Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat!: add CPE format validation in property setter #711

Closed
wants to merge 57 commits into from
Closed

feat!: add CPE format validation in property setter #711

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
57 commits
Select commit Hold shift + click to select a range
a0bfc3d
Merge pull request #3 from CycloneDX/main
saquibsaifee Jun 21, 2024
be4fd4b
Merge branch 'CycloneDX:main' into main
saquibsaifee Oct 13, 2024
15d9c19
feat: add cpe format validation
saquibsaifee Oct 13, 2024
fbf02c2
chore: update the cpe value
saquibsaifee Oct 13, 2024
c74218b
feat: add CPE format validation in property setter
Oct 14, 2024
92b4d78
chore: fix the typo
Oct 14, 2024
2cd8250
Merge branch 'CycloneDX:main' into main
saquibsaifee Oct 16, 2024
4c9bf32
Merge branch 'main' of https://github.com/saquibsaifee/cyclonedx-pyth…
saquibsaifee Oct 16, 2024
8d6c632
Merge branch 'main' of https://github.com/saquibsaifee/cyclonedx-pyth…
saquibsaifee Oct 16, 2024
39f1ea1
Merge branch 'main' of https://github.com/saquibsaifee/cyclonedx-pyth…
saquibsaifee Oct 16, 2024
aea3b04
feat: add cpe format validation
saquibsaifee Oct 16, 2024
4197b8f
Merge branch 'main' of https://github.com/saquibsaifee/cyclonedx-pyth…
saquibsaifee Oct 16, 2024
8c4082e
Merge branch 'CycloneDX:main' into main
saquibsaifee Oct 26, 2024
ce3fe7f
chore(release): 1.0.0
Oct 26, 2024
4245583
Merge branch 'main' into main
saquibsaifee Oct 27, 2024
366beb6
Revert "chore(release): 1.0.0"
saquibsaifee Oct 27, 2024
2df0637
Merge branch 'main' of https://github.com/saquibsaifee/cyclonedx-pyth…
saquibsaifee Oct 27, 2024
a38d55f
Merge branch 'main' of https://github.com/saquibsaifee/cyclonedx-pyth…
saquibsaifee Oct 27, 2024
e178ca0
Merge branch 'main' of https://github.com/saquibsaifee/cyclonedx-pyth…
saquibsaifee Oct 27, 2024
969b58b
Merge branch 'main' of https://github.com/saquibsaifee/cyclonedx-pyth…
saquibsaifee Oct 27, 2024
e28ea69
chore: fix the typo
Oct 14, 2024
a152395
chore(docs): link python test snapshots docs
jkowalleck Oct 15, 2024
30ab6e0
chore: fix pre-commit hook for mypy (#723)
weichslgartner Oct 23, 2024
dce4f7b
Merge branch 'main' of https://github.com/saquibsaifee/cyclonedx-pyth…
saquibsaifee Oct 27, 2024
f1a5839
Revert "Merge branch 'main' of https://github.com/saquibsaifee/cyclon…
saquibsaifee Oct 27, 2024
6d7b5c6
chore(deps-dev): update mypy requirement from 1.11.2 to 1.12.0 (#716)
dependabot[bot] Oct 20, 2024
fb7ebb5
chore(deps-dev): update tox requirement from 4.21.2 to 4.23.0 (#714)
dependabot[bot] Oct 20, 2024
67a2d10
chore(deps-dev): update tomli requirement from 2.0.1 to 2.0.2 (#715)
dependabot[bot] Oct 20, 2024
9a3a45e
feat: add support for Lifecycles in BOM metadata (#698)
Churro Oct 21, 2024
be8a6e2
chore(release): 8.1.0
Oct 21, 2024
c10e593
feat: Add Python 3.13 support (#718)
gruebel Oct 22, 2024
dfe02b2
chore(release): 8.2.0
Oct 22, 2024
a56c4ad
chore: fix pre-commit hook for mypy (#723)
weichslgartner Oct 23, 2024
1933802
fix: encode quotation mark in URL (#724)
jkowalleck Oct 24, 2024
fc25604
chore(release): 8.2.1
Oct 24, 2024
fefee6f
chore: render current year in docs
jkowalleck Oct 24, 2024
dd9ef7f
docs: revisit examples readme (#725)
jkowalleck Oct 25, 2024
1d782dd
chore: test unpinned daily
jkowalleck Oct 25, 2024
74c76cf
chore: internals init intended to be empyy
jkowalleck Oct 26, 2024
3e6ad14
feat: add basic support for Definitions (#701)
hakandilek Oct 26, 2024
ebd6f75
chore(release): 8.3.0
Oct 26, 2024
cf1d880
refactor: reuse internal helper `bom_ref_from_str` (#727)
jkowalleck Oct 26, 2024
45b367f
chore(release): 1.0.0
Oct 26, 2024
22558b8
Revert "chore(release): 1.0.0"
saquibsaifee Oct 27, 2024
272e280
chore: py-release workflow is not auto-triggered anymore
jkowalleck Oct 27, 2024
f9f9607
chore(deps-dev): update tox requirement from 4.23.0 to 4.23.2 (#729)
dependabot[bot] Oct 27, 2024
08774d6
chore(deps-dev): update mypy requirement from 1.12.0 to 1.13.0 (#730)
dependabot[bot] Oct 27, 2024
7df7d03
chore: fix the typo
Oct 14, 2024
8ccb9f5
chore(docs): link python test snapshots docs
jkowalleck Oct 15, 2024
8793fef
chore: fix pre-commit hook for mypy (#723)
weichslgartner Oct 23, 2024
7623551
Merge branch 'main' of https://github.com/saquibsaifee/cyclonedx-pyth…
saquibsaifee Oct 27, 2024
d14bc1c
Merge branch 'main' into main
saquibsaifee Oct 28, 2024
adcadb4
Merge branch 'CycloneDX:main' into main
saquibsaifee Nov 12, 2024
944a206
Merge branch 'main' into main
saquibsaifee Oct 28, 2024
97561d3
Merge branch 'main' of https://github.com/saquibsaifee/cyclonedx-pyth…
Nov 12, 2024
4bbd0fe
Merge branch 'main' of https://github.com/saquibsaifee/cyclonedx-pyth…
Nov 12, 2024
728c0bf
Merge branch 'main' of https://github.com/saquibsaifee/cyclonedx-pyth…
Nov 12, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions cyclonedx/model/component.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@

# See https://github.com/package-url/packageurl-python/issues/65
import serializable
from cpe import CPE # type:ignore
from packageurl import PackageURL
from sortedcontainers import SortedSet

Expand Down Expand Up @@ -1453,6 +1454,11 @@ def cpe(self) -> Optional[str]:

@cpe.setter
def cpe(self, cpe: Optional[str]) -> None:
if cpe:
try:
CPE(cpe)
except NotImplementedError:
raise ValueError(f'Invalid CPE format: {cpe}')
Copy link
Member

@jkowalleck jkowalleck Oct 15, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This behavioral change is considered a breaking change.
Not a blocker, just a remark.

self._cpe = cpe

@property
Expand Down
1 change: 1 addition & 0 deletions pyproject.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -75,6 +75,7 @@ sortedcontainers = "^2.4.0"
license-expression = "^30"
jsonschema = { version = "^4.18", extras=['format'], optional=true }
lxml = { version=">=4,<6", optional=true }
cpe = "^1.3.1"

[tool.poetry.extras]
validation = ["jsonschema", "lxml"]
Expand Down
10 changes: 10 additions & 0 deletions tests/test_model_component.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -283,6 +283,16 @@ def test_nested_components_2(self) -> None:
self.assertEqual(3, len(comp_b.get_all_nested_components(include_self=True)))
self.assertEqual(2, len(comp_b.get_all_nested_components(include_self=False)))

def test_cpe_validation_valid_format(self) -> None:
cpe = 'cpe:2.3:a:python:setuptools:50.3.2:*:*:*:*:*:*:*'
c = Component(name='test-component', cpe=cpe)
self.assertEqual(c.cpe, cpe)

def test_cpe_validation_invalid_format(self) -> None:
invalid_cpe = 'invalid-cpe-string'
with self.assertRaises(ValueError):
Component(name='test-component', cpe=invalid_cpe)


class TestModelComponentEvidence(TestCase):

Expand Down