rhel: Fix error swallowing in PackageScanner #1715
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
guzalv
force-pushed
the
fix-rhel-packagescanner-error-swallowing
branch
3 times, most recently
from
fe573aa to
0daa140
Compare
guzalv
changed the title
guzalv
force-pushed
the
fix-rhel-packagescanner-error-swallowing
branch
from
a396676 to
78ef7d0
Compare
Contributor
Author
Automated comment from CodeApprove ➜⏳ @crozzy please review this Pull Request |
Fix bug where filesystem walk errors from rpm.FindDBs were silently swallowed. The defer attempted to modify a local 'err' variable but couldn't affect the returned error value due to unnamed return params. Changed function signature to use named return parameters matching the pattern in rpm.Scanner. This allows the defer to modify the returned error value. Using a bare return statement makes it clear that the defer will set the final error value. The bug caused PackageScanner to return ([], nil) when encountering filesystem errors (e.g., from zombie processes in /proc), instead of properly propagating the error. Signed-off-by: Guzman <guz@redhat.com>
guzalv
force-pushed
the
fix-rhel-packagescanner-error-swallowing
branch
from
78ef7d0 to
f9b3bf0
Compare
crozzy
approved these changes
Jan 2, 2026
Contributor
crozzy
left a comment
crozzy
left a comment
There was a problem hiding this comment.
Automated comment from CodeApprove ➜
✔️ Approved
Thanks for this, LGTM
👀 @guzalv it's your turn please take a look
Contributor
|
/fast-forward |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
This PR fixes a bug in
rhel.PackageScanner.Scanwhere filesystem walk errors fromrpm.FindDBswere silently swallowed, causing the function to return([], nil)instead of propagating errors.Details
The function used unnamed return parameters with a defer that attempted to modify the error return value, however the code was returning explicit
nil.When
rpm.FindDBs()encounters filesystem errors (real example: when zombie processes exist in the system andFindDBstraverses/proc, see ROX-32459), the walk terminates early but the error is lost. This causes scanners to silently skip packages instead of reporting the error.Solution
Changed the function signature to use named return parameters, matching the pattern in
rpm.Scanner.Scan.Testing
Built Stackrox's roxagent with these changes and verified that it throws an error when the DB cannot be found due to filesystem-related errors, rather than silently skipping it and generating empty reports: