Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error while converting sbom xml to csv file. #152

Closed
Swapnil-CSI opened this issue Jul 12, 2021 · 6 comments
Closed

Error while converting sbom xml to csv file. #152

Swapnil-CSI opened this issue Jul 12, 2021 · 6 comments

Comments

@Swapnil-CSI
Copy link

Swapnil-CSI commented Jul 12, 2021
edited
Loading

I am receiving the below error while converting XML/JSON sbom to CSV file. I have used cdxgen tool to generate sbom XML file.

[swapnil@bharshankar console-browserify]$ cdxgen --type node.js --recurse --output console-browserify-sbom.xml
BOM file written to console-browserify-sbom.xml
[swapnil@bharshankar console-browserify]$
[swapnil@bharshankar console-browserify]$ cyclonedx-cli convert --input-file console-browserify-sbom.xml --output-file console-browserify-sbom.csv
Unhandled exception: System.InvalidOperationException: There is an error in XML document (2, 2).
 ---> System.InvalidOperationException: <bom xmlns='http://cyclonedx.org/schema/bom/1.2'> was not expected.
   at Microsoft.Xml.Serialization.GeneratedAssembly.XmlSerializationReaderBom.Read10_bom()
   --- End of inner exception stack trace ---
   at System.Xml.Serialization.XmlSerializer.Deserialize(XmlReader xmlReader, String encodingStyle, XmlDeserializationEvents events)
   at System.Xml.Serialization.XmlSerializer.Deserialize(XmlReader xmlReader, String encodingStyle)
   at System.Xml.Serialization.XmlSerializer.Deserialize(Stream stream)
   at CycloneDX.Xml.Deserializer.Deserialize_v1_0(Stream stream)
   at CycloneDX.Xml.Deserializer.Deserialize(Stream stream)
   at CycloneDX.CLI.CLIUtils.BomDeserializer(Stream bomStream, BomFormat format)
   at CycloneDX.CLI.Program.Convert(String inputFile, String outputFile, InputFormat inputFormat, ConvertOutputFormat outputFormat)
   at System.CommandLine.Invocation.CommandHandler.GetResultCodeAsync(Object value, InvocationContext context)
   at System.CommandLine.Invocation.ModelBindingCommandHandler.InvokeAsync(InvocationContext context)
   at System.CommandLine.Invocation.InvocationPipeline.<>c__DisplayClass4_0.<<BuildInvocationChain>b__0>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c.<<UseParseErrorReporting>b__21_0>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass16_0.<<UseHelp>b__0>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass25_0.<<UseVersionOption>b__0>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass23_0.<<UseTypoCorrections>b__0>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c.<<UseSuggestDirective>b__22_0>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c.<<UseParseDirective>b__20_0>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c.<<UseDebugDirective>b__11_0>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c.<<RegisterWithDotnetSuggest>b__10_0>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass14_0.<<UseExceptionHandler>b__0>d.MoveNext()
[swapnil@bharshankar console-browserify]$

Please refer attached sbom xml file.
console-browserify-sbom.zip

Tools version:

3.0.7
[swapnil@bharshankar console-browserify]$ cyclonedx-cli --version
0.16.0
[swapnil@bharshankar console-browserify]$
@coderpatros coderpatros mentioned this issue Jul 12, 2021
Closed
@coderpatros
Copy link
Member

Hi @Swapnil-CSI, I should improve that output.

I've raised an issue for cdxgen. In this case it is generating output that doesn't conform to the spec.

CycloneDX/cdxgen#65

@coderpatros
Copy link
Member

Fixed in cdxgen 3.0.9

@Swapnil-CSI
Copy link
Author

Hi @coderpatros, I have updated the cdxgen to 3.0.9, But I still see the same issue. Please refer attached console output.

[swapnil@bharshankar console-browserify]$ echo $FETCH_LICENSE
true
[swapnil@bharshankar console-browserify]$ cdxgen  -t node.js  --recurse   -o  console-browserify-sbom.xml
BOM file written to console-browserify-sbom.xml
[swapnil@bharshankar console-browserify]$ cyclonedx-cli convert --input-file console-browserify-sbom.xml --output-file console-browserify-sbom.csv
Unhandled exception: System.InvalidOperationException: There is an error in XML document (2, 2).
 ---> System.InvalidOperationException: <bom xmlns='http://cyclonedx.org/schema/bom/1.2'> was not expected.
   at Microsoft.Xml.Serialization.GeneratedAssembly.XmlSerializationReaderBom.Read10_bom()
   --- End of inner exception stack trace ---
   at System.Xml.Serialization.XmlSerializer.Deserialize(XmlReader xmlReader, String encodingStyle, XmlDeserializationEvents events)
   at System.Xml.Serialization.XmlSerializer.Deserialize(XmlReader xmlReader, String encodingStyle)
   at System.Xml.Serialization.XmlSerializer.Deserialize(Stream stream)
   at CycloneDX.Xml.Deserializer.Deserialize_v1_0(Stream stream)
   at CycloneDX.Xml.Deserializer.Deserialize(Stream stream)
   at CycloneDX.CLI.CLIUtils.BomDeserializer(Stream bomStream, BomFormat format)
   at CycloneDX.CLI.Program.Convert(String inputFile, String outputFile, InputFormat inputFormat, ConvertOutputFormat outputFormat)
   at System.CommandLine.Invocation.CommandHandler.GetResultCodeAsync(Object value, InvocationContext context)
   at System.CommandLine.Invocation.ModelBindingCommandHandler.InvokeAsync(InvocationContext context)
   at System.CommandLine.Invocation.InvocationPipeline.<>c__DisplayClass4_0.<<BuildInvocationChain>b__0>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c.<<UseParseErrorReporting>b__21_0>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass16_0.<<UseHelp>b__0>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass25_0.<<UseVersionOption>b__0>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass23_0.<<UseTypoCorrections>b__0>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c.<<UseSuggestDirective>b__22_0>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c.<<UseParseDirective>b__20_0>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c.<<UseDebugDirective>b__11_0>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c.<<RegisterWithDotnetSuggest>b__10_0>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass14_0.<<UseExceptionHandler>b__0>d.MoveNext()
[swapnil@bharshankar console-browserify]$

console-browserify-sbom.zip

Tools version:

[swapnil@bharshankar console-browserify]$ cdxgen --version
3.0.9
[swapnil@bharshankar console-browserify]$ cyclonedx --version
0.16.0
[swapnil@bharshankar console-browserify]$

@coderpatros coderpatros reopened this Jul 14, 2021
@coderpatros
Copy link
Member

If you validate the BOM first it should tell you where the document is formatted incorrectly

dotnet run -- validate --input-file console-browserify-sbom.xml --input-format xml_v1_2
Validating XML BOM...
Validation failed at line number 36 and position 14: The element 'http://cyclonedx.org/schema/bom/1.2:url' cannot contain child element 'http://cyclonedx.org/schema/bom/1.2:url' because the parent element's content model is text only.
BOM validated successfully.

Looking at that line the URL element is nested for some reason which isn't correct

        <reference type="website">
          <url>
            <url>https://github.com/davidchambers/Base64.js#readme</url>
          </url>
        </reference>

@Swapnil-CSI
Copy link
Author

Is that cdxgen issue ?

@coderpatros
Copy link
Member

Yeah, that's invalid output

This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@coderpatros @Swapnil-CSI