search

opensbom-generator / spdx-sbom-generator

Support CI generation of SBOMs via golang tooling.
406 stars 110 forks source link

panic: runtime error: index out of range [1] with length 1 #245

Open oliversalzburg opened 2 years ago

oliversalzburg commented 2 years ago

Summary

I wanted to try out this tool and just ran it. It didn't produce any usable output and just threw a cryptic error.

INFO[2022-06-09T14:24:20Z] Starting to generate SPDX ...                
INFO[2022-06-09T14:24:20Z] Running generator for Module Manager: `yarn` with output `/out/bom-yarn.spdx` 
INFO[2022-06-09T14:24:20Z] Current Language Version 1.22.11             
panic: runtime error: index out of range [1] with length 1

goroutine 1 [running]:
github.com/spdx/spdx-sbom-generator/pkg/modules/yarn.appendNestedDependencies(0xc003200000, 0x3e4, 0x4ec, 0x3e4, 0x4ec, 0x0)
        /src/pkg/modules/yarn/handler.go:394 +0x7c6
github.com/spdx/spdx-sbom-generator/pkg/modules/yarn.(*yarn).ListModulesWithDeps(0xc00001e370, 0x7ffe13e39f42, 0xc, 0x0, 0x0, 0x1, 0x1, 0xc7a020)
        /src/pkg/modules/yarn/handler.go:169 +0xef
github.com/spdx/spdx-sbom-generator/pkg/modules.(*Manager).Run(0xc00306b000, 0x4, 0xcae7af)
        /src/pkg/modules/modules.go:99 +0x157
github.com/spdx/spdx-sbom-generator/pkg/handler.(*spdxHandler).Run(0xc0030e4180, 0xb, 0x7ffe13e39f42)
        /src/pkg/handler/spdx.go:73 +0x2ec
main.generate(0x1400b60, 0xc00306aec0, 0x0, 0x4)
        /src/cmd/generator/generator.go:105 +0x449
github.com/spf13/cobra.(*Command).execute(0x1400b60, 0xc00001e150, 0x4, 0x4, 0x1400b60, 0xc00001e150)
        /src/vendor/github.com/spf13/cobra/command.go:856 +0x2c2
github.com/spf13/cobra.(*Command).ExecuteC(0x1400b60, 0x41ae01, 0x0, 0x0)
        /src/vendor/github.com/spf13/cobra/command.go:960 +0x375
github.com/spf13/cobra.(*Command).Execute(...)
        /src/vendor/github.com/spf13/cobra/command.go:897
main.main()
        /src/cmd/generator/generator.go:37 +0x65

Background

$ docker run -it --rm \
    -v "$(pwd):/repository" \
    -v "$(pwd)/out:/out" \
    spdx/spdx-sbom-generator -p /repository/ -o /out/

Expected behavior

I don't know what to expect, but it's not this.

Repository

Which repository causes this error?

https://github.com/oliversalzburg/plantdb

dylanspag commented 2 years ago

I’m seeing essentially the same behavior though in a python environment:

INFO[2022-09-06T21:11:58Z] Starting to generate SPDX ...
INFO[2022-09-06T21:11:58Z] Running generator for Module Manager: `pyenv` with output `tmp/bom-pyenv.spdx` 
INFO[2022-09-06T21:11:58Z] Current Language Version Python 3.10.0
panic: runtime error: index out of range [1] with length 1

goroutine 1 [running]:
...
dylanspag commented 2 years ago

It seems like this is related to https://github.com/opensbom-generator/spdx-sbom-generator/issues/218 (possibly a duplicate)

dylanspag commented 2 years ago

Assuming I’ve understood the code properly, this should help resolve this error: https://github.com/opensbom-generator/spdx-sbom-generator/pull/266