feat: add support for properties in external references

Churro · Churro · commit a2547bb8596f · 2025-10-29T23:06:46.000+01:00
Signed-off-by: Johannes Feichtner &lt;johannes@web-wack.at&gt;
diff --git a/cyclonedx/model/__init__.py b/cyclonedx/model/__init__.py
@@ -819,6 +819,81 @@ def is_bom_link(self) -> bool:
         return self._uri.startswith(_BOM_LINK_PREFIX)
 
 
+@serializable.serializable_class(ignore_unknown_during_deserialization=True)
+class Property:
+    """
+    This is our internal representation of `propertyType` complex type that can be used in multiple places within
+    a CycloneDX BOM document.
+
+    .. note::
+        See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.7/xml/#type_propertyType
+
+    Specifies an individual property with a name and value.
+    """
+
+    def __init__(
+        self, *,
+        name: str,
+        value: Optional[str] = None,
+    ) -> None:
+        self.name = name
+        self.value = value
+
+    @property
+    @serializable.xml_attribute()
+    def name(self) -> str:
+        """
+        The name of the property.
+
+        Duplicate names are allowed, each potentially having a different value.
+
+        Returns:
+            `str`
+        """
+        return self._name
+
+    @name.setter
+    def name(self, name: str) -> None:
+        self._name = name
+
+    @property
+    @serializable.xml_name('.')
+    @serializable.xml_string(serializable.XmlStringSerializationType.NORMALIZED_STRING)
+    def value(self) -> Optional[str]:
+        """
+        Value of this Property.
+
+        Returns:
+             `str`
+        """
+        return self._value
+
+    @value.setter
+    def value(self, value: Optional[str]) -> None:
+        self._value = value
+
+    def __comparable_tuple(self) -> _ComparableTuple:
+        return _ComparableTuple((
+            self.name, self.value
+        ))
+
+    def __eq__(self, other: object) -> bool:
+        if isinstance(other, Property):
+            return self.__comparable_tuple() == other.__comparable_tuple()
+        return False
+
+    def __lt__(self, other: Any) -> bool:
+        if isinstance(other, Property):
+            return self.__comparable_tuple() < other.__comparable_tuple()
+        return NotImplemented
+
+    def __hash__(self) -> int:
+        return hash(self.__comparable_tuple())
+
+    def __repr__(self) -> str:
+        return f'<Property name={self.name}>'
+
+
 @serializable.serializable_class(ignore_unknown_during_deserialization=True)
 class ExternalReference:
     """
@@ -835,11 +910,13 @@ def __init__(
         url: XsUri,
         comment: Optional[str] = None,
         hashes: Optional[Iterable[HashType]] = None,
+        properties: Optional[Iterable[Property]] = None,
     ) -> None:
         self.url = url
         self.comment = comment
         self.type = type
         self.hashes = hashes or []
+        self.properties = properties or []
 
     @property
     @serializable.xml_sequence(1)
@@ -909,102 +986,44 @@ def hashes(self) -> 'SortedSet[HashType]':
     def hashes(self, hashes: Iterable[HashType]) -> None:
         self._hashes = SortedSet(hashes)
 
-    def __comparable_tuple(self) -> _ComparableTuple:
-        return _ComparableTuple((
-            self._type, self._url, self._comment,
-            _ComparableTuple(self._hashes)
-        ))
-
-    def __eq__(self, other: object) -> bool:
-        if isinstance(other, ExternalReference):
-            return self.__comparable_tuple() == other.__comparable_tuple()
-        return False
-
-    def __lt__(self, other: Any) -> bool:
-        if isinstance(other, ExternalReference):
-            return self.__comparable_tuple() < other.__comparable_tuple()
-        return NotImplemented
-
-    def __hash__(self) -> int:
-        return hash(self.__comparable_tuple())
-
-    def __repr__(self) -> str:
-        return f'<ExternalReference {self.type.name}, {self.url}>'
-
-
-@serializable.serializable_class(ignore_unknown_during_deserialization=True)
-class Property:
-    """
-    This is our internal representation of `propertyType` complex type that can be used in multiple places within
-    a CycloneDX BOM document.
-
-    .. note::
-        See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.7/xml/#type_propertyType
-
-    Specifies an individual property with a name and value.
-    """
-
-    def __init__(
-        self, *,
-        name: str,
-        value: Optional[str] = None,
-    ) -> None:
-        self.name = name
-        self.value = value
-
-    @property
-    @serializable.xml_attribute()
-    def name(self) -> str:
-        """
-        The name of the property.
-
-        Duplicate names are allowed, each potentially having a different value.
-
-        Returns:
-            `str`
-        """
-        return self._name
-
-    @name.setter
-    def name(self, name: str) -> None:
-        self._name = name
-
     @property
-    @serializable.xml_name('.')
-    @serializable.xml_string(serializable.XmlStringSerializationType.NORMALIZED_STRING)
-    def value(self) -> Optional[str]:
+    @serializable.view(SchemaVersion1Dot7)
+    @serializable.xml_array(serializable.XmlArraySerializationType.NESTED, 'property')
+    def properties(self) -> 'SortedSet[Property]':
         """
-        Value of this Property.
+        Provides the ability to document properties in a key/value store. This provides flexibility to include data not
+        officially supported in the standard without having to use additional namespaces or create extensions.
 
-        Returns:
-             `str`
+        Return:
+            Set of `Property`
         """
-        return self._value
+        return self._properties
 
-    @value.setter
-    def value(self, value: Optional[str]) -> None:
-        self._value = value
+    @properties.setter
+    def properties(self, properties: Iterable[Property]) -> None:
+        self._properties = SortedSet(properties)
 
     def __comparable_tuple(self) -> _ComparableTuple:
         return _ComparableTuple((
-            self.name, self.value
+            self._type, self._url, self._comment,
+            _ComparableTuple(self._hashes), _ComparableTuple(self.properties),
         ))
 
     def __eq__(self, other: object) -> bool:
-        if isinstance(other, Property):
+        if isinstance(other, ExternalReference):
             return self.__comparable_tuple() == other.__comparable_tuple()
         return False
 
     def __lt__(self, other: Any) -> bool:
-        if isinstance(other, Property):
+        if isinstance(other, ExternalReference):
             return self.__comparable_tuple() < other.__comparable_tuple()
         return NotImplemented
 
     def __hash__(self) -> int:
         return hash(self.__comparable_tuple())
 
     def __repr__(self) -> str:
-        return f'<Property name={self.name}>'
+        return f'<ExternalReference {self.type.name}, {self.url}>'
 
 
 @serializable.serializable_class(ignore_unknown_during_deserialization=True)
diff --git a/tests/test_model_component.py b/tests/test_model_component.py
@@ -132,16 +132,24 @@ def test_multiple_basic_components(self) -> None:
 
     def test_external_references(self) -> None:
         c1 = Component(name='test-component')
+        properties = [
+            Property(name='property_1', value='value_1'),
+            Property(name='property_2', value='value_2')
+        ]
         c1.external_references.add(ExternalReference(
             type=ExternalReferenceType.OTHER,
             url=XsUri('https://cyclonedx.org'),
-            comment='No comment'
+            comment='No comment',
+            properties=properties
         ))
         self.assertEqual(c1.name, 'test-component')
         self.assertIsNone(c1.version)
         self.assertEqual(c1.type, ComponentType.LIBRARY)
         self.assertEqual(len(c1.external_references), 1)
         self.assertEqual(len(c1.hashes), 0)
+        self.assertIsNotNone(c1.external_references[0].properties)
+        self.assertIn(properties[0], c1.external_references[0].properties)
+        self.assertIn(properties[1], c1.external_references[0].properties)
 
         c2 = Component(name='test2-component')
         self.assertEqual(c2.name, 'test2-component')
@@ -163,13 +171,15 @@ def test_component_equal_1(self) -> None:
         c1.external_references.add(ExternalReference(
             type=ExternalReferenceType.OTHER,
             url=XsUri('https://cyclonedx.org'),
-            comment='No comment'
+            comment='No comment',
+            properties=[Property(name='property_1', value='value_1')]
         ))
         c2 = Component(name='test-component')
         c2.external_references.add(ExternalReference(
             type=ExternalReferenceType.OTHER,
             url=XsUri('https://cyclonedx.org'),
-            comment='No comment'
+            comment='No comment',
+            properties=[Property(name='property_1', value='value_1')]
         ))
         self.assertEqual(c1, c2)
 
