cyclonedx.model
===============

.. py:module:: cyclonedx.model

.. autoapi-nested-parse::

   Uniform set of models to represent objects within a CycloneDX software bill-of-materials.

   You can either create a `cyclonedx.model.bom.Bom` yourself programmatically, or generate a `cyclonedx.model.bom.Bom`
   from a `cyclonedx.parser.BaseParser` implementation.



Submodules
----------

.. toctree::
   :maxdepth: 1

   /autoapi/cyclonedx/model/bom/index
   /autoapi/cyclonedx/model/bom_ref/index
   /autoapi/cyclonedx/model/component/index
   /autoapi/cyclonedx/model/component_evidence/index
   /autoapi/cyclonedx/model/contact/index
   /autoapi/cyclonedx/model/crypto/index
   /autoapi/cyclonedx/model/definition/index
   /autoapi/cyclonedx/model/dependency/index
   /autoapi/cyclonedx/model/impact_analysis/index
   /autoapi/cyclonedx/model/issue/index
   /autoapi/cyclonedx/model/license/index
   /autoapi/cyclonedx/model/lifecycle/index
   /autoapi/cyclonedx/model/release_note/index
   /autoapi/cyclonedx/model/service/index
   /autoapi/cyclonedx/model/tool/index
   /autoapi/cyclonedx/model/vulnerability/index


Classes
-------

.. autoapisummary::

   cyclonedx.model.DataFlow
   cyclonedx.model.DataClassification
   cyclonedx.model.Encoding
   cyclonedx.model.AttachedText
   cyclonedx.model.HashAlgorithm
   cyclonedx.model.HashType
   cyclonedx.model.ExternalReferenceType
   cyclonedx.model.XsUri
   cyclonedx.model.ExternalReference
   cyclonedx.model.Property
   cyclonedx.model.NoteText
   cyclonedx.model.Note
   cyclonedx.model.IdentifiableAction
   cyclonedx.model.Copyright


Package Contents
----------------

.. py:class:: DataFlow

   Bases: :py:obj:`str`, :py:obj:`enum.Enum`


   This is our internal representation of the dataFlowType simple type within the CycloneDX standard.

   .. note::
       See the CycloneDX Schema: https://cyclonedx.org/docs/1.7/xml/#type_dataFlowType


   .. py:attribute:: INBOUND
      :value: 'inbound'



   .. py:attribute:: OUTBOUND
      :value: 'outbound'



   .. py:attribute:: BI_DIRECTIONAL
      :value: 'bi-directional'



   .. py:attribute:: UNKNOWN
      :value: 'unknown'



.. py:class:: DataClassification(*, flow: DataFlow, classification: str)

   This is our internal representation of the `dataClassificationType` complex type within the CycloneDX standard.

   DataClassification might be deprecated since CycloneDX 1.5, but it is not deprecated in this library.
   In fact, this library will try to provide a compatibility layer if needed.

   .. note::
       See the CycloneDX Schema for dataClassificationType:
       https://cyclonedx.org/docs/1.7/xml/#type_dataClassificationType


   .. py:property:: flow
      :type: DataFlow


      Specifies the flow direction of the data.

      Valid values are: inbound, outbound, bi-directional, and unknown.

      Direction is relative to the service.

      - Inbound flow states that data enters the service
      - Outbound flow states that data leaves the service
      - Bi-directional states that data flows both ways
      - Unknown states that the direction is not known

      Returns:
          `DataFlow`



   .. py:property:: classification
      :type: str


      Data classification tags data according to its type, sensitivity, and value if altered, stolen, or destroyed.

      Returns:
          `str`



.. py:class:: Encoding

   Bases: :py:obj:`str`, :py:obj:`enum.Enum`


   This is our internal representation of the encoding simple type within the CycloneDX standard.

   .. note::
       See the CycloneDX Schema: https://cyclonedx.org/docs/1.7/xml/#type_encoding


   .. py:attribute:: BASE_64
      :value: 'base64'



.. py:class:: AttachedText(*, content: str, content_type: str = DEFAULT_CONTENT_TYPE, encoding: Optional[Encoding] = None)

   This is our internal representation of the `attachedTextType` complex type within the CycloneDX standard.

   .. note::
       See the CycloneDX Schema for hashType: https://cyclonedx.org/docs/1.7/xml/#type_attachedTextType


   .. py:attribute:: DEFAULT_CONTENT_TYPE
      :value: 'text/plain'



   .. py:property:: content_type
      :type: str


      Specifies the content type of the text. Defaults to text/plain if not specified.

      Returns:
          `str`



   .. py:property:: encoding
      :type: Optional[Encoding]


      Specifies the optional encoding the text is represented in.

      Returns:
          `Encoding` if set else `None`



   .. py:property:: content
      :type: str


      The attachment data.

      Proactive controls such as input validation and sanitization should be employed to prevent misuse of attachment
      text.

      Returns:
          `str`



.. py:class:: HashAlgorithm

   Bases: :py:obj:`str`, :py:obj:`enum.Enum`


   This is our internal representation of the hashAlg simple type within the CycloneDX standard.

   .. note::
       See the CycloneDX Schema: https://cyclonedx.org/docs/1.7/xml/#type_hashAlg


   .. py:attribute:: BLAKE2B_256
      :value: 'BLAKE2b-256'



   .. py:attribute:: BLAKE2B_384
      :value: 'BLAKE2b-384'



   .. py:attribute:: BLAKE2B_512
      :value: 'BLAKE2b-512'



   .. py:attribute:: BLAKE3
      :value: 'BLAKE3'



   .. py:attribute:: MD5
      :value: 'MD5'



   .. py:attribute:: SHA_1
      :value: 'SHA-1'



   .. py:attribute:: SHA_256
      :value: 'SHA-256'



   .. py:attribute:: SHA_384
      :value: 'SHA-384'



   .. py:attribute:: SHA_512
      :value: 'SHA-512'



   .. py:attribute:: SHA3_256
      :value: 'SHA3-256'



   .. py:attribute:: SHA3_384
      :value: 'SHA3-384'



   .. py:attribute:: SHA3_512
      :value: 'SHA3-512'



   .. py:attribute:: STREEBOG_256
      :value: 'Streebog-256'



   .. py:attribute:: STREEBOG_512
      :value: 'Streebog-512'



.. py:class:: HashType(*, alg: HashAlgorithm, content: str)

   This is our internal representation of the hashType complex type within the CycloneDX standard.

   .. note::
       See the CycloneDX Schema for hashType: https://cyclonedx.org/docs/1.7/xml/#type_hashType


   .. py:method:: from_hashlib_alg(hashlib_alg: str, content: str) -> HashType
      :staticmethod:


      Deprecated — Alias of :func:`cyclonedx.contrib.hash.factories.HashTypeFactory.from_hashlib_alg`.

      Attempts to convert a hashlib-algorithm to our internal model classes.

      .. deprecated:: next
          Use ``cyclonedx.contrib.hash.factories.HashTypeFactory().from_hashlib_alg()`` instead.



   .. py:method:: from_composite_str(composite_hash: str) -> HashType
      :staticmethod:


      Deprecated — Alias of :func:`cyclonedx.contrib.hash.factories.HashTypeFactory.from_composite_str`.

      Attempts to convert a string which includes both the Hash Algorithm and Hash Value and represent using our
      internal model classes.

      .. deprecated:: next
          Use ``cyclonedx.contrib.hash.factories.HashTypeFactory().from_composite_str()`` instead.



   .. py:property:: alg
      :type: HashAlgorithm


      Specifies the algorithm used to create the hash.

      Returns:
          `HashAlgorithm`



   .. py:property:: content
      :type: str


      Hash value content.

      Returns:
          `str`



.. py:class:: ExternalReferenceType

   Bases: :py:obj:`str`, :py:obj:`enum.Enum`


   Enum object that defines the permissible 'types' for an External Reference according to the CycloneDX schema.

   .. note::
       See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.7/xml/#type_externalReferenceType


   .. py:attribute:: ADVERSARY_MODEL
      :value: 'adversary-model'



   .. py:attribute:: ADVISORIES
      :value: 'advisories'



   .. py:attribute:: ATTESTATION
      :value: 'attestation'



   .. py:attribute:: BOM
      :value: 'bom'



   .. py:attribute:: BUILD_META
      :value: 'build-meta'



   .. py:attribute:: BUILD_SYSTEM
      :value: 'build-system'



   .. py:attribute:: CERTIFICATION_REPORT
      :value: 'certification-report'



   .. py:attribute:: CHAT
      :value: 'chat'



   .. py:attribute:: CITATION
      :value: 'citation'



   .. py:attribute:: CODIFIED_INFRASTRUCTURE
      :value: 'codified-infrastructure'



   .. py:attribute:: COMPONENT_ANALYSIS_REPORT
      :value: 'component-analysis-report'



   .. py:attribute:: CONFIGURATION
      :value: 'configuration'



   .. py:attribute:: DIGITAL_SIGNATURE
      :value: 'digital-signature'



   .. py:attribute:: DISTRIBUTION
      :value: 'distribution'



   .. py:attribute:: DISTRIBUTION_INTAKE
      :value: 'distribution-intake'



   .. py:attribute:: DOCUMENTATION
      :value: 'documentation'



   .. py:attribute:: DYNAMIC_ANALYSIS_REPORT
      :value: 'dynamic-analysis-report'



   .. py:attribute:: ELECTRONIC_SIGNATURE
      :value: 'electronic-signature'



   .. py:attribute:: EVIDENCE
      :value: 'evidence'



   .. py:attribute:: EXPLOITABILITY_STATEMENT
      :value: 'exploitability-statement'



   .. py:attribute:: FORMULATION
      :value: 'formulation'



   .. py:attribute:: ISSUE_TRACKER
      :value: 'issue-tracker'



   .. py:attribute:: LICENSE
      :value: 'license'



   .. py:attribute:: LOG
      :value: 'log'



   .. py:attribute:: MAILING_LIST
      :value: 'mailing-list'



   .. py:attribute:: MATURITY_REPORT
      :value: 'maturity-report'



   .. py:attribute:: MODEL_CARD
      :value: 'model-card'



   .. py:attribute:: PATENT
      :value: 'patent'



   .. py:attribute:: PATENT_ASSERTION
      :value: 'patent-assertion'



   .. py:attribute:: PATENT_FAMILY
      :value: 'patent-family'



   .. py:attribute:: PENTEST_REPORT
      :value: 'pentest-report'



   .. py:attribute:: POAM
      :value: 'poam'



   .. py:attribute:: QUALITY_METRICS
      :value: 'quality-metrics'



   .. py:attribute:: RELEASE_NOTES
      :value: 'release-notes'



   .. py:attribute:: RFC_9166
      :value: 'rfc-9116'



   .. py:attribute:: RISK_ASSESSMENT
      :value: 'risk-assessment'



   .. py:attribute:: RUNTIME_ANALYSIS_REPORT
      :value: 'runtime-analysis-report'



   .. py:attribute:: SECURITY_CONTACT
      :value: 'security-contact'



   .. py:attribute:: STATIC_ANALYSIS_REPORT
      :value: 'static-analysis-report'



   .. py:attribute:: SOCIAL
      :value: 'social'



   .. py:attribute:: SOURCE_DISTRIBUTION
      :value: 'source-distribution'



   .. py:attribute:: SCM
      :value: 'vcs'



   .. py:attribute:: SUPPORT
      :value: 'support'



   .. py:attribute:: THREAT_MODEL
      :value: 'threat-model'



   .. py:attribute:: VCS
      :value: 'vcs'



   .. py:attribute:: VULNERABILITY_ASSERTION
      :value: 'vulnerability-assertion'



   .. py:attribute:: WEBSITE
      :value: 'website'



   .. py:attribute:: OTHER
      :value: 'other'



.. py:class:: XsUri(uri: str)

   Bases: :py:obj:`py_serializable.helpers.BaseHelper`


   Helper class that allows us to perform validation on data strings that are defined as xs:anyURI
   in CycloneDX schema.

   Developers can just use this via `str(XsUri('https://www.google.com'))`.

   .. note::
       See XSD definition for xsd:anyURI: http://www.datypic.com/sc/xsd/t-xsd_anyURI.html
       See JSON Schema definition for iri-reference: https://tools.ietf.org/html/rfc3987


   .. py:property:: uri
      :type: str



   .. py:method:: serialize(o: Any) -> str
      :classmethod:


      general purpose serializer



   .. py:method:: deserialize(o: Any) -> XsUri
      :classmethod:


      general purpose deserializer



   .. py:method:: make_bom_link(serial_number: Union[uuid.UUID, str], version: int = 1, bom_ref: Optional[Union[str, bom_ref.BomRef]] = None) -> XsUri
      :classmethod:


      Generate a BOM-Link URI.

      Args:
          serial_number: The unique serial number of the BOM.
          version: The version of the BOM. The default version is 1.
          bom_ref: The unique identifier of the component, service, or vulnerability within the BOM.

      Returns:
          XsUri: Instance of XsUri with the generated BOM-Link URI.



   .. py:method:: is_bom_link() -> bool

      Check if the URI is a BOM-Link.

      Returns:
          `bool`



   .. py:method:: json_normalize(o: Any, *, view: Optional[Type[py_serializable.ViewType]], prop_info: py_serializable.ObjectMetadataLibrary.SerializableProperty, ctx: Type[Any], **kwargs: Any) -> Optional[Any]
      :classmethod:


      json specific normalizer



   .. py:method:: json_serialize(o: Any) -> Union[str, Any]
      :classmethod:


      json specific serializer



   .. py:method:: json_denormalize(o: Any, *, prop_info: py_serializable.ObjectMetadataLibrary.SerializableProperty, ctx: Type[Any], **kwargs: Any) -> Any
      :classmethod:


      json specific denormalizer

      :param tCls: the class that was desired to denormalize to
      :param pCls: tha prent class - as context



   .. py:method:: json_deserialize(o: Any) -> Any
      :classmethod:


      json specific deserializer



   .. py:method:: xml_normalize(o: Any, *, element_name: str, view: Optional[Type[py_serializable.ViewType]], xmlns: Optional[str], prop_info: py_serializable.ObjectMetadataLibrary.SerializableProperty, ctx: Type[Any], **kwargs: Any) -> Optional[Union[xml.etree.ElementTree.Element, Any]]
      :classmethod:


      xml specific normalizer



   .. py:method:: xml_serialize(o: Any) -> Union[str, Any]
      :classmethod:


      xml specific serializer



   .. py:method:: xml_denormalize(o: xml.etree.ElementTree.Element, *, default_ns: Optional[str], prop_info: py_serializable.ObjectMetadataLibrary.SerializableProperty, ctx: Type[Any], **kwargs: Any) -> Any
      :classmethod:


      xml specific denormalizer



   .. py:method:: xml_deserialize(o: Union[str, Any]) -> Any
      :classmethod:


      xml specific deserializer



.. py:class:: ExternalReference(*, type: ExternalReferenceType, url: XsUri, comment: Optional[str] = None, hashes: Optional[collections.abc.Iterable[HashType]] = None, properties: Optional[collections.abc.Iterable[Property]] = None)

   This is our internal representation of an ExternalReference complex type that can be used in multiple places within
   a CycloneDX BOM document.

   .. note::
       See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.7/xml/#type_externalReference


   .. py:property:: url
      :type: XsUri


      The URL to the external reference.

      Returns:
          `XsUri`



   .. py:property:: comment
      :type: Optional[str]


      An optional comment describing the external reference.

      Returns:
          `str` if set else `None`



   .. py:property:: type
      :type: ExternalReferenceType


      Specifies the type of external reference.

      There are built-in types to describe common references. If a type does not exist for the reference being
      referred to, use the "other" type.

      Returns:
          `ExternalReferenceType`



   .. py:property:: hashes
      :type: SortedSet[HashType]


      The hashes of the external reference (if applicable).

      Returns:
          Set of `HashType`



   .. py:property:: properties
      :type: SortedSet[Property]


      Provides the ability to document properties in a key/value store. This provides flexibility to include data not
      officially supported in the standard without having to use additional namespaces or create extensions.

      Return:
          Set of `Property`



.. py:class:: Property(*, name: str, value: Optional[str] = None)

   This is our internal representation of `propertyType` complex type that can be used in multiple places within
   a CycloneDX BOM document.

   .. note::
       See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.7/xml/#type_propertyType

   Specifies an individual property with a name and value.


   .. py:property:: name
      :type: str


      The name of the property.

      Duplicate names are allowed, each potentially having a different value.

      Returns:
          `str`



   .. py:property:: value
      :type: Optional[str]


      Value of this Property.

      Returns:
           `str`



.. py:class:: NoteText(*, content: str, content_type: Optional[str] = None, encoding: Optional[Encoding] = None)

   This is our internal representation of the Note.text complex type that can be used in multiple places within
   a CycloneDX BOM document.

   .. note::
       See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.7/xml/#type_releaseNotesType


   .. py:attribute:: DEFAULT_CONTENT_TYPE
      :type:  str
      :value: 'text/plain'



   .. py:property:: content
      :type: str


      Get the text content of this Note.

      Returns:
          `str` note content



   .. py:property:: content_type
      :type: Optional[str]


      Get the content-type of this Note.

      Defaults to 'text/plain' if one was not explicitly specified.

      Returns:
          `str` content-type



   .. py:property:: encoding
      :type: Optional[Encoding]


      Get the encoding method used for the note's content.

      Returns:
          `Encoding` if set else `None`



.. py:class:: Note(*, text: NoteText, locale: Optional[str] = None)

   This is our internal representation of the Note complex type that can be used in multiple places within
   a CycloneDX BOM document.

   .. note::
       See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.7/xml/#type_releaseNotesType

   @todo: Replace ``NoteText`` with ``AttachedText``?


   .. py:property:: text
      :type: NoteText


      Specifies the full content of the release note.

      Returns:
          `NoteText`



   .. py:property:: locale
      :type: Optional[str]


      Get the ISO locale of this Note.

      The ISO-639 (or higher) language code and optional ISO-3166 (or higher) country code.

      Examples include: "en", "en-US", "fr" and "fr-CA".

      Returns:
          `str` locale if set else `None`



.. py:class:: IdentifiableAction(*, timestamp: Optional[datetime.datetime] = None, name: Optional[str] = None, email: Optional[str] = None)

   This is our internal representation of the `identifiableActionType` complex type.

   .. note::
       See the CycloneDX specification: https://cyclonedx.org/docs/1.7/xml/#type_identifiableActionType


   .. py:property:: timestamp
      :type: Optional[datetime.datetime]


      The timestamp in which the action occurred.

      Returns:
          `datetime` if set else `None`



   .. py:property:: name
      :type: Optional[str]


      The name of the individual who performed the action.

      Returns:
          `str` if set else `None`



   .. py:property:: email
      :type: Optional[str]


      The email address of the individual who performed the action.

      Returns:
          `str` if set else `None`



.. py:class:: Copyright(*, text: str)

   This is our internal representation of the `copyrightsType` complex type.

   .. note::
       See the CycloneDX specification: https://cyclonedx.org/docs/1.7/xml/#type_copyrightsType


   .. py:property:: text
      :type: str


      Copyright statement.

      Returns:
          `str` if set else `None`



