search

opensbom-generator / spdx-sbom-generator

Support CI generation of SBOMs via golang tooling.
407 stars 110 forks source link

GetCopyright Index Out of Range Error #218

Open dealako opened 3 years ago

dealako commented 3 years ago

Summary

Helper - GetCopyright function - Runtime error: index out of range [] with length

Background

Index out of range occurs when providing the string "copyright" to the function:

panic: runtime error: index out of range [1] with length 1

goroutine 1 [running]:
runtime/debug.Stack(0xc00310e510, 0xc002ec3c00, 0x33)
    runtime/debug/stack.go:24 +0x9f
git.fuzzbuzz.io/fuzz.(*F).Close(0xc003103800)
    git.fuzzbuzz.io/fuzz/f_obj.go:657 +0x7d2
panic(0xa24940, 0xc00310e510)
    runtime/panic.go:965 +0x1b9
github.com/spdx/spdx-sbom-generator/pkg/helper.GetCopyright(0xc00310acd7, 0x9, 0x9, 0xc003110380)
    /src/pkg/helper/helper.go:158 +0x754
github.com/spdx/spdx-sbom-generator/pkg/helper.FuzzGetCopyright(0xc003103800)
    /src/pkg/helper/fuzzbuzz_autogen.go:8 +0x7e
github.com/spdx/spdx-sbom-generator/fuzzing/fuzzbuzzauto.FuzzFunction0(...)
    /src/fuzzing/fuzzbuzzauto/fuzz.go:9
github.com/spdx/spdx-sbom-generator/fuzzing/fuzzbuzzauto.FuzzFunction0_FuzzWrapper(0x6608e1b147c38b75, 0x9aaac0, 0xc0030f4918, 0x0)
    github.com/spdx/spdx-sbom-generator/fuzzing/fuzzbuzzauto/fuzzwrappers.go:12 +0x91
git.fuzzbuzz.io/fuzz/endpoint.(*StandardFuzzEndpoint).StartMain(0xc000167e08)
    git.fuzzbuzz.io/fuzz/endpoint/endpoint.go:150 +0x4de
base-dep.Main(0x10c2418, 0x0, 0x0, 0xc002774bf0, 0x4, 0x4, 0xc00007e0f0, 0xa, 0xa)
    base-dep/main.go:50 +0x385
main.main()
    github.com/spdx/spdx-sbom-generator/fuzzing/fuzzbuzzauto/go.fuzz.main/main.go:36 +0x125

Expected behavior

The function should not crash/die when provided invalid input.

Screenshots

Screen Shot 2021-07-27 at 10 37 07 AM

Repository

Which repository causes this error?

Additional Context

Optional - add any other context about the problem here.

Acceptance Criteria

The "done" criteria when this feature or problem is resolved. Such as:

  1. Unit Tests added and running in CI
  2. Functional Tests updated to cover feature, if applicable
  3. Demonstrate the set of capabilities to the product team

References

SecKatie commented 3 years ago

A very similar error occurs when running the tool on a go.mod file that has no dependencies.

Please see the test case introduced here: https://github.com/Homebrew/homebrew-core/pull/84924