Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

model.contact.OrganizationalEntity missing bom_ref attribute #799

Open
Yowgf opened this issue Mar 10, 2025 · 3 comments
Open

model.contact.OrganizationalEntity missing bom_ref attribute #799

Yowgf opened this issue Mar 10, 2025 · 3 comments
Labels
enhancement New feature or request help wanted Extra attention is needed schema 1.6

Comments

@Yowgf
Copy link

Yowgf commented Mar 10, 2025
edited
Loading

Example

import json
from cyclonedx.model.bom import Bom
from cyclonedx.validation.json import JsonStrictValidator
from cyclonedx.schema import OutputFormat, SchemaVersion
specification = {
    "bomFormat": "CycloneDX",
    "specVersion": "1.6",
    "serialNumber": "urn:uuid:835142d8-05ce-4729-bcb9-ff39cb67eb37",
    "version": 1,
    "metadata": {
        "timestamp": "2025-03-10T17:25:47Z",
        "tools": {
            "services": [
                {
                    "provider": {
                        "name": "Example",
                        "url": [
                            "https://example.com/"
                        ],
                        "bom-ref": "Example"
                    },
                    "name": "Example",
                }
            ]
        },
        "properties": []
    }
}
validator = JsonStrictValidator(SchemaVersion.V1_6)
if validator.validate_str(json.dumps(specification)) is not None:
  raise Exception("Validation failed")

Bom.from_json(specification)  # raises an error

The error that Bom.from_json throws is ValueError: Unexpected key bom-ref/bom-ref in data being serialized to cyclonedx.model.contact.OrganizationalEntity

Cause

I believe OrganizationEntity is missing the attribute bom_ref. It seems that the schema includes it, so the example specification above is correct: https://cyclonedx.org/docs/1.6/xml/#type_organizationalEntity

Fix

Adding bom_ref to OrganizationalEntity should resolve the issue. The attribute should be attached to the bom-ref key, similar to the class cyclonedx.model.contact.PostalAddress.

Environment

I ran into the error using python 3.10.12 and also in 3.13.2. I used version 9.1.0 of the package cyclonedx-python-lib. Hashes:

files = [
    {file = "cyclonedx_python_lib-9.1.0-py3-none-any.whl", hash = "sha256:55693fca8edaecc3363b24af14e82cc6e659eb1e8353e58b587c42652ce0fb52"},
    {file = "cyclonedx_python_lib-9.1.0.tar.gz", hash = "sha256:86935f2c88a7b47a529b93c724dbd3e903bc573f6f8bd977628a7ca1b5dadea1"},
]
@jkowalleck
Copy link
Member

Feel free to pull requests the needed changes

@jkowalleck jkowalleck added enhancement New feature or request help wanted Extra attention is needed schema 1.6 labels Mar 11, 2025
@jkowalleck jkowalleck mentioned this issue Mar 11, 2025
Open
3 tasks
@Yowgf
Copy link
Author

Yowgf commented Mar 11, 2025

Thanks for taking a look! I will create a PR soon (this week) for the changes mentioned above.

@Yowgf Yowgf mentioned this issue Mar 12, 2025
Open
@Yowgf
Copy link
Author

Yowgf commented Mar 12, 2025

Created PR #801. Please let me know if that makes sense or if you have any concerns.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request help wanted Extra attention is needed schema 1.6
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jkowalleck @Yowgf