Skip to content

Fixes #4581: Failure to scan cargo #4582

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 6 commits into
base: develop
Choose a base branch
from
Open

Fixes #4581: Failure to scan cargo #4582

wants to merge 6 commits into from
+168 −8

Conversation

@omsuneri
Copy link

Issue :
Fixes #4581

Changes made :
cargo.py
added proper null check before accessing .path on parent resource
added fallback to use os.path.dirname(resource.path) when no parent exists
npm.py
code was calling .parent() twice instead of reusing the result

after making changes i passed the same cargo.toml file in the scancode and the error is resolved.
before changes result.json:

{
  "headers": [
    {
      "tool_name": "scancode-toolkit",
      "tool_version": "v32.4.1-16-g93a2d69943",
      "options": {
        "input": [
          "Cargo.toml"
        ],
        "--json-pp": "original_resultm.json",
        "--package": true
      },
      "notice": "Generated with ScanCode and provided on an \"AS IS\" BASIS, WITHOUT WARRANTIES\nOR CONDITIONS OF ANY KIND, either express or implied. No content created from\nScanCode should be considered or used as legal advice. Consult an Attorney\nfor any legal advice.\nScanCode is a free software code scanning tool from nexB Inc. and others.\nVisit https://github.com/nexB/scancode-toolkit/ for support and download.",
      "start_timestamp": "2025-10-10T120320.176700",
      "end_timestamp": "2025-10-10T120353.633673",
      "output_format_version": "4.1.0",
      "duration": 33.4572548866272,
      "message": null,
      "errors": [
        "Path: Cargo.toml"
      ],
      "warnings": [],
      "extra_data": {
        "system_environment": {
          "operating_system": "mac",
          "cpu_architecture": "64",
          "platform": "macOS-26.0.1-x86_64-i386-64bit",
          "platform_version": "Darwin Kernel Version 25.0.0: Wed Sep 17 21:41:39 PDT 2025; root:xnu-12377.1.9~141/RELEASE_ARM64_T8103",
          "python_version": "3.12.4 (v3.12.4:8e8a4baf65, Jun  6 2024, 17:33:18) [Clang 13.0.0 (clang-1300.0.29.30)]"
        },
        "spdx_license_list_version": "3.27",
        "files_count": 1
      }
    }
  ],
  "packages": [],
  "dependencies": [],
  "files": [
    {
      "path": "Cargo.toml",
      "type": "file",
      "package_data": [
        {
          "type": "cargo",
          "namespace": null,
          "name": "constant_time_eq",
          "version": "0.4.2",
          "qualifiers": {},
          "subpath": null,
          "primary_language": "Rust",
          "description": "Compares two equal-sized byte strings in constant time.",
          "release_date": null,
          "parties": [
            {
              "type": "person",
              "role": "author",
              "name": "Cesar Eduardo Barros",
              "email": "[email protected]",
              "url": null
            }
          ],
          "keywords": [
            "constant_time",
            "cryptography",
            "no-std"
          ],
          "homepage_url": null,
          "download_url": null,
          "size": null,
          "sha1": null,
          "md5": null,
          "sha256": null,
          "sha512": null,
          "bug_tracking_url": null,
          "code_view_url": null,
          "vcs_url": "https://github.com/cesarb/constant_time_eq",
          "copyright": null,
          "holder": null,
          "declared_license_expression": "cc0-1.0 OR mit-0 OR apache-2.0",
          "declared_license_expression_spdx": "CC0-1.0 OR MIT-0 OR Apache-2.0",
          "license_detections": [
            {
              "license_expression": "cc0-1.0 OR mit-0 OR apache-2.0",
              "license_expression_spdx": "CC0-1.0 OR MIT-0 OR Apache-2.0",
              "matches": [
                {
                  "license_expression": "cc0-1.0 OR mit-0 OR apache-2.0",
                  "license_expression_spdx": "CC0-1.0 OR MIT-0 OR Apache-2.0",
                  "from_file": "Cargo.toml",
                  "start_line": 1,
                  "end_line": 1,
                  "matcher": "1-spdx-id",
                  "score": 100.0,
                  "matched_length": 10,
                  "match_coverage": 100.0,
                  "rule_relevance": 100,
                  "rule_identifier": "spdx-license-identifier-cc0_1_0_or_mit_0_or_apache_2_0-f44a2ec174eb034bd3c662f728664281e507b20d",
                  "rule_url": null,
                  "matched_text": "CC0-1.0 OR MIT-0 OR Apache-2.0"
                }
              ],
              "identifier": "cc0_1_0_or_mit_0_or_apache_2_0-3f14dd48-7cd8-cf28-d4e1-3b0174a587ee"
            }
          ],
          "other_license_expression": null,
          "other_license_expression_spdx": null,
          "other_license_detections": [],
          "extracted_license_statement": "CC0-1.0 OR MIT-0 OR Apache-2.0",
          "notice_text": null,
          "source_packages": [],
          "file_references": [],
          "is_private": false,
          "is_virtual": false,
          "extra_data": {
            "documentation_url": "https://docs.rs/constant_time_eq",
            "rust_version": "1.85.0",
            "rust_edition": "2024"
          },
          "dependencies": [
            {
              "purl": "pkg:cargo/criterion",
              "extracted_requirement": "0.5.1",
              "scope": "dev-dependencies",
              "is_runtime": false,
              "is_optional": false,
              "is_pinned": false,
              "is_direct": true,
              "resolved_package": {},
              "extra_data": {
                "version": "0.5.1",
                "features": [
                  "cargo_bench_support",
                  "html_reports"
                ]
              }
            },
            {
              "purl": "pkg:cargo/count_instructions",
              "extracted_requirement": "0.2.0",
              "scope": "dev-dependencies",
              "is_runtime": false,
              "is_optional": false,
              "is_pinned": false,
              "is_direct": true,
              "resolved_package": {},
              "extra_data": {}
            }
          ],
          "repository_homepage_url": "https://crates.io/crates/constant_time_eq",
          "repository_download_url": "https://crates.io/api/v1/crates/constant_time_eq/0.4.2/download",
          "api_data_url": "https://crates.io/api/v1/crates/constant_time_eq",
          "datasource_id": "cargo_toml",
          "purl": "pkg:cargo/[email protected]"
        }
      ],
      "for_packages": [],
      "scan_errors": [
        "get_package_and_deps: Failed to assemble PackageData: PackageData(type='cargo', namespace=None, name='constant_time_eq', version='0.4.2', datasource_id='cargo_toml'):\nTraceback (most recent call last):\n  File \"/Users/omsuneri/scancode-toolkit/src/packagedcode/plugin_package.py\", line 428, in get_package_and_deps\n    for item in items:\n  File \"/Users/omsuneri/scancode-toolkit/src/packagedcode/cargo.py\", line 62, in assemble\n    workspace_root_path = resource.parent(codebase).path\n                          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\nAttributeError: 'bool' object has no attribute 'path'\n"
      ]
    }
  ]
}

after changes result.json:

{
  "headers": [
    {
      "tool_name": "scancode-toolkit",
      "tool_version": "v32.4.1-18-g02a38c1abc",
      "options": {
        "input": [
          "Cargo.toml"
        ],
        "--json-pp": "original_resultm1.json",
        "--package": true
      },
      "notice": "Generated with ScanCode and provided on an \"AS IS\" BASIS, WITHOUT WARRANTIES\nOR CONDITIONS OF ANY KIND, either express or implied. No content created from\nScanCode should be considered or used as legal advice. Consult an Attorney\nfor any legal advice.\nScanCode is a free software code scanning tool from nexB Inc. and others.\nVisit https://github.com/nexB/scancode-toolkit/ for support and download.",
      "start_timestamp": "2025-10-10T120813.765667",
      "end_timestamp": "2025-10-10T120835.711878",
      "output_format_version": "4.1.0",
      "duration": 21.946434020996094,
      "message": null,
      "errors": [],
      "warnings": [],
      "extra_data": {
        "system_environment": {
          "operating_system": "mac",
          "cpu_architecture": "64",
          "platform": "macOS-26.0.1-x86_64-i386-64bit",
          "platform_version": "Darwin Kernel Version 25.0.0: Wed Sep 17 21:41:39 PDT 2025; root:xnu-12377.1.9~141/RELEASE_ARM64_T8103",
          "python_version": "3.12.4 (v3.12.4:8e8a4baf65, Jun  6 2024, 17:33:18) [Clang 13.0.0 (clang-1300.0.29.30)]"
        },
        "spdx_license_list_version": "3.27",
        "files_count": 1
      }
    }
  ],
  "packages": [],
  "dependencies": [],
  "files": [
    {
      "path": "Cargo.toml",
      "type": "file",
      "package_data": [
        {
          "type": "cargo",
          "namespace": null,
          "name": "constant_time_eq",
          "version": "0.4.2",
          "qualifiers": {},
          "subpath": null,
          "primary_language": "Rust",
          "description": "Compares two equal-sized byte strings in constant time.",
          "release_date": null,
          "parties": [
            {
              "type": "person",
              "role": "author",
              "name": "Cesar Eduardo Barros",
              "email": "[email protected]",
              "url": null
            }
          ],
          "keywords": [
            "constant_time",
            "cryptography",
            "no-std"
          ],
          "homepage_url": null,
          "download_url": null,
          "size": null,
          "sha1": null,
          "md5": null,
          "sha256": null,
          "sha512": null,
          "bug_tracking_url": null,
          "code_view_url": null,
          "vcs_url": "https://github.com/cesarb/constant_time_eq",
          "copyright": null,
          "holder": null,
          "declared_license_expression": "cc0-1.0 OR mit-0 OR apache-2.0",
          "declared_license_expression_spdx": "CC0-1.0 OR MIT-0 OR Apache-2.0",
          "license_detections": [
            {
              "license_expression": "cc0-1.0 OR mit-0 OR apache-2.0",
              "license_expression_spdx": "CC0-1.0 OR MIT-0 OR Apache-2.0",
              "matches": [
                {
                  "license_expression": "cc0-1.0 OR mit-0 OR apache-2.0",
                  "license_expression_spdx": "CC0-1.0 OR MIT-0 OR Apache-2.0",
                  "from_file": "Cargo.toml",
                  "start_line": 1,
                  "end_line": 1,
                  "matcher": "1-spdx-id",
                  "score": 100.0,
                  "matched_length": 10,
                  "match_coverage": 100.0,
                  "rule_relevance": 100,
                  "rule_identifier": "spdx-license-identifier-cc0_1_0_or_mit_0_or_apache_2_0-f44a2ec174eb034bd3c662f728664281e507b20d",
                  "rule_url": null,
                  "matched_text": "CC0-1.0 OR MIT-0 OR Apache-2.0"
                }
              ],
              "identifier": "cc0_1_0_or_mit_0_or_apache_2_0-3f14dd48-7cd8-cf28-d4e1-3b0174a587ee"
            }
          ],
          "other_license_expression": null,
          "other_license_expression_spdx": null,
          "other_license_detections": [],
          "extracted_license_statement": "CC0-1.0 OR MIT-0 OR Apache-2.0",
          "notice_text": null,
          "source_packages": [],
          "file_references": [],
          "is_private": false,
          "is_virtual": false,
          "extra_data": {
            "documentation_url": "https://docs.rs/constant_time_eq",
            "rust_version": "1.85.0",
            "rust_edition": "2024"
          },
          "dependencies": [
            {
              "purl": "pkg:cargo/criterion",
              "extracted_requirement": "0.5.1",
              "scope": "dev-dependencies",
              "is_runtime": false,
              "is_optional": false,
              "is_pinned": false,
              "is_direct": true,
              "resolved_package": {},
              "extra_data": {
                "version": "0.5.1",
                "features": [
                  "cargo_bench_support",
                  "html_reports"
                ]
              }
            },
            {
              "purl": "pkg:cargo/count_instructions",
              "extracted_requirement": "0.2.0",
              "scope": "dev-dependencies",
              "is_runtime": false,
              "is_optional": false,
              "is_pinned": false,
              "is_direct": true,
              "resolved_package": {},
              "extra_data": {}
            }
          ],
          "repository_homepage_url": "https://crates.io/crates/constant_time_eq",
          "repository_download_url": "https://crates.io/api/v1/crates/constant_time_eq/0.4.2/download",
          "api_data_url": "https://crates.io/api/v1/crates/constant_time_eq",
          "datasource_id": "cargo_toml",
          "purl": "pkg:cargo/[email protected]"
        }
      ],
      "for_packages": [],
      "scan_errors": []
    }
  ]
}

@omsuneri
Copy link
Author

@AyanSinhaMahapatra review this please !!

@AyanSinhaMahapatra
Copy link
Member

@omsuneri can you add a small test for #4581 with a single (stripped as much as possible) cargo manifest to show this doesn't fail anymore and check against future failures?

@omsuneri
Copy link
Author

@AyanSinhaMahapatra sure I ll add the required test in the test suite !!

@omsuneri
Copy link
Author

@AyanSinhaMahapatra i added the test please review !!

Screenshot 2025-10-16 at 2 13 23 AM

here i used the same cargo.toml file this https://raw.githubusercontent.com/cesarb/constant_time_eq/refs/heads/main/Cargo.toml mentioned in the issue
please request iof any further chnages are required

AyanSinhaMahapatra
AyanSinhaMahapatra requested changes Oct 24, 2025
View reviewed changes
Copy link
Member

@AyanSinhaMahapatra AyanSinhaMahapatra left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@omsuneri please update your tests to actually check that the failure in #4581 is not happening again

Could you also merge latest develop as there were fixes for some failing tests.

tests/packagedcode/data/cargo/cargo_toml/single-file-scan/Cargo.toml Outdated
[dev-dependencies]
criterion = { version = "0.5.1", features = ["cargo_bench_support", "html_reports"] }
count_instructions = "0.2.0"

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you shorten this test file by getting rid of everything below the dev-dependencies as we ignore this anyway as they are not useful info? We keep test files as small as possible to reduce repo size

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@AyanSinhaMahapatra yaa actually i followed the same cargo.toml which is in the issue also before adding i looked in other cargo.toml and there is features and everything so i just added this one without any type of annotation
will be making this shorter !!

@omsuneri
Copy link
Author

@omsuneri please update your tests to actually check that the failure in #4581 is not happening again

Could you also merge latest develop as there were fixes for some failing tests.

sure i m just about to test the latest changes !!

@omsuneri
Copy link
Author

omsuneri commented Oct 28, 2025
edited
Loading

@AyanSinhaMahapatra please review i had refactored the test and shortened the cargo.toml along with the full package scan cargo.toml.expected
and request if any further changes are required !!

Screenshot 2025-10-28 at 11 34 13 PM

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@AyanSinhaMahapatra AyanSinhaMahapatra Awaiting requested review from AyanSinhaMahapatra

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Failure to scan cargo

2 participants

@omsuneri @AyanSinhaMahapatra