Merge pull request #3189 from nexB/3016-fix-cyclonedx

Fix unhashable type error in cyclonedx #3016

Author: AyanSinhaMahapatra

src/formattedcode/output_cyclonedx.py

@@ -61,6 +61,10 @@ class CycloneDxLicenseExpression(ToDictMixin):
     """
     expression: str = attr.ib(default=None)
 
+    @property
+    def identifier(self):
+        return self.expression
+
     @classmethod
     def from_package(cls, package):
         """
@@ -81,6 +85,10 @@ class CycloneDxProperty(ToDictMixin):
     name: str = attr.ib()
     value: str = attr.ib()
 
+    @property
+    def identifier(self):
+        return f"{self.name}-{self.value}"
+
 
 @attr.s
 class CycloneDxHashObject(ToDictMixin):
@@ -98,6 +106,10 @@ class CycloneDxHashObject(ToDictMixin):
     alg: str = attr.ib()
     content: str = attr.ib()
 
+    @property
+    def identifier(self):
+        return f"{self.alg}-{self.content}"
+
     @classmethod
     def from_package(cls, package):
         """
@@ -159,6 +171,10 @@ class CycloneDxExternalRef(ToDictMixin):
     comment: str = attr.ib(default=None)
     hashes: List[CycloneDxHashObject] = attr.ib(factory=list)
 
+    @property
+    def identifier(self):
+        return f"{self.url}-{self.type}-{self.comment}"
+
     @classmethod
     def from_package(cls, package: dict):
         """
@@ -290,7 +306,8 @@ def from_package(cls, package):
             properties.append(
                 CycloneDxProperty(
                     name='WARNING',
-                    value=f'WARNING: component skipped in CycloneDX output: {package!r}'
+                    value=f'WARNING: component skipped in CycloneDX output:'
+                    f' purl: {package["purl"]} at datafile_paths: {package["datafile_paths"]}'
                 )
             )
 
@@ -428,8 +445,8 @@ def merge_lists(x, y):
     Merge ``y`` list items in list ``x`` avoiding duplicate entries.
     Return the updated ``x``.
     """
-    seen = set(x)
-    new = (i for i in y if i not in seen)
+    seen = set([item.identifier for item in x])
+    new = (item for item in y if item.identifier not in seen)
     x.extend(new)
     return x
 

tests/formattedcode/data/cyclonedx/expected.json renamed to tests/formattedcode/data/cyclonedx/simple-expected.json

@@ -0,0 +1,36 @@
+{
+  "bomFormat": "CycloneDX",
+  "specVersion": "1.3",
+  "version": 1,
+  "components": [
+    {
+      "name": "source",
+      "version": null,
+      "bom-ref": "pkg:autotools/source",
+      "group": null,
+      "type": "library",
+      "scope": "required",
+      "copyright": null,
+      "author": null,
+      "description": null,
+      "purl": "pkg:autotools/source",
+      "hashes": [],
+      "licenses": [
+        {
+          "expression": "LicenseRef-scancode-unicode AND FSFUL AND (FSFUL AND LicenseRef-scancode-unicode)"
+        },
+        {
+          "expression": "LicenseRef-scancode-unicode"
+        }
+      ],
+      "externalReferences": [],
+      "properties": [
+        {
+          "name": "WARNING",
+          "value": "WARNING: component skipped in CycloneDX output: purl: pkg:autotools/source at datafile_paths: ['simple-icu/source/configure']"
+        }
+      ]
+    }
+  ],
+  "dependencies": []
+}