oss/syft
2
0
Fork 0
mirror of https://github.com/anchore/syft.git synced 2025-11-17 16:33:21 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: allow valid cyclonedx input with no components (#1873)

Browse Source 
fix: allow valid cyclonedx input with no components
---------

Signed-off-by: James Neate <jamesmneate@gmail.com>
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>
This commit is contained in:
James Neate 2023-07-11 18:56:36 +01:00 committed by GitHub
parent 72616db81f
commit 5a7c200911
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
syft/formats/common/cyclonedxhelpers/decoder.go
View File

@ -3,6 +3,7 @@ package cyclonedxhelpers
import (
"fmt"
"io"
"strings"
"github.com/CycloneDX/cyclonedx-go"
@ -15,6 +16,8 @@ import (
"github.com/anchore/syft/syft/source"
)
const cycloneDXXmlSchema = "http://cyclonedx.org/schema/bom"
func GetValidator(format cyclonedx.BOMFileFormat) sbom.Validator {
return func(reader io.Reader) error {
bom := &cyclonedx.BOM{}
@ -22,8 +25,9 @@ func GetValidator(format cyclonedx.BOMFileFormat) sbom.Validator {
if err != nil {
return err
}
// random JSON does not necessarily cause an error (e.g. SPDX)
if (cyclonedx.BOM{} == *bom || bom.Components == nil) {
xmlWithoutNS := format == cyclonedx.BOMFileFormatXML && !strings.Contains(bom.XMLNS, cycloneDXXmlSchema)
if (cyclonedx.BOM{} == *bom || bom.Components == nil || xmlWithoutNS) {
return fmt.Errorf("not a valid CycloneDX document")
}
return nil