Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: typed nils in cyclonedx #3680

Closed
wants to merge 2 commits into from
Closed

fix: typed nils in cyclonedx #3680

wants to merge 2 commits into from

Conversation

kzantow
Copy link
Contributor

@kzantow kzantow commented Feb 22, 2025
edited
Loading

Description

This PR fixes an issue where "typed nil" values are causing invalid cyclonedx to be generated with components containing "hashes": null, which does not pass JSON validation.

Type of change

  • Bug fix (non-breaking change which fixes an issue)

Checklist:

  • I have added unit tests that cover changed behavior
  • I have tested my code in common scenarios and confirmed there are no regressions
  • I have added comments to my code, particularly in hard-to-understand sections

@kzantow kzantow force-pushed the fix/cyclonedx-typed-nils branch from da02df7 to fb649fa Compare February 24, 2025 23:21
@kzantow kzantow force-pushed the fix/cyclonedx-typed-nils branch from fb649fa to 823723f Compare February 25, 2025 01:46
kzantow
kzantow commented Feb 25, 2025
View reviewed changes
syft/format/common/cyclonedxhelpers/to_format_model.go
components = append(components, cyclonedx.Component{
BOMRef: string(coordinate.ID()),
Type: cyclonedx.ComponentTypeFile,
Name: metadata.Path,
Hashes: &cdxHashes,
Hashes: slicePtr(digestsToHashes(artifacts.FileDigests[coordinate])),
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've tried to add a test showing this fix working, but for some reason it doesn't have the same behavior as Grype. We are effectively running the same test in both, and in Syft it works as expected while in Grype it has a bug where a null value is output for "hashes". I've verified this specific fix corrects the issue in the Grype test, but I've very confused why there is different behavior.

@kzantow
chore: add a test
7ea3779 
Signed-off-by: Keith Zantow <[email protected]>
@kzantow kzantow self-assigned this Feb 25, 2025
@kzantow kzantow closed this Feb 25, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@willmurphyscode willmurphyscode willmurphyscode approved these changes

Assignees

@kzantow kzantow

Labels
None yet
Projects
OSS
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@kzantow @willmurphyscode