pkg/formats/sniffer.go can't detect CycloneDX files if they are minified to one line
Closed this issue · 1 comments
As title, if I have a file like this
{"bomFormat":"CycloneDX","specVersion":"1.4","version":1,"serialNumber":"urn:uuid:b35ea91e-91c2-40ae-97fe-c015a4fd8790","metadata":{...
sniff() will not detect the format and SniffReader() will return "unknown SBOM format".
If I instead prettify the document so it start likes this
{
"bomFormat": "CycloneDX",
"specVersion": "1.4",
"version": 1,
"serialNumber": "urn:uuid:b35ea91e-91c2-40ae-97fe-c015a4fd8790",
"moreKeys": {},
}
it works just fine. It would be good if minified JSON files worked too :)
Thanks for an excellent library!
Thanks @sweoggy ! We were using some goofy string hacks to get the version previously. I just submitted a PR (#113) to use the json Unmarshaler instead for JSON-based SBOMs. I also added your minified.cdx.json to the test cases we will ensure work going forward. Will let you know when this PR gets reviewed and merged.