search

devonfw / solicitor

Solicitor is a tool enabling management of licenses of software dependencies
Apache License 2.0
22 stars 18 forks source link

CycloneDX reader does not support 'expression' as license #279

Closed duph97 closed 3 months ago

duph97 commented 3 months ago

The CycloneDX reader terminates with a NullPointerException for CycloneDX inputs containing "expressions".

Input example:

  "components": [
    {
      "publisher": "Oracle Corporation",
      "group": "org.glassfish.hk2",
      "name": "hk2-locator",
      "version": "2.5.0-b42",
      "description": "${project.name}",
      "licenses": [
        {
          "expression": "(CDDL-1.0 OR GPL-2.0-with-classpath-exception)"
        }
      ],
      "purl": "pkg:maven/org.glassfish.hk2/hk2-locator@2.5.0-b42?type=jar",
      "externalReferences": [
        {
          "type": "vcs",
          "url": "https://hk2-project.github.io"
        }
      ],

Error:

2024-07-11 07:59:42.977 -ERROR : [SOLI-003] Solicitor processing aborted

java.lang.NullPointerException: null at com.devonfw.tools.solicitor.reader.cyclonedx.CyclonedxReader.readInventory(CyclonedxReader.java:124) ~[solicitor-core-1.24.2.jar!/:1.24.2]
at com.devonfw.tools.solicitor.Solicitor.readInventory(Solicitor.java:166) ~[solicitor-core-1.24.2.jar!/:1.24.2] at com.devonfw.tools.solicitor.Solicitor.mainProcessing(Solicitor.java:125) ~[solicitor-core-1.24.2.jar!/:1.24.2] at com.devonfw.tools.solicitor.Solicitor.run(Solicitor.java:237) ~[solicitor-core-1.24.2.jar!/:1.24.2] at com.devonfw.tools.solicitor.SolicitorApplication.main(SolicitorApplication.java:41) ~[solicitor-core-1.24.2.jar!/:1.24.2] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_362] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_362] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_362] at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_362] at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:49) [solicitor.jar:1.24.2] at org.springframework.boot.loader.Launcher.launch(Launcher.java:108) [solicitor.jar:1.24.2] at org.springframework.boot.loader.Launcher.launch(Launcher.java:58) [solicitor.jar:1.24.2] at org.springframework.boot.loader.PropertiesLauncher.main(PropertiesLauncher.java:467) [solicitor.jar:1.24.2]

ohecker commented 3 months ago

Fixed with PR #280. Closing.