false positive with loop

[mpldr]

	var file *http.Response
	for _, url := range urlsToTry {
		file, err = http.Get(url)
		if err == nil {
			break
		}
	}
	if err != nil {
		return nil, fmt.Errorf("failed to get config: %w", err)
	}

	cfg := &wellKnownFile{}
	err = json.NewDecoder(file.Body).Decode(cfg)
	if err != nil {
		return nil, fmt.Errorf("failed to parse config: %w", err)
	}

/home/moritz/Projects/oidc/configuration.go:63:24: error: Potential nil panic detected. Observed nil flow from source to dereference point: 
	-> http/client.go:644:12: unassigned variable `resp` returned from `do()` in position 0
	-> http/client.go:590:9: result 0 of `do()` returned from `Do()` in position 0
	-> http/client.go:488:9: result 0 of `Do()` returned from `Get()` in position 0
	-> http/client.go:457:9: result 0 of `Get()` returned from `Get()` in position 0
	-> oidc/configuration.go:63:24: result 0 of `Get()` accessed field `Body`

err = json.NewDecoder(file.Body).Decode(cfg) is (to my understanding) well-guarded.

[napkindrawing]

I believe the submitter is incorrect, if urlsToTry is empty and the loop body never executes, then file is never assigned.

[mpldr]

Sorry, I should have clarified: urlsToTry is always set to have two elements. Both of which are guaranteed to be valid URLs through the url.URL type. But even if that was possible, the trace would be wrong for that case.