mirror of
https://github.com/ossf/scorecard.git
synced 2024-08-16 11:50:37 +03:00
🐛 Handle osvscanner errors on projects with no dependencies (#3803)
* handle osv errors for projects without packages Signed-off-by: Spencer Schrock <sschrock@google.com> * make test parallel Signed-off-by: Spencer Schrock <sschrock@google.com> --------- Signed-off-by: Spencer Schrock <sschrock@google.com>
This commit is contained in:
parent
51f1732750
commit
b556d932a4
@ -56,7 +56,9 @@ func (v osvClient) ListUnfixedVulnerabilities(
|
||||
|
||||
response := VulnerabilitiesResponse{}
|
||||
|
||||
if err == nil { // No vulns found
|
||||
// either no vulns found, or no packages detected by osvscanner, which likely means no vulns
|
||||
// while there could still be vulns, not detecting any packages shouldn't be a runtime error.
|
||||
if err == nil || errors.Is(err, osvscanner.NoPackagesFoundErr) {
|
||||
return response, nil
|
||||
}
|
||||
|
||||
|
@ -14,6 +14,7 @@
|
||||
package clients
|
||||
|
||||
import (
|
||||
"context"
|
||||
"reflect"
|
||||
"testing"
|
||||
)
|
||||
@ -46,3 +47,14 @@ func TestRemoveDuplicate(t *testing.T) {
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestEmptyProject(t *testing.T) {
|
||||
t.Parallel()
|
||||
var client osvClient
|
||||
var commit string
|
||||
emptyDir := t.TempDir()
|
||||
_, err := client.ListUnfixedVulnerabilities(context.Background(), commit, emptyDir)
|
||||
if err != nil {
|
||||
t.Fatalf("empty directory shouldn't throw an error: %v", err)
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user