fix: [bug description] Inaccurate log message #4670
Assignees
Labels
bug
Something isn't working
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
Inaccurate log message when processing a SBOM
To reproduce
Steps to reproduce the behaviour:
1 Scan an SBOM which has packages with PURL elements
2. Run with --log debug
Expected behaviour:
Lots of log messages but just 'Found PURL' for each package
Actual behaviour:
DEBUG cve_bin_tool - Found PURL parse.py:383 DEBUG cve_bin_tool - No version found in {'name': 'semantic-version', 'type': 'LIBRARY', 'id': 'SPDXRef-Package-4-semantic-version', 'version': '2.10.0', 'supplier_type': 'Person', 'supplier': 'Raphael Barrois parse.py:306 ([email protected])', 'downloadlocation': 'https://pypi.org/project/semantic-version/2.10.0', 'filesanalysis': 'false', 'licensedeclared': 'NOASSERTION', 'licenseconcluded': 'BSD-3-Clause', 'licensecomments': 'semantic-version declares BSD which is not currently a valid SPDX License identifier or expression.', 'copyrighttext': 'NOASSERTION', 'summary': "A library implementing the 'SemVer' scheme.", 'externalreference': [['PACKAGE-MANAGER', 'purl', 'pkg:pypi/[email protected]'], ['SECURITY', 'cpe23Type', 'cpe:2.3:a:raphael_barrois:semantic-version:2.10.0:*:*:*:*:*:*:*']]}Version/platform info
Version of CVE-bin-tool( e.g. output of
cve-bin-tool --version): 3.4Anything else?
The code in sbom_manager/parse.py (lines 303-306) needs to only output 'No version found', if version is None
Suggested change (line 305):
else: => elif version is None:The text was updated successfully, but these errors were encountered: