wip: serialization tests to XMl passing for 1.4

Signed-off-by: Paul Horton <[email protected]>

Author: madpah

cyclonedx/model/bom.py

@@ -173,7 +173,7 @@ def supplier(self, supplier: Optional[OrganizationalEntity]) -> None:
         self._supplier = supplier
 
     @property  # type: ignore[misc]
-    @serializable.xml_array(serializable.XmlArraySerializationType.FLAT, '')
+    @serializable.xml_array(serializable.XmlArraySerializationType.FLAT, 'licenses')
     @serializable.xml_sequence(7)
     def licenses(self) -> "SortedSet[LicenseChoice]":
         """
@@ -475,11 +475,11 @@ def register_dependency(self, target: Dependable, depends_on: Optional[Iterable[
 
         if _d and depends_on:
             _d.dependencies = _d.dependencies + set(
-                map(lambda _d: Dependency(ref=_d), depends_on)) if depends_on else []
-        else:
+                map(lambda _d: Dependency(ref=_d.bom_ref), depends_on)) if depends_on else []
+        elif not _d:
             self._dependencies.add(Dependency(
                 ref=target.bom_ref,
-                dependencies=list(map(lambda _d: Dependency(ref=_d), depends_on)) if depends_on else []
+                dependencies=list(map(lambda _d: Dependency(ref=_d.bom_ref), depends_on)) if depends_on else []
             ))
 
     def urn(self) -> str:
@@ -508,6 +508,8 @@ def validate(self) -> bool:
 
         dependency_diff = all_dependency_bom_refs - all_bom_refs
         if len(dependency_diff) > 0:
+            print(f'All Bom Refs: {all_bom_refs}')
+            print(f'All Dep Bom Refs: {all_dependency_bom_refs}')
             raise UnknownComponentDependencyException(
                 f'One or more Components have Dependency references to Components/Services that are not known in this '
                 f'BOM. They are: {dependency_diff}')

cyclonedx/model/component.py

@@ -27,10 +27,8 @@
 from packageurl import PackageURL  # type: ignore
 from sortedcontainers import SortedSet
 
-from cyclonedx.serialization import BomRefHelper
-
 from ..exception.model import NoPropertiesProvidedException
-from ..serialization import PackageUrl
+from ..serialization import BomRefHelper, PackageUrl
 from . import (
     AttachedText,
     ComparableTuple,
@@ -74,7 +72,8 @@ def __init__(self, *, uid: Optional[str] = None, url: Optional[XsUri] = None,
         self.committer = committer
         self.message = message
 
-    @property
+    @property  # type: ignore[misc]
+    @serializable.xml_sequence(1)
     def uid(self) -> Optional[str]:
         """
         A unique identifier of the commit. This may be version control specific. For example, Subversion uses revision
@@ -89,7 +88,8 @@ def uid(self) -> Optional[str]:
     def uid(self, uid: Optional[str]) -> None:
         self._uid = uid
 
-    @property
+    @property  # type: ignore[misc]
+    @serializable.xml_sequence(2)
     def url(self) -> Optional[XsUri]:
         """
         The URL to the commit. This URL will typically point to a commit in a version control system.
@@ -103,7 +103,8 @@ def url(self) -> Optional[XsUri]:
     def url(self, url: Optional[XsUri]) -> None:
         self._url = url
 
-    @property
+    @property  # type: ignore[misc]
+    @serializable.xml_sequence(3)
     def author(self) -> Optional[IdentifiableAction]:
         """
         The author who created the changes in the commit.
@@ -117,7 +118,8 @@ def author(self) -> Optional[IdentifiableAction]:
     def author(self, author: Optional[IdentifiableAction]) -> None:
         self._author = author
 
-    @property
+    @property  # type: ignore[misc]
+    @serializable.xml_sequence(4)
     def committer(self) -> Optional[IdentifiableAction]:
         """
         The person who committed or pushed the commit
@@ -131,7 +133,8 @@ def committer(self) -> Optional[IdentifiableAction]:
     def committer(self, committer: Optional[IdentifiableAction]) -> None:
         self._committer = committer
 
-    @property
+    @property  # type: ignore[misc]
+    @serializable.xml_sequence(5)
     def message(self) -> Optional[str]:
         """
         The text description of the contents of the commit.
@@ -378,7 +381,8 @@ def diff(self) -> Optional[Diff]:
     def diff(self, diff: Optional[Diff]) -> None:
         self._diff = diff
 
-    @property
+    @property  # type: ignore[misc]
+    @serializable.xml_array(serializable.XmlArraySerializationType.NESTED, 'issue')
     def resolves(self) -> "SortedSet[IssueType]":
         """
         Optional list of issues resolved by this patch.
@@ -443,6 +447,7 @@ def __init__(self, *, ancestors: Optional[Iterable['Component']] = None,
 
     @property  # type: ignore[misc]
     @serializable.xml_array(serializable.XmlArraySerializationType.NESTED, 'component')
+    @serializable.xml_sequence(1)
     def ancestors(self) -> "SortedSet['Component']":
         """
         Describes zero or more components in which a component is derived from. This is commonly used to describe forks
@@ -464,6 +469,7 @@ def ancestors(self, ancestors: Iterable['Component']) -> None:
 
     @property  # type: ignore[misc]
     @serializable.xml_array(serializable.XmlArraySerializationType.NESTED, 'component')
+    @serializable.xml_sequence(2)
     def descendants(self) -> "SortedSet['Component']":
         """
         Descendants are the exact opposite of ancestors. This provides a way to document all forks (and their forks) of
@@ -480,6 +486,7 @@ def descendants(self, descendants: Iterable['Component']) -> None:
 
     @property  # type: ignore[misc]
     @serializable.xml_array(serializable.XmlArraySerializationType.NESTED, 'component')
+    @serializable.xml_sequence(3)
     def variants(self) -> "SortedSet['Component']":
         """
         Variants describe relations where the relationship between the components are not known. For example, if
@@ -497,6 +504,7 @@ def variants(self, variants: Iterable['Component']) -> None:
 
     @property  # type: ignore[misc]
     @serializable.xml_array(serializable.XmlArraySerializationType.NESTED, 'commit')
+    @serializable.xml_sequence(4)
     def commits(self) -> "SortedSet[Commit]":
         """
         A list of zero or more commits which provide a trail describing how the component deviates from an ancestor,
@@ -513,6 +521,7 @@ def commits(self, commits: Iterable[Commit]) -> None:
 
     @property  # type: ignore[misc]
     @serializable.xml_array(serializable.XmlArraySerializationType.NESTED, 'patch')
+    @serializable.xml_sequence(5)
     def patches(self) -> "SortedSet[Patch]":
         """
         A list of zero or more patches describing how the component deviates from an ancestor, descendant, or variant.
@@ -527,7 +536,8 @@ def patches(self) -> "SortedSet[Patch]":
     def patches(self, patches: Iterable[Patch]) -> None:
         self._patches = SortedSet(patches)
 
-    @property
+    @property  # type: ignore[misc]
+    @serializable.xml_sequence(6)
     def notes(self) -> Optional[str]:
         """
         Notes, observations, and other non-structured commentary describing the components pedigree.

cyclonedx/model/impact_analysis.py

@@ -17,6 +17,7 @@
 # SPDX-License-Identifier: Apache-2.0
 # Copyright (c) OWASP Foundation. All Rights Reserved.
 
+import serializable
 from enum import Enum
 
 """
@@ -29,6 +30,7 @@
 """
 
 
+@serializable.serializable_enum
 class ImpactAnalysisAffectedStatus(str, Enum):
     """
     Enum object that defines the permissible impact analysis affected states.
@@ -50,6 +52,7 @@ class ImpactAnalysisAffectedStatus(str, Enum):
     UNKNOWN = 'unknown'
 
 
+@serializable.serializable_enum
 class ImpactAnalysisJustification(str, Enum):
     """
     Enum object that defines the rationale of why the impact analysis state was asserted.
@@ -69,6 +72,7 @@ class ImpactAnalysisJustification(str, Enum):
     REQUIRES_ENVIRONMENT = 'requires_environment'
 
 
+@serializable.serializable_enum
 class ImpactAnalysisResponse(str, Enum):
     """
     Enum object that defines the valid rationales as to why the impact analysis state was asserted.
@@ -84,6 +88,7 @@ class ImpactAnalysisResponse(str, Enum):
     WORKAROUND_AVAILABLE = 'workaround_available'
 
 
+@serializable.serializable_enum
 class ImpactAnalysisState(str, Enum):
     """
     Enum object that defines the permissible impact analysis states.