cyclonedx.model
Uniform set of models to represent objects within a CycloneDX software bill-of-materials.
You can either create a cyclonedx.model.bom.Bom yourself programmatically, or generate a cyclonedx.model.bom.Bom from a cyclonedx.parser.BaseParser implementation.
Submodules
- cyclonedx.model.bom
- cyclonedx.model.bom_ref
- cyclonedx.model.component
- cyclonedx.model.contact
- cyclonedx.model.crypto
- cyclonedx.model.definition
- cyclonedx.model.dependency
- cyclonedx.model.impact_analysis
- cyclonedx.model.issue
- cyclonedx.model.license
- cyclonedx.model.lifecycle
- cyclonedx.model.release_note
- cyclonedx.model.service
- cyclonedx.model.tool
- cyclonedx.model.vulnerability
Classes
This is our internal representation of the dataFlowType simple type within the CycloneDX standard. |
|
This is our internal representation of the dataClassificationType complex type within the CycloneDX standard. |
|
This is our internal representation of the encoding simple type within the CycloneDX standard. |
|
This is our internal representation of the attachedTextType complex type within the CycloneDX standard. |
|
This is our internal representation of the hashAlg simple type within the CycloneDX standard. |
|
This is our internal representation of the hashType complex type within the CycloneDX standard. |
|
Enum object that defines the permissible 'types' for an External Reference according to the CycloneDX schema. |
|
Helper class that allows us to perform validation on data strings that are defined as xs:anyURI |
|
This is our internal representation of an ExternalReference complex type that can be used in multiple places within |
|
This is our internal representation of propertyType complex type that can be used in multiple places within |
|
This is our internal representation of the Note.text complex type that can be used in multiple places within |
|
This is our internal representation of the Note complex type that can be used in multiple places within |
|
This is our internal representation of the identifiableActionType complex type. |
|
This is our internal representation of the copyrightsType complex type. |
Package Contents
- class cyclonedx.model.DataFlow
Bases:
str
,enum.Enum
This is our internal representation of the dataFlowType simple type within the CycloneDX standard.
Note
See the CycloneDX Schema: https://cyclonedx.org/docs/1.6/xml/#type_dataFlowType
- INBOUND = 'inbound'
- OUTBOUND = 'outbound'
- BI_DIRECTIONAL = 'bi-directional'
- UNKNOWN = 'unknown'
- class cyclonedx.model.DataClassification(*, flow: DataFlow, classification: str)
This is our internal representation of the dataClassificationType complex type within the CycloneDX standard.
DataClassification might be deprecated since CycloneDX 1.5, but it is not deprecated in this library. In fact, this library will try to provide a compatibility layer if needed.
Note
See the CycloneDX Schema for dataClassificationType: https://cyclonedx.org/docs/1.6/xml/#type_dataClassificationType
- property flow: DataFlow
Specifies the flow direction of the data.
Valid values are: inbound, outbound, bi-directional, and unknown.
Direction is relative to the service.
Inbound flow states that data enters the service
Outbound flow states that data leaves the service
Bi-directional states that data flows both ways
Unknown states that the direction is not known
- Returns:
DataFlow
- property classification: str
Data classification tags data according to its type, sensitivity, and value if altered, stolen, or destroyed.
- Returns:
str
- class cyclonedx.model.Encoding
Bases:
str
,enum.Enum
This is our internal representation of the encoding simple type within the CycloneDX standard.
Note
See the CycloneDX Schema: https://cyclonedx.org/docs/1.6/#type_encoding
- BASE_64 = 'base64'
- class cyclonedx.model.AttachedText(*, content: str, content_type: str = DEFAULT_CONTENT_TYPE, encoding: Encoding | None = None)
This is our internal representation of the attachedTextType complex type within the CycloneDX standard.
Note
See the CycloneDX Schema for hashType: https://cyclonedx.org/docs/1.6/#type_attachedTextType
- DEFAULT_CONTENT_TYPE = 'text/plain'
- property content_type: str
Specifies the content type of the text. Defaults to text/plain if not specified.
- Returns:
str
- property encoding: Encoding | None
Specifies the optional encoding the text is represented in.
- Returns:
Encoding if set else None
- property content: str
The attachment data.
Proactive controls such as input validation and sanitization should be employed to prevent misuse of attachment text.
- Returns:
str
- class cyclonedx.model.HashAlgorithm
Bases:
str
,enum.Enum
This is our internal representation of the hashAlg simple type within the CycloneDX standard.
Note
See the CycloneDX Schema: https://cyclonedx.org/docs/1.6/#type_hashAlg
- BLAKE2B_256 = 'BLAKE2b-256'
- BLAKE2B_384 = 'BLAKE2b-384'
- BLAKE2B_512 = 'BLAKE2b-512'
- BLAKE3 = 'BLAKE3'
- MD5 = 'MD5'
- SHA_1 = 'SHA-1'
- SHA_256 = 'SHA-256'
- SHA_384 = 'SHA-384'
- SHA_512 = 'SHA-512'
- SHA3_256 = 'SHA3-256'
- SHA3_384 = 'SHA3-384'
- SHA3_512 = 'SHA3-512'
- class cyclonedx.model.HashType(*, alg: HashAlgorithm, content: str)
This is our internal representation of the hashType complex type within the CycloneDX standard.
Note
See the CycloneDX Schema for hashType: https://cyclonedx.org/docs/1.6/#type_hashType
- static from_hashlib_alg(hashlib_alg: str, content: str) HashType
Attempts to convert a hashlib-algorithm to our internal model classes.
- Args:
- hashlib_alg:
Hash algorith - like it is used by hashlib. Example: sha256.
- content:
Hash value.
- Raises:
UnknownHashTypeException if the algorithm of hash cannot be determined.
- Returns:
An instance of HashType.
- static from_composite_str(composite_hash: str) HashType
Attempts to convert a string which includes both the Hash Algorithm and Hash Value and represent using our internal model classes.
- Args:
- composite_hash:
Composite Hash string of the format HASH_ALGORITHM:HASH_VALUE. Example: sha256:806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b.
Valid case insensitive prefixes are: md5, sha1, sha256, sha384, sha512, blake2b256, blake2b384, blake2b512, blake2256, blake2384, blake2512, sha3-256, sha3-384, sha3-512, blake3.
- Raises:
UnknownHashTypeException if the type of hash cannot be determined.
- Returns:
An instance of HashType.
- property alg: HashAlgorithm
Specifies the algorithm used to create the hash.
- Returns:
HashAlgorithm
- property content: str
Hash value content.
- Returns:
str
- class cyclonedx.model.ExternalReferenceType
Bases:
str
,enum.Enum
Enum object that defines the permissible ‘types’ for an External Reference according to the CycloneDX schema.
Note
See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.6/#type_externalReferenceType
- ADVERSARY_MODEL = 'adversary-model'
- ADVISORIES = 'advisories'
- ATTESTATION = 'attestation'
- BOM = 'bom'
- BUILD_META = 'build-meta'
- BUILD_SYSTEM = 'build-system'
- CERTIFICATION_REPORT = 'certification-report'
- CHAT = 'chat'
- CODIFIED_INFRASTRUCTURE = 'codified-infrastructure'
- COMPONENT_ANALYSIS_REPORT = 'component-analysis-report'
- CONFIGURATION = 'configuration'
- DIGITAL_SIGNATURE = 'digital-signature'
- DISTRIBUTION = 'distribution'
- DISTRIBUTION_INTAKE = 'distribution-intake'
- DOCUMENTATION = 'documentation'
- DYNAMIC_ANALYSIS_REPORT = 'dynamic-analysis-report'
- ELECTRONIC_SIGNATURE = 'electronic-signature'
- EVIDENCE = 'evidence'
- EXPLOITABILITY_STATEMENT = 'exploitability-statement'
- FORMULATION = 'formulation'
- ISSUE_TRACKER = 'issue-tracker'
- LICENSE = 'license'
- LOG = 'log'
- MAILING_LIST = 'mailing-list'
- MATURITY_REPORT = 'maturity-report'
- MODEL_CARD = 'model-card'
- PENTEST_REPORT = 'pentest-report'
- POAM = 'poam'
- QUALITY_METRICS = 'quality-metrics'
- RELEASE_NOTES = 'release-notes'
- RFC_9166 = 'rfc-9116'
- RISK_ASSESSMENT = 'risk-assessment'
- RUNTIME_ANALYSIS_REPORT = 'runtime-analysis-report'
- SECURITY_CONTACT = 'security-contact'
- STATIC_ANALYSIS_REPORT = 'static-analysis-report'
- SOCIAL = 'social'
- SOURCE_DISTRIBUTION = 'source-distribution'
- SCM = 'vcs'
- SUPPORT = 'support'
- THREAT_MODEL = 'threat-model'
- VCS = 'vcs'
- VULNERABILITY_ASSERTION = 'vulnerability-assertion'
- WEBSITE = 'website'
- OTHER = 'other'
- class cyclonedx.model.XsUri(uri: str)
Bases:
py_serializable.helpers.BaseHelper
Helper class that allows us to perform validation on data strings that are defined as xs:anyURI in CycloneDX schema.
Developers can just use this via str(XsUri(‘https://www.google.com’)).
Note
See XSD definition for xsd:anyURI: http://www.datypic.com/sc/xsd/t-xsd_anyURI.html See JSON Schema definition for iri-reference: https://tools.ietf.org/html/rfc3987
- property uri: str
- classmethod serialize(o: Any) str
general purpose serializer
- classmethod make_bom_link(serial_number: uuid.UUID | str, version: int = 1, bom_ref: str | bom_ref.BomRef | None = None) XsUri
Generate a BOM-Link URI.
- Args:
serial_number: The unique serial number of the BOM. version: The version of the BOM. The default version is 1. bom_ref: The unique identifier of the component, service, or vulnerability within the BOM.
- Returns:
XsUri: Instance of XsUri with the generated BOM-Link URI.
- is_bom_link() bool
Check if the URI is a BOM-Link.
- Returns:
bool
- classmethod json_normalize(o: Any, *, view: Type[py_serializable.ViewType] | None, prop_info: py_serializable.ObjectMetadataLibrary.SerializableProperty, ctx: Type[Any], **kwargs: Any) Any | None
json specific normalizer
- classmethod json_serialize(o: Any) str | Any
json specific serializer
- classmethod json_denormalize(o: Any, *, prop_info: py_serializable.ObjectMetadataLibrary.SerializableProperty, ctx: Type[Any], **kwargs: Any) Any
json specific denormalizer
- Parameters:
tCls – the class that was desired to denormalize to
pCls – tha prent class - as context
- classmethod json_deserialize(o: Any) Any
json specific deserializer
- classmethod xml_normalize(o: Any, *, element_name: str, view: Type[py_serializable.ViewType] | None, xmlns: str | None, prop_info: py_serializable.ObjectMetadataLibrary.SerializableProperty, ctx: Type[Any], **kwargs: Any) xml.etree.ElementTree.Element | Any | None
xml specific normalizer
- classmethod xml_serialize(o: Any) str | Any
xml specific serializer
- classmethod xml_denormalize(o: xml.etree.ElementTree.Element, *, default_ns: str | None, prop_info: py_serializable.ObjectMetadataLibrary.SerializableProperty, ctx: Type[Any], **kwargs: Any) Any
xml specific denormalizer
- classmethod xml_deserialize(o: str | Any) Any
xml specific deserializer
- class cyclonedx.model.ExternalReference(*, type: ExternalReferenceType, url: XsUri, comment: str | None = None, hashes: Iterable[HashType] | None = None)
This is our internal representation of an ExternalReference complex type that can be used in multiple places within a CycloneDX BOM document.
Note
See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.6/#type_externalReference
- property comment: str | None
An optional comment describing the external reference.
- Returns:
str if set else None
- property type: ExternalReferenceType
Specifies the type of external reference.
There are built-in types to describe common references. If a type does not exist for the reference being referred to, use the “other” type.
- Returns:
ExternalReferenceType
- class cyclonedx.model.Property(*, name: str, value: str | None = None)
This is our internal representation of propertyType complex type that can be used in multiple places within a CycloneDX BOM document.
Note
See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.6/xml/#type_propertyType
Specifies an individual property with a name and value.
- property name: str
The name of the property.
Duplicate names are allowed, each potentially having a different value.
- Returns:
str
- property value: str | None
Value of this Property.
- Returns:
str
- class cyclonedx.model.NoteText(*, content: str, content_type: str | None = None, encoding: Encoding | None = None)
This is our internal representation of the Note.text complex type that can be used in multiple places within a CycloneDX BOM document.
Note
See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.6/xml/#type_releaseNotesType
- DEFAULT_CONTENT_TYPE: str = 'text/plain'
- property content: str
Get the text content of this Note.
- Returns:
str note content
- property content_type: str | None
Get the content-type of this Note.
Defaults to ‘text/plain’ if one was not explicitly specified.
- Returns:
str content-type
- class cyclonedx.model.Note(*, text: NoteText, locale: str | None = None)
This is our internal representation of the Note complex type that can be used in multiple places within a CycloneDX BOM document.
Note
See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.6/xml/#type_releaseNotesType
@todo: Replace
NoteText
withAttachedText
?- property locale: str | None
Get the ISO locale of this Note.
The ISO-639 (or higher) language code and optional ISO-3166 (or higher) country code.
Examples include: “en”, “en-US”, “fr” and “fr-CA”.
- Returns:
str locale if set else None
- class cyclonedx.model.IdentifiableAction(*, timestamp: datetime.datetime | None = None, name: str | None = None, email: str | None = None)
This is our internal representation of the identifiableActionType complex type.
Note
See the CycloneDX specification: https://cyclonedx.org/docs/1.6/xml/#type_identifiableActionType
- property timestamp: datetime.datetime | None
The timestamp in which the action occurred.
- Returns:
datetime if set else None
- property name: str | None
The name of the individual who performed the action.
- Returns:
str if set else None
- property email: str | None
The email address of the individual who performed the action.
- Returns:
str if set else None
- class cyclonedx.model.Copyright(*, text: str)
This is our internal representation of the copyrightsType complex type.
Note
See the CycloneDX specification: https://cyclonedx.org/docs/1.6/xml/#type_copyrightsType
- property text: str
Copyright statement.
- Returns:
str if set else None