| skipped 2 lines |
3 | 3 | | |
4 | 4 | | import ( |
5 | 5 | | "fmt" |
| 6 | + | "runtime/debug" |
6 | 7 | | |
7 | 8 | | "github.com/github/go-spdx/v2/spdxexp" |
8 | 9 | | |
| skipped 7 lines |
16 | 17 | | Concluded Type = "concluded" |
17 | 18 | | ) |
18 | 19 | | |
19 | | - | func ParseExpression(expression string) (string, error) { |
| 20 | + | func ParseExpression(expression string) (ex string, err error) { |
| 21 | + | // https://github.com/anchore/syft/issues/1837 |
| 22 | + | // The current spdx library can panic when parsing some expressions |
| 23 | + | // This is a temporary fix to recover and patch until we can investigate and contribute |
| 24 | + | // a fix to the upstream github library |
| 25 | + | defer func() { |
| 26 | + | if r := recover(); r != nil { |
| 27 | + | err = fmt.Errorf("recovered from panic while parsing license expression at: \n%s", string(debug.Stack())) |
| 28 | + | } |
| 29 | + | }() |
| 30 | + | |
20 | 31 | | licenseID, exists := spdxlicense.ID(expression) |
21 | 32 | | if exists { |
22 | 33 | | return licenseID, nil |
23 | 34 | | } |
24 | | - | |
25 | 35 | | // If it doesn't exist initially in the SPDX list it might be a more complex expression |
26 | 36 | | // ignored variable is any invalid expressions |
27 | 37 | | // TODO: contribute to spdxexp to expose deprecated license IDs |
28 | 38 | | // https://github.com/anchore/syft/issues/1814 |
29 | 39 | | valid, _ := spdxexp.ValidateLicenses([]string{expression}) |
30 | 40 | | if !valid { |
31 | | - | return "", fmt.Errorf("failed to validate spdx expression: %s", expression) |
| 41 | + | return "", fmt.Errorf("invalid SPDX expression: %s", expression) |
32 | 42 | | } |
33 | 43 | | |
34 | 44 | | return expression, nil |
| skipped 2 lines |