fix bugs that causes panic on query vuln on sbom uri search (#2140)

Signed-off-by: pxp928 <parth.psu@gmail.com>
guacsec · Sep 22, 2024 · ce75d1f · ce75d1f
1 parent 9dbf407
commit ce75d1f
Showing 1 changed file with 12 additions and 13 deletions.
diff --git a/cmd/guacone/cmd/vulnerability.go b/cmd/guacone/cmd/vulnerability.go
@@ -140,17 +140,19 @@ func printVulnInfo(ctx context.Context, gqlclient graphql.Client, t table.Writer
 	if len(depVulnPath) == 0 {
 		occur := searchArtToPkg(ctx, gqlclient, opts.searchString, logger)
 
-		subjectPackage, ok := occur.IsOccurrence[0].Subject.(*model.AllIsOccurrencesTreeSubjectPackage)
-		if ok {
-			// The primaryCall parameter in searchForSBOMViaPkg is there for us to know that
-			// the searchString is expected to be an artifact, but isn't, so we have to check via PURLs instead of artifacts.
-			depVulnPath, depVulnTableRows, err = guacanalytics.SearchForSBOMViaPkg(ctx, gqlclient, subjectPackage.Namespaces[0].Names[0].Versions[0].Id, opts.depth, false)
-			if err != nil {
-				logger.Fatalf("error searching via hasSBOM: %v", err)
-			}
+		if occur != nil && len(occur.IsOccurrence) > 0 {
+			subjectPackage, ok := occur.IsOccurrence[0].Subject.(*model.AllIsOccurrencesTreeSubjectPackage)
+			if ok {
+				// The primaryCall parameter in searchForSBOMViaPkg is there for us to know that
+				// the searchString is expected to be an artifact, but isn't, so we have to check via PURLs instead of artifacts.
+				depVulnPath, depVulnTableRows, err = guacanalytics.SearchForSBOMViaPkg(ctx, gqlclient, subjectPackage.Namespaces[0].Names[0].Versions[0].Id, opts.depth, false)
+				if err != nil {
+					logger.Fatalf("error searching via hasSBOM: %v", err)
+				}
 
-			path = append(path, depVulnPath...)
-			tableRows = append(tableRows, depVulnTableRows...)
+				path = append(path, depVulnPath...)
+				tableRows = append(tableRows, depVulnTableRows...)
+			}
 		}
 	}
 
@@ -214,9 +216,6 @@ func printVulnInfoByVulnId(ctx context.Context, gqlclient graphql.Client, t tabl
 		if err != nil {
 			logger.Fatalf("failed getting hasSBOM via URI: %s with error: %w", opts.searchString, err)
 		}
-		if len(foundHasSBOM.HasSBOM) != 1 {
-			logger.Fatalf("failed to located singular hasSBOM based on URI")
-		}
 		if pkgResponse, ok := foundHasSBOM.HasSBOM[0].Subject.(*model.AllHasSBOMTreeSubjectPackage); ok {
 			var vulnNeighborError error
 			path, tableRows, vulnNeighborError = queryVulnsViaVulnNodeNeighbors(ctx, gqlclient, pkgResponse.Namespaces[0].Names[0].Versions[0].Id, vulnResponse.Vulnerabilities, opts.depth, opts.pathsToReturn)