The application crashes when scanning a file

[uh3tay]

cvebintool.zip

Description

Hello!
When scanning the application, the analysis will reach the file "rootpom.xml" and causes the <<AttributeError" to fail:' NoneType ' object has no attribute 'text'>>. The application started with the line "cve-bin-tool ./my-app-path |to err.log". Attachments: "error" - output to the console, rootpom.xml - file causing the crash, java.py - my temporary solution(lines 84-95). To understand what's going on, I modified the java.py , for output of filename and types root.find (schema + "artifactId") AND root.find(schema + "version").

To reproduce

Steps to reproduce the behaviour:
0. Activate VENV: oldscool-cvebintool/bin/activate

1. Scan using "cve-bin-tool ./my-app-path"

Expected behaviour:
Actual behaviour:

Version/platform info

Version of CVE-bin-tool: 3.3
Installed from pypi.
Operating system: Ubuntu 24.04.1 (Linux 6.8.0-44-generic #44-Ubuntu SMP PREEMPT_DYNAMIC)
Python version: python 3.12.3
Running in any particular CI environment we should know about? run into VENV

[terriko]

Sounds like a bug in the java parser. I'm not completely surprised; we could really use some help making better test cases for java because it feels like there's a lot of behaviours we haven't captured very well yet.

Did you want to submit your fix as a pull request so it could be integrated?

[anthonyharrison]

@uh3tay The Java parser is very simple and assumes that the pom file is valid. Can you provide the pom file which results in the crash?