You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When validating multiple SBOMs with the API, the location of the manifest to validate gets 'stale.' For example, if you validate SBOM A, then SBOM B, the attempt to validate B will erroneously look for a file at A's location.
This happens because the SbomConfigProvider is initialized as a singleton in the ServiceCollectionExtensions. So for the life of the service, the initial values added to the configsDictionary in the SbomConfigProvider will persist. We want these values to be refreshed per validation request, and to be the same as the values in the inputConfig of the SbomValidator.
Our suggested fix is to change line 162 of ServiceCollectionExtensions to use .addScoped instead of .addSingleton. However, we do not want to make changes to this area of the code until the validator has sufficient unit tests. So, this issue should be addressed by two PRs:
One to add unit tests to cover the SbomValidator (this may include one commented-out which would fail due to this bug).
Another to fix this bug (with all unit tests passing).
The text was updated successfully, but these errors were encountered:
pownkel
added
the
tabled
We like this idea, but we are not going to action on it in the moment
label
Jan 17, 2024
When validating multiple SBOMs with the API, the location of the manifest to validate gets 'stale.' For example, if you validate SBOM A, then SBOM B, the attempt to validate B will erroneously look for a file at A's location.
This happens because the
SbomConfigProvider
is initialized as a singleton in theServiceCollectionExtensions
. So for the life of the service, the initial values added to theconfigsDictionary
in theSbomConfigProvider
will persist. We want these values to be refreshed per validation request, and to be the same as the values in theinputConfig
of theSbomValidator
.Our suggested fix is to change line 162 of
ServiceCollectionExtensions
to use.addScoped
instead of.addSingleton
. However, we do not want to make changes to this area of the code until the validator has sufficient unit tests. So, this issue should be addressed by two PRs:The text was updated successfully, but these errors were encountered: