Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix panic in pom parsing #2064

Merged
merged 3 commits into from
Aug 25, 2023
Merged

Fix panic in pom parsing #2064

merged 3 commits into from
Aug 25, 2023

Conversation

willmurphyscode
Copy link
Contributor

@willmurphyscode willmurphyscode commented Aug 25, 2023
edited
Loading

A recent update to gopom changed many fields to be omitted when empty, resulting in a number of nil pointers inside the nested structure of the pom that previously didn't exist. Defend against these in the search for the property value.

Fixes #2060

@willmurphyscode
initial attempt at fix
1ac8861 
Signed-off-by: Will Murphy <will.murphy@anchore.com>
@willmurphyscode
fix: stop nil pointer panic in pom reflection
8a5bbad 
A recent update to gopom changed many fields to be omitted when empty,
resulting in a number of nil pointers inside the nested structure of the
pom that previously didn't exist. Defend against these in the search for
the property value.

Signed-off-by: Will Murphy <will.murphy@anchore.com>
@github-actions
Copy link

github-actions bot commented Aug 25, 2023
edited
Loading

Benchmark Test Results

Benchmark results from the latest changes vs base branch 
goos: linux%0Agoarch: amd64%0Apkg: github.com/anchore/syft/test/integration%0Acpu: Intel(R) Xeon(R) Platinum 8272CL CPU @ 2.60GHz%0A                                                              │ ./.tmp/benchmark-0dc4b0d.txt │%0A                                                              │            sec/op            │%0AImagePackageCatalogers/alpmdb-cataloger-2                                       12.47m ±  1%25%0AImagePackageCatalogers/apkdb-cataloger-2                                        697.3µ ±  1%25%0AImagePackageCatalogers/binary-cataloger-2                                       208.4µ ±  1%25%0AImagePackageCatalogers/dpkgdb-cataloger-2                                       593.4µ ±  2%25%0AImagePackageCatalogers/dotnet-portable-executable-cataloger-2                   21.46µ ±  4%25%0AImagePackageCatalogers/go-module-binary-cataloger-2                             94.37µ ± 16%25%0AImagePackageCatalogers/java-cataloger-2                                         17.95m ±  3%25%0AImagePackageCatalogers/graalvm-native-image-cataloger-2                         94.72µ ±  1%25%0AImagePackageCatalogers/javascript-package-cataloger-2                           381.8µ ±  2%25%0AImagePackageCatalogers/nix-store-cataloger-2                                    277.5µ ±  3%25%0AImagePackageCatalogers/php-composer-installed-cataloger-2                       839.1µ ±  4%25%0AImagePackageCatalogers/portage-cataloger-2                                      487.9µ ±  2%25%0AImagePackageCatalogers/python-package-cataloger-2                               3.365m ±  1%25%0AImagePackageCatalogers/r-package-cataloger-2                                    200.4µ ±  2%25%0AImagePackageCatalogers/rpm-db-cataloger-2                                       555.6µ ±  1%25%0AImagePackageCatalogers/ruby-gemspec-cataloger-2                                 925.0µ ±  1%25%0AImagePackageCatalogers/sbom-cataloger-2                                         120.5µ ±  0%25%0Ageomean                                                                         496.2µ%0A%0A                                                              │ ./.tmp/benchmark-0dc4b0d.txt │%0A                                                              │             B/op             │%0AImagePackageCatalogers/alpmdb-cataloger-2                                       5.135Mi ± 0%25%0AImagePackageCatalogers/apkdb-cataloger-2                                        184.3Ki ± 0%25%0AImagePackageCatalogers/binary-cataloger-2                                       30.79Ki ± 0%25%0AImagePackageCatalogers/dpkgdb-cataloger-2                                       141.4Ki ± 0%25%0AImagePackageCatalogers/dotnet-portable-executable-cataloger-2                   3.696Ki ± 0%25%0AImagePackageCatalogers/go-module-binary-cataloger-2                             9.906Ki ± 0%25%0AImagePackageCatalogers/java-cataloger-2                                         3.065Mi ± 0%25%0AImagePackageCatalogers/graalvm-native-image-cataloger-2                         8.594Ki ± 0%25%0AImagePackageCatalogers/javascript-package-cataloger-2                           83.81Ki ± 0%25%0AImagePackageCatalogers/nix-store-cataloger-2                                    38.93Ki ± 0%25%0AImagePackageCatalogers/php-composer-installed-cataloger-2                       155.1Ki ± 0%25%0AImagePackageCatalogers/portage-cataloger-2                                      109.8Ki ± 0%25%0AImagePackageCatalogers/python-package-cataloger-2                               986.3Ki ± 0%25%0AImagePackageCatalogers/r-package-cataloger-2                                    42.91Ki ± 0%25%0AImagePackageCatalogers/rpm-db-cataloger-2                                       170.9Ki ± 0%25%0AImagePackageCatalogers/ruby-gemspec-cataloger-2                                 123.4Ki ± 0%25%0AImagePackageCatalogers/sbom-cataloger-2                                         14.20Ki ± 0%25%0Ageomean                                                                         93.04Ki%0A%0A                                                              │ ./.tmp/benchmark-0dc4b0d.txt │%0A                                                              │          allocs/op           │%0AImagePackageCatalogers/alpmdb-cataloger-2                                        88.06k ± 0%25%0AImagePackageCatalogers/apkdb-cataloger-2                                         4.033k ± 0%25%0AImagePackageCatalogers/binary-cataloger-2                                         866.0 ± 0%25%0AImagePackageCatalogers/dpkgdb-cataloger-2                                        2.911k ± 0%25%0AImagePackageCatalogers/dotnet-portable-executable-cataloger-2                     132.0 ± 0%25%0AImagePackageCatalogers/go-module-binary-cataloger-2                               281.0 ± 0%25%0AImagePackageCatalogers/java-cataloger-2                                          40.69k ± 0%25%0AImagePackageCatalogers/graalvm-native-image-cataloger-2                           228.0 ± 0%25%0AImagePackageCatalogers/javascript-package-cataloger-2                            1.264k ± 0%25%0AImagePackageCatalogers/nix-store-cataloger-2                                      820.0 ± 0%25%0AImagePackageCatalogers/php-composer-installed-cataloger-2                        3.845k ± 0%25%0AImagePackageCatalogers/portage-cataloger-2                                       2.194k ± 0%25%0AImagePackageCatalogers/python-package-cataloger-2                                16.14k ± 0%25%0AImagePackageCatalogers/r-package-cataloger-2                                      851.0 ± 0%25%0AImagePackageCatalogers/rpm-db-cataloger-2                                        3.914k ± 0%25%0AImagePackageCatalogers/ruby-gemspec-cataloger-2                                  2.291k ± 0%25%0AImagePackageCatalogers/sbom-cataloger-2                                           394.0 ± 0%25%0Ageomean                                                                          2.000k

kzantow
kzantow approved these changes Aug 25, 2023
View reviewed changes
Copy link
Contributor

@kzantow kzantow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM -- one minor note, which isn't actually about code changed here so feel free to ignore it

syft/pkg/cataloger/java/parse_pom_xml.go Outdated Show resolved Hide resolved
@willmurphyscode
trim tag suffixes besides omitempty
33fb8ed 
Signed-off-by: Will Murphy <will.murphy@anchore.com>
@willmurphyscode willmurphyscode merged commit d08e2be into main Aug 25, 2023
9 checks passed
@willmurphyscode willmurphyscode deleted the fix-panic-in-pom-parsing branch August 25, 2023 16:04
This was referenced Aug 28, 2023
Closed
Closed
Closed
Closed
Merged
Closed
Closed
@dependabot dependabot bot mentioned this pull request Sep 4, 2023
Closed
GijsCalis pushed a commit to GijsCalis/syft that referenced this pull request Feb 19, 2024
@willmurphyscode
Fix panic in pom parsing (anchore#2064)
4845a03 
A recent update to gopom changed many fields to be omitted when empty,
resulting in a number of nil pointers inside the nested structure of the
pom that previously didn't exist. Defend against these in the search for
the property value.

Signed-off-by: Will Murphy <will.murphy@anchore.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kzantow kzantow kzantow approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Error parsing pom.xml with v0.87.1
2 participants
@willmurphyscode @kzantow