The application crashes when scanning a file

uh3tay commented 1 month ago

Description

Hello! When scanning the application, the analysis will reach the file "rootpom.xml" and causes the <<AttributeError" to fail:' NoneType ' object has no attribute 'text'>>. The application started with the line "cve-bin-tool ./my-app-path |to err.log". Attachments: "error" - output to the console, rootpom.xml - file causing the crash, java.py - my temporary solution(lines 84-95). To understand what's going on, I modified the java.py , for output of filename and types root.find (schema + "artifactId") AND root.find(schema + "version").

To reproduce

Steps to reproduce the behaviour:

Activate VENV: oldscool-cvebintool/bin/activate
Scan using "cve-bin-tool ./my-app-path"

Expected behaviour: Actual behaviour:

Version/platform info

Version of CVE-bin-tool: 3.3 Installed from pypi. Operating system: Ubuntu 24.04.1 (Linux 6.8.0-44-generic #44-Ubuntu SMP PREEMPT_DYNAMIC) Python version: python 3.12.3 Running in any particular CI environment we should know about? run into VENV

terriko commented 1 month ago

Sounds like a bug in the java parser. I'm not completely surprised; we could really use some help making better test cases for java because it feels like there's a lot of behaviours we haven't captured very well yet.

Did you want to submit your fix as a pull request so it could be integrated?

anthonyharrison commented 1 month ago

@uh3tay The Java parser is very simple and assumes that the pom file is valid. Can you provide the pom file which results in the crash?

intel / cve-bin-tool