sw360_objects: make purls a Python set()

This allows for easy de-duplication.

Author: gernot-h

sw360/sw360_objects.py

@@ -152,7 +152,7 @@ def _parse_link(self, key, links_key, links_value):
 
     def _parse_purls(self, purl_value):
         """Parse package url strings"""
-        purls = []
+        purls = set()
         if type(purl_value) is str:
             if purl_value.startswith("["):
                 # as of 2022-04, SW360 returns arrays as JSON string...
@@ -164,7 +164,7 @@ def _parse_purls(self, purl_value):
             if purl_string.startswith("pkg:"):
                 try:
                     purl = packageurl.PackageURL.from_string(purl_string)
-                    purls.append(purl)
+                    purls.add(purl)
                 except ValueError:
                     pass
         return purls
@@ -176,8 +176,6 @@ def from_json(self, json, copy_attributes=list(), snake_case=True):
         attributes and JSON members. If `snake_case` is set, more Python-ish
         snake_case names will be used (project_type instead of projectType).
         """
-        # delete purl list as we add purls from different external ids below
-        self.purls = []
         for key, value in json.items():
             if key in copy_attributes:
                 if snake_case:
@@ -188,7 +186,7 @@ def from_json(self, json, copy_attributes=list(), snake_case=True):
                         # 'package-url', but some use "purl", "purl.id", etc.
                         purls = self._parse_purls(id_value)
                         if len(purls):
-                            self.purls += purls
+                            self.purls.update(purls)
                             continue
                         self.external_ids[id_type] = id_value
                 else:
@@ -245,7 +243,7 @@ class Release(SW360Resource):
     def __init__(self, json=None, id_=None, parent=None, users={},
                  name=None, version=None, downloadurl=None, sw360=None, **kwargs):
         self.__setattrdefault__("external_ids", {})
-        self.__setattrdefault__("purls", [])
+        self.__setattrdefault__("purls", set())
         self.__setattrdefault__("attachments", {})
         self.__setattrdefault__("name", name)
         self.__setattrdefault__("version", version)
@@ -405,7 +403,7 @@ def __init__(self, json=None, id_=None, name=None, description=None,
         self.__setattrdefault__("releases", {})
         self.__setattrdefault__("attachments", {})
         self.__setattrdefault__("external_ids", {})
-        self.__setattrdefault__("purls", [])
+        self.__setattrdefault__("purls", set())
         self.__setattrdefault__("name", name)
         self.__setattrdefault__("description", description)
         self.__setattrdefault__("homepage", homepage)
@@ -489,7 +487,7 @@ def __init__(self, json=None, id_=None, users={},
         self.__setattrdefault__("projects", {})
         self.__setattrdefault__("attachments", {})
         self.__setattrdefault__("external_ids", {})
-        self.__setattrdefault__("purls", [])
+        self.__setattrdefault__("purls", set())
         self.__setattrdefault__("name", name)
         self.__setattrdefault__("version", version)
         self.__setattrdefault__("description", description)

tests/test_sw360obj_component.py

@@ -62,24 +62,39 @@ def test_get_component_with_purls(self):
                     'package-url': 'pkg:deb/debian/[email protected] pkg:deb/ubuntu/[email protected]'}})
         comp = Component.get(self.lib, "123")
         self.assertEqual(len(comp.purls), 2)
-        self.assertEqual(comp.purls[0].name, "acl")
+        for purl in comp.purls:
+            self.assertEqual(purl.name, "acl")
         self.assertNotIn("package-url", comp.external_ids)
 
+        responses.replace(
+            responses.GET,
+            SW360_BASE_URL + "components/123",
+            json={
+                'name': 'acl',
+                'somekey': 'value',
+                'externalIds': {
+                    'package-url': 'pkg:deb/ubuntu/[email protected]'}})
+        comp = Component.get(self.lib, "123")
+        self.assertEqual(len(comp.purls), 2)
+        self.assertNotIn("package-url", comp.external_ids)
+
+
     @responses.activate
     def test_get_component_invalid_purls(self):
         responses.add(
             responses.GET,
-            SW360_BASE_URL + "components/123",
+            SW360_BASE_URL + "components/122",
             json={
                 'name': 'acl',
                 'somekey': 'value',
                 'externalIds': {
                     'package-url': 'pkg:[email protected]',
                     'purl': 'pkg:deb/debian/[email protected]'}})
-        comp = Component.get(self.lib, "123")
+        comp = Component.get(self.lib, "122")
         self.assertEqual(len(comp.purls), 1)
         self.assertEqual(comp.external_ids['package-url'], 'pkg:[email protected]')
-        self.assertEqual(comp.purls[0].name, "acl")
+        for purl in comp.purls:
+            self.assertEqual(purl.name, "acl")
 
 
 if __name__ == "__main__":

tests/test_sw360obj_project.py

@@ -37,17 +37,17 @@ def test_get_project(self):
                 'version': '11.0',
                 '_embedded': {
                     'sw360:releases': [{
-                        'id': '7c4',
+                        'id': '7c3',
                         'name': 'acl',
                         'version': '2.2',
                         '_links': {'self': {
-                            'href': SW360_BASE_URL + 'releases/7c4'}}}]}})
+                            'href': SW360_BASE_URL + 'releases/7c3'}}},]}})
         proj = Project.get(self.lib, "123")
         self.assertEqual(proj.name, "MyProj")
         self.assertEqual(proj.version, "11.0")
         self.assertEqual(len(proj.releases), 1)
         self.assertEqual(len(proj.projects), 0)
-        self.assertIsNone(proj.releases["7c4"].parent.id)
+        self.assertIsNone(proj.releases["7c3"].parent)
 
         self.assertEqual(str(proj), "MyProj 11.0 (123)")
 
@@ -76,8 +76,9 @@ def test_get_project_purl_string(self):
                   'package-url': 'pkg:deb/debian/[email protected]?arch=source'}})
         proj = Project.get(self.lib, "123")
         self.assertEqual(len(proj.purls), 1)
-        self.assertEqual(proj.purls[0].name, "app")
-        self.assertEqual(proj.purls[0].version, "11.0-1")
+        purl = next(iter(proj.purls))
+        self.assertEqual(purl.name, "app")
+        self.assertEqual(purl.version, "11.0-1")
 
     @responses.activate
     def test_get_project_purl_invalid(self):

tests/test_sw360obj_release.py

@@ -11,6 +11,7 @@
 import unittest
 from tests.test_sw360obj_base import Sw360ObjTestBase, SW360_BASE_URL
 from sw360 import Release
+from packageurl import PackageURL
 
 
 class Sw360ObjTestRelease(Sw360ObjTestBase):
@@ -65,42 +66,41 @@ def test_get_release_extid(self):
     def test_get_release_purl_string(self):
         responses.add(
             responses.GET,
-            SW360_BASE_URL + "releases/123",
+            SW360_BASE_URL + "releases/113",
             json={
                 'name': 'acl',
                 'version': '1.4',
                 'externalIds': {
                   'package-url': 'pkg:deb/debian/[email protected]?arch=source'}})
-        r = Release.get(self.lib, "123")
+        r = Release.get(self.lib, "113")
         self.assertEqual(len(r.purls), 1)
-        self.assertEqual(r.purls[0].name, "linux")
-        self.assertEqual(r.purls[0].version, "4.19.98-1")
+        purl = next(iter(r.purls))
+        self.assertEqual(purl.name, "linux")
+        self.assertEqual(purl.version, "4.19.98-1")
 
-        r = Release.get(self.lib, "123")
+        r = Release.get(self.lib, "113")
         self.assertEqual(len(r.purls), 1)
 
         responses.replace(
             responses.GET,
-            SW360_BASE_URL + "releases/123",
+            SW360_BASE_URL + "releases/113",
             json={
                 'name': 'acl',
                 'version': '1.4'})
-        r = Release.get(self.lib, "123")
+        r = Release.get(self.lib, "113")
         self.assertEqual(len(r.purls), 1)
-        self.assertEqual(r.purls[0].name, "linux")
-        self.assertEqual(r.purls[0].version, "4.19.98-1")
 
     @responses.activate
     def test_get_release_purl_invalid(self):
         responses.add(
             responses.GET,
-            SW360_BASE_URL + "releases/123",
+            SW360_BASE_URL + "releases/120",
             json={
                 'name': 'acl',
                 'version': '1.4',
                 'externalIds': {
                   'package-url': 'pkg:huhu'}})
-        r = Release.get(self.lib, "123")
+        r = Release.get(self.lib, "120")
         self.assertEqual(len(r.purls), 0)
         self.assertEqual(r.external_ids["package-url"], "pkg:huhu")
 
@@ -118,8 +118,8 @@ def test_get_release_purl_array(self):
                     'pkg:deb/debian/[email protected]%2B1?arch=source']}})
         r = Release.get(self.lib, "123")
         self.assertEqual(len(r.purls), 2)
-        self.assertEqual(r.purls[1].name, "linux-signed-amd64")
-        self.assertEqual(r.purls[1].version, "4.19.98+1")
+        self.assertIn(PackageURL.from_string("pkg:deb/debian/linux@4.19.98-1?arch=source"), r.purls)
+        self.assertIn(PackageURL.from_string("pkg:deb/debian/linux-signed-amd64@4.19.98+1?arch=source"), r.purls)
 
     @responses.activate
     def test_get_release_purl_strarray(self):
@@ -135,8 +135,8 @@ def test_get_release_purl_strarray(self):
                                  ' "pkg:deb/debian/[email protected]%2B1?arch=source"]'}})
         r = Release.get(self.lib, "123")
         self.assertEqual(len(r.purls), 2)
-        self.assertEqual(r.purls[1].name, "linux-signed-amd64")
-        self.assertEqual(r.purls[1].version, "4.19.98+1")
+        self.assertIn(PackageURL.from_string("pkg:deb/debian/linux@4.19.98-1?arch=source"), r.purls)
+        self.assertIn(PackageURL.from_string("pkg:deb/debian/linux-signed-amd64@4.19.98+1?arch=source"), r.purls)
 
 
 if __name__ == "__main__":