opensbom-generator / spdx-sbom-generator

Support CI generation of SBOMs via golang tooling.
408 stars 110 forks source link

Fail to generate spdx file for packages with Swift Package Manager #265

Open palaniraja opened 2 years ago

palaniraja commented 2 years ago

Summary

Program exit with error panic: runtime error: invalid memory address or nil pointer dereference and no bom-swift.spdx output file

Background

Trying to generate spdx file from a simple SPM package with its dependencies. testspm-prj.zip

Expected behavior

I expect to get an output file bom-swift.spdx from the Package.swift definition

Screenshots

when I run ./spdx-sbom-generator from swift package src directory, it exits with error panic: runtime error: invalid memory address or nil pointer dereference

./spdx-sbom-generator 
INFO[2022-09-09T14:52:08-07:00] Starting to generate SPDX ...
INFO[2022-09-09T14:52:08-07:00] Running generator for Module Manager: `swift` with output `bom-swift.spdx`
INFO[2022-09-09T14:52:08-07:00] Current Language Version Apple Swift version 5.5.2 (swiftlang-1300.0.47.5 clang-1300.0.29.30)
Target: x86_64-apple-macosx12.0
INFO[2022-09-09T14:52:08-07:00] Global Setting File
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x30 pc=0x145a80f]

goroutine 1 [running]:
github.com/spdx/spdx-sbom-generator/pkg/models.(*CheckSum).String(...)
    /github/workspace/pkg/models/models.go:108
github.com/spdx/spdx-sbom-generator/pkg/format.(*Format).convertToPackage(_, {{0x0, 0x0}, {0xc0029a4700, 0xb}, {0x0, 0x0}, {0xc0029a8240, 0x3c}, {{0x0, ...}, ...}, ...})
    /github/workspace/pkg/format/format.go:160 +0x14f
github.com/spdx/spdx-sbom-generator/pkg/format.(*Format).annotateDocumentWithPackages(0x0?, {0xc0032a1500?, 0x3, 0xb?}, 0xc002044000)
    /github/workspace/pkg/format/format.go:114 +0x125
github.com/spdx/spdx-sbom-generator/pkg/format.(*Format).Render(0xc000571b40)
    /github/workspace/pkg/format/format.go:63 +0x125
github.com/spdx/spdx-sbom-generator/pkg/handler.(*spdxHandler).Run(0xc0001461c0)
    /github/workspace/pkg/handler/spdx.go:106 +0x4fe
main.generate(0x1f77280, {0x17b4c8a?, 0x2?, 0x2?})
    /github/workspace/cmd/generator/generator.go:121 +0x373
github.com/spf13/cobra.(*Command).execute(0x1f77280, {0xc00001e0d0, 0x2, 0x2})
    /go/pkg/mod/github.com/spf13/cobra@v1.1.3/command.go:856 +0x663
github.com/spf13/cobra.(*Command).ExecuteC(0x1f77280)
    /go/pkg/mod/github.com/spf13/cobra@v1.1.3/command.go:960 +0x39c
github.com/spf13/cobra.(*Command).Execute(...)
    /go/pkg/mod/github.com/spf13/cobra@v1.1.3/command.go:897
main.main()
    /github/workspace/cmd/generator/generator.go:39 +0x65

Repository

Which repository causes this error?

Fails for almost of the project i tried except the sample given in the PR #217

Additional Context

N/A

Acceptance Criteria

should generate valid spdx file from the dependencies definition

References

PR #217

mihaigpm commented 2 years ago

I am encountering the same issue. Did anyone manage to find a workaround/fix?