diff --git a/cmd/osv-scanner/__snapshots__/main_test.snap b/cmd/osv-scanner/__snapshots__/main_test.snap index 77f42c52b3f..3b98ecc95a2 100755 --- a/cmd/osv-scanner/__snapshots__/main_test.snap +++ b/cmd/osv-scanner/__snapshots__/main_test.snap @@ -373,6 +373,29 @@ overriding license for package Packagist/league/flysystem/1.0.8 with 0BSD --- +[TestRun/config_file_is_invalid - 1] +Scanning dir ./fixtures/config-invalid +Scanned /fixtures/config-invalid/composer.lock file and found 1 package + +--- + +[TestRun/config_file_is_invalid - 2] +Ignored invalid config file at: /fixtures/config-invalid/osv-scanner.toml + +--- + +[TestRun/config_file_is_invalid#01 - 1] +Scanning dir ./fixtures/config-invalid +Scanned /fixtures/config-invalid/composer.lock file and found 1 package +Config file /fixtures/config-invalid/osv-scanner.toml is invalid because: toml: line 1: expected '.' or '=', but got '!' instead + +--- + +[TestRun/config_file_is_invalid#01 - 2] +Ignored invalid config file at: /fixtures/config-invalid/osv-scanner.toml + +--- + [TestRun/cyclonedx_1.4_output - 1] { "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", diff --git a/cmd/osv-scanner/fixtures/config-invalid/composer.lock b/cmd/osv-scanner/fixtures/config-invalid/composer.lock new file mode 100644 index 00000000000..3cfadf73cb4 --- /dev/null +++ b/cmd/osv-scanner/fixtures/config-invalid/composer.lock @@ -0,0 +1,51 @@ +{ + "_readme": [ + "This file locks the dependencies of your project to a known state", + "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file", + "This file is @generated automatically" + ], + "content-hash": "439b16dd5df2e0730bd1cc4352654d09", + "packages": [ + { + "name": "sentry/sdk", + "version": "2.0.4", + "source": { + "type": "git", + "url": "https://github.com/getsentry/sentry-php-sdk.git", + "reference": "4c115873c86ad5bd0ac6d962db70ca53bf8fb874" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/getsentry/sentry-php-sdk/zipball/4c115873c86ad5bd0ac6d962db70ca53bf8fb874", + "reference": "4c115873c86ad5bd0ac6d962db70ca53bf8fb874", + "shasum": "" + }, + "require": { + "http-interop/http-factory-guzzle": "^1.0", + "php-http/curl-client": "^1.0|^2.0", + "sentry/sentry": "^2.1.3" + }, + "type": "metapackage", + "notification-url": "https://packagist.org/downloads/", + "license": ["MIT"], + "authors": [ + { + "name": "Sentry", + "email": "accounts@sentry.io" + } + ], + "description": "This is a metapackage shipping sentry/sentry with a recommended http client.", + "time": "2019-09-09T19:54:44+00:00" + } + ], + "packages-dev": [], + "aliases": [], + "minimum-stability": "dev", + "stability-flags": [], + "prefer-stable": true, + "prefer-lowest": false, + "platform": { + "php": "^7.1.3" + }, + "platform-dev": [] +} diff --git a/cmd/osv-scanner/fixtures/config-invalid/osv-scanner.toml b/cmd/osv-scanner/fixtures/config-invalid/osv-scanner.toml new file mode 100644 index 00000000000..cdf4cb4feba --- /dev/null +++ b/cmd/osv-scanner/fixtures/config-invalid/osv-scanner.toml @@ -0,0 +1 @@ +! diff --git a/cmd/osv-scanner/main_test.go b/cmd/osv-scanner/main_test.go index b33522bfe13..899150473cc 100644 --- a/cmd/osv-scanner/main_test.go +++ b/cmd/osv-scanner/main_test.go @@ -318,6 +318,17 @@ func TestRun(t *testing.T) { args: []string{"", "--config=./fixtures/osv-scanner-composite-config.toml", "--experimental-licenses", "MIT", "./fixtures/locks-many", "./fixtures/locks-insecure"}, exit: 1, }, + // invalid config file + { + name: "config file is invalid", + args: []string{"", "./fixtures/config-invalid"}, + exit: 127, + }, + { + name: "config file is invalid", + args: []string{"", "--verbosity", "verbose", "./fixtures/config-invalid"}, + exit: 127, + }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { diff --git a/pkg/config/config.go b/pkg/config/config.go index e95bee3918e..05c23b5e9bf 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -1,6 +1,7 @@ package config import ( + "errors" "fmt" "os" "path/filepath" @@ -175,6 +176,11 @@ func (c *ConfigManager) Get(r reporter.Reporter, targetPath string) Config { if configErr == nil { r.Infof("Loaded filter from: %s\n", config.LoadPath) } else { + // anything other than the config file not existing is most likely due to an invalid config file + if !errors.Is(configErr, os.ErrNotExist) { + r.Errorf("Ignored invalid config file at: %s\n", configPath) + r.Verbosef("Config file %s is invalid because: %v\n", configPath, configErr) + } // If config doesn't exist, use the default config config = c.DefaultConfig } @@ -211,12 +217,12 @@ func tryLoadConfig(configPath string) (Config, error) { _, err := toml.NewDecoder(file).Decode(&config) if err != nil { - return Config{}, fmt.Errorf("failed to parse config file: %w", err) + return Config{}, err } config.LoadPath = configPath return config, nil } - return Config{}, fmt.Errorf("no config file found on this path: %s", configPath) + return Config{}, err }