Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add CPE format validation in property setter #706

Closed
wants to merge 4 commits into from
Closed

feat: add CPE format validation in property setter #706

wants to merge 4 commits into from

Conversation

saquibsaifee
Copy link
Contributor

@saquibsaifee saquibsaifee commented Oct 13, 2024
edited by jkowalleck
Loading

Fixes #580

  • Implemented regex-based validation for CPE format in the model.
  • Added tests to verify the handling of invalid CPE strings.

@saquibsaifee
Merge pull request #3 from CycloneDX/main
a0bfc3d 
sync
@saquibsaifee
Merge branch 'CycloneDX:main' into main
be4fd4b
@saquibsaifee
feat: add cpe format validation
15d9c19 
- Implemented regex-based validation for CPE format in the model.
- Added tests to verify handling of invalid CPE strings.

Signed-off-by: Saquib Saifee <[email protected]>
@saquibsaifee saquibsaifee requested a review from a team as a code owner October 13, 2024 13:13
@saquibsaifee saquibsaifee changed the title Main feat: add cpe format validation Oct 13, 2024
@saquibsaifee saquibsaifee mentioned this pull request Oct 13, 2024
Open
@saquibsaifee
Copy link
Contributor Author

saquibsaifee commented Oct 13, 2024
edited
Loading

@madpah and @jkowalleck please advise if these changes are enough to add this validation.

@saquibsaifee
chore: update the cpe value
fbf02c2 
Signed-off-by: Saquib Saifee <[email protected]>
@jkowalleck jkowalleck added the enhancement New feature or request label Oct 14, 2024
jkowalleck
jkowalleck reviewed Oct 14, 2024
View reviewed changes
cyclonedx/model/component.py
@@ -1457,6 +1467,8 @@ def cpe(self) -> Optional[str]:

@cpe.setter
def cpe(self, cpe: Optional[str]) -> None:
if cpe and not CPE_REGEX.fullmatch(cpe):
raise ValueError(f'Invalid CPE format: {cpe}')
Copy link
Member

@jkowalleck jkowalleck Oct 14, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This behavioral change is a breaking change.

This is a remark, not a blocker. :-)

@jkowalleck jkowalleck self-requested a review October 14, 2024 11:47
jkowalleck
jkowalleck requested changes Oct 14, 2024
View reviewed changes
Copy link
Member

@jkowalleck jkowalleck left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CPE is a complex, external spec - outside the domain of CycloneDX.
This fact leads me to the architectural decision: we do not want to maintain an implementation of this external spec in the domain of CycloneDX python library.

meaning: this PR will not be accepted in its current form.

we might consider a usage of an external library, like https://pypi.org/project/cpe/.

@jkowalleck jkowalleck changed the title feat: add cpe format validation feat: add CPE format validation in property setter Oct 14, 2024
@jkowalleck
Copy link
Member

Thank you for the PR, @saquibsaifee .

I will close this PR for reasons detailed in #706 (review)

For a different approach, please open a new pullrequest.

@jkowalleck jkowalleck closed this Oct 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jkowalleck jkowalleck jkowalleck requested changes

Assignees
No one assigned
Labels
breaking change enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Improvement: Apply Regex check to Component.cpe
2 participants
@saquibsaifee @jkowalleck