SP-619 Fixes the bug when the sbom format is not valid

scanoss · May 2, 2024 · 5a2abe3 · 5a2abe3
1 parent 4dc7b0f
commit 5a2abe3
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 5 deletions.
diff --git a/dist/index.js b/dist/index.js
diff --git a/src/policies/policy-check.ts b/src/policies/policy-check.ts
@@ -49,7 +49,7 @@ export enum STATUS {
 export abstract class PolicyCheck {
   private octokit: InstanceType<typeof GitHub>;
 
-  private checkName: string;
+  protected checkName: string;
 
   private checkRunId: number;
 

diff --git a/src/policies/undeclared-policy-check.ts b/src/policies/undeclared-policy-check.ts
@@ -26,6 +26,7 @@ import { CHECK_NAME } from '../app.config';
 import { ScannerResults } from '../services/result.interfaces';
 import { Component, getComponents } from '../services/result.service';
 import * as inputs from '../app.input';
+import * as core from '@actions/core';
 import { parseSBOM } from '../utils/sbom.utils';
 import { generateTable } from '../utils/markdown.utils';
 
@@ -45,12 +46,20 @@ export class UndeclaredPolicyCheck extends PolicyCheck {
     super.run(scannerResults);
 
     const nonDeclaredComponents: Component[] = [];
+    let declaredComponents: Partial<Component>[] = [];
 
     const comps = getComponents(scannerResults);
-    const sbom = await parseSBOM(inputs.SBOM_FILEPATH);
+
+    // get declared components
+    try {
+      const sbom = await parseSBOM(inputs.SBOM_FILEPATH);
+      declaredComponents = sbom.components || [];
+    } catch (e) {
+      core.info(`Warning on policy check: ${this.checkName}. SBOM file could not be parsed (${inputs.SBOM_FILEPATH})`);
+    }
 
     comps.forEach(c => {
-      if (!sbom.components.some(component => component.purl === c.purl)) {
+      if (!declaredComponents.some(component => component.purl === c.purl)) {
         nonDeclaredComponents.push(c);
       }
     });