From 52c423f8dc59b3f3782ac05a3cb25dd335e83009 Mon Sep 17 00:00:00 2001
From: nathannaveen <42319948+nathannaveen@users.noreply.github.com>
Date: Mon, 30 Sep 2024 15:05:19 -0500
Subject: [PATCH] Fixed errors and removed duplicates

Signed-off-by: nathannaveen <42319948+nathannaveen@users.noreply.github.com>
---
 cmd/guacone/cmd/vulnerability.go   | 15 +++++++++------
 pkg/guacanalytics/searchForSBOM.go | 23 ++++++++++++++---------
 2 files changed, 23 insertions(+), 15 deletions(-)

diff --git a/cmd/guacone/cmd/vulnerability.go b/cmd/guacone/cmd/vulnerability.go
index 9338489d53..1e5c40d71b 100644
--- a/cmd/guacone/cmd/vulnerability.go
+++ b/cmd/guacone/cmd/vulnerability.go
@@ -169,7 +169,7 @@ func printVulnInfo(ctx context.Context, gqlclient graphql.Client, t table.Writer
 			logger.Fatalf("error searching via hasSBOM for package: %v", err)
 		}
 
-		if len(depVulnPaths) == 0 {
+		if len(depVulnPaths) == 0 && opts.inputType == purlType {
 			depVulnPaths, depVulnTableRows, err = findConnectedArtAndSearchViaArt(ctx, gqlclient, opts)
 			if err != nil {
 				logger.Fatalf("error finding artifact connected to package and searching via artifact: %v", err)
@@ -210,14 +210,17 @@ func findConnectedArtAndSearchViaArt(ctx context.Context, gqlclient graphql.Clie
 		return nil, nil, fmt.Errorf("error getting occurrences for package: %v", err)
 	}
 
-	art := occ.IsOccurrence[0].Artifact
+	if len(occ.IsOccurrence) > 0 {
+		art := occ.IsOccurrence[0].Artifact
 
-	newSearchString := art.Algorithm + ":" + art.Digest
+		newSearchString := art.Algorithm + ":" + art.Digest
 
-	depVulnPaths, depVulnTableRows, err = guacanalytics.SearchForSBOMViaArtifact(ctx, gqlclient, newSearchString, opts.depth)
-	if err != nil {
-		return nil, nil, fmt.Errorf("error searching via hasSBOM for artifact: %v", err)
+		depVulnPaths, depVulnTableRows, err = guacanalytics.SearchForSBOMViaArtifact(ctx, gqlclient, newSearchString, opts.depth)
+		if err != nil {
+			return nil, nil, fmt.Errorf("error searching via hasSBOM for artifact: %v", err)
+		}
 	}
+
 	return depVulnPaths, depVulnTableRows, nil
 }
 
diff --git a/pkg/guacanalytics/searchForSBOM.go b/pkg/guacanalytics/searchForSBOM.go
index 84cf3632fd..7d9a46bc58 100644
--- a/pkg/guacanalytics/searchForSBOM.go
+++ b/pkg/guacanalytics/searchForSBOM.go
@@ -233,6 +233,7 @@ func SearchForSBOMViaPkg(ctx context.Context, gqlclient graphql.Client, searchSt
 	var tableRows []table.Row
 	checkedPkgIDs := make(map[string]bool)
 	var collectedPkgVersionResults []*pkgVersionNeighborQueryResults
+	AlreadyIncludedTableRows := make(map[string]bool)
 
 	queue := make([]string, 0) // the queue of nodes in bfs
 	type dfsNode struct {
@@ -354,16 +355,20 @@ func SearchForSBOMViaPkg(ctx context.Context, gqlclient graphql.Client, searchSt
 			if certifyVuln, ok := neighbor.(*model.NeighborsNeighborsCertifyVuln); ok {
 				if !checkedCertifyVulnIDs[certifyVuln.Id] && certifyVuln.Vulnerability.Type != noVulnType {
 					checkedCertifyVulnIDs[certifyVuln.Id] = true
-					for _, vuln := range certifyVuln.Vulnerability.VulnerabilityIDs {
-						tableRows = append(tableRows, table.Row{certifyVulnStr, certifyVuln.Id, "vulnerability ID: " + vuln.VulnerabilityID})
-						path = append(path, []string{vuln.Id, certifyVuln.Id,
-							certifyVuln.Package.Namespaces[0].Names[0].Versions[0].Id,
-							certifyVuln.Package.Namespaces[0].Names[0].Id, certifyVuln.Package.Namespaces[0].Id,
-							certifyVuln.Package.Id}...)
+					if !AlreadyIncludedTableRows[certifyVuln.Vulnerability.VulnerabilityIDs[0].VulnerabilityID] {
+						for _, vuln := range certifyVuln.Vulnerability.VulnerabilityIDs {
+							tableRows = append(tableRows, table.Row{certifyVulnStr, certifyVuln.Id, "vulnerability ID: " + vuln.VulnerabilityID})
+							path = append(path, []string{vuln.Id, certifyVuln.Id,
+								certifyVuln.Package.Namespaces[0].Names[0].Versions[0].Id,
+								certifyVuln.Package.Namespaces[0].Names[0].Id, certifyVuln.Package.Namespaces[0].Id,
+								certifyVuln.Package.Id}...)
+						}
+						path = append(path, result.isDep.Id, result.isDep.Package.Namespaces[0].Names[0].Versions[0].Id,
+							result.isDep.Package.Namespaces[0].Names[0].Id, result.isDep.Package.Namespaces[0].Id,
+							result.isDep.Package.Id)
+
+						AlreadyIncludedTableRows[certifyVuln.Vulnerability.VulnerabilityIDs[0].VulnerabilityID] = true
 					}
-					path = append(path, result.isDep.Id, result.isDep.Package.Namespaces[0].Names[0].Versions[0].Id,
-						result.isDep.Package.Namespaces[0].Names[0].Id, result.isDep.Package.Namespaces[0].Id,
-						result.isDep.Package.Id)
 				}
 			}