Closed iotcubedev closed 3 years ago
goneall
commented
3 years ago @iotcubedev could you attach the file that causes the error?
I compared your line above with the SPDX example Snippet declaration and I can't find any significant difference. The example file does parse without error.
I suspect it may be related to lines preceding the snippet declaration.
iotcubedev
commented
3 years ago This error occurs, when converting a file in tag-value format using SpdxConverter.
SpdxConverter.convert(tagFile.getAbsolutePath(), sbomFile.getAbsolutePath(), SerFileType.TAG, SerFileType.JSON);
org.spdx.tag.BuildDocument.buildSnippet(BuildDocument.java:484) checks tag using if statement, but there is no check logic about SnipppetSPDXID.
Thank you for your help.
goneall
commented
3 years ago @iotcubedev Thanks for uploading the file - it looks like this issue occurs when you have 2 consecutive SPDX snippets - definitely a bug.
I'll see if I can find a solution.
goneall
commented
3 years ago Thanks again @iotcubedev for reporting the issue. The issue only occurs when you have more than one consecutive snippets in a tag/value file. Interestingly, this defect has been around for a very long time and has just now been observed or reported.
This is now resolved with PR #17
You caught me at a good time, I'm just about do generate a new release. I'll include this fix.
Unrelated to the bug, I found a few issues in the attached tag/value file by running the verify utility. There are not severe issues which stop the parsing, so it should translate even with the verification errors. Below is the output from verify:
ERROR StatusLogger No log4j2 configuration file found. Using default configuration: logging only errors to the console. Set system property 'log4j2.debug' to show Log4j2 internal initialization logging.
This SPDX Document is not valid due to:
Package at line 206 invalid: GPL-3.0 is deprecated. in profanity@jigsawOne
Package at line 445 invalid: LGPL-2.1 is deprecated. in com.puppycrawl.tools:checkstyle@8.21
Package at line 476 invalid: Warning: Found analyzed files for package com.google.guava:listenablefuture@9999.0-empty-to-avoid-conflict-with-guava when analyzedFiles is set to false.
Package at line 476 invalid: Missing required SHA1 hashcode value for src/test/c/CVE-2016-1899_4.3_CWE-000_1c581a072651524f3b0d91f33e22a42c4166dd96_cgit.c_26_OLD.vul.c in com.google.guava:listenablefuture@9999.0-empty-to-avoid-conflict-with-guava
Package at line 476 invalid: Missing required SHA1 hashcode value for src/main/java/custom/maven/project/util/Secret.java in com.google.guava:listenablefuture@9999.0-empty-to-avoid-conflict-with-guava
Package at line 476 invalid: Missing required SHA1 hashcode value for src/main/java/custom/maven/project/util/CryptoConfidentialKey.java in com.google.guava:listenablefuture@9999.0-empty-to-avoid-conflict-with-guava
Package at line 476 invalid: Missing required SHA1 hashcode value for slf4j-ext/EventLogger.java in com.google.guava:listenablefuture@9999.0-empty-to-avoid-conflict-with-guava
Package at line 476 invalid: Missing required SHA1 hashcode value for src/main/java/custom/maven/project/util/OfflineCause.java in com.google.guava:listenablefuture@9999.0-empty-to-avoid-conflict-with-guava
Package at line 476 invalid: Missing required SHA1 hashcode value for slf4j-ext/EventData.java in com.google.guava:listenablefuture@9999.0-empty-to-avoid-conflict-with-guava
Snippet at line 568 invalid: Missing required SHA1 hashcode value for src/main/java/custom/maven/project/util/Secret.java
Snippet at line 645 invalid: Missing required SHA1 hashcode value for slf4j-ext/EventData.java
Snippet at line 535 invalid: Missing required SHA1 hashcode value for slf4j-ext/EventData.java
Snippet at line 579 invalid: Missing required SHA1 hashcode value for src/main/java/custom/maven/project/util/CryptoConfidentialKey.java
Snippet at line 623 invalid: Missing required SHA1 hashcode value for src/test/c/CVE-2016-1899_4.3_CWE-000_1c581a072651524f3b0d91f33e22a42c4166dd96_cgit.c_26_OLD.vul.c
Snippet at line 546 invalid: Missing required SHA1 hashcode value for src/main/java/custom/maven/project/util/OfflineCause.java
Snippet at line 612 invalid: Missing required SHA1 hashcode value for slf4j-ext/EventLogger.java
Snippet at line 634 invalid: Missing required SHA1 hashcode value for slf4j-ext/EventData.java
Snippet at line 590 invalid: Missing required SHA1 hashcode value for slf4j-ext/EventData.java
Snippet at line 601 invalid: Missing required SHA1 hashcode value for src/main/java/custom/maven/project/util/Secret.java
Snippet at line 557 invalid: Missing required SHA1 hashcode value for src/main/java/custom/maven/project/util/CryptoConfidentialKey.java
Missing required document name
Creator does not start with one of Person:, Organization:, Tool:Resolved with #17
If snippet is defined in a document with tag-value format, an error occurs when converting to other format(rdf, xml, etc.)
Snippet Information
SnippetSPDXID: SPDXRef-EA073AD1F072E19FD4AB65B3C1555974
error log Caused by: org.spdx.library.InvalidSPDXAnalysisException: Error parsing snippet. Unrecognized tag: SnippetSPDXID: at line number 546 at org.spdx.tag.BuildDocument.buildSnippet(BuildDocument.java:484) BuildDocument.java:484 at org.spdx.tag.BuildDocument.buildDocument(BuildDocument.java:404) BuildDocument.java:404 at org.spdx.tag.HandBuiltParser.data(HandBuiltParser.java:100) HandBuiltParser.java:100 at org.spdx.tagvaluestore.TagValueStore.deSerialize(TagValueStore.java:88) TagValueStore.java:88 at org.spdx.tools.SpdxConverter.convert(SpdxConverter.java:151) SpdxConverter.java:151