Adding tests for new functionality

I don't know if this is the best way, but the tests transit the
the new functionality; both serialize and deserialize.

And some linting cleanup

Author: jkugler

cyclonedx/model/bom.py

@@ -18,7 +18,7 @@
 
 from datetime import datetime
 from itertools import chain
-from typing import TYPE_CHECKING, Any, AnyStr, Dict, Generator, Iterable, Optional, Union
+from typing import TYPE_CHECKING, Generator, Iterable, Optional, Union
 from uuid import UUID, uuid4
 from warnings import warn
 
@@ -27,7 +27,6 @@
 
 from .._internal.time import get_now_utc as _get_now_utc
 from ..exception.model import LicenseExpressionAlongWithOthersException, UnknownComponentDependencyException
-from .tool import Tool, ToolsRepository, ToolsRepositoryHelper
 from ..schema.schema import (
     SchemaVersion1Dot0,
     SchemaVersion1Dot1,
@@ -45,6 +44,7 @@
 from .dependency import Dependable, Dependency
 from .license import License, LicenseExpression, LicenseRepository
 from .service import Service
+from .tool import Tool, ToolsRepository, ToolsRepositoryHelper
 from .vulnerability import Vulnerability
 
 if TYPE_CHECKING:  # pragma: no cover
@@ -60,7 +60,7 @@ class BomMetaData:
         See the CycloneDX Schema for Bom metadata: https://cyclonedx.org/docs/1.5/#type_metadata
     """
 
-    def __init__(self, *, tools: Optional[Union[Iterable[Tool], Dict[AnyStr, Any]]] = None,
+    def __init__(self, *, tools: Optional[Union[Iterable[Tool], ToolsRepository]] = None,
                  authors: Optional[Iterable[OrganizationalContact]] = None, component: Optional[Component] = None,
                  supplier: Optional[OrganizationalEntity] = None,
                  licenses: Optional[Iterable[License]] = None,

cyclonedx/model/tool.py

@@ -178,7 +178,7 @@ def __bool__(self) -> bool:
         return any([self._tools, self._components, self._services])
 
     @property
-    def components(self) -> Iterable[Component]:
+    def components(self) -> SortedSet[Component]:
         """
         Returns:
             A SortedSet of Components
@@ -196,7 +196,7 @@ def components(self, components: Iterable[Component]) -> None:
         self._components = SortedSet(components)
 
     @property
-    def services(self) -> Iterable[Service]:
+    def services(self) -> SortedSet[Service]:
         """
         Returns:
             A SortedSet of Services
@@ -240,9 +240,6 @@ def json_normalize(cls, o: ToolsRepository, *,
         if not any([o._tools, o.components, o.services]):  # pylint: disable=protected-access
             return None
 
-        if o._tools:  # pylint: disable=protected-access
-            return [json_loads(Tool.as_json(t, view_=view)) for t in o]  # type: ignore[attr-defined]
-
         result = {}
 
         if o.components:
@@ -253,7 +250,10 @@ def json_normalize(cls, o: ToolsRepository, *,
             result['services'] = [json_loads(Service.as_json(s, view_=view))  # type: ignore[attr-defined]
                                   for s in o.services]
 
-        return result
+        if result:
+            return result
+
+        return [json_loads(Tool.as_json(t, view_=view)) for t in o]  # type: ignore[attr-defined]
 
     @classmethod
     def json_denormalize(cls, o: Union[List[Dict[str, Any]], Dict[str, Any]],
@@ -291,31 +291,37 @@ def xml_normalize(cls, o: ToolsRepository, *,
 
         elem = Element(element_name)
 
-        if o._tools:  # pylint: disable=protected-access
-            elem.extend(
-                t.as_xml(  # type: ignore[attr-defined]
-                    view_=view, as_string=False, element_name='tool', xmlns=xmlns)
-                for t in o
-            )
-
         if o.components:
-            c_elem = Element('components')
+            c_elem = Element('{' + xmlns + '}' + 'components')  # type: ignore[operator]
 
             c_elem.extend(
                 c.as_xml(  # type: ignore[attr-defined]
                     view_=view, as_string=False, element_name='component', xmlns=xmlns)
                 for c in o.components
             )
 
+            elem.append(c_elem)
+
         if o.services:
-            s_elem = Element('services')
+            s_elem = Element('{' + xmlns + '}' + 'services')  # type: ignore[operator]
 
             s_elem.extend(
                 s.as_xml(  # type: ignore[attr-defined]
-                    view_=view, as_string=False, element_name='services', xmlns=xmlns)
+                    view_=view, as_string=False, element_name='service', xmlns=xmlns)
                 for s in o.services
             )
 
+            elem.append(s_elem)
+
+        if len(elem) > 0:
+            return elem
+
+        elem.extend(
+            t.as_xml(  # type: ignore[attr-defined]
+                view_=view, as_string=False, element_name='tool', xmlns=xmlns)
+            for t in o
+        )
+
         return elem
 
     @classmethod

cyclonedx/model/vulnerability.py

@@ -53,6 +53,7 @@
 )
 from .tool import Tool, ToolsRepository, ToolsRepositoryHelper
 
+
 @serializable.serializable_class
 class BomTargetVersionRange:
     """
@@ -917,7 +918,7 @@ def __init__(self, *,
                  properties: Optional[Iterable[Property]] = None
                  ) -> None:
         if isinstance(bom_ref, BomRef):
-            self._bom_ref = bom_ref
+            self._bom_ref: BomRef = bom_ref
         else:
             self._bom_ref = BomRef(value=str(bom_ref) if bom_ref else None)
         self.id = id

tests/test_model.py

@@ -40,7 +40,6 @@
     Note,
     NoteText,
     Property,
-    Tool,
     XsUri,
 )
 from cyclonedx.model.contact import OrganizationalContact
@@ -546,22 +545,3 @@ def test_sort(self) -> None:
         sorted_props = sorted(props)
         expected_props = reorder(props, expected_order)
         self.assertListEqual(sorted_props, expected_props)
-
-
-class TestModelTool(TestCase):
-
-    def test_sort(self) -> None:
-        # expected sort order: (vendor, name, version)
-        expected_order = [0, 1, 2, 3, 4, 5, 6]
-        tools = [
-            Tool(vendor='a', name='a', version='1.0.0'),
-            Tool(vendor='a', name='a', version='2.0.0'),
-            Tool(vendor='a', name='b', version='1.0.0'),
-            Tool(vendor='a', name='b'),
-            Tool(vendor='b', name='a'),
-            Tool(vendor='b', name='b', version='1.0.0'),
-            Tool(name='b'),
-        ]
-        sorted_tools = sorted(tools)
-        expected_tools = reorder(tools, expected_order)
-        self.assertListEqual(sorted_tools, expected_tools)

tests/test_model_tool.py

@@ -0,0 +1,124 @@
+import io
+from json import loads as json_loads
+from unittest import TestCase
+
+from cyclonedx.model.bom import Bom
+from cyclonedx.model.component import Component, ComponentType
+from cyclonedx.model.service import Service
+from cyclonedx.model.tool import Tool
+from cyclonedx.output.json import JsonV1Dot5
+from cyclonedx.output.xml import XmlV1Dot5
+from tests import reorder
+
+
+class TestModelTool(TestCase):
+
+    def test_sort(self) -> None:
+        # expected sort order: (vendor, name, version)
+        expected_order = [0, 1, 2, 3, 4, 5, 6]
+        tools = [
+            Tool(vendor='a', name='a', version='1.0.0'),
+            Tool(vendor='a', name='a', version='2.0.0'),
+            Tool(vendor='a', name='b', version='1.0.0'),
+            Tool(vendor='a', name='b'),
+            Tool(vendor='b', name='a'),
+            Tool(vendor='b', name='b', version='1.0.0'),
+            Tool(name='b'),
+        ]
+        sorted_tools = sorted(tools)
+        expected_tools = reorder(tools, expected_order)
+        self.assertListEqual(sorted_tools, expected_tools)
+
+    def test_tool_with_component_and_service_load_json(self) -> None:
+        # test_file = join(OWN_DATA_DIRECTORY, 'json', '1.5', 'tools_with_components_and_services.json')
+        bom_json = """
+            {
+                "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
+                "bomFormat": "CycloneDX",
+                "specVersion": "1.5",
+                "serialNumber": "urn:uuid:60bd7113-edac-4277-a518-88d84aef2399",
+                "version": 1337,
+                "metadata": {
+                    "tools": {
+                        "components": [
+                            {
+                                "type": "application",
+                                "author": "anchore",
+                                "name": "syft",
+                                "version": "1.4.1"
+                            }
+                        ],
+                        "services": [
+                            {
+                                "name": "testing-service"
+                            }
+                        ]
+                    },
+                    "component": {
+                        "type": "file",
+                        "name": "Testing tools with components and services"
+                    }
+                }
+            }
+        """
+        bom = Bom.from_json(json_loads(bom_json))   # type: ignore[attr-defined]
+        self.assertEqual(bom.metadata.tools.components[0].type, 'application')
+        self.assertEqual(bom.metadata.tools.components[0].name, 'syft')
+        self.assertEqual(bom.metadata.tools.services[0].name, 'testing-service')
+
+    def test_tool_with_component_and_service_render_json(self) -> None:
+        bom = Bom()
+        bom.metadata.tools.components.add(Component(type=ComponentType.APPLICATION, author='adobe',
+                                                    name='test-component', version='1.2.3'))
+        bom.metadata.tools.services.add(Service(name='test-service'))
+        out = json_loads(JsonV1Dot5(bom).output_as_string())
+        self.assertEqual(out['metadata']['tools']['components'][0]['name'], 'test-component')
+        self.assertEqual(out['metadata']['tools']['services'][0]['name'], 'test-service')
+
+    def test_tool_with_component_and_service_load_xml(self) -> None:
+        bom_xml = io.StringIO("""<?xml version="1.0" ?>
+                    <bom xmlns="http://cyclonedx.org/schema/bom/1.5" serialNumber="urn:uuid:f9dbe3d0-53ee-485d-96ae-1d4dce7deea2" version="1">
+                        <metadata>
+                            <timestamp>2024-06-20T22:49:51.530453+00:00</timestamp>
+                            <tools>
+                                <components>
+                                    <component type="application" bom-ref="None">
+                                    <author>adobe</author>
+                                    <name>test-component</name>
+                                    <version>1.2.3</version>
+                                    </component>
+                                </components>
+                                <services>
+                                    <service bom-ref="None">
+                                    <name>test-service</name>
+                                    </service>
+                                </services>
+                            </tools>
+                        </metadata>
+                    </bom>
+        """)  # noqa: E501
+        bom = Bom.from_xml(bom_xml)   # type: ignore[attr-defined]
+        self.assertEqual(bom.metadata.tools.components[0].type, 'application')
+        self.assertEqual(bom.metadata.tools.components[0].name, 'test-component')
+        self.assertEqual(bom.metadata.tools.services[0].name, 'test-service')
+
+    def test_tool_with_componet_and_service_render_xml(self) -> None:
+        bom = Bom()
+        bom.metadata.tools.components.add(Component(type=ComponentType.APPLICATION, author='adobe',
+                                                    name='test-component', version='1.2.3'))
+        bom.metadata.tools.services.add(Service(name='test-service'))
+        out = XmlV1Dot5(bom).output_as_string(indent=2)
+        self.assertIn("""   <tools>
+      <components>
+        <component type="application" bom-ref="None">
+          <author>adobe</author>
+          <name>test-component</name>
+          <version>1.2.3</version>
+        </component>
+      </components>
+      <services>
+        <service bom-ref="None">
+          <name>test-service</name>
+        </service>
+      </services>
+    </tools>""", out)