From 1ada57754719b628ee4e05b2e81ae46429e09888 Mon Sep 17 00:00:00 2001
From: Franco Stramana <franco.stramana@gmail.com>
Date: Tue, 30 Apr 2024 14:34:15 -0300
Subject: [PATCH 1/2] SP-619 Fixes the bug when the sbom format is not valid

---
 dist/index.js                           | 13 +++++++++++--
 src/policies/policy-check.ts            |  2 +-
 src/policies/undeclared-policy-check.ts | 13 +++++++++++--
 3 files changed, 23 insertions(+), 5 deletions(-)

diff --git a/dist/index.js b/dist/index.js
index f975b2e..ebc94e1 100644
--- a/dist/index.js
+++ b/dist/index.js
@@ -126299,6 +126299,7 @@ const policy_check_1 = __nccwpck_require__(63702);
 const app_config_1 = __nccwpck_require__(29014);
 const result_service_1 = __nccwpck_require__(32414);
 const inputs = __importStar(__nccwpck_require__(483));
+const core = __importStar(__nccwpck_require__(42186));
 const sbom_utils_1 = __nccwpck_require__(31156);
 const markdown_utils_1 = __nccwpck_require__(96011);
 /**
@@ -126315,10 +126316,18 @@ class UndeclaredPolicyCheck extends policy_check_1.PolicyCheck {
     async run(scannerResults) {
         super.run(scannerResults);
         const nonDeclaredComponents = [];
+        let declaredComponents = [];
         const comps = (0, result_service_1.getComponents)(scannerResults);
-        const sbom = await (0, sbom_utils_1.parseSBOM)(inputs.SBOM_FILEPATH);
+        // get declared components
+        try {
+            const sbom = await (0, sbom_utils_1.parseSBOM)(inputs.SBOM_FILEPATH);
+            declaredComponents = sbom.components || [];
+        }
+        catch (e) {
+            core.info(`Warning on policy check: ${this.checkName}. SBOM file could not be parsed (${inputs.SBOM_FILEPATH})`);
+        }
         comps.forEach(c => {
-            if (!sbom.components.some(component => component.purl === c.purl)) {
+            if (!declaredComponents.some(component => component.purl === c.purl)) {
                 nonDeclaredComponents.push(c);
             }
         });
diff --git a/src/policies/policy-check.ts b/src/policies/policy-check.ts
index deac98e..32cecf1 100644
--- a/src/policies/policy-check.ts
+++ b/src/policies/policy-check.ts
@@ -49,7 +49,7 @@ export enum STATUS {
 export abstract class PolicyCheck {
   private octokit: InstanceType<typeof GitHub>;
 
-  private checkName: string;
+  protected checkName: string;
 
   private checkRunId: number;
 
diff --git a/src/policies/undeclared-policy-check.ts b/src/policies/undeclared-policy-check.ts
index 257b40f..4fc7576 100644
--- a/src/policies/undeclared-policy-check.ts
+++ b/src/policies/undeclared-policy-check.ts
@@ -26,6 +26,7 @@ import { CHECK_NAME } from '../app.config';
 import { ScannerResults } from '../services/result.interfaces';
 import { Component, getComponents } from '../services/result.service';
 import * as inputs from '../app.input';
+import * as core from '@actions/core';
 import { parseSBOM } from '../utils/sbom.utils';
 import { generateTable } from '../utils/markdown.utils';
 
@@ -45,12 +46,20 @@ export class UndeclaredPolicyCheck extends PolicyCheck {
     super.run(scannerResults);
 
     const nonDeclaredComponents: Component[] = [];
+    let declaredComponents: Partial<Component>[] = [];
 
     const comps = getComponents(scannerResults);
-    const sbom = await parseSBOM(inputs.SBOM_FILEPATH);
+
+    // get declared components
+    try {
+      const sbom = await parseSBOM(inputs.SBOM_FILEPATH);
+      declaredComponents = sbom.components || [];
+    } catch (e) {
+      core.info(`Warning on policy check: ${this.checkName}. SBOM file could not be parsed (${inputs.SBOM_FILEPATH})`);
+    }
 
     comps.forEach(c => {
-      if (!sbom.components.some(component => component.purl === c.purl)) {
+      if (!declaredComponents.some(component => component.purl === c.purl)) {
         nonDeclaredComponents.push(c);
       }
     });

From 133df9511a411ecb94e7969f34d8169a40c49f33 Mon Sep 17 00:00:00 2001
From: Franco Stramana <franco.stramana@gmail.com>
Date: Thu, 2 May 2024 10:51:07 -0300
Subject: [PATCH 2/2] Upgrades version to v0.1.1

---
 package-lock.json | 4 ++--
 package.json      | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index a55199c..bb751be 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "scanoss-code-scan-action",
-  "version": "0.1.0",
+  "version": "0.1.1",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "scanoss-code-scan-action",
-      "version": "0.1.0",
+      "version": "0.1.1",
       "license": "MIT",
       "dependencies": {
         "@actions/artifact": "^2.1.0",
diff --git a/package.json b/package.json
index aefb0b9..810525a 100644
--- a/package.json
+++ b/package.json
@@ -1,7 +1,7 @@
 {
   "name": "scanoss-code-scan-action",
   "description": "SCANOSS Code Scan Action",
-  "version": "0.1.0",
+  "version": "0.1.1",
   "author": "SCANOSS",
   "private": true,
   "homepage": "https://github.com/scanoss/code-scan-action/",