From a7db43f5ec159cad98d0298a2375ee1f4c397894 Mon Sep 17 00:00:00 2001
From: Dan Luhring <luhring@users.noreply.github.com>
Date: Thu, 24 Mar 2022 10:11:51 -0400
Subject: [PATCH] Fix panic on empty sbom (#917)

* Implement fmt.Stringer with format.ID

Signed-off-by: Dan Luhring <dan+github@luhrings.com>

* Add failing test for formats processing empty SBOMs

Signed-off-by: Dan Luhring <dan+github@luhrings.com>

* Account for nil SPDX document during Syft model conversion

Signed-off-by: Dan Luhring <dan+github@luhrings.com>
---
 .../common/spdxhelpers/to_syft_model.go       |  5 ++++
 syft/formats_test.go                          | 26 +++++++++++++++++++
 syft/sbom/format.go                           |  5 ++++
 3 files changed, 36 insertions(+)

diff --git a/internal/formats/common/spdxhelpers/to_syft_model.go b/internal/formats/common/spdxhelpers/to_syft_model.go
index 63ed039a8..ade236089 100644
--- a/internal/formats/common/spdxhelpers/to_syft_model.go
+++ b/internal/formats/common/spdxhelpers/to_syft_model.go
@@ -1,6 +1,7 @@
 package spdxhelpers
 
 import (
+	"errors"
 	"strconv"
 	"strings"
 
@@ -17,6 +18,10 @@ import (
 )
 
 func ToSyftModel(doc *spdx.Document2_2) (*sbom.SBOM, error) {
+	if doc == nil {
+		return nil, errors.New("cannot convert SPDX document to Syft model because document is nil")
+	}
+
 	spdxIDMap := make(map[string]interface{})
 
 	s := &sbom.SBOM{
diff --git a/syft/formats_test.go b/syft/formats_test.go
index f55dcce10..555fb08bd 100644
--- a/syft/formats_test.go
+++ b/syft/formats_test.go
@@ -1,6 +1,7 @@
 package syft
 
 import (
+	"bytes"
 	"io"
 	"os"
 	"testing"
@@ -41,6 +42,31 @@ func TestIdentify(t *testing.T) {
 	}
 }
 
+func TestFormats_EmptyInput(t *testing.T) {
+	for _, format := range formats {
+		t.Run(format.ID().String(), func(t *testing.T) {
+			t.Run("format.Decode", func(t *testing.T) {
+				input := bytes.NewReader(nil)
+
+				assert.NotPanics(t, func() {
+					decodedSBOM, err := format.Decode(input)
+					assert.Error(t, err)
+					assert.Nil(t, decodedSBOM)
+				})
+			})
+
+			t.Run("format.Validate", func(t *testing.T) {
+				input := bytes.NewReader(nil)
+
+				assert.NotPanics(t, func() {
+					err := format.Validate(input)
+					assert.Error(t, err)
+				})
+			})
+		})
+	}
+}
+
 func TestFormatByName(t *testing.T) {
 
 	tests := []struct {
diff --git a/syft/sbom/format.go b/syft/sbom/format.go
index abdf7b971..13cfa7848 100644
--- a/syft/sbom/format.go
+++ b/syft/sbom/format.go
@@ -13,6 +13,11 @@ var (
 
 type FormatID string
 
+// String returns a string representation of the FormatID.
+func (f FormatID) String() string {
+	return string(f)
+}
+
 type Format interface {
 	ID() FormatID
 	Encode(io.Writer, SBOM) error