hoppr-cyclonedx-models 0.6.1__tar.gz → 0.6.2__tar.gz

{hoppr_cyclonedx_models-0.6.1 → hoppr_cyclonedx_models-0.6.2}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: hoppr-cyclonedx-models
-Version: 0.6.1
+Version: 0.6.2
 Summary: CycloneDX Pydantic models for easy use in your Python project.
 License: MIT
 License-File: LICENSE

{hoppr_cyclonedx_models-0.6.1 → hoppr_cyclonedx_models-0.6.2}/hoppr_cyclonedx_models/__init__.py

@@ -81,4 +81,4 @@ class Sbom(Sbom_1_5, Sbom_1_4, Sbom_1_3):  # pylint: disable=too-few-public-meth
         return Sbom_1_5(**sbom).dict(exclude_none=True, exclude_unset=True)
 
 
-__version__ = "0.6.1"
+__version__ = "0.6.2"

{hoppr_cyclonedx_models-0.6.1 → hoppr_cyclonedx_models-0.6.2}/hoppr_cyclonedx_models/cyclonedx_1_3.py

@@ -1,6 +1,6 @@
 """
 --------------------------------------------------------------------------------
-SPDX-FileCopyrightText: Copyright © 2025 Lockheed Martin <open.source@lmco.com>
+SPDX-FileCopyrightText: Copyright © 2024 Lockheed Martin <open.source@lmco.com>
 SPDX-FileName: hoppr_cyclonedx_models/cyclonedx_1_3.py
 SPDX-FileType: SOURCE
 SPDX-License-Identifier: MIT
@@ -25,15 +25,15 @@ THE SOFTWARE.
 --------------------------------------------------------------------------------
 This file was generated by datamodel-codegen:
   filename:  bom-1.3.schema.json
-  timestamp: 2025-09-17T19:02:47+00:00
-  version:   0.25.7
+  timestamp: 2024-07-15T17:53:40+00:00
+  version:   0.21.5
 """
 
 from __future__ import annotations
 
 from datetime import datetime
 from enum import Enum
-from typing import List, Optional, Union
+from typing import List, Optional
 
 from pydantic import EmailStr, Field
 from typing_extensions import Annotated, Literal
@@ -390,48 +390,19 @@ class Hash(CycloneDXBaseModel):
     ]
 
 
-class License1(CycloneDXBaseModel):
-    id: Annotated[
-        spdx.LicenseID, Field(description="A valid SPDX license ID", examples=["Apache-2.0"], title="License ID (SPDX)")
-    ]
-    name: Annotated[
-        Optional[str],
-        Field(
-            description="If SPDX does not define the license used, this field may be used to provide the license name",
-            examples=["Acme Software License"],
-            title="License Name",
-        ),
-    ] = None
-    text: Annotated[
-        Optional[Attachment],
-        Field(description="An optional way to include the textual content of a license.", title="License text"),
-    ] = None
-    url: Annotated[
-        Optional[str],
-        Field(
-            description=(
-                "The URL to the license file. If specified, a 'license' externalReference should also be specified for"
-                " completeness"
-            ),
-            examples=["https://www.apache.org/licenses/LICENSE-2.0.txt"],
-            title="License URL",
-        ),
-    ] = None
-
-
-class License2(CycloneDXBaseModel):
+class License(CycloneDXBaseModel):
     id: Annotated[
         Optional[spdx.LicenseID],
         Field(description="A valid SPDX license ID", examples=["Apache-2.0"], title="License ID (SPDX)"),
     ] = None
     name: Annotated[
-        str,
+        Optional[str],
         Field(
             description="If SPDX does not define the license used, this field may be used to provide the license name",
             examples=["Acme Software License"],
             title="License Name",
         ),
-    ]
+    ] = None
     text: Annotated[
         Optional[Attachment],
         Field(description="An optional way to include the textual content of a license.", title="License text"),
@@ -449,8 +420,8 @@ class License2(CycloneDXBaseModel):
     ] = None
 
 
-class LicenseChoice1(CycloneDXBaseModel):
-    license: Annotated[Union[License1, License2], Field(title="License Object")]
+class LicenseChoice(CycloneDXBaseModel):
+    license: Optional[License] = None
     expression: Annotated[
         Optional[str],
         Field(
@@ -460,17 +431,6 @@ class LicenseChoice1(CycloneDXBaseModel):
     ] = None
 
 
-class LicenseChoice2(CycloneDXBaseModel):
-    license: Annotated[Optional[Union[License1, License2]], Field(title="License Object")] = None
-    expression: Annotated[
-        str,
-        Field(
-            examples=["Apache-2.0 AND (MIT OR GPL-2.0-only)", "GPL-3.0-only WITH Classpath-exception-2.0"],
-            title="SPDX License Expression",
-        ),
-    ]
-
-
 class Commit(CycloneDXBaseModel):
     """
     Specifies an individual commit
@@ -567,9 +527,7 @@ class ComponentEvidence(CycloneDXBaseModel):
     Provides the ability to document evidence collected through various forms of extraction or analysis.
     """
 
-    licenses: Annotated[
-        Optional[List[Union[LicenseChoice1, LicenseChoice2]]], Field(title="Component License(s)")
-    ] = None
+    licenses: Annotated[Optional[List[LicenseChoice]], Field(title="Component License(s)")] = None
     copyright: Annotated[Optional[List[Copyright]], Field(title="Copyright")] = None
 
 
@@ -704,9 +662,7 @@ class Service(CycloneDXBaseModel):
         Optional[List[DataClassification]],
         Field(description="Specifies the data classification.", title="Data Classification"),
     ] = None
-    licenses: Annotated[
-        Optional[List[Union[LicenseChoice1, LicenseChoice2]]], Field(title="Component License(s)")
-    ] = None
+    licenses: Annotated[Optional[List[LicenseChoice]], Field(title="Component License(s)")] = None
     externalReferences: Annotated[Optional[List[ExternalReference]], Field(title="External References")] = None
     services: Annotated[Optional[List[Service]], Field(title="Services")] = None
     properties: Annotated[
@@ -851,7 +807,7 @@ class Metadata(CycloneDXBaseModel):
             title="Supplier",
         ),
     ] = None
-    licenses: Annotated[Optional[List[Union[LicenseChoice1, LicenseChoice2]]], Field(title="BOM License(s)")] = None
+    licenses: Annotated[Optional[List[LicenseChoice]], Field(title="BOM License(s)")] = None
     properties: Annotated[
         Optional[List[Property]],
         Field(
@@ -1045,9 +1001,7 @@ class Component(CycloneDXBaseModel):
         ),
     ] = Scope.required
     hashes: Annotated[Optional[List[Hash]], Field(title="Component Hashes")] = None
-    licenses: Annotated[
-        Optional[List[Union[LicenseChoice1, LicenseChoice2]]], Field(title="Component License(s)")
-    ] = None
+    licenses: Annotated[Optional[List[LicenseChoice]], Field(title="Component License(s)")] = None
     copyright: Annotated[
         Optional[str],
         Field(

{hoppr_cyclonedx_models-0.6.1 → hoppr_cyclonedx_models-0.6.2}/hoppr_cyclonedx_models/cyclonedx_1_4.py

@@ -1,6 +1,6 @@
 """
 --------------------------------------------------------------------------------
-SPDX-FileCopyrightText: Copyright © 2025 Lockheed Martin <open.source@lmco.com>
+SPDX-FileCopyrightText: Copyright © 2024 Lockheed Martin <open.source@lmco.com>
 SPDX-FileName: hoppr_cyclonedx_models/cyclonedx_1_4.py
 SPDX-FileType: SOURCE
 SPDX-License-Identifier: MIT
@@ -25,8 +25,8 @@ THE SOFTWARE.
 --------------------------------------------------------------------------------
 This file was generated by datamodel-codegen:
   filename:  bom-1.4.schema.json
-  timestamp: 2025-09-17T19:02:47+00:00
-  version:   0.25.7
+  timestamp: 2024-07-15T17:53:40+00:00
+  version:   0.21.5
 """
 
 from __future__ import annotations
@@ -504,6 +504,19 @@ class Advisory(CycloneDXBaseModel):
     url: Annotated[str, Field(description="Location where the advisory can be obtained.", title="URL")]
 
 
+Cwe = Annotated[
+    int,
+    Field(
+        description=(
+            "Integer representation of a Common Weaknesses Enumerations (CWE). For example 399 (of"
+            " https://cwe.mitre.org/data/definitions/399.html)"
+        ),
+        ge=1,
+        title="CWE",
+    ),
+]
+
+
 class Severity(Enum):
     """
     Textual representation of the severity of the vulnerability adopted by the analysis method. If the analysis method uses values other than what is provided, the user is expected to translate appropriately.
@@ -699,6 +712,18 @@ class Analysis(CycloneDXBaseModel):
     ] = None
 
 
+class Affect(CycloneDXBaseModel):
+    class Config:
+        extra = Extra.forbid
+
+    ref: Annotated[
+        str, Field(description="References a component or service by the objects bom-ref", title="Reference")
+    ]
+    versions: Annotated[
+        Optional[List], Field(description="Zero or more individual versions or range of versions.", title="Versions")
+    ] = None
+
+
 class AffectedStatus(Enum):
     """
     The vulnerability status of a given version or range of versions of a product. The statuses 'affected' and 'unaffected' indicate that the version is affected or unaffected by the vulnerability. The status 'unknown' indicates that it is unknown or unspecified whether the given version is affected. There can be many reasons for an 'unknown' status, including that an investigation has not been undertaken or that a vendor has not disclosed the status.
@@ -716,7 +741,25 @@ class AffectedStatus(Enum):
         return next((member for member in cls if member.name in {str(value), str(value).upper()}), None)
 
 
-class Algorithm(Enum):
+Version = Annotated[
+    str, Field(description="A single version of a component or service.", max_length=1024, min_length=1)
+]
+
+
+Range = Annotated[
+    str,
+    Field(
+        description=(
+            "A version range specified in Package URL Version Range syntax (vers) which is defined at"
+            " https://github.com/package-url/purl-spec/VERSION-RANGE-SPEC.rst"
+        ),
+        max_length=1024,
+        min_length=1,
+    ),
+]
+
+
+class AlgorithmEnum(Enum):
     """
     Signature algorithm. The currently recognized JWA [RFC7518] and RFC8037 [RFC8037] asymmetric key algorithms. Note: Unlike RFC8037 [RFC8037] JSF requires explicit Ed* algorithm names instead of "EdDSA".
     """
@@ -834,39 +877,7 @@ class Hash(CycloneDXBaseModel):
     ]
 
 
-class License1(CycloneDXBaseModel):
-    class Config:
-        extra = Extra.forbid
-
-    id: Annotated[
-        spdx.LicenseID, Field(description="A valid SPDX license ID", examples=["Apache-2.0"], title="License ID (SPDX)")
-    ]
-    name: Annotated[
-        Optional[str],
-        Field(
-            description="If SPDX does not define the license used, this field may be used to provide the license name",
-            examples=["Acme Software License"],
-            title="License Name",
-        ),
-    ] = None
-    text: Annotated[
-        Optional[Attachment],
-        Field(description="An optional way to include the textual content of a license.", title="License text"),
-    ] = None
-    url: Annotated[
-        Optional[str],
-        Field(
-            description=(
-                "The URL to the license file. If specified, a 'license' externalReference should also be specified for"
-                " completeness"
-            ),
-            examples=["https://www.apache.org/licenses/LICENSE-2.0.txt"],
-            title="License URL",
-        ),
-    ] = None
-
-
-class License2(CycloneDXBaseModel):
+class License(CycloneDXBaseModel):
     class Config:
         extra = Extra.forbid
 
@@ -875,13 +886,13 @@ class License2(CycloneDXBaseModel):
         Field(description="A valid SPDX license ID", examples=["Apache-2.0"], title="License ID (SPDX)"),
     ] = None
     name: Annotated[
-        str,
+        Optional[str],
         Field(
             description="If SPDX does not define the license used, this field may be used to provide the license name",
             examples=["Acme Software License"],
             title="License Name",
         ),
-    ]
+    ] = None
     text: Annotated[
         Optional[Attachment],
         Field(description="An optional way to include the textual content of a license.", title="License text"),
@@ -899,11 +910,11 @@ class License2(CycloneDXBaseModel):
     ] = None
 
 
-class LicenseChoice1(CycloneDXBaseModel):
+class LicenseChoice(CycloneDXBaseModel):
     class Config:
         extra = Extra.forbid
 
-    license: Annotated[Union[License1, License2], Field(title="License Object")]
+    license: Optional[License] = None
     expression: Annotated[
         Optional[str],
         Field(
@@ -913,20 +924,6 @@ class LicenseChoice1(CycloneDXBaseModel):
     ] = None
 
 
-class LicenseChoice2(CycloneDXBaseModel):
-    class Config:
-        extra = Extra.forbid
-
-    license: Annotated[Optional[Union[License1, License2]], Field(title="License Object")] = None
-    expression: Annotated[
-        str,
-        Field(
-            examples=["Apache-2.0 AND (MIT OR GPL-2.0-only)", "GPL-3.0-only WITH Classpath-exception-2.0"],
-            title="SPDX License Expression",
-        ),
-    ]
-
-
 class Commit(CycloneDXBaseModel):
     """
     Specifies an individual commit
@@ -1069,9 +1066,7 @@ class ComponentEvidence(CycloneDXBaseModel):
     class Config:
         extra = Extra.forbid
 
-    licenses: Annotated[
-        Optional[List[Union[LicenseChoice1, LicenseChoice2]]], Field(title="Component License(s)")
-    ] = None
+    licenses: Annotated[Optional[List[LicenseChoice]], Field(title="Component License(s)")] = None
     copyright: Annotated[Optional[List[Copyright]], Field(title="Copyright")] = None
 
 
@@ -1130,70 +1125,11 @@ class Credits(CycloneDXBaseModel):
     ] = None
 
 
-class Versions(CycloneDXBaseModel):
-    class Config:
-        extra = Extra.forbid
-
-    version: Annotated[
-        str, Field(description="A single version of a component or service.", max_length=1024, min_length=1)
-    ]
-    range: Annotated[
-        Optional[str],
-        Field(
-            description=(
-                "A version range specified in Package URL Version Range syntax (vers) which is defined at"
-                " https://github.com/package-url/purl-spec/VERSION-RANGE-SPEC.rst"
-            ),
-            max_length=1024,
-            min_length=1,
-        ),
-    ] = None
-    status: Annotated[
-        Optional[AffectedStatus], Field(description="The vulnerability status for the version or range of versions.")
-    ] = AffectedStatus.affected
-
-
-class Versions1(CycloneDXBaseModel):
-    class Config:
-        extra = Extra.forbid
-
-    version: Annotated[
-        Optional[str], Field(description="A single version of a component or service.", max_length=1024, min_length=1)
-    ] = None
-    range: Annotated[
-        str,
-        Field(
-            description=(
-                "A version range specified in Package URL Version Range syntax (vers) which is defined at"
-                " https://github.com/package-url/purl-spec/VERSION-RANGE-SPEC.rst"
-            ),
-            max_length=1024,
-            min_length=1,
-        ),
-    ]
-    status: Annotated[
-        Optional[AffectedStatus], Field(description="The vulnerability status for the version or range of versions.")
-    ] = AffectedStatus.affected
-
-
-class Affect(CycloneDXBaseModel):
-    class Config:
-        extra = Extra.forbid
-
-    ref: Annotated[
-        str, Field(description="References a component or service by the objects bom-ref", title="Reference")
-    ]
-    versions: Annotated[
-        Optional[List[Union[Versions, Versions1]]],
-        Field(description="Zero or more individual versions or range of versions.", title="Versions"),
-    ] = None
-
-
 class Signer(CycloneDXBaseModel):
     class Config:
         extra = Extra.forbid
 
-    algorithm: Union[Algorithm, AnyUrl]
+    algorithm: Union[AlgorithmEnum, AnyUrl]
     keyId: Annotated[
         Optional[str],
         Field(description="Optional. Application specific string identifying the signature key.", title="Key ID"),
@@ -1309,14 +1245,13 @@ class Vulnerability(CycloneDXBaseModel):
         Optional[List[Rating]], Field(description="List of vulnerability ratings", title="Ratings")
     ] = None
     cwes: Annotated[
-        Optional[List[int]],
+        Optional[List[Cwe]],
         Field(
             description=(
                 "List of Common Weaknesses Enumerations (CWEs) codes that describes this vulnerability. For example 399"
                 " (of https://cwe.mitre.org/data/definitions/399.html)"
             ),
             examples=[399],
-            ge=1,
             title="CWEs",
         ),
     ] = None
@@ -1505,9 +1440,7 @@ class Service(CycloneDXBaseModel):
         Optional[List[DataClassification]],
         Field(description="Specifies the data classification.", title="Data Classification"),
     ] = None
-    licenses: Annotated[
-        Optional[List[Union[LicenseChoice1, LicenseChoice2]]], Field(title="Component License(s)")
-    ] = None
+    licenses: Annotated[Optional[List[LicenseChoice]], Field(title="Component License(s)")] = None
     externalReferences: Annotated[
         Optional[List[ExternalReference]],
         Field(
@@ -1758,7 +1691,7 @@ class Metadata(CycloneDXBaseModel):
             title="Supplier",
         ),
     ] = None
-    licenses: Annotated[Optional[List[Union[LicenseChoice1, LicenseChoice2]]], Field(title="BOM License(s)")] = None
+    licenses: Annotated[Optional[List[LicenseChoice]], Field(title="BOM License(s)")] = None
     properties: Annotated[
         Optional[List[Property]],
         Field(
@@ -1986,9 +1919,7 @@ class Component(CycloneDXBaseModel):
         ),
     ] = Scope.required
     hashes: Annotated[Optional[List[Hash]], Field(title="Component Hashes")] = None
-    licenses: Annotated[
-        Optional[List[Union[LicenseChoice1, LicenseChoice2]]], Field(title="Component License(s)")
-    ] = None
+    licenses: Annotated[Optional[List[LicenseChoice]], Field(title="Component License(s)")] = None
     copyright: Annotated[
         Optional[str],
         Field(