Release v0.4.0 breaks when pypi returns a null license. Sometimes packages will have empty strings for a license and sometimes they will have null.
Actual Results
(cyclonedx_venv) -bash-4.2$ cyclonedx-py -i output/xad -o output/RICK_bom.xml
Input file: output/xad
Output BOM: output/RICK_bom.xml
JSON output: False
Package info url: https://pypi.org/pypi/{package_name}/{package_version}/json
Generating CycloneDX BOM
Traceback (most recent call last):
File "/var/lib/jenkins/venvs/cyclonedx_venv/bin/cyclonedx-py", line 8, in <module>
sys.exit(main())
File "/var/lib/jenkins/venvs/cyclonedx_venv/lib/python3.6/site-packages/cyclonedx/client.py", line 83, in main
bom_contents = generate_bom(args)
File "/var/lib/jenkins/venvs/cyclonedx_venv/lib/python3.6/site-packages/cyclonedx/client.py", line 59, in generate_bom
bom_contents = reader.read_bom(fd, args.package_info_url, args.json)
File "/var/lib/jenkins/venvs/cyclonedx_venv/lib/python3.6/site-packages/cyclonedx/bom/reader.py", line 23, in read_bom
for component in all_components:
File "/var/lib/jenkins/venvs/cyclonedx_venv/lib/python3.6/site-packages/cyclonedx/bom/reader.py", line 18, in <genexpr>
all_components = (get_component(req, package_info_url) for req in requirements.parse(fd))
File "/var/lib/jenkins/venvs/cyclonedx_venv/lib/python3.6/site-packages/cyclonedx/bom/reader.py", line 67, in get_component
if package_license != 'UNKNOWN' and len(package_license.strip()) > 0:
AttributeError: 'NoneType' object has no attribute 'strip'
Expected Results
I expect the SBOM to be generated successfully.
Examples
I found a couple packages that demonstrate the issue.
Alabaster 0.7.9 and 0.7.10
Sample requirements.txt
alabaster==0.7.9
pypi response
Note: Building the SBOM fails when the license is null but is successful when the license is an empty string.
Release v0.4.0 breaks when pypi returns a null license. Sometimes packages will have empty strings for a license and sometimes they will have null.
Actual Results
Expected Results
I expect the SBOM to be generated successfully.
Examples
I found a couple packages that demonstrate the issue.
Alabaster 0.7.9 and 0.7.10
Sample requirements.txt
pypi response
Note: Building the SBOM fails when the license is null but is successful when the license is an empty string.
pbr 1.10.0
Sample requirements.txt
pypi response
Note: Building the SBOM fails when the license is null but is successful when the license is an empty string.