fix: further fix for #150

Signed-off-by: Paul Horton <[email protected]>

Author: madpah

cyclonedx/output/json.py

@@ -89,6 +89,9 @@ def _specialise_output_for_schema_version(self, bom_json: Dict[Any, Any]) -> str
         # Iterate Components
         if 'components' in bom_json.keys():
             for i in range(len(bom_json['components'])):
+                if 'version' not in bom_json['components'][i].keys() and not self.component_version_optional():
+                    bom_json['components'][i]['version'] = ''
+
                 if not self.component_supports_author() and 'author' in bom_json['components'][i].keys():
                     del bom_json['components'][i]['author']
 

cyclonedx/output/serializer/json.py

@@ -29,6 +29,7 @@
 from packageurl import PackageURL  # type: ignore
 
 from cyclonedx.model import XsUri
+from cyclonedx.model.component import Component
 
 HYPHENATED_ATTRIBUTES = [
     'bom_ref', 'mime_type', 'x_trust_boundary'

tests/fixtures/json/1.3/bom_setuptools_no_version.json

@@ -17,16 +17,16 @@
   "components": [
     {
       "type": "library",
-      "bom-ref": "pkg:pypi/setuptools@50.3.2?extension=tar.gz",
+      "bom-ref": "pkg:pypi/setuptools?extension=tar.gz",
       "author": "Test Author",
       "name": "setuptools",
-      "version": "50.3.2",
+      "version": "",
       "licenses": [
         {
           "expression": "MIT License"
         }
       ],
-      "purl": "pkg:pypi/setuptools@50.3.2?extension=tar.gz"
+      "purl": "pkg:pypi/setuptools?extension=tar.gz"
     }
   ]
 }

tests/test_component.py

@@ -24,6 +24,8 @@
 from cyclonedx.model.bom import Bom
 from cyclonedx.model.component import Component
 
+FIXTURES_DIRECTORY = 'fixtures/xml/1.4'
+
 
 class TestComponent(TestCase):
 
@@ -94,12 +96,12 @@ def test_purl_with_qualifiers(self) -> None:
         self.assertEqual(purl.qualifiers, {'extension': 'tar.gz'})
 
     def test_from_file_with_path_for_bom(self) -> None:
-        test_file = join(dirname(__file__), 'fixtures/bom_setuptools.xml')
+        test_file = join(dirname(__file__), FIXTURES_DIRECTORY, 'bom_setuptools.xml')
         c = Component.for_file(absolute_file_path=test_file, path_for_bom='fixtures/bom_setuptools.xml')
         self.assertEqual(c.name, 'fixtures/bom_setuptools.xml')
-        self.assertEqual(c.version, '0.0.0-16932e52ed1e')
+        self.assertEqual(c.version, '0.0.0-38165abddb68')
         purl = PackageURL(
-            type='generic', name='fixtures/bom_setuptools.xml', version='0.0.0-16932e52ed1e'
+            type='generic', name='fixtures/bom_setuptools.xml', version='0.0.0-38165abddb68'
         )
         self.assertEqual(c.purl, purl)
         self.assertEqual(len(c.hashes), 1)

tests/test_output_generic.py

@@ -19,7 +19,6 @@
 
 from unittest import TestCase
 
-from cyclonedx.exception.output import ComponentVersionRequiredException
 from cyclonedx.model.bom import Bom
 from cyclonedx.model.component import Component
 from cyclonedx.output import get_instance, OutputFormat, SchemaVersion
@@ -46,6 +45,5 @@ def test_get_instance_xml_v1_3(self) -> None:
         self.assertIsInstance(i, XmlV1Dot3)
 
     def test_component_no_version_v1_3(self) -> None:
-        with self.assertRaises(ComponentVersionRequiredException):
-            outputter: Xml = get_instance(bom=TestOutputGeneric._bom, schema_version=SchemaVersion.V1_3)
-            outputter.output_as_string()
+        i = get_instance(bom=TestOutputGeneric._bom, schema_version=SchemaVersion.V1_3)
+        self.assertIsInstance(i, XmlV1Dot3)