chore: Add guard rails against nil pkg in event for JSON report generator

2025-12-10 00:22:08 -06:00 · 2023-12-29 15:26:48 +05:30 · 2023-12-29 15:26:48 +05:30 · d63e9277c7
commit d63e9277c7
parent 273d999561
2 changed files with 11 additions and 1 deletions
--- a/pkg/analyzer/analyzer.go
+++ b/pkg/analyzer/analyzer.go
@ -10,8 +10,10 @@ type AnalyzerEventType string

 const (
 	ET_FilterExpressionMatched = AnalyzerEventType("ev_pkg_filter_match")
-	ET_LockfilePoisoningSignal = AnalyzerEventType("ev_lockfile_poisoning")
 	ET_AnalyzerFailOnError     = AnalyzerEventType("ev_fail_on_error")
+
+	// Following event types must set the Threat field
+	ET_LockfilePoisoningSignal = AnalyzerEventType("ev_lockfile_poisoning")
 )

 type AnalyzerEvent struct {
--- a/pkg/reporter/json_report.go
+++ b/pkg/reporter/json_report.go
@ -79,6 +79,14 @@ func (r *jsonReportGenerator) handleThreatEvent(event *analyzer.AnalyzerEvent) {
 		return
 	}

+	if event.Threat.SubjectType == jsonreportspec.ReportThreat_Manifest && event.Manifest == nil {
+		return
+	}
+
+	if event.Threat.SubjectType == jsonreportspec.ReportThreat_Package && event.Package == nil {
+		return
+	}
+
 	switch event.Threat.SubjectType {
 	case jsonreportspec.ReportThreat_Manifest:
 		manifest := r.findPackageManifestReport(event.Manifest)