Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Malformed licenses field in package json warn not skip #8

Open
wants to merge 3 commits into
base: scribe_main
Choose a base branch
from
Open

Malformed licenses field in package json warn not skip #8

wants to merge 3 commits into from

Conversation

houdini91
Copy link

PR includes small fix to the npm cataloger -
Bug: Packages with unstandard licenses field are dropped.

Root: Package json structure unmarshaling error.

		if err := dec.Decode(&p); err == io.EOF {
			break
		} else if err != nil {
			return nil, nil, fmt.Errorf("failed to parse package.json file: %w", err)
		}

Suggestion: Unmarshal licences field in raw bytes and unmarshal it sepritly so that the package still gets added to the resulted sbom.
Signed-off-by: houdini91 mdstrauss91@gmail.com

@github-actions
Copy link

Benchmark Test Results

Benchmark results from the latest changes vs base branch 
name                                                       time/op
ImagePackageCatalogers/ruby-gemspec-cataloger-2            1.31ms ± 7%
ImagePackageCatalogers/python-package-cataloger-2          3.31ms ± 2%
ImagePackageCatalogers/php-composer-installed-cataloger-2  1.06ms ± 2%
ImagePackageCatalogers/javascript-package-cataloger-2       721µs ± 4%
ImagePackageCatalogers/dpkgdb-cataloger-2                   837µs ± 1%
ImagePackageCatalogers/rpmdb-cataloger-2                    746µs ± 3%
ImagePackageCatalogers/java-cataloger-2                    15.5ms ± 2%
ImagePackageCatalogers/apkdb-cataloger-2                   1.34ms ± 1%
ImagePackageCatalogers/go-module-binary-cataloger-2        2.46µs ± 1%

name                                                       alloc/op
ImagePackageCatalogers/ruby-gemspec-cataloger-2             184kB ± 0%
ImagePackageCatalogers/python-package-cataloger-2           896kB ± 0%
ImagePackageCatalogers/php-composer-installed-cataloger-2   196kB ± 0%
ImagePackageCatalogers/javascript-package-cataloger-2       140kB ± 0%
ImagePackageCatalogers/dpkgdb-cataloger-2                   175kB ± 0%
ImagePackageCatalogers/rpmdb-cataloger-2                    163kB ± 0%
ImagePackageCatalogers/java-cataloger-2                    3.30MB ± 0%
ImagePackageCatalogers/apkdb-cataloger-2                   1.24MB ± 0%
ImagePackageCatalogers/go-module-binary-cataloger-2          672B ± 0%

name                                                       allocs/op
ImagePackageCatalogers/ruby-gemspec-cataloger-2             3.66k ± 0%
ImagePackageCatalogers/python-package-cataloger-2           14.8k ± 0%
ImagePackageCatalogers/php-composer-installed-cataloger-2   4.94k ± 0%
ImagePackageCatalogers/javascript-package-cataloger-2       2.72k ± 0%
ImagePackageCatalogers/dpkgdb-cataloger-2                   3.93k ± 0%
ImagePackageCatalogers/rpmdb-cataloger-2                    4.01k ± 0%
ImagePackageCatalogers/java-cataloger-2                     52.2k ± 0%
ImagePackageCatalogers/apkdb-cataloger-2                    4.82k ± 0%
ImagePackageCatalogers/go-module-binary-cataloger-2          15.0 ± 0%

@houdini91
Malformed licenses field in package json warn not skip
0238919 
Signed-off-by: houdini91 <mdstrauss91@gmail.com>
@houdini91 houdini91 force-pushed the fix/malformed_package_json_licenses_no_fail branch from 23ecfcb to 0238919 Compare May 18, 2022 14:59
houdini91 added 2 commits May 19, 2022 14:14
@houdini91
liceneses failed warn fix
62e470d 
Signed-off-by: houdini91 <mdstrauss91@gmail.com>
@houdini91
package.json malformed licenses unitest
156fb93 
Signed-off-by: houdini91 <mdstrauss91@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@houdini91