From ce75d1ff64c4294a965ba1326f7a22d331e8627c Mon Sep 17 00:00:00 2001
From: Parth Patel <88045217+pxp928@users.noreply.github.com>
Date: Sat, 21 Sep 2024 21:35:13 -0400
Subject: [PATCH] fix bugs that causes panic on query vuln on sbom uri search
 (#2140)

Signed-off-by: pxp928 <parth.psu@gmail.com>
---
 cmd/guacone/cmd/vulnerability.go | 25 ++++++++++++-------------
 1 file changed, 12 insertions(+), 13 deletions(-)

diff --git a/cmd/guacone/cmd/vulnerability.go b/cmd/guacone/cmd/vulnerability.go
index 032f0b9782..0b220a3100 100644
--- a/cmd/guacone/cmd/vulnerability.go
+++ b/cmd/guacone/cmd/vulnerability.go
@@ -140,17 +140,19 @@ func printVulnInfo(ctx context.Context, gqlclient graphql.Client, t table.Writer
 	if len(depVulnPath) == 0 {
 		occur := searchArtToPkg(ctx, gqlclient, opts.searchString, logger)
 
-		subjectPackage, ok := occur.IsOccurrence[0].Subject.(*model.AllIsOccurrencesTreeSubjectPackage)
-		if ok {
-			// The primaryCall parameter in searchForSBOMViaPkg is there for us to know that
-			// the searchString is expected to be an artifact, but isn't, so we have to check via PURLs instead of artifacts.
-			depVulnPath, depVulnTableRows, err = guacanalytics.SearchForSBOMViaPkg(ctx, gqlclient, subjectPackage.Namespaces[0].Names[0].Versions[0].Id, opts.depth, false)
-			if err != nil {
-				logger.Fatalf("error searching via hasSBOM: %v", err)
-			}
+		if occur != nil && len(occur.IsOccurrence) > 0 {
+			subjectPackage, ok := occur.IsOccurrence[0].Subject.(*model.AllIsOccurrencesTreeSubjectPackage)
+			if ok {
+				// The primaryCall parameter in searchForSBOMViaPkg is there for us to know that
+				// the searchString is expected to be an artifact, but isn't, so we have to check via PURLs instead of artifacts.
+				depVulnPath, depVulnTableRows, err = guacanalytics.SearchForSBOMViaPkg(ctx, gqlclient, subjectPackage.Namespaces[0].Names[0].Versions[0].Id, opts.depth, false)
+				if err != nil {
+					logger.Fatalf("error searching via hasSBOM: %v", err)
+				}
 
-			path = append(path, depVulnPath...)
-			tableRows = append(tableRows, depVulnTableRows...)
+				path = append(path, depVulnPath...)
+				tableRows = append(tableRows, depVulnTableRows...)
+			}
 		}
 	}
 
@@ -214,9 +216,6 @@ func printVulnInfoByVulnId(ctx context.Context, gqlclient graphql.Client, t tabl
 		if err != nil {
 			logger.Fatalf("failed getting hasSBOM via URI: %s with error: %w", opts.searchString, err)
 		}
-		if len(foundHasSBOM.HasSBOM) != 1 {
-			logger.Fatalf("failed to located singular hasSBOM based on URI")
-		}
 		if pkgResponse, ok := foundHasSBOM.HasSBOM[0].Subject.(*model.AllHasSBOMTreeSubjectPackage); ok {
 			var vulnNeighborError error
 			path, tableRows, vulnNeighborError = queryVulnsViaVulnNodeNeighbors(ctx, gqlclient, pkgResponse.Namespaces[0].Names[0].Versions[0].Id, vulnResponse.Vulnerabilities, opts.depth, opts.pathsToReturn)