From 6bc4850596d1d82fbf208057b5118436f46d0b6f Mon Sep 17 00:00:00 2001
From: MaineK00n <mainek00n.1229@gmail.com>
Date: Sun, 26 Dec 2021 07:53:18 +0900
Subject: [PATCH] fix(detector/ospkg): Skip OVAL/gost search when the number of
 packages is 0 (#1343)

* fix(detector/ospkg): Skip OVAL/gost search when the number of packages is 0

* chore: easy refactoring
---
 detector/detector.go  | 26 +++++++++++++++-----------
 detector/util.go      |  5 +----
 models/scanresults.go |  1 -
 3 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/detector/detector.go b/detector/detector.go
index 908b47b3..dd1e7074 100644
--- a/detector/detector.go
+++ b/detector/detector.go
@@ -208,19 +208,23 @@ func Detect(rs []models.ScanResult, dir string) ([]models.ScanResult, error) {
 func DetectPkgCves(r *models.ScanResult, ovalCnf config.GovalDictConf, gostCnf config.GostConf) error {
 	// Pkg Scan
 	if r.Release != "" {
-		// OVAL, gost(Debian Security Tracker) does not support Package for Raspbian, so skip it.
-		if r.Family == constant.Raspbian {
-			r = r.RemoveRaspbianPackFromResult()
-		}
+		if len(r.Packages)+len(r.SrcPackages) > 0 {
+			// OVAL, gost(Debian Security Tracker) does not support Package for Raspbian, so skip it.
+			if r.Family == constant.Raspbian {
+				r = r.RemoveRaspbianPackFromResult()
+			}
 
-		// OVAL
-		if err := detectPkgsCvesWithOval(ovalCnf, r); err != nil {
-			return xerrors.Errorf("Failed to detect CVE with OVAL: %w", err)
-		}
+			// OVAL
+			if err := detectPkgsCvesWithOval(ovalCnf, r); err != nil {
+				return xerrors.Errorf("Failed to detect CVE with OVAL: %w", err)
+			}
 
-		// gost
-		if err := detectPkgsCvesWithGost(gostCnf, r); err != nil {
-			return xerrors.Errorf("Failed to detect CVE with gost: %w", err)
+			// gost
+			if err := detectPkgsCvesWithGost(gostCnf, r); err != nil {
+				return xerrors.Errorf("Failed to detect CVE with gost: %w", err)
+			}
+		} else {
+			logging.Log.Infof("Number of packages is 0. Skip OVAL and gost detection")
 		}
 	} else if reuseScannedCves(r) {
 		logging.Log.Infof("r.Release is empty. Use CVEs as it as.")
diff --git a/detector/util.go b/detector/util.go
index 845a808a..11a914f6 100644
--- a/detector/util.go
+++ b/detector/util.go
@@ -26,10 +26,7 @@ func reuseScannedCves(r *models.ScanResult) bool {
 	case constant.FreeBSD, constant.Raspbian:
 		return true
 	}
-	if isTrivyResult(r) {
-		return true
-	}
-	return false
+	return isTrivyResult(r)
 }
 
 func isTrivyResult(r *models.ScanResult) bool {
diff --git a/models/scanresults.go b/models/scanresults.go
index 6500e619..8b657318 100644
--- a/models/scanresults.go
+++ b/models/scanresults.go
@@ -309,7 +309,6 @@ func (r ScanResult) RemoveRaspbianPackFromResult() *ScanResult {
 	for _, pack := range r.SrcPackages {
 		if !IsRaspbianPackage(pack.Name, pack.Version) {
 			srcPacks[pack.Name] = pack
-
 		}
 	}