fix: address Copilot review on PR #2476

kotakanbe · claude · kotakanbe · commit 7921854745c4 · 2026-03-18T09:13:37.000+09:00
- Return parse errors from AnalyzeLibrary instead of silently swallowing
  them. Caller (scanLibraries) logs warning and continues to next file.
- Use io.SeekEnd/io.SeekStart instead of magic numbers in JAR parser.
- Golden test treats parse errors as empty result (matches production
  behavior where scanLibraries warns and continues).

Co-Authored-By: Claude Opus 4.6 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/scanner/analyze_golden_test.go b/scanner/analyze_golden_test.go
@@ -143,7 +143,11 @@ func TestAnalyzeLibrary_Golden(t *testing.T) {
 
 			got, err := AnalyzeLibrary(context.Background(), lf.path, contents, lf.filemode, true)
 			if err != nil {
-				t.Fatalf("AnalyzeLibrary(%s) error: %v", lf.path, err)
+				// Some fixtures (e.g. pnpm v8) produce parse errors.
+				// In production, scanLibraries logs a warning and continues.
+				// Treat parse errors as empty result for golden comparison.
+				t.Logf("AnalyzeLibrary(%s) returned error (treated as empty): %v", lf.path, err)
+				got = nil
 			}
 
 			gotJSON, err := json.MarshalIndent(normalizeResult(got), "", "  ")
diff --git a/scanner/base.go b/scanner/base.go
@@ -721,7 +721,8 @@ func (l *base) scanLibraries() (err error) {
 
 		libraryScanners, err := AnalyzeLibrary(context.Background(), abspath, contents, filemode, l.ServerInfo.Mode.IsOffline())
 		if err != nil {
-			return xerrors.Errorf("Failed to analyze library. err: %w, filepath: %s", err, abspath)
+			l.log.Warnf("Failed to analyze library %s: %+v", abspath, err)
+			continue
 		}
 		for _, libscanner := range libraryScanners {
 			libscanner.LockfilePath = abspath
@@ -744,8 +745,7 @@ func AnalyzeLibrary(ctx context.Context, path string, contents []byte, filemode
 
 	app, err := parseByType(ctx, pt, path, r, isOffline)
 	if err != nil {
-		logging.Log.Debugf("Failed to parse %s (type=%s): %+v", path, pt, err)
-		return nil, nil
+		return nil, xerrors.Errorf("Failed to parse %s (type=%s): %w", path, pt, err)
 	}
 	if app == nil {
 		return nil, nil
diff --git a/scanner/trivy/jar/jar.go b/scanner/trivy/jar/jar.go
@@ -1,18 +1,20 @@
 package jar
 
 import (
+	"io"
+
 	"github.com/aquasecurity/trivy/pkg/fanal/types"
 	xio "github.com/aquasecurity/trivy/pkg/x/io"
 	"golang.org/x/xerrors"
 )
 
 // ParseJAR parses a JAR/WAR/EAR/PAR file and returns the detected libraries.
 func ParseJAR(filePath string, r xio.ReadSeekerAt) (*types.Application, error) {
-	size, err := r.Seek(0, 2) // seek to end to get size
+	size, err := r.Seek(0, io.SeekEnd)
 	if err != nil {
 		return nil, xerrors.Errorf("Failed to get size of %s: %w", filePath, err)
 	}
-	if _, err := r.Seek(0, 0); err != nil { // seek back to start
+	if _, err := r.Seek(0, io.SeekStart); err != nil {
 		return nil, xerrors.Errorf("Failed to seek %s: %w", filePath, err)
 	}
 
