From f61725c28b56d80fb46395479842a2ab0c517c5f Mon Sep 17 00:00:00 2001 From: Aqua Security automated builds <54269356+aqua-bot@users.noreply.github.com> Date: Wed, 31 Jul 2024 15:56:18 +0300 Subject: [PATCH] fix(java): Return error when trying to find a remote pom to avoid segfault [backport: release/v0.54] (#7283) Co-authored-by: Colm O hEigeartaigh Co-authored-by: DmitriyLewen --- pkg/dependency/parser/java/pom/parse.go | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/pkg/dependency/parser/java/pom/parse.go b/pkg/dependency/parser/java/pom/parse.go index 550c5761c6ee..cbd7bf47db17 100644 --- a/pkg/dependency/parser/java/pom/parse.go +++ b/pkg/dependency/parser/java/pom/parse.go @@ -13,7 +13,7 @@ import ( "sort" "strings" - multierror "github.com/hashicorp/go-multierror" + "github.com/hashicorp/go-multierror" "github.com/samber/lo" "golang.org/x/net/html/charset" "golang.org/x/xerrors" @@ -680,18 +680,15 @@ func (p *Parser) fetchPOMFromRemoteRepositories(paths []string, snapshot bool) ( func (p *Parser) remoteRepoRequest(repo string, paths []string) (*http.Request, error) { repoURL, err := url.Parse(repo) if err != nil { - p.logger.Error("URL parse error", log.String("repo", repo)) - return nil, nil + return nil, xerrors.Errorf("unable to parse URL: %w", err) } paths = append([]string{repoURL.Path}, paths...) repoURL.Path = path.Join(paths...) - logger := p.logger.With(log.String("host", repoURL.Host), log.String("path", repoURL.Path)) req, err := http.NewRequest("GET", repoURL.String(), http.NoBody) if err != nil { - logger.Debug("HTTP request failed") - return nil, nil + return nil, xerrors.Errorf("unable to create HTTP request: %w", err) } if repoURL.User != nil { password, _ := repoURL.User.Password() @@ -709,7 +706,8 @@ func (p *Parser) fetchPomFileNameFromMavenMetadata(repo string, paths []string) req, err := p.remoteRepoRequest(repo, mavenMetadataPaths) if err != nil { - return "", xerrors.Errorf("unable to create request for maven-metadata.xml file") + p.logger.Debug("Unable to create request", log.String("repo", repo), log.Err(err)) + return "", nil } client := &http.Client{} @@ -739,7 +737,8 @@ func (p *Parser) fetchPomFileNameFromMavenMetadata(repo string, paths []string) func (p *Parser) fetchPOMFromRemoteRepository(repo string, paths []string) (*pom, error) { req, err := p.remoteRepoRequest(repo, paths) if err != nil { - return nil, xerrors.Errorf("unable to create request for pom file") + p.logger.Debug("Unable to create request", log.String("repo", repo), log.Err(err)) + return nil, nil } client := &http.Client{}