fix: added ability to add tools in addition to this library when generating CycloneDX + plus fixes relating to multiple BOM instances

madpah · madpah · commit e03a25c3d2a1 · 2021-10-11T15:21:23.000+01:00
Signed-off-by: Paul Horton &lt;phorton@sonatype.com&gt;
diff --git a/cyclonedx/model/bom.py b/cyclonedx/model/bom.py
@@ -89,12 +89,12 @@ def __repr__(self):
 
 
 if sys.version_info >= (3, 8, 0):
-    from importlib.metadata import version
+    from importlib.metadata import version as meta_version
 else:
-    from importlib_metadata import version
+    from importlib_metadata import version as meta_version
 
 try:
-    ThisTool = Tool(vendor='CycloneDX', name='cyclonedx-python-lib', version=version('cyclonedx-python-lib'))
+    ThisTool = Tool(vendor='CycloneDX', name='cyclonedx-python-lib', version=meta_version('cyclonedx-python-lib'))
 except Exception:
     ThisTool = Tool(vendor='CycloneDX', name='cyclonedx-python-lib', version='UNKNOWN')
 
@@ -112,10 +112,22 @@ class BomMetaData:
 
     def __init__(self, tools: List[Tool] = []):
         self._timestamp = datetime.datetime.now(tz=datetime.timezone.utc)
+        self._tools.clear()
         if len(tools) == 0:
             tools.append(ThisTool)
         self._tools = tools
 
+    def add_tool(self, tool: Tool):
+        """
+        Add a Tool definition to this Bom Metadata. The `cyclonedx-python-lib` is automatically added - you do not need
+        to add this yourself.
+
+        Args:
+            tool:
+                Instance of `Tool` that represents the tool you are using.
+        """
+        self._tools.append(tool)
+
     def get_timestamp(self) -> datetime.datetime:
         """
         The date and time (in UTC) when this BomMetaData was created.
@@ -173,7 +185,7 @@ def __init__(self):
             New, empty `cyclonedx.model.bom.Bom` instance.
         """
         self._uuid = uuid4()
-        self._metadata = BomMetaData()
+        self._metadata = BomMetaData(tools=[])
         self._components.clear()
 
     def add_component(self, component: Component):
diff --git a/tests/test_bom.py b/tests/test_bom.py
@@ -20,7 +20,7 @@
 import os
 from unittest import TestCase
 
-from cyclonedx.model.bom import Bom, ThisTool
+from cyclonedx.model.bom import Bom, ThisTool, Tool
 from cyclonedx.model.component import Component
 from cyclonedx.parser.requirements import RequirementsFileParser
 
@@ -42,3 +42,12 @@ def test_bom_metadata_tool_this_tool(self):
         self.assertEqual(ThisTool.get_vendor(), 'CycloneDX')
         self.assertEqual(ThisTool.get_name(), 'cyclonedx-python-lib')
         self.assertNotEqual(ThisTool.get_version(), 'UNKNOWN')
+
+    def test_bom_metadata_tool_multiple_tools(self):
+        bom = Bom()
+        self.assertEqual(len(bom.get_metadata().get_tools()), 1)
+
+        bom.get_metadata().add_tool(Tool(
+            vendor='TestVendor', name='TestTool', version='0.0.0'
+        ))
+        self.assertEqual(len(bom.get_metadata().get_tools()), 2)
