cmd/govulncheck_compare: don't exit on analysis failure
It seems that sometimes analysis of a binary or respective source code
in the compare mode can result in failure. Before this CL, we would
immediatelly stop. Now, we remember the error and continue with
analyzing other binaries.
This should increase coverage and result in error log with both package
and version info included, needed for debugging.
Change-Id: I65418b0cbc4f0f7d33a296e84d6911bc77e4a275
Reviewed-on: https://go-review.googlesource.com/c/pkgsite-metrics/+/524577
Reviewed-by: Maceo Thompson <maceothompson@google.com>
Run-TryBot: Zvonimir Pavlinovic <zpavlinovic@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
diff --git a/cmd/govulncheck_compare/govulncheck_compare.go b/cmd/govulncheck_compare/govulncheck_compare.go
index f92be37..f29035c 100644
--- a/cmd/govulncheck_compare/govulncheck_compare.go
+++ b/cmd/govulncheck_compare/govulncheck_compare.go
@@ -46,10 +46,6 @@
modulePath := args[1]
vulndbPath := args[2]
- response := govulncheck.CompareResponse{
- FindingsForMod: make(map[string]*govulncheck.ComparePair),
- }
-
binaries, err := buildbinary.FindAndBuildBinaries(modulePath)
if err != nil {
fail(err)
@@ -57,6 +53,9 @@
}
defer removeBinaries(binaries)
+ response := govulncheck.CompareResponse{
+ FindingsForMod: make(map[string]*govulncheck.ComparePair),
+ }
for _, binary := range binaries {
pair := &govulncheck.ComparePair{
BinaryResults: govulncheck.SandboxResponse{Stats: govulncheck.ScanStats{BuildTime: binary.BuildTime}},
@@ -71,14 +70,13 @@
pair.SourceResults.Findings, err = govulncheck.RunGovulncheckCmd(govulncheckPath, govulncheck.FlagSource, binary.ImportPath, modulePath, vulndbPath, &pair.SourceResults.Stats)
if err != nil {
- fail(err)
- return
+ pair.Error = err.Error()
+ continue
}
pair.BinaryResults.Findings, err = govulncheck.RunGovulncheckCmd(govulncheckPath, govulncheck.FlagBinary, binary.BinaryPath, modulePath, vulndbPath, &pair.BinaryResults.Stats)
if err != nil {
- fail(err)
- return
+ pair.Error = err.Error()
}
}
diff --git a/internal/worker/govulncheck_scan.go b/internal/worker/govulncheck_scan.go
index b3cb27d..8ac5bc0 100644
--- a/internal/worker/govulncheck_scan.go
+++ b/internal/worker/govulncheck_scan.go
@@ -236,9 +236,9 @@
var rows []bigquery.Row
for pkg, results := range response.FindingsForMod {
if results.Error != "" {
- // Just log error if binary failed to build. Otherwise, we'd have
- // to create bq rows for both binary and source compare modes.
- log.Errorf(ctx, errors.New(results.Error), "building binary failed: %s %s", pkg, sreq.Path())
+ // Just log error if binary failed to build or the analysis failed.
+ // TODO: should we save those rows? This would complicate clients, namely the dashboards.
+ log.Errorf(ctx, errors.New(results.Error), "building/analyzing binary failed: %s %s", pkg, sreq.Path())
continue
}