Error parsing pom.xml with v0.87.1

[rnadler]

What happened:
Updated syft from v0.86.1 to v0.87.1 and processing of some Java projects (pom.xml) started to fail.
What you expected to happen:
Expected the latest version (v0.87.1) to work.
Steps to reproduce the issue:
syft ./java-project-dir -o cyclonedx-json
Anything else we need to know?:
I am processing 50+ Java projects (pom.xml) and about 20% of them fail with the v0.87.1 version.
v0.86.1 does not fail on any of the projects.
See the stack trace below.
Environment:

• Output of syft version: syft 0.87.1
• OS (e.g: cat /etc/os-release or similar): Ubuntu 22.04.3 LTS (Jammy Jellyfish)

error during command execution: 1 error occurred:

• reflect: call of reflect.Value.Type on zero Value at:
  goroutine 114 [running]:
  runtime/debug.Stack()
  /opt/hostedtoolcache/go/1.20.7/x64/src/runtime/debug/stack.go:24 +0x65
  github.com/anchore/syft/syft/pkg/cataloger.runCataloger.func1()
  /home/runner/work/syft/syft/syft/pkg/cataloger/catalog.go:57 +0x45
  panic({0x140cfc0, 0xc000cd0648})
  /opt/hostedtoolcache/go/1.20.7/x64/src/runtime/panic.go:884 +0x213
  reflect.Value.typeSlow({0x0?, 0x0?, 0x15bd1d7?})
  /opt/hostedtoolcache/go/1.20.7/x64/src/reflect/value.go:2610 +0x12e
  reflect.Value.Type(...)
  /opt/hostedtoolcache/go/1.20.7/x64/src/reflect/value.go:2605
  github.com/anchore/syft/syft/pkg/cataloger/java.resolveProperty.func1({0xc000c968b8, 0x12})
  /home/runner/work/syft/syft/syft/pkg/cataloger/java/parse_pom_xml.go:181 +0x4a5
  regexp.(*Regexp).ReplaceAllStringFunc.func1({0x0, 0x0, 0x0}, {0xc000c83380?, 0x0?, 0x0?})
  /opt/hostedtoolcache/go/1.20.7/x64/src/regexp/regexp.go:604 +0x91
  regexp.(*Regexp).replaceAll(0xc000231720, {0x0, 0x0, 0x0}, {0xc000c968b8, 0x12}, 0x2, 0xc001296cf8)
  /opt/hostedtoolcache/go/1.20.7/x64/src/regexp/regexp.go:642 +0x405
  regexp.(*Regexp).ReplaceAllStringFunc(0x0?, {0xc000c968b8?, 0x40df27?}, 0x68?)
  /opt/hostedtoolcache/go/1.20.7/x64/src/regexp/regexp.go:603 +0x5d
  github.com/anchore/syft/syft/pkg/cataloger/java.resolveProperty({0x0, 0xc000c852a0, 0xc000188200, 0x0, 0xc000c85350, 0x0, 0xc000c85360, 0xc000c85370, 0x0, 0x0, ...}, ...)
  /home/runner/work/syft/syft/syft/pkg/cataloger/java/parse_pom_xml.go:152 +0x59
  github.com/anchore/syft/syft/pkg/cataloger/java.newPackageFromPom({0x0, 0xc000c852a0, 0xc000188200, 0x0, 0xc000c85350, 0x0, 0xc000c85360, 0xc000c85370, 0x0, 0x0, ...}, ...)
  /home/runner/work/syft/syft/syft/pkg/cataloger/java/parse_pom_xml.go:83 +0x298
  github.com/anchore/syft/syft/pkg/cataloger/java.parserPomXML({0x372?, 0xc001297768?}, 0x417213?, {{{{{...}, {...}}, {0x0, 0x0}, {0x3d6, {...}}}, {0xc000c8d830}}, ...})
  /home/runner/work/syft/syft/syft/pkg/cataloger/java/parse_pom_xml.go:33 +0x351
  github.com/anchore/syft/syft/pkg/cataloger/generic.(*Cataloger).Catalog(0xc0009fdec0, {0x1b4ec10, 0xc0006ac000})
  /home/runner/work/syft/syft/syft/pkg/cataloger/generic/cataloger.go:129 +0x74e
  github.com/anchore/syft/syft/pkg/cataloger.runCataloger({0x1b42918, 0xc0009fdec0}, {0x1b4ec10?, 0xc0006ac000})
  /home/runner/work/syft/syft/syft/pkg/cataloger/catalog.go:65 +0x1fa
  github.com/anchore/syft/syft/pkg/cataloger.Catalog.func1()
  /home/runner/work/syft/syft/syft/pkg/cataloger/catalog.go:146 +0xec
  created by github.com/anchore/syft/syft/pkg/cataloger.Catalog
  /home/runner/work/syft/syft/syft/pkg/cataloger/catalog.go:141 +0x34a

[willmurphyscode]

Thanks for the bug report @rnadler! We are working on a fix.

If you have a second, would you mind posting a link to Maven to a jar that exhibits this issue? We have one repro case, but it would be nice to make sure we're fixing yours.