Handle filename collisions in validation #523
Labels
accepted
We are working on this and hope to release it into the product
Comments
jalkire
added
accepted
|
This has been merged to main and will be included in our next release |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Linux filesystems are case-sensitive, but Windows filesystems are not, and the SBOM validator follows the case sensitivity of whichever filesystem it runs on. As a result, if an SBOM is generated on Linux and contains files called, for example,
filenameandFileName, and we attempt to validate that SBOM on Windows, the validator tool sees the same filename twice with different hashes.Currently if this happens, we add
nullto a dictionary of file hashes, but since we do not check for null when that dictionary is used, the user sees the messageObject reference not set to an instance of an object, which doesn't give any clues about what happened.When this happens, we should output a more meaningful error, ideally one prompting the user to make sure the validator runs on the same OS that the SBOM was generated on.
The text was updated successfully, but these errors were encountered: