Fixed issues with invalid test structures for field enum

Author: wahl-sec

cyclonedx/exception/serialization.py

@@ -44,6 +44,15 @@ class SerializationOfUnsupportedComponentTypeException(CycloneDxSerializationExc
     """
 
 
+class SerializationOfUnsupportedComponentIdentityEvidenceFieldException(CycloneDxSerializationException):
+    """
+    Raised when attempting serializing/normalizing a :py:class:`cyclonedx.model.component.Component`
+    to a :py:class:`cyclonedx.schema.schema.BaseSchemaVersion`
+    which does not support that :py:class:`cyclonedx.model.component.ComponentIdentityEvidenceField`
+    .
+    """
+
+
 class SerializationOfUnexpectedValueException(CycloneDxSerializationException, ValueError):
     """
     Raised when attempting serializing/normalizing a type that is not expected there.

cyclonedx/model/component.py

@@ -38,6 +38,7 @@
 from ..exception.serialization import (
     CycloneDxDeserializationException,
     SerializationOfUnexpectedValueException,
+    SerializationOfUnsupportedComponentIdentityEvidenceFieldException,
     SerializationOfUnsupportedComponentTypeException,
 )
 from ..schema.schema import (
@@ -237,10 +238,11 @@ class _ComponentIdentityEvidenceFieldSerializationHelper(serializable.helpers.Ba
     }
 
     @classmethod
-    def __normalize(cls, cs: ComponentIdentityEvidenceField, view: Type[serializable.ViewType]) -> Optional[str]:
-        return cs.value \
-            if cs in cls.__CASES.get(view, ()) \
-            else None
+    def __normalize(cls, cief: ComponentIdentityEvidenceField, view: Type[serializable.ViewType]) -> Optional[str]:
+        if cief in cls.__CASES.get(view, ()):
+            return cief.value
+        raise SerializationOfUnsupportedComponentIdentityEvidenceFieldException(
+            f'unsupported {cief!r} for view {view!r}')
 
     @classmethod
     def json_normalize(cls, o: Any, *,
@@ -492,7 +494,7 @@ def confidence(self, confidence: Optional[float]) -> None:
         self._confidence = confidence
 
     @property
-    @serializable.type_mapping(ComponentIdentityEvidenceMethod)
+    @serializable.xml_array(serializable.XmlArraySerializationType.NESTED, 'method')
     @serializable.xml_sequence(3)
     def methods(self) -> 'SortedSet[ComponentIdentityEvidenceMethod]':
         """
@@ -572,7 +574,7 @@ def __init__(
     @property
     @serializable.view(SchemaVersion1Dot5)
     @serializable.view(SchemaVersion1Dot6)
-    @serializable.xml_array(serializable.XmlArraySerializationType.NESTED, 'identity')
+    @serializable.xml_array(serializable.XmlArraySerializationType.FLAT, 'identity')
     @serializable.xml_sequence(1)
     def identity(self) -> 'SortedSet[ComponentIdentityEvidence]':
         """

tests/_data/snapshots/enum_ComponentIdentityEvidenceField-1.0.xml.bin

@@ -1,4 +1,10 @@
 <?xml version="1.0" ?>
 <bom xmlns="http://cyclonedx.org/schema/bom/1.0" version="1">
-  <components/>
+  <components>
+    <component type="library">
+      <name>dummy</name>
+      <version/>
+      <modified>false</modified>
+    </component>
+  </components>
 </bom>

tests/_data/snapshots/enum_ComponentIdentityEvidenceField-1.1.xml.bin

@@ -1,4 +1,9 @@
 <?xml version="1.0" ?>
 <bom xmlns="http://cyclonedx.org/schema/bom/1.1" serialNumber="urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac" version="1">
-  <components/>
+  <components>
+    <component type="library" bom-ref="dummy">
+      <name>dummy</name>
+      <version/>
+    </component>
+  </components>
 </bom>

tests/_data/snapshots/enum_ComponentIdentityEvidenceField-1.2.json.bin

@@ -1,4 +1,17 @@
 {
+  "components": [
+    {
+      "bom-ref": "dummy",
+      "name": "dummy",
+      "type": "library",
+      "version": ""
+    }
+  ],
+  "dependencies": [
+    {
+      "ref": "dummy"
+    }
+  ],
   "metadata": {
     "timestamp": "2023-01-07T13:44:32.312678+00:00",
     "tools": [
@@ -14,4 +27,4 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.2b.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.2"
-}
+}

tests/_data/snapshots/enum_ComponentIdentityEvidenceField-1.2.xml.bin

@@ -10,4 +10,13 @@
       </tool>
     </tools>
   </metadata>
+  <components>
+    <component type="library" bom-ref="dummy">
+      <name>dummy</name>
+      <version/>
+    </component>
+  </components>
+  <dependencies>
+    <dependency ref="dummy"/>
+  </dependencies>
 </bom>

tests/_data/snapshots/enum_ComponentIdentityEvidenceField-1.3.json.bin

@@ -1,4 +1,24 @@
 {
+  "components": [
+    {
+      "bom-ref": "dummy",
+      "evidence": {
+        "copyright": [
+          {
+            "text": "Dummy"
+          }
+        ]
+      },
+      "name": "dummy",
+      "type": "library",
+      "version": ""
+    }
+  ],
+  "dependencies": [
+    {
+      "ref": "dummy"
+    }
+  ],
   "metadata": {
     "timestamp": "2023-01-07T13:44:32.312678+00:00",
     "tools": [
@@ -14,4 +34,4 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.3a.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.3"
-}
+}

tests/_data/snapshots/enum_ComponentIdentityEvidenceField-1.3.xml.bin

@@ -10,4 +10,18 @@
       </tool>
     </tools>
   </metadata>
+  <components>
+    <component type="library" bom-ref="dummy">
+      <name>dummy</name>
+      <version/>
+      <evidence>
+        <copyright>
+          <text>Dummy</text>
+        </copyright>
+      </evidence>
+    </component>
+  </components>
+  <dependencies>
+    <dependency ref="dummy"/>
+  </dependencies>
 </bom>

tests/_data/snapshots/enum_ComponentIdentityEvidenceField-1.4.json.bin

@@ -1,8 +1,61 @@
 {
+  "components": [
+    {
+      "bom-ref": "dummy",
+      "evidence": {
+        "copyright": [
+          {
+            "text": "Dummy"
+          }
+        ]
+      },
+      "name": "dummy",
+      "type": "library"
+    }
+  ],
+  "dependencies": [
+    {
+      "ref": "dummy"
+    }
+  ],
   "metadata": {
     "timestamp": "2023-01-07T13:44:32.312678+00:00",
     "tools": [
       {
+        "externalReferences": [
+          {
+            "type": "build-system",
+            "url": "https://github.com/CycloneDX/cyclonedx-python-lib/actions"
+          },
+          {
+            "type": "distribution",
+            "url": "https://pypi.org/project/cyclonedx-python-lib/"
+          },
+          {
+            "type": "documentation",
+            "url": "https://cyclonedx-python-library.readthedocs.io/"
+          },
+          {
+            "type": "issue-tracker",
+            "url": "https://github.com/CycloneDX/cyclonedx-python-lib/issues"
+          },
+          {
+            "type": "license",
+            "url": "https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/LICENSE"
+          },
+          {
+            "type": "release-notes",
+            "url": "https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/CHANGELOG.md"
+          },
+          {
+            "type": "vcs",
+            "url": "https://github.com/CycloneDX/cyclonedx-python-lib"
+          },
+          {
+            "type": "website",
+            "url": "https://github.com/CycloneDX/cyclonedx-python-lib/#readme"
+          }
+        ],
         "name": "cyclonedx-python-lib",
         "vendor": "CycloneDX",
         "version": "TESTING"
@@ -14,4 +67,4 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.4"
-}
+}

tests/_data/snapshots/enum_ComponentIdentityEvidenceField-1.4.xml.bin

@@ -1,4 +1,3 @@
-
 <?xml version="1.0" ?>
 <bom xmlns="http://cyclonedx.org/schema/bom/1.4" serialNumber="urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac" version="1">
   <metadata>
@@ -8,7 +7,46 @@
         <vendor>CycloneDX</vendor>
         <name>cyclonedx-python-lib</name>
         <version>TESTING</version>
+        <externalReferences>
+          <reference type="build-system">
+            <url>https://github.com/CycloneDX/cyclonedx-python-lib/actions</url>
+          </reference>
+          <reference type="distribution">
+            <url>https://pypi.org/project/cyclonedx-python-lib/</url>
+          </reference>
+          <reference type="documentation">
+            <url>https://cyclonedx-python-library.readthedocs.io/</url>
+          </reference>
+          <reference type="issue-tracker">
+            <url>https://github.com/CycloneDX/cyclonedx-python-lib/issues</url>
+          </reference>
+          <reference type="license">
+            <url>https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/LICENSE</url>
+          </reference>
+          <reference type="release-notes">
+            <url>https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/CHANGELOG.md</url>
+          </reference>
+          <reference type="vcs">
+            <url>https://github.com/CycloneDX/cyclonedx-python-lib</url>
+          </reference>
+          <reference type="website">
+            <url>https://github.com/CycloneDX/cyclonedx-python-lib/#readme</url>
+          </reference>
+        </externalReferences>
       </tool>
     </tools>
   </metadata>
+  <components>
+    <component type="library" bom-ref="dummy">
+      <name>dummy</name>
+      <evidence>
+        <copyright>
+          <text>Dummy</text>
+        </copyright>
+      </evidence>
+    </component>
+  </components>
+  <dependencies>
+    <dependency ref="dummy"/>
+  </dependencies>
 </bom>

tests/_data/snapshots/enum_ComponentIdentityEvidenceField-1.5.json.bin

@@ -2,13 +2,20 @@
   "components": [
     {
       "bom-ref": "dummy",
-      "name": "dummy",
-      "type": "application",
       "evidence": {
-        "identity": {
-          "field": "group"
-        }
-      }
+        "copyright": [
+          {
+            "text": "Dummy"
+          }
+        ]
+      },
+      "name": "dummy",
+      "type": "library"
+    }
+  ],
+  "dependencies": [
+    {
+      "ref": "dummy"
     }
   ],
   "metadata": {
@@ -70,4 +77,4 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.5"
-}
+}

tests/_data/snapshots/enum_ComponentIdentityEvidenceField-1.5.xml.bin

@@ -37,15 +37,18 @@
     </tools>
   </metadata>
   <components>
-    <component type="application" bom-ref="scoped">
+    <component type="library" bom-ref="dummy">
       <name>dummy</name>
       <evidence>
-        <identity>
-          <field>group</field>
-        </identity>
+        <copyright>
+          <text>Dummy</text>
+        </copyright>
       </evidence>
     </component>
   </components>
+  <dependencies>
+    <dependency ref="dummy"/>
+  </dependencies>
   <properties>
     <property name="key1">val1</property>
     <property name="key2">val2</property>