Merge branch 'main' into 578_support_component_evidence_identity

.flake8

@@ -22,3 +22,22 @@ ignore =
     # > Despite being in the best practice section, this will soon be considered an anti-pattern.
     # So lets ignore this "suggestion" that is actually an anti-pattern already!
     W503
+
+## https://pypi.org/project/flake8-copyright-validator/
+copyright-text =
+    '# This file is part of CycloneDX Python Library'
+    '#'
+    '# Licensed under the Apache License, Version 2.0 (the "License");'
+    '# you may not use this file except in compliance with the License.'
+    '# You may obtain a copy of the License at'
+    '#'
+    '#     http://www.apache.org/licenses/LICENSE-2.0'
+    '#'
+    '# Unless required by applicable law or agreed to in writing, software'
+    '# distributed under the License is distributed on an "AS IS" BASIS,'
+    '# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.'
+    '# See the License for the specific language governing permissions and'
+    '# limitations under the License.'
+    '#'
+    '# SPDX-License-Identifier: Apache-2.0'
+    '# Copyright (c) OWASP Foundation. All Rights Reserved.'

CHANGELOG.md

@@ -2,6 +2,25 @@
 
 
 
+## v7.6.0 (2024-08-14)
+
+### Feature
+
+* feat: `HashType.from_composite_str` for Blake2b, SHA3, Blake3 (#663)
+
+The code mistreated hashes for Blake2b and SHA3.
+Code for explicitly handling SHA1 & BLAKE3 was added, as those have no
+variants defined in the CycloneDX specification.
+
+fixes #652
+
+---------
+
+Signed-off-by: Michael Schlenker <michael.schlenker@contact-software.com>
+Co-authored-by: Michael Schlenker <michael.schlenker@contact-software.com>
+Co-authored-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`c59036e`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/c59036e06ddc97284f82efbbc168dc2d89d090d1))
+
+
 ## v7.5.1 (2024-07-08)
 
 ### Fix

cyclonedx/__init__.py

@@ -1,3 +1,5 @@
+# This file is part of CycloneDX Python Library
+#
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
@@ -20,4 +22,4 @@
 
 # !! version is managed by semantic_release
 # do not use typing here, or else `semantic_release` might have issues finding the variable
-__version__ = "7.5.1"  # noqa:Q000
+__version__ = "7.6.0"  # noqa:Q000

cyclonedx/_internal/__init__.py

@@ -1,3 +1,5 @@
+# This file is part of CycloneDX Python Library
+#
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at

cyclonedx/_internal/compare.py

@@ -1,3 +1,5 @@
+# This file is part of CycloneDX Python Library
+#
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at

cyclonedx/_internal/hash.py

@@ -1,3 +1,5 @@
+# This file is part of CycloneDX Python Library
+#
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at

cyclonedx/_internal/time.py

@@ -1,3 +1,5 @@
+# This file is part of CycloneDX Python Library
+#
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at

cyclonedx/exception/__init__.py

@@ -1,3 +1,5 @@
+# This file is part of CycloneDX Python Library
+#
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at

cyclonedx/exception/factory.py

@@ -1,3 +1,5 @@
+# This file is part of CycloneDX Python Library
+#
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at

cyclonedx/exception/model.py

@@ -1,3 +1,5 @@
+# This file is part of CycloneDX Python Library
+#
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at

cyclonedx/exception/output.py

@@ -1,3 +1,5 @@
+# This file is part of CycloneDX Python Library
+#
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at

cyclonedx/exception/serialization.py

@@ -1,3 +1,5 @@
+# This file is part of CycloneDX Python Library
+#
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at

cyclonedx/factory/__init__.py

@@ -1,3 +1,5 @@
+# This file is part of CycloneDX Python Library
+#
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at

cyclonedx/factory/license.py

@@ -1,3 +1,5 @@
+# This file is part of CycloneDX Python Library
+#
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at

cyclonedx/model/__init__.py

@@ -1,3 +1,5 @@
+# This file is part of CycloneDX Python Library
+#
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
@@ -418,6 +420,11 @@ def from_composite_str(composite_hash: str) -> 'HashType':
                 Composite Hash string of the format `HASH_ALGORITHM`:`HASH_VALUE`.
                 Example: `sha256:806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b`.
 
+                Valid case insensitive prefixes are:
+                `md5`, `sha1`, `sha256`, `sha384`, `sha512`, `blake2b256`, `blake2b384`, `blake2b512`,
+                `blake2256`, `blake2384`, `blake2512`, `sha3-256`, `sha3-384`, `sha3-512`,
+                `blake3`.
+
         Raises:
             `UnknownHashTypeException` if the type of hash cannot be determined.
 
@@ -432,17 +439,37 @@ def from_composite_str(composite_hash: str) -> 'HashType':
                 alg=HashAlgorithm.MD5,
                 content=parts[1].lower()
             )
+        elif algorithm_prefix[0:4] == 'sha3':
+            return HashType(
+                alg=getattr(HashAlgorithm, f'SHA3_{algorithm_prefix[5:]}'),
+                content=parts[1].lower()
+            )
+        elif algorithm_prefix == 'sha1':
+            return HashType(
+                alg=HashAlgorithm.SHA_1,
+                content=parts[1].lower()
+            )
         elif algorithm_prefix[0:3] == 'sha':
+            # This is actually SHA2...
             return HashType(
                 alg=getattr(HashAlgorithm, f'SHA_{algorithm_prefix[3:]}'),
                 content=parts[1].lower()
             )
+        elif algorithm_prefix[0:7] == 'blake2b':
+            return HashType(
+                alg=getattr(HashAlgorithm, f'BLAKE2B_{algorithm_prefix[7:]}'),
+                content=parts[1].lower()
+            )
         elif algorithm_prefix[0:6] == 'blake2':
             return HashType(
-                alg=getattr(HashAlgorithm, f'BLAKE2b_{algorithm_prefix[6:]}'),
+                alg=getattr(HashAlgorithm, f'BLAKE2B_{algorithm_prefix[6:]}'),
+                content=parts[1].lower()
+            )
+        elif algorithm_prefix[0:6] == 'blake3':
+            return HashType(
+                alg=HashAlgorithm.BLAKE3,
                 content=parts[1].lower()
             )
-
         raise UnknownHashTypeException(f'Unable to determine hash type from {composite_hash!r}')
 
     def __init__(

cyclonedx/model/bom.py

@@ -1,4 +1,4 @@
-# This file is part of CycloneDX Python Lib
+# This file is part of CycloneDX Python Library
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

cyclonedx/model/bom_ref.py

@@ -1,4 +1,4 @@
-# This file is part of CycloneDX Python Lib
+# This file is part of CycloneDX Python Library
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

cyclonedx/model/component.py

@@ -1,4 +1,4 @@
-# This file is part of CycloneDX Python Lib
+# This file is part of CycloneDX Python Library
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

cyclonedx/model/contact.py

@@ -1,3 +1,5 @@
+# This file is part of CycloneDX Python Library
+#
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at

cyclonedx/model/crypto.py

@@ -1,4 +1,4 @@
-# This file is part of CycloneDX Python Lib
+# This file is part of CycloneDX Python Library
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

cyclonedx/model/dependency.py

@@ -1,4 +1,4 @@
-# This file is part of CycloneDX Python Lib
+# This file is part of CycloneDX Python Library
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

cyclonedx/model/impact_analysis.py

@@ -1,4 +1,4 @@
-# This file is part of CycloneDX Python Lib
+# This file is part of CycloneDX Python Library
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

cyclonedx/model/issue.py

@@ -1,3 +1,5 @@
+# This file is part of CycloneDX Python Library
+#
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at

cyclonedx/model/license.py

@@ -1,5 +1,5 @@
-# encoding: utf-8
-
+# This file is part of CycloneDX Python Library
+#
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at

cyclonedx/model/release_note.py

@@ -1,4 +1,4 @@
-# This file is part of CycloneDX Python Lib
+# This file is part of CycloneDX Python Library
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

cyclonedx/model/service.py

@@ -1,3 +1,5 @@
+# This file is part of CycloneDX Python Library
+#
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at

cyclonedx/model/vulnerability.py

@@ -1,4 +1,4 @@
-# This file is part of CycloneDX Python Lib
+# This file is part of CycloneDX Python Library
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

cyclonedx/output/__init__.py

@@ -1,3 +1,5 @@
+# This file is part of CycloneDX Python Library
+#
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at

cyclonedx/output/json.py

@@ -1,4 +1,4 @@
-# This file is part of CycloneDX Python Lib
+# This file is part of CycloneDX Python Library
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

cyclonedx/output/xml.py

@@ -1,4 +1,4 @@
-# This file is part of CycloneDX Python Lib
+# This file is part of CycloneDX Python Library
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

cyclonedx/schema/__init__.py

@@ -1,3 +1,5 @@
+# This file is part of CycloneDX Python Library
+#
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at

cyclonedx/schema/_res/__init__.py

@@ -1,3 +1,5 @@
+# This file is part of CycloneDX Python Library
+#
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at

cyclonedx/schema/schema.py

@@ -1,4 +1,4 @@
-# This file is part of CycloneDX Python Lib
+# This file is part of CycloneDX Python Library
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

cyclonedx/serialization/__init__.py

@@ -1,3 +1,5 @@
+# This file is part of CycloneDX Python Library
+#
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at

cyclonedx/spdx.py

@@ -1,3 +1,5 @@
+# This file is part of CycloneDX Python Library
+#
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at

cyclonedx/validation/__init__.py

@@ -1,3 +1,5 @@
+# This file is part of CycloneDX Python Library
+#
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at

cyclonedx/validation/json.py

@@ -1,3 +1,5 @@
+# This file is part of CycloneDX Python Library
+#
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at

cyclonedx/validation/model.py

@@ -1,3 +1,5 @@
+# This file is part of CycloneDX Python Library
+#
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at

cyclonedx/validation/xml.py

@@ -1,3 +1,5 @@
+# This file is part of CycloneDX Python Library
+#
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at

docs/conf.py

@@ -20,7 +20,7 @@
 
 # The full version, including alpha/beta/rc tags
 # !! version is managed by semantic_release
-release = '7.5.1'
+release = '7.6.0'
 
 # -- General configuration ---------------------------------------------------
 

docs/requirements.txt

@@ -1,4 +1,4 @@
 m2r2>=0.3.2
-sphinx>=7.2.6,<8
+sphinx>=7.2.6,<9
 sphinx-autoapi>=3.0.0,<4
 sphinx-rtd-theme>=2.0.0,<3

examples/complex_deserialize.py

@@ -1,4 +1,4 @@
-# This file is part of CycloneDX Python Lib
+# This file is part of CycloneDX Python Library
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

examples/complex_serialize.py

@@ -1,4 +1,4 @@
-# This file is part of CycloneDX Python Lib
+# This file is part of CycloneDX Python Library
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

pyproject.toml

@@ -5,7 +5,7 @@ build-backend = "poetry.core.masonry.api"
 [tool.poetry]
 name = "cyclonedx-python-lib"
 # !! version is managed by semantic_release
-version = "7.5.1"
+version = "7.6.0"
 description = "Python library for CycloneDX"
 authors = [
   "Paul Horton <phorton@sonatype.com>",
@@ -82,18 +82,19 @@ xml-validation = ["lxml"]
 
 [tool.poetry.group.dev.dependencies]
 ddt = "1.7.2"
-coverage = "7.6.0"
-flake8 = { version="7.1.0", python=">=3.8.1" }
+coverage = "7.6.1"
+flake8 = { version="7.1.1", python=">=3.8.1" }
 flake8-annotations = { version="3.1.1", python=">=3.8.1" }
-flake8-bugbear = { version="24.4.26", python=">=3.8.1" }
+flake8-bugbear = { version="24.8.19", python=">=3.8.1" }
+flake8-copyright-validator = "0.0.1"
 flake8-isort = "6.1.1"
 flake8-quotes = "3.4.0"
 flake8-use-fstring = "1.4"
 pep8-naming = "0.14.1"
 isort = "5.13.2"
 autopep8 = "2.3.1"
-mypy = "1.11.0"
-tox = "4.16.0"
+mypy = "1.11.2"
+tox = "4.18.1"
 xmldiff = "2.7.0"
 bandit = "1.7.9"
 

tests/__init__.py

@@ -1,4 +1,4 @@
-# This file is part of CycloneDX Python Lib
+# This file is part of CycloneDX Python Library
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.