- Added more safeguards and comments to the private getDefaultProvide…

…rs() function in syft/pkg/cataloger/dotnet.
anchore · Oct 15, 2024 · c75d7b6 · c75d7b6
1 parent 68fbe0c
commit c75d7b6
Showing 1 changed file with 12 additions and 1 deletion.
diff --git a/syft/pkg/cataloger/dotnet/config.go b/syft/pkg/cataloger/dotnet/config.go
@@ -107,6 +107,11 @@ func getDefaultProviders() string {
 						packageSource := strings.TrimSpace(line[2:])
 						if strings.HasPrefix(packageSource, "https://") {
 							found := false
+							for _, knownSource := range packageSources {
+								if packageSource == knownSource {
+									found = true
+								}
+							}
 							if !found {
 								packageSources = append(packageSources, packageSource)
 							}
@@ -119,13 +124,19 @@ func getDefaultProviders() string {
 	cancel()
 	if len(packageSources) > 0 {
 		providers := []string{}
+		httpClient := &http.Client{
+			Timeout: time.Second * 5,
+		}
 		for _, packageSource := range packageSources {
-			if response, err := http.Get(packageSource); err == nil && response.StatusCode == http.StatusOK {
+			// Test the availability of the external package providers
+			if response, err := httpClient.Get(packageSource); err == nil && response.StatusCode == http.StatusOK {
 				apiData, err := io.ReadAll(response.Body)
 				response.Body.Close()
+
 				if err == nil {
 					api := sourceApi{}
 					if err = json.Unmarshal(apiData, &api); err == nil {
+						// Find all (NuGet) package resources of the API
 						for _, apiResource := range api.Resources {
 							if strings.HasSuffix(apiResource.ID, "/package") {
 								providers = append(providers, apiResource.ID)