diff --git a/src/main/java/org/dependencytrack/policy/VersionDistancePolicyEvaluator.java b/src/main/java/org/dependencytrack/policy/VersionDistancePolicyEvaluator.java index 979c45a51..084e10fe4 100644 --- a/src/main/java/org/dependencytrack/policy/VersionDistancePolicyEvaluator.java +++ b/src/main/java/org/dependencytrack/policy/VersionDistancePolicyEvaluator.java @@ -64,7 +64,12 @@ public PolicyCondition.Subject supportedSubject() { @Override public List evaluate(final Policy policy, final Component component) { final var violations = new ArrayList(); - if (component.getPurl() == null) { + if (component.getPurl() == null || component.getVersion() == null) { + return violations; + } + + final List conditions = super.extractSupportedConditions(policy); + if (conditions.isEmpty()) { return violations; } @@ -83,9 +88,18 @@ public List evaluate(final Policy policy, final Compon return violations; } - final var versionDistance = VersionDistance.getVersionDistance(component.getVersion(),metaComponent.getLatestVersion()); + final VersionDistance versionDistance; + try { + versionDistance = VersionDistance.getVersionDistance(component.getVersion(), metaComponent.getLatestVersion()); + } catch (RuntimeException e) { + LOGGER.warn(""" + Failed to compute version distance for component %s (UUID: %s), \ + between component version %s and latest version %s; Skipping\ + """.formatted(component, component.getUuid(), component.getVersion(), metaComponent.getLatestVersion()), e); + return violations; + } - for (final PolicyCondition condition : super.extractSupportedConditions(policy)) { + for (final PolicyCondition condition : conditions) { if (isDirectDependency(component) && evaluate(condition, versionDistance)) { violations.add(new PolicyConditionViolation(condition, component)); }