From de365c8e92929a7a0035898862d6aaa127e0b215 Mon Sep 17 00:00:00 2001 From: Masahiro331 Date: Mon, 8 Aug 2022 21:15:38 +0900 Subject: [PATCH] fix(cyclonedx): add nil check to metadata.component (#2673) --- .../happy/empty-metadata-component-bom.json | 17 +++++++++++++++++ pkg/sbom/cyclonedx/unmarshal.go | 2 +- pkg/sbom/cyclonedx/unmarshal_test.go | 5 +++++ 3 files changed, 23 insertions(+), 1 deletion(-) create mode 100644 pkg/sbom/cyclonedx/testdata/happy/empty-metadata-component-bom.json diff --git a/pkg/sbom/cyclonedx/testdata/happy/empty-metadata-component-bom.json b/pkg/sbom/cyclonedx/testdata/happy/empty-metadata-component-bom.json new file mode 100644 index 000000000000..45d8e83c65df --- /dev/null +++ b/pkg/sbom/cyclonedx/testdata/happy/empty-metadata-component-bom.json @@ -0,0 +1,17 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.4", + "serialNumber": "urn:uuid:c986ba94-e37d-49c8-9e30-96daccd0415b", + "version": 1, + "metadata": { + "timestamp": "2022-05-28T10:20:03.79527Z", + "tools": [ + { + "vendor": "aquasecurity", + "name": "trivy", + "version": "dev" + } + ] + }, + "dependencies": [] +} \ No newline at end of file diff --git a/pkg/sbom/cyclonedx/unmarshal.go b/pkg/sbom/cyclonedx/unmarshal.go index b36f8843811a..2a8d282d1011 100644 --- a/pkg/sbom/cyclonedx/unmarshal.go +++ b/pkg/sbom/cyclonedx/unmarshal.go @@ -186,7 +186,7 @@ func componentMap(metadata *cdx.Metadata, components *[]cdx.Component) map[strin for _, component := range lo.FromPtr(components) { cmap[component.BOMRef] = component } - if metadata != nil { + if metadata != nil && metadata.Component != nil { cmap[metadata.Component.BOMRef] = *metadata.Component } return cmap diff --git a/pkg/sbom/cyclonedx/unmarshal_test.go b/pkg/sbom/cyclonedx/unmarshal_test.go index c59a0d88fe08..4d74acaeb4ae 100644 --- a/pkg/sbom/cyclonedx/unmarshal_test.go +++ b/pkg/sbom/cyclonedx/unmarshal_test.go @@ -184,6 +184,11 @@ func TestUnmarshaler_Unmarshal(t *testing.T) { inputFile: "testdata/happy/empty-bom.json", want: sbom.SBOM{}, }, + { + name: "happy path empty metadata component", + inputFile: "testdata/happy/empty-metadata-component-bom.json", + want: sbom.SBOM{}, + }, { name: "sad path invalid purl", inputFile: "testdata/sad/invalid-purl.json",