🐛 Handle osvscanner errors on projects with no dependencies (#3803)

* handle osv errors for projects without packages Signed-off-by: Spencer Schrock <sschrock@google.com> * make test parallel Signed-off-by: Spencer Schrock <sschrock@google.com> --------- Signed-off-by: Spencer Schrock <sschrock@google.com>
2024-07-14 19:40:37 +03:00 · 2024-01-19 11:13:40 -08:00 · 2024-01-19 11:13:40 -08:00 · b556d932a4
commit b556d932a4
parent 51f1732750
2 changed files with 15 additions and 1 deletions
--- a/clients/osv.go
+++ b/clients/osv.go
@ -56,7 +56,9 @@ func (v osvClient) ListUnfixedVulnerabilities(

 	response := VulnerabilitiesResponse{}

-	if err == nil { // No vulns found
+	// either no vulns found, or no packages detected by osvscanner, which likely means no vulns
+	// while there could still be vulns, not detecting any packages shouldn't be a runtime error.
+	if err == nil || errors.Is(err, osvscanner.NoPackagesFoundErr) {
 		return response, nil
 	}

--- a/clients/osv_test.go
+++ b/clients/osv_test.go
@ -14,6 +14,7 @@
 package clients

 import (
+	"context"
 	"reflect"
 	"testing"
 )
@ -46,3 +47,14 @@ func TestRemoveDuplicate(t *testing.T) {
 		})
 	}
 }
+
+func TestEmptyProject(t *testing.T) {
+	t.Parallel()
+	var client osvClient
+	var commit string
+	emptyDir := t.TempDir()
+	_, err := client.ListUnfixedVulnerabilities(context.Background(), commit, emptyDir)
+	if err != nil {
+		t.Fatalf("empty directory shouldn't throw an error: %v", err)
+	}
+}