Wrap tmpRoot removal in a defer instead

Signed-off-by: egibs <[email protected]>
chainguard-dev · Dec 17, 2024 · a15f3e5 · a15f3e5
1 parent 54591c7
commit a15f3e5
Showing 1 changed file with 6 additions and 8 deletions.
diff --git a/pkg/action/scan.go b/pkg/action/scan.go
@@ -497,6 +497,12 @@ func processArchive(ctx context.Context, c malcontent.Config, rfs []fs.FS, archi
 	if err != nil {
 		return nil, fmt.Errorf("extract to temp: %w", err)
 	}
+	// Ensure that tmpRoot is removed before returning
+	defer func() {
+		if err := os.RemoveAll(tmpRoot); err != nil {
+			logger.Errorf("remove %s: %v", tmpRoot, err)
+		}
+	}()
 	// macOS will prefix temporary directories with `/private`
 	// update tmpRoot with this prefix to allow strings.TrimPrefix to work
 	if runtime.GOOS == "darwin" {
@@ -511,21 +517,13 @@ func processArchive(ctx context.Context, c malcontent.Config, rfs []fs.FS, archi
 	for _, extractedFilePath := range extractedPaths {
 		fr, err := processFile(ctx, c, rfs, extractedFilePath, archivePath, tmpRoot, logger)
 		if err != nil {
-			// Ensure we clean up the extracted file path after any error
-			if err := os.RemoveAll(extractedFilePath); err != nil {
-				logger.Errorf("remove %s: %v", tmpRoot, err)
-			}
 			return nil, err
 		}
 		if fr != nil {
 			// Store a clean reprepsentation of the archive's scanned file to match single file scanning behavior
 			clean := strings.TrimPrefix(extractedFilePath, tmpRoot)
 			frs.Store(clean, fr)
 		}
-		// Clean up the extracted file path after processing
-		if err := os.RemoveAll(extractedFilePath); err != nil {
-			logger.Errorf("remove %s: %v", tmpRoot, err)
-		}
 	}
 	// Remove the temporary parent path after all files are processed to clean up any remaining files
 	if err := os.RemoveAll(tmpRoot); err != nil {