From 7ef3b34588751cd20d4b00eb7d754924684f8bae Mon Sep 17 00:00:00 2001
From: Leonardo Fontes
 <77800309+LeonardoLordelloFontes@users.noreply.github.com>
Date: Mon, 11 Nov 2024 15:22:55 +0000
Subject: [PATCH] fix: edge case where scan never completes (#258)

---
 Dockerfile     | 2 +-
 plugins/git.go | 6 ++++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index cb3d2692..885b7180 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -20,7 +20,7 @@ COPY . .
 RUN GOOS=linux GOARCH=amd64 go build -ldflags="-s -w" -a -o /app/2ms .
 
 # Runtime image
-FROM cgr.dev/chainguard/git@sha256:0663e8c8a5c6fcad6cc2c08e7668d7b46f7aee025a923cee19f69475e187752a
+FROM cgr.dev/chainguard/git@sha256:91f984bed3cef8b6b9bdefb8e4ae2c9ec2c28564b237c2a0e432549c105ceb16
 
 WORKDIR /app
 
diff --git a/plugins/git.go b/plugins/git.go
index 4adfb222..62b16e79 100644
--- a/plugins/git.go
+++ b/plugins/git.go
@@ -73,6 +73,12 @@ func (p *GitPlugin) scanGit(path string, scanOptions string, itemsChan chan ISou
 	defer close()
 
 	for file := range diffs {
+		if file.PatchHeader == nil {
+			// While parsing the PatchHeader, the token size limit may be exceeded, resulting in a nil value.
+			// This scenario is unlikely, but it causes the scan to never complete.
+			file.PatchHeader = &gitdiff.PatchHeader{}
+		}
+
 		log.Debug().Msgf("file: %s; Commit: %s", file.NewName, file.PatchHeader.Title)
 		if file.IsBinary || file.IsDelete {
 			continue