Turn off CycloneDX document validation and load data anyway #1515 (#1516)

Signed-off-by: tdruez <tdruez@nexb.com>

Author: tdruez

CHANGELOG.rst

@@ -16,6 +16,10 @@ v34.9.4 (unreleased)
   the input filename.
   https://github.com/aboutcode-org/scancode.io/issues/926
 
+- Disable CycloneDX document strict validation, which halts the entire loading process,
+  and let the data loading process handle the data issues.
+  https://github.com/aboutcode-org/scancode.io/issues/1515
+
 v34.9.3 (2024-12-31)
 --------------------
 

scanpipe/pipes/cyclonedx.py

@@ -296,11 +296,14 @@ def get_bom_instance_from_file(input_location):
         cyclonedx_document = delete_ignored_root_properties(cyclonedx_document)
         cyclonedx_document = cleanup_components_properties(cyclonedx_document)
 
-        if errors := validate_document(cyclonedx_document):
-            error_msg = (
-                f'CycloneDX document "{input_path.name}" is not valid:\n{errors}'
-            )
-            raise ValueError(error_msg)
+        # Instead of validating and raising an error (which halts the entire loading
+        # process), we proceed to load as much data as possible.
+        # This approach prioritizes displaying data in the UI over the output of
+        # validate_document() which is not quite pertinent in its current state.
+        # Additionally, the ValidationError from validate_document() might include the
+        # entire document content, which is impractical for large files.
+        #
+        # validation_error = validate_document(cyclonedx_document)
 
         cyclonedx_bom = Bom.from_json(data=cyclonedx_document)
         return cyclonedx_bom

scanpipe/tests/pipes/test_cyclonedx.py

@@ -200,31 +200,13 @@ def test_scanpipe_cyclonedx_component_to_package_data_encoded_purl_name(self):
         self.assertEqual(expected, package_data)
 
     def test_scanpipe_cyclonedx_get_bom_instance_from_file(self):
-        input_location = self.data / "missing_schema.json"
-        with self.assertRaises(ValueError) as cm:
-            cyclonedx.get_bom_instance_from_file(input_location)
-        expected_error = (
-            'CycloneDX document "missing_schema.json" is not valid:\n'
-            "Additional properties are not allowed ('invalid_entry' was unexpected)"
-        )
-        self.assertIn(expected_error, str(cm.exception))
-
         input_location = self.data / "laravel-7.12.0" / "bom.1.4.json"
         bom = cyclonedx.get_bom_instance_from_file(input_location)
         self.assertIsInstance(bom, Bom)
         self.assertEqual(62, len(bom.components))
         self.assertEqual(63, len(bom.dependencies))
 
     def test_scanpipe_cyclonedx_resolve_cyclonedx_packages(self):
-        input_location = self.data / "missing_schema.json"
-        with self.assertRaises(ValueError) as cm:
-            cyclonedx.resolve_cyclonedx_packages(input_location)
-        expected_error = (
-            'CycloneDX document "missing_schema.json" is not valid:\n'
-            "Additional properties are not allowed ('invalid_entry' was unexpected)"
-        )
-        self.assertIn(expected_error, str(cm.exception))
-
         packages = cyclonedx.resolve_cyclonedx_packages(self.bom_file)
         self.assertEqual(3, len(packages))