From 03968871b829f337d12efadac433c49ca77f1245 Mon Sep 17 00:00:00 2001 From: chbk Date: Mon, 2 Dec 2024 14:00:38 +0100 Subject: [PATCH 1/5] feat: creates an UUID object for the bomref in init-sbom --- cdxev/initialize_sbom.py | 6 ++---- tests/integration/test_integration.py | 10 ++++++++++ 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/cdxev/initialize_sbom.py b/cdxev/initialize_sbom.py index 9e05b4ec..5ecc13aa 100644 --- a/cdxev/initialize_sbom.py +++ b/cdxev/initialize_sbom.py @@ -1,6 +1,7 @@ # SPDX-License-Identifier: GPL-3.0-or-later import json +import uuid from datetime import datetime from typing import Any, Union @@ -67,10 +68,7 @@ def initialize_sbom( type=ExternalReferenceType.WEBSITE, ) - bom_ref = BomRef( - "An optional identifier which can be used " - "to reference the component elsewhere in the SBOM." - ) + bom_ref = BomRef(str(uuid.uuid4())) metadata_component = Component( name=software_name, diff --git a/tests/integration/test_integration.py b/tests/integration/test_integration.py index 85477a2a..819a65d3 100644 --- a/tests/integration/test_integration.py +++ b/tests/integration/test_integration.py @@ -299,6 +299,11 @@ def test( # Verify that command completed successfully assert exit_code == Status.OK + expected["metadata"]["component"]["bom-ref"] = actual["metadata"]["component"][ + "bom-ref" + ] + expected["dependencies"][0]["ref"] = actual["metadata"]["component"]["bom-ref"] + # Verify that output matches what is expected assert actual == expected @@ -318,6 +323,11 @@ def test_no_arguments( # Verify that command completed successfully assert exit_code == Status.OK + expected["metadata"]["component"]["bom-ref"] = actual["metadata"]["component"][ + "bom-ref" + ] + expected["dependencies"][0]["ref"] = actual["metadata"]["component"]["bom-ref"] + # Verify that output matches what is expected assert actual == expected From 93420949eea77af2b0711c1c9673a1ebf59669dd Mon Sep 17 00:00:00 2001 From: chbk Date: Wed, 4 Dec 2024 19:04:00 +0100 Subject: [PATCH 2/5] test: fixes integration test of init sbom to in regards to handling of uuid --- tests/integration/test_integration.py | 27 ++++++++++++++++++--------- 1 file changed, 18 insertions(+), 9 deletions(-) diff --git a/tests/integration/test_integration.py b/tests/integration/test_integration.py index 819a65d3..7fb8d647 100644 --- a/tests/integration/test_integration.py +++ b/tests/integration/test_integration.py @@ -3,6 +3,7 @@ import json import os import re +import uuid from collections.abc import Callable from itertools import chain from pathlib import Path @@ -298,11 +299,15 @@ def test( # Verify that command completed successfully assert exit_code == Status.OK - - expected["metadata"]["component"]["bom-ref"] = actual["metadata"]["component"][ - "bom-ref" - ] - expected["dependencies"][0]["ref"] = actual["metadata"]["component"]["bom-ref"] + + # Verify bom ref is a valid UUID + assert uuid.UUID(actual["metadata"]["component"]["bom-ref"]) + + # Remove randomly generated bom ref for the comparison + actual["dependencies"][0].pop("ref") + actual["metadata"]["component"].pop("bom-ref") + expected["metadata"]["component"].pop("bom-ref") + expected["dependencies"][0].pop("ref") # Verify that output matches what is expected assert actual == expected @@ -323,10 +328,14 @@ def test_no_arguments( # Verify that command completed successfully assert exit_code == Status.OK - expected["metadata"]["component"]["bom-ref"] = actual["metadata"]["component"][ - "bom-ref" - ] - expected["dependencies"][0]["ref"] = actual["metadata"]["component"]["bom-ref"] + # Verify bom ref is a valid UUID + assert uuid.UUID(actual["metadata"]["component"]["bom-ref"]) + + # Remove randomly generated bom ref for the comparison + actual["dependencies"][0].pop("ref") + actual["metadata"]["component"].pop("bom-ref") + expected["metadata"]["component"].pop("bom-ref") + expected["dependencies"][0].pop("ref") # Verify that output matches what is expected assert actual == expected From 81258788cb3f6574b3aa5a300f3e452d6541a15f Mon Sep 17 00:00:00 2001 From: chbk Date: Wed, 4 Dec 2024 19:08:07 +0100 Subject: [PATCH 3/5] chore: black --- tests/integration/test_integration.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/integration/test_integration.py b/tests/integration/test_integration.py index 7fb8d647..23e68995 100644 --- a/tests/integration/test_integration.py +++ b/tests/integration/test_integration.py @@ -299,10 +299,10 @@ def test( # Verify that command completed successfully assert exit_code == Status.OK - + # Verify bom ref is a valid UUID assert uuid.UUID(actual["metadata"]["component"]["bom-ref"]) - + # Remove randomly generated bom ref for the comparison actual["dependencies"][0].pop("ref") actual["metadata"]["component"].pop("bom-ref") @@ -330,7 +330,7 @@ def test_no_arguments( # Verify bom ref is a valid UUID assert uuid.UUID(actual["metadata"]["component"]["bom-ref"]) - + # Remove randomly generated bom ref for the comparison actual["dependencies"][0].pop("ref") actual["metadata"]["component"].pop("bom-ref") From 8aaf6e5f6b34bc3d58555b53ba8ec03a0dcb8323 Mon Sep 17 00:00:00 2001 From: chbk Date: Wed, 4 Dec 2024 21:41:53 +0100 Subject: [PATCH 4/5] refactor: reduces import to necessary function only (uuid) --- cdxev/initialize_sbom.py | 4 ++-- tests/integration/test_integration.py | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/cdxev/initialize_sbom.py b/cdxev/initialize_sbom.py index 5ecc13aa..24bbcec1 100644 --- a/cdxev/initialize_sbom.py +++ b/cdxev/initialize_sbom.py @@ -1,7 +1,7 @@ # SPDX-License-Identifier: GPL-3.0-or-later import json -import uuid +from uuid import uuid4 from datetime import datetime from typing import Any, Union @@ -68,7 +68,7 @@ def initialize_sbom( type=ExternalReferenceType.WEBSITE, ) - bom_ref = BomRef(str(uuid.uuid4())) + bom_ref = BomRef(str(uuid4())) metadata_component = Component( name=software_name, diff --git a/tests/integration/test_integration.py b/tests/integration/test_integration.py index 23e68995..460c9331 100644 --- a/tests/integration/test_integration.py +++ b/tests/integration/test_integration.py @@ -3,7 +3,7 @@ import json import os import re -import uuid +from uuid import UUID from collections.abc import Callable from itertools import chain from pathlib import Path @@ -301,7 +301,7 @@ def test( assert exit_code == Status.OK # Verify bom ref is a valid UUID - assert uuid.UUID(actual["metadata"]["component"]["bom-ref"]) + assert UUID(actual["metadata"]["component"]["bom-ref"]) # Remove randomly generated bom ref for the comparison actual["dependencies"][0].pop("ref") @@ -329,7 +329,7 @@ def test_no_arguments( assert exit_code == Status.OK # Verify bom ref is a valid UUID - assert uuid.UUID(actual["metadata"]["component"]["bom-ref"]) + assert UUID(actual["metadata"]["component"]["bom-ref"]) # Remove randomly generated bom ref for the comparison actual["dependencies"][0].pop("ref") From 4df55bad65e2b735e32be97ba9c0057c1cccaf1f Mon Sep 17 00:00:00 2001 From: chbk Date: Thu, 5 Dec 2024 11:26:44 +0100 Subject: [PATCH 5/5] chore: isort --- cdxev/initialize_sbom.py | 2 +- tests/integration/test_integration.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/cdxev/initialize_sbom.py b/cdxev/initialize_sbom.py index 24bbcec1..a4622342 100644 --- a/cdxev/initialize_sbom.py +++ b/cdxev/initialize_sbom.py @@ -1,9 +1,9 @@ # SPDX-License-Identifier: GPL-3.0-or-later import json -from uuid import uuid4 from datetime import datetime from typing import Any, Union +from uuid import uuid4 from cyclonedx.model import ( # type: ignore ExternalReference, diff --git a/tests/integration/test_integration.py b/tests/integration/test_integration.py index 460c9331..8143ddc8 100644 --- a/tests/integration/test_integration.py +++ b/tests/integration/test_integration.py @@ -3,11 +3,11 @@ import json import os import re -from uuid import UUID from collections.abc import Callable from itertools import chain from pathlib import Path from typing import TypedDict +from uuid import UUID import pytest import toml