oss/syft
2
0
Fork 0
mirror of https://github.com/anchore/syft.git synced 2025-11-17 08:23:15 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: typed nil hashes in cyclonedx

Browse Source 
Signed-off-by: Keith Zantow <kzantow@gmail.com>
This commit is contained in:
Keith Zantow 2025-02-24 20:46:46 -05:00
parent 46522bcc5d
commit 823723f510
No known key found for this signature in database
GPG Key ID: 735988DA57708682
1 changed files with 15 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
syft/format/common/cyclonedxhelpers/to_format_model.go
View File

@ -70,27 +70,16 @@ func ToFormatModel(s sbom.SBOM) *cyclonedx.BOM {
continue
}
metadata = &fileMetadata
// Digests
var digests []file.Digest
if digestsForLocation, exists := artifacts.FileDigests[coordinate]; exists {
digests = digestsForLocation
}
cdxHashes := digestsToHashes(digests)
components = append(components, cyclonedx.Component{
BOMRef: string(coordinate.ID()),
Type: cyclonedx.ComponentTypeFile,
Name: metadata.Path,
Hashes: &cdxHashes,
Hashes: slicePtr(digestsToHashes(artifacts.FileDigests[coordinate])),
})
}
cdxBOM.Components = &components
cdxBOM.Components = slicePtr(components)
dependencies := toDependencies(s.Relationships)
if len(dependencies) > 0 {
cdxBOM.Dependencies = &dependencies
}
cdxBOM.Dependencies = slicePtr(toDependencies(s.Relationships))
return cdxBOM
}
@ -277,14 +266,7 @@ func toDependencies(relationships []artifact.Relationship) []cyclonedx.Dependenc
func toBomProperties(srcMetadata source.Description) *[]cyclonedx.Property {
metadata, ok := srcMetadata.Metadata.(source.ImageMetadata)
if ok {
props := helpers.EncodeProperties(metadata.Labels, "syft:image:labels")
// return nil if props is nil to avoid creating a pointer to a nil slice,
// which results in a null JSON value that does not comply with the CycloneDX schema.
// https://github.com/anchore/grype/issues/1759
if props == nil {
return nil
}
return &props
return slicePtr(helpers.EncodeProperties(metadata.Labels, "syft:image:labels"))
}
return nil
}
@ -344,3 +326,14 @@ func toBomDescriptorComponent(srcMetadata source.Description) *cyclonedx.Compone
return nil
}
// Every slice pointer needs to either be a valid slice or nil,
// otherwise we will create a pointer that is not nil but references
// a nil slice, which results in a `null` JSON value that does not
// comply with the CycloneDX schema. See: https://github.com/anchore/grype/issues/1759
func slicePtr[T any](values []T) *[]T {
if len(values) == 0 {
return nil
}
return &values
}