feat: add cyclonedx.model.crypto.ProtocolProperties.crypto_refs (#767)

Signed-off-by: Indivar Mishra <[email protected]>

Author: indiVar0508

cyclonedx/model/crypto.py

@@ -1309,11 +1309,13 @@ def __init__(
         version: Optional[str] = None,
         cipher_suites: Optional[Iterable[ProtocolPropertiesCipherSuite]] = None,
         ikev2_transform_types: Optional[Ikev2TransformTypes] = None,
+        crypto_refs: Optional[Iterable[BomRef]] = None,
     ) -> None:
         self.type = type
         self.version = version
         self.cipher_suites = cipher_suites or []  # type:ignore[assignment]
         self.ikev2_transform_types = ikev2_transform_types
+        self.crypto_refs = crypto_refs or []  # type:ignore[assignment]
 
     @property
     @serializable.xml_sequence(10)
@@ -1376,13 +1378,37 @@ def ikev2_transform_types(self) -> Optional[Ikev2TransformTypes]:
     def ikev2_transform_types(self, ikev2_transform_types: Optional[Ikev2TransformTypes]) -> None:
         self._ikev2_transform_types = ikev2_transform_types
 
+    @property
+    @serializable.xml_array(serializable.XmlArraySerializationType.FLAT, 'cryptoRef')
+    @serializable.json_name('cryptoRefArray')
+    def crypto_refs(self) -> 'SortedSet[BomRef]':
+        """
+        A list of protocol-related cryptographic assets.
+
+        Returns:
+            `Iterable[BomRef]`
+        """
+        return self._crypto_refs
+
+    @crypto_refs.setter
+    def crypto_refs(self, crypto_refs: Iterable[BomRef]) -> None:
+        self._crypto_refs = SortedSet(crypto_refs)
+
     def __eq__(self, other: object) -> bool:
         if isinstance(other, ProtocolProperties):
             return hash(other) == hash(self)
         return False
 
     def __hash__(self) -> int:
-        return hash((self.type, self.version, tuple(self.cipher_suites), self.ikev2_transform_types))
+        return hash(
+            (
+                self.type,
+                self.version,
+                tuple(self.cipher_suites),
+                self.ikev2_transform_types,
+                tuple(self.crypto_refs)
+            )
+        )
 
     def __repr__(self) -> str:
         return f'<ProtocolProperties type={self.type}, version={self.version}>'

tests/_data/models.py

@@ -708,6 +708,33 @@ def get_bom_for_issue_328_components() -> Bom:
     return bom
 
 
+def get_bom_for_issue_692_components() -> Bom:
+    """regression test for issue #692
+    see https://github.com/CycloneDX/cyclonedx-python-lib/issues/692
+    """
+    bom = _make_bom()
+
+    comp_root = Component(type=ComponentType.APPLICATION,
+                          name='my application', version='1', bom_ref='my-project')
+    comp_test = Component(
+        name='comp_test',
+        type=ComponentType.APPLICATION,
+        bom_ref='crypto/protocol/test',
+        crypto_properties=CryptoProperties(
+            asset_type=CryptoAssetType.PROTOCOL,
+            protocol_properties=ProtocolProperties(
+                type=ProtocolPropertiesType.TLS,
+                version='1.2',
+                crypto_refs=[BomRef(value='for-test')]
+            ),
+            oid='1.3.18.0.2.32.104',
+        ))
+    bom.metadata.component = comp_root
+    bom.register_dependency(comp_root, [comp_test])
+    bom.components = [comp_test]
+    return bom
+
+
 def get_component_setuptools_complete(include_pedigree: bool = True) -> Component:
     component = get_component_setuptools_simple(bom_ref='my-specific-bom-ref-for-dings')
     component.supplier = get_org_entity_1()
@@ -1449,4 +1476,5 @@ def get_bom_with_definitions_and_detailed_standards() -> Bom:
     get_bom_with_lifecycles,
     get_bom_with_definitions_standards,
     get_bom_with_definitions_and_detailed_standards,
+    get_bom_for_issue_692_components,
 }

tests/_data/snapshots/get_bom_for_issue_692_components-1.0.xml.bin

@@ -0,0 +1,10 @@
+<?xml version="1.0" ?>
+<bom xmlns="http://cyclonedx.org/schema/bom/1.0" version="1">
+  <components>
+    <component type="application">
+      <name>comp_test</name>
+      <version/>
+      <modified>false</modified>
+    </component>
+  </components>
+</bom>

tests/_data/snapshots/get_bom_for_issue_692_components-1.1.xml.bin

@@ -0,0 +1,9 @@
+<?xml version="1.0" ?>
+<bom xmlns="http://cyclonedx.org/schema/bom/1.1" serialNumber="urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac" version="1">
+  <components>
+    <component type="application" bom-ref="crypto/protocol/test">
+      <name>comp_test</name>
+      <version/>
+    </component>
+  </components>
+</bom>

tests/_data/snapshots/get_bom_for_issue_692_components-1.2.json.bin

@@ -0,0 +1,35 @@
+{
+  "components": [
+    {
+      "bom-ref": "crypto/protocol/test",
+      "name": "comp_test",
+      "type": "application",
+      "version": ""
+    }
+  ],
+  "dependencies": [
+    {
+      "ref": "crypto/protocol/test"
+    },
+    {
+      "dependsOn": [
+        "crypto/protocol/test"
+      ],
+      "ref": "my-project"
+    }
+  ],
+  "metadata": {
+    "component": {
+      "bom-ref": "my-project",
+      "name": "my application",
+      "type": "application",
+      "version": "1"
+    },
+    "timestamp": "2023-01-07T13:44:32.312678+00:00"
+  },
+  "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac",
+  "version": 1,
+  "$schema": "http://cyclonedx.org/schema/bom-1.2b.schema.json",
+  "bomFormat": "CycloneDX",
+  "specVersion": "1.2"
+}

tests/_data/snapshots/get_bom_for_issue_692_components-1.2.xml.bin

@@ -0,0 +1,22 @@
+<?xml version="1.0" ?>
+<bom xmlns="http://cyclonedx.org/schema/bom/1.2" serialNumber="urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac" version="1">
+  <metadata>
+    <timestamp>2023-01-07T13:44:32.312678+00:00</timestamp>
+    <component type="application" bom-ref="my-project">
+      <name>my application</name>
+      <version>1</version>
+    </component>
+  </metadata>
+  <components>
+    <component type="application" bom-ref="crypto/protocol/test">
+      <name>comp_test</name>
+      <version/>
+    </component>
+  </components>
+  <dependencies>
+    <dependency ref="crypto/protocol/test"/>
+    <dependency ref="my-project">
+      <dependency ref="crypto/protocol/test"/>
+    </dependency>
+  </dependencies>
+</bom>

tests/_data/snapshots/get_bom_for_issue_692_components-1.3.json.bin

@@ -0,0 +1,35 @@
+{
+  "components": [
+    {
+      "bom-ref": "crypto/protocol/test",
+      "name": "comp_test",
+      "type": "application",
+      "version": ""
+    }
+  ],
+  "dependencies": [
+    {
+      "ref": "crypto/protocol/test"
+    },
+    {
+      "dependsOn": [
+        "crypto/protocol/test"
+      ],
+      "ref": "my-project"
+    }
+  ],
+  "metadata": {
+    "component": {
+      "bom-ref": "my-project",
+      "name": "my application",
+      "type": "application",
+      "version": "1"
+    },
+    "timestamp": "2023-01-07T13:44:32.312678+00:00"
+  },
+  "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac",
+  "version": 1,
+  "$schema": "http://cyclonedx.org/schema/bom-1.3a.schema.json",
+  "bomFormat": "CycloneDX",
+  "specVersion": "1.3"
+}

tests/_data/snapshots/get_bom_for_issue_692_components-1.3.xml.bin

@@ -0,0 +1,22 @@
+<?xml version="1.0" ?>
+<bom xmlns="http://cyclonedx.org/schema/bom/1.3" serialNumber="urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac" version="1">
+  <metadata>
+    <timestamp>2023-01-07T13:44:32.312678+00:00</timestamp>
+    <component type="application" bom-ref="my-project">
+      <name>my application</name>
+      <version>1</version>
+    </component>
+  </metadata>
+  <components>
+    <component type="application" bom-ref="crypto/protocol/test">
+      <name>comp_test</name>
+      <version/>
+    </component>
+  </components>
+  <dependencies>
+    <dependency ref="crypto/protocol/test"/>
+    <dependency ref="my-project">
+      <dependency ref="crypto/protocol/test"/>
+    </dependency>
+  </dependencies>
+</bom>

tests/_data/snapshots/get_bom_for_issue_692_components-1.4.json.bin

@@ -0,0 +1,34 @@
+{
+  "components": [
+    {
+      "bom-ref": "crypto/protocol/test",
+      "name": "comp_test",
+      "type": "application"
+    }
+  ],
+  "dependencies": [
+    {
+      "ref": "crypto/protocol/test"
+    },
+    {
+      "dependsOn": [
+        "crypto/protocol/test"
+      ],
+      "ref": "my-project"
+    }
+  ],
+  "metadata": {
+    "component": {
+      "bom-ref": "my-project",
+      "name": "my application",
+      "type": "application",
+      "version": "1"
+    },
+    "timestamp": "2023-01-07T13:44:32.312678+00:00"
+  },
+  "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac",
+  "version": 1,
+  "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json",
+  "bomFormat": "CycloneDX",
+  "specVersion": "1.4"
+}

tests/_data/snapshots/get_bom_for_issue_692_components-1.4.xml.bin

@@ -0,0 +1,21 @@
+<?xml version="1.0" ?>
+<bom xmlns="http://cyclonedx.org/schema/bom/1.4" serialNumber="urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac" version="1">
+  <metadata>
+    <timestamp>2023-01-07T13:44:32.312678+00:00</timestamp>
+    <component type="application" bom-ref="my-project">
+      <name>my application</name>
+      <version>1</version>
+    </component>
+  </metadata>
+  <components>
+    <component type="application" bom-ref="crypto/protocol/test">
+      <name>comp_test</name>
+    </component>
+  </components>
+  <dependencies>
+    <dependency ref="crypto/protocol/test"/>
+    <dependency ref="my-project">
+      <dependency ref="crypto/protocol/test"/>
+    </dependency>
+  </dependencies>
+</bom>

tests/_data/snapshots/get_bom_for_issue_692_components-1.5.json.bin

@@ -0,0 +1,44 @@
+{
+  "components": [
+    {
+      "bom-ref": "crypto/protocol/test",
+      "name": "comp_test",
+      "type": "application"
+    }
+  ],
+  "dependencies": [
+    {
+      "ref": "crypto/protocol/test"
+    },
+    {
+      "dependsOn": [
+        "crypto/protocol/test"
+      ],
+      "ref": "my-project"
+    }
+  ],
+  "metadata": {
+    "component": {
+      "bom-ref": "my-project",
+      "name": "my application",
+      "type": "application",
+      "version": "1"
+    },
+    "timestamp": "2023-01-07T13:44:32.312678+00:00"
+  },
+  "properties": [
+    {
+      "name": "key1",
+      "value": "val1"
+    },
+    {
+      "name": "key2",
+      "value": "val2"
+    }
+  ],
+  "serialNumber": "urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac",
+  "version": 1,
+  "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
+  "bomFormat": "CycloneDX",
+  "specVersion": "1.5"
+}

tests/_data/snapshots/get_bom_for_issue_692_components-1.5.xml.bin

@@ -0,0 +1,25 @@
+<?xml version="1.0" ?>
+<bom xmlns="http://cyclonedx.org/schema/bom/1.5" serialNumber="urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac" version="1">
+  <metadata>
+    <timestamp>2023-01-07T13:44:32.312678+00:00</timestamp>
+    <component type="application" bom-ref="my-project">
+      <name>my application</name>
+      <version>1</version>
+    </component>
+  </metadata>
+  <components>
+    <component type="application" bom-ref="crypto/protocol/test">
+      <name>comp_test</name>
+    </component>
+  </components>
+  <dependencies>
+    <dependency ref="crypto/protocol/test"/>
+    <dependency ref="my-project">
+      <dependency ref="crypto/protocol/test"/>
+    </dependency>
+  </dependencies>
+  <properties>
+    <property name="key1">val1</property>
+    <property name="key2">val2</property>
+  </properties>
+</bom>