Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: support for deserialization from JSON and XML #290

Merged
merged 70 commits into from
Mar 3, 2023
Merged

feat: support for deserialization from JSON and XML #290

merged 70 commits into from
Mar 3, 2023

Conversation

madpah
Copy link
Collaborator

@madpah madpah commented Aug 15, 2022
edited by jkowalleck
Loading

BREAKING CHANGE:

This development implements a (currently in Pre-Alpha) library developed specifically to address serialization and deserialization to/from JSON/XML and Pythonic Classes that utilise the @property decorator. See #185.

Included in this PR:

  • Ensuring all manner of CDX documents and be deserialized
  • Replacing the hard-coded serialization code with this library
  • Completing Test Coverage
  • Bringing the external library py-serializable to a stable state

Also in this PR are the following PR's/Features:

Current known limitations:

  • Requires Python >= 3.7 (see above)
  • (De-)serialization of Vulnerabilities in schema version < 1.4 is now NOT supported - prior to 1.4 - we have dropped support for the Vulnerabilities Schema Extension in this PR

@madpah madpah added this to the 3.0.0 milestone Aug 15, 2022
@madpah madpah added enhancement New feature or request breaking change labels Aug 15, 2022
@madpah madpah self-assigned this Aug 15, 2022
sonatype-lift[bot]
sonatype-lift bot reviewed Aug 24, 2022
View reviewed changes
sonatype-lift[bot]
sonatype-lift bot reviewed Sep 13, 2022
View reviewed changes
@javihernandez javihernandez mentioned this pull request Sep 21, 2022
Open
@javihernandez
Copy link

Hi @madpah,

first, thanks for your work on this python library, it really helped us in our first steps towards SBOM generation of some of the assets created in the AlmaLinux Build System, which is used to build the packages of the AlmaLinux OS distribution. As you can see here, I gave a try to this branch and although it already meets our expectations, and following @stevespringett's advice, I would like to mention that the bom-refs are missing after reusing an already existing SBOM. Is it maybe already in your radar and that you'll be fixing soon? Thanks and keep up the good work!

@pombredanne
Copy link

@madpah Hey! 'sup? what's the plan on this? Fancy some help?

@pombredanne
Copy link

If help is wanted, help could be provided ;)

@pombredanne pombredanne mentioned this pull request Jan 13, 2023
Closed
@pombredanne
Copy link

@keshav-space We would likely use this for aboutcode-org/scancode.io#583 ;)

sonatype-lift[bot]
sonatype-lift bot reviewed Jan 23, 2023
View reviewed changes
@madpah
code style
ab2b670 
Signed-off-by: Paul Horton <[email protected]>
@madpah
disabled logger for serializable
be97e0e 
Signed-off-by: Paul Horton <[email protected]>
@madpah
test_bom_v1_4_issue_275_components failed but `test_bom_v1_3_issue_…
b271e6c 
…275_components` passed?

Signed-off-by: Paul Horton <[email protected]>
@madpah
code style
18e9e1b 
Signed-off-by: Paul Horton <[email protected]>
@madpah
ci: corrected ci workflow
a88d19f 
Signed-off-by: Paul Horton <[email protected]>
@madpah madpah marked this pull request as ready for review February 27, 2023 19:53
@madpah
Copy link
Collaborator Author

madpah commented Feb 27, 2023

@javihernandez - thanks for your patience. If you are able to retest this branch again now - I believe we have the Dependency work complete now.

FYI @jkowalleck @pombredanne

jkowalleck
jkowalleck requested changes Mar 1, 2023
View reviewed changes
Copy link
Member

@jkowalleck jkowalleck left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

reviewed 9 / 136 files

  • 📝 marked breaking changes and enhancements that need to be documented in the changelog
  • ❓ had some questions that prevent me from approval
  • ❌ had some things that require changes and fixes that prevent me from approval

madpah added 3 commits March 2, 2023 16:10
@madpah
fix: upstream fix in serializable when deserializing BOMs with empt…
ebf7a7e 
…y XML elements

Signed-off-by: Paul Horton <[email protected]>
@madpah
code style
212e4ce 
Signed-off-by: Paul Horton <[email protected]>
@madpah
code style
bf46aa7 
Signed-off-by: Paul Horton <[email protected]>
@madpah madpah mentioned this pull request Mar 3, 2023
Merged
@jkowalleck jkowalleck self-requested a review March 3, 2023 11:00
madpah added 2 commits March 3, 2023 11:49
@madpah
QA - addressed feedback from avoiding python builtins and `keywords…
d9fef04 
…` making our models look odd

Signed-off-by: Paul Horton <[email protected]>
@madpah
put factory back to a factory
f9e742e 
Signed-off-by: Paul Horton <[email protected]>
jkowalleck
jkowalleck reviewed Mar 3, 2023
View reviewed changes
Copy link
Member

@jkowalleck jkowalleck left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍
Some notes on some parameters regarding shadowing.
Overall, I do not see any issues with your changes,

@madpah madpah merged commit 676c941 into dev/4.0.0 Mar 3, 2023
@madpah madpah deleted the feat/deserialization-to-object-model branch March 3, 2023 15:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jkowalleck jkowalleck jkowalleck requested changes

@sonatype-lift sonatype-lift[bot] sonatype-lift[bot] left review comments

Assignees

@madpah madpah

Labels
breaking change enhancement New feature or request
Projects
None yet
Milestone
4.0.0
Development

Successfully merging this pull request may close these issues.
5 participants
@madpah @javihernandez @pombredanne @jkowalleck @hakandilek