bug: Correct handling of CycloneDX license data in XML documents

anthonyharrison · Oct 6, 2022 · 8f9eb2e · 8f9eb2e
1 parent dfbee0a
commit 8f9eb2e
Showing 1 changed file with 6 additions and 5 deletions.
diff --git a/sbomdiff/cyclonedx_parser.py b/sbomdiff/cyclonedx_parser.py
@@ -66,11 +66,12 @@ def parse_cyclonedx_xml(self, sbom_file):
                         if component_version is None:
                             raise KeyError(f"Could not find version in {component}")
                         version = component_version.text
-                        component_license = component.find(schema + "license")
-                        if component_license is None:
-                            license = "NOT FOUND"
-                        else:
-                            license = component_license.text
+                        license = "NOT FOUND"
+                        component_license = component.find(schema + "licenses")
+                        if component_license is not None:
+                            license_data = component_license.find(schema + "expression")
+                            if license_data is not None:
+                                license = license_data.text
                         if version is not None:
                             if package not in packages:
                                 packages[package] = [version, license]