fix: Added None checks for parsed purls (fixes intel#3478) (intel#3490)

fixes intel#3478
ffontaine · Oct 31, 2023 · c4ec1fa · c4ec1fa
1 parent 720e9f9
commit c4ec1fa
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 2 deletions.
diff --git a/cve_bin_tool/sbom_manager/__init__.py b/cve_bin_tool/sbom_manager/__init__.py
@@ -123,8 +123,9 @@ def parse_sbom(self):
                     if ref[1] == "purl":
                         # Process purl identifier
                         purl_info = PackageURL.from_string(ref[2]).to_dict()
-                        modules.append([purl_info["name"], purl_info["version"]])
-                        purl_found = True
+                        if purl_info["name"] and purl_info["version"]:
+                            modules.append([purl_info["name"], purl_info["version"]])
+                            purl_found = True
             if not purl_found:
                 if package.get("version") is not None:
                     modules.append([package["name"], package["version"]])

diff --git a/test/sbom/cyclonedx_mixed_test.json b/test/sbom/cyclonedx_mixed_test.json
@@ -33,6 +33,12 @@
         "name": "GLIBC",
         "version": "2.11.1",
         "purl": "pkg:maven/org.gnu.glibc/[email protected]"
+      },
+      {
+        "name": "invalid_purl_package",
+        "version": "1.1.0",
+        "type": "library",
+        "purl": "pkg:xxx/xxx/xxx"
       }
     ]
   }