Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] OrganizationalEntity validation error should not be raised #600

Closed
pombredanne opened this issue Apr 26, 2024 · 3 comments · Fixed by #611
Closed

[BUG] OrganizationalEntity validation error should not be raised #600

pombredanne opened this issue Apr 26, 2024 · 3 comments · Fixed by #611
Labels
bug Something isn't working

Comments

@pombredanne
Copy link

pombredanne commented Apr 26, 2024
edited

A spec-valid JSON BOM 1.4 with {"supplier":{"name":""}, fails to load and should not fail.

The code at

cyclonedx-python-lib/cyclonedx/model/contact.py

Line 282 in 4293101

if not name and not urls and not contacts:
makes loading a BOM that has a name as an empty string to fail.

There is nothing in the spec that says this is invalid... I can accept that there is a way to do a strict validation, but this should be an option AND this should not make it impossible to load a JSON. If this cannot be loaded, fixing the issue is made much harder.

The spec at https://github.com/CycloneDX/specification/blob/1.6/schema/bom-1.4.schema.json#L203 does not have any such requirements, same in https://cyclonedx.org/docs/1.4/xml/#type_organizationalEntity and other versions of the spec.

IMHO such as exception here and elsewhere SHOULD NEVER be raised unless an explicit request for a strict validation for empty values is requested above and beyond what is in the spec.

@tdruez ping
@jkowalleck jkowalleck added the bug Something isn't working label Apr 26, 2024
@jkowalleck jkowalleck changed the title OrganizationalEntity validation error should not be raised [BUG] OrganizationalEntity validation error should not be raised Apr 26, 2024
@pombredanne pombredanne mentioned this issue Apr 26, 2024
Closed
@pombredanne
Copy link
Author

pombredanne commented Apr 26, 2024
edited

@jkowalleck FYI, this is the kind of workaround that is needed short term to read CDX from some weird tool that produce these documents:

nexB/scancode.io@1bd0e4d#diff-ea7df675af2b46146067bf4d4314ece949da068c9ae5635fa423c19f008209b3R211

@jkowalleck jkowalleck mentioned this issue May 5, 2024
Open
@pombredanne pombredanne mentioned this issue May 5, 2024
Closed
@jkowalleck jkowalleck mentioned this issue May 6, 2024
Merged
jkowalleck added a commit that referenced this issue May 6, 2024
@jkowalleck
fix: allow suppliers with empty-string names (#611)
b331aeb 
fixes #600

---------

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
@jkowalleck
Copy link
Member

expected to be fixed in https://github.com/CycloneDX/cyclonedx-python-lib/releases/tag/v7.3.4

@pombredanne
Copy link
Author

Thank you.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: allow suppliers with empty-string names CycloneDX/cyclonedx-python-lib
2 participants
@pombredanne @jkowalleck