fix: added a fingers-crossed handling for failed input data decoding (#612)

Signed-off-by: Jan Kowalleck <[email protected]>

Author: jkowalleck

cyclonedx_py/client.py

@@ -290,10 +290,14 @@ def _get_input_parser(self) -> BaseParser:
         with input_data_fh:
             input_data = input_data_fh.read()
             if isinstance(input_data, bytes):
-                input_encoding = (chardetect(input_data)['encoding'] or '').replace(
-                    # replace Windows-encoding with code-page
-                    'Windows-', 'cp')
-                input_data = input_data.decode(input_encoding)
+                try:
+                    input_encoding = (chardetect(input_data)['encoding'] or sys.getdefaultencoding()).replace(
+                        # replace Windows-encoding with code-page
+                        'Windows-', 'cp')
+                    input_data = input_data.decode(input_encoding)
+                except ValueError:
+                    # last resort: try utf8 and hope for the best
+                    input_data = input_data.decode('utf-8', 'backslashreplace')
             input_data_fh.close()
 
         if self._arguments.input_from_conda_explicit:

cyclonedx_py/parser/poetry.py

@@ -87,7 +87,7 @@ def __init__(
             debug_message: DebugMessageCallback = quiet
     ) -> None:
         debug_message('open file: {}', poetry_lock_filename)
-        with open(poetry_lock_filename) as plf:
+        with open(poetry_lock_filename, errors='backslashreplace') as plf:
             super(PoetryFileParser, self).__init__(
                 poetry_lock_contents=plf.read(), use_purl_bom_ref=use_purl_bom_ref,
                 debug_message=debug_message

tests/fixtures/poetry-lock-regression-issue611.txt.bin

@@ -0,0 +1,17 @@
+# This file is automatically @generated by Poetry 1.6.1 and should not be changed by hand.
+
+[[package]]
+name = "pyhumps"
+version = "3.7.1"
+description = "🐫  Convert strings (and dictionary keys) between snake case, camel case and pascal case in Python. Inspired by Humps for Node"
+optional = false
+python-versions = "*"
+files = [
+    {file = "pyhumps-3.7.1-py3-none-any.whl", hash = "sha256:c6f2d833f2c7afae039d71b7dc0aba5412ae5b8c8c33d4a208c1d412de17229e"},
+    {file = "pyhumps-3.7.1.tar.gz", hash = "sha256:5616f0afdbc73ef479fa9999f4abdcb336a0232707ff1a0b86e29fc9339e18da"},
+]
+
+[metadata]
+lock-version = "2.0"
+python-versions = "^3.11"
+content-hash = "e9676d347231afe6a46e027d88442e90348436b55346267e68a37e340c5f8f6f"

tests/test_parser_poetry.py

@@ -53,3 +53,12 @@ def test_simple_purl_bom_ref(self, lock_file_name: str) -> None:
         self.assertEqual(component.purl.to_string(), component.bom_ref.value)
         self.assertEqual('0.10.2', component.version)
         self.assertEqual(2, len(component.external_references), f'{component.external_references}')
+
+    def test_regression_issue611(self) -> None:
+        # see https://github.com/CycloneDX/cyclonedx-python/issues/611
+        lock_file_name = 'poetry-lock-regression-issue611.txt.bin'
+        poetry_lock_filename = os.path.join(os.path.dirname(__file__), 'fixtures', lock_file_name)
+        parser = PoetryFileParser(poetry_lock_filename=poetry_lock_filename, use_purl_bom_ref=True)
+        self.assertEqual(1, parser.component_count())
+        component = next(filter(lambda c: c.name == 'pyhumps', parser.get_components()), None)
+        self.assertEqual('pyhumps', component.name)