🧹 Prevent panic for unsupported operating systems

[czunker]

Follow-up to #4008

[czunker]

I tested this, by removing the linux filter from the sbom policy and run it on my local linux system:

→ discover related assets for 1 asset(s)
FTL failed to parse bom error="no data points found"
Process 111189 has exited with status 1

[github-actions]

Test Results

2 993 tests   2 992 ✅  1m 28s ⏱️
  329 suites      1 💤
   23 files        0 ❌

Results for commit 9c766e2.

♻️ This comment has been updated with latest results.

[chris-rock]

If we have no data points, this is not an error in the conversion. We should just return the current constructed bom then without any additional package data.

[czunker]

When the operating system is not supported, the complete sbom query pack is not executed and we don't have any data:

→ discover related assets for 1 asset(s)

Process 158394 has exited with status 0

Shouldn't we at least show some info?

[chris-rock]

Great idea. What we could do is, we set the error state, add a message and at least fill in the asset information. Here is the failed state https://github.com/mondoohq/cnquery/blob/main/sbom/sbom.proto#L38 that we can set here https://github.com/mondoohq/cnquery/blob/main/sbom/sbom.proto#L65. We can set the error message here https://github.com/mondoohq/cnquery/blob/main/sbom/sbom.proto#L81

[chris-rock]

I think we want to store the error in the report but not error the report generation.

[czunker]

This way the CLI still does not show any error, but the json output includes it:

{
  "generator": {
    "vendor": "Mondoo, Inc.",
    "name": "cnquery",
    "url": "https://mondoo.com"
  },
  "timestamp": "2024-05-21T08:31:32Z",
  "status": 3,
  "asset": {
    "name": "X1",
    "platform": {}
  },
  "error_message": "no data points found"
}

[chris-rock]

Thank you for the updated error handling.