TypeError: no implicit conversion of nil into String
https://sentry.gitlab.net/gitlab/gitlabcom/issues/4105352/?referrer=gitlab_plugin
TypeError: no implicit conversion of nil into String
from ee/lib/gitlab/license_scanning/package_licenses.rb:58:in `join'
from ee/lib/gitlab/license_scanning/package_licenses.rb:58:in `block in add_records_with_unknown_licenses'
from ee/lib/gitlab/license_scanning/package_licenses.rb:57:in `each'
from ee/lib/gitlab/license_scanning/package_licenses.rb:57:in `add_records_with_unknown_licenses'
from ee/lib/gitlab/license_scanning/package_licenses.rb:48:in `fetch'
from ee/lib/gitlab/license_scanning/sbom_scanner.rb:16:in `report'
from ee/app/models/sca/license_compliance.rb:60:in `block in license_scanning_report'
from lib/gitlab/utils/strong_memoize.rb:34:in `strong_memoize'
from ee/app/models/sca/license_compliance.rb:59:in `license_scanning_report'
from ee/app/models/sca/license_compliance.rb:90:in `unclassified_policies'
from ee/app/models/sca/license_compliance.rb:20:in `block in policies'
from lib/gitlab/utils/strong_memoize.rb:34:in `strong_memoize'
from ee/app/models/sca/license_compliance.rb:19:in `policies'
from ee/app/models/sca/license_compliance.rb:28:in `find_policies'
from ee/app/controllers/projects/licenses_controller.rb:49:in `matching_policies_from'
from ee/app/controllers/projects/licenses_controller.rb:24:in `block (2 levels) in index'
...
Further details
def add_records_with_unknown_licenses(records_with_licenses)
components.each do |component|
key = File.join(component.name, component.version, component.purl_type)
next if records_with_licenses[key]
# return unknown license if the license data for the component wasn't found in the db
records_with_licenses[key] = Hashie::Mash.new(purl_type: component.purl_type,
name: component.name, version: component.version, licenses: [UNKNOWN_LICENSE])
end
end
add_records_with_unknown_licenses
was introduced in !111768 (merged) to address License Scanning reports no license when no pac... (#391294 - closed).
The error occurs comes from the LicenseScanning::SbomScanner
, and is trigger when the following conditions are met:
- Some SBOM components don't match any license in the package metadata table.
-
component.name
,component.version
, orcomponent.purl_type
isnil
.
CycloneDX SBOM can have components that don't have a version
.
This is NOT related to the Ruby 3 migration.
Workarounds
-
Include the License Scanning CI template in the project CI config.
include: - template: Jobs/License-Scanning.gitlab-ci.yml
-
Disable the
license_scanning_sbom_scanner
for the project when this bug occurs.The flag has been enabled on production as part of #385173 (closed).
Possible fixes
Convert nil
to "none"
so that it can be used as a key.
key = File.join(component.name || 'none', component.version || 'none', component.purl_type || 'none')
Edited by Brian Williams