Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add CPE format validation in property setter #711

Open
wants to merge 13 commits into
base: main
Choose a base branch
from
Open

feat: add CPE format validation in property setter #711

wants to merge 13 commits into from
+17 −0

Conversation

saquibsaifee
Copy link

@saquibsaifee saquibsaifee commented Oct 14, 2024
edited
Loading

Fixes #580

  • Implemented validation of CPE format using CPE library
  • Added tests to verify the handling of invalid CPE strings.

Note:

  • The CPE library is missing library stubs or py.typed marker, not sure how you want to handle it. I used type:ignore.
  • CPE library raises NotImplementedErorr for incorrect CPE Name or version link

saquibsaifee and others added 5 commits June 21, 2024 12:33
@saquibsaifee
Merge pull request CycloneDX#3 from CycloneDX/main
a0bfc3d 
sync
@saquibsaifee
Merge branch 'CycloneDX:main' into main
be4fd4b
@saquibsaifee
feat: add cpe format validation
15d9c19 
- Implemented regex-based validation for CPE format in the model.
- Added tests to verify handling of invalid CPE strings.

Signed-off-by: Saquib Saifee <saquibsaifee2@gmail.com>
@saquibsaifee
chore: update the cpe value
fbf02c2 
Signed-off-by: Saquib Saifee <saquibsaifee2@gmail.com>
feat: add CPE format validation in property setter
c74218b 
Signed-off-by: Saquib Saifee <saquibsaifee@ibm.com>
@saquibsaifee saquibsaifee requested a review from a team as a code owner October 14, 2024 22:34
@saquibsaifee
Copy link
Author

@jkowalleck have a look at this PR

chore: fix the typo
92b4d78 
Signed-off-by: Saquib Saifee <saquibsaifee@ibm.com>
@jkowalleck jkowalleck changed the title !feat: add CPE format validation in property setter feat: add CPE format validation in property setter Oct 15, 2024
@jkowalleck jkowalleck added enhancement New feature or request breaking change labels Oct 15, 2024
jkowalleck
jkowalleck reviewed Oct 15, 2024
View reviewed changes
cyclonedx/model/component.py
try:
CPE(cpe)
except NotImplementedError:
raise ValueError(f'Invalid CPE format: {cpe}')
Copy link
Member

@jkowalleck jkowalleck Oct 15, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This behavioral change is considered a breaking change.
Not a blocker, just a remark.

@jkowalleck
Copy link
Member

Thank you for your contribution, @saquibsaifee

We have an schema-based validator in place already, so there already is a mechanism that can check for valid CPE.
This means: there is no REAL reason to implement this in the first place -- it is a nice to have.
That, and the fact that the implementation introduced breaking changes causes this PR to be postponed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jkowalleck jkowalleck jkowalleck left review comments

Assignees
No one assigned
Labels
breaking change enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Improvement: Apply Regex check to Component.cpe
2 participants
@saquibsaifee @jkowalleck