Skip to content

Commit ea74e27

Browse files
authored
Protect scanRepository flow from empty scan results (#1356)
1 parent f18ca60 commit ea74e27

2 files changed

Lines changed: 7 additions & 9 deletions

File tree

scanrepository/scanrepository.go

Lines changed: 7 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -149,6 +149,13 @@ func (sr *ScanRepositoryCmd) scanAndFixBranch(repository *utils.Repository) (tot
149149
return 0, err
150150
}
151151
}
152+
if scanResults == nil {
153+
err = fmt.Errorf("scan returned empty results for branch '%s'", sr.scanDetails.BaseBranch())
154+
if err = utils.CreateErrorIfFailUponScannerErrorEnabled(repository.GeneralConfig.FailUponAnyScannerError, fmt.Sprintf("An error occurred during Audit execution for '%s' branch. Downstream processing will be skipped", sr.scanDetails.BaseBranch()), err); err != nil {
155+
return 0, err
156+
}
157+
return 0, nil
158+
}
152159
defer func() {
153160
// Always check policy even if an error occurred during the scan
154161
err = errors.Join(err, policy.CheckPolicyFailBuildError(scanResults))
@@ -497,10 +504,6 @@ func (sr *ScanRepositoryCmd) switchToTempWorkingDir() (tempWd string, restoreDir
497504

498505
// Create a vulnerabilities map - a map with 'impacted package' as a key and all the necessary information of this vulnerability as value.
499506
func (sr *ScanRepositoryCmd) createVulnerabilitiesMap(failUponError bool, scanResults *results.SecurityCommandResults) (map[string]*utils.VulnerabilityDetails, error) {
500-
if scanResults == nil {
501-
log.Info("No scan results found")
502-
return nil, nil
503-
}
504507
vulnerabilitiesMap := map[string]*utils.VulnerabilityDetails{}
505508
simpleJsonResult, err := conversion.NewCommandResultsConvertor(conversion.ResultConvertParams{IncludeVulnerabilities: scanResults.IncludesVulnerabilities(), HasViolationContext: scanResults.HasViolationContext()}).ConvertToSimpleJson(scanResults)
506509
if err != nil {

scanrepository/scanrepository_test.go

Lines changed: 0 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -486,11 +486,6 @@ func TestCreateVulnerabilitiesMap(t *testing.T) {
486486
scanResults *results.SecurityCommandResults
487487
expectedMap map[string]*utils.VulnerabilityDetails
488488
}{
489-
{
490-
name: "No results",
491-
scanResults: nil,
492-
expectedMap: map[string]*utils.VulnerabilityDetails{},
493-
},
494489
{
495490
name: "Scan results with no violations and vulnerabilities",
496491
scanResults: &results.SecurityCommandResults{Targets: []*results.TargetResults{{

0 commit comments

Comments
 (0)