local variable 'version' referenced before assignment

[bastiendonjon]

I have this trace if i parse Cyclondx Json file

Traceback (most recent call last):
  File "/opt/project/src/test.py", line 15, in <module>
    test_parser.parse_file("sbom.json")
  File "/usr/local/lib/python3.10/site-packages/lib4sbom/parser.py", line 81, in parse_file
    ) = self.parser.parse(filename)
  File "/usr/local/lib/python3.10/site-packages/lib4sbom/cyclonedx/cyclonedx_parser.py", line 19, in parse
    return self.parse_cyclonedx_json(sbom_file)
  File "/usr/local/lib/python3.10/site-packages/lib4sbom/cyclonedx/cyclonedx_parser.py", line 143, in parse_cyclonedx_json
    packages[(package, version)] = cyclonedx_package.get_package()
UnboundLocalError: local variable 'version' referenced before assignment

[anthonyharrison]

@bastiendonjon Thanks for finding this. Do you have the SBOM file which generated the error?

However looking at the code it would appear that the component doesn't have a version specified. Whilst this parameter is optional according to the CycloneDX specification, a component without an identified version isn't that useful as part of a SBOM

UPDATE I can reproduce the error but it only occurs if the first package doesn't have a version specified.