[scanner] fix: add nil-safety guards to prevent potential panics (#19238)

clubanderson · web-flow · commit c627d78a6407 · 2026-06-19T17:58:57.000-04:00
Fixes #19194\n\nAdds nil checks to prevent potential nil pointer panics identified by nilaway static analysis:\n- pkg/stellar/solver/solver.go: nil check for deployment object\n- pkg/mcp/client.go: nil check for response\n- pkg/agent/workers/workers_device_tracker.go: nil checks for alert pointers\n- pkg/k8s/client_clients.go: nil checks for rest.CopyConfig return\n- Test files: added require.NotNil guards
diff --git a/pkg/agent/broadcast_test.go b/pkg/agent/broadcast_test.go
@@ -102,7 +102,7 @@ func TestBroadcastToClients_RemovesDeadClients(t *testing.T) {
 	defer cleanup()
 
 	// Close client 0's underlying TCP connection to simulate a dead peer.
-	if clients[0] != nil {
+	if len(clients) > 0 && clients[0] != nil {
 		if uc := clients[0].UnderlyingConn(); uc != nil {
 			uc.Close()
 		}
diff --git a/pkg/agent/federation/providers/test_server_test.go b/pkg/agent/federation/providers/test_server_test.go
@@ -158,6 +158,9 @@ func writeStatusResponse(w http.ResponseWriter, code int, path string) {
 }
 
 func mergeMaps(dst, patch map[string]interface{}) {
+	if dst == nil || patch == nil {
+		return
+	}
 	for key, value := range patch {
 		patchMap, patchIsMap := value.(map[string]interface{})
 		dstMap, dstIsMap := dst[key].(map[string]interface{})
diff --git a/pkg/agent/workers/workers_device_tracker.go b/pkg/agent/workers/workers_device_tracker.go
@@ -372,7 +372,7 @@ func (t *DeviceTracker) checkForDrop(key, nodeName, cluster, deviceType string,
 	}
 
 	now := time.Now()
-	if existing, ok := t.alerts[alertKey]; ok {
+	if existing, ok := t.alerts[alertKey]; ok && existing != nil {
 		existing.CurrentCount = currentCount
 		existing.DroppedCount = dropped
 		existing.LastSeen = now
@@ -417,7 +417,7 @@ func (t *DeviceTracker) checkForBoolDrop(key, nodeName, cluster, deviceType stri
 		severity = "critical" // Driver issues are critical
 	}
 
-	if existing, ok := t.alerts[alertKey]; ok {
+	if existing, ok := t.alerts[alertKey]; ok && existing != nil {
 		existing.LastSeen = now
 		existing.Severity = severity
 		return existing
diff --git a/pkg/api/handlers/github/pipelines_client_test.go b/pkg/api/handlers/github/pipelines_client_test.go
@@ -29,6 +29,7 @@ func TestGHGet_BuildsCorrectURL(t *testing.T) {
 
 	resp, err := handler.ghGet(context.Background(), "/repos/test/repo/actions/runs")
 	require.NoError(t, err)
+	require.NotNil(t, resp)
 	assert.Equal(t, http.StatusOK, resp.StatusCode)
 }
 
@@ -49,6 +50,7 @@ func TestGHGet_HandlesFullURL(t *testing.T) {
 
 	resp, err := handler.ghGet(context.Background(), "https://api.github.com/repos/test/repo")
 	require.NoError(t, err)
+	require.NotNil(t, resp)
 	assert.Equal(t, http.StatusOK, resp.StatusCode)
 }
 
@@ -68,9 +70,7 @@ func TestGHGetWithRetry_SuccessFirstAttempt(t *testing.T) {
 
 	resp, err := handler.ghGetWithRetry(context.Background(), "/test")
 	require.NoError(t, err)
-	if resp == nil {
-		t.Fatal("expected non-nil response")
-	}
+	require.NotNil(t, resp)
 	assert.Equal(t, http.StatusOK, resp.StatusCode)
 }
 
@@ -99,6 +99,7 @@ func TestGHGetWithRetry_RateLimitRetry(t *testing.T) {
 
 	resp, err := handler.ghGetWithRetry(context.Background(), "/test")
 	require.NoError(t, err)
+	require.NotNil(t, resp)
 	assert.Equal(t, http.StatusOK, resp.StatusCode)
 	assert.Equal(t, 2, attemptCount, "should retry after rate limit")
 }
@@ -121,6 +122,7 @@ func TestGHGetWithRetry_MaxAttemptsExceeded(t *testing.T) {
 
 	resp, err := handler.ghGetWithRetry(context.Background(), "/test")
 	require.NoError(t, err) // Function returns the response, not an error
+	require.NotNil(t, resp)
 	assert.Equal(t, http.StatusForbidden, resp.StatusCode)
 	// Should have attempted the maximum number of times
 	assert.True(t, attemptCount >= 1, "should make at least one attempt")
@@ -156,6 +158,7 @@ func TestGHGetWithRetry_RespectsRetryAfterHeader(t *testing.T) {
 	elapsed := time.Since(start)
 
 	require.NoError(t, err)
+	require.NotNil(t, resp)
 	assert.Equal(t, http.StatusOK, resp.StatusCode)
 	// Should have waited at least 1 second due to Retry-After header
 	assert.True(t, elapsed >= time.Second, "should respect Retry-After header")
diff --git a/pkg/k8s/client_clients.go b/pkg/k8s/client_clients.go
@@ -37,6 +37,10 @@ func (m *MultiClusterClient) GetClient(contextName string) (kubernetes.Interface
 	isInCluster := inClusterConfig != nil && (contextName == "in-cluster" || contextName == inClusterName)
 	if isInCluster {
 		config = rest.CopyConfig(inClusterConfig)
+		// Guard against nil return from rest.CopyConfig (#19194).
+		if config == nil {
+			return nil, fmt.Errorf("failed to copy in-cluster config for context %s", contextName)
+		}
 	} else {
 		config, err = clientcmd.NewNonInteractiveDeferredLoadingClientConfig(
 			&clientcmd.ClientConfigLoadingRules{ExplicitPath: kubeconfigPath},
@@ -127,6 +131,10 @@ func (m *MultiClusterClient) GetDynamicClient(contextName string) (dynamic.Inter
 		isInCluster := inClusterConfig != nil && (contextName == "in-cluster" || contextName == inClusterName)
 		if isInCluster {
 			config = rest.CopyConfig(inClusterConfig)
+			// Guard against nil return from rest.CopyConfig (#19194).
+			if config == nil {
+				return nil, fmt.Errorf("failed to copy in-cluster config for context %s", contextName)
+			}
 		} else {
 			config, err = clientcmd.NewNonInteractiveDeferredLoadingClientConfig(
 				&clientcmd.ClientConfigLoadingRules{ExplicitPath: kubeconfigPath},
diff --git a/pkg/mcp/client.go b/pkg/mcp/client.go
@@ -426,6 +426,9 @@ func (c *Client) call(ctx context.Context, method string, params interface{}) (j
 		}
 		return nil, fmt.Errorf("context done")
 	case resp := <-respCh:
+		if resp == nil {
+			return nil, fmt.Errorf("nil response from channel")
+		}
 		if resp.Error != nil {
 			return nil, fmt.Errorf("RPC error %d: %s", resp.Error.Code, resp.Error.Message)
 		}
diff --git a/pkg/stellar/solver/solver.go b/pkg/stellar/solver/solver.go
@@ -285,6 +285,9 @@ func verifyResourceHealth(ctx context.Context, k8sClient *k8s.MultiClusterClient
 	if err != nil {
 		return false, fmt.Sprintf("deployment read error: %s", err.Error())
 	}
+	if deploy == nil {
+		return false, "deployment read returned nil"
+	}
 	if deploy.Status.ReadyReplicas > 0 && deploy.Status.ReadyReplicas == deploy.Status.Replicas {
 		return true, fmt.Sprintf("%d/%d replicas ready.", deploy.Status.ReadyReplicas, deploy.Status.Replicas)
 	}
diff --git a/pkg/store/sqlite_users_test.go b/pkg/store/sqlite_users_test.go
@@ -217,6 +217,7 @@ func TestSQLiteStore_UpdateUserRole(t *testing.T) {
 
 	got, err := s.GetUser(ctx, user.ID)
 	require.NoError(t, err)
+	require.NotNil(t, got)
 	assert.Equal(t, models.UserRoleAdmin, got.Role)
 }
 

Original file line number	Diff line number	Diff line change
`@@ -102,7 +102,7 @@ func TestBroadcastToClients_RemovesDeadClients(t *testing.T) {`
`102`	`102`	`defer cleanup()`
`103`	`103`
`104`	`104`	`// Close client 0's underlying TCP connection to simulate a dead peer.`
`105`		`- if clients[0] != nil {`
	`105`	`+ if len(clients) > 0 && clients[0] != nil {`
`106`	`106`	`if uc := clients[0].UnderlyingConn(); uc != nil {`
`107`	`107`	`uc.Close()`
`108`	`108`	`}`
Original file line number	Diff line number	Diff line change
`@@ -158,6 +158,9 @@ func writeStatusResponse(w http.ResponseWriter, code int, path string) {`
`158`	`158`	`}`
`159`	`159`
`160`	`160`	`func mergeMaps(dst, patch map[string]interface{}) {`
	`161`	`+ if dst == nil \|\| patch == nil {`
	`162`	`+ return`
	`163`	`+ }`
`161`	`164`	`for key, value := range patch {`
`162`	`165`	`patchMap, patchIsMap := value.(map[string]interface{})`
`163`	`166`	`dstMap, dstIsMap := dst[key].(map[string]interface{})`
Original file line number	Diff line number	Diff line change
`@@ -426,6 +426,9 @@ func (c *Client) call(ctx context.Context, method string, params interface{}) (j`
`426`	`426`	`}`
`427`	`427`	`return nil, fmt.Errorf("context done")`
`428`	`428`	`case resp := <-respCh:`
	`429`	`+ if resp == nil {`
	`430`	`+ return nil, fmt.Errorf("nil response from channel")`
	`431`	`+ }`
`429`	`432`	`if resp.Error != nil {`
`430`	`433`	`return nil, fmt.Errorf("RPC error %d: %s", resp.Error.Code, resp.Error.Message)`
`431`	`434`	`}`
Original file line number	Diff line number	Diff line change
`@@ -285,6 +285,9 @@ func verifyResourceHealth(ctx context.Context, k8sClient *k8s.MultiClusterClient`
`285`	`285`	`if err != nil {`
`286`	`286`	`return false, fmt.Sprintf("deployment read error: %s", err.Error())`
`287`	`287`	`}`
	`288`	`+ if deploy == nil {`
	`289`	`+ return false, "deployment read returned nil"`
	`290`	`+ }`
`288`	`291`	`if deploy.Status.ReadyReplicas > 0 && deploy.Status.ReadyReplicas == deploy.Status.Replicas {`
`289`	`292`	`return true, fmt.Sprintf("%d/%d replicas ready.", deploy.Status.ReadyReplicas, deploy.Status.Replicas)`
`290`	`293`	`}`
Original file line number	Diff line number	Diff line change
`@@ -217,6 +217,7 @@ func TestSQLiteStore_UpdateUserRole(t *testing.T) {`
`217`	`217`
`218`	`218`	`got, err := s.GetUser(ctx, user.ID)`
`219`	`219`	`require.NoError(t, err)`
	`220`	`+ require.NotNil(t, got)`
`220`	`221`	`assert.Equal(t, models.UserRoleAdmin, got.Role)`
`221`	`222`	`}`
`222`	`223`