add nil checks in spdx test helpers

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
anchore · Oct 29, 2021 · 2433d60 · 2433d60
1 parent f35f82e
commit 2433d60
Show file tree

Hide file tree

Showing 8 changed files with 73 additions and 46 deletions.
diff --git a/internal/formats/common/spdxhelpers/description.go b/internal/formats/common/spdxhelpers/description.go
@@ -3,12 +3,21 @@ package spdxhelpers
 import "github.com/anchore/syft/syft/pkg"
 
 func Description(p *pkg.Package) string {
-	switch metadata := p.Metadata.(type) {
-	case pkg.ApkMetadata:
-		return metadata.Description
-	case pkg.NpmPackageJSONMetadata:
-		return metadata.Description
-	default:
-		return ""
+	if hasMetadata(p) {
+		switch metadata := p.Metadata.(type) {
+		case pkg.ApkMetadata:
+			return metadata.Description
+		case pkg.NpmPackageJSONMetadata:
+			return metadata.Description
+		}
 	}
+	return ""
+}
+
+func packageExists(p *pkg.Package) bool {
+	return p != nil
+}
+
+func hasMetadata(p *pkg.Package) bool {
+	return packageExists(p) && p.Metadata != nil
 }
diff --git a/internal/formats/common/spdxhelpers/download_location.go b/internal/formats/common/spdxhelpers/download_location.go
@@ -11,12 +11,13 @@ func DownloadLocation(p *pkg.Package) string {
 	//   (ii) the SPDX file creator has made no attempt to determine this field; or
 	//   (iii) the SPDX file creator has intentionally provided no information (no meaning should be implied by doing so).
 
-	switch metadata := p.Metadata.(type) {
-	case pkg.ApkMetadata:
-		return NoneIfEmpty(metadata.URL)
-	case pkg.NpmPackageJSONMetadata:
-		return NoneIfEmpty(metadata.URL)
-	default:
-		return "NOASSERTION"
+	if hasMetadata(p) {
+		switch metadata := p.Metadata.(type) {
+		case pkg.ApkMetadata:
+			return NoneIfEmpty(metadata.URL)
+		case pkg.NpmPackageJSONMetadata:
+			return NoneIfEmpty(metadata.URL)
+		}
 	}
+	return "NOASSERTION"
 }
diff --git a/internal/formats/common/spdxhelpers/external_refs.go b/internal/formats/common/spdxhelpers/external_refs.go
@@ -8,6 +8,11 @@ import (
 
 func ExternalRefs(p *pkg.Package) (externalRefs []model.ExternalRef) {
 	externalRefs = make([]model.ExternalRef, 0)
+
+	if !packageExists(p) {
+		return externalRefs
+	}
+
 	for _, c := range p.CPEs {
 		externalRefs = append(externalRefs, model.ExternalRef{
 			ReferenceCategory: model.SecurityReferenceCategory,

diff --git a/internal/formats/common/spdxhelpers/files.go b/internal/formats/common/spdxhelpers/files.go
@@ -14,6 +14,10 @@ func Files(packageSpdxID string, p *pkg.Package) (files []model.File, fileIDs []
 	fileIDs = make([]string, 0)
 	relationships = make([]model.Relationship, 0)
 
+	if !hasMetadata(p) {
+		return files, fileIDs, relationships
+	}
+
 	pkgFileOwner, ok := p.Metadata.(pkg.FileOwner)
 	if !ok {
 		return files, fileIDs, relationships

diff --git a/internal/formats/common/spdxhelpers/homepage.go b/internal/formats/common/spdxhelpers/homepage.go
@@ -3,12 +3,13 @@ package spdxhelpers
 import "github.com/anchore/syft/syft/pkg"
 
 func Homepage(p *pkg.Package) string {
-	switch metadata := p.Metadata.(type) {
-	case pkg.GemMetadata:
-		return metadata.Homepage
-	case pkg.NpmPackageJSONMetadata:
-		return metadata.Homepage
-	default:
-		return ""
+	if hasMetadata(p) {
+		switch metadata := p.Metadata.(type) {
+		case pkg.GemMetadata:
+			return metadata.Homepage
+		case pkg.NpmPackageJSONMetadata:
+			return metadata.Homepage
+		}
 	}
+	return ""
 }
diff --git a/internal/formats/common/spdxhelpers/license.go b/internal/formats/common/spdxhelpers/license.go
@@ -17,7 +17,7 @@ func License(p *pkg.Package) string {
 	//   (ii) the SPDX file creator has made no attempt to determine this field; or
 	//   (iii) the SPDX file creator has intentionally provided no information (no meaning should be implied by doing so).
 
-	if len(p.Licenses) == 0 {
+	if !packageExists(p) || len(p.Licenses) == 0 {
 		return "NONE"
 	}
 

diff --git a/internal/formats/common/spdxhelpers/origintor.go b/internal/formats/common/spdxhelpers/origintor.go
@@ -7,30 +7,33 @@ import (
 )
 
 func Originator(p *pkg.Package) string {
-	switch metadata := p.Metadata.(type) {
-	case pkg.ApkMetadata:
-		return metadata.Maintainer
-	case pkg.NpmPackageJSONMetadata:
-		return metadata.Author
-	case pkg.PythonPackageMetadata:
-		author := metadata.Author
-		if author == "" {
-			return metadata.AuthorEmail
-		}
-		if metadata.AuthorEmail != "" {
-			author += fmt.Sprintf(" <%s>", metadata.AuthorEmail)
-		}
-		return author
-	case pkg.GemMetadata:
-		if len(metadata.Authors) > 0 {
-			return metadata.Authors[0]
+	if hasMetadata(p) {
+		switch metadata := p.Metadata.(type) {
+		case pkg.ApkMetadata:
+			return metadata.Maintainer
+		case pkg.NpmPackageJSONMetadata:
+			return metadata.Author
+		case pkg.PythonPackageMetadata:
+			author := metadata.Author
+			if author == "" {
+				return metadata.AuthorEmail
+			}
+			if metadata.AuthorEmail != "" {
+				author += fmt.Sprintf(" <%s>", metadata.AuthorEmail)
+			}
+			return author
+		case pkg.GemMetadata:
+			if len(metadata.Authors) > 0 {
+				return metadata.Authors[0]
+			}
+			return ""
+		case pkg.RpmdbMetadata:
+			return metadata.Vendor
+		case pkg.DpkgMetadata:
+			return metadata.Maintainer
+		default:
+
 		}
-		return ""
-	case pkg.RpmdbMetadata:
-		return metadata.Vendor
-	case pkg.DpkgMetadata:
-		return metadata.Maintainer
-	default:
-		return ""
 	}
+	return ""
 }
diff --git a/internal/formats/common/spdxhelpers/source_info.go b/internal/formats/common/spdxhelpers/source_info.go
@@ -7,6 +7,10 @@ import (
 )
 
 func SourceInfo(p *pkg.Package) string {
+	if !packageExists(p) {
+		return ""
+	}
+
 	answer := ""
 	switch p.Type {
 	case pkg.RpmPkg: