Mirrors/syft
2
0
Fork 0
mirror of https://github.com/anchore/syft synced 2024-11-10 14:24:12 +00:00
Code Issues Projects Releases Packages Wiki Activity

Fix CycloneDX license decoding panic (#898)

Browse source
This commit is contained in:
Keith Zantow 2022-03-18 09:44:51 -04:00 committed by GitHub
parent f4734d28b3
commit 99c3339810
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 13 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
internal/formats/common/cyclonedxhelpers/decoder_test.go
View file

@ -272,4 +272,14 @@ func Test_missingDataDecode(t *testing.T) {
_, err = toSyftModel(bom)
assert.NoError(t, err)
pkg := decodeComponent(&cyclonedx.Component{
Licenses: &cyclonedx.Licenses{
{
License: nil,
},
},
})
assert.Len(t, pkg.Licenses, 0)
}

4
internal/formats/common/cyclonedxhelpers/licenses.go
View file

@ -26,7 +26,9 @@ func encodeLicenses(p pkg.Package) *cyclonedx.Licenses {
func decodeLicenses(c *cyclonedx.Component) (out []string) {
if c.Licenses != nil {
for _, l := range *c.Licenses {
out = append(out, l.License.ID)
if l.License != nil {
out = append(out, l.License.ID)
}
}
}
return