Metadata document Quality Thread

[lumjjb]

This issue keeps track of data quality and parsing metadata documents. If there are issues processing certain documents, do let us know and provide an example document that we can test with.

1. Type of Document:
2. Exhibited behavior (error, missing info, etc.):
3. Expected behavior:
4. Link to metadata document:
5. Link to relevant issues:

[electricgull]

1. CycloneDX
2. segfault when running against a CycloneDx 1.3 bom
3. no error and ingests the data.
4. https://github.com/JupiterOne/graph-github/blob/guac-bom-test-cg/reports/bom.json

How to reproduce

git clone git@github.com:JupiterOne/graph-github.git cd graph-github docker run --rm -v ${PWD}/src jupiterone/node-cdx-bom:latest '/src/reports/bom.json' ../guacsec/guac/bin/guacone files --creds neo4j:s3cr3t reports/

panic: runtime error: invalid memory address or nil pointer dereference [signal SIGSEGV: segmentation violation code=0x1 addr=0x68 pc=0x1978521]

Let me know if additional information is needed.

MAINTAINER EDIT: Fixed by https://github.com/guacsec/guac/pull/207

[nadgowdas]

thanks for reporting, let me check!

[cklim24]

This issue keeps track of data quality and parsing metadata documents. If there are issues processing certain documents, do let us know and provide an example document that we can test with.

1. Type of Document:
2. Exhibited behavior (error, missing info, etc.):
3. Expected behavior:
4. Link to metadata document:
5. Link to relevant issues:

[nchelluri]

1. SPDX
2. If a relationships value is null, then the upstream SPDX parser will panic
3. The upstream parser should not panic, and the relationship in question would not be created
4. spdx-null-rel.json
5. Saw this when implementing a fix for https://github.com/guacsec/guac/issues/1821 . I have now filed https://github.com/spdx/tools-golang/issues/238 .