diff --git a/engine/engine.go b/engine/engine.go index d4172111..630e78ab 100644 --- a/engine/engine.go +++ b/engine/engine.go @@ -432,9 +432,12 @@ func (r *ruleEngine) createViolation(ctx context.Context, conditionResponse Cond for _, cv := range rule.CustomVariables { match := cv.Pattern.FindStringSubmatch(originalCodeSnip) - if cv.NameOfCaptureGroup != "" && cv.Pattern.SubexpIndex(cv.NameOfCaptureGroup) < len(match) { + if cv.NameOfCaptureGroup != "" && cv.Pattern.SubexpIndex(cv.NameOfCaptureGroup) >= 0 && + cv.Pattern.SubexpIndex(cv.NameOfCaptureGroup) < len(match) { + m.Variables[cv.Name] = strings.TrimSpace(match[cv.Pattern.SubexpIndex(cv.NameOfCaptureGroup)]) continue + } else { switch len(match) { case 0: diff --git a/provider/internal/java/dependency.go b/provider/internal/java/dependency.go index 3314126d..4d83d87b 100644 --- a/provider/internal/java/dependency.go +++ b/provider/internal/java/dependency.go @@ -10,6 +10,7 @@ import ( "os" "os/exec" "path/filepath" + "reflect" "regexp" "strings" @@ -111,6 +112,10 @@ func (p *javaServiceClient) GetDependenciesFallback(ctx context.Context, locatio if err != nil { return nil, err } + // If the pom object is empty then parse failed silently. + if reflect.DeepEqual(*pom, gopom.Project{}) { + return nil, nil + } // have to get both and dependencies (if present) var pomDeps []gopom.Dependency @@ -125,6 +130,9 @@ func (p *javaServiceClient) GetDependenciesFallback(ctx context.Context, locatio // add each dependency found for _, d := range pomDeps { + if d.GroupID == nil || d.Version == nil || d.ArtifactID == nil { + continue + } dep := provider.Dep{} dep.Name = fmt.Sprintf("%s.%s", *d.GroupID, *d.ArtifactID) if *d.Version != "" {