cyclonedx-python-lib icon indicating copy to clipboard operation
cyclonedx-python-lib copied to clipboard

Published 20 hours ago verified publisher icon CycloneDX

Wrong input should result into an exception

Open Joerki opened this issue 9 months ago • 2 comments

The code in spdx.py function is_compound_expression may run into an exception for several cases, and this results into a return False.

This is semantically overloaded. In case of False we cannot distinguish between

  • the value cannot be interpreted at all (invalid characters)
  • it is a compound expression, but consists of partially unknown, but maybe valid simple (e.g. LicenseRef-*) expression(s)

So it may not be clear what is feasible of how to proceed in case of False.

In case of invalid characters the exception should not be caught, but (re)raised so that an appropriate exception handling can be applied.

The validate parameter should be made available in the is_compound_expression function to allow either both license item validation along with the compound check or compound check only.

Joerki avatar Jan 28 '25 21:01 Joerki