oss/syft
2
0
Fork 0
mirror of https://github.com/anchore/syft.git synced 2026-02-14 11:36:42 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: add component list to prevent cyclone-dx panic (#1015)

Browse Source
This commit is contained in:
cpendery 2022-05-26 13:44:12 -04:00 committed by GitHub
parent 7cb8e1fc14
commit 6ccd460e59
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 15 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
internal/formats/common/cyclonedxhelpers/decoder.go
View File

@ -31,7 +31,9 @@ func GetValidator(format cyclonedx.BOMFileFormat) sbom.Validator {
func GetDecoder(format cyclonedx.BOMFileFormat) sbom.Decoder { func GetDecoder(format cyclonedx.BOMFileFormat) sbom.Decoder {
return func(reader io.Reader) (*sbom.SBOM, error) { return func(reader io.Reader) (*sbom.SBOM, error) {
bom := &cyclonedx.BOM{} bom := &cyclonedx.BOM{
Components: &[]cyclonedx.Component{},
}
err := cyclonedx.NewBOMDecoder(reader, format).Decode(bom) err := cyclonedx.NewBOMDecoder(reader, format).Decode(bom)
if err != nil { if err != nil {
return nil, err return nil, err

12
internal/formats/common/cyclonedxhelpers/decoder_test.go
View File

@ -1,6 +1,8 @@
package cyclonedxhelpers package cyclonedxhelpers
import ( import (
"bytes"
"encoding/json"
"fmt" "fmt"
"testing" "testing"
@ -283,3 +285,13 @@ func Test_missingDataDecode(t *testing.T) {
assert.Len(t, pkg.Licenses, 0) assert.Len(t, pkg.Licenses, 0)
} }
func Test_missingComponentsDecode(t *testing.T) {
bom := &cyclonedx.BOM{}
bomBytes, _ := json.Marshal(&bom)
decode := GetDecoder(cyclonedx.BOMFileFormatJSON)
_, err := decode(bytes.NewReader(bomBytes))
assert.NoError(t, err)
}