Open mmarseu opened 3 months ago
The code in validate.py which is intended to turn jsonschema validation errors into helpful messages fails catastrophically in some cases. The result is a message which points the user in the wrong direction.
validate.py
jsonschema
Take this SBOM for example:
{ "bomFormat": "CycloneDX", "specVersion": "1.5", "version": 1, "metadata": { "component": { "type": "application", "name": "demo", "licenses": [ { "license": { "id": "MIT", "licensing": { "licenseTypes": [ "foo" ] } } } ] } } }
Expected result: A message informing the user that foo is not a valid value for licenseTypes.
foo
licenseTypes
Actual result:
$> cdx-ev validate test.cdx.json ERROR: Invalid SBOM (component: demo) - 'foo', 'license' or 'expression' is a required property
The code in
validate.py
which is intended to turnjsonschema
validation errors into helpful messages fails catastrophically in some cases. The result is a message which points the user in the wrong direction.Take this SBOM for example:
Expected result: A message informing the user that
foo
is not a valid value forlicenseTypes
.Actual result: