Merge branch 'master' into fix-conda-purl

madpah · web-flow · commit 29990223c475 · 2022-06-16T09:16:56.000+01:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,10 @@
 
 <!--next-version-placeholder-->
 
+## v3.3.0 (2022-06-16)
+### Feature
+* Add Conda MD5 hash to Component.hashes, if available - thanks @RodneyRichardson  ([`772c517`](https://github.com/CycloneDX/cyclonedx-python/commit/772c517521da0fd8ddbd1ed8abdf22243f418217))
+
 ## v3.2.2 (2022-06-02)
 ### Fix
 * Add actively used (transitive) dependencies ([#363](https://github.com/CycloneDX/cyclonedx-python/issues/363)) ([`1f45ad9`](https://github.com/CycloneDX/cyclonedx-python/commit/1f45ad9162be511f07e9310414793218c554a097))
diff --git a/cyclonedx_py/parser/conda.py b/cyclonedx_py/parser/conda.py
@@ -21,7 +21,7 @@
 from abc import ABCMeta, abstractmethod
 from typing import List
 
-from cyclonedx.model import ExternalReference, ExternalReferenceType, XsUri
+from cyclonedx.model import ExternalReference, ExternalReferenceType, HashAlgorithm, HashType, XsUri
 from cyclonedx.model.component import Component
 from cyclonedx.parser import BaseParser
 
@@ -72,6 +72,11 @@ def _conda_packages_to_components(self) -> None:
                 url=XsUri(conda_package['base_url']),
                 comment=f"Distribution name {conda_package['dist_name']}"
             ))
+            if conda_package['md5_hash'] is not None:
+                c.hashes.add(HashType(
+                    algorithm=HashAlgorithm.MD5,
+                    hash_value=str(conda_package['md5_hash'])
+                ))
 
             self._components.append(c)
 
diff --git a/pyproject.toml b/pyproject.toml
@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "cyclonedx-bom"
-version = "3.2.2"
+version = "3.3.0"
 description = "CycloneDX Software Bill of Materials (SBOM) generation utility"
 authors = ["Steven Springett <steve.springett@owasp.org>", "Paul Horton <phorton@sonatype.com>"]
 license = "Apache-2.0"
diff --git a/tests/test_parser_conda.py b/tests/test_parser_conda.py
@@ -21,6 +21,8 @@
 import re
 from unittest import TestCase
 
+from cyclonedx.model import HashAlgorithm, HashType
+
 from cyclonedx_py.parser.conda import CondaListExplicitParser, CondaListJsonParser
 
 
@@ -44,6 +46,7 @@ def test_conda_list_json(self) -> None:
                          c_idna.purl.to_string())
         self.assertEqual(1, len(c_idna.external_references), f'{c_idna.external_references}')
         self.assertEqual(0, len(c_idna.external_references.pop().hashes))
+        self.assertEqual(0, len(c_idna.hashes), f'{c_idna.hashes}')
 
     def test_conda_list_explicit_md5(self) -> None:
         conda_list_output_file = os.path.join(os.path.dirname(__file__),
@@ -63,6 +66,10 @@ def test_conda_list_explicit_md5(self) -> None:
                          c_idna.purl.to_string())
         self.assertEqual(1, len(c_idna.external_references), f'{c_idna.external_references}')
         self.assertEqual(0, len(c_idna.external_references.pop().hashes))
+        self.assertEqual(1, len(c_idna.hashes), f'{c_idna.hashes}')
+        hash: HashType = c_idna.hashes.pop()
+        self.assertEqual(HashAlgorithm.MD5, hash.alg)
+        self.assertEqual('153ff132f593ea80aae2eea61a629c92', hash.content)
 
     def test_conda_list_build_number_text(self) -> None:
         conda_list_output_file = os.path.join(os.path.dirname(__file__), 'fixtures/conda-list-build-number-text.txt')
@@ -79,18 +86,23 @@ def test_conda_list_build_number_text(self) -> None:
         self.assertEqual('0.1', c_libgcc_mutex.version)
         self.assertEqual('pkg:conda/_libgcc_mutex@0.1?build=main&channel=pkgs/main&subdir=linux-64&type=conda',
                          c_libgcc_mutex.purl.to_string())
+        self.assertEqual(0, len(c_libgcc_mutex.hashes), f'{c_libgcc_mutex.hashes}')
+
         c_pycparser = next(filter(lambda c: c.name == 'pycparser', components), None)
         self.assertIsNotNone(c_pycparser)
         self.assertEqual('pycparser', c_pycparser.name)
         self.assertEqual('2.21', c_pycparser.version)
         self.assertEqual('pkg:conda/pycparser@2.21?build=pyhd3eb1b0_0&channel=pkgs/main&subdir=noarch&type=conda',
                          c_pycparser.purl.to_string())
+        self.assertEqual(0, len(c_pycparser.hashes), f'{c_pycparser.hashes}')
+
         c_openmp_mutex = next(filter(lambda c: c.name == '_openmp_mutex', components), None)
         self.assertIsNotNone(c_openmp_mutex)
         self.assertEqual('_openmp_mutex', c_openmp_mutex.name)
         self.assertEqual('4.5', c_openmp_mutex.version)
         self.assertEqual('pkg:conda/_openmp_mutex@4.5?build=1_gnu&channel=pkgs/main&subdir=linux-64&type=tar.bz2',
                          c_openmp_mutex.purl.to_string())
+        self.assertEqual(0, len(c_openmp_mutex.hashes), f'{c_openmp_mutex.hashes}')
 
     def test_conda_list_malformed(self) -> None:
         conda_list_output_file = os.path.join(os.path.dirname(__file__), 'fixtures/conda-list-broken.txt')
