cyclonedx-cli icon indicating copy to clipboard operation
cyclonedx-cli copied to clipboard

Published 20 hours ago verified publisher icon CycloneDX

Unable to convert from Github Generated SPDX to CycloneDX

Open bhafner13 opened this issue 1 year ago • 3 comments

Converting between SPDX (JSON) format to CycloneDX (JSON or XML) does not seem to work. To test it I:

  1. Downloaded an SPDX file from Gitub as a sample Firefox
  2. Downloaded the latest CLI tool
  3. Changed the name of the tool to make it easier to use from the command line
  4. I have attached the offending SPDX SBOM
  5. Attempted to do the conversion using the following command cyclonedx.exe convert --input-file firefox-ios_mozilla-mobile_5021.spdx --output-file firefox-ios_mozilla-mobile_5021.json --input-format spdxjson
  6. The following errors are reported: Unhandled exception: System.IO.FileNotFoundException: Could not find file 'C:\Users\tstUser\Desktop\tstFolder\firefox-ios_mozilla-mobile_5021.spdx'. File name: 'C:\Users\tstUser\Desktop\tstFolder\firefox-ios_mozilla-mobile_5021.spdx' at Microsoft.Win32.SafeHandles.SafeFileHandle.CreateFile(String fullPath, FileMode mode, FileAccess access, FileShare share, FileOptions options) at Microsoft.Win32.SafeHandles.SafeFileHandle.Open(String fullPath, FileMode mode, FileAccess access, FileShare share, FileOptions options, Int64 preallocationSize) at System.IO.Strategies.OSFileStreamStrategy..ctor(String path, FileMode mode, FileAccess access, FileShare share, FileOptions options, Int64 preallocationSize) at System.IO.Strategies.FileStreamHelpers.ChooseStrategyCore(String path, FileMode mode, FileAccess access, FileShare share, FileOptions options, Int64 preallocationSize) at System.IO.Strategies.FileStreamHelpers.ChooseStrategy(FileStream fileStream, String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, Int64 preallocationSize) at System.IO.File.OpenRead(String path) at CycloneDX.Cli.CliUtils.InputBomHelper(String filename, ConvertFormat format) at CycloneDX.Cli.Commands.ConvertCommand.Convert(ConvertCommandOptions options) at System.CommandLine.Invocation.CommandHandler.GetExitCodeAsync(Object value, InvocationContext context) at System.CommandLine.Invocation.ModelBindingCommandHandler.InvokeAsync(InvocationContext context) at System.CommandLine.Invocation.InvocationPipeline.<>c__DisplayClass4_0.<<BuildInvocationChain>b__0>d.MoveNext() --- End of stack trace from previous location --- at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass23_0.<<UseParseErrorReporting>b__0>d.MoveNext() --- End of stack trace from previous location --- at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass16_0.<<UseHelp>b__0>d.MoveNext() --- End of stack trace from previous location --- at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass27_0.<<UseVersionOption>b__1>d.MoveNext() --- End of stack trace from previous location --- at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass25_0.<<UseTypoCorrections>b__0>d.MoveNext() --- End of stack trace from previous location --- at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c.<<UseSuggestDirective>b__24_0>d.MoveNext() --- End of stack trace from previous location --- at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass22_0.<<UseParseDirective>b__0>d.MoveNext() --- End of stack trace from previous location --- at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass11_0.<<UseDebugDirective>b__0>d.MoveNext() --- End of stack trace from previous location --- at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c.<<RegisterWithDotnetSuggest>b__10_0>d.MoveNext() --- End of stack trace from previous location --- at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass14_0.<<UseExceptionHandler>b__0>d.MoveNext()

bhafner13 avatar May 22 '24 13:05 bhafner13

Stack kind of clearly says it cannot find the file. Could not find file 'C:\Users\tstUser\Desktop\tstFolder\firefox-ios_mozilla-mobile_5021.spdx'.

I assume you triple checked that the file is really there in the right folder and the name is written 100% correctly and so on. Maybe try the absolute path after --input-file

mtsfoni avatar May 22 '24 20:05 mtsfoni

My copy paste was caching a prior error...will send update

Sent from Samsung Galaxy smartphone. Get Outlook for Androidhttps://aka.ms/AAb9ysg

From: Michael Tsfoni @.> Sent: Wednesday, May 22, 2024 4:07:40 PM To: CycloneDX/cyclonedx-cli @.> Cc: bruce hafner @.>; Author @.> Subject: Re: [CycloneDX/cyclonedx-cli] Unable to convert from Github Generated SPDX to CycloneDX (Issue #370)

Stack kind of clearly says it cannot find the file. Could not find file 'C:\Users\tstUser\Desktop\tstFolder\firefox-ios_mozilla-mobile_5021.spdx'.

I assume you triple checked that the file is really there in the right folder and the name is written 100% correctly and so on. Maybe try the absolute path after --input-file

— Reply to this email directly, view it on GitHubhttps://github.com/CycloneDX/cyclonedx-cli/issues/370#issuecomment-2125657859, or unsubscribehttps://github.com/notifications/unsubscribe-auth/BIUR5WJXOWRLQJIBYKG5BIDZDT3IZAVCNFSM6AAAAABIDUFDHWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMRVGY2TOOBVHE. You are receiving this because you authored the thread.Message ID: @.***>

bhafner13 avatar May 22 '24 21:05 bhafner13

@bhafner13 I have the same problem. GitHub exports it as version SPDX 2.3. As far as I know the CycloneDX CLI just supports the SPDX version 2.2.

evoltafreak avatar Oct 18 '24 14:10 evoltafreak

A potentially more informative trace:

[2025-01-31 16:35:54]» cyclonedx convert --input-file github_sbom.json --input-format spdxjson --output-file github_sbom.cdx --output-format json --output-version v1_5
Unhandled exception: System.Text.Json.JsonException: The JSON value could not be converted to CycloneDX.Spdx.Models.v2_2.ExternalRefCategory. Path: $.packages[0].externalRefs[0].referenceCategory | LineNumber: 24 | BytePositionInLine: 48.
   at System.Text.Json.ThrowHelper.ThrowJsonException(String message)
   at System.Text.Json.Serialization.Converters.EnumConverter`1.ReadEnumUsingNamingPolicy(String enumString)
   at System.Text.Json.Serialization.Converters.EnumConverter`1.Read(Utf8JsonReader& reader, Type typeToConvert, JsonSerializerOptions options)
   at System.Text.Json.Serialization.Metadata.JsonPropertyInfo`1.ReadJsonAndSetMember(Object obj, ReadStack& state, Utf8JsonReader& reader)
   at System.Text.Json.Serialization.Converters.ObjectDefaultConverter`1.OnTryRead(Utf8JsonReader& reader, Type typeToConvert, JsonSerializerOptions options, ReadStack& state, T& value)
   at System.Text.Json.Serialization.JsonConverter`1.TryRead(Utf8JsonReader& reader, Type typeToConvert, JsonSerializerOptions options, ReadStack& state, T& value)
   at System.Text.Json.Serialization.JsonCollectionConverter`2.OnTryRead(Utf8JsonReader& reader, Type typeToConvert, JsonSerializerOptions options, ReadStack& state, TCollection& value)
   at System.Text.Json.Serialization.JsonConverter`1.TryRead(Utf8JsonReader& reader, Type typeToConvert, JsonSerializerOptions options, ReadStack& state, T& value)
   at System.Text.Json.Serialization.Metadata.JsonPropertyInfo`1.ReadJsonAndSetMember(Object obj, ReadStack& state, Utf8JsonReader& reader)
   at System.Text.Json.Serialization.Converters.ObjectDefaultConverter`1.OnTryRead(Utf8JsonReader& reader, Type typeToConvert, JsonSerializerOptions options, ReadStack& state, T& value)
   at System.Text.Json.Serialization.JsonConverter`1.TryRead(Utf8JsonReader& reader, Type typeToConvert, JsonSerializerOptions options, ReadStack& state, T& value)
   at System.Text.Json.Serialization.JsonCollectionConverter`2.OnTryRead(Utf8JsonReader& reader, Type typeToConvert, JsonSerializerOptions options, ReadStack& state, TCollection& value)
   at System.Text.Json.Serialization.JsonConverter`1.TryRead(Utf8JsonReader& reader, Type typeToConvert, JsonSerializerOptions options, ReadStack& state, T& value)
   at System.Text.Json.Serialization.Metadata.JsonPropertyInfo`1.ReadJsonAndSetMember(Object obj, ReadStack& state, Utf8JsonReader& reader)
   at System.Text.Json.Serialization.Converters.ObjectDefaultConverter`1.OnTryRead(Utf8JsonReader& reader, Type typeToConvert, JsonSerializerOptions options, ReadStack& state, T& value)
   at System.Text.Json.Serialization.JsonConverter`1.TryRead(Utf8JsonReader& reader, Type typeToConvert, JsonSerializerOptions options, ReadStack& state, T& value)
   at System.Text.Json.Serialization.JsonConverter`1.ReadCore(Utf8JsonReader& reader, JsonSerializerOptions options, ReadStack& state)
   at System.Text.Json.JsonSerializer.ReadCore[TValue](Utf8JsonReader& reader, JsonTypeInfo jsonTypeInfo, ReadStack& state)
   at System.Text.Json.JsonSerializer.ContinueDeserialize[TValue](ReadBufferState& bufferState, JsonReaderState& jsonReaderState, ReadStack& readStack, JsonTypeInfo jsonTypeInfo)
   at System.Text.Json.JsonSerializer.ReadFromStreamAsync[TValue](Stream utf8Json, JsonTypeInfo jsonTypeInfo, CancellationToken cancellationToken)
   at CycloneDX.Spdx.Serialization.JsonSerializer.DeserializeAsync(Stream jsonStream)
   at CycloneDX.Cli.CliUtils.InputBomHelper(String filename, ConvertFormat format)
   at CycloneDX.Cli.Commands.ConvertCommand.Convert(ConvertCommandOptions options)
   at System.CommandLine.Invocation.CommandHandler.GetExitCodeAsync(Object value, InvocationContext context)
   at System.CommandLine.Invocation.ModelBindingCommandHandler.InvokeAsync(InvocationContext context)
   at System.CommandLine.Invocation.InvocationPipeline.<>c__DisplayClass4_0.<<BuildInvocationChain>b__0>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass23_0.<<UseParseErrorReporting>b__0>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass16_0.<<UseHelp>b__0>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass27_0.<<UseVersionOption>b__1>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass25_0.<<UseTypoCorrections>b__0>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c.<<UseSuggestDirective>b__24_0>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass22_0.<<UseParseDirective>b__0>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass11_0.<<UseDebugDirective>b__0>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c.<<RegisterWithDotnetSuggest>b__10_0>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass14_0.<<UseExceptionHandler>b__0>d.MoveNext()

socketbox avatar Jan 31 '25 21:01 socketbox