search

phylum-dev / cli

Command line interface for the Phylum API
https://phylum.io
GNU General Public License v3.0
99 stars 10 forks source link

Failure to parse SPDX text files with optional package fields #1382

Closed ejortega closed 3 months ago

ejortega commented 3 months ago

Overview

Optional fields before the downloadLocation may cause the parser to fail.

PackageName: cve-bin-tool
SPDXID: SPDXRef-Package-1-cve-bin-tool
PackageVersion: 3.3rc2
PrimaryPackagePurpose: APPLICATION
PackageSupplier: Person: Terri Oda (terri.oda@intel.com)
PackageDownloadLocation: https://pypi.org/project/cve-bin-tool/3.3rc2

How To Reproduce

Steps to reproduce this behavior: This example has two optional fields between the PackageVersion and PackageDownloadLocation. Attempting to parse will lead to a tag, value error.

Expected Behavior

Ignore fields not needed for parsing a specific package.