Resolve lints

google · Jan 17, 2025 · 0f286eb · 0f286eb
1 parent 8f850dc
commit 0f286eb
Show file tree

Hide file tree

Showing 5 changed files with 27 additions and 14 deletions.
diff --git a/internal/clients/clientimpl/baseimagematcher/baseimagematcher.go b/internal/clients/clientimpl/baseimagematcher/baseimagematcher.go
@@ -20,8 +20,8 @@ const (
 // OSVMatcher implements the VulnerabilityMatcher interface with a osv.dev client.
 // It sends out requests for every package version and does not perform caching.
 type DepsDevBaseImageMatcher struct {
-	Client http.Client
-	r      reporter.Reporter
+	Client   http.Client
+	Reporter reporter.Reporter
 }
 
 func (matcher *DepsDevBaseImageMatcher) MatchBaseImages(ctx context.Context, layerMetadata []models.LayerMetadata) ([][]models.BaseImageDetails, error) {
@@ -44,21 +44,28 @@ func (matcher *DepsDevBaseImageMatcher) MatchBaseImages(ctx context.Context, lay
 		chainID := runningDigest
 		g.Go(func() error {
 			if ctx.Err() != nil {
-				return nil // this value doesn't matter to errgroup.Wait(), it will be ctx.Err()
+				return ctx.Err() // this value doesn't matter to errgroup.Wait(), it will be ctx.Err()
 			}
 
-			resp, err := matcher.Client.Get("https://api.deps.dev/v3alpha/querycontainerimages/" + chainID.String())
+			req, err := http.NewRequestWithContext(ctx, http.MethodGet, "https://api.deps.dev/v3alpha/querycontainerimages/"+chainID.String(), nil)
 			if err != nil {
-				matcher.r.Errorf("deps.dev API error: %s\n", err)
+				matcher.Reporter.Errorf("failed to build request: %s\n", err)
 				return nil
 			}
 
+			resp, err := matcher.Client.Do(req)
+			if err != nil {
+				matcher.Reporter.Errorf("deps.dev API error: %s\n", err)
+				return nil
+			}
+			defer resp.Body.Close()
+
 			if resp.StatusCode == http.StatusNotFound {
 				return nil
 			}
 
 			if resp.StatusCode != http.StatusOK {
-				matcher.r.Errorf("deps.dev API error: %s\n", resp.Status)
+				matcher.Reporter.Errorf("deps.dev API error: %s\n", resp.Status)
 				return nil
 			}
 
@@ -71,7 +78,7 @@ func (matcher *DepsDevBaseImageMatcher) MatchBaseImages(ctx context.Context, lay
 			d := json.NewDecoder(resp.Body)
 			err = d.Decode(&results)
 			if err != nil {
-				matcher.r.Errorf("Unexpected return type from deps.dev base image endpoint: %s", err)
+				matcher.Reporter.Errorf("Unexpected return type from deps.dev base image endpoint: %s", err)
 				return nil
 			}
 

diff --git a/pkg/models/image.go b/pkg/models/image.go
@@ -3,7 +3,7 @@ package models
 import "github.com/opencontainers/go-digest"
 
 type ImageOriginDetails struct {
-	Index int
+	Index int `json:"index"`
 }
 
 type ImageMetadata struct {

diff --git a/pkg/models/results.go b/pkg/models/results.go
@@ -190,7 +190,7 @@ type AnalysisInfo struct {
 // Specific package information
 type PackageInfo struct {
 	Name          string              `json:"name"`
-	OSPackageName string              `json:os_package_name,omitempty`
+	OSPackageName string              `json:"os_package_name,omitempty"`
 	Version       string              `json:"version"`
 	Ecosystem     string              `json:"ecosystem"`
 	Commit        string              `json:"commit,omitempty"`

diff --git a/pkg/osvscanner/internal/imagehelpers/imagehelpers.go b/pkg/osvscanner/internal/imagehelpers/imagehelpers.go
@@ -16,7 +16,7 @@ import (
 	"github.com/google/osv-scanner/pkg/reporter"
 )
 
-func BuildImageMetadata(r reporter.Reporter, img *image.Image, baseImageMatcher clientinterfaces.BaseImageMatcher) (*models.ImageMetadata, error) {
+func BuildImageMetadata(img *image.Image, baseImageMatcher clientinterfaces.BaseImageMatcher) (*models.ImageMetadata, error) {
 	chainLayers, err := img.ChainLayers()
 	if err != nil {
 		// This is very unlikely, as if this would error we would have failed the initial scan

diff --git a/pkg/osvscanner/osvscanner.go b/pkg/osvscanner/osvscanner.go
@@ -134,7 +134,8 @@ func initializeExternalAccessors(r reporter.Reporter, actions ScannerActions) (E
 	// --- Base Image Matcher ---
 	if actions.Image != "" || actions.ScanOCIImage != "" {
 		externalAccessors.BaseImageMatcher = &baseimagematcher.DepsDevBaseImageMatcher{
-			Client: *http.DefaultClient,
+			Client:   *http.DefaultClient,
+			Reporter: r,
 		}
 	}
 
@@ -272,7 +273,7 @@ func DoContainerScan(actions ScannerActions, r reporter.Reporter) (models.Vulner
 	// --- Setup Accessors/Clients ---
 	accessors, err := initializeExternalAccessors(r, actions)
 	if err != nil {
-		return models.VulnerabilityResults{}, fmt.Errorf("failed to initialize accessors: %v", err)
+		return models.VulnerabilityResults{}, fmt.Errorf("failed to initialize accessors: %w", err)
 	}
 
 	// --- Initialize Image To Scan ---
@@ -296,7 +297,12 @@ func DoContainerScan(actions ScannerActions, r reporter.Reporter) (models.Vulner
 	if err != nil {
 		return models.VulnerabilityResults{}, err
 	}
-	defer img.CleanUp()
+	defer func() {
+		err := img.CleanUp()
+		if err != nil {
+			r.Errorf("Failed to clean up image: %s\n", err)
+		}
+	}()
 
 	// --- Do Scalibr Scan ---
 	scanner := scalibr.New()
@@ -319,7 +325,7 @@ func DoContainerScan(actions ScannerActions, r reporter.Reporter) (models.Vulner
 	}
 
 	// --- Fill Image Metadata ---
-	scanResult.ImageMetadata, err = imagehelpers.BuildImageMetadata(r, img, accessors.BaseImageMatcher)
+	scanResult.ImageMetadata, err = imagehelpers.BuildImageMetadata(img, accessors.BaseImageMatcher)
 	if err != nil { // Not getting image metadata is not fatal
 		r.Errorf("Failed to fully get image metadata: %v", err)
 	}