diff --git a/internal/clients/clientimpl/baseimagematcher/baseimagematcher.go b/internal/clients/clientimpl/baseimagematcher/baseimagematcher.go index f36e7fb58f8..9c5645bd22e 100644 --- a/internal/clients/clientimpl/baseimagematcher/baseimagematcher.go +++ b/internal/clients/clientimpl/baseimagematcher/baseimagematcher.go @@ -20,8 +20,8 @@ const ( // OSVMatcher implements the VulnerabilityMatcher interface with a osv.dev client. // It sends out requests for every package version and does not perform caching. type DepsDevBaseImageMatcher struct { - Client http.Client - r reporter.Reporter + Client http.Client + Reporter reporter.Reporter } func (matcher *DepsDevBaseImageMatcher) MatchBaseImages(ctx context.Context, layerMetadata []models.LayerMetadata) ([][]models.BaseImageDetails, error) { @@ -44,21 +44,28 @@ func (matcher *DepsDevBaseImageMatcher) MatchBaseImages(ctx context.Context, lay chainID := runningDigest g.Go(func() error { if ctx.Err() != nil { - return nil // this value doesn't matter to errgroup.Wait(), it will be ctx.Err() + return ctx.Err() // this value doesn't matter to errgroup.Wait(), it will be ctx.Err() } - resp, err := matcher.Client.Get("https://api.deps.dev/v3alpha/querycontainerimages/" + chainID.String()) + req, err := http.NewRequestWithContext(ctx, http.MethodGet, "https://api.deps.dev/v3alpha/querycontainerimages/"+chainID.String(), nil) if err != nil { - matcher.r.Errorf("deps.dev API error: %s\n", err) + matcher.Reporter.Errorf("failed to build request: %s\n", err) return nil } + resp, err := matcher.Client.Do(req) + if err != nil { + matcher.Reporter.Errorf("deps.dev API error: %s\n", err) + return nil + } + defer resp.Body.Close() + if resp.StatusCode == http.StatusNotFound { return nil } if resp.StatusCode != http.StatusOK { - matcher.r.Errorf("deps.dev API error: %s\n", resp.Status) + matcher.Reporter.Errorf("deps.dev API error: %s\n", resp.Status) return nil } @@ -71,7 +78,7 @@ func (matcher *DepsDevBaseImageMatcher) MatchBaseImages(ctx context.Context, lay d := json.NewDecoder(resp.Body) err = d.Decode(&results) if err != nil { - matcher.r.Errorf("Unexpected return type from deps.dev base image endpoint: %s", err) + matcher.Reporter.Errorf("Unexpected return type from deps.dev base image endpoint: %s", err) return nil } diff --git a/pkg/models/image.go b/pkg/models/image.go index dcf467b8bd5..381a6b51bda 100644 --- a/pkg/models/image.go +++ b/pkg/models/image.go @@ -3,7 +3,7 @@ package models import "github.com/opencontainers/go-digest" type ImageOriginDetails struct { - Index int + Index int `json:"index"` } type ImageMetadata struct { diff --git a/pkg/models/results.go b/pkg/models/results.go index f6d21ab7768..d5cefa3d9ee 100644 --- a/pkg/models/results.go +++ b/pkg/models/results.go @@ -190,7 +190,7 @@ type AnalysisInfo struct { // Specific package information type PackageInfo struct { Name string `json:"name"` - OSPackageName string `json:os_package_name,omitempty` + OSPackageName string `json:"os_package_name,omitempty"` Version string `json:"version"` Ecosystem string `json:"ecosystem"` Commit string `json:"commit,omitempty"` diff --git a/pkg/osvscanner/internal/imagehelpers/imagehelpers.go b/pkg/osvscanner/internal/imagehelpers/imagehelpers.go index a566eef7428..7a989294fa0 100644 --- a/pkg/osvscanner/internal/imagehelpers/imagehelpers.go +++ b/pkg/osvscanner/internal/imagehelpers/imagehelpers.go @@ -16,7 +16,7 @@ import ( "github.com/google/osv-scanner/pkg/reporter" ) -func BuildImageMetadata(r reporter.Reporter, img *image.Image, baseImageMatcher clientinterfaces.BaseImageMatcher) (*models.ImageMetadata, error) { +func BuildImageMetadata(img *image.Image, baseImageMatcher clientinterfaces.BaseImageMatcher) (*models.ImageMetadata, error) { chainLayers, err := img.ChainLayers() if err != nil { // This is very unlikely, as if this would error we would have failed the initial scan diff --git a/pkg/osvscanner/osvscanner.go b/pkg/osvscanner/osvscanner.go index 6fa1577728f..8ffbcfc82e9 100644 --- a/pkg/osvscanner/osvscanner.go +++ b/pkg/osvscanner/osvscanner.go @@ -134,7 +134,8 @@ func initializeExternalAccessors(r reporter.Reporter, actions ScannerActions) (E // --- Base Image Matcher --- if actions.Image != "" || actions.ScanOCIImage != "" { externalAccessors.BaseImageMatcher = &baseimagematcher.DepsDevBaseImageMatcher{ - Client: *http.DefaultClient, + Client: *http.DefaultClient, + Reporter: r, } } @@ -272,7 +273,7 @@ func DoContainerScan(actions ScannerActions, r reporter.Reporter) (models.Vulner // --- Setup Accessors/Clients --- accessors, err := initializeExternalAccessors(r, actions) if err != nil { - return models.VulnerabilityResults{}, fmt.Errorf("failed to initialize accessors: %v", err) + return models.VulnerabilityResults{}, fmt.Errorf("failed to initialize accessors: %w", err) } // --- Initialize Image To Scan --- @@ -296,7 +297,12 @@ func DoContainerScan(actions ScannerActions, r reporter.Reporter) (models.Vulner if err != nil { return models.VulnerabilityResults{}, err } - defer img.CleanUp() + defer func() { + err := img.CleanUp() + if err != nil { + r.Errorf("Failed to clean up image: %s\n", err) + } + }() // --- Do Scalibr Scan --- scanner := scalibr.New() @@ -319,7 +325,7 @@ func DoContainerScan(actions ScannerActions, r reporter.Reporter) (models.Vulner } // --- Fill Image Metadata --- - scanResult.ImageMetadata, err = imagehelpers.BuildImageMetadata(r, img, accessors.BaseImageMatcher) + scanResult.ImageMetadata, err = imagehelpers.BuildImageMetadata(img, accessors.BaseImageMatcher) if err != nil { // Not getting image metadata is not fatal r.Errorf("Failed to fully get image metadata: %v", err) }