ܖi dZddlmZddlZddlZddlmZddlmZddl m Z ddl m Z ddl mZmZddlmZddlmZd d lmZej0eZ dd ZGd d eZy)zU Functionality for formatting vulnerability results using the CycloneDX SBOM format. ) annotationsN)cast)output)Bom) Component) BomTarget Vulnerability)VulnerabilityFormatc g}g}|jD]\}}|jrttj|}t |j t|j}|D]I}|jt|j|jdt|jgK|j|t||S)N)nameversionUpgrade)ref)id descriptionrecommendationaffects) componentsvulnerabilities)items is_skippedrserviceResolvedDependencyrr strrappendr rrrbom_refr)resultrrdepvulnscvulns _/var/www/html/content-pipeline/venv/lib/python3.12/site-packages/pip_audit/_format/cyclonedx.py_pip_audit_result_to_bomr$sOJlln U >>  7--s3 388S-= > D  " "ww $ 0 0#,&19956    !'* *o FFceZdZdZej Gddej ZddZe d dZ d dZ y) CycloneDxFormatz An implementation of `VulnerabilityFormat` that formats vulnerability results using CycloneDX. The container format used by CycloneDX can be additionally configured. cheZdZdZej j Zej jZ y)CycloneDxFormat.InnerFormatz8 Valid container formats for CycloneDX. N) __name__ __module__ __qualname____doc__r OutputFormatJSONJsonXMLXmlr%r# InnerFormatr)<s+ ""''!!%%r%r4c||_y)z| Create a new `CycloneDxFormat`. `inner_format` determines the container format used by CycloneDX. N) _inner_format)self inner_formats r#__init__zCycloneDxFormat.__init__Es *r%cy)z8 See `VulnerabilityFormat.is_manifest`. Tr3)r7s r# is_manifestzCycloneDxFormat.is_manifestNs r%c|rtjdt|}tj||j j tjj}|jS)z Returns a CycloneDX formatted string for a given mapping of dependencies to vulnerability results. See `VulnerabilityFormat.format`. z0--fix output is unsupported by CycloneDX formats)bom output_formatschema_version) loggerwarningr$rmake_outputterr6value SchemaVersionV1_4output_as_string)r7rfixesr= formatters r#formatzCycloneDxFormat.formatUs`  NNM N&v.)),,22!//44 ))++r%N)r8r))returnbool)r;dict[service.Dependency, list[service.VulnerabilityResult]]rGzlist[fix.FixVersion]rJr) r*r+r,r-enumuniqueEnumr4r9propertyr;rIr3r%r#r'r'6sd  [[&dii&&* ,K,$, ,r%r')rrLrJr)r- __future__rrMloggingtypingr cyclonedxrcyclonedx.model.bomrcyclonedx.model.componentrcyclonedx.model.vulnerabilityrr pip_audit._fix_fixfixpip_audit._service_servicer interfacer getLoggerr*r@r$r'r3r%r#r_sd# #/B$*   8 $G GGG<4,)4,r%