Skip to content

Illegal character '\' generation in CylconeDX-XML. #918

New issue
New issue
Closed
#971
Closed
Illegal character '\' generation in CylconeDX-XML.#918
#971
Assignees
spiffcs
Labels
bugSomething isn't working
@PatrickYanZ

Description

@PatrickYanZ
PatrickYanZ
opened on Mar 24, 2022

What happened:

  1. using syft to generate bom.xml in cyclonedx
<properties>
        <property name="syft:package:foundBy">python-package-cataloger</property>
        <property name="syft:package:language">python</property>
        <property name="syft:package:metadataType">PythonPackageMetadata</property>
        <property name="syft:package:type">python</property>
        <property name="syft:cpe23">cpe:2.3:a:bibek_kafle_\<bkafle662\@gmail_com\>\,_roland_shoemaker_\<rolandshoemaker\@gmail_com\>:python_commonmark:0.9.1:*:*:*:*:*:*:*</property>
        <property name="syft:cpe23">cpe:2.3:a:bibek_kafle_\<bkafle662\@gmail_com\>\,_roland_shoemaker_\<rolandshoemaker\@gmail_com\>:commonmark:0.9.1:*:*:*:*:*:*:*</property>
        <property name="syft:cpe23">cpe:2.3:a:python-commonmark:python-commonmark:0.9.1:*:*:*:*:*:*:*</property>
        <property name="syft:cpe23">cpe:2.3:a:python-commonmark:python_commonmark:0.9.1:*:*:*:*:*:*:*</property>
        <property name="syft:cpe23">cpe:2.3:a:python_commonmark:python-commonmark:0.9.1:*:*:*:*:*:*:*</property>
        <property name="syft:cpe23">cpe:2.3:a:python_commonmark:python_commonmark:0.9.1:*:*:*:*:*:*:*</property>
        <property name="syft:cpe23">cpe:2.3:a:rolandshoemaker:python-commonmark:0.9.1:*:*:*:*:*:*:*</property>
        <property name="syft:cpe23">cpe:2.3:a:rolandshoemaker:python_commonmark:0.9.1:*:*:*:*:*:*:*</property>
        <property name="syft:cpe23">cpe:2.3:a:commonmark:python-commonmark:0.9.1:*:*:*:*:*:*:*</property>
        <property name="syft:cpe23">cpe:2.3:a:commonmark:python_commonmark:0.9.1:*:*:*:*:*:*:*</property>
        <property name="syft:cpe23">cpe:2.3:a:python-commonmark:commonmark:0.9.1:*:*:*:*:*:*:*</property>
        <property name="syft:cpe23">cpe:2.3:a:python_commonmark:commonmark:0.9.1:*:*:*:*:*:*:*</property>
        <property name="syft:cpe23">cpe:2.3:a:rolandshoemaker:commonmark:0.9.1:*:*:*:*:*:*:*</property>
        <property name="syft:cpe23">cpe:2.3:a:python:python-commonmark:0.9.1:*:*:*:*:*:*:*</property>
        <property name="syft:cpe23">cpe:2.3:a:python:python_commonmark:0.9.1:*:*:*:*:*:*:*</property>
        <property name="syft:cpe23">cpe:2.3:a:commonmark:commonmark:0.9.1:*:*:*:*:*:*:*</property>
        <property name="syft:cpe23">cpe:2.3:a:python:commonmark:0.9.1:*:*:*:*:*:*:*</property>
        <property name="syft:location:0:layerID">sha256:e0bab8caf99538f2edbd0112c15a3108574a3793df0df3e7c54d11d1b939ac0f</property>
        <property name="syft:location:0:path">/usr/lib/python3.8/site-packages/commonmark-0.9.1-py3.8.egg-info/PKG-INFO</property>
        <property name="syft:location:1:layerID">sha256:e0bab8caf99538f2edbd0112c15a3108574a3793df0df3e7c54d11d1b939ac0f</property>
        <property name="syft:location:1:path">/usr/lib/python3.8/site-packages/commonmark-0.9.1-py3.8.egg-info/top_level.txt</property>
      </properties>

2.Some property name is

<property name="syft:cpe23">cpe:2.3:a:bibek_kafle_\<bkafle662\@gmail_com\>\,_roland_shoemaker_\<rolandshoemaker\@gmail_com\>:python_commonmark:0.9.1:*:*:*:*:*:*:*</property>
<property name="syft:cpe23">cpe:2.3:a:bibek_kafle_\<bkafle662\@gmail_com\>\,_roland_shoemaker_\<rolandshoemaker\@gmail_com\>:commonmark:0.9.1:*:*:*:*:*:*:*</property>
  1. It will raise xml issue afterward.
    Processing input file bom-image.xml
    Unhandled exception: System.InvalidOperationException: There is an error in XML document (1500, 70).
    ---> System.Xml.XmlException: The '' character, hexadecimal value 0x5C, cannot be included in a name. Line 1500, position 70.
    at System.Xml.XmlTextReaderImpl.Throw(Exception )
    at System.Xml.XmlTextReaderImpl.Throw(String , String[] )
    at System.Xml.XmlTextReaderImpl.ParseElement()
    at System.Xml.XmlTextReaderImpl.ParseElementContent()
    at System.Xml.XmlReader.ReadString()
    at System.Xml.XmlTextReaderImpl.ReadString()
    at Microsoft.Xml.Serialization.GeneratedAssembly.XmlSerializationReaderBom.Read25_Property(Boolean isNullable, Boolean checkType)
    at Microsoft.Xml.Serialization.GeneratedAssembly.XmlSerializationReaderBom.Read30_Component(Boolean isNullable, Boolean checkType)
    at Microsoft.Xml.Serialization.GeneratedAssembly.XmlSerializationReaderBom.Read50_Bom(Boolean isNullable, Boolean checkType)
    at Microsoft.Xml.Serialization.GeneratedAssembly.XmlSerializationReaderBom.Read51_bom()
    --- End of inner exception stack trace ---
    at System.Xml.Serialization.XmlSerializer.Deserialize(XmlReader xmlReader, String encodingStyle, XmlDeserializationEvents events)
    at System.Xml.Serialization.XmlSerializer.Deserialize(XmlReader xmlReader, String encodingStyle)
    at System.Xml.Serialization.XmlSerializer.Deserialize(Stream stream)
    at CycloneDX.Xml.Serializer.Deserialize(MemoryStream xmlStream)
    at CycloneDX.Xml.Serializer.Deserialize(Stream xmlStream)
    at CycloneDX.Cli.CliUtils.InputBomHelper(String filename, CycloneDXBomFormat format)
    at CycloneDX.Cli.Commands.MergeCommand.InputBoms(IEnumerable`1 inputFilenames, CycloneDXBomFormat inputFormat, Boolean outputToConsole)
    at CycloneDX.Cli.Commands.MergeCommand.Merge(MergeCommandOptions options)
    at System.CommandLine.Invocation.CommandHandler.GetExitCodeAsync(Object value, InvocationContext context)
    at System.CommandLine.Invocation.ModelBindingCommandHandler.InvokeAsync(InvocationContext context)
    at System.CommandLine.Invocation.InvocationPipeline.<>c__DisplayClass4_0.<b__0>d.MoveNext()
    --- End of stack trace from previous location ---
    at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass23_0.<b__0>d.MoveNext()
    --- End of stack trace from previous location ---
    at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass16_0.<b__0>d.MoveNext()
    --- End of stack trace from previous location ---
    at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass27_0.<b__1>d.MoveNext()
    --- End of stack trace from previous location ---
    at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass25_0.<b__0>d.MoveNext()
    --- End of stack trace from previous location ---
    at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c.<b__24_0>d.MoveNext()
    --- End of stack trace from previous location ---
    at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass22_0.<b__0>d.MoveNext()
    --- End of stack trace from previous location ---
    at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass11_0.<b__0>d.MoveNext()
    --- End of stack trace from previous location ---
    at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c.<b__10_0>d.MoveNext()
    --- End of stack trace from previous location ---
    at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass14_0.<b__0>d.MoveNext()

What you expected to happen:
Convert email to a recognize name. Removing illegal characters in name.

How to reproduce it (as minimally and precisely as possible):
syft packages ${CI_REGISTRY_IMAGE}:${CI_DEFAULT_BRANCH} -o -o cyclonedx=bom-image.xml

Anything else we need to know?:

Environment:

  • Output of syft version: 0.42.3
  • OS (e.g: cat /etc/os-release or similar): Linux

Metadata

Metadata

Assignees

Labels

bugSomething isn't working

Type

No type

Projects

OSS

Status

Done

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions