diff --git a/.flake8 b/.flake8 index 831f1610..459cc557 100644 --- a/.flake8 +++ b/.flake8 @@ -22,3 +22,22 @@ ignore = # > Despite being in the best practice section, this will soon be considered an anti-pattern. # So lets ignore this "suggestion" that is actually an anti-pattern already! W503 + +## https://pypi.org/project/flake8-copyright-validator/ +copyright-text = + '# This file is part of CycloneDX Python Library' + '#' + '# Licensed under the Apache License, Version 2.0 (the "License");' + '# you may not use this file except in compliance with the License.' + '# You may obtain a copy of the License at' + '#' + '# http://www.apache.org/licenses/LICENSE-2.0' + '#' + '# Unless required by applicable law or agreed to in writing, software' + '# distributed under the License is distributed on an "AS IS" BASIS,' + '# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.' + '# See the License for the specific language governing permissions and' + '# limitations under the License.' + '#' + '# SPDX-License-Identifier: Apache-2.0' + '# Copyright (c) OWASP Foundation. All Rights Reserved.' diff --git a/CHANGELOG.md b/CHANGELOG.md index c3722703..525b95e9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,25 @@ +## v7.6.0 (2024-08-14) + +### Feature + +* feat: `HashType.from_composite_str` for Blake2b, SHA3, Blake3 (#663) + +The code mistreated hashes for Blake2b and SHA3. +Code for explicitly handling SHA1 & BLAKE3 was added, as those have no +variants defined in the CycloneDX specification. + +fixes #652 + +--------- + +Signed-off-by: Michael Schlenker <michael.schlenker@contact-software.com> +Co-authored-by: Michael Schlenker <michael.schlenker@contact-software.com> +Co-authored-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`c59036e`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/c59036e06ddc97284f82efbbc168dc2d89d090d1)) + + ## v7.5.1 (2024-07-08) ### Fix diff --git a/cyclonedx/__init__.py b/cyclonedx/__init__.py index 26e82d7b..3c6cd2df 100644 --- a/cyclonedx/__init__.py +++ b/cyclonedx/__init__.py @@ -1,3 +1,5 @@ +# This file is part of CycloneDX Python Library +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -20,4 +22,4 @@ # !! version is managed by semantic_release # do not use typing here, or else `semantic_release` might have issues finding the variable -__version__ = "7.5.1" # noqa:Q000 +__version__ = "7.6.0" # noqa:Q000 diff --git a/cyclonedx/_internal/__init__.py b/cyclonedx/_internal/__init__.py index edd63c05..4513dbac 100644 --- a/cyclonedx/_internal/__init__.py +++ b/cyclonedx/_internal/__init__.py @@ -1,3 +1,5 @@ +# This file is part of CycloneDX Python Library +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at diff --git a/cyclonedx/_internal/compare.py b/cyclonedx/_internal/compare.py index 08ebb75c..226fa615 100644 --- a/cyclonedx/_internal/compare.py +++ b/cyclonedx/_internal/compare.py @@ -1,3 +1,5 @@ +# This file is part of CycloneDX Python Library +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at diff --git a/cyclonedx/_internal/hash.py b/cyclonedx/_internal/hash.py index c025eaa2..4fc17f5e 100644 --- a/cyclonedx/_internal/hash.py +++ b/cyclonedx/_internal/hash.py @@ -1,3 +1,5 @@ +# This file is part of CycloneDX Python Library +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at diff --git a/cyclonedx/_internal/time.py b/cyclonedx/_internal/time.py index 2f3d50be..8a2a19d4 100644 --- a/cyclonedx/_internal/time.py +++ b/cyclonedx/_internal/time.py @@ -1,3 +1,5 @@ +# This file is part of CycloneDX Python Library +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at diff --git a/cyclonedx/exception/__init__.py b/cyclonedx/exception/__init__.py index ef1ce340..886b63d1 100644 --- a/cyclonedx/exception/__init__.py +++ b/cyclonedx/exception/__init__.py @@ -1,3 +1,5 @@ +# This file is part of CycloneDX Python Library +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at diff --git a/cyclonedx/exception/factory.py b/cyclonedx/exception/factory.py index 322e1fc3..2ddbb327 100644 --- a/cyclonedx/exception/factory.py +++ b/cyclonedx/exception/factory.py @@ -1,3 +1,5 @@ +# This file is part of CycloneDX Python Library +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at diff --git a/cyclonedx/exception/model.py b/cyclonedx/exception/model.py index 09e0656d..e301112c 100644 --- a/cyclonedx/exception/model.py +++ b/cyclonedx/exception/model.py @@ -1,3 +1,5 @@ +# This file is part of CycloneDX Python Library +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at diff --git a/cyclonedx/exception/output.py b/cyclonedx/exception/output.py index c3109f13..8b84c20a 100644 --- a/cyclonedx/exception/output.py +++ b/cyclonedx/exception/output.py @@ -1,3 +1,5 @@ +# This file is part of CycloneDX Python Library +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at diff --git a/cyclonedx/exception/serialization.py b/cyclonedx/exception/serialization.py index 9c947344..57b68e20 100644 --- a/cyclonedx/exception/serialization.py +++ b/cyclonedx/exception/serialization.py @@ -1,3 +1,5 @@ +# This file is part of CycloneDX Python Library +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at diff --git a/cyclonedx/factory/__init__.py b/cyclonedx/factory/__init__.py index 50e0bf37..ffb3ca2f 100644 --- a/cyclonedx/factory/__init__.py +++ b/cyclonedx/factory/__init__.py @@ -1,3 +1,5 @@ +# This file is part of CycloneDX Python Library +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at diff --git a/cyclonedx/factory/license.py b/cyclonedx/factory/license.py index c5e0ffd1..f96cb697 100644 --- a/cyclonedx/factory/license.py +++ b/cyclonedx/factory/license.py @@ -1,3 +1,5 @@ +# This file is part of CycloneDX Python Library +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at diff --git a/cyclonedx/model/__init__.py b/cyclonedx/model/__init__.py index 4edb50e1..213fdcf2 100644 --- a/cyclonedx/model/__init__.py +++ b/cyclonedx/model/__init__.py @@ -1,3 +1,5 @@ +# This file is part of CycloneDX Python Library +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -418,6 +420,11 @@ def from_composite_str(composite_hash: str) -> 'HashType': Composite Hash string of the format `HASH_ALGORITHM`:`HASH_VALUE`. Example: `sha256:806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b`. + Valid case insensitive prefixes are: + `md5`, `sha1`, `sha256`, `sha384`, `sha512`, `blake2b256`, `blake2b384`, `blake2b512`, + `blake2256`, `blake2384`, `blake2512`, `sha3-256`, `sha3-384`, `sha3-512`, + `blake3`. + Raises: `UnknownHashTypeException` if the type of hash cannot be determined. @@ -432,17 +439,37 @@ def from_composite_str(composite_hash: str) -> 'HashType': alg=HashAlgorithm.MD5, content=parts[1].lower() ) + elif algorithm_prefix[0:4] == 'sha3': + return HashType( + alg=getattr(HashAlgorithm, f'SHA3_{algorithm_prefix[5:]}'), + content=parts[1].lower() + ) + elif algorithm_prefix == 'sha1': + return HashType( + alg=HashAlgorithm.SHA_1, + content=parts[1].lower() + ) elif algorithm_prefix[0:3] == 'sha': + # This is actually SHA2... return HashType( alg=getattr(HashAlgorithm, f'SHA_{algorithm_prefix[3:]}'), content=parts[1].lower() ) + elif algorithm_prefix[0:7] == 'blake2b': + return HashType( + alg=getattr(HashAlgorithm, f'BLAKE2B_{algorithm_prefix[7:]}'), + content=parts[1].lower() + ) elif algorithm_prefix[0:6] == 'blake2': return HashType( - alg=getattr(HashAlgorithm, f'BLAKE2b_{algorithm_prefix[6:]}'), + alg=getattr(HashAlgorithm, f'BLAKE2B_{algorithm_prefix[6:]}'), + content=parts[1].lower() + ) + elif algorithm_prefix[0:6] == 'blake3': + return HashType( + alg=HashAlgorithm.BLAKE3, content=parts[1].lower() ) - raise UnknownHashTypeException(f'Unable to determine hash type from {composite_hash!r}') def __init__( diff --git a/cyclonedx/model/bom.py b/cyclonedx/model/bom.py index a36a5e10..0d423de8 100644 --- a/cyclonedx/model/bom.py +++ b/cyclonedx/model/bom.py @@ -1,4 +1,4 @@ -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/cyclonedx/model/bom_ref.py b/cyclonedx/model/bom_ref.py index 936092eb..faf47cf4 100644 --- a/cyclonedx/model/bom_ref.py +++ b/cyclonedx/model/bom_ref.py @@ -1,4 +1,4 @@ -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/cyclonedx/model/component.py b/cyclonedx/model/component.py index 682ad4c5..22e4cec9 100644 --- a/cyclonedx/model/component.py +++ b/cyclonedx/model/component.py @@ -1,4 +1,4 @@ -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/cyclonedx/model/contact.py b/cyclonedx/model/contact.py index dc42b1f7..a3cc2ed4 100644 --- a/cyclonedx/model/contact.py +++ b/cyclonedx/model/contact.py @@ -1,3 +1,5 @@ +# This file is part of CycloneDX Python Library +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at diff --git a/cyclonedx/model/crypto.py b/cyclonedx/model/crypto.py index 8dcab090..e1eda84e 100644 --- a/cyclonedx/model/crypto.py +++ b/cyclonedx/model/crypto.py @@ -1,4 +1,4 @@ -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/cyclonedx/model/dependency.py b/cyclonedx/model/dependency.py index 80582d86..98a5525c 100644 --- a/cyclonedx/model/dependency.py +++ b/cyclonedx/model/dependency.py @@ -1,4 +1,4 @@ -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/cyclonedx/model/impact_analysis.py b/cyclonedx/model/impact_analysis.py index 8e66e7ca..af1f5766 100644 --- a/cyclonedx/model/impact_analysis.py +++ b/cyclonedx/model/impact_analysis.py @@ -1,4 +1,4 @@ -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/cyclonedx/model/issue.py b/cyclonedx/model/issue.py index 1378fcc1..56bb6b76 100644 --- a/cyclonedx/model/issue.py +++ b/cyclonedx/model/issue.py @@ -1,3 +1,5 @@ +# This file is part of CycloneDX Python Library +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at diff --git a/cyclonedx/model/license.py b/cyclonedx/model/license.py index 1bde1248..58651370 100644 --- a/cyclonedx/model/license.py +++ b/cyclonedx/model/license.py @@ -1,5 +1,5 @@ -# encoding: utf-8 - +# This file is part of CycloneDX Python Library +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at diff --git a/cyclonedx/model/release_note.py b/cyclonedx/model/release_note.py index f79e16e7..a605350e 100644 --- a/cyclonedx/model/release_note.py +++ b/cyclonedx/model/release_note.py @@ -1,4 +1,4 @@ -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/cyclonedx/model/service.py b/cyclonedx/model/service.py index 3e3be565..46ce6c29 100644 --- a/cyclonedx/model/service.py +++ b/cyclonedx/model/service.py @@ -1,3 +1,5 @@ +# This file is part of CycloneDX Python Library +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at diff --git a/cyclonedx/model/vulnerability.py b/cyclonedx/model/vulnerability.py index 8c9528f4..13bb7b82 100644 --- a/cyclonedx/model/vulnerability.py +++ b/cyclonedx/model/vulnerability.py @@ -1,4 +1,4 @@ -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/cyclonedx/output/__init__.py b/cyclonedx/output/__init__.py index d6bcd19a..bbc4e532 100644 --- a/cyclonedx/output/__init__.py +++ b/cyclonedx/output/__init__.py @@ -1,3 +1,5 @@ +# This file is part of CycloneDX Python Library +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at diff --git a/cyclonedx/output/json.py b/cyclonedx/output/json.py index 525bd58d..403197b3 100644 --- a/cyclonedx/output/json.py +++ b/cyclonedx/output/json.py @@ -1,4 +1,4 @@ -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/cyclonedx/output/xml.py b/cyclonedx/output/xml.py index ffc94e89..604b6297 100644 --- a/cyclonedx/output/xml.py +++ b/cyclonedx/output/xml.py @@ -1,4 +1,4 @@ -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/cyclonedx/schema/__init__.py b/cyclonedx/schema/__init__.py index 7b454948..0b74ec7d 100644 --- a/cyclonedx/schema/__init__.py +++ b/cyclonedx/schema/__init__.py @@ -1,3 +1,5 @@ +# This file is part of CycloneDX Python Library +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at diff --git a/cyclonedx/schema/_res/__init__.py b/cyclonedx/schema/_res/__init__.py index 201fb24c..8ce859cc 100644 --- a/cyclonedx/schema/_res/__init__.py +++ b/cyclonedx/schema/_res/__init__.py @@ -1,3 +1,5 @@ +# This file is part of CycloneDX Python Library +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at diff --git a/cyclonedx/schema/schema.py b/cyclonedx/schema/schema.py index 79ae2eff..1dc7db27 100644 --- a/cyclonedx/schema/schema.py +++ b/cyclonedx/schema/schema.py @@ -1,4 +1,4 @@ -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/cyclonedx/serialization/__init__.py b/cyclonedx/serialization/__init__.py index 87aa5e79..427d0bf6 100644 --- a/cyclonedx/serialization/__init__.py +++ b/cyclonedx/serialization/__init__.py @@ -1,3 +1,5 @@ +# This file is part of CycloneDX Python Library +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at diff --git a/cyclonedx/spdx.py b/cyclonedx/spdx.py index 480165ae..8f7e30b1 100644 --- a/cyclonedx/spdx.py +++ b/cyclonedx/spdx.py @@ -1,3 +1,5 @@ +# This file is part of CycloneDX Python Library +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at diff --git a/cyclonedx/validation/__init__.py b/cyclonedx/validation/__init__.py index b7dda3f1..44c9634e 100644 --- a/cyclonedx/validation/__init__.py +++ b/cyclonedx/validation/__init__.py @@ -1,3 +1,5 @@ +# This file is part of CycloneDX Python Library +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at diff --git a/cyclonedx/validation/json.py b/cyclonedx/validation/json.py index 8a7dab8a..ebdd01e0 100644 --- a/cyclonedx/validation/json.py +++ b/cyclonedx/validation/json.py @@ -1,3 +1,5 @@ +# This file is part of CycloneDX Python Library +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at diff --git a/cyclonedx/validation/model.py b/cyclonedx/validation/model.py index c427e60f..1f8b6061 100644 --- a/cyclonedx/validation/model.py +++ b/cyclonedx/validation/model.py @@ -1,3 +1,5 @@ +# This file is part of CycloneDX Python Library +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at diff --git a/cyclonedx/validation/xml.py b/cyclonedx/validation/xml.py index 0adff2dc..2ba79890 100644 --- a/cyclonedx/validation/xml.py +++ b/cyclonedx/validation/xml.py @@ -1,3 +1,5 @@ +# This file is part of CycloneDX Python Library +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at diff --git a/docs/conf.py b/docs/conf.py index ebe26020..ffa0cd72 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -20,7 +20,7 @@ # The full version, including alpha/beta/rc tags # !! version is managed by semantic_release -release = '7.5.1' +release = '7.6.0' # -- General configuration --------------------------------------------------- diff --git a/docs/requirements.txt b/docs/requirements.txt index 7dc0b112..32780572 100644 --- a/docs/requirements.txt +++ b/docs/requirements.txt @@ -1,4 +1,4 @@ m2r2>=0.3.2 -sphinx>=7.2.6,<8 +sphinx>=7.2.6,<9 sphinx-autoapi>=3.0.0,<4 sphinx-rtd-theme>=2.0.0,<3 diff --git a/examples/complex_deserialize.py b/examples/complex_deserialize.py index e112a719..d139aa01 100644 --- a/examples/complex_deserialize.py +++ b/examples/complex_deserialize.py @@ -1,4 +1,4 @@ -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/examples/complex_serialize.py b/examples/complex_serialize.py index ccf47d76..477e7ee5 100644 --- a/examples/complex_serialize.py +++ b/examples/complex_serialize.py @@ -1,4 +1,4 @@ -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/pyproject.toml b/pyproject.toml index 95095fb1..d64d5298 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -5,7 +5,7 @@ build-backend = "poetry.core.masonry.api" [tool.poetry] name = "cyclonedx-python-lib" # !! version is managed by semantic_release -version = "7.5.1" +version = "7.6.0" description = "Python library for CycloneDX" authors = [ "Paul Horton ", @@ -82,18 +82,19 @@ xml-validation = ["lxml"] [tool.poetry.group.dev.dependencies] ddt = "1.7.2" -coverage = "7.6.0" -flake8 = { version="7.1.0", python=">=3.8.1" } +coverage = "7.6.1" +flake8 = { version="7.1.1", python=">=3.8.1" } flake8-annotations = { version="3.1.1", python=">=3.8.1" } -flake8-bugbear = { version="24.4.26", python=">=3.8.1" } +flake8-bugbear = { version="24.8.19", python=">=3.8.1" } +flake8-copyright-validator = "0.0.1" flake8-isort = "6.1.1" flake8-quotes = "3.4.0" flake8-use-fstring = "1.4" pep8-naming = "0.14.1" isort = "5.13.2" autopep8 = "2.3.1" -mypy = "1.11.0" -tox = "4.16.0" +mypy = "1.11.2" +tox = "4.18.1" xmldiff = "2.7.0" bandit = "1.7.9" diff --git a/tests/__init__.py b/tests/__init__.py index 02a82d2f..48760b1a 100644 --- a/tests/__init__.py +++ b/tests/__init__.py @@ -1,4 +1,4 @@ -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/tests/_data/__init__.py b/tests/_data/__init__.py index 308d97e7..671a2188 100644 --- a/tests/_data/__init__.py +++ b/tests/_data/__init__.py @@ -1,6 +1,4 @@ -# encoding: utf-8 - -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/tests/_data/models.py b/tests/_data/models.py index 150739a0..c0c092f1 100644 --- a/tests/_data/models.py +++ b/tests/_data/models.py @@ -1,4 +1,4 @@ -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/tests/test_component.py b/tests/test_component.py index 625863d0..05ee373f 100644 --- a/tests/test_component.py +++ b/tests/test_component.py @@ -1,4 +1,4 @@ -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/tests/test_deserialize_json.py b/tests/test_deserialize_json.py index 9c5ad40e..de4e3940 100644 --- a/tests/test_deserialize_json.py +++ b/tests/test_deserialize_json.py @@ -1,4 +1,4 @@ -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/tests/test_deserialize_xml.py b/tests/test_deserialize_xml.py index f2a3ad9c..ab5a990a 100644 --- a/tests/test_deserialize_xml.py +++ b/tests/test_deserialize_xml.py @@ -1,4 +1,4 @@ -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/tests/test_enums.py b/tests/test_enums.py index b0b35341..ee7f197a 100644 --- a/tests/test_enums.py +++ b/tests/test_enums.py @@ -1,3 +1,5 @@ +# This file is part of CycloneDX Python Library +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at diff --git a/tests/test_factory_license.py b/tests/test_factory_license.py index 05e6bd3a..f7fd7b99 100644 --- a/tests/test_factory_license.py +++ b/tests/test_factory_license.py @@ -1,4 +1,4 @@ -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/tests/test_model.py b/tests/test_model.py index 7b9ab794..50f0c893 100644 --- a/tests/test_model.py +++ b/tests/test_model.py @@ -1,4 +1,4 @@ -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -262,6 +262,23 @@ def test_hash_type_from_hashlib_alg_throws_on_unknown(self) -> None: HashAlgorithm.SHA_256, '806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b'), ('MD5', 'MD5:dc26cd71b80d6757139f38156a43c545', HashAlgorithm.MD5, 'dc26cd71b80d6757139f38156a43c545'), + ('sha3-256', 'sha3-256:f43909a5e6420ee26b710718f296c7be85ba393e6b218107811067f49ea80101', + HashAlgorithm.SHA3_256, 'f43909a5e6420ee26b710718f296c7be85ba393e6b218107811067f49ea80101'), + ('sha1', 'sha1:b82b9f695a3ae28053cb3776d2132ab625798055', + HashAlgorithm.SHA_1, 'b82b9f695a3ae28053cb3776d2132ab625798055'), + # Name format as used by 'openssl dgst and the Blake2 RFC' + ('blake2b512', + 'blake2b512:6d518ac5c7a022e954ecb21b8bf68d7f5c52e3c3579cd96f3bde4' + 'f76daaaa69a96a5eee268fb8fa2745930c37f0672424136b538878474bc4f586a63e13ae23f', + HashAlgorithm.BLAKE2B_512, + '6d518ac5c7a022e954ecb21b8bf68d7f5c52e3c3579cd96f3bde4f76daaaa69a' + '96a5eee268fb8fa2745930c37f0672424136b538878474bc4f586a63e13ae23f'), + ('blake2512', + 'blake2512:6d518ac5c7a022e954ecb21b8bf68d7f5c52e3c3579cd96f3bde4' + 'f76daaaa69a96a5eee268fb8fa2745930c37f0672424136b538878474bc4f586a63e13ae23f', + HashAlgorithm.BLAKE2B_512, + '6d518ac5c7a022e954ecb21b8bf68d7f5c52e3c3579cd96f3bde4f76daaaa69a' + '96a5eee268fb8fa2745930c37f0672424136b538878474bc4f586a63e13ae23f'), ) def test_hash_type_from_composite_str(self, composite: str, e_alg: HashAlgorithm, e_content: str) -> None: h = HashType.from_composite_str(composite) diff --git a/tests/test_model_bom.py b/tests/test_model_bom.py index 925846c7..60e22c69 100644 --- a/tests/test_model_bom.py +++ b/tests/test_model_bom.py @@ -1,4 +1,4 @@ -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/tests/test_model_bom_ref.py b/tests/test_model_bom_ref.py index 05047b92..ccdc9c73 100644 --- a/tests/test_model_bom_ref.py +++ b/tests/test_model_bom_ref.py @@ -1,4 +1,4 @@ -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/tests/test_model_component.py b/tests/test_model_component.py index 047eb342..c919a0e9 100644 --- a/tests/test_model_component.py +++ b/tests/test_model_component.py @@ -1,4 +1,4 @@ -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/tests/test_model_dependency.py b/tests/test_model_dependency.py index 1b0d2f64..77f68b79 100644 --- a/tests/test_model_dependency.py +++ b/tests/test_model_dependency.py @@ -1,4 +1,4 @@ -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/tests/test_model_issue.py b/tests/test_model_issue.py index 54816995..2ae4a666 100644 --- a/tests/test_model_issue.py +++ b/tests/test_model_issue.py @@ -1,4 +1,4 @@ -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/tests/test_model_license.py b/tests/test_model_license.py index 1ccfa534..11443e48 100644 --- a/tests/test_model_license.py +++ b/tests/test_model_license.py @@ -1,4 +1,4 @@ -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/tests/test_model_release_note.py b/tests/test_model_release_note.py index fbbb4e94..4bf6eca6 100644 --- a/tests/test_model_release_note.py +++ b/tests/test_model_release_note.py @@ -1,4 +1,4 @@ -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/tests/test_model_service.py b/tests/test_model_service.py index c4aeb356..c66c2521 100644 --- a/tests/test_model_service.py +++ b/tests/test_model_service.py @@ -1,4 +1,4 @@ -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/tests/test_model_vulnerability.py b/tests/test_model_vulnerability.py index aec56b74..e18f6003 100644 --- a/tests/test_model_vulnerability.py +++ b/tests/test_model_vulnerability.py @@ -1,4 +1,4 @@ -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/tests/test_output.py b/tests/test_output.py index ac3d52b4..9d13855b 100644 --- a/tests/test_output.py +++ b/tests/test_output.py @@ -1,4 +1,4 @@ -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/tests/test_output_json.py b/tests/test_output_json.py index 1c9509a3..4bcbe2a2 100644 --- a/tests/test_output_json.py +++ b/tests/test_output_json.py @@ -1,4 +1,4 @@ -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/tests/test_output_xml.py b/tests/test_output_xml.py index fd5ff365..ea69b901 100644 --- a/tests/test_output_xml.py +++ b/tests/test_output_xml.py @@ -1,4 +1,4 @@ -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/tests/test_real_world_examples.py b/tests/test_real_world_examples.py index cc60bf9b..757d33eb 100644 --- a/tests/test_real_world_examples.py +++ b/tests/test_real_world_examples.py @@ -1,4 +1,4 @@ -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/tests/test_schema_SchemaVersion.py b/tests/test_schema_SchemaVersion.py index 50e0c30c..0c7fab6f 100644 --- a/tests/test_schema_SchemaVersion.py +++ b/tests/test_schema_SchemaVersion.py @@ -1,4 +1,4 @@ -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/tests/test_schema__res.py b/tests/test_schema__res.py index 930d3709..0107949b 100644 --- a/tests/test_schema__res.py +++ b/tests/test_schema__res.py @@ -1,4 +1,4 @@ -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/tests/test_spdx.py b/tests/test_spdx.py index 6cf244ef..a174e5c0 100644 --- a/tests/test_spdx.py +++ b/tests/test_spdx.py @@ -1,4 +1,4 @@ -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/tests/test_validation.py b/tests/test_validation.py index 8755191a..7465cf78 100644 --- a/tests/test_validation.py +++ b/tests/test_validation.py @@ -1,4 +1,4 @@ -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/tests/test_validation_json.py b/tests/test_validation_json.py index 7a297189..1c9c4016 100644 --- a/tests/test_validation_json.py +++ b/tests/test_validation_json.py @@ -1,4 +1,4 @@ -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/tests/test_validation_xml.py b/tests/test_validation_xml.py index e5d91479..1e40f735 100644 --- a/tests/test_validation_xml.py +++ b/tests/test_validation_xml.py @@ -1,4 +1,4 @@ -# This file is part of CycloneDX Python Lib +# This file is part of CycloneDX Python Library # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/tools/schema-downloader.py b/tools/schema-downloader.py index 99def578..9292dd9e 100644 --- a/tools/schema-downloader.py +++ b/tools/schema-downloader.py @@ -1,3 +1,5 @@ +# This file is part of CycloneDX Python Library +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -11,6 +13,7 @@ # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 +# Copyright (c) OWASP Foundation. All Rights Reserved. import re from os.path import dirname, join