Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: serialized XML omit default namespaceID #438

Closed
jkowalleck opened this issue Sep 16, 2023 · 3 comments · Fixed by #458 or #440
Closed

feat: serialized XML omit default namespaceID #438

jkowalleck opened this issue Sep 16, 2023 · 3 comments · Fixed by #458 or #440
Labels
breaking change enhancement New feature or request
Milestone

Comments

@jkowalleck
Copy link
Member

jkowalleck commented Sep 16, 2023

remove the XML-namespace and convert it to noNS/defaultNS by omiting the nsID

current serialization result:

<?xml version="1.0" encoding="UTF-8"?>
<ns1:bom xmlns:ns1="http://cyclonedx.org/schema/bom/1.4" ...>
</ns1:bom>

should be

<?xml version="1.0" ?>
<bom xmlns="http://cyclonedx.org/schema/bom/1.4" ...>
</bom>
@jkowalleck jkowalleck added enhancement New feature or request breaking change labels Sep 16, 2023
@jkowalleck jkowalleck added this to the 5.0.0 milestone Sep 16, 2023
@jkowalleck
Copy link
Member Author

This is actually a change in the serialization result, even though it is not a qualitative change.

but shill, this is a breaking change

jkowalleck added a commit that referenced this issue Sep 22, 2023
fixes #438

BREAKING CHANGE

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
@jkowalleck
Copy link
Member Author

jkowalleck commented Sep 22, 2023

for technical reasons, this is pretty hard.

first of, the serializer does not add namespaces to XML-attributes, so setting a defaultNS did not work.
registereing the NS as identifier '' did the trick for serialization.

but then the deserialization happened.
and this one was completely unavle to detect the defaultNS, and assumed it was '' -- which is the identifier for the defaultNS not the defaultNS itself ...
and then the nameSpace-detection on XML-attributes fails ...

ow maaaan .....


caused

@jkowalleck jkowalleck removed this from the 5.0.0 milestone Sep 22, 2023
@jkowalleck jkowalleck changed the title feat: serialized XML omit default namespace feat: serialized XML omit default namespaceID Sep 22, 2023
@jkowalleck jkowalleck linked a pull request Oct 4, 2023 that will close this issue
2 tasks
@jkowalleck jkowalleck added this to the 5.0.0 milestone Oct 4, 2023
jkowalleck added a commit that referenced this issue Oct 4, 2023
add indention to outputters. this may come at a cost!


Breaking Changes
------------------
* abstract Method `output.BaseOutput.output_as_string()` got new optional kwarg `indent`
* abstract Method `output.BaseOutput.output_as_string()` accepts arbitrary kwargs

Changed
----------
* XML output uses a default namespace, which makes results smaller.


Added
------------------
* All outputters' method `output_as_string()` got new optional kwarg `indent`
* All outputters' method `output_as_string()` accepts arbitrary kwargs
* All outputters' method `output_to_file()` got new optional kwarg `indent`
* All outputters' method `output_to_file()` accepts arbitrary kwargs

-----

- [x] implementation
- [x] tests (snapshot binary compare; structural equal compare) 

-----

enables CycloneDX/cyclonedx-python#424
fixes #437
fixes #438
supersedes #449

---------

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
@jkowalleck
Copy link
Member Author

closed via #458

@jkowalleck jkowalleck linked a pull request Oct 5, 2023 that will close this issue
jkowalleck added a commit that referenced this issue Oct 24, 2023
BREAKING CHANGES
----------------
* Dropped support for python<3.8 ([#436] via [#441]; enable [#433])
* Reworked license related models, collections, and factories ([#365] via [#466])
* Behavior
  * Method `model.bom.Bom.validate()` will throw `exception.LicenseExpressionAlongWithOthersException`, if detecting invalid license constellation ([#453] via [#452])
  * Fixed tuple comparison when unequal lengths (via [#461])
* API
  * Enum `schema.SchemaVersion` is no longer string-like ([#442] via [#447])
  * Enum `schema.OutputVersion` is no longer string-like ([#442] via [#447])
  * Abstract class `output.BaseOutput` requires implementation of new method `output_format` ([#446] via [#447])
  * Abstract method `output.BaseOutput.output_as_string()` got new optional parameter `indent` ([#437] via [#458])
  * Abstract method `output.BaseOutput.output_as_string()` accepts arbitrary kwargs (via [#458], [#462])
  * Removed class `factory.license.LicenseChoiceFactory` (via [#466])  
    The old functionality was integrated into `factory.license.LicenseFactory`.
  * Method `factory.license.LicenseFactory.make_from_string()`'s parameter `name_or_spdx` was renamed to `value` (via [#466])
  * Method `factory.license.LicenseFactory.make_from_string()`'s return value can also be a `LicenseExpression` ([#365] via [#466])  
    The behavior imitates the old `factory.license.LicenseChoiceFactory.make_from_string()`
  * Renamed class `module.License` to `module.license.DisjunctliveLicense` ([#365] via [#466])
  * Removed class `module.LicenseChoice` ([#365] via [#466])  
    Use dedicated classes `module.license.DisjunctliveLicense` and `module.license.LicenseExpression` instead
  * All occurrences of `models.LicenseChoice` were replaced by `models.licenses.License` ([#365] via [#466])
  * All occurrences of `SortedSet[LicenseChoice]` were specialized to `models.license.LicenseRepository` ([#365] via [#466])


Fixed
----------------
* Serialization of multy-licenses ([#365] via [#466])
* Detect unused "dependent" components in `model.bom.validate()` (via [#464])


Changed 
----------------
* Updated latest supported list of supported SPDX license identifiers (via [#433])
* Shipped schema files are moved to a protected space (via [#433])  
  These files were never intended for public use.
* XML output uses a default namespace, which makes results smaller. ([#438] via [#458])


Added
----------------
* Support for Python 3.12 (via [#460])
* JSON- & XML-Validators ([#432], [#446] via [#433], [#448])  
  The functionality might require additional dependencies, that can be installed with the extra "validation".  
  See the docs in section "Installation" for details.
* JSON & XML can be generated in a more human-friendly form ([#437], [#438] via [#458])
* Type hints, typings & overloads for better integration downstream (via [#463])
* API
  * New function `output.make_outputter()` (via [#469])  
    This replaces the deprecated function `output.get_instance()`.
  * New sub-package `validation` ([#432], [#446] via [#433], [#448], [#469], [#468], [#469])
  * New class `exception.MissingOptionalDependencyException` ([#432] via [#433])
  * New class `exception.LicenseExpressionAlongWithOthersException` ([#453] via [#452])
  * New dictionaries `output.{json,xml}.BY_SCHEMA_VERSION` ([#446] via [#447])
  * Existing implementations of class `output.BaseOutput` now have a new method `output_format` ([#446] via [#447])
  * Existing implementations of method `output.BaseOutput.output_as_string()` got new optional parameter `indent` ([#437] via [#458])
  * Existing implementations of method `output.BaseOutput.output_to_file()` got new optional parameter `indent` ([#437] via [#458])
  * New method `factory.license.LicenseFactory.make_with_expression()` (via [#466])
  * New class `model.license.DisjunctiveLicense` ([#365] via [#466])
  * New class `model.license.LicenseExpression` ([#365] via [#466])
  * New class `model.license.LicenseRepository` ([#365] via [#466])
  * New class `serialization.LicenseRepositoryHelper` ([#365] via [#466])


Deprecated
----------------
* Function `output.get_instance()` might be removed, use `output.make_outputter()` instead (via [#469])


Tests
----------------
* Added validation tests with official CycloneDX schema test data ([#432] via [#433])
* Use proper snapshots, instead of pseudo comparison ([#437] via [#464])
* Added regression test for bug [#365] (via [#466], [#467])


Misc
----------------
* Dependencies: bumped `py-serializable@^0.15.0`, was `@^0.11.1` (via [#458], [#463], [#464], [#466])
* Style: streamlined quotes and strings (via [#472])
* Chore: bumped internal dev- and QA-tools ([#436] via [#441], [#472])
* Chore: added more QA tools to prevent common security issues (via [#473])


[#432]: #432
[#433]: #433
[#436]: #436
[#437]: #437
[#365]: #365
[#438]: #438
[#440]: #440
[#441]: #441
[#442]: #442
[#446]: #446
[#447]: #447
[#448]: #448
[#452]: #452
[#453]: #453
[#458]: #458
[#460]: #460
[#461]: #461
[#462]: #462
[#463]: #463
[#464]: #464
[#466]: #466
[#467]: #467
[#468]: #468
[#469]: #469
[#472]: #472
[#473]: #473

---------

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Signed-off-by: Jan Kowalleck <jan.kowalleck@owasp.org>
Signed-off-by: semantic-release <semantic-release>
Co-authored-by: semantic-release <semantic-release>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
breaking change enhancement New feature or request
Projects
None yet
1 participant