From 2111e7db18d073aa527656c407721e0175f2fc27 Mon Sep 17 00:00:00 2001 From: Rex P Date: Thu, 18 May 2023 13:27:50 +1000 Subject: [PATCH 1/3] Request user agent --- pkg/osv/osv.go | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/pkg/osv/osv.go b/pkg/osv/osv.go index 134d09428f..1b3e7a9c67 100644 --- a/pkg/osv/osv.go +++ b/pkg/osv/osv.go @@ -146,7 +146,14 @@ func MakeRequestWithClient(request BatchedQuery, client *http.Client) (*BatchedR resp, err := makeRetryRequest(func() (*http.Response, error) { // We do not need a specific context //nolint:noctx - return client.Post(QueryEndpoint, "application/json", requestBuf) + req, err := http.NewRequest(http.MethodPost, QueryEndpoint, requestBuf) + if err != nil { + return nil, err + } + req.Header.Set("Content-Type", "application/json") + req.Header.Set("User-Agent", "osv-scanner") + + return client.Do(req) }) if err != nil { return nil, err @@ -179,8 +186,13 @@ func Get(id string) (*models.Vulnerability, error) { // client. func GetWithClient(id string, client *http.Client) (*models.Vulnerability, error) { resp, err := makeRetryRequest(func() (*http.Response, error) { - //nolint:noctx - return client.Get(GetEndpoint + "/" + id) + req, err := http.NewRequest(http.MethodGet, GetEndpoint+"/"+id, nil) + if err != nil { + return nil, err + } + req.Header.Set("User-Agent", "osv-scanner") + + return client.Do(req) }) if err != nil { return nil, err From fe80e8ad53e5d2df5221ef04bfecea1384749dfd Mon Sep 17 00:00:00 2001 From: Rex P Date: Thu, 18 May 2023 13:59:08 +1000 Subject: [PATCH 2/3] Global variable to set user agent --- cmd/osv-scanner/main.go | 3 +++ pkg/osv/osv.go | 10 ++++++++-- pkg/osvscanner/osvscanner.go | 4 ++++ 3 files changed, 15 insertions(+), 2 deletions(-) diff --git a/cmd/osv-scanner/main.go b/cmd/osv-scanner/main.go index 8fc7989a72..ea0569e361 100644 --- a/cmd/osv-scanner/main.go +++ b/cmd/osv-scanner/main.go @@ -6,6 +6,7 @@ import ( "io" "os" + "github.com/google/osv-scanner/pkg/osv" "github.com/google/osv-scanner/pkg/osvscanner" "github.com/google/osv-scanner/pkg/reporter" @@ -27,6 +28,8 @@ func run(args []string, stdout, stderr io.Writer) int { r.PrintText(fmt.Sprintf("osv-scanner version: %s\ncommit: %s\nbuilt at: %s\n", ctx.App.Version, commit, date)) } + osv.RequestUserAgent = "osv-scanner/" + version + app := &cli.App{ Name: "osv-scanner", Version: version, diff --git a/pkg/osv/osv.go b/pkg/osv/osv.go index 1b3e7a9c67..bfe35a697d 100644 --- a/pkg/osv/osv.go +++ b/pkg/osv/osv.go @@ -28,6 +28,8 @@ const ( maxConcurrentRequests = 25 ) +var RequestUserAgent = "" + // Package represents a package identifier for OSV. type Package struct { PURL string `json:"purl,omitempty"` @@ -151,7 +153,9 @@ func MakeRequestWithClient(request BatchedQuery, client *http.Client) (*BatchedR return nil, err } req.Header.Set("Content-Type", "application/json") - req.Header.Set("User-Agent", "osv-scanner") + if RequestUserAgent != "" { + req.Header.Set("User-Agent", RequestUserAgent) + } return client.Do(req) }) @@ -190,7 +194,9 @@ func GetWithClient(id string, client *http.Client) (*models.Vulnerability, error if err != nil { return nil, err } - req.Header.Set("User-Agent", "osv-scanner") + if RequestUserAgent != "" { + req.Header.Set("User-Agent", RequestUserAgent) + } return client.Do(req) }) diff --git a/pkg/osvscanner/osvscanner.go b/pkg/osvscanner/osvscanner.go index 5b667a57f1..586b258889 100644 --- a/pkg/osvscanner/osvscanner.go +++ b/pkg/osvscanner/osvscanner.go @@ -536,6 +536,10 @@ func DoScan(actions ScannerActions, r reporter.Reporter) (models.VulnerabilityRe return models.VulnerabilityResults{}, NoPackagesFoundErr } + if osv.RequestUserAgent == "" { + osv.RequestUserAgent = "osv-scanner-api" + } + resp, err := osv.MakeRequest(query) if err != nil { return models.VulnerabilityResults{}, fmt.Errorf("scan failed %w", err) From bff474ba2e69f0fb335be9d77bb49252dffb3ac2 Mon Sep 17 00:00:00 2001 From: Rex P Date: Thu, 18 May 2023 14:09:13 +1000 Subject: [PATCH 3/3] Fix lints --- pkg/osv/osv.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkg/osv/osv.go b/pkg/osv/osv.go index bfe35a697d..8e7e503f74 100644 --- a/pkg/osv/osv.go +++ b/pkg/osv/osv.go @@ -190,6 +190,8 @@ func Get(id string) (*models.Vulnerability, error) { // client. func GetWithClient(id string, client *http.Client) (*models.Vulnerability, error) { resp, err := makeRetryRequest(func() (*http.Response, error) { + // We do not need a specific context + //nolint:noctx req, err := http.NewRequest(http.MethodGet, GetEndpoint+"/"+id, nil) if err != nil { return nil, err