Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BUG: arbitrary dict comparison causes issues #598

Closed
jkowalleck opened this issue Apr 25, 2024 · 3 comments · Fixed by #599
Closed

BUG: arbitrary dict comparison causes issues #598

jkowalleck opened this issue Apr 25, 2024 · 3 comments · Fixed by #599
Assignees
@jkowalleck
Labels
bug Something isn't working

Comments

@jkowalleck
Copy link
Member

jkowalleck commented Apr 25, 2024
edited
Loading

dict comparison causes issues.

this is new in v7.3.1, did not happen with v7.3.0

  

  File "/.../.venv/lib/python3.11/site-packages/sortedcontainers/sortedset.py", line 359, in add
    self._list.add(value)
  File "/.../.venv/lib/python3.11/site-packages/sortedcontainers/sortedlist.py", line 279, in add
    insort(_lists[pos], value)
  File "/.../.venv/lib/python3.11/site-packages/cyclonedx/model/component.py", line 1701, in __lt__
    return _ComparableTuple((
           ^^^^^^^^^^^^^^^^^^
  File "/.../.venv/lib/python3.11/site-packages/cyclonedx/_internal/compare.py", line 41, in __lt__
    return True if s < o else False
                   ^^^^^
TypeError: '<' not supported between instances of 'dict' and 'dict'
CRITICAL | CDX > '<' not supported between instances of 'dict' and 'dict'

v7.3.1 introduced a feature, and hide it as a bug fix ...
anyway, the v7.3.1 SHOULD be yanked, and a fixed version must be released.
@jkowalleck jkowalleck added the bug Something isn't working label Apr 25, 2024
@jkowalleck
Copy link
Member Author 

o = PackageURL(type='pypi', namespace=None, name='pathlib2', version='2.3.5', qualifiers={}, subpath=None)
s = PackageURL(type='pypi', namespace=None, name='pathlib2', version='2.3.5', qualifiers={'vcs_url': 'git+https://github.com/jazzband/pathlib2.git@5a6a88db3cc1d08dbc86fbe15edfb69fb5f5a3d6'}, subpath=None)

the qualifiers dict seams to be the issue ...

@jkowalleck jkowalleck mentioned this issue Apr 25, 2024
Closed
@jkowalleck
Copy link
Member Author

background: PackageURL shows itself as named tuple.
tupe comparrison is fine.

BUT one o the tuples values is a dict: qualifiers. and when the tuple comes to compare its elements, it will have issues comparing the qualifiers - and raise an error.

@jkowalleck jkowalleck self-assigned this Apr 25, 2024
@jkowalleck
Copy link
Member Author

jkowalleck commented Apr 25, 2024
edited
Loading

@madpah FYI.

I will fix this and yank the broken version afterwards

@jkowalleck jkowalleck mentioned this issue Apr 25, 2024
Merged
@jkowalleck jkowalleck changed the title BUG: arbitrary dict comparrsson causes issues BUG: arbitrary dict comparison causes issues Apr 25, 2024
@jkowalleck jkowalleck mentioned this issue Apr 25, 2024
Merged
jkowalleck added a commit that referenced this issue Apr 26, 2024
@jkowalleck @madpah
fix: properly sort components based on all properties (#599)
8df488c 
reverts #587 - as this one introduced errors
fixes #598
fixes #586

---------

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Signed-off-by: Paul Horton <paul.horton@owasp.org>
Co-authored-by: Paul Horton <paul.horton@owasp.org>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jkowalleck jkowalleck

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: properly sort components based on all properties CycloneDX/cyclonedx-python-lib
1 participant
@jkowalleck