Merge pull request #690 from google:return-result

PiperOrigin-RevId: 750779834

Author: copybara-github

detector/detector.go

@@ -17,15 +17,11 @@ package detector
 
 import (
 	"context"
-	"fmt"
-	"reflect"
-	"time"
 
 	"github.com/google/osv-scalibr/extractor"
 	scalibrfs "github.com/google/osv-scalibr/fs"
 	"github.com/google/osv-scalibr/packageindex"
 	"github.com/google/osv-scalibr/plugin"
-	"github.com/google/osv-scalibr/stats"
 )
 
 // Detector is the interface for a security detector plugin, used to scan for security findings
@@ -132,47 +128,3 @@ type TargetDetails struct {
 }
 
 // LINT.ThenChange(/binary/proto/scan_result.proto)
-
-// Run runs the specified detectors and returns their findings,
-// as well as info about whether the plugin runs completed successfully.
-func Run(ctx context.Context, c stats.Collector, detectors []Detector, scanRoot *scalibrfs.ScanRoot, index *packageindex.PackageIndex) ([]*Finding, []*plugin.Status, error) {
-	findings := []*Finding{}
-	status := []*plugin.Status{}
-	for _, d := range detectors {
-		if ctx.Err() != nil {
-			return nil, nil, ctx.Err()
-		}
-		start := time.Now()
-		results, err := d.Scan(ctx, scanRoot, index)
-		c.AfterDetectorRun(d.Name(), time.Since(start), err)
-		for _, f := range results {
-			f.Detectors = []string{d.Name()}
-		}
-		findings = append(findings, results...)
-		status = append(status, plugin.StatusFromErr(d, false, err))
-	}
-	if err := validateAdvisories(findings); err != nil {
-		return []*Finding{}, status, err
-	}
-	return findings, status, nil
-}
-
-func validateAdvisories(findings []*Finding) error {
-	// Check that findings with the same advisory ID have identical advisories.
-	ids := make(map[AdvisoryID]Advisory)
-	for _, f := range findings {
-		if f.Adv == nil {
-			return fmt.Errorf("finding has no advisory set: %v", f)
-		}
-		if f.Adv.ID == nil {
-			return fmt.Errorf("finding has no advisory ID set: %v", f)
-		}
-		if adv, ok := ids[*f.Adv.ID]; ok {
-			if !reflect.DeepEqual(adv, *f.Adv) {
-				return fmt.Errorf("multiple non-identical advisories with ID %v", f.Adv.ID)
-			}
-		}
-		ids[*f.Adv.ID] = *f.Adv
-	}
-	return nil
-}

detector/detectorrunner/detectorrunner.go

@@ -0,0 +1,73 @@
+// Copyright 2025 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Package detectorrunner provides a Run function to help with running detectors
+package detectorrunner
+
+import (
+	"context"
+	"fmt"
+	"reflect"
+	"time"
+
+	"github.com/google/osv-scalibr/detector"
+	scalibrfs "github.com/google/osv-scalibr/fs"
+	"github.com/google/osv-scalibr/packageindex"
+	"github.com/google/osv-scalibr/plugin"
+	"github.com/google/osv-scalibr/stats"
+)
+
+// Run runs the specified detectors and returns their findings,
+// as well as info about whether the plugin runs completed successfully.
+func Run(ctx context.Context, c stats.Collector, detectors []detector.Detector, scanRoot *scalibrfs.ScanRoot, index *packageindex.PackageIndex) ([]*detector.Finding, []*plugin.Status, error) {
+	findings := []*detector.Finding{}
+	status := []*plugin.Status{}
+	for _, d := range detectors {
+		if ctx.Err() != nil {
+			return nil, nil, ctx.Err()
+		}
+		start := time.Now()
+		results, err := d.Scan(ctx, scanRoot, index)
+		c.AfterDetectorRun(d.Name(), time.Since(start), err)
+		for _, f := range results {
+			f.Detectors = []string{d.Name()}
+		}
+		findings = append(findings, results...)
+		status = append(status, plugin.StatusFromErr(d, false, err))
+	}
+	if err := validateAdvisories(findings); err != nil {
+		return []*detector.Finding{}, status, err
+	}
+	return findings, status, nil
+}
+
+func validateAdvisories(findings []*detector.Finding) error {
+	// Check that findings with the same advisory ID have identical advisories.
+	ids := make(map[detector.AdvisoryID]detector.Advisory)
+	for _, f := range findings {
+		if f.Adv == nil {
+			return fmt.Errorf("finding has no advisory set: %v", f)
+		}
+		if f.Adv.ID == nil {
+			return fmt.Errorf("finding has no advisory ID set: %v", f)
+		}
+		if adv, ok := ids[*f.Adv.ID]; ok {
+			if !reflect.DeepEqual(adv, *f.Adv) {
+				return fmt.Errorf("multiple non-identical advisories with ID %v", f.Adv.ID)
+			}
+		}
+		ids[*f.Adv.ID] = *f.Adv
+	}
+	return nil
+}

detector/detector_test.go renamed to detector/detectorrunner/detectorrunner_test.go

@@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package detector_test
+package detectorrunner_test
 
 import (
 	"context"
@@ -22,6 +22,7 @@ import (
 	"github.com/google/go-cmp/cmp"
 	"github.com/google/go-cmp/cmp/cmpopts"
 	"github.com/google/osv-scalibr/detector"
+	"github.com/google/osv-scalibr/detector/detectorrunner"
 	"github.com/google/osv-scalibr/extractor"
 	scalibrfs "github.com/google/osv-scalibr/fs"
 	"github.com/google/osv-scalibr/packageindex"
@@ -152,17 +153,17 @@ func TestRun(t *testing.T) {
 		t.Run(tc.desc, func(t *testing.T) {
 			px, _ := packageindex.New([]*extractor.Package{})
 			tmp := t.TempDir()
-			gotFindings, gotStatus, err := detector.Run(
+			gotFindings, gotStatus, err := detectorrunner.Run(
 				context.Background(), stats.NoopCollector{}, tc.det, scalibrfs.RealFSScanRoot(tmp), px,
 			)
 			if diff := cmp.Diff(tc.wantErr, err, cmpopts.EquateErrors()); diff != "" {
-				t.Errorf("detector.Run(%v): unexpected error (-want +got):\n%s", tc.det, diff)
+				t.Errorf("detectorrunner.Run(%v): unexpected error (-want +got):\n%s", tc.det, diff)
 			}
 			if diff := cmp.Diff(tc.wantFindings, gotFindings); diff != "" {
-				t.Errorf("detector.Run(%v): unexpected findings (-want +got):\n%s", tc.det, diff)
+				t.Errorf("detectorrunner.Run(%v): unexpected findings (-want +got):\n%s", tc.det, diff)
 			}
 			if diff := cmp.Diff(tc.wantStatus, gotStatus); diff != "" {
-				t.Errorf("detector.Run(%v): unexpected status (-want +got):\n%s", tc.det, diff)
+				t.Errorf("detectorrunner.Run(%v): unexpected status (-want +got):\n%s", tc.det, diff)
 			}
 		})
 	}

extractor/filesystem/filesystem.go

@@ -479,7 +479,12 @@ func (wc *walkContext) runExtractor(ex Extractor, path string) {
 		Info:   info,
 		Reader: rc,
 	})
-	wc.stats.AfterExtractorRun(ex.Name(), time.Since(start), err)
+	wc.stats.AfterExtractorRun(ex.Name(), &stats.AfterExtractorStats{
+		Path:      path,
+		Runtime:   time.Since(start),
+		Inventory: &results,
+		Error:     err,
+	})
 
 	if err != nil {
 		addErrToMap(wc.errors, ex.Name(), fmt.Errorf("%s: %w", path, err))

scalibr.go

@@ -30,6 +30,7 @@ import (
 	"github.com/google/osv-scalibr/artifact/image/layerscanning/image"
 	"github.com/google/osv-scalibr/artifact/image/layerscanning/trace"
 	"github.com/google/osv-scalibr/detector"
+	"github.com/google/osv-scalibr/detector/detectorrunner"
 	"github.com/google/osv-scalibr/extractor"
 	"github.com/google/osv-scalibr/extractor/filesystem"
 	"github.com/google/osv-scalibr/extractor/standalone"
@@ -248,7 +249,7 @@ func (Scanner) Scan(ctx context.Context, config *ScanConfig) (sr *ScanResult) {
 		return newScanResult(sro)
 	}
 
-	findings, detectorStatus, err := detector.Run(
+	findings, detectorStatus, err := detectorrunner.Run(
 		ctx, config.Stats, config.Detectors, &scalibrfs.ScanRoot{FS: sysroot.FS, Path: sysroot.Path}, px,
 	)
 	sro.Inventory.Findings = append(sro.Inventory.Findings, findings...)
@@ -283,7 +284,7 @@ func (s Scanner) ScanContainer(ctx context.Context, img *image.Image, config *Sc
 	}
 	// Overwrite the scan roots with the chain layer filesystem.
 	config.ScanRoots = []*scalibrfs.ScanRoot{
-		&scalibrfs.ScanRoot{
+		{
 			FS: chainfs,
 		},
 	}

stats/collector.go

@@ -26,7 +26,7 @@ import (
 // different metric backends to enable monitoring of Scalibr.
 type Collector interface {
 	AfterInodeVisited(path string)
-	AfterExtractorRun(name string, runtime time.Duration, err error)
+	AfterExtractorRun(pluginName string, extractorstats *AfterExtractorStats)
 	AfterDetectorRun(name string, runtime time.Duration, err error)
 	AfterScan(runtime time.Duration, status *plugin.ScanStatus)
 
@@ -60,7 +60,7 @@ type NoopCollector struct{}
 func (c NoopCollector) AfterInodeVisited(path string) {}
 
 // AfterExtractorRun implements Collector by doing nothing.
-func (c NoopCollector) AfterExtractorRun(name string, runtime time.Duration, err error) {}
+func (c NoopCollector) AfterExtractorRun(pluginName string, extractorstats *AfterExtractorStats) {}
 
 // AfterDetectorRun implements Collector by doing nothing.
 func (c NoopCollector) AfterDetectorRun(name string, runtime time.Duration, err error) {}

stats/types.go

@@ -14,6 +14,21 @@
 
 package stats
 
+import (
+	"time"
+
+	"github.com/google/osv-scalibr/inventory"
+)
+
+// AfterExtractorStats is a struct containing stats about the results of a file extraction run.
+type AfterExtractorStats struct {
+	Path    string
+	Runtime time.Duration
+
+	Inventory *inventory.Inventory
+	Error     error
+}
+
 // FileRequiredStats is a struct containing stats about a file that was
 // required or skipped by a plugin.
 type FileRequiredStats struct {