Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Exception when creating cyclonedx output #3016

Closed
jkwasny opened this issue Jul 6, 2022 · 10 comments · Fixed by #3189
Closed

Exception when creating cyclonedx output #3016

jkwasny opened this issue Jul 6, 2022 · 10 comments · Fixed by #3189
Labels
bug GUI and outputs must have
Milestone
v32.0

Comments

@jkwasny
Copy link

jkwasny commented Jul 6, 2022

There is an exception when generating cyclonedx output and external references are merged. The error is:
seen = set(x)
TypeError: unhashable type: 'CycloneDxExternalRef'

It is not reproduceable using sample files but I've managed to slightly modify json output from scanning the samples and got the same error. Json file is attached, please try it with --cyclonedx and --from-json options.
I've run it on Windows 10 using python 3.8.10.

Thank you,
Janusz

scancode-samples-mod.txt
@AyanSinhaMahapatra
Copy link
Member

Thanks for the report, I could reproduce from this JSON file you attached, and looking into this.

@MochonDeVuelta
Copy link

I have the same problem, when I try to generate a cyclonedx or cyclonedx-xml I get the following error message:

ERROR: failed to run output plugin: cyclonedx:

Traceback (most recent call last):
File "scancode-toolkit-v31.1.0\venv\lib\site-packages\scancode\cli.py", line 1077, in run_codebase_plugins
plugin.process_codebase(codebase, **kwargs)
File "scancode-toolkit-v31.1.0\venv\lib\site-packages\formattedcode\output_cyclonedx.py", line 794, in process_codebase
bom = CycloneDxBom.from_codebase(codebase)
File "scancode-toolkit-v31.1.0\venv\lib\site-packages\formattedcode\output_cyclonedx.py", line 681, in from_codebase
components = list(CycloneDxComponent.from_packages(packages))
File "scancode-toolkit-v31.1.0\venv\lib\site-packages\formattedcode\output_cyclonedx.py", line 339, in from_packages
base_component.merge(other_component)
File "scancode-toolkit-v31.1.0\venv\lib\site-packages\formattedcode\output_cyclonedx.py", line 375, in merge
merge_lists(self.externalReferences, other.externalReferences)
File "scancode-toolkit-v31.1.0\venv\lib\site-packages\formattedcode\output_cyclonedx.py", line 431, in merge_lists
seen = set(x)
TypeError: unhashable type: 'CycloneDxExternalRef'

Using scancode scancode-toolkit-v31.1.1 and phyton 3.8.10

@tgodau
Copy link

tgodau commented Nov 22, 2022
edited
Loading

Hi there,

got a similar issue with the cyclonedx-output when scanning a very large package...

Used version:

ScanCode version: 31.0.1
ScanCode Output Format version: 2.0.0
SPDX License list version: 3.17

Download, prepare package and start scanning:

> wget https://download.qt.io/official_releases/qt/5.15/5.15.7/submodules/qtwebengine-everywhere-opensource-src-5.15.7.zip
> unzip qtwebengine-everywhere-opensource-src-5.15.7.zip
> mv qtwebengine-everywhere-src-5.15.7/ qtwebengine-5.15.7/
> scancode -n 2 -clip qtwebengine-5.15.7/ --json-pp qtwebengine-5.15.7.json --cyclonedx qtwebengine-5.15.7_cdxSBOM.json

Gives the following error message:

:
:
ERROR: failed to run output plugin: cyclonedx:
Traceback (most recent call last):
  File "/home/scanner/venv3.8-scancode/lib/python3.8/site-packages/scancode/cli.py", line 1077, in run_codebase_plugins
    plugin.process_codebase(codebase, **kwargs)
  File "/home/scanner/venv3.8-scancode/lib/python3.8/site-packages/formattedcode/output_cyclonedx.py", line 794, in process_codebas
e
    bom = CycloneDxBom.from_codebase(codebase)
  File "/home/scanner/venv3.8-scancode/lib/python3.8/site-packages/formattedcode/output_cyclonedx.py", line 681, in from_codebase
    components = list(CycloneDxComponent.from_packages(packages))
  File "/home/scanner/venv3.8-scancode/lib/python3.8/site-packages/formattedcode/output_cyclonedx.py", line 339, in from_packages
    base_component.merge(other_component)
  File "/home/scanner/venv3.8-scancode/lib/python3.8/site-packages/formattedcode/output_cyclonedx.py", line 370, in merge
    merge_lists(self.licenses, other.licenses)
  File "/home/scanner/venv3.8-scancode/lib/python3.8/site-packages/formattedcode/output_cyclonedx.py", line 431, in merge_lists
    seen = set(x)
TypeError: unhashable type: 'CycloneDxLicenseExpression'

Scanning done.
Some files failed to scan properly:
Path: qtwebengine-5.15.7/src/3rdparty/chromium/third_party/icu/common/icudtb.dat
Path: qtwebengine-5.15.7/src/3rdparty/chromium/third_party/icu/common/icudtl.dat
Path: qtwebengine-5.15.7/src/3rdparty/chromium/third_party/icu/ios/icudtl.dat
Summary:        info, licenses, copyrights, packages with 2 process(es)
Errors count:   3
Scan Speed:     2.45 files/sec. 27.69 KB/sec.
Initial counts: 183592 resource(s): 167376 file(s) and 16216 directorie(s)
Final counts:   183592 resource(s): 167376 file(s) and 16216 directorie(s) for 1.80 GB
Timings:
  scan_start: 2022-11-21T121128.360738
  scan_end:   2022-11-22T072026.947766
  setup_scan:licenses: 2.22s
  setup: 2.22s
  inventory: 185.09s
  scan:packages: 180.89s
  scan: 68326.72s
  output:json-pp: 123.34s
  output: 123.37s
  total: 69087.68s
Removing temporary files...done.

Maybe this helps...

Regards, Thorsten

@pombredanne pombredanne added this to the v32.0 milestone Nov 22, 2022
@pombredanne
Copy link
Member

@tgodau Thanks for the report. I am planning this for the next milestone

AyanSinhaMahapatra added a commit that referenced this issue Jan 6, 2023
@AyanSinhaMahapatra
Reproduce unhashable type error in cyclonedx #3016
5c9b459 
Signed-off-by: Ayan Sinha Mahapatra <[email protected]>
@AyanSinhaMahapatra AyanSinhaMahapatra mentioned this issue Jan 6, 2023
Merged
4 tasks
AyanSinhaMahapatra added a commit that referenced this issue Jan 6, 2023
@AyanSinhaMahapatra
Reproduce unhashable type error in cyclonedx #3016
553e624 
Signed-off-by: Ayan Sinha Mahapatra <[email protected]>
AyanSinhaMahapatra added a commit that referenced this issue Jan 6, 2023
@AyanSinhaMahapatra
Fix cyclonedx unhashable type bug #3016
0a24921 
Signed-off-by: Ayan Sinha Mahapatra <[email protected]>
AyanSinhaMahapatra added a commit that referenced this issue Jan 6, 2023
@AyanSinhaMahapatra
Fix cyclonedx unhashable type bug #3016
e0a1380 
* list of unhashable objects were being used to create a set,
  thus the error. Now we are using hashable identifier strings
  to create the set instead for all objects.

Signed-off-by: Ayan Sinha Mahapatra <[email protected]>
AyanSinhaMahapatra added a commit that referenced this issue Jan 6, 2023
@AyanSinhaMahapatra
Fix cyclonedx unhashable type bug #3016
6739606 
* list of unhashable objects were being used to create a set,
  thus the error. Now we are using hashable identifier strings
  to create the set instead for all objects.

Signed-off-by: Ayan Sinha Mahapatra <[email protected]>
AyanSinhaMahapatra added a commit that referenced this issue Jan 6, 2023
@AyanSinhaMahapatra
Merge pull request #3189 from nexB/3016-fix-cyclonedx
0aa964e 
Fix unhashable type error in cyclonedx #3016
@AyanSinhaMahapatra
Copy link
Member

Oops closed by mistake!

@tgodau @jkwasny @MochonDeVuelta could you test the fix? this is in latest develop (and will be released soon!).

@AyanSinhaMahapatra
Copy link
Member

@tgodau @jkwasny @MochonDeVuelta Gentle ping, did you get to try this out?

@pombredanne
Copy link
Member

@AyanSinhaMahapatra if you have a test that verifies that this is fixed, let's close this as fixed.

@AyanSinhaMahapatra
Copy link
Member

Yes, closing this.

@tgodau
Copy link

tgodau commented Jan 18, 2023

@AyanSinhaMahapatra
Maybe you could use the four lines from my description to download, prepare and scan the specific mentioned Qt package where this error appeared...

@AyanSinhaMahapatra
Copy link
Member

@tgodau we have added this failure as a test in scancode already, see this commit: 553e624.

Apart from that I've also run the full scan for you, which ran successfully. See attached file below: (The JSON was too big ~500mb to attach)

scancode -n 12 -clip qtwebengine-5.15.7/ --json-pp qtwebengine-5.15.7.json --cyclonedx qtwebengine-5.15.7_cdxSBOM.json --classify --summary --license-text
Setup plugins...
Collect file inventory...
Scan files for: info, packages, licenses, copyrights with 12 process(es)...
[####################] 334752
/home/ayansinha/nexB/write_access/scancode-toolkit/venv/lib/python3.8/site-packages/fingerprints/cleanup.py:54: ICUWarning: Install 'pyicu' for better text transliteration.
  text = ascii_text(text)
Scanning done.
Summary:        info, packages, licenses, copyrights with 12 process(es)
Errors count:   0
Scan Speed:     7.98 files/sec. 90.23 KB/sec.
Initial counts: 183592 resource(s): 167376 file(s) and 16216 directorie(s)
Final counts:   183592 resource(s): 167376 file(s) and 16216 directorie(s) for 1.80 GB
Timings:
  scan_start: 2023-01-18T131259.695160
  scan_end:   2023-01-18T191854.259676
  setup_scan:licenses: 1.40s
  setup: 1.40s
  inventory: 55.32s
  pre-scan:classify: 76.43s
  pre-scan: 76.43s
  scan:packages: 77.72s
  scan:licenses: 8586.14s
  scan: 20964.43s
  post-scan:summary: 714.78s
  post-scan:license-references: 26.71s
  post-scan: 741.50s
  output:json-pp: 56.46s
  output: 56.47s
  total: 22022.89s

qtwebengine-5.15.7_cdxSBOM.json.txt

This was referenced Jan 19, 2023
Open
Closed
@AyanSinhaMahapatra AyanSinhaMahapatra mentioned this issue May 3, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug GUI and outputs must have
Projects
None yet
Milestone
v32.0
Development

Successfully merging a pull request may close this issue.

Fix unhashable type error in cyclonedx #3016 aboutcode-org/scancode-toolkit
5 participants
@pombredanne @AyanSinhaMahapatra @tgodau @jkwasny @MochonDeVuelta