Skip to content

Commit

Permalink
Merge pull request #194 from CycloneDX/fix-nil-pointer-deref
Browse files Browse the repository at this point in the history 
fix: `nil` pointer dereference during evidence conversion
  • Loading branch information
@nscuro
nscuro authored Sep 14, 2024
2 parents 6f53207 + ce43b6f commit 39328d3
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 8 deletions.
16 changes: 9 additions & 7 deletions convert.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -195,13 +195,15 @@ func convertEvidence(c *Component, specVersion SpecVersion) {
}

if specVersion < SpecVersion1_6 {
for i := range *c.Evidence.Occurrences {
occ := &(*c.Evidence.Occurrences)[i]

occ.Line = nil
occ.Offset = nil
occ.Symbol = ""
occ.AdditionalContext = ""
if c.Evidence.Occurrences != nil {
for i := range *c.Evidence.Occurrences {
occ := &(*c.Evidence.Occurrences)[i]

occ.Line = nil
occ.Offset = nil
occ.Symbol = ""
occ.AdditionalContext = ""
}
}
}

Expand Down
3 changes: 2 additions & 1 deletion validate_json_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@
package cyclonedx

import (
"errors"
"fmt"

"github.com/xeipuuv/gojsonschema"
Expand Down Expand Up @@ -60,5 +61,5 @@ func (jv jsonValidator) Validate(bom []byte, specVersion SpecVersion) error {
errSummary += fmt.Sprintf("\n - %s", verr.String())
}

return fmt.Errorf(errSummary)
return errors.New(errSummary)
}

0 comments on commit 39328d3

Please sign in to comment.