Merge pull request #247 from anchore/suppress-token-error

Suppress version constraint token scanner errors
anchore · Mar 15, 2021 · ec1f11f · ec1f11f
2 parents 75c0d36 + c9f64e4
commit ec1f11f
Showing 1 changed file with 14 additions and 0 deletions.
diff --git a/grype/version/constraint_expression.go b/grype/version/constraint_expression.go
@@ -95,6 +95,20 @@ func scanExpression(phrase string) ([][]string, error) {
 	}
 
 	scnr.Init(strings.NewReader(phrase))
+
+	scnr.Error = func(*scanner.Scanner, string) {
+		// scanner has the ability to invoke a callback upon tokenization errors. By default, if no handler is provided
+		// then errors are printed to stdout. This handler is provided to suppress this output.
+
+		// Suppressing these errors is not a problem in this case since the scanExpression function should see all tokens
+		// and accumulate them as part of a version value if it is not a token of interest. The text/scanner splits on
+		// a pre-configured set of "common" tokens (which we cannot provide). We are only interested in a sub-set of
+		// these tokens, thus allow for input that would seemingly be invalid for this common set of tokens.
+		// For example, the scanner finding `3.e` would interpret this as a float with no valid exponent. However,
+		// this function accumulates all tokens into the version component (and versions are not guaranteed to have
+		// valid tokens).
+	}
+
 	tokenRune := scnr.Scan()
 	for tokenRune != scanner.EOF {
 		currentToken := scnr.TokenText()