Merge branch 'feat/my/component_evidence_itentiyt_single_deserialize' into fix/component-evidence-identity-deserialization

- remove JSON-only implemntations and tests
- added more tests
- streamlined some imeplementations

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>

Author: jkowalleck

cyclonedx/model/component_evidence.py

@@ -185,24 +185,6 @@ def xml_denormalize(cls, o: 'XmlElement', *,
         return [BomRef(value=t.get('ref')) for t in o]
 
 
-class _IdentitySetSerializationHelper(serializable.helpers.BaseHelper):
-    """  THIS CLASS IS NON-PUBLIC API  """
-
-    @classmethod
-    def json_normalize(cls, o: Iterable['Identity'], *,
-                       view: Optional[type[serializable.ViewType]],
-                       **__: Any) -> list[dict[str, Any]]:
-        # Serialize identity as a list of dicts, preserving the view context
-        return [json_loads(item.as_json(view)) for item in o]  # type: ignore[attr-defined]
-
-    @classmethod
-    def json_deserialize(cls, o: Union[dict[str, Any], list[dict[str, Any]]]) -> list['Identity']:
-        # Handle identity field which can be a dict (CycloneDX 1.5) or list of dicts (CycloneDX 1.6)
-        if isinstance(o, dict):
-            return [Identity.from_json(o)]  # type: ignore[attr-defined]
-        return [Identity.from_json(item) for item in o]  # type: ignore[attr-defined]
-
-
 @serializable.serializable_class(ignore_unknown_during_deserialization=True)
 class Identity:
     """
@@ -672,7 +654,6 @@ def __init__(
     @property
     @serializable.view(SchemaVersion1Dot5)
     @serializable.view(SchemaVersion1Dot6)
-    @serializable.type_mapping(_IdentitySetSerializationHelper)
     @serializable.xml_sequence(1)
     @serializable.xml_array(serializable.XmlArraySerializationType.FLAT, 'identity')
     def identity(self) -> 'SortedSet[Identity]':
@@ -771,7 +752,10 @@ def __repr__(self) -> str:
 
 
 class _ComponentEvidenceSerializationHelper(serializable.helpers.BaseHelper):
-    """THIS CLASS IS NON-PUBLIC API"""
+    """THIS CLASS IS NON-PUBLIC API
+
+    This helper takes care of :attr:`ComponentEvidence.identity`.
+    """
 
     @classmethod
     def json_normalize(cls, o: ComponentEvidence, *,
@@ -780,17 +764,16 @@ def json_normalize(cls, o: ComponentEvidence, *,
         data: dict[str, Any] = json_loads(o.as_json(view))  # type:ignore[attr-defined]
         if view is SchemaVersion1Dot5:
             identities = data.get('identity', [])
-            if il := len(identities) > 1:
-                warn(f'CycloneDX 1.5 does not support multiple identity items; dropping {il - 1} items.')
+            if identities:
+                if (il := len(identities)) > 1:
+                    warn(f'CycloneDX 1.5 does not support multiple identity items; dropping {il - 1} items.')
                 data['identity'] = identities[0]
         return data
 
     @classmethod
     def json_denormalize(cls, o: dict[str, Any], **__: Any) -> Any:
-        # Handle identity field which can be a dict (CycloneDX 1.5) or list of dicts (CycloneDX 1.6)
-        # Before passing to ComponentEvidence.from_json, ensure it's always a list
-        if 'identity' in o and isinstance(o['identity'], dict):
-            o = {**o, 'identity': [o['identity']]}
+        if isinstance(identity := o.get('identity'), dict):
+            o = {**o, 'identity': [identity]}
         return ComponentEvidence.from_json(o)  # type:ignore[attr-defined]
 
     @classmethod
@@ -802,7 +785,7 @@ def xml_normalize(cls, o: ComponentEvidence, *,
         normalized: 'XmlElement' = o.as_xml(view, False, element_name, xmlns)  # type:ignore[attr-defined]
         if view is SchemaVersion1Dot5:
             identities = normalized.findall(f'./{{{xmlns}}}identity' if xmlns else './identity')
-            if il := len(identities) > 1:
+            if (il := len(identities)) > 1:
                 warn(f'CycloneDX 1.5 does not support multiple identity items; dropping {il - 1} items.')
                 for i in identities[1:]:
                     normalized.remove(i)

tests/_data/own/json/1.5/component_evidence_identity.json

@@ -127,3 +127,12 @@ def test_regression_issue690(self) -> None:
             json = json_loads(f.read())
         bom: Bom = Bom.from_json(json)  # <<< is expected to not crash
         self.assertIsNotNone(bom)
+
+    def test_component_evidence_identity(self) -> None:
+        json_file = join(OWN_DATA_DIRECTORY, 'json',
+                         SchemaVersion.V1_6.to_version(),
+                         'component_evidence_identity.json')
+        with open(json_file) as f:
+            json = json_loads(f.read())
+        bom: Bom = Bom.from_json(json)  # <<< is expected to not crash
+        self.assertIsNotNone(bom)

tests/_data/own/json/1.6/component_evidence_identity.json

@@ -16,6 +16,7 @@
 # Copyright (c) OWASP Foundation. All Rights Reserved.
 
 from collections.abc import Callable
+from os.path import join
 from typing import Any
 from unittest import TestCase
 from unittest.mock import patch
@@ -24,7 +25,7 @@
 
 from cyclonedx.model.bom import Bom
 from cyclonedx.schema import OutputFormat, SchemaVersion
-from tests import DeepCompareMixin, SnapshotMixin, mksname
+from tests import OWN_DATA_DIRECTORY, DeepCompareMixin, SnapshotMixin, mksname
 from tests._data.models import (
     all_get_bom_funct_valid_immut,
     all_get_bom_funct_valid_reversible_migrate,
@@ -46,3 +47,11 @@ def test_prepared(self, get_bom: Callable[[], Bom], *_: Any, **__: Any) -> None:
             bom = Bom.from_xml(s)
         self.assertBomDeepEqual(expected, bom,
                                 fuzzy_deps=get_bom in all_get_bom_funct_with_incomplete_deps)
+
+    def test_component_evidence_identity(self) -> None:
+        xml_file = join(OWN_DATA_DIRECTORY, 'xml',
+                        SchemaVersion.V1_6.to_version(),
+                        'component_evidence_identity.xml')
+        with open(xml_file) as f:
+            bom: Bom = Bom.from_xml(f)  # <<< is expected to not crash
+        self.assertIsNotNone(bom)