Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add cyclonedx.model.dependency.Dependency.provides #691

Open
chistyakov opened this issue Oct 4, 2024 · 4 comments · May be fixed by #735
Open

feat: add cyclonedx.model.dependency.Dependency.provides #691

chistyakov opened this issue Oct 4, 2024 · 4 comments · May be fixed by #735
Labels
enhancement New feature or request help wanted Extra attention is needed schema 1.6

Comments

@chistyakov
Copy link

Library Version: 7.6.1

Description:

Steps to Reproduce:

  1. Use the example JSON provided in the CycloneDX bom-examples repository.
  2. Run the following script:
import json
from cyclonedx.model.bom import Bom


# source: https://github.com/CycloneDX/bom-examples/blob/c0436d86cd60693f01d19fe1aacfd01e70e17036/CBOM/Example-With-Dependencies/bom.json

sample = '''{
  "bomFormat": "CycloneDX",
  "specVersion": "1.6",
  "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",
  "version": 1,
  "metadata": {
    "component": {
      "type": "application",
      "bom-ref": "acme-application",
      "name": "Acme Application",
      "version": "1.0"
    }
  },
  "components": [
    {
      "type": "cryptographic-asset",
      "bom-ref": "aes128gcm",
      "name": "AES",
      "cryptoProperties": {
        "assetType": "algorithm",
        "algorithmProperties": {
          "primitive": "ae",
          "parameterSetIdentifier": "128",
          "executionEnvironment": "software-plain-ram",
          "implementationPlatform": "x86_64",
          "certificationLevel": [ "none" ],
          "mode": "gcm",
          "cryptoFunctions": ["keygen", "encrypt", "decrypt", "tag"],
          "classicalSecurityLevel": 128,
          "nistQuantumSecurityLevel": 1
        },
        "oid": "2.16.840.1.101.3.4.1.6"
      }
    },
    {
      "type": "library",
      "bom-ref": "crypto-library",
      "name": "Crypto library",
      "version": "1.0.0"
    },
    {
      "type": "library",
      "bom-ref": "some-library",
      "name": "Some library",
      "version": "1.0.0"
    }
  ],
  "dependencies": [
    {
      "ref": "acme-application",
      "dependsOn": ["crypto-library"]
    },
    {
      "ref": "crypto-library",
      "provides": ["aes128gcm"],
      "dependsOn": ["some-library"]
    }
  ]
}'''


data = json.loads(sample)

Bom.from_json(data=data)

Observed Behavior:
The code fails with the following exception:

Traceback (most recent call last):
  ...
ValueError: Unexpected key provides/provides in data being serialized to cyclonedx.model.dependency.Dependency

Environment:

  • Python version: 3.10
  • Operating System: macOS
  • Library version: 7.6.1

Let me know if this works!

@jkowalleck jkowalleck changed the title ValueError: Unexpected key provides/provides in data being serialized to cyclonedx.model.dependency.Dependency feat: add cyclonedx.model.dependency.Dependency.provides Oct 7, 2024
@jkowalleck jkowalleck added enhancement New feature or request help wanted Extra attention is needed labels Oct 7, 2024
@jkowalleck
Copy link
Member

Not a bug, but a lack of a feature.

CycloneDX python library is a community effort, everybody is free to add the bits and pieces they need. see #633

In this case, it is the property cyclonedx.model.dependency.Dependency.provides that needs to be added.
near

If you are interested in providing the missing feature, please let me know.
Then, you should follow our contributing guidelines, and you may open a pullrequest to add the missing feature.

@jkowalleck
Copy link
Member

jkowalleck commented Oct 7, 2024

see also: #537

@uzairchhapra
Copy link

@jkowalleck I am interested in contributing for this feature. I have started working on it and can release a PR shortly.

@jkowalleck
Copy link
Member

@jkowalleck I am interested in contributing for this feature. I have started working on it and can release a PR shortly.

That is fantastic, @uzairchhapra .
Feel free to open a work-in-progress "draft" pullrequest early.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request help wanted Extra attention is needed schema 1.6
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants