feat: support PEP639 license strings

[schlenk]

Describe the bug

An AttributeError is raised by pep621.py, because it tries to use 'get()' on a str value, when parsing the license string from a pyproject.toml file given with --pyproject while also using the --pep639 switch.

To Reproduce

Use a pyproject.toml file with 'license' being just a string, not a table.

See note in https://packaging.python.org/en/latest/guides/writing-pyproject-toml/#license-and-license-files about the fact that it was a table in PEP 621 but changed to string in PEP 639)

e.g. a pyproject.toml with a PEP 639 license entry like this.

[project]
name = "platform"
dynamic = ["version"]
description = "Platform"
readme = {file = "README.md", content-type = "text/markdown"}
license = "LicenseRef-Platform-Software-General-1.0"
license-files = []

Expected behavior

No error, handle PEP 639 format (especially when --pep639 is explicitly given on the command line).

Screenshots or output-paste

Commandline was:

sbom/Scripts/cyclonedx-py environment --output-format=xml --schema-version=1.5 --output-reproducible --output-file=".sboms/py.bom.xml" --pyproject="./pyproject.toml" --PEP-639 --gather-license-texts -vvv

Output:

DEBUG    | CDX > Error: 'str' object has no attribute 'get'
Traceback (most recent call last):
  File "C:\code\repos\platform\sbom\Lib\site-packages\cyclonedx_py\_internal\cli.py", line 289, in run
    Command(**args, logger=logger)(**args)
  File "C:\code\repos\platform\sbom\Lib\site-packages\cyclonedx_py\_internal\cli.py", line 251, in __call__
    bom = self._make_bom(**kwargs)
          ^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\code\repos\platform\sbom\Lib\site-packages\cyclonedx_py\_internal\cli.py", line 246, in _make_bom
    return self._bbc(**self._clean_kwargs(kwargs))
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\code\repos\platform\sbom\Lib\site-packages\cyclonedx_py\_internal\environment.py", line 154, in __call__
    root_c = pyproject2component(pyproject, ctype=mc_type, fpath=pyproject_file)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\code\repos\platform\sbom\Lib\site-packages\cyclonedx_py\_internal\utils\pyproject.py", line 40, in pyproject2component
    return project2component(project, ctype=ctype, fpath=fpath)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\code\repos\platform\sbom\Lib\site-packages\cyclonedx_py\_internal\utils\pep621.py", line 113, in project2component
    licenses=licenses_fixup(project2licenses(project, LicenseFactory(), fpath=fpath)),
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\code\repos\platform\sbom\Lib\site-packages\cyclonedx_py\_internal\utils\cdx.py", line 99, in licenses_fixup
    licenses = set(licenses)
               ^^^^^^^^^^^^^
  File "C:\code\repos\platform\sbom\Lib\site-packages\cyclonedx_py\_internal\utils\pep621.py", line 81, in project2licenses
    elif len(plicense_text := plicense.get('text', '')) > 0:
                              ^^^^^^^^^^^^
AttributeError: 'str' object has no attribute 'get'
CRITICAL | CDX > 'str' object has no attribute 'get'

Environment

• cyclonedx-py version: 6.1.1
• Python version: 3.11.0
• OS: Win 10

Additional context

Contribution

• I am willing to provide a fix
• I will wait until somebody else fixes it

[jkowalleck]

not a bug. a feature request.

[jkowalleck]

feel free to donate this feature.
please follow our contribution guidelines: https://github.com/CycloneDX/cyclonedx-python/blob/main/CONTRIBUTING.md
please add test cases for the new PEP639

[jkowalleck]

reminder: the implementation of PEP639 in this tool was done before the PEP was finalized. therefore, it is not complete

• see feat!: finalize and enable PEP-639 der default #843

[jkowalleck]

now that #920 is merged,
feel free to contribute the missing feature

[jkowalleck]

I intend to work on a solution for this