OSVExceptionを適切にハンドリングする

[rioil]

OSVExceptionが発生すると落ちます．

fail: Microsoft.Extensions.Hosting.Internal.Host[9]
      BackgroundService failed
      System.AggregateException: One or more errors occurred. (Exception of type 'OSV.Client.OSVException' was thrown.)
       ---> OSV.Client.OSVException: Exception of type 'OSV.Client.OSVException' was thrown.
       ---> System.Net.Http.HttpRequestException: Request failed with status code GatewayTimeout
         --- End of inner exception stack trace ---
         at Osmy.Server.Services.OSVClientEx.ExecuteAsync[T](RestRequest request, CancellationToken cancellationToken) in D:\rio\dev\CSharp\Osmy\Osmy.Server\Services\OSVClientEx.cs:line 67
         at Osmy.Server.Services.OSVClientEx.QueryAffectedBatchAsync(BatchQueryEx batchQuery, CancellationToken cancellationToken) in D:\rio\dev\CSharp\Osmy\Osmy.Server\Services\OSVClientEx.cs:line 51
         --- End of inner exception stack trace ---
         at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions)
         at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification)
         at Osmy.Server.Services.VulnerabilityScanner.<>c__DisplayClass8_1.<ExecuteBatchQueryAsync>b__1(Task`1 t) in D:\rio\dev\CSharp\Osmy\Osmy.Server\Services\VulnerabilityScanner.cs:line 160
         at System.Threading.Tasks.ContinuationResultTaskFromResultTask`2.InnerInvoke()
         at System.Threading.ExecutionContext.RunFromThreadPoolDispatchLoop(Thread threadPoolThread, ExecutionContext executionContext, ContextCallback callback, Object state)
      --- End of stack trace from previous location ---
         at System.Threading.Tasks.Task.ExecuteWithThreadLocal(Task& currentTaskSlot, Thread threadPoolThread)
      --- End of stack trace from previous location ---
         at Osmy.Server.Services.VulnerabilityScanner.ScanPackageVulnerability(SbomPackageComponent[] pkgs, CancellationToken cancellationToken) in D:\rio\dev\CSharp\Osmy\Osmy.Server\Services\VulnerabilityScanner.cs:line 98
         at Osmy.Server.Services.VulnerabilityScanner.ScanAllAsync(CancellationToken cancellationToken) in D:\rio\dev\CSharp\Osmy\Osmy.Server\Services\VulnerabilityScanner.cs:line 47
         at Osmy.Server.Services.VulnerabilityScanService.StartAutoScanRequest(CancellationToken stoppingToken) in D:\rio\dev\CSharp\Osmy\Osmy.Server\Services\VulnerabilityScanService.cs:line 38
         at Microsoft.Extensions.Hosting.Internal.Host.TryExecuteBackgroundServiceAsync(BackgroundService backgroundService)
crit: Microsoft.Extensions.Hosting.Internal.Host[10]
      The HostOptions.BackgroundServiceExceptionBehavior is configured to StopHost. A BackgroundService has thrown an unhandled exception, and the IHost instance is stopping. To avoid this behavior, configure this to Ignore; however the BackgroundService will not be restarted.
      System.AggregateException: One or more errors occurred. (Exception of type 'OSV.Client.OSVException' was thrown.)
       ---> OSV.Client.OSVException: Exception of type 'OSV.Client.OSVException' was thrown.
       ---> System.Net.Http.HttpRequestException: Request failed with status code GatewayTimeout
         --- End of inner exception stack trace ---
         at Osmy.Server.Services.OSVClientEx.ExecuteAsync[T](RestRequest request, CancellationToken cancellationToken) in D:\rio\dev\CSharp\Osmy\Osmy.Server\Services\OSVClientEx.cs:line 67
         at Osmy.Server.Services.OSVClientEx.QueryAffectedBatchAsync(BatchQueryEx batchQuery, CancellationToken cancellationToken) in D:\rio\dev\CSharp\Osmy\Osmy.Server\Services\OSVClientEx.cs:line 51
         --- End of inner exception stack trace ---
         at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions)
         at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification)
         at Osmy.Server.Services.VulnerabilityScanner.<>c__DisplayClass8_1.<ExecuteBatchQueryAsync>b__1(Task`1 t) in D:\rio\dev\CSharp\Osmy\Osmy.Server\Services\VulnerabilityScanner.cs:line 160
         at System.Threading.Tasks.ContinuationResultTaskFromResultTask`2.InnerInvoke()
         at System.Threading.ExecutionContext.RunFromThreadPoolDispatchLoop(Thread threadPoolThread, ExecutionContext executionContext, ContextCallback callback, Object state)
      --- End of stack trace from previous location ---
         at System.Threading.Tasks.Task.ExecuteWithThreadLocal(Task& currentTaskSlot, Thread threadPoolThread)
      --- End of stack trace from previous location ---
         at Osmy.Server.Services.VulnerabilityScanner.ScanPackageVulnerability(SbomPackageComponent[] pkgs, CancellationToken cancellationToken) in D:\rio\dev\CSharp\Osmy\Osmy.Server\Services\VulnerabilityScanner.cs:line 98
         at Osmy.Server.Services.VulnerabilityScanner.ScanAllAsync(CancellationToken cancellationToken) in D:\rio\dev\CSharp\Osmy\Osmy.Server\Services\VulnerabilityScanner.cs:line 47
         at Osmy.Server.Services.VulnerabilityScanService.StartAutoScanRequest(CancellationToken stoppingToken) in D:\rio\dev\CSharp\Osmy\Osmy.Server\Services\VulnerabilityScanService.cs:line 38
         at Microsoft.Extensions.Hosting.Internal.Host.TryExecuteBackgroundServiceAsync(BackgroundService backgroundService)

[rioil]

この部分でcatchしているので，落ちることは無くなっていますが，ログが出力が無く，例外が握りつぶされています．
そもそもこの例外はOSV側の問題なので，プログラムを異常終了させたり，脆弱性診断をスキップしてユーザーに通知したりするべきかもしれません．

Osmy/Osmy.Server/Services/VulnerabilityScanService.cs

Lines 36 to 47 in 89ea503

	try
	{
	var scanner = new VulnerabilityScanner();
	await scanner.ScanAllAsync(stoppingToken);
	var appNotificationService = new AppNotificationService();
	appNotificationService.NotifyVulnerability();
	}
	catch (Exception)
	{
	// TODO logging
	}