nancy:chore - Error not handled by Horusec in Nancy tool

**- What I did**
The nancy tool requires access to the Github API's, but when accessed several times without an identification
it is blocked until the user identifies himself using an authentication token that can be generated via Github,
so I created a validation for this scenario and the user can add this environment variable before starting an analysis.
**- How to verify it**
Run many times GoLang project and see follow error:
```bash
Invalid character 'E' looking for beginning of value
```
**- Description for the changelog**
Error not handled by Horusec in Nancy tool [#905](#905)

Signed-off-by: wilian <wilian.silva@zup.com.br>

internal/helpers/messages/error.go

@@ -39,6 +39,13 @@ const (
 	MsgErrorGemLockNotFound = "{HORUSEC_CLI} Error It looks like your project doesn't have a gemfile.lock file, " +
 		"it would be a good idea to commit it so horusec can check for vulnerabilities"
 	MsgErrorGetFilenameByExt = "Could not get filename by extension: "
+	MsgErrorNancyRateLimit  = `{HORUSEC_CLI} Error when run Nancy tool because Failed to query the GitHub API for updates.
+This is most likely due to GitHub rate-limiting on unauthenticated requests.
+To make authenticated requests please:
+  1. Generate a token at https://github.com/settings/tokens
+  2. Set the token by setting the GITHUB_TOKEN environment variable.
+Instructions for generating a token can be found at:
+https://help.github.com/articles/creating-a-personal-access-token-for-the-command-line/`
 )
 
 // Block of messages usage into log of the level error

internal/services/formatters/go/nancy/formatter.go

@@ -16,6 +16,7 @@ package nancy
 
 import (
 	"encoding/json"
+	"errors"
 	"path/filepath"
 	"strings"
 
@@ -34,8 +35,10 @@ import (
 )
 
 const (
-	goModulesExt = ".mod"
-	goSumExt     = ".sum"
+	goModulesExt        = ".mod"
+	goSumExt            = ".sum"
+	rateLimitValidation = "this is most likely due to github rate-limiting on unauthenticated requests"
+	rateLimitPrefix     = "failed to query the github api for updates"
 )
 
 type Formatter struct {
@@ -66,10 +69,13 @@ func (f *Formatter) startNancy(projectSubPath string) (string, error) {
 	if err != nil {
 		return output, err
 	}
-
 	if output == "" {
 		return output, nil
 	}
+	if strings.HasPrefix(strings.ToLower(output), rateLimitPrefix) &&
+		strings.Contains(strings.ToLower(output), rateLimitValidation) {
+		return "", errors.New(messages.MsgErrorNancyRateLimit)
+	}
 
 	return output, f.processOutput(output, projectSubPath)
 }

internal/services/formatters/go/nancy/formatter_test.go

@@ -108,6 +108,23 @@ func TestParseOutput(t *testing.T) {
 		assert.True(t, analysis.HasErrors(), "Expected errors on analysis")
 	})
 
+	t.Run("should add error on analysis when output return rate limit requests", func(t *testing.T) {
+		analysis := new(analysis.Analysis)
+
+		cfg := config.New()
+
+		dockerAPIControllerMock := testutil.NewDockerMock()
+		dockerAPIControllerMock.On("SetAnalysisID")
+		dockerAPIControllerMock.On("CreateLanguageAnalysisContainer").Return(outputRateLimit, nil)
+
+		service := formatters.NewFormatterService(analysis, dockerAPIControllerMock, cfg)
+
+		formatter := NewFormatter(service)
+		formatter.StartAnalysis("")
+
+		assert.True(t, analysis.HasErrors(), "Expected errors on analysis")
+	})
+
 	t.Run("should add error on analysis when something went wrong executing container", func(t *testing.T) {
 		analysis := new(analysis.Analysis)
 
@@ -221,3 +238,51 @@ const output = `
   ]
 }
 `
+
+const outputRateLimit = `Failed to query the GitHub API for updates.
+
+This is most likely due to GitHub rate-limiting on unauthenticated requests.
+
+To make authenticated requests please:
+
+  1. Generate a token at https://github.com/settings/tokens
+  2. Set the token by either adding it to your ~/.gitconfig or
+     setting the GITHUB_TOKEN environment variable.
+
+Instructions for generating a token can be found at:
+https://help.github.com/articles/creating-a-personal-access-token-for-the-command-line/
+
+We call the GitHub releases API to look for new releases.
+More information about that API can be found here: https://developer.github.com/v3/repos/releases/
+
+: Get \"https://api.github.com/repos/sonatype-nexus-community/nancy/releases\": net/http: TLS handshake timeout
+
+For more information, check the log file at /root/.ossindex/nancy.combined.log
+nancy version: 1.0.28
+
+Usage:
+  nancy sleuth [flags]
+
+Examples:
+  go list -json -deps | nancy sleuth --username your_user --token your_token
+  nancy sleuth -p Gopkg.lock --username your_user --token your_token
+
+Flags:
+  -e, --exclude-vulnerability CveListFlag   Comma separated list of CVEs or OSS Index IDs to exclude (default [])
+  -x, --exclude-vulnerability-file string   Path to a file containing newline separated CVEs or OSS Index IDs to be excluded (default \"./.nancy-ignore\")
+  -h, --help                                help for sleuth
+  -n, --no-color                            indicate output should not be colorized
+  -o, --output string                       Styling for output format. json, json-pretty, text, csv (default \"text\")
+
+Global Flags:
+  -v, -- count                 Set log level, multiple v's is more verbose
+  -d, --db-cache-path string   Specify an alternate path for caching responses from OSS Inde, example: /tmp
+      --loud                   indicate output should include non-vulnerable packages
+  -p, --path string            Specify a path to a dep Gopkg.lock file for scanning
+  -q, --quiet                  indicate output should contain only packages with vulnerabilities (default true)
+      --skip-update-check      Skip the check for updates.
+  -t, --token string           Specify OSS Index API token for request
+  -u, --username string        Specify OSS Index username for request
+  -V, --version                Get the version
+
+go list -m: dmitri.shuralyov.com/gpu/mtl@v0.0.0-20190408044501-666a987793e9: Get \"https://proxy.golang.org/dmitri.shuralyov.com/gpu/mtl/@v/v0.0.0-20190408044501-666a987793e9.mod\": net/http: TLS handshake timeout`