fix(purl): skip unsupported library type (aquasecurity#4577)

DmitriyLewen · Jun 8, 2023 · c20d466 · c20d466
1 parent 52cbe79
commit c20d466
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 17 deletions.
diff --git a/pkg/detector/library/detect.go b/pkg/detector/library/detect.go
@@ -1,8 +1,6 @@
 package library
 
 import (
-	"errors"
-
 	"golang.org/x/xerrors"
 
 	ftypes "github.com/aquasecurity/trivy/pkg/fanal/types"
@@ -11,12 +9,9 @@ import (
 
 // Detect scans and returns vulnerabilities of library
 func Detect(libType string, pkgs []ftypes.Package) ([]types.DetectedVulnerability, error) {
-	driver, err := NewDriver(libType)
-	if err != nil {
-		if errors.Is(err, ErrSBOMSupportOnly) {
-			return nil, nil
-		}
-		return nil, xerrors.Errorf("failed to initialize a driver: %w", err)
+	driver, ok := NewDriver(libType)
+	if !ok {
+		return nil, nil
 	}
 
 	vulns, err := detect(driver, pkgs)

diff --git a/pkg/detector/library/driver.go b/pkg/detector/library/driver.go
@@ -19,10 +19,8 @@ import (
 	"github.com/aquasecurity/trivy/pkg/types"
 )
 
-var ErrSBOMSupportOnly = xerrors.New("SBOM support only")
-
 // NewDriver returns a driver according to the library type
-func NewDriver(libType string) (Driver, error) {
+func NewDriver(libType string) (Driver, bool) {
 	var ecosystem dbTypes.Ecosystem
 	var comparer compare.Comparer
 
@@ -64,18 +62,19 @@ func NewDriver(libType string) (Driver, error) {
 		comparer = compare.GenericComparer{}
 	case ftypes.Cocoapods:
 		log.Logger.Warn("CocoaPods is supported for SBOM, not for vulnerability scanning")
-		return Driver{}, ErrSBOMSupportOnly
+		return Driver{}, false
 	case ftypes.CondaPkg:
 		log.Logger.Warn("Conda package is supported for SBOM, not for vulnerability scanning")
-		return Driver{}, ErrSBOMSupportOnly
+		return Driver{}, false
 	default:
-		return Driver{}, xerrors.Errorf("unsupported type %s", libType)
+		log.Logger.Warnf("The %q library type is not supported for vulnerability scanning", libType)
+		return Driver{}, false
 	}
 	return Driver{
 		ecosystem: ecosystem,
 		comparer:  comparer,
 		dbc:       db.Config{},
-	}, nil
+	}, true
 }
 
 // Driver represents security advisories for each programming language

diff --git a/pkg/detector/library/driver_test.go b/pkg/detector/library/driver_test.go
@@ -164,8 +164,8 @@ func TestDriver_Detect(t *testing.T) {
 			_ = dbtest.InitDB(t, tt.fixtures)
 			defer db.Close()
 
-			driver, err := library.NewDriver(tt.libType)
-			require.NoError(t, err)
+			driver, ok := library.NewDriver(tt.libType)
+			require.True(t, ok)
 
 			got, err := driver.DetectVulnerabilities("", tt.args.pkgName, tt.args.pkgVer)
 			if tt.wantErr != "" {