feat: add CycloneDX document validators to public API #433

jkowalleck · 2023-09-14T11:50:41Z

fixes #432

used (optional) dependencies require python>=3.8

test data taken from https://github.com/CycloneDX/specification/tree/1.5/tools/src/test/resources

🏗️ TODO

codacy-production · 2023-09-18T12:44:09Z

Coverage summary from Codacy

See diff coverage on Codacy

Coverage variation	Diff coverage
-0.17%	89.36%

Coverage variation details

	Coverable lines	Covered lines	Coverage
Common ancestor commit (`e55437b`)	2975	2765	92.94%
Head commit (`59f6292`)	3114 (+139)	2889 (+124)	92.78% (-0.17%)

Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: <coverage of head commit> - <coverage of common ancestor commit>

Diff coverage details

	Coverable lines	Covered lines	Diff coverage
Pull request (#433)	141	126	89.36%

Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: <covered lines added or modified>/<coverable lines added or modified> * 100%

See your quality gate settings Change summary preferences

Signed-off-by: Jan Kowalleck <[email protected]>

BREAKING CHANGES ---------------- * Dropped support for python<3.8 ([#436] via [#441]; enable [#433]) * Reworked license related models, collections, and factories ([#365] via [#466]) * Behavior * Method `model.bom.Bom.validate()` will throw `exception.LicenseExpressionAlongWithOthersException`, if detecting invalid license constellation ([#453] via [#452]) * Fixed tuple comparison when unequal lengths (via [#461]) * API * Enum `schema.SchemaVersion` is no longer string-like ([#442] via [#447]) * Enum `schema.OutputVersion` is no longer string-like ([#442] via [#447]) * Abstract class `output.BaseOutput` requires implementation of new method `output_format` ([#446] via [#447]) * Abstract method `output.BaseOutput.output_as_string()` got new optional parameter `indent` ([#437] via [#458]) * Abstract method `output.BaseOutput.output_as_string()` accepts arbitrary kwargs (via [#458], [#462]) * Removed class `factory.license.LicenseChoiceFactory` (via [#466]) The old functionality was integrated into `factory.license.LicenseFactory`. * Method `factory.license.LicenseFactory.make_from_string()`'s parameter `name_or_spdx` was renamed to `value` (via [#466]) * Method `factory.license.LicenseFactory.make_from_string()`'s return value can also be a `LicenseExpression` ([#365] via [#466]) The behavior imitates the old `factory.license.LicenseChoiceFactory.make_from_string()` * Renamed class `module.License` to `module.license.DisjunctliveLicense` ([#365] via [#466]) * Removed class `module.LicenseChoice` ([#365] via [#466]) Use dedicated classes `module.license.DisjunctliveLicense` and `module.license.LicenseExpression` instead * All occurrences of `models.LicenseChoice` were replaced by `models.licenses.License` ([#365] via [#466]) * All occurrences of `SortedSet[LicenseChoice]` were specialized to `models.license.LicenseRepository` ([#365] via [#466]) Fixed ---------------- * Serialization of multy-licenses ([#365] via [#466]) * Detect unused "dependent" components in `model.bom.validate()` (via [#464]) Changed ---------------- * Updated latest supported list of supported SPDX license identifiers (via [#433]) * Shipped schema files are moved to a protected space (via [#433]) These files were never intended for public use. * XML output uses a default namespace, which makes results smaller. ([#438] via [#458]) Added ---------------- * Support for Python 3.12 (via [#460]) * JSON- & XML-Validators ([#432], [#446] via [#433], [#448]) The functionality might require additional dependencies, that can be installed with the extra "validation". See the docs in section "Installation" for details. * JSON & XML can be generated in a more human-friendly form ([#437], [#438] via [#458]) * Type hints, typings & overloads for better integration downstream (via [#463]) * API * New function `output.make_outputter()` (via [#469]) This replaces the deprecated function `output.get_instance()`. * New sub-package `validation` ([#432], [#446] via [#433], [#448], [#469], [#468], [#469]) * New class `exception.MissingOptionalDependencyException` ([#432] via [#433]) * New class `exception.LicenseExpressionAlongWithOthersException` ([#453] via [#452]) * New dictionaries `output.{json,xml}.BY_SCHEMA_VERSION` ([#446] via [#447]) * Existing implementations of class `output.BaseOutput` now have a new method `output_format` ([#446] via [#447]) * Existing implementations of method `output.BaseOutput.output_as_string()` got new optional parameter `indent` ([#437] via [#458]) * Existing implementations of method `output.BaseOutput.output_to_file()` got new optional parameter `indent` ([#437] via [#458]) * New method `factory.license.LicenseFactory.make_with_expression()` (via [#466]) * New class `model.license.DisjunctiveLicense` ([#365] via [#466]) * New class `model.license.LicenseExpression` ([#365] via [#466]) * New class `model.license.LicenseRepository` ([#365] via [#466]) * New class `serialization.LicenseRepositoryHelper` ([#365] via [#466]) Deprecated ---------------- * Function `output.get_instance()` might be removed, use `output.make_outputter()` instead (via [#469]) Tests ---------------- * Added validation tests with official CycloneDX schema test data ([#432] via [#433]) * Use proper snapshots, instead of pseudo comparison ([#437] via [#464]) * Added regression test for bug [#365] (via [#466], [#467]) Misc ---------------- * Dependencies: bumped `py-serializable@^0.15.0`, was `@^0.11.1` (via [#458], [#463], [#464], [#466]) * Style: streamlined quotes and strings (via [#472]) * Chore: bumped internal dev- and QA-tools ([#436] via [#441], [#472]) * Chore: added more QA tools to prevent common security issues (via [#473]) [#432]: #432 [#433]: #433 [#436]: #436 [#437]: #437 [#365]: #365 [#438]: #438 [#440]: #440 [#441]: #441 [#442]: #442 [#446]: #446 [#447]: #447 [#448]: #448 [#452]: #452 [#453]: #453 [#458]: #458 [#460]: #460 [#461]: #461 [#462]: #462 [#463]: #463 [#464]: #464 [#466]: #466 [#467]: #467 [#468]: #468 [#469]: #469 [#472]: #472 [#473]: #473 --------- Signed-off-by: Jan Kowalleck <[email protected]> Signed-off-by: Jan Kowalleck <[email protected]> Signed-off-by: semantic-release <semantic-release> Co-authored-by: semantic-release <semantic-release>

jkowalleck added the enhancement New feature or request label Sep 14, 2023

jkowalleck changed the title ~~[WIP] Feat/validate~~ [WIP] feat: add CycloneDX document validators Sep 14, 2023

jkowalleck changed the title ~~[WIP] feat: add CycloneDX document validators~~ [WIP] feat: add CycloneDX document validators to public API Sep 14, 2023

jkowalleck force-pushed the feat/validate branch 2 times, most recently from c740970 to 53fc6d9 Compare September 16, 2023 16:21

jkowalleck added this to the 5.0.0 milestone Sep 16, 2023

jkowalleck force-pushed the feat/validate branch from 2a85a50 to 36cf406 Compare September 18, 2023 12:32

jkowalleck changed the base branch from main to 5.0.0-dev September 19, 2023 07:55

jkowalleck force-pushed the feat/validate branch from 577bb89 to f4a97de Compare September 19, 2023 08:57

jkowalleck added 20 commits September 19, 2023 11:09

move test data

f91080e

Signed-off-by: Jan Kowalleck <[email protected]>

test data fetcher

75bbcfc

Signed-off-by: Jan Kowalleck <[email protected]>

fetched schema test data

64749f9

Signed-off-by: Jan Kowalleck <[email protected]>

moved res

2285e43

Signed-off-by: Jan Kowalleck <[email protected]>

style

e299a0b

Signed-off-by: Jan Kowalleck <[email protected]>

exclude dotfiles

bf84179

Signed-off-by: Jan Kowalleck <[email protected]>

add extra dependencies

629ebe1

Signed-off-by: Jan Kowalleck <[email protected]>

prep implementation

adb5f0d

Signed-off-by: Jan Kowalleck <[email protected]>

schema downloader & applied

1857841

Signed-off-by: Jan Kowalleck <[email protected]>

wip

20e4b05

Signed-off-by: Jan Kowalleck <[email protected]>

wip

299c33e

Signed-off-by: Jan Kowalleck <[email protected]>

wip

70c17a3

Signed-off-by: Jan Kowalleck <[email protected]>

wip

4fb97b0

Signed-off-by: Jan Kowalleck <[email protected]>

wip

0c3de04

Signed-off-by: Jan Kowalleck <[email protected]>

move res

53dc87d

Signed-off-by: Jan Kowalleck <[email protected]>

cleanup

43cd4ca

Signed-off-by: Jan Kowalleck <[email protected]>

bump schema

41af342

Signed-off-by: Jan Kowalleck <[email protected]>

cleanups and tets

dbc0ed6

Signed-off-by: Jan Kowalleck <[email protected]>

compat fixes

207dd19

Signed-off-by: Jan Kowalleck <[email protected]>

fix tox

f246747

Signed-off-by: Jan Kowalleck <[email protected]>

jkowalleck added 3 commits September 19, 2023 11:09

qa

7d9f394

Signed-off-by: Jan Kowalleck <[email protected]>

fix ci

65f8f71

Signed-off-by: Jan Kowalleck <[email protected]>

qa fixes

12955f7

Signed-off-by: Jan Kowalleck <[email protected]>

jkowalleck force-pushed the feat/validate branch from 8bbb1e3 to 12955f7 Compare September 19, 2023 09:09

jkowalleck added 17 commits September 19, 2023 12:18

xml validator

646185a

Signed-off-by: Jan Kowalleck <[email protected]>

examples

df4b329

Signed-off-by: Jan Kowalleck <[email protected]>

docs

4c0f74f

Signed-off-by: Jan Kowalleck <[email protected]>

extras foo

eb9cd50

Signed-off-by: Jan Kowalleck <[email protected]>

docs

3a68e56

Signed-off-by: Jan Kowalleck <[email protected]>

docs

1e0b278

Signed-off-by: Jan Kowalleck <[email protected]>

examples

af01f22

Signed-off-by: Jan Kowalleck <[email protected]>

docs

82d7cbf

Signed-off-by: Jan Kowalleck <[email protected]>

docs

9527999

Signed-off-by: Jan Kowalleck <[email protected]>

docs

4ab5857

Signed-off-by: Jan Kowalleck <[email protected]>

rb

4027fdb

Signed-off-by: Jan Kowalleck <[email protected]>

docs

f33e337

Signed-off-by: Jan Kowalleck <[email protected]>

docs

f770dca

Signed-off-by: Jan Kowalleck <[email protected]>

cleanup

0812938

Signed-off-by: Jan Kowalleck <[email protected]>

fix

24ad693

Signed-off-by: Jan Kowalleck <[email protected]>

docs ci

638e18a

Signed-off-by: Jan Kowalleck <[email protected]>

isort

59f6292

Signed-off-by: Jan Kowalleck <[email protected]>

jkowalleck marked this pull request as ready for review September 19, 2023 16:13

jkowalleck requested a review from a team as a code owner September 19, 2023 16:13

jkowalleck changed the title ~~[WIP] feat: add CycloneDX document validators to public API~~ feat: add CycloneDX document validators to public API Sep 19, 2023

jkowalleck merged commit 5f404e6 into 5.0.0-dev Sep 19, 2023
34 checks passed

jkowalleck deleted the feat/validate branch September 19, 2023 16:21

jkowalleck mentioned this pull request Sep 19, 2023

feat!: v5.0.0 #440

Merged

jkowalleck added a commit that referenced this pull request Sep 20, 2023

feat: add CycloneDX document validators to public API (#433)

a4f5ec5

Signed-off-by: Jan Kowalleck <[email protected]>

ptdropper mentioned this pull request Jul 21, 2024

make_with_license dependency breaking change CycloneDX/cyclonedx-buildroot#37

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat: add CycloneDX document validators to public API #433

feat: add CycloneDX document validators to public API #433

jkowalleck commented Sep 14, 2023 •

edited

Loading

codacy-production bot commented Sep 18, 2023 •

edited

Loading

feat: add CycloneDX document validators to public API #433

feat: add CycloneDX document validators to public API #433

Conversation

jkowalleck commented Sep 14, 2023 • edited Loading

codacy-production bot commented Sep 18, 2023 • edited Loading

Coverage summary from Codacy

See diff coverage on Codacy

See your quality gate settings Change summary preferences

jkowalleck commented Sep 14, 2023 •

edited

Loading

codacy-production bot commented Sep 18, 2023 •

edited

Loading