github.com/google/osv-scalibr@v0.4.1/inventory/inventory.go (about)

     1  // Copyright 2025 Google LLC
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //      http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  // Package inventory stores the scan result types SCALIBR can return.
    16  package inventory
    17  
    18  import (
    19  	"context"
    20  
    21  	"github.com/google/osv-scalibr/extractor"
    22  	scalibrfs "github.com/google/osv-scalibr/fs"
    23  )
    24  
    25  // Inventory stores the artifacts (e.g. software packages, security findings)
    26  // that a scan found.
    27  type Inventory struct {
    28  	Packages               []*extractor.Package
    29  	PackageVulns           []*PackageVuln
    30  	GenericFindings        []*GenericFinding
    31  	Secrets                []*Secret
    32  	ContainerImageMetadata []*extractor.ContainerImageMetadata
    33  	EmbeddedFSs            []*EmbeddedFS
    34  }
    35  
    36  // EmbeddedFS represents a mountable filesystem extracted from
    37  // within another file (e.g., a disk image, partition, or archive).
    38  // This is not proto serialized since it's only used as temporary
    39  // storage to traverse embedded filesystems during extraction.
    40  type EmbeddedFS struct {
    41  	// Path is a unique identifier for the embedded filesystem.
    42  	// It is typically formed by concatenating the path to the source file
    43  	// with the partition index from which the filesystem was extracted.
    44  	Path string
    45  
    46  	// TempPaths holds temporary files or directories created during extraction.
    47  	// These should be cleaned up once all extractors, annotators, and detectors
    48  	// have completed their operations.
    49  	// TempPaths will be set when there are temporary directories to clean up.
    50  	TempPaths []string
    51  
    52  	// GetEmbeddedFS is a function that mounts or initializes the underlying
    53  	// embedded filesystem and returns a scalibrfs.FS interface for accessing it.
    54  	// The returned filesystem should be closed or cleaned up by the caller
    55  	// when no longer needed.
    56  	GetEmbeddedFS func(context.Context) (scalibrfs.FS, error)
    57  }
    58  
    59  // Append adds one or more inventories to the current one.
    60  func (i *Inventory) Append(other ...Inventory) {
    61  	for _, o := range other {
    62  		i.Packages = append(i.Packages, o.Packages...)
    63  		i.PackageVulns = append(i.PackageVulns, o.PackageVulns...)
    64  		i.GenericFindings = append(i.GenericFindings, o.GenericFindings...)
    65  		i.Secrets = append(i.Secrets, o.Secrets...)
    66  		i.ContainerImageMetadata = append(i.ContainerImageMetadata, o.ContainerImageMetadata...)
    67  		i.EmbeddedFSs = append(i.EmbeddedFSs, o.EmbeddedFSs...)
    68  	}
    69  }
    70  
    71  // IsEmpty returns true if there are no packages, findings, etc. in this Inventory.
    72  func (i Inventory) IsEmpty() bool {
    73  	if len(i.Packages) != 0 {
    74  		return false
    75  	}
    76  	if len(i.PackageVulns) != 0 {
    77  		return false
    78  	}
    79  	if len(i.GenericFindings) != 0 {
    80  		return false
    81  	}
    82  	if len(i.Secrets) != 0 {
    83  		return false
    84  	}
    85  	if len(i.EmbeddedFSs) != 0 {
    86  		return false
    87  	}
    88  	if len(i.ContainerImageMetadata) != 0 {
    89  		return false
    90  	}
    91  	return true
    92  }