Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add cyclonedx.model.crypto.ProtocolProperties.crypto_ref_array #767

Draft
wants to merge 3 commits into
base: main
Choose a base branch
from
Draft

feat: add cyclonedx.model.crypto.ProtocolProperties.crypto_ref_array #767

wants to merge 3 commits into from

Conversation

indiVar0508
Copy link

@indiVar0508 indiVar0508 commented Jan 30, 2025
edited by jkowalleck
Loading

applied the fix recommended in the thread.
added testcase and BOM json from the mentioned issue.

fixes #692

@indiVar0508 indiVar0508 requested a review from a team as a code owner January 30, 2025 17:41
@jkowalleck jkowalleck changed the title fix(#692): add crypto-ref-array to ProtocolProperties feat: crypto-ref-array to ProtocolProperties Jan 30, 2025
@jkowalleck jkowalleck changed the title feat: crypto-ref-array to ProtocolProperties feat: add cyclonedx.model.crypto.ProtocolProperties.crypto_ref_array Jan 30, 2025
@jkowalleck jkowalleck added enhancement New feature or request schema 1.6 labels Jan 30, 2025
@jkowalleck jkowalleck mentioned this pull request Jan 30, 2025
Open
@jkowalleck
Copy link
Member

jkowalleck commented Jan 30, 2025
edited
Loading

Thanks for donating this feature.

The provided tests - they need rework. please remove the ones you've added.

Instead, add a new data model to https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/tests/_data/models.py

  • craft a new function that starts with get_bom_. it must return a Bom
  • in case your Bom has incomplete dep tree, add the function to all_get_bom_funct_with_incomplete_deps

after that, the tests should pick up the new method automatically, and run a serialization-validation-deserialization roundtrip with it and create snapshots.
see https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/tests/_data/snapshots/README.md in addition to https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/CONTRIBUTING.md

@indiVar0508
Copy link
Author

indiVar0508 commented Jan 31, 2025
edited
Loading

I'll clean up the commit message and squash as well with signoff

I needed some direction/feedback on how to resolve issues i am facing in tests (if i added them correctly) in 2be5db0, commit message has been documented with issues i faced

@jkowalleck
Copy link
Member

I'll clean up the commit message and squash as well with signoff

That's fantastic. Somehow, the sign-off was not quite right.
The DCO checker has something to complain about: https://github.com/CycloneDX/cyclonedx-python-lib/pull/767/checks?check_run_id=36476165496
It also has some instructions how to fix this.

@jkowalleck
Copy link
Member

jkowalleck commented Jan 31, 2025
edited
Loading

I needed some direction/feedback on how to resolve issues i am facing in tests (if i added them correctly) in 2be5db0, commit message has been documented with issues i faced

It looks like you are facing the situation, that your data model's properties are not properly serializing to a certain version of CycloneDX.
You might want to look at these examples:

  • cyclonedx-python-lib/cyclonedx/model/bom.py

    Lines 193 to 200 in 472bded

    @property
    @serializable.view(SchemaVersion1Dot2)
    @serializable.view(SchemaVersion1Dot3)
    @serializable.view(SchemaVersion1Dot4)
    @serializable.view(SchemaVersion1Dot5)
    @serializable.view(SchemaVersion1Dot6)
    @serializable.xml_sequence(6)
    def manufacture(self) -> Optional[OrganizationalEntity]:

in case you still run into issue, for example a enum value that is available in one vetrsion, but not in the pother, let me know. it basically comes down to something like this

cyclonedx-python-lib/cyclonedx/model/component.py

Lines 376 to 428 in 472bded

class _ComponentTypeSerializationHelper(serializable.helpers.BaseHelper):
""" THIS CLASS IS NON-PUBLIC API """
__CASES: Dict[Type[serializable.ViewType], FrozenSet[ComponentType]] = dict()
__CASES[SchemaVersion1Dot0] = frozenset({
ComponentType.APPLICATION,
ComponentType.DEVICE,
ComponentType.FRAMEWORK,
ComponentType.LIBRARY,
ComponentType.OPERATING_SYSTEM,
})
__CASES[SchemaVersion1Dot1] = __CASES[SchemaVersion1Dot0] | {
ComponentType.FILE,
}
__CASES[SchemaVersion1Dot2] = __CASES[SchemaVersion1Dot1] | {
ComponentType.CONTAINER,
ComponentType.FIRMWARE,
}
__CASES[SchemaVersion1Dot3] = __CASES[SchemaVersion1Dot2]
__CASES[SchemaVersion1Dot4] = __CASES[SchemaVersion1Dot3]
__CASES[SchemaVersion1Dot5] = __CASES[SchemaVersion1Dot4] | {
ComponentType.DATA,
ComponentType.DEVICE_DRIVER,
ComponentType.MACHINE_LEARNING_MODEL,
ComponentType.PLATFORM,
}
__CASES[SchemaVersion1Dot6] = __CASES[SchemaVersion1Dot5] | {
ComponentType.CRYPTOGRAPHIC_ASSET,
}
@classmethod
def __normalize(cls, ct: ComponentType, view: Type[serializable.ViewType]) -> Optional[str]:
if ct in cls.__CASES.get(view, ()):
return ct.value
raise SerializationOfUnsupportedComponentTypeException(f'unsupported {ct!r} for view {view!r}')
@classmethod
def json_normalize(cls, o: Any, *,
view: Optional[Type[serializable.ViewType]],
**__: Any) -> Optional[str]:
assert view is not None
return cls.__normalize(o, view)
@classmethod
def xml_normalize(cls, o: Any, *,
view: Optional[Type[serializable.ViewType]],
**__: Any) -> Optional[str]:
assert view is not None
return cls.__normalize(o, view)
@classmethod
def deserialize(cls, o: Any) -> ComponentType:
return ComponentType(o)

@indiVar0508
Copy link
Author

I saw thos but couldn't figure out the fix :')
for my first issue
FileNotFoundError: [Errno 2] No such file or directory: '~/cyclonedx-python-lib/tests/_data/snapshots/get_bom_for_issue_692_components-1.6.json.bin'
I am not sure how to fix these

  • ERROR: test_prepared_06_get_bom_for_issue_692_components (tests.test_deserialize_json.TestDeserializeJson)
  • ERROR: test_prepared_06_get_bom_for_issue_692_components (tests.test_deserialize_xml.TestDeserializeXml)

for second issue the test failure seems to valid given the dictionary mapping currently

     __CASES: Dict[Type[serializable.ViewType], FrozenSet[ComponentType]] = dict() 
     __CASES[SchemaVersion1Dot0] = frozenset({ 
         ComponentType.APPLICATION, 
         ComponentType.DEVICE, 
         ComponentType.FRAMEWORK, 
         ComponentType.LIBRARY, 
         ComponentType.OPERATING_SYSTEM, 
     }) 
     __CASES[SchemaVersion1Dot1] = __CASES[SchemaVersion1Dot0] | { 
         ComponentType.FILE, 
     } 
     __CASES[SchemaVersion1Dot2] = __CASES[SchemaVersion1Dot1] | { 
         ComponentType.CONTAINER, 
         ComponentType.FIRMWARE, 
     } 
     __CASES[SchemaVersion1Dot3] = __CASES[SchemaVersion1Dot2] 
     __CASES[SchemaVersion1Dot4] = __CASES[SchemaVersion1Dot3] 
     __CASES[SchemaVersion1Dot5] = __CASES[SchemaVersion1Dot4] | { 
         ComponentType.DATA, 
         ComponentType.DEVICE_DRIVER, 
         ComponentType.MACHINE_LEARNING_MODEL, 
         ComponentType.PLATFORM, 
     } 
     __CASES[SchemaVersion1Dot6] = __CASES[SchemaVersion1Dot5] | { 
         ComponentType.CRYPTOGRAPHIC_ASSET, 
     }

so cryptographi-asset is not supported for any version < v1.6, so how to do i restrict tests not be generated from all v1.6?

e.g. error
ERROR: test_valid_028_get_bom_for_issue_692_components_1_4 (tests.test_output_json.TestOutputJson)
ERROR: test_valid_038_get_bom_for_issue_692_components_1_4 (tests.test_output_xml.TestOutputXml
..
..
ERROR: test_valid_042_get_bom_for_issue_692_components_1_0 (tests.test_output_xml.TestOutputXml)

err log : cyclonedx.exception.serialization.SerializationOfUnsupportedComponentTypeException: unsupported <ComponentType.CRYPTOGRAPHIC_ASSET: 'cryptographic-asset'> for view <class 'cyclonedx.schema.schema.SchemaVersion1Dot5'>

@jkowalleck
Copy link
Member

Will take a look at it sometime next week.
And if i don't come back in time, please ping me :-)

@indiVar0508 indiVar0508 force-pushed the fix/crypto-ref-array branch 2 times, most recently from b85dd98 to 3583283 Compare February 1, 2025 07:02
@indiVar0508
Copy link
Author

I have squashed and rebased the PR with latest upstream main

@indiVar0508 indiVar0508 marked this pull request as draft February 1, 2025 11:57
jkowalleck
jkowalleck reviewed Feb 3, 2025
View reviewed changes
cyclonedx/schema/_res/bom-1.6.SNAPSHOT.xsd Outdated
@@ -7429,7 +7429,7 @@ limitations under the License.
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="cryptoRef" type="bom:refType" minOccurs="0" maxOccurs="unbounded">
<xs:element name="cryptoRefArray" type="bom:refType" minOccurs="0" maxOccurs="unbounded">
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is this an intentional change?

you can not simply modify the schema here, it is downstream from
https://github.com/CycloneDX/specification/blob/master/schema/bom-1.6.xsd#L7432

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah i did that intentionally as i saw it was cryptoRefArray in json so thought it might also have to be same here

cyclonedx/model/crypto.py Outdated
@property
@serializable.xml_array(serializable.XmlArraySerializationType.FLAT, 'cryptoRefArray')
@serializable.xml_sequence(40)
def crypto_ref_array(self) -> 'SortedSet[BomRef]':
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
def crypto_ref_array(self) -> 'SortedSet[BomRef]':
@serializable.xml_name('cryptoRef')
@serializable.xml_name('cryptoRef')
@serializable.json_name('cryptoRefArray')
def crypto_refs(self) -> 'SortedSet[BomRef]':

cyclonedx/model/crypto.py Outdated
"""
return self._crypto_ref_array

@crypto_ref_array.setter
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
@crypto_ref_array.setter
@crypto_refs.setter

jkowalleck
jkowalleck requested changes Feb 3, 2025
View reviewed changes
cyclonedx/model/crypto.py Outdated
@@ -1309,11 +1309,13 @@ def __init__(
version: Optional[str] = None,
cipher_suites: Optional[Iterable[ProtocolPropertiesCipherSuite]] = None,
ikev2_transform_types: Optional[Ikev2TransformTypes] = None,
crypto_ref_array: Optional[Iterable[BomRef]] = None,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
crypto_ref_array: Optional[Iterable[BomRef]] = None,
crypto_refs: Optional[Iterable[BomRef]] = None,

@indiVar0508
feat: add cyclonedx.model.crypto.ProtocolProperties.crypto_ref_array
5cc1f50 
applied the fix recommended in the thread, to add crypto_ref_array
as an argument to ProtocolProperties class
Also updated bom1.6.SNAPSHOT.xsd from cryptoRef -> cryptoRefArray
added testcase and BOM json from the mentioned issue.

Signed-off-by: Indivar Mishra <[email protected]>
@indiVar0508
resolve review comments
db871ed 
resolve review comments

Signed-off-by: Indivar Mishra <[email protected]>
@indiVar0508
cryptographic-asset is only compatible with v1.6
21f8900 
so use applciation instead that is supported from v1.0 - v1.6

Signed-off-by: Indivar Mishra <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jkowalleck jkowalleck Awaiting requested review from jkowalleck

Assignees
No one assigned
Labels
enhancement New feature or request schema 1.6
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

feat: add cyclonedx.model.crypto.ProtocolProperties.crypto_ref_array
2 participants
@indiVar0508 @jkowalleck