Merge pull request #194 from CycloneDX/fix-nil-pointer-deref

nscuro · web-flow · commit 39328d3ac8f7 · 2024-09-14T12:42:36.000+02:00
fix: `nil` pointer dereference during evidence conversion
diff --git a/convert.go b/convert.go
@@ -195,13 +195,15 @@ func convertEvidence(c *Component, specVersion SpecVersion) {
 	}
 
 	if specVersion < SpecVersion1_6 {
-		for i := range *c.Evidence.Occurrences {
-			occ := &(*c.Evidence.Occurrences)[i]
-
-			occ.Line = nil
-			occ.Offset = nil
-			occ.Symbol = ""
-			occ.AdditionalContext = ""
+		if c.Evidence.Occurrences != nil {
+			for i := range *c.Evidence.Occurrences {
+				occ := &(*c.Evidence.Occurrences)[i]
+
+				occ.Line = nil
+				occ.Offset = nil
+				occ.Symbol = ""
+				occ.AdditionalContext = ""
+			}
 		}
 	}
 
diff --git a/validate_json_test.go b/validate_json_test.go
@@ -18,6 +18,7 @@
 package cyclonedx
 
 import (
+	"errors"
 	"fmt"
 
 	"github.com/xeipuuv/gojsonschema"
@@ -60,5 +61,5 @@ func (jv jsonValidator) Validate(bom []byte, specVersion SpecVersion) error {
 		errSummary += fmt.Sprintf("\n  - %s", verr.String())
 	}
 
-	return fmt.Errorf(errSummary)
+	return errors.New(errSummary)
 }

Original file line number	Diff line number	Diff line change
`@@ -18,6 +18,7 @@`
`18`	`18`	`package cyclonedx`
`19`	`19`
`20`	`20`	`import (`
	`21`	`+ "errors"`
`21`	`22`	`"fmt"`
`22`	`23`
`23`	`24`	`"github.com/xeipuuv/gojsonschema"`
`@@ -60,5 +61,5 @@ func (jv jsonValidator) Validate(bom []byte, specVersion SpecVersion) error {`
`60`	`61`	`errSummary += fmt.Sprintf("\n - %s", verr.String())`
`61`	`62`	`}`
`62`	`63`
`63`		`- return fmt.Errorf(errSummary)`
	`64`	`+ return errors.New(errSummary)`
`64`	`65`	`}`