google · another-rex · Mar 13, 2024 · Mar 13, 2024 · Mar 13, 2024 · Mar 13, 2024
diff --git a/cmd/osv-scanner/__snapshots__/update_test.snap b/cmd/osv-scanner/__snapshots__/update_test.snap
@@ -25,7 +25,7 @@
     <dependency>
       <groupId>com.fasterxml.jackson.core</groupId>
       <artifactId>jackson-core</artifactId>
-      <version>2.17.0-rc1</version>
+      <version>2.17.0</version>
     </dependency>
     <dependency>
       <groupId>junit</groupId>

diff --git a/cmd/osv-scanner/main.go b/cmd/osv-scanner/main.go
@@ -59,6 +59,9 @@ func run(args []string, stdout, stderr io.Writer) int {
 		case errors.Is(err, osvscanner.NoPackagesFoundErr):
 			r.Errorf("No package sources found, --help for usage information.\n")
 			return 128
+		case errors.Is(err, osvscanner.ErrAPIFailed):
+			r.Errorf("%v\n", err)
+			return 129
 		}
 		r.Errorf("%v\n", err)
 	}

diff --git a/exit_code_redirect.sh b/exit_code_redirect.sh
@@ -47,4 +47,4 @@ if [[ $exit_code -eq 127 || $exit_code -eq 128 ]]; then
 fi
 
 # Exit with the modified exit code
-exit $exit_code
+exit $exit_code
diff --git a/pkg/osv/osv.go b/pkg/osv/osv.go
@@ -28,6 +28,7 @@ const (
 	// number of queries exceed this number
 	maxQueriesPerRequest  = 1000
 	maxConcurrentRequests = 25
+	maxRetryAttempts      = 3
 )
 
 var RequestUserAgent = ""
@@ -321,8 +322,7 @@ func HydrateWithClient(resp *BatchedResponse, client *http.Client) (*HydratedBat
 func makeRetryRequest(action func() (*http.Response, error)) (*http.Response, error) {
 	var resp *http.Response
 	var err error
-	retries := 3
-	for i := 0; i < retries; i++ {
+	for i := 0; i < maxRetryAttempts; i++ {
 		resp, err = action()
 		if err == nil {
 			break

diff --git a/pkg/osvscanner/osvscanner.go b/pkg/osvscanner/osvscanner.go
@@ -73,6 +73,9 @@ var VulnerabilitiesFoundErr = errors.New("vulnerabilities found")
 //nolint:errname,stylecheck // Would require version bump to change
 var OnlyUncalledVulnerabilitiesFoundErr = errors.New("only uncalled vulnerabilities found")
 
+// ErrAPIFailed describes errors related to querying API endpoints.
+var ErrAPIFailed = errors.New("API query failed")
+
 var (
 	vendoredLibNames = map[string]struct{}{
 		"3rdparty":    {},
@@ -932,7 +935,7 @@ func makeRequest(
 	if compareLocally {
 		hydratedResp, err := local.MakeRequest(r, query, compareOffline, localDBPath)
 		if err != nil {
-			return &osv.HydratedBatchedResponse{}, fmt.Errorf("scan failed %w", err)
+			return &osv.HydratedBatchedResponse{}, fmt.Errorf("local comparison failed %w", err)
 		}
 
 		return hydratedResp, nil
@@ -944,12 +947,12 @@ func makeRequest(
 
 	resp, err := osv.MakeRequest(query)
 	if err != nil {
-		return &osv.HydratedBatchedResponse{}, fmt.Errorf("scan failed %w", err)
+		return &osv.HydratedBatchedResponse{}, fmt.Errorf("%w: osv.dev query failed: %w", ErrAPIFailed, err)
 	}
 
 	hydratedResp, err := osv.Hydrate(resp)
 	if err != nil {
-		return &osv.HydratedBatchedResponse{}, fmt.Errorf("failed to hydrate OSV response: %w", err)
+		return &osv.HydratedBatchedResponse{}, fmt.Errorf("%w: failed to hydrate OSV response: %w", ErrAPIFailed, err)
 	}
 
 	return hydratedResp, nil
@@ -966,7 +969,7 @@ func makeLicensesRequests(packages []scannedPackage) ([][]models.License, error)
 	}
 	licenses, err := depsdev.MakeVersionRequests(queries)
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("%w: deps.dev query failed: %w", ErrAPIFailed, err)
 	}
 
 	return licenses, nil