fix: AttributeError: 'NoneType' object has no attribute 'translate' when providing invalid purl #3478
Description
Description
Console output crashes while printing Products with No Identified Vulnerabilities Table if given an invalid purl which then result in a None version.
To reproduce
Steps to reproduce the behaviour:
- Use this SBOM:
{
"bomFormat": "CycloneDX",
"specVersion": "1.5",
"version": 1,
"components": [
{
"name": "invalid_purl_package",
"version": "1.1.0",
"type": "library",
"purl": "pkg:xxx/xxx/xxx"
}
]
}- Scan this SBOM with cve-bin-tool:
cve-bin-tool --sbom cyclonedx --sbom-file minimal_example.json - Crashes with attribute error
AttributeError: 'NoneType' object has no attribute 'translate'when trying to output
│ /home/andreas/mambaforge/envs/cve-bin/lib/python3.9/site-packages/cve_bin_tool/output_engine/con │
│ sole.py:335 in _output_console_nowrap │
│ │
│ 332 │ │ │ │ cells = [ │
│ 333 │ │ │ │ │ Text.styled(product_data.vendor, color), │
│ 334 │ │ │ │ │ Text.styled(product_data.product, color), │
│ ❱ 335 │ │ │ │ │ Text.styled(product_data.version, color), │
│ 336 │ │ │ │ ] │
│ 337 │ │ │ │ table.add_row(*cells) │
│ 338 │ │ # Print the table to the console as version is product_data.version is None
{ProductInfo(vendor='UNKNOWN', product='xxx', version=None): 0}Expected behabiour:
Just print empty table and ignore invalid purl.
Actual behaviour:
Crash with AttributeError
Version/platform info
Version of CVE-bin-tool( e.g. output of cve-bin-tool --version):
Installed from pypi or github?
3.2.2dev0 (installed from Github e58be27)
Operating system: Linux/Windows (other platforms are unsupported but feel free to report issues anyhow)
Linux andreas-VirtualBox 5.15.0-78-generic #85~20.04.1-Ubuntu SMP Mon Jul 17 09:42:39 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
Python 3.9.16
Running in any particular CI environment we should know about? no
Anything else?
Happy to help with an PR, but unsure where to fix the issue, checking before printing or in the context of purl parsing.