Skip to content

Fix panic in pom parsing#2064

Merged
willmurphyscode merged 3 commits into
mainfrom
fix-panic-in-pom-parsing
Aug 25, 2023
Merged

Fix panic in pom parsing#2064
willmurphyscode merged 3 commits into
mainfrom
fix-panic-in-pom-parsing

Conversation

@willmurphyscode
Copy link
Copy Markdown
Contributor

@willmurphyscode willmurphyscode commented Aug 25, 2023
edited
Loading

A recent update to gopom changed many fields to be omitted when empty, resulting in a number of nil pointers inside the nested structure of the pom that previously didn't exist. Defend against these in the search for the property value.

Fixes #2060

@willmurphyscode
initial attempt at fix
1ac8861 
Signed-off-by: Will Murphy <will.murphy@anchore.com>
@willmurphyscode
fix: stop nil pointer panic in pom reflection
8a5bbad 
A recent update to gopom changed many fields to be omitted when empty,
resulting in a number of nil pointers inside the nested structure of the
pom that previously didn't exist. Defend against these in the search for
the property value.

Signed-off-by: Will Murphy <will.murphy@anchore.com>
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Aug 25, 2023
edited
Loading

Benchmark Test Results

Benchmark results from the latest changes vs base branch 
goos: linux%0Agoarch: amd64%0Apkg: github.com/anchore/syft/test/integration%0Acpu: Intel(R) Xeon(R) Platinum 8272CL CPU @ 2.60GHz%0A                                                              │ ./.tmp/benchmark-0dc4b0d.txt │%0A                                                              │            sec/op            │%0AImagePackageCatalogers/alpmdb-cataloger-2                                       12.47m ±  1%25%0AImagePackageCatalogers/apkdb-cataloger-2                                        697.3µ ±  1%25%0AImagePackageCatalogers/binary-cataloger-2                                       208.4µ ±  1%25%0AImagePackageCatalogers/dpkgdb-cataloger-2                                       593.4µ ±  2%25%0AImagePackageCatalogers/dotnet-portable-executable-cataloger-2                   21.46µ ±  4%25%0AImagePackageCatalogers/go-module-binary-cataloger-2                             94.37µ ± 16%25%0AImagePackageCatalogers/java-cataloger-2                                         17.95m ±  3%25%0AImagePackageCatalogers/graalvm-native-image-cataloger-2                         94.72µ ±  1%25%0AImagePackageCatalogers/javascript-package-cataloger-2                           381.8µ ±  2%25%0AImagePackageCatalogers/nix-store-cataloger-2                                    277.5µ ±  3%25%0AImagePackageCatalogers/php-composer-installed-cataloger-2                       839.1µ ±  4%25%0AImagePackageCatalogers/portage-cataloger-2                                      487.9µ ±  2%25%0AImagePackageCatalogers/python-package-cataloger-2                               3.365m ±  1%25%0AImagePackageCatalogers/r-package-cataloger-2                                    200.4µ ±  2%25%0AImagePackageCatalogers/rpm-db-cataloger-2                                       555.6µ ±  1%25%0AImagePackageCatalogers/ruby-gemspec-cataloger-2                                 925.0µ ±  1%25%0AImagePackageCatalogers/sbom-cataloger-2                                         120.5µ ±  0%25%0Ageomean                                                                         496.2µ%0A%0A                                                              │ ./.tmp/benchmark-0dc4b0d.txt │%0A                                                              │             B/op             │%0AImagePackageCatalogers/alpmdb-cataloger-2                                       5.135Mi ± 0%25%0AImagePackageCatalogers/apkdb-cataloger-2                                        184.3Ki ± 0%25%0AImagePackageCatalogers/binary-cataloger-2                                       30.79Ki ± 0%25%0AImagePackageCatalogers/dpkgdb-cataloger-2                                       141.4Ki ± 0%25%0AImagePackageCatalogers/dotnet-portable-executable-cataloger-2                   3.696Ki ± 0%25%0AImagePackageCatalogers/go-module-binary-cataloger-2                             9.906Ki ± 0%25%0AImagePackageCatalogers/java-cataloger-2                                         3.065Mi ± 0%25%0AImagePackageCatalogers/graalvm-native-image-cataloger-2                         8.594Ki ± 0%25%0AImagePackageCatalogers/javascript-package-cataloger-2                           83.81Ki ± 0%25%0AImagePackageCatalogers/nix-store-cataloger-2                                    38.93Ki ± 0%25%0AImagePackageCatalogers/php-composer-installed-cataloger-2                       155.1Ki ± 0%25%0AImagePackageCatalogers/portage-cataloger-2                                      109.8Ki ± 0%25%0AImagePackageCatalogers/python-package-cataloger-2                               986.3Ki ± 0%25%0AImagePackageCatalogers/r-package-cataloger-2                                    42.91Ki ± 0%25%0AImagePackageCatalogers/rpm-db-cataloger-2                                       170.9Ki ± 0%25%0AImagePackageCatalogers/ruby-gemspec-cataloger-2                                 123.4Ki ± 0%25%0AImagePackageCatalogers/sbom-cataloger-2                                         14.20Ki ± 0%25%0Ageomean                                                                         93.04Ki%0A%0A                                                              │ ./.tmp/benchmark-0dc4b0d.txt │%0A                                                              │          allocs/op           │%0AImagePackageCatalogers/alpmdb-cataloger-2                                        88.06k ± 0%25%0AImagePackageCatalogers/apkdb-cataloger-2                                         4.033k ± 0%25%0AImagePackageCatalogers/binary-cataloger-2                                         866.0 ± 0%25%0AImagePackageCatalogers/dpkgdb-cataloger-2                                        2.911k ± 0%25%0AImagePackageCatalogers/dotnet-portable-executable-cataloger-2                     132.0 ± 0%25%0AImagePackageCatalogers/go-module-binary-cataloger-2                               281.0 ± 0%25%0AImagePackageCatalogers/java-cataloger-2                                          40.69k ± 0%25%0AImagePackageCatalogers/graalvm-native-image-cataloger-2                           228.0 ± 0%25%0AImagePackageCatalogers/javascript-package-cataloger-2                            1.264k ± 0%25%0AImagePackageCatalogers/nix-store-cataloger-2                                      820.0 ± 0%25%0AImagePackageCatalogers/php-composer-installed-cataloger-2                        3.845k ± 0%25%0AImagePackageCatalogers/portage-cataloger-2                                       2.194k ± 0%25%0AImagePackageCatalogers/python-package-cataloger-2                                16.14k ± 0%25%0AImagePackageCatalogers/r-package-cataloger-2                                      851.0 ± 0%25%0AImagePackageCatalogers/rpm-db-cataloger-2                                        3.914k ± 0%25%0AImagePackageCatalogers/ruby-gemspec-cataloger-2                                  2.291k ± 0%25%0AImagePackageCatalogers/sbom-cataloger-2                                           394.0 ± 0%25%0Ageomean                                                                          2.000k

kzantow
kzantow approved these changes Aug 25, 2023
View reviewed changes
Copy link
Copy Markdown
Contributor

@kzantow kzantow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM -- one minor note, which isn't actually about code changed here so feel free to ignore it

Comment thread syft/pkg/cataloger/java/parse_pom_xml.go Outdated
@willmurphyscode
trim tag suffixes besides omitempty
33fb8ed 
Signed-off-by: Will Murphy <will.murphy@anchore.com>
@willmurphyscode willmurphyscode merged commit d08e2be into main Aug 25, 2023
@willmurphyscode willmurphyscode deleted the fix-panic-in-pom-parsing branch August 25, 2023 16:04
This was referenced Aug 28, 2023
Closed
Closed
Closed
Closed
Merged
Closed
Closed
@dependabot dependabot Bot mentioned this pull request Sep 4, 2023
Closed
GijsCalis pushed a commit to GijsCalis/syft that referenced this pull request Feb 19, 2024
@willmurphyscode
Fix panic in pom parsing (anchore#2064)
4845a03 
A recent update to gopom changed many fields to be omitted when empty,
resulting in a number of nil pointers inside the nested structure of the
pom that previously didn't exist. Defend against these in the search for
the property value.

Signed-off-by: Will Murphy <will.murphy@anchore.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kzantow kzantow kzantow approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Error parsing pom.xml with v0.87.1

2 participants

@willmurphyscode @kzantow