Open uh3tay opened 1 month ago
Sounds like a bug in the java parser. I'm not completely surprised; we could really use some help making better test cases for java because it feels like there's a lot of behaviours we haven't captured very well yet.
Did you want to submit your fix as a pull request so it could be integrated?
@uh3tay The Java parser is very simple and assumes that the pom file is valid. Can you provide the pom file which results in the crash?
cvebintool.zip
Description
Hello! When scanning the application, the analysis will reach the file "rootpom.xml" and causes the <<AttributeError" to fail:' NoneType ' object has no attribute 'text'>>. The application started with the line "cve-bin-tool ./my-app-path |to err.log". Attachments: "error" - output to the console, rootpom.xml - file causing the crash, java.py - my temporary solution(lines 84-95). To understand what's going on, I modified the java.py , for output of filename and types root.find (schema + "artifactId") AND root.find(schema + "version").
To reproduce
Steps to reproduce the behaviour:
Expected behaviour: Actual behaviour:
Version/platform info
Version of CVE-bin-tool: 3.3 Installed from pypi. Operating system: Ubuntu 24.04.1 (Linux 6.8.0-44-generic #44-Ubuntu SMP PREEMPT_DYNAMIC) Python version: python 3.12.3 Running in any particular CI environment we should know about? run into VENV