fix

Signed-off-by: Jan Kowalleck <[email protected]>

cyclonedx/serialization/__init__.py

@@ -91,9 +91,10 @@ def deserialize(cls, o: object) -> SortedSet[LicenseChoice]:
 
     @classmethod
     def serialize(cls, o: object) -> List[LicenseChoice]:
+        # need to call `list(o)`, because `o` could be any iterable.
         licenses: List[LicenseChoice] = list(o)  # type: ignore[call-overload]
         if len(licenses) > 1:
-            expression = next(license for license in licenses if license.expression)
+            expression = next((l for l in licenses if l.expression), None)
             if expression:
                 warnings.warn(
                     f'Licenses: found an expression {expression!r}, dropping the rest of: {licenses!r}',

tests/fixtures/json/1.2/regression365_expression-preferred.json

@@ -0,0 +1 @@
+{"components": [{"bom-ref": "testing", "licenses": [{"expression": "(Apache-2.0 OR MIT)"}], "name": "expression-preferred", "type": "library", "version": ""}], "dependencies": [{"ref": "testing"}], "metadata": {"timestamp": "2022-06-15T13:09:38+00:00", "tools": [{"name": "cyclonedx-python-lib", "vendor": "CycloneDX", "version": "4.0.0"}]}, "serialNumber": "urn:uuid:66f6f3d4-0d24-4db3-b69c-bd547be9b0d3", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.2b.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.2"}

tests/fixtures/json/1.2/regression365_multiple-licenses.json

@@ -0,0 +1 @@
+{"components": [{"bom-ref": "testing", "licenses": [{"license": {"id": "Apache-2.0", "text": {"content": "VGVzdCBjb250ZW50IC0gdGhpcyBpcyBub3QgdGhlIEFwYWNoZSAyLjAgbGljZW5zZSE=", "contentType": "text/plain", "encoding": "base64"}, "url": "https://www.apache.org/licenses/LICENSE-2.0.txt"}}, {"license": {"name": "OSI_APACHE"}}], "name": "multiple-licenses", "type": "library", "version": ""}], "dependencies": [{"ref": "testing"}], "metadata": {"timestamp": "2022-06-15T13:05:12+00:00", "tools": [{"name": "cyclonedx-python-lib", "vendor": "CycloneDX", "version": "4.0.0"}]}, "serialNumber": "urn:uuid:92f71d34-625a-4497-9891-3333c56a7af1", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.2b.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.2"}

tests/fixtures/json/1.3/regression365_expression-preferred.json

@@ -0,0 +1 @@
+{"components": [{"bom-ref": "testing", "licenses": [{"expression": "(Apache-2.0 OR MIT)"}], "name": "expression-preferred", "type": "library", "version": ""}], "dependencies": [{"ref": "testing"}], "metadata": {"timestamp": "2022-06-15T13:09:38+00:00", "tools": [{"name": "cyclonedx-python-lib", "vendor": "CycloneDX", "version": "4.0.0"}]}, "serialNumber": "urn:uuid:66f6f3d4-0d24-4db3-b69c-bd547be9b0d3", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.3a.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.3"}

tests/fixtures/json/1.3/regression365_multiple-licenses.json

@@ -0,0 +1 @@
+{"components": [{"bom-ref": "testing", "licenses": [{"license": {"id": "Apache-2.0", "text": {"content": "VGVzdCBjb250ZW50IC0gdGhpcyBpcyBub3QgdGhlIEFwYWNoZSAyLjAgbGljZW5zZSE=", "contentType": "text/plain", "encoding": "base64"}, "url": "https://www.apache.org/licenses/LICENSE-2.0.txt"}}, {"license": {"name": "OSI_APACHE"}}], "name": "multiple-licenses", "type": "library", "version": ""}], "dependencies": [{"ref": "testing"}], "metadata": {"timestamp": "2022-06-15T13:05:12+00:00", "tools": [{"name": "cyclonedx-python-lib", "vendor": "CycloneDX", "version": "4.0.0"}]}, "serialNumber": "urn:uuid:92f71d34-625a-4497-9891-3333c56a7af1", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.3a.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.3"}

tests/fixtures/json/1.4/regression365_expression-preferred.json

@@ -0,0 +1 @@
+{"components": [{"bom-ref": "testing", "licenses": [{"expression": "(Apache-2.0 OR MIT)"}], "name": "expression-preferred", "type": "library"}], "dependencies": [{"ref": "testing"}], "metadata": {"timestamp": "2022-06-15T13:09:38+00:00", "tools": [{"externalReferences": [{"type": "build-system", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/actions"}, {"type": "distribution", "url": "https://pypi.org/project/cyclonedx-python-lib/"}, {"type": "documentation", "url": "https://cyclonedx.github.io/cyclonedx-python-lib/"}, {"type": "issue-tracker", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/issues"}, {"type": "license", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/LICENSE"}, {"type": "release-notes", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/CHANGELOG.md"}, {"type": "vcs", "url": "https://github.com/CycloneDX/cyclonedx-python-lib"}, {"type": "website", "url": "https://cyclonedx.org"}], "name": "cyclonedx-python-lib", "vendor": "CycloneDX", "version": "4.0.0"}]}, "serialNumber": "urn:uuid:66f6f3d4-0d24-4db3-b69c-bd547be9b0d3", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.4"}

tests/fixtures/json/1.4/regression365_multiple-licenses.json

@@ -0,0 +1 @@
+{"components": [{"bom-ref": "testing", "licenses": [{"license": {"id": "Apache-2.0", "text": {"content": "VGVzdCBjb250ZW50IC0gdGhpcyBpcyBub3QgdGhlIEFwYWNoZSAyLjAgbGljZW5zZSE=", "contentType": "text/plain", "encoding": "base64"}, "url": "https://www.apache.org/licenses/LICENSE-2.0.txt"}}, {"license": {"name": "OSI_APACHE"}}], "name": "multiple-licenses", "type": "library"}], "dependencies": [{"ref": "testing"}], "metadata": {"timestamp": "2022-06-15T13:05:12+00:00", "tools": [{"externalReferences": [{"type": "build-system", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/actions"}, {"type": "distribution", "url": "https://pypi.org/project/cyclonedx-python-lib/"}, {"type": "documentation", "url": "https://cyclonedx.github.io/cyclonedx-python-lib/"}, {"type": "issue-tracker", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/issues"}, {"type": "license", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/LICENSE"}, {"type": "release-notes", "url": "https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/CHANGELOG.md"}, {"type": "vcs", "url": "https://github.com/CycloneDX/cyclonedx-python-lib"}, {"type": "website", "url": "https://cyclonedx.org"}], "name": "cyclonedx-python-lib", "vendor": "CycloneDX", "version": "4.0.0"}]}, "serialNumber": "urn:uuid:92f71d34-625a-4497-9891-3333c56a7af1", "version": 1, "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.4"}

tests/fixtures/xml/1.0/regression365_expression-preferred.xml

@@ -0,0 +1 @@
+<?xml version="1.0" encoding="UTF-8"?><ns0:bom xmlns:ns0="http://cyclonedx.org/schema/bom/1.0" version="1"><ns0:components><ns0:component type="library"><ns0:name>expression-preferred</ns0:name><ns0:version /><ns0:modified>false</ns0:modified></ns0:component></ns0:components></ns0:bom>

tests/fixtures/xml/1.0/regression365_multiple-licenses.xml

@@ -0,0 +1 @@
+<?xml version="1.0" encoding="UTF-8"?><ns0:bom xmlns:ns0="http://cyclonedx.org/schema/bom/1.0" version="1"><ns0:components><ns0:component type="library"><ns0:name>multiple-licenses</ns0:name><ns0:version /><ns0:modified>false</ns0:modified></ns0:component></ns0:components></ns0:bom>

tests/fixtures/xml/1.1/regression365_expression-preferred.xml

@@ -0,0 +1 @@
+<?xml version="1.0" encoding="UTF-8"?><ns0:bom xmlns:ns0="http://cyclonedx.org/schema/bom/1.1" serialNumber="urn:uuid:66f6f3d4-0d24-4db3-b69c-bd547be9b0d3" version="1"><ns0:components><ns0:component type="library" bom-ref="testing"><ns0:name>expression-preferred</ns0:name><ns0:version /><ns0:licenses><ns0:license><ns0:id>Apache-2.0</ns0:id><ns0:text content-type="text/plain" encoding="base64">VGVzdCBjb250ZW50IC0gdGhpcyBpcyBub3QgdGhlIEFwYWNoZSAyLjAgbGljZW5zZSE=</ns0:text><ns0:url>https://www.apache.org/licenses/LICENSE-2.0.txt</ns0:url></ns0:license></ns0:licenses><ns0:licenses><ns0:license><ns0:name>OSI_APACHE</ns0:name></ns0:license></ns0:licenses><ns0:licenses><ns0:expression>(Apache-2.0 OR MIT)</ns0:expression></ns0:licenses></ns0:component></ns0:components></ns0:bom>

tests/fixtures/xml/1.1/regression365_multiple-licenses.xml

@@ -0,0 +1 @@
+<?xml version="1.0" encoding="UTF-8"?><ns0:bom xmlns:ns0="http://cyclonedx.org/schema/bom/1.1" serialNumber="urn:uuid:92f71d34-625a-4497-9891-3333c56a7af1" version="1"><ns0:components><ns0:component type="library" bom-ref="testing"><ns0:name>multiple-licenses</ns0:name><ns0:version /><ns0:licenses><ns0:license><ns0:id>Apache-2.0</ns0:id><ns0:text content-type="text/plain" encoding="base64">VGVzdCBjb250ZW50IC0gdGhpcyBpcyBub3QgdGhlIEFwYWNoZSAyLjAgbGljZW5zZSE=</ns0:text><ns0:url>https://www.apache.org/licenses/LICENSE-2.0.txt</ns0:url></ns0:license></ns0:licenses><ns0:licenses><ns0:license><ns0:name>OSI_APACHE</ns0:name></ns0:license></ns0:licenses></ns0:component></ns0:components></ns0:bom>

tests/fixtures/xml/1.2/regression365_expression-preferred.xml

@@ -0,0 +1 @@
+<?xml version="1.0" encoding="UTF-8"?><ns0:bom xmlns:ns0="http://cyclonedx.org/schema/bom/1.2" serialNumber="urn:uuid:66f6f3d4-0d24-4db3-b69c-bd547be9b0d3" version="1"><ns0:metadata><ns0:timestamp>2022-06-15T13:09:38+00:00</ns0:timestamp><ns0:tools><ns0:tool><ns0:vendor>CycloneDX</ns0:vendor><ns0:name>cyclonedx-python-lib</ns0:name><ns0:version>4.0.0</ns0:version></ns0:tool></ns0:tools></ns0:metadata><ns0:components><ns0:component type="library" bom-ref="testing"><ns0:name>expression-preferred</ns0:name><ns0:version /><ns0:licenses><ns0:license><ns0:id>Apache-2.0</ns0:id><ns0:text content-type="text/plain" encoding="base64">VGVzdCBjb250ZW50IC0gdGhpcyBpcyBub3QgdGhlIEFwYWNoZSAyLjAgbGljZW5zZSE=</ns0:text><ns0:url>https://www.apache.org/licenses/LICENSE-2.0.txt</ns0:url></ns0:license></ns0:licenses><ns0:licenses><ns0:license><ns0:name>OSI_APACHE</ns0:name></ns0:license></ns0:licenses><ns0:licenses><ns0:expression>(Apache-2.0 OR MIT)</ns0:expression></ns0:licenses></ns0:component></ns0:components><ns0:dependencies><ns0:dependency ref="testing" /></ns0:dependencies></ns0:bom>

tests/fixtures/xml/1.2/regression365_multiple-licenses.xml

@@ -0,0 +1 @@
+<?xml version="1.0" encoding="UTF-8"?><ns0:bom xmlns:ns0="http://cyclonedx.org/schema/bom/1.2" serialNumber="urn:uuid:92f71d34-625a-4497-9891-3333c56a7af1" version="1"><ns0:metadata><ns0:timestamp>2022-06-15T13:05:12+00:00</ns0:timestamp><ns0:tools><ns0:tool><ns0:vendor>CycloneDX</ns0:vendor><ns0:name>cyclonedx-python-lib</ns0:name><ns0:version>4.0.0</ns0:version></ns0:tool></ns0:tools></ns0:metadata><ns0:components><ns0:component type="library" bom-ref="testing"><ns0:name>multiple-licenses</ns0:name><ns0:version /><ns0:licenses><ns0:license><ns0:id>Apache-2.0</ns0:id><ns0:text content-type="text/plain" encoding="base64">VGVzdCBjb250ZW50IC0gdGhpcyBpcyBub3QgdGhlIEFwYWNoZSAyLjAgbGljZW5zZSE=</ns0:text><ns0:url>https://www.apache.org/licenses/LICENSE-2.0.txt</ns0:url></ns0:license></ns0:licenses><ns0:licenses><ns0:license><ns0:name>OSI_APACHE</ns0:name></ns0:license></ns0:licenses></ns0:component></ns0:components><ns0:dependencies><ns0:dependency ref="testing" /></ns0:dependencies></ns0:bom>

tests/fixtures/xml/1.3/regression365_expression-preferred.xml

@@ -0,0 +1 @@
+<?xml version="1.0" encoding="UTF-8"?><ns0:bom xmlns:ns0="http://cyclonedx.org/schema/bom/1.3" serialNumber="urn:uuid:66f6f3d4-0d24-4db3-b69c-bd547be9b0d3" version="1"><ns0:metadata><ns0:timestamp>2022-06-15T13:09:38+00:00</ns0:timestamp><ns0:tools><ns0:tool><ns0:vendor>CycloneDX</ns0:vendor><ns0:name>cyclonedx-python-lib</ns0:name><ns0:version>4.0.0</ns0:version></ns0:tool></ns0:tools></ns0:metadata><ns0:components><ns0:component type="library" bom-ref="testing"><ns0:name>expression-preferred</ns0:name><ns0:version /><ns0:licenses><ns0:license><ns0:id>Apache-2.0</ns0:id><ns0:text content-type="text/plain" encoding="base64">VGVzdCBjb250ZW50IC0gdGhpcyBpcyBub3QgdGhlIEFwYWNoZSAyLjAgbGljZW5zZSE=</ns0:text><ns0:url>https://www.apache.org/licenses/LICENSE-2.0.txt</ns0:url></ns0:license></ns0:licenses><ns0:licenses><ns0:license><ns0:name>OSI_APACHE</ns0:name></ns0:license></ns0:licenses><ns0:licenses><ns0:expression>(Apache-2.0 OR MIT)</ns0:expression></ns0:licenses></ns0:component></ns0:components><ns0:dependencies><ns0:dependency ref="testing" /></ns0:dependencies></ns0:bom>

tests/fixtures/xml/1.3/regression365_multiple-licenses.xml

@@ -0,0 +1 @@
+<?xml version="1.0" encoding="UTF-8"?><ns0:bom xmlns:ns0="http://cyclonedx.org/schema/bom/1.3" serialNumber="urn:uuid:92f71d34-625a-4497-9891-3333c56a7af1" version="1"><ns0:metadata><ns0:timestamp>2022-06-15T13:05:12+00:00</ns0:timestamp><ns0:tools><ns0:tool><ns0:vendor>CycloneDX</ns0:vendor><ns0:name>cyclonedx-python-lib</ns0:name><ns0:version>4.0.0</ns0:version></ns0:tool></ns0:tools></ns0:metadata><ns0:components><ns0:component type="library" bom-ref="testing"><ns0:name>multiple-licenses</ns0:name><ns0:version /><ns0:licenses><ns0:license><ns0:id>Apache-2.0</ns0:id><ns0:text content-type="text/plain" encoding="base64">VGVzdCBjb250ZW50IC0gdGhpcyBpcyBub3QgdGhlIEFwYWNoZSAyLjAgbGljZW5zZSE=</ns0:text><ns0:url>https://www.apache.org/licenses/LICENSE-2.0.txt</ns0:url></ns0:license></ns0:licenses><ns0:licenses><ns0:license><ns0:name>OSI_APACHE</ns0:name></ns0:license></ns0:licenses></ns0:component></ns0:components><ns0:dependencies><ns0:dependency ref="testing" /></ns0:dependencies></ns0:bom>

tests/fixtures/xml/1.4/regression365_expression-preferred.xml

@@ -0,0 +1 @@
+<?xml version="1.0" encoding="UTF-8"?><ns0:bom xmlns:ns0="http://cyclonedx.org/schema/bom/1.4" serialNumber="urn:uuid:66f6f3d4-0d24-4db3-b69c-bd547be9b0d3" version="1"><ns0:metadata><ns0:timestamp>2022-06-15T13:09:38+00:00</ns0:timestamp><ns0:tools><ns0:tool><ns0:vendor>CycloneDX</ns0:vendor><ns0:name>cyclonedx-python-lib</ns0:name><ns0:version>4.0.0</ns0:version><ns0:externalReferences><ns0:reference type="build-system"><ns0:url>https://github.com/CycloneDX/cyclonedx-python-lib/actions</ns0:url></ns0:reference><ns0:reference type="distribution"><ns0:url>https://pypi.org/project/cyclonedx-python-lib/</ns0:url></ns0:reference><ns0:reference type="documentation"><ns0:url>https://cyclonedx.github.io/cyclonedx-python-lib/</ns0:url></ns0:reference><ns0:reference type="issue-tracker"><ns0:url>https://github.com/CycloneDX/cyclonedx-python-lib/issues</ns0:url></ns0:reference><ns0:reference type="license"><ns0:url>https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/LICENSE</ns0:url></ns0:reference><ns0:reference type="release-notes"><ns0:url>https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/CHANGELOG.md</ns0:url></ns0:reference><ns0:reference type="vcs"><ns0:url>https://github.com/CycloneDX/cyclonedx-python-lib</ns0:url></ns0:reference><ns0:reference type="website"><ns0:url>https://cyclonedx.org</ns0:url></ns0:reference></ns0:externalReferences></ns0:tool></ns0:tools></ns0:metadata><ns0:components><ns0:component type="library" bom-ref="testing"><ns0:name>expression-preferred</ns0:name><ns0:licenses><ns0:license><ns0:id>Apache-2.0</ns0:id><ns0:text content-type="text/plain" encoding="base64">VGVzdCBjb250ZW50IC0gdGhpcyBpcyBub3QgdGhlIEFwYWNoZSAyLjAgbGljZW5zZSE=</ns0:text><ns0:url>https://www.apache.org/licenses/LICENSE-2.0.txt</ns0:url></ns0:license></ns0:licenses><ns0:licenses><ns0:license><ns0:name>OSI_APACHE</ns0:name></ns0:license></ns0:licenses><ns0:licenses><ns0:expression>(Apache-2.0 OR MIT)</ns0:expression></ns0:licenses></ns0:component></ns0:components><ns0:dependencies><ns0:dependency ref="testing" /></ns0:dependencies></ns0:bom>

tests/fixtures/xml/1.4/regression365_multiple-licenses.xml

@@ -0,0 +1 @@
+<?xml version="1.0" encoding="UTF-8"?><ns0:bom xmlns:ns0="http://cyclonedx.org/schema/bom/1.4" serialNumber="urn:uuid:92f71d34-625a-4497-9891-3333c56a7af1" version="1"><ns0:metadata><ns0:timestamp>2022-06-15T13:05:12+00:00</ns0:timestamp><ns0:tools><ns0:tool><ns0:vendor>CycloneDX</ns0:vendor><ns0:name>cyclonedx-python-lib</ns0:name><ns0:version>4.0.0</ns0:version><ns0:externalReferences><ns0:reference type="build-system"><ns0:url>https://github.com/CycloneDX/cyclonedx-python-lib/actions</ns0:url></ns0:reference><ns0:reference type="distribution"><ns0:url>https://pypi.org/project/cyclonedx-python-lib/</ns0:url></ns0:reference><ns0:reference type="documentation"><ns0:url>https://cyclonedx.github.io/cyclonedx-python-lib/</ns0:url></ns0:reference><ns0:reference type="issue-tracker"><ns0:url>https://github.com/CycloneDX/cyclonedx-python-lib/issues</ns0:url></ns0:reference><ns0:reference type="license"><ns0:url>https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/LICENSE</ns0:url></ns0:reference><ns0:reference type="release-notes"><ns0:url>https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/CHANGELOG.md</ns0:url></ns0:reference><ns0:reference type="vcs"><ns0:url>https://github.com/CycloneDX/cyclonedx-python-lib</ns0:url></ns0:reference><ns0:reference type="website"><ns0:url>https://cyclonedx.org</ns0:url></ns0:reference></ns0:externalReferences></ns0:tool></ns0:tools></ns0:metadata><ns0:components><ns0:component type="library" bom-ref="testing"><ns0:name>multiple-licenses</ns0:name><ns0:licenses><ns0:license><ns0:id>Apache-2.0</ns0:id><ns0:text content-type="text/plain" encoding="base64">VGVzdCBjb250ZW50IC0gdGhpcyBpcyBub3QgdGhlIEFwYWNoZSAyLjAgbGljZW5zZSE=</ns0:text><ns0:url>https://www.apache.org/licenses/LICENSE-2.0.txt</ns0:url></ns0:license></ns0:licenses><ns0:licenses><ns0:license><ns0:name>OSI_APACHE</ns0:name></ns0:license></ns0:licenses></ns0:component></ns0:components><ns0:dependencies><ns0:dependency ref="testing" /></ns0:dependencies></ns0:bom>