapshots/get_bom_with_component_setuptools_with_cpe-1.5.xml.bin b/tests/_data/snapshots/get_bom_with_component_setuptools_with_cpe-1.5.xml.bin index 2cfec03f..28979fbe 100644 --- a/tests/_data/snapshots/get_bom_with_component_setuptools_with_cpe-1.5.xml.bin +++ b/tests/_data/snapshots/get_bom_with_component_setuptools_with_cpe-1.5.xml.bin @@ -9,7 +9,7 @@ setuptools 50.3.2 - + MIT diff --git a/tests/_data/snapshots/get_bom_with_component_setuptools_with_cpe-1.6.json.bin b/tests/_data/snapshots/get_bom_with_component_setuptools_with_cpe-1.6.json.bin index d6ab5aa9..9336a2b7 100644 --- a/tests/_data/snapshots/get_bom_with_component_setuptools_with_cpe-1.6.json.bin +++ b/tests/_data/snapshots/get_bom_with_component_setuptools_with_cpe-1.6.json.bin @@ -7,6 +7,7 @@ "licenses": [ { "license": { + "bom-ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz_license", "id": "MIT" } } diff --git a/tests/_data/snapshots/get_bom_with_component_setuptools_with_cpe-1.6.xml.bin b/tests/_data/snapshots/get_bom_with_component_setuptools_with_cpe-1.6.xml.bin index 776785bb..ab6a4e82 100644 --- a/tests/_data/snapshots/get_bom_with_component_setuptools_with_cpe-1.6.xml.bin +++ b/tests/_data/snapshots/get_bom_with_component_setuptools_with_cpe-1.6.xml.bin @@ -9,7 +9,7 @@ setuptools 50.3.2 - + MIT diff --git a/tests/_data/snapshots/get_bom_with_component_setuptools_with_release_notes-1.5.json.bin b/tests/_data/snapshots/get_bom_with_component_setuptools_with_release_notes-1.5.json.bin index ae0d6c19..2461306e 100644 --- a/tests/_data/snapshots/get_bom_with_component_setuptools_with_release_notes-1.5.json.bin +++ b/tests/_data/snapshots/get_bom_with_component_setuptools_with_release_notes-1.5.json.bin @@ -6,6 +6,7 @@ "licenses": [ { "license": { + "bom-ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz_license", "id": "MIT" } } diff --git a/tests/_data/snapshots/get_bom_with_component_setuptools_with_release_notes-1.5.xml.bin b/tests/_data/snapshots/get_bom_with_component_setuptools_with_release_notes-1.5.xml.bin index 6983758e..c5ffc19b 100644 --- a/tests/_data/snapshots/get_bom_with_component_setuptools_with_release_notes-1.5.xml.bin +++ b/tests/_data/snapshots/get_bom_with_component_setuptools_with_release_notes-1.5.xml.bin @@ -9,7 +9,7 @@ setuptools 50.3.2 - + MIT diff --git a/tests/_data/snapshots/get_bom_with_component_setuptools_with_release_notes-1.6.json.bin b/tests/_data/snapshots/get_bom_with_component_setuptools_with_release_notes-1.6.json.bin index a6411ed9..cdabe1b0 100644 --- a/tests/_data/snapshots/get_bom_with_component_setuptools_with_release_notes-1.6.json.bin +++ b/tests/_data/snapshots/get_bom_with_component_setuptools_with_release_notes-1.6.json.bin @@ -6,6 +6,7 @@ "licenses": [ { "license": { + "bom-ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz_license", "id": "MIT" } } diff --git a/tests/_data/snapshots/get_bom_with_component_setuptools_with_release_notes-1.6.xml.bin b/tests/_data/snapshots/get_bom_with_component_setuptools_with_release_notes-1.6.xml.bin index df54f9c6..1312f05b 100644 --- a/tests/_data/snapshots/get_bom_with_component_setuptools_with_release_notes-1.6.xml.bin +++ b/tests/_data/snapshots/get_bom_with_component_setuptools_with_release_notes-1.6.xml.bin @@ -9,7 +9,7 @@ setuptools 50.3.2 - + MIT diff --git a/tests/_data/snapshots/get_bom_with_component_setuptools_with_v16_fields-1.5.json.bin b/tests/_data/snapshots/get_bom_with_component_setuptools_with_v16_fields-1.5.json.bin index 907820fb..870ac7c3 100644 --- a/tests/_data/snapshots/get_bom_with_component_setuptools_with_v16_fields-1.5.json.bin +++ b/tests/_data/snapshots/get_bom_with_component_setuptools_with_v16_fields-1.5.json.bin @@ -6,6 +6,7 @@ "licenses": [ { "license": { + "bom-ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz_license", "id": "MIT" } } diff --git a/tests/_data/snapshots/get_bom_with_component_setuptools_with_v16_fields-1.5.xml.bin b/tests/_data/snapshots/get_bom_with_component_setuptools_with_v16_fields-1.5.xml.bin index 4d9bbf6d..0a49c2c4 100644 --- a/tests/_data/snapshots/get_bom_with_component_setuptools_with_v16_fields-1.5.xml.bin +++ b/tests/_data/snapshots/get_bom_with_component_setuptools_with_v16_fields-1.5.xml.bin @@ -9,7 +9,7 @@ setuptools 50.3.2 - + MIT diff --git a/tests/_data/snapshots/get_bom_with_component_setuptools_with_v16_fields-1.6.json.bin b/tests/_data/snapshots/get_bom_with_component_setuptools_with_v16_fields-1.6.json.bin index c1abec2c..7d435b40 100644 --- a/tests/_data/snapshots/get_bom_with_component_setuptools_with_v16_fields-1.6.json.bin +++ b/tests/_data/snapshots/get_bom_with_component_setuptools_with_v16_fields-1.6.json.bin @@ -4,11 +4,13 @@ "author": "Test Author", "authors": [ { + "bom-ref": "OrganizationalContact_ano_pkg:pypi/setuptools@50.3.2?extension=tar.gz_authors2", "email": "someone@somewhere.tld", "name": "A N Other", "phone": "+44 (0)1234 567890" }, { + "bom-ref": "OrganizationalContact_ph_pkg:pypi/setuptools@50.3.2?extension=tar.gz_authors1", "email": "paul.horton@owasp.org", "name": "Paul Horton" } @@ -17,24 +19,29 @@ "licenses": [ { "license": { + "bom-ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz_license", "id": "MIT" } } ], "manufacturer": { "address": { + "bom-ref": "PostalAddress_1_pkg:pypi/setuptools@50.3.2?extension=tar.gz_manufacturer", "country": "GB", "locality": "Cheshire", "region": "England", "streetAddress": "100 Main Street" }, + "bom-ref": "OrganizationalEntity_cdx_pkg:pypi/setuptools@50.3.2?extension=tar.gz_manufacturer", "contact": [ { + "bom-ref": "OrganizationalContact_ano_pkg:pypi/setuptools@50.3.2?extension=tar.gz_manufacturer", "email": "someone@somewhere.tld", "name": "A N Other", "phone": "+44 (0)1234 567890" }, { + "bom-ref": "OrganizationalContact_ph_pkg:pypi/setuptools@50.3.2?extension=tar.gz_manufacturer", "email": "paul.horton@owasp.org", "name": "Paul Horton" } diff --git a/tests/_data/snapshots/get_bom_with_component_setuptools_with_v16_fields-1.6.xml.bin b/tests/_data/snapshots/get_bom_with_component_setuptools_with_v16_fields-1.6.xml.bin index e10d5af9..f710755e 100644 --- a/tests/_data/snapshots/get_bom_with_component_setuptools_with_v16_fields-1.6.xml.bin +++ b/tests/_data/snapshots/get_bom_with_component_setuptools_with_v16_fields-1.6.xml.bin @@ -5,9 +5,9 @@ - + CycloneDX -
+
GB England Cheshire @@ -15,23 +15,23 @@
https://cyclonedx.org https://cyclonedx.org/docs - + A N Other someone@somewhere.tld +44 (0)1234 567890 - + Paul Horton paul.horton@owasp.org - + A N Other someone@somewhere.tld +44 (0)1234 567890 - + Paul Horton paul.horton@owasp.org @@ -40,7 +40,7 @@ setuptools 50.3.2 - + MIT diff --git a/tests/_data/snapshots/get_bom_with_component_setuptools_with_vulnerability-1.5.json.bin b/tests/_data/snapshots/get_bom_with_component_setuptools_with_vulnerability-1.5.json.bin index 14b92331..c8ddf353 100644 --- a/tests/_data/snapshots/get_bom_with_component_setuptools_with_vulnerability-1.5.json.bin +++ b/tests/_data/snapshots/get_bom_with_component_setuptools_with_vulnerability-1.5.json.bin @@ -6,6 +6,7 @@ "licenses": [ { "license": { + "bom-ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz_license", "id": "MIT" } } @@ -72,6 +73,7 @@ "credits": { "individuals": [ { + "bom-ref": "OrganizationalContact_ano_vuln_credits_ind", "email": "someone@somewhere.tld", "name": "A N Other", "phone": "+44 (0)1234 567890" @@ -79,13 +81,16 @@ ], "organizations": [ { + "bom-ref": "OrganizationalEntity_cdx_vuln_credits_org", "contact": [ { + "bom-ref": "OrganizationalContact_ano_vuln_credits_org", "email": "someone@somewhere.tld", "name": "A N Other", "phone": "+44 (0)1234 567890" }, { + "bom-ref": "OrganizationalContact_ph_vuln_credits_org", "email": "paul.horton@owasp.org", "name": "Paul Horton" } diff --git a/tests/_data/snapshots/get_bom_with_component_setuptools_with_vulnerability-1.5.xml.bin b/tests/_data/snapshots/get_bom_with_component_setuptools_with_vulnerability-1.5.xml.bin index 09e41d34..bdc5887b 100644 --- a/tests/_data/snapshots/get_bom_with_component_setuptools_with_vulnerability-1.5.xml.bin +++ b/tests/_data/snapshots/get_bom_with_component_setuptools_with_vulnerability-1.5.xml.bin @@ -9,7 +9,7 @@ setuptools 50.3.2 - + MIT @@ -84,23 +84,23 @@ 2021-09-03T10:50:42.051979+00:00 - + CycloneDX https://cyclonedx.org https://cyclonedx.org/docs - + A N Other someone@somewhere.tld +44 (0)1234 567890 - + Paul Horton paul.horton@owasp.org - + A N Other someone@somewhere.tld +44 (0)1234 567890 diff --git a/tests/_data/snapshots/get_bom_with_component_setuptools_with_vulnerability-1.6.json.bin b/tests/_data/snapshots/get_bom_with_component_setuptools_with_vulnerability-1.6.json.bin index 69742402..f1c9c960 100644 --- a/tests/_data/snapshots/get_bom_with_component_setuptools_with_vulnerability-1.6.json.bin +++ b/tests/_data/snapshots/get_bom_with_component_setuptools_with_vulnerability-1.6.json.bin @@ -6,6 +6,7 @@ "licenses": [ { "license": { + "bom-ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz_license", "id": "MIT" } } @@ -72,6 +73,7 @@ "credits": { "individuals": [ { + "bom-ref": "OrganizationalContact_ano_vuln_credits_ind", "email": "someone@somewhere.tld", "name": "A N Other", "phone": "+44 (0)1234 567890" @@ -80,18 +82,22 @@ "organizations": [ { "address": { + "bom-ref": "PostalAddress_1_vuln_credits_org", "country": "GB", "locality": "Cheshire", "region": "England", "streetAddress": "100 Main Street" }, + "bom-ref": "OrganizationalEntity_cdx_vuln_credits_org", "contact": [ { + "bom-ref": "OrganizationalContact_ano_vuln_credits_org", "email": "someone@somewhere.tld", "name": "A N Other", "phone": "+44 (0)1234 567890" }, { + "bom-ref": "OrganizationalContact_ph_vuln_credits_org", "email": "paul.horton@owasp.org", "name": "Paul Horton" } diff --git a/tests/_data/snapshots/get_bom_with_component_setuptools_with_vulnerability-1.6.xml.bin b/tests/_data/snapshots/get_bom_with_component_setuptools_with_vulnerability-1.6.xml.bin index 36cb8aa0..9bef86d0 100644 --- a/tests/_data/snapshots/get_bom_with_component_setuptools_with_vulnerability-1.6.xml.bin +++ b/tests/_data/snapshots/get_bom_with_component_setuptools_with_vulnerability-1.6.xml.bin @@ -9,7 +9,7 @@ setuptools 50.3.2 - + MIT @@ -84,9 +84,9 @@ 2021-09-03T10:50:42.051979+00:00 - + CycloneDX -
+
GB England Cheshire @@ -94,19 +94,19 @@
https://cyclonedx.org https://cyclonedx.org/docs - + A N Other someone@somewhere.tld +44 (0)1234 567890 - + Paul Horton paul.horton@owasp.org - + A N Other someone@somewhere.tld +44 (0)1234 567890 diff --git a/tests/_data/snapshots/get_bom_with_dependencies_hanging-1.5.json.bin b/tests/_data/snapshots/get_bom_with_dependencies_hanging-1.5.json.bin index 3d8b8f31..74df159c 100644 --- a/tests/_data/snapshots/get_bom_with_dependencies_hanging-1.5.json.bin +++ b/tests/_data/snapshots/get_bom_with_dependencies_hanging-1.5.json.bin @@ -6,6 +6,7 @@ "licenses": [ { "license": { + "bom-ref": "setuptools_license", "id": "MIT" } } diff --git a/tests/_data/snapshots/get_bom_with_dependencies_hanging-1.5.xml.bin b/tests/_data/snapshots/get_bom_with_dependencies_hanging-1.5.xml.bin index 8d72d8b6..5b649d31 100644 --- a/tests/_data/snapshots/get_bom_with_dependencies_hanging-1.5.xml.bin +++ b/tests/_data/snapshots/get_bom_with_dependencies_hanging-1.5.xml.bin @@ -12,7 +12,7 @@ setuptools 50.3.2 - + MIT diff --git a/tests/_data/snapshots/get_bom_with_dependencies_hanging-1.6.json.bin b/tests/_data/snapshots/get_bom_with_dependencies_hanging-1.6.json.bin index 5e2a7641..4222fb76 100644 --- a/tests/_data/snapshots/get_bom_with_dependencies_hanging-1.6.json.bin +++ b/tests/_data/snapshots/get_bom_with_dependencies_hanging-1.6.json.bin @@ -6,6 +6,7 @@ "licenses": [ { "license": { + "bom-ref": "setuptools_license", "id": "MIT" } } diff --git a/tests/_data/snapshots/get_bom_with_dependencies_hanging-1.6.xml.bin b/tests/_data/snapshots/get_bom_with_dependencies_hanging-1.6.xml.bin index 2ae2aa9d..057b4e9e 100644 --- a/tests/_data/snapshots/get_bom_with_dependencies_hanging-1.6.xml.bin +++ b/tests/_data/snapshots/get_bom_with_dependencies_hanging-1.6.xml.bin @@ -12,7 +12,7 @@ setuptools 50.3.2 - + MIT diff --git a/tests/_data/snapshots/get_bom_with_dependencies_valid-1.5.json.bin b/tests/_data/snapshots/get_bom_with_dependencies_valid-1.5.json.bin index 89bd86c2..a5b22168 100644 --- a/tests/_data/snapshots/get_bom_with_dependencies_valid-1.5.json.bin +++ b/tests/_data/snapshots/get_bom_with_dependencies_valid-1.5.json.bin @@ -6,6 +6,7 @@ "licenses": [ { "license": { + "bom-ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz_license", "id": "MIT" } } diff --git a/tests/_data/snapshots/get_bom_with_dependencies_valid-1.5.xml.bin b/tests/_data/snapshots/get_bom_with_dependencies_valid-1.5.xml.bin index 6ddad73d..55ec306c 100644 --- a/tests/_data/snapshots/get_bom_with_dependencies_valid-1.5.xml.bin +++ b/tests/_data/snapshots/get_bom_with_dependencies_valid-1.5.xml.bin @@ -9,7 +9,7 @@ setuptools 50.3.2 - + MIT diff --git a/tests/_data/snapshots/get_bom_with_dependencies_valid-1.6.json.bin b/tests/_data/snapshots/get_bom_with_dependencies_valid-1.6.json.bin index 7717cb17..d90ffc94 100644 --- a/tests/_data/snapshots/get_bom_with_dependencies_valid-1.6.json.bin +++ b/tests/_data/snapshots/get_bom_with_dependencies_valid-1.6.json.bin @@ -6,6 +6,7 @@ "licenses": [ { "license": { + "bom-ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz_license", "id": "MIT" } } diff --git a/tests/_data/snapshots/get_bom_with_dependencies_valid-1.6.xml.bin b/tests/_data/snapshots/get_bom_with_dependencies_valid-1.6.xml.bin index ad60777c..3ac38c4b 100644 --- a/tests/_data/snapshots/get_bom_with_dependencies_valid-1.6.xml.bin +++ b/tests/_data/snapshots/get_bom_with_dependencies_valid-1.6.xml.bin @@ -9,7 +9,7 @@ setuptools 50.3.2 - + MIT diff --git a/tests/_data/snapshots/get_bom_with_licenses-1.5.json.bin b/tests/_data/snapshots/get_bom_with_licenses-1.5.json.bin index a8b28b10..efc71547 100644 --- a/tests/_data/snapshots/get_bom_with_licenses-1.5.json.bin +++ b/tests/_data/snapshots/get_bom_with_licenses-1.5.json.bin @@ -5,6 +5,7 @@ "licenses": [ { "license": { + "bom-ref": "C2_license", "id": "Apache-2.0", "url": "https://www.apache.org/licenses/LICENSE-2.0.html" } @@ -17,6 +18,7 @@ "bom-ref": "C1", "licenses": [ { + "bom-ref": "C1_license", "expression": "Apache-2.0 OR MIT" } ], @@ -28,6 +30,7 @@ "licenses": [ { "license": { + "bom-ref": "c-with-name_license_2", "name": "some additional", "text": { "content": "this is additional license text", @@ -37,6 +40,7 @@ }, { "license": { + "bom-ref": "c-with-name_license_1", "name": "some commercial license", "text": { "content": "this is a license text", @@ -78,6 +82,7 @@ "licenses": [ { "license": { + "bom-ref": "root_component_license", "name": "proprietary" } } @@ -88,6 +93,7 @@ "licenses": [ { "license": { + "bom-ref": "bom_license", "id": "CC-BY-1.0" } } @@ -111,6 +117,7 @@ "licenses": [ { "license": { + "bom-ref": "S2_license", "id": "Apache-2.0", "url": "https://www.apache.org/licenses/LICENSE-2.0.html" } @@ -122,6 +129,7 @@ "bom-ref": "S1", "licenses": [ { + "bom-ref": "S1_license", "expression": "Apache-2.0 OR MIT" } ], @@ -132,6 +140,7 @@ "licenses": [ { "license": { + "bom-ref": "S3_license2", "name": "some additional", "text": { "content": "this is additional license text", @@ -141,6 +150,7 @@ }, { "license": { + "bom-ref": "S3_license1", "name": "some commercial license", "text": { "content": "this is a license text", diff --git a/tests/_data/snapshots/get_bom_with_licenses-1.5.xml.bin b/tests/_data/snapshots/get_bom_with_licenses-1.5.xml.bin index fc2bedfd..216f4e74 100644 --- a/tests/_data/snapshots/get_bom_with_licenses-1.5.xml.bin +++ b/tests/_data/snapshots/get_bom_with_licenses-1.5.xml.bin @@ -5,13 +5,13 @@ app - + proprietary - + CC-BY-1.0 @@ -20,7 +20,7 @@ c-with-SPDX - + Apache-2.0 https://www.apache.org/licenses/LICENSE-2.0.html @@ -29,17 +29,17 @@ c-with-expression - Apache-2.0 OR MIT + Apache-2.0 OR MIT c-with-name - + some additional this is additional license text - + some commercial license this is a license text @@ -50,7 +50,7 @@ s-with-SPDX - + Apache-2.0 https://www.apache.org/licenses/LICENSE-2.0.html @@ -59,17 +59,17 @@ s-with-expression - Apache-2.0 OR MIT + Apache-2.0 OR MIT s-with-name - + some additional this is additional license text - + some commercial license this is a license text diff --git a/tests/_data/snapshots/get_bom_with_licenses-1.6.json.bin b/tests/_data/snapshots/get_bom_with_licenses-1.6.json.bin index 4e6ef33f..83b8f82c 100644 --- a/tests/_data/snapshots/get_bom_with_licenses-1.6.json.bin +++ b/tests/_data/snapshots/get_bom_with_licenses-1.6.json.bin @@ -6,6 +6,7 @@ { "license": { "acknowledgement": "concluded", + "bom-ref": "C2_license", "id": "Apache-2.0", "url": "https://www.apache.org/licenses/LICENSE-2.0.html" } @@ -19,6 +20,7 @@ "licenses": [ { "acknowledgement": "concluded", + "bom-ref": "C1_license", "expression": "Apache-2.0 OR MIT" } ], @@ -30,6 +32,7 @@ "licenses": [ { "license": { + "bom-ref": "c-with-name_license_2", "name": "some additional", "text": { "content": "this is additional license text", @@ -39,6 +42,7 @@ }, { "license": { + "bom-ref": "c-with-name_license_1", "name": "some commercial license", "text": { "content": "this is a license text", @@ -80,6 +84,7 @@ "licenses": [ { "license": { + "bom-ref": "root_component_license", "name": "proprietary" } } @@ -90,6 +95,7 @@ "licenses": [ { "license": { + "bom-ref": "bom_license", "id": "CC-BY-1.0" } } @@ -114,6 +120,7 @@ { "license": { "acknowledgement": "declared", + "bom-ref": "S2_license", "id": "Apache-2.0", "url": "https://www.apache.org/licenses/LICENSE-2.0.html" } @@ -126,6 +133,7 @@ "licenses": [ { "acknowledgement": "declared", + "bom-ref": "S1_license", "expression": "Apache-2.0 OR MIT" } ], @@ -136,6 +144,7 @@ "licenses": [ { "license": { + "bom-ref": "S3_license2", "name": "some additional", "text": { "content": "this is additional license text", @@ -145,6 +154,7 @@ }, { "license": { + "bom-ref": "S3_license1", "name": "some commercial license", "text": { "content": "this is a license text", diff --git a/tests/_data/snapshots/get_bom_with_licenses-1.6.xml.bin b/tests/_data/snapshots/get_bom_with_licenses-1.6.xml.bin index 49b31f46..ea599f11 100644 --- a/tests/_data/snapshots/get_bom_with_licenses-1.6.xml.bin +++ b/tests/_data/snapshots/get_bom_with_licenses-1.6.xml.bin @@ -5,13 +5,13 @@ app - + proprietary - + CC-BY-1.0 @@ -20,7 +20,7 @@ c-with-SPDX - + Apache-2.0 https://www.apache.org/licenses/LICENSE-2.0.html @@ -29,17 +29,17 @@ c-with-expression - Apache-2.0 OR MIT + Apache-2.0 OR MIT c-with-name - + some additional this is additional license text - + some commercial license this is a license text @@ -50,7 +50,7 @@ s-with-SPDX - + Apache-2.0 https://www.apache.org/licenses/LICENSE-2.0.html @@ -59,17 +59,17 @@ s-with-expression - Apache-2.0 OR MIT + Apache-2.0 OR MIT s-with-name - + some additional this is additional license text - + some commercial license this is a license text diff --git a/tests/_data/snapshots/get_bom_with_metadata_component_and_dependencies-1.5.json.bin b/tests/_data/snapshots/get_bom_with_metadata_component_and_dependencies-1.5.json.bin index a72442f9..d23d287e 100644 --- a/tests/_data/snapshots/get_bom_with_metadata_component_and_dependencies-1.5.json.bin +++ b/tests/_data/snapshots/get_bom_with_metadata_component_and_dependencies-1.5.json.bin @@ -45,6 +45,7 @@ "licenses": [ { "license": { + "bom-ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz_license", "id": "MIT" } } diff --git a/tests/_data/snapshots/get_bom_with_metadata_component_and_dependencies-1.5.xml.bin b/tests/_data/snapshots/get_bom_with_metadata_component_and_dependencies-1.5.xml.bin index 4ad5abd7..047b3846 100644 --- a/tests/_data/snapshots/get_bom_with_metadata_component_and_dependencies-1.5.xml.bin +++ b/tests/_data/snapshots/get_bom_with_metadata_component_and_dependencies-1.5.xml.bin @@ -7,7 +7,7 @@ setuptools 50.3.2 - + MIT diff --git a/tests/_data/snapshots/get_bom_with_metadata_component_and_dependencies-1.6.json.bin b/tests/_data/snapshots/get_bom_with_metadata_component_and_dependencies-1.6.json.bin index 9aba4626..b7ea12d4 100644 --- a/tests/_data/snapshots/get_bom_with_metadata_component_and_dependencies-1.6.json.bin +++ b/tests/_data/snapshots/get_bom_with_metadata_component_and_dependencies-1.6.json.bin @@ -45,6 +45,7 @@ "licenses": [ { "license": { + "bom-ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz_license", "id": "MIT" } } diff --git a/tests/_data/snapshots/get_bom_with_metadata_component_and_dependencies-1.6.xml.bin b/tests/_data/snapshots/get_bom_with_metadata_component_and_dependencies-1.6.xml.bin index 26e9a101..6ef1601b 100644 --- a/tests/_data/snapshots/get_bom_with_metadata_component_and_dependencies-1.6.xml.bin +++ b/tests/_data/snapshots/get_bom_with_metadata_component_and_dependencies-1.6.xml.bin @@ -7,7 +7,7 @@ setuptools 50.3.2 - + MIT diff --git a/tests/_data/snapshots/get_bom_with_multiple_licenses-1.5.json.bin b/tests/_data/snapshots/get_bom_with_multiple_licenses-1.5.json.bin index 134e1f9a..6a1a443e 100644 --- a/tests/_data/snapshots/get_bom_with_multiple_licenses-1.5.json.bin +++ b/tests/_data/snapshots/get_bom_with_multiple_licenses-1.5.json.bin @@ -5,11 +5,13 @@ "licenses": [ { "license": { + "bom-ref": "my-compo_license_mit", "id": "MIT" } }, { "license": { + "bom-ref": "my-compo_license_foo", "name": "foo license" } } @@ -35,11 +37,13 @@ "licenses": [ { "license": { + "bom-ref": "my-app_license_mit", "id": "MIT" } }, { "license": { + "bom-ref": "my-app_license_foo", "name": "foo license" } } @@ -50,11 +54,13 @@ "licenses": [ { "license": { + "bom-ref": "bom_license_mit", "id": "MIT" } }, { "license": { + "bom-ref": "bom_license_foo", "name": "foo license" } } @@ -78,11 +84,13 @@ "licenses": [ { "license": { + "bom-ref": "my-serv_license_mit", "id": "MIT" } }, { "license": { + "bom-ref": "my-serv_license_foo", "name": "foo license" } } diff --git a/tests/_data/snapshots/get_bom_with_multiple_licenses-1.5.xml.bin b/tests/_data/snapshots/get_bom_with_multiple_licenses-1.5.xml.bin index 8ece9896..3672b4ef 100644 --- a/tests/_data/snapshots/get_bom_with_multiple_licenses-1.5.xml.bin +++ b/tests/_data/snapshots/get_bom_with_multiple_licenses-1.5.xml.bin @@ -5,19 +5,19 @@ app - + MIT - + foo license - + MIT - + foo license @@ -26,10 +26,10 @@ comp - + MIT - + foo license @@ -39,10 +39,10 @@ serv - + MIT - + foo license diff --git a/tests/_data/snapshots/get_bom_with_multiple_licenses-1.6.json.bin b/tests/_data/snapshots/get_bom_with_multiple_licenses-1.6.json.bin index 1d8ab129..5766b825 100644 --- a/tests/_data/snapshots/get_bom_with_multiple_licenses-1.6.json.bin +++ b/tests/_data/snapshots/get_bom_with_multiple_licenses-1.6.json.bin @@ -5,11 +5,13 @@ "licenses": [ { "license": { + "bom-ref": "my-compo_license_mit", "id": "MIT" } }, { "license": { + "bom-ref": "my-compo_license_foo", "name": "foo license" } } @@ -35,11 +37,13 @@ "licenses": [ { "license": { + "bom-ref": "my-app_license_mit", "id": "MIT" } }, { "license": { + "bom-ref": "my-app_license_foo", "name": "foo license" } } @@ -50,11 +54,13 @@ "licenses": [ { "license": { + "bom-ref": "bom_license_mit", "id": "MIT" } }, { "license": { + "bom-ref": "bom_license_foo", "name": "foo license" } } @@ -78,11 +84,13 @@ "licenses": [ { "license": { + "bom-ref": "my-serv_license_mit", "id": "MIT" } }, { "license": { + "bom-ref": "my-serv_license_foo", "name": "foo license" } } diff --git a/tests/_data/snapshots/get_bom_with_multiple_licenses-1.6.xml.bin b/tests/_data/snapshots/get_bom_with_multiple_licenses-1.6.xml.bin index 84091db5..da1e3124 100644 --- a/tests/_data/snapshots/get_bom_with_multiple_licenses-1.6.xml.bin +++ b/tests/_data/snapshots/get_bom_with_multiple_licenses-1.6.xml.bin @@ -5,19 +5,19 @@ app - + MIT - + foo license - + MIT - + foo license @@ -26,10 +26,10 @@ comp - + MIT - + foo license @@ -39,10 +39,10 @@ serv - + MIT - + foo license diff --git a/tests/_data/snapshots/get_bom_with_nested_services-1.5.json.bin b/tests/_data/snapshots/get_bom_with_nested_services-1.5.json.bin index 11b52897..c4d48370 100644 --- a/tests/_data/snapshots/get_bom_with_nested_services-1.5.json.bin +++ b/tests/_data/snapshots/get_bom_with_nested_services-1.5.json.bin @@ -62,6 +62,7 @@ "licenses": [ { "license": { + "bom-ref": "service_license", "name": "Commercial" } } @@ -78,13 +79,16 @@ } ], "provider": { + "bom-ref": "OrganizationalEntity_cdx_s1", "contact": [ { + "bom-ref": "OrganizationalContact_ano_s1", "email": "someone@somewhere.tld", "name": "A N Other", "phone": "+44 (0)1234 567890" }, { + "bom-ref": "OrganizationalContact_ph_s1", "email": "paul.horton@owasp.org", "name": "Paul Horton" } @@ -161,13 +165,16 @@ "group": "no-group", "name": "second-nested-service", "provider": { + "bom-ref": "OrganizationalEntity_cdx_s2", "contact": [ { + "bom-ref": "OrganizationalContact_ano_s2", "email": "someone@somewhere.tld", "name": "A N Other", "phone": "+44 (0)1234 567890" }, { + "bom-ref": "OrganizationalContact_ph_s2", "email": "paul.horton@owasp.org", "name": "Paul Horton" } @@ -198,13 +205,16 @@ "group": "what-group", "name": "yet-another-nested-service", "provider": { + "bom-ref": "OrganizationalEntity_cdx_s3", "contact": [ { + "bom-ref": "OrganizationalContact_ano_s3", "email": "someone@somewhere.tld", "name": "A N Other", "phone": "+44 (0)1234 567890" }, { + "bom-ref": "OrganizationalContact_ph_s3", "email": "paul.horton@owasp.org", "name": "Paul Horton" } diff --git a/tests/_data/snapshots/get_bom_with_nested_services-1.5.xml.bin b/tests/_data/snapshots/get_bom_with_nested_services-1.5.xml.bin index 570fba7f..fadcb33e 100644 --- a/tests/_data/snapshots/get_bom_with_nested_services-1.5.xml.bin +++ b/tests/_data/snapshots/get_bom_with_nested_services-1.5.xml.bin @@ -9,16 +9,16 @@ - + CycloneDX https://cyclonedx.org https://cyclonedx.org/docs - + A N Other someone@somewhere.tld +44 (0)1234 567890 - + Paul Horton paul.horton@owasp.org @@ -37,7 +37,7 @@ public - + Commercial @@ -56,16 +56,16 @@ - + CycloneDX https://cyclonedx.org https://cyclonedx.org/docs - + A N Other someone@somewhere.tld +44 (0)1234 567890 - + Paul Horton paul.horton@owasp.org @@ -129,16 +129,16 @@ my-second-service - + CycloneDX https://cyclonedx.org https://cyclonedx.org/docs - + A N Other someone@somewhere.tld +44 (0)1234 567890 - + Paul Horton paul.horton@owasp.org diff --git a/tests/_data/snapshots/get_bom_with_nested_services-1.6.json.bin b/tests/_data/snapshots/get_bom_with_nested_services-1.6.json.bin index e1469324..bd28d1d5 100644 --- a/tests/_data/snapshots/get_bom_with_nested_services-1.6.json.bin +++ b/tests/_data/snapshots/get_bom_with_nested_services-1.6.json.bin @@ -62,6 +62,7 @@ "licenses": [ { "license": { + "bom-ref": "service_license", "name": "Commercial" } } @@ -79,18 +80,22 @@ ], "provider": { "address": { + "bom-ref": "PostalAddress_1_s1", "country": "GB", "locality": "Cheshire", "region": "England", "streetAddress": "100 Main Street" }, + "bom-ref": "OrganizationalEntity_cdx_s1", "contact": [ { + "bom-ref": "OrganizationalContact_ano_s1", "email": "someone@somewhere.tld", "name": "A N Other", "phone": "+44 (0)1234 567890" }, { + "bom-ref": "OrganizationalContact_ph_s1", "email": "paul.horton@owasp.org", "name": "Paul Horton" } @@ -168,18 +173,22 @@ "name": "second-nested-service", "provider": { "address": { + "bom-ref": "PostalAddress_1_s2", "country": "GB", "locality": "Cheshire", "region": "England", "streetAddress": "100 Main Street" }, + "bom-ref": "OrganizationalEntity_cdx_s2", "contact": [ { + "bom-ref": "OrganizationalContact_ano_s2", "email": "someone@somewhere.tld", "name": "A N Other", "phone": "+44 (0)1234 567890" }, { + "bom-ref": "OrganizationalContact_ph_s2", "email": "paul.horton@owasp.org", "name": "Paul Horton" } @@ -211,18 +220,22 @@ "name": "yet-another-nested-service", "provider": { "address": { + "bom-ref": "PostalAddress_1_s3", "country": "GB", "locality": "Cheshire", "region": "England", "streetAddress": "100 Main Street" }, + "bom-ref": "OrganizationalEntity_cdx_s3", "contact": [ { + "bom-ref": "OrganizationalContact_ano_s3", "email": "someone@somewhere.tld", "name": "A N Other", "phone": "+44 (0)1234 567890" }, { + "bom-ref": "OrganizationalContact_ph_s3", "email": "paul.horton@owasp.org", "name": "Paul Horton" } diff --git a/tests/_data/snapshots/get_bom_with_nested_services-1.6.xml.bin b/tests/_data/snapshots/get_bom_with_nested_services-1.6.xml.bin index 24ce8e39..89916d4a 100644 --- a/tests/_data/snapshots/get_bom_with_nested_services-1.6.xml.bin +++ b/tests/_data/snapshots/get_bom_with_nested_services-1.6.xml.bin @@ -9,9 +9,9 @@ - + CycloneDX -
+
GB England Cheshire @@ -19,12 +19,12 @@
https://cyclonedx.org https://cyclonedx.org/docs - + A N Other someone@somewhere.tld +44 (0)1234 567890 - + Paul Horton paul.horton@owasp.org @@ -43,7 +43,7 @@ public - + Commercial @@ -62,9 +62,9 @@ - + CycloneDX -
+
GB England Cheshire @@ -72,12 +72,12 @@
https://cyclonedx.org https://cyclonedx.org/docs - + A N Other someone@somewhere.tld +44 (0)1234 567890 - + Paul Horton paul.horton@owasp.org @@ -141,9 +141,9 @@ my-second-service - + CycloneDX -
+
GB England Cheshire @@ -151,12 +151,12 @@
https://cyclonedx.org https://cyclonedx.org/docs - + A N Other someone@somewhere.tld +44 (0)1234 567890 - + Paul Horton paul.horton@owasp.org diff --git a/tests/_data/snapshots/get_bom_with_services_complex-1.5.json.bin b/tests/_data/snapshots/get_bom_with_services_complex-1.5.json.bin index 7672db57..036e7c9b 100644 --- a/tests/_data/snapshots/get_bom_with_services_complex-1.5.json.bin +++ b/tests/_data/snapshots/get_bom_with_services_complex-1.5.json.bin @@ -62,6 +62,7 @@ "licenses": [ { "license": { + "bom-ref": "service_license", "name": "Commercial" } } @@ -78,13 +79,16 @@ } ], "provider": { + "bom-ref": "OrganizationalEntity_cdx_s1", "contact": [ { + "bom-ref": "OrganizationalContact_ano_s1", "email": "someone@somewhere.tld", "name": "A N Other", "phone": "+44 (0)1234 567890" }, { + "bom-ref": "OrganizationalContact_ph_s1", "email": "paul.horton@owasp.org", "name": "Paul Horton" } diff --git a/tests/_data/snapshots/get_bom_with_services_complex-1.5.xml.bin b/tests/_data/snapshots/get_bom_with_services_complex-1.5.xml.bin index 7fb7fc50..8ce629dc 100644 --- a/tests/_data/snapshots/get_bom_with_services_complex-1.5.xml.bin +++ b/tests/_data/snapshots/get_bom_with_services_complex-1.5.xml.bin @@ -9,16 +9,16 @@ - + CycloneDX https://cyclonedx.org https://cyclonedx.org/docs - + A N Other someone@somewhere.tld +44 (0)1234 567890 - + Paul Horton paul.horton@owasp.org @@ -37,7 +37,7 @@ public - + Commercial diff --git a/tests/_data/snapshots/get_bom_with_services_complex-1.6.json.bin b/tests/_data/snapshots/get_bom_with_services_complex-1.6.json.bin index 45b78218..97f8b77d 100644 --- a/tests/_data/snapshots/get_bom_with_services_complex-1.6.json.bin +++ b/tests/_data/snapshots/get_bom_with_services_complex-1.6.json.bin @@ -62,6 +62,7 @@ "licenses": [ { "license": { + "bom-ref": "service_license", "name": "Commercial" } } @@ -79,18 +80,22 @@ ], "provider": { "address": { + "bom-ref": "PostalAddress_1_s1", "country": "GB", "locality": "Cheshire", "region": "England", "streetAddress": "100 Main Street" }, + "bom-ref": "OrganizationalEntity_cdx_s1", "contact": [ { + "bom-ref": "OrganizationalContact_ano_s1", "email": "someone@somewhere.tld", "name": "A N Other", "phone": "+44 (0)1234 567890" }, { + "bom-ref": "OrganizationalContact_ph_s1", "email": "paul.horton@owasp.org", "name": "Paul Horton" } diff --git a/tests/_data/snapshots/get_bom_with_services_complex-1.6.xml.bin b/tests/_data/snapshots/get_bom_with_services_complex-1.6.xml.bin index 7a054cfa..2b72dbfa 100644 --- a/tests/_data/snapshots/get_bom_with_services_complex-1.6.xml.bin +++ b/tests/_data/snapshots/get_bom_with_services_complex-1.6.xml.bin @@ -9,9 +9,9 @@ - + CycloneDX -
+
GB England Cheshire @@ -19,12 +19,12 @@
https://cyclonedx.org https://cyclonedx.org/docs - + A N Other someone@somewhere.tld +44 (0)1234 567890 - + Paul Horton paul.horton@owasp.org @@ -43,7 +43,7 @@ public - + Commercial diff --git a/tests/test_enums.py b/tests/test_enums.py index f769388e..f2d8cb92 100644 --- a/tests/test_enums.py +++ b/tests/test_enums.py @@ -186,9 +186,10 @@ def test_knows_value(self, value: str) -> None: @named_data(*NAMED_OF_SV) def test_cases_render_valid(self, of: OutputFormat, sv: SchemaVersion, *_: Any, **__: Any) -> None: bom = _make_bom(components=[Component(name='dummy', type=ComponentType.LIBRARY, bom_ref='dummy', licenses=( - DisjunctiveLicense(name=f'att.encoding: {encoding.name}', text=AttachedText( - content=f'att.encoding: {encoding.name}', encoding=encoding - )) for encoding in Encoding + DisjunctiveLicense(bom_ref='dummy_license', + name=f'att.encoding: {encoding.name}', text=AttachedText( + content=f'att.encoding: {encoding.name}', encoding=encoding + )) for encoding in Encoding ))]) super()._test_cases_render(bom, of, sv)