From b556d932a49cc4004ed15c0e2333b8ac2fac252e Mon Sep 17 00:00:00 2001
From: Spencer Schrock <sschrock@google.com>
Date: Fri, 19 Jan 2024 11:13:40 -0800
Subject: [PATCH] :bug: Handle osvscanner errors on projects with no
 dependencies (#3803)

* handle osv errors for projects without packages

Signed-off-by: Spencer Schrock <sschrock@google.com>

* make test parallel

Signed-off-by: Spencer Schrock <sschrock@google.com>

---------

Signed-off-by: Spencer Schrock <sschrock@google.com>
---
 clients/osv.go      |  4 +++-
 clients/osv_test.go | 12 ++++++++++++
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/clients/osv.go b/clients/osv.go
index 01c98789..e265aa2b 100644
--- a/clients/osv.go
+++ b/clients/osv.go
@@ -56,7 +56,9 @@ func (v osvClient) ListUnfixedVulnerabilities(
 
 	response := VulnerabilitiesResponse{}
 
-	if err == nil { // No vulns found
+	// either no vulns found, or no packages detected by osvscanner, which likely means no vulns
+	// while there could still be vulns, not detecting any packages shouldn't be a runtime error.
+	if err == nil || errors.Is(err, osvscanner.NoPackagesFoundErr) {
 		return response, nil
 	}
 
diff --git a/clients/osv_test.go b/clients/osv_test.go
index 9784ffb2..a198d0ba 100644
--- a/clients/osv_test.go
+++ b/clients/osv_test.go
@@ -14,6 +14,7 @@
 package clients
 
 import (
+	"context"
 	"reflect"
 	"testing"
 )
@@ -46,3 +47,14 @@ func TestRemoveDuplicate(t *testing.T) {
 		})
 	}
 }
+
+func TestEmptyProject(t *testing.T) {
+	t.Parallel()
+	var client osvClient
+	var commit string
+	emptyDir := t.TempDir()
+	_, err := client.ListUnfixedVulnerabilities(context.Background(), commit, emptyDir)
+	if err != nil {
+		t.Fatalf("empty directory shouldn't throw an error: %v", err)
+	}
+}