JSON unit tests now passing - still have CycloneDX/specification#146 to workaround which breaks Dependency (de-)serialization for JSON

madpah · madpah · commit a18569116a99 · 2023-01-27T10:48:57.000Z
Signed-off-by: Paul Horton &lt;paul.horton@owasp.org&gt;
diff --git a/poetry.lock b/poetry.lock
diff --git a/pyproject.toml b/pyproject.toml
@@ -48,7 +48,7 @@ keywords = [
 python = "^3.7"
 importlib-metadata = { version = ">= 3.4", python = "< 3.8" }
 packageurl-python = ">= 0.9"
-py-serializable = "^0.9.1"
+py-serializable = "^0.9.2"
 setuptools = ">= 47.0.0"
 toml = "^0.10.0"
 sortedcontainers = "^2.4.0"
diff --git a/requirements.lowest.txt b/requirements.lowest.txt
@@ -2,7 +2,7 @@
 # see pyptoject file for ranges
 
 packageurl-python == 0.9.0
-py-serializable == 0.9.1
+py-serializable == 0.9.2
 importlib-metadata == 3.4.0 # ; python_version < '3.8'
 setuptools == 47.0.0
 types-setuptools == 57.0.0
diff --git a/tests/data.py b/tests/data.py
@@ -91,6 +91,7 @@
 MOCK_UUID_9 = UUID('859ff614-35a7-4d37-803b-d89130cb2577')
 MOCK_UUID_10 = UUID('0afa65bc-4acd-428b-9e17-8e97b1969745')
 MOCK_BOM_UUID_1 = UUID('3e671687-395b-41f5-a30f-a58921a69b79')
+MOCK_BOM_UUID_2 = UUID('d0b24ba4-102b-497e-b31f-4fdc3f0a3005')
 
 TEST_UUIDS = [
     UUID(MOCK_UUID_1), UUID(MOCK_UUID_2), UUID(MOCK_UUID_3), UUID(MOCK_UUID_4), UUID(MOCK_UUID_5), UUID(MOCK_UUID_6)
diff --git a/tests/fixtures/json/1.2/bom_services_complex.json b/tests/fixtures/json/1.2/bom_services_complex.json
@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.2b.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.2",
-  "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",
+  "serialNumber": "urn:uuid:d0b24ba4-102b-497e-b31f-4fdc3f0a3005",
   "version": 1,
   "metadata": {
-    "timestamp": "2021-09-01T10:50:42.051979+00:00",
+    "timestamp": "2023-01-07T13:44:32.312678+00:00",
     "tools": [
       {
         "vendor": "CycloneDX",
diff --git a/tests/fixtures/json/1.2/bom_services_nested.json b/tests/fixtures/json/1.2/bom_services_nested.json
@@ -8,7 +8,7 @@
       "type": "library",
       "version": "1.0.0"
     },
-    "timestamp": "2022-01-27T16:16:35.622354+00:00",
+    "timestamp": "2023-01-07T13:44:32.312678+00:00",
     "tools": [
       {
         "name": "cyclonedx-python-lib",
@@ -17,7 +17,7 @@
       }
     ]
   },
-  "serialNumber": "urn:uuid:1d2c4529-8cf8-447d-b2a1-e4ebb610adb9",
+  "serialNumber": "urn:uuid:d0b24ba4-102b-497e-b31f-4fdc3f0a3005",
   "services": [
     {
       "authenticated": false,
diff --git a/tests/fixtures/json/1.2/bom_services_simple.json b/tests/fixtures/json/1.2/bom_services_simple.json
@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.2b.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.2",
-  "serialNumber": "urn:uuid:228f339b-f73c-4379-af8e-3ad09dbde1d8",
+  "serialNumber": "urn:uuid:d0b24ba4-102b-497e-b31f-4fdc3f0a3005",
   "version": 1,
   "metadata": {
-    "timestamp": "2023-01-07T13:45:57.753759+00:00",
+    "timestamp": "2023-01-07T13:44:32.312678+00:00",
     "tools": [
       {
         "vendor": "CycloneDX",
diff --git a/tests/fixtures/json/1.2/bom_setuptools_complete.json b/tests/fixtures/json/1.2/bom_setuptools_complete.json
@@ -5,7 +5,7 @@
   "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",
   "version": 1,
   "metadata": {
-    "timestamp": "2021-09-01T10:50:42.051979+00:00",
+    "timestamp": "2023-01-07T13:44:32.312678+00:00",
     "tools": [
       {
         "vendor": "CycloneDX",
diff --git a/tests/fixtures/json/1.2/bom_setuptools_no_version.json b/tests/fixtures/json/1.2/bom_setuptools_no_version.json
@@ -0,0 +1,37 @@
+{
+  "$schema": "http://cyclonedx.org/schema/bom-1.2b.schema.json",
+  "bomFormat": "CycloneDX",
+  "specVersion": "1.3",
+  "serialNumber": "urn:uuid:77d15ab9-5602-4cca-8ed2-59ae579aafd3",
+  "version": 1,
+  "metadata": {
+    "timestamp": "2023-01-07T13:44:32.312678+00:00",
+    "tools": [
+      {
+        "vendor": "CycloneDX",
+        "name": "cyclonedx-python-lib",
+        "version": "TESTING"
+      }
+    ]
+  },
+  "components": [
+    {
+      "type": "library",
+      "bom-ref": "pkg:pypi/setuptools?extension=tar.gz",
+      "author": "Test Author",
+      "name": "setuptools",
+      "version": "",
+      "licenses": [
+        {
+          "expression": "MIT License"
+        }
+      ],
+      "purl": "pkg:pypi/setuptools?extension=tar.gz"
+    }
+  ],
+  "dependencies": [
+    {
+      "ref": "pkg:pypi/setuptools?extension=tar.gz"
+    }
+  ]
+}
diff --git a/tests/fixtures/json/1.2/bom_toml_1.json b/tests/fixtures/json/1.2/bom_toml_1.json
@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.2b.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.2",
-  "serialNumber": "urn:uuid:f60062dc-9bb8-4415-be36-78f0c52c5c64",
+  "serialNumber": "urn:uuid:6f266d1c-760f-4552-ae3b-41a9b74232fa",
   "version": 1,
   "metadata": {
-    "timestamp": "2023-01-07T13:45:57.552271+00:00",
+    "timestamp": "2023-01-07T13:44:32.312678+00:00",
     "tools": [
       {
         "vendor": "CycloneDX",
diff --git a/tests/fixtures/json/1.2/bom_with_full_metadata.json b/tests/fixtures/json/1.2/bom_with_full_metadata.json
@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.2b.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.2",
-  "serialNumber": "urn:uuid:47f912c6-4879-4f4b-ae9c-2cf51f15be08",
+  "serialNumber": "urn:uuid:d0b24ba4-102b-497e-b31f-4fdc3f0a3005",
   "version": 1,
   "metadata": {
-    "timestamp": "2023-01-07T13:45:57.775590+00:00",
+    "timestamp": "2023-01-07T13:44:32.312678+00:00",
     "tools": [
       {
         "vendor": "CycloneDX",
diff --git a/tests/fixtures/json/1.3/bom_services_complex.json b/tests/fixtures/json/1.3/bom_services_complex.json
@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.3a.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.3",
-  "serialNumber": "urn:uuid:401351ba-6438-4b6d-8f6f-f10f1ae41f8b",
+  "serialNumber": "urn:uuid:d0b24ba4-102b-497e-b31f-4fdc3f0a3005",
   "version": 1,
   "metadata": {
-    "timestamp": "2023-01-07T13:45:58.031955+00:00",
+    "timestamp": "2023-01-07T13:44:32.312678+00:00",
     "tools": [
       {
         "vendor": "CycloneDX",
diff --git a/tests/fixtures/json/1.3/bom_services_nested.json b/tests/fixtures/json/1.3/bom_services_nested.json
@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.3a.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.3",
-  "serialNumber": "urn:uuid:6ae24228-acba-422e-bc82-450a230cf04d",
+  "serialNumber": "urn:uuid:d0b24ba4-102b-497e-b31f-4fdc3f0a3005",
   "version": 1,
   "metadata": {
-    "timestamp": "2023-01-07T13:45:58.058446+00:00",
+    "timestamp": "2023-01-07T13:44:32.312678+00:00",
     "tools": [
       {
         "vendor": "CycloneDX",
diff --git a/tests/fixtures/json/1.3/bom_services_simple.json b/tests/fixtures/json/1.3/bom_services_simple.json
@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.3a.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.3",
-  "serialNumber": "urn:uuid:e3ad515c-a48a-44d8-a17f-ed11e6a68a1a",
+  "serialNumber": "urn:uuid:d0b24ba4-102b-497e-b31f-4fdc3f0a3005",
   "version": 1,
   "metadata": {
-    "timestamp": "2023-01-07T13:45:58.086656+00:00",
+    "timestamp": "2023-01-07T13:44:32.312678+00:00",
     "tools": [
       {
         "vendor": "CycloneDX",
diff --git a/tests/fixtures/json/1.3/bom_setuptools_complete.json b/tests/fixtures/json/1.3/bom_setuptools_complete.json
@@ -5,7 +5,7 @@
   "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",
   "version": 1,
   "metadata": {
-    "timestamp": "2021-09-01T10:50:42.051979+00:00",
+    "timestamp": "2023-01-07T13:44:32.312678+00:00",
     "tools": [
       {
         "vendor": "CycloneDX",
diff --git a/tests/fixtures/json/1.3/bom_setuptools_no_version.json b/tests/fixtures/json/1.3/bom_setuptools_no_version.json
@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.3a.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.3",
-  "serialNumber": "urn:uuid:3e6b7d74-47af-41c2-b716-aefdc229aa23",
+  "serialNumber": "urn:uuid:77d15ab9-5602-4cca-8ed2-59ae579aafd3",
   "version": 1,
   "metadata": {
-    "timestamp": "2023-01-07T13:45:58.008536+00:00",
+    "timestamp": "2023-01-07T13:44:32.312678+00:00",
     "tools": [
       {
         "vendor": "CycloneDX",
diff --git a/tests/fixtures/json/1.3/bom_toml_1.json b/tests/fixtures/json/1.3/bom_toml_1.json
@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.3a.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.3",
-  "serialNumber": "urn:uuid:71dc0b05-ae55-4384-8469-1a7755874d6a",
+  "serialNumber": "urn:uuid:6f266d1c-760f-4552-ae3b-41a9b74232fa",
   "version": 1,
   "metadata": {
-    "timestamp": "2023-01-07T13:45:57.806505+00:00",
+    "timestamp": "2023-01-07T13:44:32.312678+00:00",
     "tools": [
       {
         "vendor": "CycloneDX",
diff --git a/tests/fixtures/json/1.3/bom_with_full_metadata.json b/tests/fixtures/json/1.3/bom_with_full_metadata.json
@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.3a.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.3",
-  "serialNumber": "urn:uuid:7e20a198-96d1-4b79-8207-56a34598c9f1",
+  "serialNumber": "urn:uuid:d0b24ba4-102b-497e-b31f-4fdc3f0a3005",
   "version": 1,
   "metadata": {
-    "timestamp": "2023-01-07T13:45:58.110075+00:00",
+    "timestamp": "2023-01-07T13:44:32.312678+00:00",
     "tools": [
       {
         "vendor": "CycloneDX",
diff --git a/tests/fixtures/json/1.4/bom_services_complex.json b/tests/fixtures/json/1.4/bom_services_complex.json
@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.4",
-  "serialNumber": "urn:uuid:8b7d855f-b826-4548-9cba-4c018b9afd7c",
+  "serialNumber": "urn:uuid:d0b24ba4-102b-497e-b31f-4fdc3f0a3005",
   "version": 1,
   "metadata": {
-    "timestamp": "2023-01-07T13:45:58.980752+00:00",
+    "timestamp": "2023-01-07T13:44:32.312678+00:00",
     "tools": [
       {
         "vendor": "CycloneDX",
diff --git a/tests/fixtures/json/1.4/bom_services_nested.json b/tests/fixtures/json/1.4/bom_services_nested.json
@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.4",
-  "serialNumber": "urn:uuid:b743da1e-8e6d-464d-bc2e-2295d136c9f4",
+  "serialNumber": "urn:uuid:d0b24ba4-102b-497e-b31f-4fdc3f0a3005",
   "version": 1,
   "metadata": {
-    "timestamp": "2023-01-07T13:45:59.022478+00:00",
+    "timestamp": "2023-01-07T13:44:32.312678+00:00",
     "tools": [
       {
         "vendor": "CycloneDX",
diff --git a/tests/fixtures/json/1.4/bom_services_simple.json b/tests/fixtures/json/1.4/bom_services_simple.json
@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.4",
-  "serialNumber": "urn:uuid:fece92d9-75d7-4e94-ad5e-5cc18a621b47",
+  "serialNumber": "urn:uuid:d0b24ba4-102b-497e-b31f-4fdc3f0a3005",
   "version": 1,
   "metadata": {
-    "timestamp": "2023-01-07T13:45:59.063187+00:00",
+    "timestamp": "2023-01-07T13:44:32.312678+00:00",
     "tools": [
       {
         "vendor": "CycloneDX",
diff --git a/tests/fixtures/json/1.4/bom_setuptools_no_version.json b/tests/fixtures/json/1.4/bom_setuptools_no_version.json
@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.4",
-  "serialNumber": "urn:uuid:46d26437-5d99-4915-be3f-9fd53fcaa782",
+  "serialNumber": "urn:uuid:77d15ab9-5602-4cca-8ed2-59ae579aafd3",
   "version": 1,
   "metadata": {
-    "timestamp": "2023-01-07T13:45:58.943672+00:00",
+    "timestamp": "2023-01-07T13:44:32.312678+00:00",
     "tools": [
       {
         "vendor": "CycloneDX",
diff --git a/tests/fixtures/json/1.4/bom_setuptools_with_vulnerabilities.json b/tests/fixtures/json/1.4/bom_setuptools_with_vulnerabilities.json
@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.4",
-  "serialNumber": "urn:uuid:313807bd-6f7c-4016-95d0-84c2273c3e65",
+  "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",
   "version": 1,
   "metadata": {
-    "timestamp": "2023-01-07T13:45:58.703824+00:00",
+    "timestamp": "2023-01-07T13:44:32.312678+00:00",
     "tools": [
       {
         "vendor": "CycloneDX",
diff --git a/tests/fixtures/json/1.4/bom_toml_1.json b/tests/fixtures/json/1.4/bom_toml_1.json
@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.4",
-  "serialNumber": "urn:uuid:6b822a8f-bb36-47ff-a9e8-321a3a16a46a",
+  "serialNumber": "urn:uuid:6f266d1c-760f-4552-ae3b-41a9b74232fa",
   "version": 1,
   "metadata": {
-    "timestamp": "2023-01-07T13:45:58.628816+00:00",
+    "timestamp": "2023-01-07T13:44:32.312678+00:00",
     "tools": [
       {
         "vendor": "CycloneDX",
diff --git a/tests/fixtures/json/1.4/bom_with_full_metadata.json b/tests/fixtures/json/1.4/bom_with_full_metadata.json
@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.4",
-  "serialNumber": "urn:uuid:cefd0380-8626-476c-ae2d-956079d6d4b2",
+  "serialNumber": "urn:uuid:d0b24ba4-102b-497e-b31f-4fdc3f0a3005",
   "version": 1,
   "metadata": {
-    "timestamp": "2023-01-07T13:45:59.098229+00:00",
+    "timestamp": "2023-01-07T13:44:32.312678+00:00",
     "tools": [
       {
         "vendor": "CycloneDX",
diff --git a/tests/test_deserialize_json.py b/tests/test_deserialize_json.py

Original file line number	Diff line number	Diff line change
`@@ -8,7 +8,7 @@`
`8`	`8`	`"type": "library",`
`9`	`9`	`"version": "1.0.0"`
`10`	`10`	`},`
`11`		`- "timestamp": "2022-01-27T16:16:35.622354+00:00",`
	`11`	`+ "timestamp": "2023-01-07T13:44:32.312678+00:00",`
`12`	`12`	`"tools": [`
`13`	`13`	`{`
`14`	`14`	`"name": "cyclonedx-python-lib",`
`@@ -17,7 +17,7 @@`
`17`	`17`	`}`
`18`	`18`	`]`
`19`	`19`	`},`
`20`		`- "serialNumber": "urn:uuid:1d2c4529-8cf8-447d-b2a1-e4ebb610adb9",`
	`20`	`+ "serialNumber": "urn:uuid:d0b24ba4-102b-497e-b31f-4fdc3f0a3005",`
`21`	`21`	`"services": [`
`22`	`22`	`{`
`23`	`23`	`"authenticated": false,`
Original file line number	Diff line number	Diff line change
`@@ -5,7 +5,7 @@`
`5`	`5`	`"serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",`
`6`	`6`	`"version": 1,`
`7`	`7`	`"metadata": {`
`8`		`- "timestamp": "2021-09-01T10:50:42.051979+00:00",`
	`8`	`+ "timestamp": "2023-01-07T13:44:32.312678+00:00",`
`9`	`9`	`"tools": [`
`10`	`10`	`{`
`11`	`11`	`"vendor": "CycloneDX",`