tests: regression tests for issue #328

Signed-off-by: Jan Kowalleck <[email protected]>

Author: jkowalleck

tests/data.py

@@ -42,7 +42,7 @@
     Tool,
     XsUri,
 )
-from cyclonedx.model.bom import Bom
+from cyclonedx.model.bom import Bom, BomMetaData
 from cyclonedx.model.component import (
     Commit,
     Component,
@@ -320,6 +320,10 @@ def get_bom_with_nested_services() -> Bom:
 
 
 def get_bom_for_issue_275_components() -> Bom:
+    """regression test for issue #275
+    see https://github.com/CycloneDX/cyclonedx-python-lib/issues/275
+    """
+
     app = Component(bom_ref=MOCK_UUID_1, name="app", version="1.0.0")
     comp_a = Component(bom_ref=MOCK_UUID_2, name="comp_a", version="1.0.0")
     comp_b = Component(bom_ref=MOCK_UUID_3, name="comp_b", version="1.0.0")
@@ -338,17 +342,44 @@ def get_bom_for_issue_275_components() -> Bom:
 
 
 # def get_bom_for_issue_275_services() -> Bom:
-#     app = Component(name="app", version="1.0.0")
-#     serv_a = Service(name='Service A')
-#     serv_b = Service(name='Service B')
-#     serv_c = Service(name='Service C')
+#    """regression test for issue #275
+#    see https://github.com/CycloneDX/cyclonedx-python-lib/issues/275
+#    """
+#    app = Component(name="app", version="1.0.0")
+#    serv_a = Service(name='Service A')
+#    serv_b = Service(name='Service B')
+#    serv_c = Service(name='Service C')
 #
-#     serv_b.services.add(serv_c)
-#     serv_b.dependencies.add(serv_c.bom_ref)
+#    serv_b.services.add(serv_c)
+#    serv_b.dependencies.add(serv_c.bom_ref)
 #
-#     bom = Bom(services=[serv_a, serv_b])
-#     bom.metadata.component = app
-#     return bom
+#    bom = Bom(services=[serv_a, serv_b])
+#    bom.metadata.component = app
+#    return bom
+
+
+def get_bom_for_issue_328_components() -> Bom:
+    """regression test for issue #328
+    see https://github.com/CycloneDX/cyclonedx-python-lib/issues/328
+    """
+
+    comp_root = Component(component_type=ComponentType.APPLICATION, name='my-project', version='1', bom_ref='my-project')
+    comp_a = Component(name='A', version='0.1', bom_ref='component-A')
+    comp_b = Component(name='B', version='1.0', bom_ref='component-B')
+    comp_c = Component(name='C', version='1.0', bom_ref='component-C')
+
+    # Make a tree of components A -> B -> C
+    comp_a.components = [comp_b]
+    comp_b.components = [comp_c]
+    # Declare dependencies the same way: A -> B -> C
+    comp_a.dependencies = [comp_b.bom_ref]
+    comp_b.dependencies = [comp_c.bom_ref]
+
+    bom = Bom()
+    bom.components = [comp_a]
+    Bom.metadata = BomMetaData(component=comp_root)
+    comp_root.dependencies = [comp_a.bom_ref]
+    return bom
 
 
 def get_component_setuptools_complete(include_pedigree: bool = True) -> Component:
@@ -376,7 +407,8 @@ def get_component_setuptools_complete(include_pedigree: bool = True) -> Componen
 
 
 def get_component_setuptools_simple(
-        bom_ref: Optional[str] = 'pkg:pypi/[email protected]?extension=tar.gz') -> Component:
+    bom_ref: Optional[str] = 'pkg:pypi/[email protected]?extension=tar.gz'
+) -> Component:
     return Component(
         name='setuptools', version='50.3.2',
         bom_ref=bom_ref,

tests/fixtures/json/1.2/bom_issue_328_components.json

@@ -0,0 +1,55 @@
+{
+    "$schema": "http://cyclonedx.org/schema/bom-1.2.schema.json",
+    "bomFormat": "CycloneDX",
+    "specVersion": "1.4",
+    "version": 1,
+    "metadata": {
+        "component": {
+            "type": "application",
+            "name": "my-project",
+            "version": "1",
+            "bom-ref": "my-project"
+        }
+    },
+    "components": [
+        {
+            "type": "library",
+            "name": "A",
+            "version": "0.1",
+            "bom-ref": "component-A",
+            "components": [
+                {
+                    "type": "library",
+                    "name": "B",
+                    "version": "1.0",
+                    "bom-ref": "component-B",
+                    "components": [
+                        {
+                            "type": "library",
+                            "name": "C",
+                            "version": "1.0",
+                            "bom-ref": "component-C"
+                        }
+                    ]
+                }
+            ]
+        }
+    ],
+    "dependencies": [
+        {
+            "ref": "my-project",
+            "dependsOn": ["component-A"]
+        },
+        {
+            "ref": "component-A",
+            "dependsOn": ["component-B"]
+        },
+        {
+            "ref": "component-B",
+            "dependsOn": ["component-C"]
+        },
+        {
+            "ref": "component-C"
+        }
+    ]
+}

tests/fixtures/json/1.3/bom_issue_328_components.json

@@ -0,0 +1,55 @@
+{
+    "$schema": "http://cyclonedx.org/schema/bom-1.3.schema.json",
+    "bomFormat": "CycloneDX",
+    "specVersion": "1.4",
+    "version": 1,
+    "metadata": {
+        "component": {
+            "type": "application",
+            "name": "my-project",
+            "version": "1",
+            "bom-ref": "my-project"
+        }
+    },
+    "components": [
+        {
+            "type": "library",
+            "name": "A",
+            "version": "0.1",
+            "bom-ref": "component-A",
+            "components": [
+                {
+                    "type": "library",
+                    "name": "B",
+                    "version": "1.0",
+                    "bom-ref": "component-B",
+                    "components": [
+                        {
+                            "type": "library",
+                            "name": "C",
+                            "version": "1.0",
+                            "bom-ref": "component-C"
+                        }
+                    ]
+                }
+            ]
+        }
+    ],
+    "dependencies": [
+        {
+            "ref": "my-project",
+            "dependsOn": ["component-A"]
+        },
+        {
+            "ref": "component-A",
+            "dependsOn": ["component-B"]
+        },
+        {
+            "ref": "component-B",
+            "dependsOn": ["component-C"]
+        },
+        {
+            "ref": "component-C"
+        }
+    ]
+}

tests/fixtures/json/1.4/bom_issue_328_components.json

@@ -0,0 +1,55 @@
+{
+    "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json",
+    "bomFormat": "CycloneDX",
+    "specVersion": "1.4",
+    "version": 1,
+    "metadata": {
+        "component": {
+            "type": "application",
+            "name": "my-project",
+            "version": "1",
+            "bom-ref": "my-project"
+        }
+    },
+    "components": [
+        {
+            "type": "library",
+            "name": "A",
+            "version": "0.1",
+            "bom-ref": "component-A",
+            "components": [
+                {
+                    "type": "library",
+                    "name": "B",
+                    "version": "1.0",
+                    "bom-ref": "component-B",
+                    "components": [
+                        {
+                            "type": "library",
+                            "name": "C",
+                            "version": "1.0",
+                            "bom-ref": "component-C"
+                        }
+                    ]
+                }
+            ]
+        }
+    ],
+    "dependencies": [
+        {
+            "ref": "my-project",
+            "dependsOn": ["component-A"]
+        },
+        {
+            "ref": "component-A",
+            "dependsOn": ["component-B"]
+        },
+        {
+            "ref": "component-B",
+            "dependsOn": ["component-C"]
+        },
+        {
+            "ref": "component-C"
+        }
+    ]
+}

tests/fixtures/xml/1.0/bom_issue_328_components.xml

@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<bom xmlns="http://cyclonedx.org/schema/bom/1.0" version="1">
+    <components>
+        <component type="library">
+            <name>A</name>
+            <version>0.1</version>
+            <modified>false</modified>
+        </component>
+    </components>
+</bom>

tests/fixtures/xml/1.1/bom_issue_328_components.xml

@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<bom xmlns="http://cyclonedx.org/schema/bom/1.1" version="1">
+    <components>
+        <component type="library" bom-ref="component-A">
+            <name>A</name>
+            <version>0.1</version>
+            <components>
+                <component type="library" bom-ref="component-B">
+                    <name>B</name>
+                    <version>1.0</version>
+                    <components>
+                        <component type="library" bom-ref="component-C">
+                            <name>C</name>
+                            <version>1.0</version>
+                        </component>
+                    </components>
+                </component>
+            </components>
+        </component>
+    </components>
+</bom>

tests/fixtures/xml/1.2/bom_issue_328_components.xml

@@ -0,0 +1,39 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<bom xmlns="http://cyclonedx.org/schema/bom/1.2" version="1">
+    <metadata>
+        <component type="application" bom-ref="my-project">
+            <name>my-project</name>
+            <version>1</version>
+        </component>
+    </metadata>
+    <components>
+        <component type="library" bom-ref="component-A">
+            <name>A</name>
+            <version>0.1</version>
+            <components>
+                <component type="library" bom-ref="component-B">
+                    <name>B</name>
+                    <version>1.0</version>
+                    <components>
+                        <component type="library" bom-ref="component-C">
+                            <name>C</name>
+                            <version>1.0</version>
+                        </component>
+                    </components>
+                </component>
+            </components>
+        </component>
+    </components>
+    <dependencies>
+        <dependency ref="my-project">
+            <dependency ref="component-A" />
+        </dependency>
+        <dependency ref="component-A">
+            <dependency ref="component-B" />
+        </dependency>
+        <dependency ref="component-B">
+            <dependency ref="component-C" />
+        </dependency>
+        <dependency ref="component-C" />
+    </dependencies>
+</bom>

tests/fixtures/xml/1.3/bom_issue_328_components.xml

@@ -0,0 +1,39 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<bom xmlns="http://cyclonedx.org/schema/bom/1.3" version="1">
+    <metadata>
+        <component type="application" bom-ref="my-project">
+            <name>my-project</name>
+            <version>1</version>
+        </component>
+    </metadata>
+    <components>
+        <component type="library" bom-ref="component-A">
+            <name>A</name>
+            <version>0.1</version>
+            <components>
+                <component type="library" bom-ref="component-B">
+                    <name>B</name>
+                    <version>1.0</version>
+                    <components>
+                        <component type="library" bom-ref="component-C">
+                            <name>C</name>
+                            <version>1.0</version>
+                        </component>
+                    </components>
+                </component>
+            </components>
+        </component>
+    </components>
+    <dependencies>
+        <dependency ref="my-project">
+            <dependency ref="component-A" />
+        </dependency>
+        <dependency ref="component-A">
+            <dependency ref="component-B" />
+        </dependency>
+        <dependency ref="component-B">
+            <dependency ref="component-C" />
+        </dependency>
+        <dependency ref="component-C" />
+    </dependencies>
+</bom>