Error not handled by Horusec in Nancy tool

[wiliansilvazup]

What happened:
When run horusec in version v2.7.0-beta.3 on the folder examples, with the command: horusec start -p . and on the result of the errors was:

Invalid character 'E' looking for beginning of value

Since the error is not very descriptive, I tried to increase the logging level using the flag --log-level debug and I found this error:

time="2021-12-28T09:41:15Z" level=debug msg="{HORUSEC_CLI} Something error went wrong in Nancy tool | analysisID -> 2822a476-bd23-4785-a49c-779f92d8b1d5 | output -> Error: Failed to query the GitHub API for updates.

This is most likely due to GitHub rate-limiting on unauthenticated requests.

To make authenticated requests please:

  1. Generate a token at https://github.com/settings/tokens
  2. Set the token by either adding it to your ~/.gitconfig or
     setting the GITHUB_TOKEN environment variable.

Instructions for generating a token can be found at:
https://help.github.com/articles/creating-a-personal-access-token-for-the-command-line/

We call the GitHub releases API to look for new releases.
More information about that API can be found here: https://developer.github.com/v3/repos/releases/

: Get \"https://api.github.com/repos/sonatype-nexus-community/nancy/releases\": net/http: TLS handshake timeout

For more information, check the log file at /root/.ossindex/nancy.combined.log
nancy version: 1.0.28

Usage:
  nancy sleuth [flags]

Examples:
  go list -json -deps | nancy sleuth --username your_user --token your_token
  nancy sleuth -p Gopkg.lock --username your_user --token your_token

Flags:
  -e, --exclude-vulnerability CveListFlag   Comma separated list of CVEs or OSS Index IDs to exclude (default [])
  -x, --exclude-vulnerability-file string   Path to a file containing newline separated CVEs or OSS Index IDs to be excluded (default \"./.nancy-ignore\")
  -h, --help                                help for sleuth
  -n, --no-color                            indicate output should not be colorized
  -o, --output string                       Styling for output format. json, json-pretty, text, csv (default \"text\")

Global Flags:
  -v, -- count                 Set log level, multiple v's is more verbose
  -d, --db-cache-path string   Specify an alternate path for caching responses from OSS Inde, example: /tmp
      --loud                   indicate output should include non-vulnerable packages
  -p, --path string            Specify a path to a dep Gopkg.lock file for scanning
  -q, --quiet                  indicate output should contain only packages with vulnerabilities (default true)
      --skip-update-check      Skip the check for updates.
  -t, --token string           Specify OSS Index API token for request
  -u, --username string        Specify OSS Index username for request
  -V, --version                Get the version

go list -m: dmitri.shuralyov.com/gpu/mtl@v0.0.0-20190408044501-666a987793e9: Get \"https://proxy.golang.org/dmitri.shuralyov.com/gpu/mtl/@v/v0.0.0-20190408044501-666a987793e9.mod\": net/http: TLS handshake timeout
 - invalid character 'E' looking for beginning of value"

Then I added this environment variable GITHUB_TOKEN with the value created in my github account. And this error is not shown again. Maybe you can create some treatment to make it easier for users to correct this problem

What you expected to happen:

• Error more descriptive when Nancy tool report error if is necessary usage GITHUB_TOKEN environment variable on default log level.

Environment:

• Horusec version (use horusec version): v2.7.0-beta.3
• Operating System: Ubuntu 20.04