search

CycloneDX / cyclonedx-cli

CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.
https://cyclonedx.org/
Apache License 2.0
307 stars 60 forks source link

Regression: 'cyclonedx-cli convert' fails to convert an xml to json that is declared as valid by 'cyclonedx-cli validate', worked with 0.25.1 #398

Open schlenk opened 1 month ago

schlenk commented 1 month ago

Conversion from XML to JSON fails with cyclonedx-cli 0.26.0, while it works fine with 0.25.1:

PS C:\>cyclonedx-cli --version
0.25.1+03b8019b24e847b6fdc91822eae2e9a220d525fa
PS C:\>cyclonedx-cli convert --input-file test.cdx.xml --output-format json --output-file test.cdx.json

OK!

PS C:\> cyclonedx-cli --version
0.26.0+4f578adff8e1d2b39f7e6c0cddd4d2ea47a7b483
PS C:\> cyclonedx-cli validate --input-file test.cdx.xml
BOM validated successfully.

But convert to JSON blows up:

PS C:\> cyclonedx-cli convert --input-file test.cdx.xml --output-format json --output-file test.cdx.json
Unhandled exception: System.InvalidOperationException: There is an error in XML document (49, 10).
 ---> System.Xml.XmlException: 'Element' is an invalid XmlNodeType. Line 49, position 10.
   at System.Xml.XmlReader.ReadEndElement()
   at CycloneDX.Models.LicenseChoiceList.ReadXml(XmlReader reader)
   at System.Xml.Serialization.XmlSerializationReader.ReadSerializable(IXmlSerializable serializable, Boolean wrappedAny)
   at Microsoft.Xml.Serialization.GeneratedAssembly.XmlSerializationReaderBom.Read54_Component(Boolean isNullable, Boolean checkType)
   at Microsoft.Xml.Serialization.GeneratedAssembly.XmlSerializationReaderBom.Read97_Bom(Boolean isNullable, Boolean checkType)
   at Microsoft.Xml.Serialization.GeneratedAssembly.XmlSerializationReaderBom.Read98_bom()
   --- End of inner exception stack trace ---
   at System.Xml.Serialization.XmlSerializer.Deserialize(XmlReader xmlReader, String encodingStyle, XmlDeserializationEvents events)
   at System.Xml.Serialization.XmlSerializer.Deserialize(Stream stream)
   at CycloneDX.Xml.Serializer.Deserialize(MemoryStream xmlStream)
   at CycloneDX.Xml.Serializer.Deserialize(Stream xmlStream)
   at CycloneDX.Cli.CliUtils.InputBomHelper(String filename, CycloneDXBomFormat format)
   at CycloneDX.Cli.CliUtils.InputBomHelper(String filename, ConvertFormat format)
   at CycloneDX.Cli.Commands.ConvertCommand.Convert(ConvertCommandOptions options)
   at System.CommandLine.Invocation.CommandHandler.GetExitCodeAsync(Object value, InvocationContext context)
   at System.CommandLine.Invocation.ModelBindingCommandHandler.InvokeAsync(InvocationContext context)
   at System.CommandLine.Invocation.InvocationPipeline.<>c__DisplayClass4_0.<<BuildInvocationChain>b__0>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass23_0.<<UseParseErrorReporting>b__0>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass16_0.<<UseHelp>b__0>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass27_0.<<UseVersionOption>b__1>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass25_0.<<UseTypoCorrections>b__0>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c.<<UseSuggestDirective>b__24_0>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass22_0.<<UseParseDirective>b__0>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass11_0.<<UseDebugDirective>b__0>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c.<<RegisterWithDotnetSuggest>b__10_0>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass14_0.<<UseExceptionHandler>b__0>d.MoveNext()
PS C:\code\15.8> cyclonedx-cli --version
0.26.0+4f578adff8e1d2b39f7e6c0cddd4d2ea47a7b483

Test file: test.cdx.xml.zip

andreas-hilti commented 1 month ago

I think this goes back to https://github.com/CycloneDX/cyclonedx-dotnet-library/pull/301. LicenseChoiceList.ReadXml fails to handle the prefix "ns0:".

andreas-hilti commented 3 weeks ago

@schlenk Should be fixed with release 0.27.1.