fix(gsutil): Add graceful error handling for missing gsutil (#4833)

JigyasuRajput · terriko · web-flow · commit c7c51eb66742 · 2025-04-14T10:03:58.000-07:00
Co-authored-by: Terri Oda &lt;terri.oda@intel.com&gt;
diff --git a/cve_bin_tool/data_sources/osv_source.py b/cve_bin_tool/data_sources/osv_source.py
@@ -7,6 +7,8 @@
 import datetime
 import io
 import json
+import os
+import shutil
 import zipfile
 from pathlib import Path
 
@@ -20,6 +22,15 @@
 from cve_bin_tool.version import HTTP_HEADERS
 
 
+def find_gsutil():
+    gsutil_path = shutil.which("gsutil")
+    if not os.path.exists(gsutil_path):
+        raise FileNotFoundError(
+            "gsutil not found. Did you need to install requirements or activate a venv where gsutil is installed?"
+        )
+    return gsutil_path
+
+
 class OSV_Source(Data_Source):
     """Class to retrieve CVE's from the Open Source Vulnerabilities (OSV) Database"""
 
@@ -52,16 +63,17 @@ async def update_ecosystems(self):
         """Gets names of all ecosystems that OSV provides."""
 
         ecosystems = []
+        gsutil_path = find_gsutil()  # use helper function
 
         # Inspect the list of files and folders at the top level in the GS bucket.
-        stdout, _, _ = await aio_run_command(["gsutil", "ls", self.gs_url])
+        stdout, _, _ = await aio_run_command([gsutil_path, "ls", self.gs_url])
         lines = stdout.split(b"\n")
 
         # For each line in the directory listing determine if it is a folder that
         # contains all.zip.
         for line in lines:
             ecosystem_zip = line + b"all.zip"
-            stdout, _, _ = await aio_run_command(["gsutil", "ls", ecosystem_zip])
+            stdout, _, _ = await aio_run_command([gsutil_path, "ls", ecosystem_zip])
             if stdout.strip(b"\n") == ecosystem_zip:
                 # Found a valid ecosystem
                 ecosystem = str(line).split("/")[-2]
@@ -126,8 +138,9 @@ def parse_filename(self, str):
     async def get_newfiles(self, ecosystem, time_of_last_update):
         """Gets list of files modified after time of last update."""
 
+        gsutil_path = find_gsutil()  # use helper function
         gs_file = self.gs_url + ecosystem
-        stdout, _, _ = await aio_run_command(["gsutil", "ls", "-l", gs_file])
+        stdout, _, _ = await aio_run_command([gsutil_path, "ls", "-l", gs_file])
         stdout = str(stdout).split("json")
 
         newfiles = []
@@ -142,8 +155,9 @@ async def get_newfiles(self, ecosystem, time_of_last_update):
     async def get_totalfiles(self, ecosystem):
         """Gets total number of files in an ecosystem"""
 
+        gsutil_path = find_gsutil()  # use helper function
         gs_file = self.gs_url + ecosystem + "/all.zip"
-        await aio_run_command(["gsutil", "cp", gs_file, self.osv_path])
+        await aio_run_command([gsutil_path, "cp", gs_file, self.osv_path])
 
         zip_path = Path(self.osv_path) / "all.zip"
         totalfiles = 0
