feat: bomRef default to null

Signed-off-by: Jan Kowalleck <[email protected]>

cyclonedx/output/__init__.py

@@ -150,13 +150,13 @@ def __exit__(self, exc_type: Any, exc_val: Any, exc_tb: Any) -> None:
         self.reset()
 
     def discriminate(self) -> None:
-        known_values = set()
+        known_values = []
         for bomref, _ in self._bomrefs:
             value = bomref.value
             if value is None or value in known_values:
                 value = self._make_unique()
                 bomref.value = value
-            known_values.add(value)
+            known_values.append(value)
 
     def reset(self) -> None:
         for bomref, original_value in self._bomrefs:

tests/_data/models.py

@@ -360,7 +360,9 @@ def get_bom_with_nested_services() -> Bom:
             bom_ref='my-specific-bom-ref-for-my-second-service',
             services=[
                 Service(
-                    name='yet-another-nested-service', provider=get_org_entity_1(), group='what-group', version='6.5.4'
+                    name='yet-another-nested-service',
+                    bom_ref='yet-another-nested-service',
+                    provider=get_org_entity_1(), group='what-group', version='6.5.4'
                 ),
                 Service(
                     name='another-nested-service',

tests/_data/snapshots/get_bom_with_nested_services-1.2.json.bin

@@ -114,7 +114,7 @@
       "name": "my-second-service",
       "services": [
         {
-          "bom-ref": "00000000-0000-4000-8000-000000000004",
+          "bom-ref": "yet-another-nested-service",
           "group": "what-group",
           "name": "yet-another-nested-service",
           "provider": {

tests/_data/snapshots/get_bom_with_nested_services-1.2.xml.bin

@@ -82,7 +82,7 @@
     <service bom-ref="my-specific-bom-ref-for-my-second-service">
       <name>my-second-service</name>
       <services>
-        <service bom-ref="00000000-0000-4000-8000-000000000004">
+        <service bom-ref="yet-another-nested-service">
           <provider>
             <name>CycloneDX</name>
             <url>https://cyclonedx.org</url>

tests/_data/snapshots/get_bom_with_nested_services-1.3.json.bin

@@ -130,7 +130,7 @@
       "name": "my-second-service",
       "services": [
         {
-          "bom-ref": "00000000-0000-4000-8000-000000000003",
+          "bom-ref": "yet-another-nested-service",
           "group": "what-group",
           "name": "yet-another-nested-service",
           "provider": {

tests/_data/snapshots/get_bom_with_nested_services-1.3.xml.bin

@@ -89,7 +89,7 @@
     <service bom-ref="my-specific-bom-ref-for-my-second-service">
       <name>my-second-service</name>
       <services>
-        <service bom-ref="00000000-0000-4000-8000-000000000003">
+        <service bom-ref="yet-another-nested-service">
           <provider>
             <name>CycloneDX</name>
             <url>https://cyclonedx.org</url>

tests/_data/snapshots/get_bom_with_nested_services-1.4.json.bin

@@ -223,7 +223,7 @@
       "name": "my-second-service",
       "services": [
         {
-          "bom-ref": "00000000-0000-4000-8000-000000000002",
+          "bom-ref": "yet-another-nested-service",
           "group": "what-group",
           "name": "yet-another-nested-service",
           "provider": {

tests/_data/snapshots/get_bom_with_nested_services-1.4.xml.bin

@@ -159,7 +159,7 @@
     <service bom-ref="my-specific-bom-ref-for-my-second-service">
       <name>my-second-service</name>
       <services>
-        <service bom-ref="00000000-0000-4000-8000-000000000002">
+        <service bom-ref="yet-another-nested-service">
           <provider>
             <name>CycloneDX</name>
             <url>https://cyclonedx.org</url>

tests/_data/snapshots/get_bom_with_nested_services-1.5.json.bin

@@ -223,7 +223,7 @@
       "name": "my-second-service",
       "services": [
         {
-          "bom-ref": "00000000-0000-4000-8000-000000000001",
+          "bom-ref": "yet-another-nested-service",
           "group": "what-group",
           "name": "yet-another-nested-service",
           "provider": {

tests/_data/snapshots/get_bom_with_nested_services-1.5.xml.bin

@@ -159,7 +159,7 @@
     <service bom-ref="my-specific-bom-ref-for-my-second-service">
       <name>my-second-service</name>
       <services>
-        <service bom-ref="00000000-0000-4000-8000-000000000001">
+        <service bom-ref="yet-another-nested-service">
           <provider>
             <name>CycloneDX</name>
             <url>https://cyclonedx.org</url>

tests/test_deserialize_json.py

@@ -36,7 +36,6 @@ class TestDeserializeJson(TestCase, SnapshotMixin, DeepCompareMixin):
 
     @named_data(*all_get_bom_funct_valid_immut)
     @patch('cyclonedx.model.ThisTool._version', 'TESTING')
-    @patch('cyclonedx.model.bom_ref.uuid4', side_effect=uuid_generator(0, version=4))
     def test_prepared(self, get_bom: Callable[[], Bom], *_: Any, **__: Any) -> None:
         # only latest schema will have all data populated in serialized form
         snapshot_name = mksname(get_bom, SchemaVersion.V1_5, OutputFormat.JSON)

tests/test_deserialize_xml.py

@@ -33,7 +33,6 @@ class TestDeserializeXml(TestCase, SnapshotMixin, DeepCompareMixin):
 
     @named_data(*all_get_bom_funct_valid_immut)
     @patch('cyclonedx.model.ThisTool._version', 'TESTING')
-    @patch('cyclonedx.model.bom_ref.uuid4', side_effect=uuid_generator(0, version=4))
     def test_prepared(self, get_bom: Callable[[], Bom], *_: Any, **__: Any) -> None:
         # only latest schema will have all data populated in serialized form
         snapshot_name = mksname(get_bom, SchemaVersion.V1_5, OutputFormat.XML)

tests/test_enums.py

@@ -164,7 +164,7 @@ def test_knows_value(self, value: str) -> None:
 
     @named_data(*NAMED_OF_SV)
     @patch('cyclonedx.model.ThisTool._version', 'TESTING')
-    @patch('cyclonedx.model.bom_ref.uuid4', side_effect=uuid_generator(0, version=4))
+
     def test_cases_render_valid(self, of: OutputFormat, sv: SchemaVersion, *_: Any, **__: Any) -> None:
         bom = _make_bom(services=[Service(name='dummy', bom_ref='dummy', data=(
             DataClassification(flow=df, classification=df.name)
@@ -185,7 +185,7 @@ def test_knows_value(self, value: str) -> None:
 
     @named_data(*NAMED_OF_SV)
     @patch('cyclonedx.model.ThisTool._version', 'TESTING')
-    @patch('cyclonedx.model.bom_ref.uuid4', side_effect=uuid_generator(0, version=4))
+
     def test_cases_render_valid(self, of: OutputFormat, sv: SchemaVersion, *_: Any, **__: Any) -> None:
         bom = _make_bom(components=[Component(name='dummy', type=ComponentType.LIBRARY, bom_ref='dummy', licenses=(
             DisjunctiveLicense(name=f'att.encoding: {encoding.name}', text=AttachedText(
@@ -207,7 +207,7 @@ def test_knows_value(self, value: str) -> None:
 
     @named_data(*NAMED_OF_SV)
     @patch('cyclonedx.model.ThisTool._version', 'TESTING')
-    @patch('cyclonedx.model.bom_ref.uuid4', side_effect=uuid_generator(0, version=4))
+
     def test_cases_render_valid(self, of: OutputFormat, sv: SchemaVersion, *_: Any, **__: Any) -> None:
         bom = _make_bom(components=[
             Component(name='dummy', type=ComponentType.LIBRARY, bom_ref='dummy', external_references=(
@@ -230,7 +230,7 @@ def test_knows_value(self, value: str) -> None:
 
     @named_data(*NAMED_OF_SV)
     @patch('cyclonedx.model.ThisTool._version', 'TESTING')
-    @patch('cyclonedx.model.bom_ref.uuid4', side_effect=uuid_generator(0, version=4))
+
     def test_cases_render_valid(self, of: OutputFormat, sv: SchemaVersion, *_: Any, **__: Any) -> None:
         bom = _make_bom(components=[Component(name='dummy', type=ComponentType.LIBRARY, bom_ref='dummy', hashes=(
             HashType(alg=alg, content='ae2b1fca515949e5d54fb22b8ed95575')
@@ -251,7 +251,7 @@ def test_knows_value(self, value: str) -> None:
 
     @named_data(*NAMED_OF_SV)
     @patch('cyclonedx.model.ThisTool._version', 'TESTING')
-    @patch('cyclonedx.model.bom_ref.uuid4', side_effect=uuid_generator(0, version=4))
+
     def test_cases_render_valid(self, of: OutputFormat, sv: SchemaVersion, *_: Any, **__: Any) -> None:
         bom = _make_bom(components=(
             Component(bom_ref=f'scoped-{scope.name}', name=f'dummy-{scope.name}',
@@ -291,7 +291,7 @@ def test_knows_value(self, value: str) -> None:
 
     @named_data(*NAMED_OF_SV)
     @patch('cyclonedx.model.ThisTool._version', 'TESTING')
-    @patch('cyclonedx.model.bom_ref.uuid4', side_effect=uuid_generator(0, version=4))
+
     def test_cases_render_valid(self, of: OutputFormat, sv: SchemaVersion, *_: Any, **__: Any) -> None:
         if OutputFormat.XML is of:
             schema_cases = set(dp_cases_from_xml_schema(SCHEMA_XML[sv], _DP_ComponentType.XML_SCHEMA_XPATH))
@@ -329,7 +329,7 @@ def test_knows_value(self, value: str) -> None:
 
     @named_data(*NAMED_OF_SV)
     @patch('cyclonedx.model.ThisTool._version', 'TESTING')
-    @patch('cyclonedx.model.bom_ref.uuid4', side_effect=uuid_generator(0, version=4))
+
     def test_cases_render_valid(self, of: OutputFormat, sv: SchemaVersion, *_: Any, **__: Any) -> None:
         bom = _make_bom(components=[
             Component(name='dummy', type=ComponentType.LIBRARY, bom_ref='dummy', pedigree=Pedigree(patches=(
@@ -352,7 +352,7 @@ def test_knows_value(self, value: str) -> None:
 
     @named_data(*NAMED_OF_SV)
     @patch('cyclonedx.model.ThisTool._version', 'TESTING')
-    @patch('cyclonedx.model.bom_ref.uuid4', side_effect=uuid_generator(0, version=4))
+
     def test_cases_render_valid(self, of: OutputFormat, sv: SchemaVersion, *_: Any, **__: Any) -> None:
         bom = _make_bom(vulnerabilities=[Vulnerability(
             bom_ref='dummy', id='dummy', affects=[BomTarget(ref='urn:cdx:bom23/1#comp42', versions=(
@@ -375,7 +375,7 @@ def test_knows_value(self, value: str) -> None:
 
     @named_data(*NAMED_OF_SV)
     @patch('cyclonedx.model.ThisTool._version', 'TESTING')
-    @patch('cyclonedx.model.bom_ref.uuid4', side_effect=uuid_generator(0, version=4))
+
     def test_cases_render_valid(self, of: OutputFormat, sv: SchemaVersion, *_: Any, **__: Any) -> None:
         bom = _make_bom(vulnerabilities=(
             Vulnerability(
@@ -399,7 +399,7 @@ def test_knows_value(self, value: str) -> None:
 
     @named_data(*NAMED_OF_SV)
     @patch('cyclonedx.model.ThisTool._version', 'TESTING')
-    @patch('cyclonedx.model.bom_ref.uuid4', side_effect=uuid_generator(0, version=4))
+
     def test_cases_render_valid(self, of: OutputFormat, sv: SchemaVersion, *_: Any, **__: Any) -> None:
         bom = _make_bom(vulnerabilities=[Vulnerability(
             bom_ref='dummy', id='dummy',
@@ -422,7 +422,7 @@ def test_knows_value(self, value: str) -> None:
 
     @named_data(*NAMED_OF_SV)
     @patch('cyclonedx.model.ThisTool._version', 'TESTING')
-    @patch('cyclonedx.model.bom_ref.uuid4', side_effect=uuid_generator(0, version=4))
+
     def test_cases_render_valid(self, of: OutputFormat, sv: SchemaVersion, *_: Any, **__: Any) -> None:
         bom = _make_bom(vulnerabilities=(
             Vulnerability(
@@ -445,7 +445,7 @@ def test_knows_value(self, value: str) -> None:
 
     @named_data(*NAMED_OF_SV)
     @patch('cyclonedx.model.ThisTool._version', 'TESTING')
-    @patch('cyclonedx.model.bom_ref.uuid4', side_effect=uuid_generator(0, version=4))
+
     def test_cases_render_valid(self, of: OutputFormat, sv: SchemaVersion, *_: Any, **__: Any) -> None:
         bom = _make_bom(components=[
             Component(name='dummy', type=ComponentType.LIBRARY, bom_ref='dummy', pedigree=Pedigree(patches=[
@@ -470,7 +470,7 @@ def test_knows_value(self, value: str) -> None:
 
     @named_data(*NAMED_OF_SV)
     @patch('cyclonedx.model.ThisTool._version', 'TESTING')
-    @patch('cyclonedx.model.bom_ref.uuid4', side_effect=uuid_generator(0, version=4))
+
     def test_cases_render_valid(self, of: OutputFormat, sv: SchemaVersion, *_: Any, **__: Any) -> None:
         bom = _make_bom(vulnerabilities=[Vulnerability(bom_ref='dummy', id='dummy', ratings=(
             VulnerabilityRating(method=vss)
@@ -491,7 +491,7 @@ def test_knows_value(self, value: str) -> None:
 
     @named_data(*NAMED_OF_SV)
     @patch('cyclonedx.model.ThisTool._version', 'TESTING')
-    @patch('cyclonedx.model.bom_ref.uuid4', side_effect=uuid_generator(0, version=4))
+
     def test_cases_render_valid(self, of: OutputFormat, sv: SchemaVersion, *_: Any, **__: Any) -> None:
         bom = _make_bom(vulnerabilities=[Vulnerability(bom_ref='dummy', id='dummy', ratings=(
             VulnerabilityRating(severity=vs)

tests/test_model_component.py

@@ -104,13 +104,12 @@ def test_sort(self) -> None:
 
 class TestModelComponent(TestCase):
 
-    @patch('cyclonedx.model.bom_ref.uuid4', side_effect=uuid_generator(version=4))
-    def test_empty_basic_component(self, *_: Any, **__: Any) -> None:
+    def test_empty_basic_component(self) -> None:
         c = Component(name='test-component')
         self.assertEqual(c.name, 'test-component')
         self.assertEqual(c.type, ComponentType.LIBRARY)
         self.assertIsNone(c.mime_type)
-        self.assertEqual(str(c.bom_ref), '00000000-0000-4000-8000-000000000001')
+        self.assertIsNone(c.bom_ref.value)
         self.assertIsNone(c.supplier)
         self.assertIsNone(c.author)
         self.assertIsNone(c.publisher)

tests/test_model_service.py

@@ -24,12 +24,10 @@
 
 class TestModelService(TestCase):
 
-    @patch('cyclonedx.model.bom_ref.uuid4', side_effect=uuid_generator(version=4))
-    def test_minimal_service(self, mock_uuid: Mock) -> None:
+    def test_minimal_service(self) -> None:
         s = Service(name='my-test-service')
-        mock_uuid.assert_called()
         self.assertEqual(s.name, 'my-test-service')
-        self.assertEqual(str(s.bom_ref), '00000000-0000-4000-8000-000000000001')
+        self.assertIsNone(s.bom_ref.value)
         self.assertIsNone(s.provider)
         self.assertIsNone(s.group)
         self.assertIsNone(s.version)
@@ -44,15 +42,14 @@ def test_minimal_service(self, mock_uuid: Mock) -> None:
         self.assertFalse(s.release_notes)
         self.assertFalse(s.properties)
 
-    @patch('cyclonedx.model.bom_ref.uuid4', side_effect=uuid_generator(version=4))
-    def test_service_with_services(self, *_: Any, **__: Any) -> None:
+    def test_service_with_services(self) -> None:
         parent_service = Service(name='parent-service')
         parent_service.services = [
             Service(name='child-service-1'),
             Service(name='child-service-2'),
         ]
         self.assertEqual(parent_service.name, 'parent-service')
-        self.assertEqual(str(parent_service.bom_ref), '00000000-0000-4000-8000-000000000001')
+        self.assertIsNone(parent_service.bom_ref.value)
         self.assertIsNone(parent_service.provider)
         self.assertIsNone(parent_service.group)
         self.assertIsNone(parent_service.version)

tests/test_model_vulnerability.py

@@ -162,10 +162,9 @@ def test_v_source_get_localised_vector_other_2(self) -> None:
             'SOMETHING_OR_OTHER'
         )
 
-    @patch('cyclonedx.model.bom_ref.uuid4', side_effect=uuid_generator(version=4))
-    def test_empty_vulnerability(self, *_: Any, **__: Any) -> None:
+    def test_empty_vulnerability(self) -> None:
         v = Vulnerability()
-        self.assertEqual(str(v.bom_ref), '00000000-0000-4000-8000-000000000001')
+        self.assertIsNone(v.bom_ref.value)
         self.assertIsNone(v.id)
         self.assertIsNone(v.source)
         self.assertFalse(v.references)

tests/test_output_json.py

@@ -54,7 +54,6 @@ def test_unsupported_schema_raises(self, sv: SchemaVersion) -> None:
                   if sv not in UNSUPPORTED_SV))
     @unpack
     @patch('cyclonedx.model.ThisTool._version', 'TESTING')
-    @patch('cyclonedx.model.bom_ref.uuid4', side_effect=uuid_generator(0, version=4))
     def test_valid(self, get_bom: Callable[[], Bom], sv: SchemaVersion, *_: Any, **__: Any) -> None:
         snapshot_name = mksname(get_bom, sv, OutputFormat.JSON)
         bom = get_bom()

tests/test_output_xml.py

@@ -41,7 +41,6 @@ class TestOutputXml(TestCase, SnapshotMixin):
     ))
     @unpack
     @patch('cyclonedx.model.ThisTool._version', 'TESTING')
-    @patch('cyclonedx.model.bom_ref.uuid4', side_effect=uuid_generator(0, version=4))
     def test_valid(self, get_bom: Callable[[], Bom], sv: SchemaVersion, *_: Any, **__: Any) -> None:
         snapshot_name = mksname(get_bom, sv, OutputFormat.XML)
         bom = get_bom()