BOM serialisation fails for both JSON and XML

[skhokhlov]

org.cyclonedx:cyclonedx-core-java:9.0.3

For XML:

javax.xml.parsers.ParserConfigurationException: org.cyclonedx.exception.GeneratorException: com.fasterxml.jackson.databind.JsonMappingException: Can not write a field name, expecting a value (through reference chain: org.cyclonedx.model.Bom["component"]->java.util.ArrayList[8]->org.cyclonedx.model.Component["purl"])

For JSON, output of BomJsonGenerator::toJsonString just empty string.

can be reproduced here: https://github.com/CycloneDX/cyclonedx-gradle-plugin/pull/444

[patveck]

@skhokhlov I ran into the same issue. Could it be the LicenseChoice object you have is empty in the sense that it has neither a non-empty list of licenses nor a license expression?

While Jackson throws an exception at the purl JSON key, the problem actually seems to be the licenses key that comes before it. According to this method, a LicenseChoice that neither a non-empty list of licenses nor a license expression isn't handled correctly: nothing is written, while Jackson has already added "licenses": to the JSON output it is generating.

A possible workaround would be to ensure that in case there's no license information, the licenses field of the Component object is Java null instead of a LicenseChoice reference.

[sschuberth]

A possible workaround would be to ensure that in case there's no license information, the licenses field of the Component object is Java null instead of a LicenseChoice reference.

I can confirm that this works as a work-around, thanks @patveck!

BTW, what makes this issue worse is that not only the BOM generator's toString() is swallowing any exceptions, but also toJsonString() does. I'm addressing that in https://github.com/CycloneDX/cyclonedx-core-java/pull/459.

[kennylam91]

Thanks @patveck , the work-around works for me as well.