Allow failure to unzip invalid zip-files (#164)

* handle files that are not valid zip files

* improve error handling

internal/fingerprint/fingerprint.go

@@ -4,6 +4,7 @@ import (
 	"archive/zip"
 	"bufio"
 	"crypto/md5" // #nosec
+	"errors"
 	"fmt"
 	"io"
 	"log"
@@ -162,29 +163,32 @@ func (f *Fingerprinter) FingerprintFiles(rootPath string, exclusions []string) (
 }
 
 func computeMD5ForFileAndZip(fileInfo os.FileInfo, path string, exclusions []string) ([]FileFingerprint, error) {
-	fingerprints := []FileFingerprint{}
-
 	if !shouldProcessFile(fileInfo, exclusions, path) {
-		return fingerprints, nil
+		return nil, nil
 	}
 
-	// Scan the contents of compressed files
-	// such as .jar and .nupkg
+	var fingerprints []FileFingerprint
+
+	// If the file should be unzipped, try to unzip and fingerprint it
 	if shouldUnzip(path) {
 		fingerprintsZip, err := inMemFingerprintingCompressedContent(path, exclusions)
 		if err != nil {
-			return nil, err
+			if errors.Is(err, zip.ErrFormat) {
+				fmt.Printf("WARNING: Could not unpack and fingerprint contents of compressed file [%s]. Error: %v\n", path, err)
+			} else {
+				return nil, err
+			}
 		}
 		fingerprints = append(fingerprints, fingerprintsZip...)
 	}
+
+	// Compute the MD5 for the file
 	fingerprint, err := computeMD5ForFile(path)
 	if err != nil {
 		return nil, err
 	}
 
-	fingerprints = append(fingerprints, fingerprint)
-
-	return fingerprints, nil
+	return append(fingerprints, fingerprint), nil
 }
 
 func isSymlink(filename string) (bool, error) {

internal/fingerprint/fingerprint_test.go

@@ -155,7 +155,7 @@ func TestFingerprintFiles(t *testing.T) {
 	assert.NoError(t, err)
 	assert.NotNil(t, fingerprints)
 	assert.NotEmpty(t, fingerprints)
-	assert.Equal(t, 1, fingerprints.Len())
+	assert.Equal(t, 2, fingerprints.Len())
 	assert.Equal(t, "file=72214db4e1e543018d1bafe86ea3b444,21,testdata/fingerprinter/testfile.py", fingerprints.Entries[0].ToString())
 
 	// Test no file

internal/fingerprint/testdata/fingerprinter/wfailing.jar

@@ -0,0 +1 @@
+xxx