Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cdxgen crash when scala project isn't at repository root dir #822

Merged
merged 6 commits into from
Jan 22, 2024
Merged

cdxgen crash when scala project isn't at repository root dir #822

merged 6 commits into from
Jan 22, 2024

Conversation

rogeriobastos
Copy link
Contributor

@rogeriobastos rogeriobastos commented Jan 17, 2024
edited
Loading

cdxgen crach when analyse a scala repository where the project dir isn't at the root directory. The following directory structure can be used to reproduce the bug.

/git/test/
└── src
    └── scala
        ├── build.sbt
        ├── project
        │   ├── build.properties

This is happening because determineSbtVersion() function is being called against the root dir here and it can't find the build.properties file. cdxgen crash with the following error:

Scanning /git/test/
Detected sbt version: null
/opt/node/lib/node_modules/@cyclonedx/cdxgen/node_modules/semver/classes/semver.js:19
      throw new TypeError(`Invalid version. Must be a string. Got type "${typeof version}".`)

With this PR if cdxgen can't detect sbt version at the root of repository being analysed it will loop over sbtProjects array trying to find a valid build.properties file.

@rogeriobastos
Move determineSbtVersion to for loop
3cee672 
Signed-off-by: Rogerio Bastos <[email protected]>
@rogeriobastos
Fix identation
9296fdf 
Signed-off-by: Rogerio Bastos <[email protected]>
@rogeriobastos
Copy link
Contributor Author

I found an use case where this PR fails: when there are nested project directories and one build.properties does reference data on another. So I have to improve this fix.

@rogeriobastos rogeriobastos marked this pull request as draft January 22, 2024 12:08
@rogeriobastos rogeriobastos marked this pull request as ready for review January 22, 2024 13:53
@rogeriobastos
Copy link
Contributor Author

I've rewrite the patch. I think it is ok now.

@prabhu
Copy link
Collaborator

prabhu commented Jan 22, 2024

Could you run npm run pretty?

@rogeriobastos
fix identation
30b0ccc 
Signed-off-by: Rogerio Bastos <[email protected]>
prabhu
prabhu approved these changes Jan 22, 2024
View reviewed changes
Copy link
Collaborator

@prabhu prabhu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you!

@prabhu prabhu merged commit ac272e1 into CycloneDX:master Jan 22, 2024
17 checks passed
@rogeriobastos rogeriobastos deleted the roger/fix-sbt-version branch January 22, 2024 17:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@prabhu prabhu prabhu approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@rogeriobastos @prabhu