search

Festo-se / cyclonedx-editor-validator

Tool for creating, modifying and validating CycloneDX SBOMs.
https://festo-se.github.io/cyclonedx-editor-validator/
GNU General Public License v3.0
18 stars 4 forks source link

Amend throws error on Windows using licenses from Conan project #165

Closed cedricwritescode closed 5 months ago

cedricwritescode commented 5 months ago

I've noticed a bug while trying to amend an SBOM generated with the Conan cyclonedx tool with license data from the Conan _collected_license_files (using conan install --deployer=licenses) on Windows. On Linux it seems to run without any problems (tested on Ubuntu). I've attached a reduced file set that will reproduce this error.

Error on Windows:

WARNING: License text not found - No text for the license (Unrar), in component (PURL[pkg:conan/7zip@23.01]), was found. An empty string was added as text.

INFO: License text added - The text of the license (CppTest_EULA), in component (PURL[pkg:conan/cpptest@2022.2.0]), was added. INFO: License text added - The text of the license (License_Jlink), in component (PURL[pkg:conan/jlink@7.86]), was added. Traceback (most recent call last): File "", line 198, in _run_module_as_main File "", line 88, in _run_code File "C:\Appl\Python\Lib\site-packages\cdxev__main.py", line 631, in sys.exit(main()) ^^^^^^ File "C:\Appl\Python\Lib\site-packages\cdxev__main__.py", line 40, in main return args.cmd_handler(args) ^^^^^^^^^^^^^^^^^^^^^^ File "C:\Appl\Python\Lib\site-packages\cdxev\main__.py", line 462, in invoke_amend amend(sbom, args.license_path) File "C:\Appl\Python\Lib\site-packages\cdxev\amend\command.py", line 32, in run walk_components(sbom, _do_amend, skip_meta=True) File "C:\Appl\Python\Lib\site-packages\cdxev\auxiliary\sbomFunctions.py", line 307, in walk_components _recurse(sbom["components"], func, *args, *kwargs) File "C:\Appl\Python\Lib\site-packages\cdxev\auxiliary\sbomFunctions.py", line 296, in _recurse func(component, args, **kwargs) File "C:\Appl\Python\Lib\site-packages\cdxev\amend\command.py", line 55, in _do_amend operation.handle_component(component) File "C:\Appl\Python\Lib\site-packages\cdxev\amend\operations.py", line 230, in handle_component process_license( File "C:\Appl\Python\Lib\site-packages\cdxev\amend\process_license.py", line 90, in process_license add_text_from_folder_to_license_with_name( File "C:\Appl\Python\Lib\site-packages\cdxev\amend\process_license.py", line 152, in add_text_from_folder_to_license_with_name license_text = get_license_text_from_folder( ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "C:\Appl\Python\Lib\site-packages\cdxev\amend\process_license.py", line 211, in get_license_text_from_folder license_text = f.read() ^^^^^^^^ File "C:\Appl\Python\Lib\encodings\cp1252.py", line 23, in decode return codecs.charmap_decode(input,self.errors,decoding_table)[0] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ UnicodeDecodeError: 'charmap' codec can't decode byte 0x9d in position 219: character maps to

Output on Linux:

WARNING: License text not found - No text for the license (Unrar), in component (PURL[pkg:conan/7zip@23.01]), was found. An empty string was added as text. INFO: License text added - The text of the license (CppTest_EULA), in component (PURL[pkg:conan/cpptest@2022.2.0]), was added. INFO: License text added - The text of the license (License_Jlink), in component (PURL[pkg:conan/jlink@7.86]), was added. INFO: License text added - The text of the license (SLA0048), in component (PURL[pkg:conan/stm32cubeprog]), was added. Writing output to: My application_1.0.0_20240423T061253.cdx.json

error_reproduction.zip

cedricwritescode commented 5 months ago

It seems that the license file SLA0048.txt is causing the issue. If I interpret the traceback correctly, the closing special quote character from “I ACCEPT” is causing this issue.

mmarseu commented 5 months ago

If you feel adventurous, you could try the branch from #160. It makes sweeping changes to several parts of amend and IIRC this particular problem should also be fixed. Otherwise, you can wait of course until the PR gets merged and released in an upcoming version. I can't say how long that will take.

italvi commented 5 months ago

@cedricwritescode could you please test, if the error still exists with the latest release? It's already available at pypi.

cedricwritescode commented 5 months ago

Based on the info provided as help from cdx-ev and after updating to 0.14.0, I tried running cdx-ev amend --operation add-license-text --license-dir "_colected_license_files" --output "build" "build/conan.cdx.json" using my example.

However, I'm getting this error message:

Traceback (most recent call last): File "", line 198, in _run_module_as_main File "", line 88, in _run_code File "C:\Appl\Python\Scripts\cdx-ev.exe__main.py", line 7, in File "C:\Appl\Python\Lib\site-packages\cdxev__main__.py", line 47, in main return args.cmd_handler(args) ^^^^^^^^^^^^^^^^^^^^^^ File "C:\Appl\Python\Lib\site-packages\cdxev\main__.py", line 658, in invoke_amend amend.run(sbom, operations, config) File "C:\Appl\Python\Lib\site-packages\cdxev\amend\command.py", line 43, in run operations = create_operations(selected, config) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "C:\Appl\Python\Lib\site-packages\cdxev\amend\command.py", line 21, in create_operations instances.append(op(**options))

mmarseu commented 5 months ago

Sorry about the bug. I can reproduce it and will look into it tomorrow.

italvi commented 5 months ago

@cedricwritescode please try it again with the newest release 0.14.1 and reopen the issue, if the error still persists.

cedricwritescode commented 5 months ago

Thank you, version 0.14.1 indeed fixed this bug.