Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Checksum is 0 for spdx files #2307

Open
coheigea opened this issue Nov 9, 2023 · 4 comments
Open

Checksum is 0 for spdx files #2307

coheigea opened this issue Nov 9, 2023 · 4 comments
Assignees
@kzantow
Labels
bug Something isn't working

Comments

@coheigea
Copy link
Contributor

coheigea commented Nov 9, 2023

What happened:

An SPDX json report contains a 0 value for the file checksum. It looks like it is not adding/using the path. If you give me some pointers I can take a look at a PR.

"files": [
  {
   "fileName": "/activemq-osgi-5.18.2.jar",
   "SPDXID": "SPDXRef-File-activemq-osgi-5.18.2.jar-57d3ba18b01bbbb8",
   "checksums": [
    {
     "algorithm": "SHA1",
     "checksumValue": "0000000000000000000000000000000000000000"
    }
   ],
   "licenseConcluded": "NOASSERTION",
   "copyrightText": ""
  }
 ],

What you expected to happen:

Correct file checksum, like in the packages section.

Steps to reproduce the issue:

Anything else we need to know?:

Environment:

  • syft 0.95.0
@coheigea coheigea added the bug Something isn't working label Nov 9, 2023
@kzantow
Copy link
Contributor

kzantow commented Nov 27, 2023

The latest version of Syft (0.97.1) seems to be omitting these empty checksums; following the steps above, the files section has:

 "files": [
  {  
   "id": "57d3ba18b01bbbb8",
   "location": {
    "path": "/activemq-osgi-5.18.2.jar"
   }
  }
 ],

... and when enabling SHA1 checksums:

{  
   "id": "57d3ba18b01bbbb8",
   "location": {
    "path": "/activemq-osgi-5.18.2.jar"
   },
   "metadata": {
    "mode": 644,
    "type": "RegularFile",
    "userID": 501,
    "groupID": 20,
    "mimeType": "application/jar",
    "size": 13242590
   },
   "digests": [
    {
     "algorithm": "sha1",
     "value": "3be830039fd9548f1e422fbbe0b6d47013cb9ac1"
    }
   ]
  }

Since this seems to be working as expected, I'm going to close it for now, but please do reopen if it continues to be an issue for you!

@kzantow kzantow closed this as completed Nov 27, 2023
@github-project-automation github-project-automation bot moved this to Done in OSS Nov 27, 2023
@kzantow kzantow closed this as not planned Won't fix, can't repro, duplicate, stale Nov 27, 2023
@coheigea
Copy link
Contributor Author

coheigea commented Nov 27, 2023
edited
Loading

@kzantow This is what I see with 0.97.1
activemq.json

As you can see it still has the 000 checksum

@kzantow
Copy link
Contributor

kzantow commented Nov 27, 2023

@coheigea I apparently didn't actually follow your steps to reproduce accurately, the issue definitely exists when using the right output format; apologies!

@kzantow kzantow reopened this Nov 27, 2023
@kzantow kzantow moved this from Done to In Progress in OSS Nov 27, 2023
@kzantow kzantow moved this from In Progress to Back Burner in OSS May 24, 2024
@cpanato cpanato mentioned this issue Jul 16, 2024
Open
@yves-bischoff
Copy link

Any update on this issue?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kzantow kzantow

Labels
bug Something isn't working
Projects
OSS
Status: Stalled
Milestone
No milestone
Development

No branches or pull requests
3 participants
@coheigea @kzantow @yves-bischoff