Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Missing support for Data object for Service properties in CDX 1.6 #672

Open
lucamrgs opened this issue Sep 16, 2024 · 3 comments
Open

Missing support for Data object for Service properties in CDX 1.6 #672

lucamrgs opened this issue Sep 16, 2024 · 3 comments
Labels
enhancement New feature or request help wanted Extra attention is needed schema 1.6

Comments

@lucamrgs
Copy link

lucamrgs commented Sep 16, 2024
edited by jkowalleck
Loading

Dear implementers,
it appears to me that the Data object for the Services property is not correctly implemented (see https://cyclonedx.org/docs/1.6/json/#services_items_data).
I am trying to instantiate a Service, and upon populating the data property, I get this hint from the docs

Screenshot 2024-09-16 at 13 29 55

The DataClassification class is defined as

@serializable.serializable_class
class DataClassification:
    """
    This is our internal representation of the `dataClassificationType` complex type within the CycloneDX standard.

    DataClassification might be deprecated since CycloneDX 1.5, but it is not deprecated in this library.
    In fact, this library will try to provide a compatibility layer if needed.

    .. note::
        See the CycloneDX Schema for dataClassificationType:
        https://cyclonedx.org/docs/1.4/xml/#type_dataClassificationType
    """

    def __init__(
        self, *,
        flow: DataFlow,
        classification: str
    ) -> None:
        self.flow = flow
        self.classification = classification

    @property
    @serializable.xml_attribute()
    def flow(self) -> DataFlow:
        """
        Specifies the flow direction of the data.

        Valid values are: inbound, outbound, bi-directional, and unknown.

        Direction is relative to the service.

        - Inbound flow states that data enters the service
        - Outbound flow states that data leaves the service
        - Bi-directional states that data flows both ways
        - Unknown states that the direction is not known

        Returns:
            `DataFlow`
        """
        return self._flow

    @flow.setter
    def flow(self, flow: DataFlow) -> None:
        self._flow = flow

    @property
    @serializable.xml_name('.')
    @serializable.xml_string(serializable.XmlStringSerializationType.NORMALIZED_STRING)
    def classification(self) -> str:
        """
        Data classification tags data according to its type, sensitivity, and value if altered, stolen, or destroyed.

        Returns:
            `str`
        """
        return self._classification

    @classification.setter
    def classification(self, classification: str) -> None:
        self._classification = classification
    

    def __eq__(self, other: object) -> bool:
        if isinstance(other, DataClassification):
            return hash(other) == hash(self)
        return False

    def __lt__(self, other: object) -> bool:
        if isinstance(other, DataClassification):
            return _ComparableTuple((
                self.flow, self.classification
            )) < _ComparableTuple((
                other.flow, other.classification
            ))
        return NotImplemented

    def __hash__(self) -> int:
        return hash((self.flow, self.classification))

    def __repr__(self) -> str:
        return f'<DataClassification flow={self.flow}>'

Which seems to be missing the "source" and "destination" properties.

This my poetry.lock entry for cyclonedx-python-lib

name = "cyclonedx-python-lib"
version = "7.6.0"
description = "Python library for CycloneDX"
optional = false
python-versions = "<4.0,>=3.8"
files = [
    {file = "cyclonedx_python_lib-7.6.0-py3-none-any.whl", hash = "sha256:30655e89e5f987dc8d57835919748d71589fafeb33ff1dec45048eb72eda3cf9"},
    {file = "cyclonedx_python_lib-7.6.0.tar.gz", hash = "sha256:fa481d5f0d82728cb6a32e55f8ba9c666ba75a2bd99eb643228e3011c56bb5c4"},
]

Would it be possible for you to adjust this, or let me know what I could do otherwise? Thank you!
@jkowalleck
Copy link
Member

Hello @lucamrgs

According to #633 (comment)
I'd invite you to provide the missing features.
Just open a pullrequest with the according implementation and tests.

@jkowalleck jkowalleck added the help wanted Extra attention is needed label Sep 16, 2024
@lucamrgs
Copy link
Author

Hi @jkowalleck, thanks for the note. Unfortunately I do not have extensive time to go through the project architecture and understand exactly how to modify the code, to implement the change consistently. I.e., I think it would take me some time.

Since it's still a somewhat minor change and related to implementing correctly the CDX spec, would you know anyone who would be able to implement it quickly?

I'd still try to give it a go if not. Thank you for consideration.

@jkowalleck jkowalleck added enhancement New feature or request schema 1.6 labels Sep 19, 2024
@jkowalleck
Copy link
Member

I'd still try to give it a go if not. Thank you for consideration.

take your time, no rush.

It is always best to have the users of a library themselves implement the features they need, since they know their constraints best and could provide proper test cases.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request help wanted Extra attention is needed schema 1.6
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jkowalleck @lucamrgs