| skipped 2 lines |
| 3 | 3 | | |
| 4 | 4 | | import ( |
| 5 | 5 | | "fmt" |
| | 6 | + | "runtime/debug" |
| 6 | 7 | | |
| 7 | 8 | | "github.com/github/go-spdx/v2/spdxexp" |
| 8 | 9 | | |
| skipped 7 lines |
| 16 | 17 | | Concluded Type = "concluded" |
| 17 | 18 | | ) |
| 18 | 19 | | |
| 19 | | - | func ParseExpression(expression string) (string, error) { |
| | 20 | + | func ParseExpression(expression string) (ex string, err error) { |
| | 21 | + | // https://github.com/anchore/syft/issues/1837 |
| | 22 | + | // The current spdx library can panic when parsing some expressions |
| | 23 | + | // This is a temporary fix to recover and patch until we can investigate and contribute |
| | 24 | + | // a fix to the upstream github library |
| | 25 | + | defer func() { |
| | 26 | + | if r := recover(); r != nil { |
| | 27 | + | err = fmt.Errorf("recovered from panic while parsing license expression at: \n%s", string(debug.Stack())) |
| | 28 | + | } |
| | 29 | + | }() |
| | 30 | + | |
| 20 | 31 | | licenseID, exists := spdxlicense.ID(expression) |
| 21 | 32 | | if exists { |
| 22 | 33 | | return licenseID, nil |
| 23 | 34 | | } |
| 24 | | - | |
| 25 | 35 | | // If it doesn't exist initially in the SPDX list it might be a more complex expression |
| 26 | 36 | | // ignored variable is any invalid expressions |
| 27 | 37 | | // TODO: contribute to spdxexp to expose deprecated license IDs |
| 28 | 38 | | // https://github.com/anchore/syft/issues/1814 |
| 29 | 39 | | valid, _ := spdxexp.ValidateLicenses([]string{expression}) |
| 30 | 40 | | if !valid { |
| 31 | | - | return "", fmt.Errorf("failed to validate spdx expression: %s", expression) |
| | 41 | + | return "", fmt.Errorf("invalid SPDX expression: %s", expression) |
| 32 | 42 | | } |
| 33 | 43 | | |
| 34 | 44 | | return expression, nil |
| skipped 2 lines |
Christopher Angelo Phillips
committed
with
GitHub
11 months ago
1 parent 087a6356