From c4fb5fba0f1b793635fa18688b76db81fec89bf1 Mon Sep 17 00:00:00 2001
From: Dan Luhring <dan+github@luhrings.com>
Date: Thu, 24 Mar 2022 07:42:21 -0400
Subject: [PATCH 1/3] Implement fmt.Stringer with format.ID

Signed-off-by: Dan Luhring <dan+github@luhrings.com>
---
 syft/sbom/format.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/syft/sbom/format.go b/syft/sbom/format.go
index abdf7b97157..13cfa784899 100644
--- a/syft/sbom/format.go
+++ b/syft/sbom/format.go
@@ -13,6 +13,11 @@ var (
 
 type FormatID string
 
+// String returns a string representation of the FormatID.
+func (f FormatID) String() string {
+	return string(f)
+}
+
 type Format interface {
 	ID() FormatID
 	Encode(io.Writer, SBOM) error

From b72cfc27fa245e4d6c9a1dc5c33e636a282d5c6c Mon Sep 17 00:00:00 2001
From: Dan Luhring <dan+github@luhrings.com>
Date: Thu, 24 Mar 2022 07:43:03 -0400
Subject: [PATCH 2/3] Add failing test for formats processing empty SBOMs

Signed-off-by: Dan Luhring <dan+github@luhrings.com>
---
 syft/formats_test.go | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/syft/formats_test.go b/syft/formats_test.go
index f55dcce103e..555fb08bd39 100644
--- a/syft/formats_test.go
+++ b/syft/formats_test.go
@@ -1,6 +1,7 @@
 package syft
 
 import (
+	"bytes"
 	"io"
 	"os"
 	"testing"
@@ -41,6 +42,31 @@ func TestIdentify(t *testing.T) {
 	}
 }
 
+func TestFormats_EmptyInput(t *testing.T) {
+	for _, format := range formats {
+		t.Run(format.ID().String(), func(t *testing.T) {
+			t.Run("format.Decode", func(t *testing.T) {
+				input := bytes.NewReader(nil)
+
+				assert.NotPanics(t, func() {
+					decodedSBOM, err := format.Decode(input)
+					assert.Error(t, err)
+					assert.Nil(t, decodedSBOM)
+				})
+			})
+
+			t.Run("format.Validate", func(t *testing.T) {
+				input := bytes.NewReader(nil)
+
+				assert.NotPanics(t, func() {
+					err := format.Validate(input)
+					assert.Error(t, err)
+				})
+			})
+		})
+	}
+}
+
 func TestFormatByName(t *testing.T) {
 
 	tests := []struct {

From f8cbb28b7a1fd0ec53b487e0296850ab1ff3b65f Mon Sep 17 00:00:00 2001
From: Dan Luhring <dan+github@luhrings.com>
Date: Thu, 24 Mar 2022 07:48:57 -0400
Subject: [PATCH 3/3] Account for nil SPDX document during Syft model
 conversion

Signed-off-by: Dan Luhring <dan+github@luhrings.com>
---
 internal/formats/common/spdxhelpers/to_syft_model.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/internal/formats/common/spdxhelpers/to_syft_model.go b/internal/formats/common/spdxhelpers/to_syft_model.go
index 63ed039a83d..ade236089e9 100644
--- a/internal/formats/common/spdxhelpers/to_syft_model.go
+++ b/internal/formats/common/spdxhelpers/to_syft_model.go
@@ -1,6 +1,7 @@
 package spdxhelpers
 
 import (
+	"errors"
 	"strconv"
 	"strings"
 
@@ -17,6 +18,10 @@ import (
 )
 
 func ToSyftModel(doc *spdx.Document2_2) (*sbom.SBOM, error) {
+	if doc == nil {
+		return nil, errors.New("cannot convert SPDX document to Syft model because document is nil")
+	}
+
 	spdxIDMap := make(map[string]interface{})
 
 	s := &sbom.SBOM{