Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Stale values in repeated validation #480

Open
jlperkins opened this issue Jan 12, 2024 · 0 comments
Open

Stale values in repeated validation #480

jlperkins opened this issue Jan 12, 2024 · 0 comments
Labels
help wanted Extra attention is needed tabled We like this idea, but we are not going to action on it in the moment

Comments

@jlperkins
Copy link
Contributor

jlperkins commented Jan 12, 2024

When validating multiple SBOMs with the API, the location of the manifest to validate gets 'stale.' For example, if you validate SBOM A, then SBOM B, the attempt to validate B will erroneously look for a file at A's location.

This happens because the SbomConfigProvider is initialized as a singleton in the ServiceCollectionExtensions. So for the life of the service, the initial values added to the configsDictionary in the SbomConfigProvider will persist. We want these values to be refreshed per validation request, and to be the same as the values in the inputConfig of the SbomValidator.

Our suggested fix is to change line 162 of ServiceCollectionExtensions to use .addScoped instead of .addSingleton. However, we do not want to make changes to this area of the code until the validator has sufficient unit tests. So, this issue should be addressed by two PRs:

  1. One to add unit tests to cover the SbomValidator (this may include one commented-out which would fail due to this bug).
  2. Another to fix this bug (with all unit tests passing).
@pownkel pownkel added the tabled We like this idea, but we are not going to action on it in the moment label Jan 17, 2024
@jlperkins jlperkins added the help wanted Extra attention is needed label Jan 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
help wanted Extra attention is needed tabled We like this idea, but we are not going to action on it in the moment
Projects
None yet
Development

No branches or pull requests

2 participants