intel
The application crashes when scanning a file
Description
Hello! When scanning the application, the analysis will reach the file "rootpom.xml" and causes the <<AttributeError" to fail:' NoneType ' object has no attribute 'text'>>. The application started with the line "cve-bin-tool ./my-app-path |to err.log". Attachments: "error" - output to the console, rootpom.xml - file causing the crash, java.py - my temporary solution(lines 84-95). To understand what's going on, I modified the java.py , for output of filename and types root.find (schema + "artifactId") AND root.find(schema + "version").
To reproduce
Steps to reproduce the behaviour: 0. Activate VENV: oldscool-cvebintool/bin/activate
- Scan using "cve-bin-tool ./my-app-path"
Expected behaviour: Actual behaviour:
Version/platform info
Version of CVE-bin-tool: 3.3 Installed from pypi. Operating system: Ubuntu 24.04.1 (Linux 6.8.0-44-generic #44-Ubuntu SMP PREEMPT_DYNAMIC) Python version: python 3.12.3 Running in any particular CI environment we should know about? run into VENV
Sounds like a bug in the java parser. I'm not completely surprised; we could really use some help making better test cases for java because it feels like there's a lot of behaviours we haven't captured very well yet.
Did you want to submit your fix as a pull request so it could be integrated?
@uh3tay The Java parser is very simple and assumes that the pom file is valid. Can you provide the pom file which results in the crash?
