I have been experiencing this bug since v2.10.0. I am testing basically the
following:
capycli bom map -cf ComponentCache.json -rc --similar -oa \
--matchmode all-versions -vv \
-i rust_filtered.bom.cdx.json \
-mr rust_filtered_mapped_sbom4rust.mapresult.sbom.json \
-o rust_filtered.mapped.bom.cdx.jsonThe bug occurs when CaPyCLI processes the -o rust_filtered.mapped.bom.cdx.json
output file directly:
Writing updated SBOM to rust_filtered.mapped.bom.cdx.json
Traceback (most recent call last):
File "/home/rfuentess/env/yassi/bin/capycli", line 8, in <module>
sys.exit(main())
^^^^^^
File "/home/rfuentess/env/yassi/lib/python3.11/site-packages/capycli/main/cli.py", line 28, in main
app.run(argv)
File "/home/rfuentess/env/yassi/lib/python3.11/site-packages/capycli/main/application.py", line 159, in run
self._run(argv)
File "/home/rfuentess/env/yassi/lib/python3.11/site-packages/capycli/main/application.py", line 140, in _run
handle_bom.run_bom_command(self.options)
File "/home/rfuentess/env/yassi/lib/python3.11/site-packages/capycli/bom/handle_bom.py", line 89, in run_bom_command
app5.run(args)
File "/home/rfuentess/env/yassi/lib/python3.11/site-packages/capycli/bom/map_bom.py", line 989, in run
new_bom = self.create_updated_bom(sbom, result)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/rfuentess/env/yassi/lib/python3.11/site-packages/capycli/bom/map_bom.py", line 695, in create_updated_bom
newitem = self.update_bom_item(None, match_item)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/rfuentess/env/yassi/lib/python3.11/site-packages/capycli/bom/map_bom.py", line 531, in update_bom_item
purl=PackageURL.from_string(purl),
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/rfuentess/env/yassi/lib/python3.11/site-packages/packageurl/__init__.py", line 485, in from_string
raise ValueError(f'purl is missing the required "pkg" scheme component: {repr(purl)}.')
ValueError: purl is missing the required "pkg" scheme component: '["pkg:cargo/clap_builder@4.5.60","pkg:cargo/clap@4.5.60"]'.
Based at that output, the issue is that at some point the map result
contains a list of strings instead of a single match. However, I cannot
provide additional details about the component triggering the bug, as the
purl entry, AFAIK, appears when CaPyCLI performs the mapping against SW360 and
does not match a single entry at the component lists from my Rust manifest.
Relevant code::
|
# create a new one |
|
if purl: |
|
component = Component( |
|
name=match.get("Name", ""), |
|
version=match.get("Version", ""), |
|
purl=PackageURL.from_string(purl), |
|
bom_ref=match.get("RepositoryId", "")) |
I have been experiencing this bug since v2.10.0. I am testing basically the
following:
capycli bom map -cf ComponentCache.json -rc --similar -oa \ --matchmode all-versions -vv \ -i rust_filtered.bom.cdx.json \ -mr rust_filtered_mapped_sbom4rust.mapresult.sbom.json \ -o rust_filtered.mapped.bom.cdx.jsonThe bug occurs when CaPyCLI processes the
-o rust_filtered.mapped.bom.cdx.jsonoutput file directly:
Based at that output, the issue is that at some point the map result
contains a list of strings instead of a single match. However, I cannot
provide additional details about the component triggering the bug, as the
purl entry, AFAIK, appears when CaPyCLI performs the mapping against SW360 and
does not match a single entry at the component lists from my Rust manifest.
Relevant code::
capycli/capycli/bom/map_bom.py
Lines 526 to 532 in 14ac5a3