Fix vuln. source name dereference if source nil

Signed-off-by: Matt Rutkowski <[email protected]>
CycloneDX · Nov 7, 2024 · 50685e8 · 50685e8
1 parent b538cf9
commit 50685e8
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -1669,7 +1669,7 @@ In this example, the `--from` filter will return the entire JSON components arra
 ]
 ```
 
-**Note**: The command for this example only used the `--from` flag and did not need to supply `--select '*'` as this us the default.
+**Note**: The command for this example only used the `--from` flag and did not need to supply `--select '*'` as this is the default.
 
 ##### Example: Filter result entries with a specified value
 

diff --git a/schema/bom_hash.go b/schema/bom_hash.go
@@ -421,7 +421,7 @@ func (bom *BOM) HashmapVulnerability(cdxVulnerability CDXVulnerability, whereFil
 			// defer to same source as the top-level vuln. declares
 			fSeverity := fmt.Sprintf("%s: %v (%s)", rating.Method, rating.Score, rating.Severity)
 			// give listing priority to ratings that matches top-level vuln. reporting source
-			if rating.Source.Name == cdxVulnerability.Source.Name {
+			if rating.Source != nil && rating.Source.Name == cdxVulnerability.Source.Name {
 				// prepend to slice
 				vulnInfo.CvssSeverity = append([]string{fSeverity}, vulnInfo.CvssSeverity...)
 				continue
-Original file line number
+Diff line change
@@ Expand Up @@
     ]
     ```
-    **Note**: The command for this example only used the `--from` flag and did not need to supply `--select '*'` as this us the default.
+    **Note**: The command for this example only used the `--from` flag and did not need to supply `--select '*'` as this is the default.
     ##### Example: Filter result entries with a specified value
@@ Expand Down @@