fix: backoff function error handling

lib/snyk/package.go

@@ -111,12 +111,15 @@ func GetPackageVulnerabilities(cfg *Config, purl *packageurl.PackageURL, auth *s
 func getRetryClient(logger *zerolog.Logger) *http.Client {
 	rc := retryablehttp.NewClient()
 	rc.Logger = nil
+	rc.ErrorHandler = retryablehttp.PassthroughErrorHandler
 	rc.Backoff = func(min, max time.Duration, attemptNum int, resp *http.Response) time.Duration {
-		if sleep, ok := parseRateLimitHeader(resp.Header.Get("X-RateLimit-Reset")); ok {
-			logger.Warn().
-				Dur("Retry-After", sleep).
-				Msg("Getting rate-limited, waiting...")
-			return sleep
+		if resp != nil {
+			if sleep, ok := parseRateLimitHeader(resp.Header.Get("X-RateLimit-Reset")); ok {
+				logger.Warn().
+					Dur("Retry-After", sleep).
+					Msg("Getting rate-limited, waiting...")
+				return sleep
+			}
 		}
 		return retryablehttp.DefaultBackoff(min, max, attemptNum, resp)
 	}

lib/snyk/package_test.go

@@ -58,3 +58,34 @@ func TestGetPackageVulnerabilities_RetryRateLimited(t *testing.T) {
 	assert.Equal(t, 2, numRequests, "retries failed requests")
 	assert.NotNil(t, issues, "should retrieve issues")
 }
+
+func TestGetPackageVulnerabilities_HandlesNilResponses(t *testing.T) {
+	logger := zerolog.Nop()
+	var numRequests int
+	var srv *httptest.Server
+	srv = httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		numRequests++
+		if numRequests < 5 {
+			w.Header().Set("X-RateLimit-Reset", "0")
+			w.WriteHeader(http.StatusTooManyRequests)
+			return
+		}
+		// Induce a client error which results in a nil response
+		srv.CloseClientConnections()
+	}))
+
+	cfg := DefaultConfig()
+	cfg.SnykAPIURL = srv.URL
+
+	auth, err := AuthFromToken("asdf")
+	require.NoError(t, err)
+
+	purl, err := packageurl.FromString("pkg:golang/github.com/snyk/parlay")
+	require.NoError(t, err)
+
+	orgID := uuid.New()
+	issues, err := GetPackageVulnerabilities(cfg, &purl, auth, &orgID, &logger)
+
+	require.Error(t, err)
+	assert.Nil(t, issues)
+}