From 5ffec671a63cb9abc2903a99644e1a7a4d8c82ea Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Thomas=20Str=C3=B6mberg?= <t+github@chainguard.dev>
Date: Fri, 18 Oct 2024 13:44:20 -0400
Subject: [PATCH] error if an invalid value is passed to --min-*risk (#531)

---
 cmd/mal/mal.go | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/cmd/mal/mal.go b/cmd/mal/mal.go
index 9a54f478..52815932 100644
--- a/cmd/mal/mal.go
+++ b/cmd/mal/mal.go
@@ -149,13 +149,25 @@ func main() {
 			ignoreTags := strings.Split(ignoreTagsFlag, ",")
 			includeDataFiles := includeDataFilesFlag
 
-			minRisk := riskMap[minRiskFlag]
+			minRisk, exists := riskMap[minRiskFlag]
+			if !exists {
+				log.Errorf("unknown risk: %q", minRiskFlag)
+				returnCode = ExitInvalidArgument
+				return nil
+			}
+
 			// Backwards compatibility
 			if minLevelFlag != -1 {
 				minRisk = minLevelFlag
 			}
 
-			minFileRisk := riskMap[minFileRiskFlag]
+			minFileRisk, exists := riskMap[minFileRiskFlag]
+			if !exists {
+				log.Errorf("unknown risk: %q", minFileRiskFlag)
+				returnCode = ExitInvalidArgument
+				return nil
+			}
+
 			// Backwards compatibility
 			if minFileLevelFlag != -1 {
 				minFileRisk = minFileLevelFlag