From 6bf7ae4d6b65f6eb9b64e2b9d47430c9e9329625 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maximilian=20Comb=C3=BCchen?= Date: Mon, 4 Mar 2024 11:31:05 +0100 Subject: [PATCH] feat: more verbose log messages in all commands (#61) Closes #14. --- internal/commands/default.go | 8 ++--- internal/commands/deps/repos.go | 8 +++-- internal/commands/deps/root.go | 2 +- internal/commands/ecosystems/enrich.go | 6 ++-- internal/commands/ecosystems/packages.go | 10 +++--- internal/commands/ecosystems/repos.go | 4 +-- internal/commands/ecosystems/root.go | 2 +- internal/commands/scorecard/enrich.go | 4 +-- internal/commands/scorecard/root.go | 2 +- internal/commands/snyk/enrich.go | 4 +-- internal/commands/snyk/packages.go | 10 +++--- internal/commands/snyk/root.go | 3 +- lib/ecosystems/enrich.go | 7 ++-- lib/ecosystems/enrich_cyclonedx.go | 44 +++++++++++++++++------- lib/ecosystems/enrich_cyclonedx_test.go | 13 ++++--- lib/ecosystems/enrich_spdx.go | 5 ++- lib/ecosystems/enrich_spdx_test.go | 2 +- lib/snyk/enrich.go | 2 +- lib/snyk/enrich_cyclonedx.go | 29 ++++++++++------ lib/snyk/enrich_spdx.go | 28 +++++++++------ lib/snyk/enrich_test.go | 14 ++++---- 21 files changed, 126 insertions(+), 81 deletions(-) diff --git a/internal/commands/default.go b/internal/commands/default.go index fd48c22..334678d 100644 --- a/internal/commands/default.go +++ b/internal/commands/default.go @@ -48,10 +48,10 @@ func NewDefaultCommand() *cobra.Command { cmd.SetVersionTemplate(`{{.Version}}`) - cmd.AddCommand(ecosystems.NewEcosystemsRootCommand(logger)) - cmd.AddCommand(snyk.NewSnykRootCommand(logger)) - cmd.AddCommand(deps.NewDepsRootCommand(logger)) - cmd.AddCommand(scorecard.NewRootCommand(logger)) + cmd.AddCommand(ecosystems.NewEcosystemsRootCommand(&logger)) + cmd.AddCommand(snyk.NewSnykRootCommand(&logger)) + cmd.AddCommand(deps.NewDepsRootCommand(&logger)) + cmd.AddCommand(scorecard.NewRootCommand(&logger)) return &cmd } diff --git a/internal/commands/deps/repos.go b/internal/commands/deps/repos.go index 63c8320..f178aa1 100644 --- a/internal/commands/deps/repos.go +++ b/internal/commands/deps/repos.go @@ -10,7 +10,7 @@ import ( "github.com/snyk/parlay/lib/deps" ) -func NewRepoCommand(logger zerolog.Logger) *cobra.Command { +func NewRepoCommand(logger *zerolog.Logger) *cobra.Command { cmd := cobra.Command{ Use: "repo ", Short: "Return repo info from deps.dev", @@ -18,12 +18,14 @@ func NewRepoCommand(logger zerolog.Logger) *cobra.Command { Run: func(cmd *cobra.Command, args []string) { repo, err := deps.GetRepoData(args[0]) if err != nil { - logger.Fatal().Err(err).Msg("Error retrieving data from deps.dev") + logger.Fatal().Err(err).Msg("Failed to retrieve data from deps.dev") } + repository, err := json.Marshal(repo) if err != nil { - logger.Fatal().Err(err).Msg("Error with JSON response from deps.dev") + logger.Fatal().Err(err).Msg("Failed to parse response from deps.dev") } + fmt.Print(string(repository)) }, } diff --git a/internal/commands/deps/root.go b/internal/commands/deps/root.go index 453ddff..d5f1ab4 100644 --- a/internal/commands/deps/root.go +++ b/internal/commands/deps/root.go @@ -5,7 +5,7 @@ import ( "github.com/spf13/cobra" ) -func NewDepsRootCommand(logger zerolog.Logger) *cobra.Command { +func NewDepsRootCommand(logger *zerolog.Logger) *cobra.Command { cmd := cobra.Command{ Use: "deps", Short: "Commands for using parlay with deps.dev", diff --git a/internal/commands/ecosystems/enrich.go b/internal/commands/ecosystems/enrich.go index 30fe442..3b97adc 100644 --- a/internal/commands/ecosystems/enrich.go +++ b/internal/commands/ecosystems/enrich.go @@ -11,7 +11,7 @@ import ( "github.com/snyk/parlay/lib/sbom" ) -func NewEnrichCommand(logger zerolog.Logger) *cobra.Command { +func NewEnrichCommand(logger *zerolog.Logger) *cobra.Command { cmd := cobra.Command{ Use: "enrich ", Short: "Enrich an SBOM with ecosyste.ms data", @@ -19,7 +19,7 @@ func NewEnrichCommand(logger zerolog.Logger) *cobra.Command { Run: func(cmd *cobra.Command, args []string) { b, err := utils.GetUserInput(args[0], os.Stdin) if err != nil { - logger.Fatal().Err(err).Msg("Problem reading input") + logger.Fatal().Err(err).Msg("Failed to read input") } doc, err := sbom.DecodeSBOMDocument(b) @@ -27,7 +27,7 @@ func NewEnrichCommand(logger zerolog.Logger) *cobra.Command { logger.Fatal().Err(err).Msg("Failed to read SBOM input") } - ecosystems.EnrichSBOM(doc) + ecosystems.EnrichSBOM(doc, logger) if err := doc.Encode(os.Stdout); err != nil { logger.Fatal().Err(err).Msg("Failed to encode new SBOM") diff --git a/internal/commands/ecosystems/packages.go b/internal/commands/ecosystems/packages.go index b04b8e5..aac4c4a 100644 --- a/internal/commands/ecosystems/packages.go +++ b/internal/commands/ecosystems/packages.go @@ -10,20 +10,22 @@ import ( "github.com/snyk/parlay/lib/ecosystems" ) -func NewPackageCommand(logger zerolog.Logger) *cobra.Command { +func NewPackageCommand(logger *zerolog.Logger) *cobra.Command { cmd := cobra.Command{ - Use: "package ", + Use: "package ", Short: "Return package info from ecosyste.ms", Args: cobra.ExactArgs(1), Run: func(cmd *cobra.Command, args []string) { purl, err := packageurl.FromString(args[0]) if err != nil { - logger.Fatal().Err(err) + logger.Fatal().Err(err).Msg("Failed to parse PackageURL") } + resp, err := ecosystems.GetPackageData(purl) if err != nil { - logger.Fatal().Err(err) + logger.Fatal().Err(err).Msg("Failed to get package data from ecosyste.ms") } + fmt.Print(string(resp.Body)) }, } diff --git a/internal/commands/ecosystems/repos.go b/internal/commands/ecosystems/repos.go index bf215eb..fc554ee 100644 --- a/internal/commands/ecosystems/repos.go +++ b/internal/commands/ecosystems/repos.go @@ -9,7 +9,7 @@ import ( "github.com/snyk/parlay/lib/ecosystems" ) -func NewRepoCommand(logger zerolog.Logger) *cobra.Command { +func NewRepoCommand(logger *zerolog.Logger) *cobra.Command { cmd := cobra.Command{ Use: "repo ", Short: "Return repo info from ecosyste.ms", @@ -17,7 +17,7 @@ func NewRepoCommand(logger zerolog.Logger) *cobra.Command { Run: func(cmd *cobra.Command, args []string) { resp, err := ecosystems.GetRepoData(args[0]) if err != nil { - logger.Fatal().Err(err).Msg("An error occurred") + logger.Fatal().Err(err).Msg("Failed to get repository data from ecosyste.ms") } fmt.Print(string(resp.Body)) }, diff --git a/internal/commands/ecosystems/root.go b/internal/commands/ecosystems/root.go index becba82..1a95b51 100644 --- a/internal/commands/ecosystems/root.go +++ b/internal/commands/ecosystems/root.go @@ -5,7 +5,7 @@ import ( "github.com/spf13/cobra" ) -func NewEcosystemsRootCommand(logger zerolog.Logger) *cobra.Command { +func NewEcosystemsRootCommand(logger *zerolog.Logger) *cobra.Command { cmd := cobra.Command{ Use: "ecosystems", Short: "Commands for using parlay with ecosystem.ms", diff --git a/internal/commands/scorecard/enrich.go b/internal/commands/scorecard/enrich.go index 9f2fbdd..945e98f 100644 --- a/internal/commands/scorecard/enrich.go +++ b/internal/commands/scorecard/enrich.go @@ -11,7 +11,7 @@ import ( "github.com/snyk/parlay/lib/scorecard" ) -func NewEnrichCommand(logger zerolog.Logger) *cobra.Command { +func NewEnrichCommand(logger *zerolog.Logger) *cobra.Command { cmd := cobra.Command{ Use: "enrich ", Short: "Enrich an SBOM with OpenSSF Scorecard data", @@ -19,7 +19,7 @@ func NewEnrichCommand(logger zerolog.Logger) *cobra.Command { Run: func(cmd *cobra.Command, args []string) { b, err := utils.GetUserInput(args[0], os.Stdin) if err != nil { - logger.Fatal().Err(err).Msg("Problem reading input") + logger.Fatal().Err(err).Msg("Failed to read input") } doc, err := sbom.DecodeSBOMDocument(b) diff --git a/internal/commands/scorecard/root.go b/internal/commands/scorecard/root.go index 200697a..51750d2 100644 --- a/internal/commands/scorecard/root.go +++ b/internal/commands/scorecard/root.go @@ -5,7 +5,7 @@ import ( "github.com/spf13/cobra" ) -func NewRootCommand(logger zerolog.Logger) *cobra.Command { +func NewRootCommand(logger *zerolog.Logger) *cobra.Command { cmd := cobra.Command{ Use: "scorecard", Short: "Commands for using parlay with OpenSSF Scorecard", diff --git a/internal/commands/snyk/enrich.go b/internal/commands/snyk/enrich.go index 7bc3218..7158d64 100644 --- a/internal/commands/snyk/enrich.go +++ b/internal/commands/snyk/enrich.go @@ -11,7 +11,7 @@ import ( "github.com/snyk/parlay/lib/snyk" ) -func NewEnrichCommand(logger zerolog.Logger) *cobra.Command { +func NewEnrichCommand(logger *zerolog.Logger) *cobra.Command { cmd := cobra.Command{ Use: "enrich ", Short: "Enrich an SBOM with Snyk data", @@ -19,7 +19,7 @@ func NewEnrichCommand(logger zerolog.Logger) *cobra.Command { Run: func(cmd *cobra.Command, args []string) { b, err := utils.GetUserInput(args[0], os.Stdin) if err != nil { - logger.Fatal().Err(err).Msg("Problem reading input") + logger.Fatal().Err(err).Msg("Failed to read input") } doc, err := sbom.DecodeSBOMDocument(b) diff --git a/internal/commands/snyk/packages.go b/internal/commands/snyk/packages.go index 1c362f1..1144af9 100644 --- a/internal/commands/snyk/packages.go +++ b/internal/commands/snyk/packages.go @@ -10,7 +10,7 @@ import ( "github.com/snyk/parlay/lib/snyk" ) -func NewPackageCommand(logger zerolog.Logger) *cobra.Command { +func NewPackageCommand(logger *zerolog.Logger) *cobra.Command { cmd := cobra.Command{ Use: "package ", Short: "Return package vulnerabilities from Snyk", @@ -18,7 +18,7 @@ func NewPackageCommand(logger zerolog.Logger) *cobra.Command { Run: func(cmd *cobra.Command, args []string) { purl, err := packageurl.FromString(args[0]) if err != nil { - logger.Fatal().Err(err).Msg("Not a valid purl") + logger.Fatal().Err(err).Msg("Failed to parse PackageURL") } logger. @@ -31,7 +31,7 @@ func NewPackageCommand(logger zerolog.Logger) *cobra.Command { logger. Fatal(). Err(err). - Msg("Failed to get API credentials.") + Msg("Failed to get API credentials") } orgID, err := snyk.SnykOrgID(auth) @@ -39,12 +39,12 @@ func NewPackageCommand(logger zerolog.Logger) *cobra.Command { logger. Fatal(). Err(err). - Msg("Failed to look up user info.") + Msg("Failed to look up user info") } resp, err := snyk.GetPackageVulnerabilities(&purl, auth, orgID) if err != nil { - logger.Fatal().Err(err).Msg("An error occurred") + logger.Fatal().Err(err).Msg("Failed to look up package vulnerabilities") } fmt.Print(string(resp.Body)) diff --git a/internal/commands/snyk/root.go b/internal/commands/snyk/root.go index 1a65f63..d3e69a1 100644 --- a/internal/commands/snyk/root.go +++ b/internal/commands/snyk/root.go @@ -5,7 +5,7 @@ import ( "github.com/spf13/cobra" ) -func NewSnykRootCommand(logger zerolog.Logger) *cobra.Command { +func NewSnykRootCommand(logger *zerolog.Logger) *cobra.Command { cmd := cobra.Command{ Use: "snyk", Short: "Commands for using parlay with Snyk", @@ -18,6 +18,7 @@ func NewSnykRootCommand(logger zerolog.Logger) *cobra.Command { } }, } + cmd.AddCommand(NewPackageCommand(logger)) cmd.AddCommand(NewEnrichCommand(logger)) diff --git a/lib/ecosystems/enrich.go b/lib/ecosystems/enrich.go index 4b5d392..9adf3ee 100644 --- a/lib/ecosystems/enrich.go +++ b/lib/ecosystems/enrich.go @@ -18,17 +18,18 @@ package ecosystems import ( cdx "github.com/CycloneDX/cyclonedx-go" + "github.com/rs/zerolog" "github.com/spdx/tools-golang/spdx" "github.com/snyk/parlay/lib/sbom" ) -func EnrichSBOM(doc *sbom.SBOMDocument) *sbom.SBOMDocument { +func EnrichSBOM(doc *sbom.SBOMDocument, logger *zerolog.Logger) *sbom.SBOMDocument { switch bom := doc.BOM.(type) { case *cdx.BOM: - enrichCDX(bom) + enrichCDX(bom, logger) case *spdx.Document: - enrichSPDX(bom) + enrichSPDX(bom, logger) } return doc } diff --git a/lib/ecosystems/enrich_cyclonedx.go b/lib/ecosystems/enrich_cyclonedx.go index 9870909..c06e0bd 100644 --- a/lib/ecosystems/enrich_cyclonedx.go +++ b/lib/ecosystems/enrich_cyclonedx.go @@ -22,6 +22,7 @@ import ( cdx "github.com/CycloneDX/cyclonedx-go" "github.com/package-url/packageurl-go" "github.com/remeh/sizedwaitgroup" + "github.com/rs/zerolog" "github.com/snyk/parlay/ecosystems/packages" "github.com/snyk/parlay/internal/utils" @@ -63,7 +64,7 @@ func enrichCDXLicense(component cdx.Component, packageData packages.Package) cdx return component } -func enrichExternalReference(component cdx.Component, packageData packages.Package, url *string, refType cdx.ExternalReferenceType) cdx.Component { +func enrichExternalReference(component cdx.Component, _ packages.Package, url *string, refType cdx.ExternalReferenceType) cdx.Component { if url == nil { return component } @@ -192,27 +193,46 @@ func enrichCDXTopics(component cdx.Component, packageData packages.Package) cdx. return component } -func enrichCDX(bom *cdx.BOM) { - comps := utils.DiscoverCDXComponents(bom) +func enrichCDX(bom *cdx.BOM, logger *zerolog.Logger) { wg := sizedwaitgroup.New(20) + + comps := utils.DiscoverCDXComponents(bom) + logger.Debug().Msgf("Detected %d packages", len(comps)) + for i := range comps { wg.Add() - go func(component *cdx.Component) { + go func(comp *cdx.Component) { defer wg.Done() - purl, err := packageurl.FromString(component.PackageURL) + l := logger.With().Str("bom-ref", comp.BOMRef).Logger() + + purl, err := packageurl.FromString(comp.PackageURL) if err != nil { + l.Debug(). + Err(err). + Msg("Skipping package: no usable PackageURL") return } + resp, err := GetPackageData(purl) - if err == nil { - packageData := resp.JSON200 - if packageData != nil { - for _, enrichFunc := range cdxEnrichers { - *component = enrichFunc(*component, *packageData) - } - } + if err != nil { + l.Debug(). + Err(err). + Msg("Skipping package: failed to get package data") + return + } + + if resp.JSON200 == nil { + l.Debug(). + Err(err). + Msg("Skipping package: no data on ecosyste.ms response") + return + } + + for _, enrichFunc := range cdxEnrichers { + *comp = enrichFunc(*comp, *resp.JSON200) } }(comps[i]) } + wg.Wait() } diff --git a/lib/ecosystems/enrich_cyclonedx_test.go b/lib/ecosystems/enrich_cyclonedx_test.go index 0bee223..000a07e 100644 --- a/lib/ecosystems/enrich_cyclonedx_test.go +++ b/lib/ecosystems/enrich_cyclonedx_test.go @@ -23,12 +23,15 @@ import ( cdx "github.com/CycloneDX/cyclonedx-go" "github.com/jarcoal/httpmock" + "github.com/rs/zerolog" "github.com/stretchr/testify/assert" "github.com/snyk/parlay/ecosystems/packages" "github.com/snyk/parlay/lib/sbom" ) +var logger = zerolog.Nop() + func TestEnrichSBOM_CycloneDX(t *testing.T) { httpmock.Activate() defer httpmock.DeactivateAndReset() @@ -65,7 +68,7 @@ func TestEnrichSBOM_CycloneDX(t *testing.T) { } doc := &sbom.SBOMDocument{BOM: bom} - EnrichSBOM(doc) + EnrichSBOM(doc, &logger) components := *bom.Components component := components[0] @@ -112,7 +115,7 @@ func TestEnrichSBOM_CycloneDX_NestedComps(t *testing.T) { } doc := &sbom.SBOMDocument{BOM: bom} - EnrichSBOM(doc) + EnrichSBOM(doc, &logger) httpmock.GetTotalCallCount() calls := httpmock.GetCallCountInfo() @@ -144,7 +147,7 @@ func TestEnrichSBOMWithoutLicense(t *testing.T) { } doc := &sbom.SBOMDocument{BOM: bom} - EnrichSBOM(doc) + EnrichSBOM(doc, &logger) components := *bom.Components @@ -188,7 +191,9 @@ func TestEnrichLicense(t *testing.T) { func TestEnrichBlankSBOM(t *testing.T) { bom := new(cdx.BOM) doc := &sbom.SBOMDocument{BOM: bom} - EnrichSBOM(doc) + + EnrichSBOM(doc, &logger) + assert.Nil(t, bom.Components) } diff --git a/lib/ecosystems/enrich_spdx.go b/lib/ecosystems/enrich_spdx.go index 83c2684..d5e0426 100644 --- a/lib/ecosystems/enrich_spdx.go +++ b/lib/ecosystems/enrich_spdx.go @@ -22,15 +22,18 @@ import ( "strings" "github.com/package-url/packageurl-go" + "github.com/rs/zerolog" "github.com/spdx/tools-golang/spdx" "github.com/spdx/tools-golang/spdx/v2/v2_3" "github.com/snyk/parlay/ecosystems/packages" ) -func enrichSPDX(bom *spdx.Document) { +func enrichSPDX(bom *spdx.Document, logger *zerolog.Logger) { packages := bom.Packages + logger.Debug().Msgf("Detected %d packages", len(packages)) + for _, pkg := range packages { purl, err := extractPurl(pkg) if err != nil { diff --git a/lib/ecosystems/enrich_spdx_test.go b/lib/ecosystems/enrich_spdx_test.go index 5f33c14..114d4fc 100644 --- a/lib/ecosystems/enrich_spdx_test.go +++ b/lib/ecosystems/enrich_spdx_test.go @@ -61,7 +61,7 @@ func TestEnrichSBOM_SPDX(t *testing.T) { } doc := &sbom.SBOMDocument{BOM: bom} - EnrichSBOM(doc) + EnrichSBOM(doc, &logger) pkgs := bom.Packages diff --git a/lib/snyk/enrich.go b/lib/snyk/enrich.go index c44ee65..95debc6 100644 --- a/lib/snyk/enrich.go +++ b/lib/snyk/enrich.go @@ -24,7 +24,7 @@ import ( "github.com/snyk/parlay/lib/sbom" ) -func EnrichSBOM(doc *sbom.SBOMDocument, logger zerolog.Logger) *sbom.SBOMDocument { +func EnrichSBOM(doc *sbom.SBOMDocument, logger *zerolog.Logger) *sbom.SBOMDocument { switch bom := doc.BOM.(type) { case *cdx.BOM: enrichCycloneDX(bom, logger) diff --git a/lib/snyk/enrich_cyclonedx.go b/lib/snyk/enrich_cyclonedx.go index 99ac218..3298c2f 100644 --- a/lib/snyk/enrich_cyclonedx.go +++ b/lib/snyk/enrich_cyclonedx.go @@ -31,50 +31,55 @@ import ( "github.com/snyk/parlay/snyk/issues" ) -func enrichCycloneDX(bom *cdx.BOM, logger zerolog.Logger) *cdx.BOM { +func enrichCycloneDX(bom *cdx.BOM, logger *zerolog.Logger) *cdx.BOM { auth, err := AuthFromToken(APIToken()) if err != nil { - logger.Fatal().Err(err).Msg("Failed to authenticate.") + logger.Fatal().Err(err).Msg("Failed to authenticate") return nil } orgID, err := SnykOrgID(auth) if err != nil { - logger.Error().Err(err).Msg("Failed to infer preferred org.") + logger.Error().Err(err).Msg("Failed to infer preferred Snyk organization") return nil } + logger.Debug().Str("org_id", orgID.String()).Msg("Inferred Snyk organization ID") var mutex = &sync.Mutex{} vulnerabilities := make(map[cdx.Component][]issues.CommonIssueModelVTwo) - comps := utils.DiscoverCDXComponents(bom) wg := sizedwaitgroup.New(20) + + comps := utils.DiscoverCDXComponents(bom) + logger.Debug().Msgf("Detected %d packages", len(comps)) + for i := range comps { wg.Add() go func(component *cdx.Component) { defer wg.Done() + l := logger.With().Str("bom-ref", component.BOMRef).Logger() + purl, err := packageurl.FromString(component.PackageURL) if err != nil { - logger.Debug(). + l.Debug(). Err(err). - Str("BOM-Ref", string(component.BOMRef)). - Msg("Could not identify package.") + Msg("Could not identify package") return } resp, err := GetPackageVulnerabilities(&purl, auth, orgID) if err != nil { - logger.Err(err). + l.Err(err). Str("purl", purl.ToString()). - Msg("Failed to fetch vulnerabilities for package.") + Msg("Failed to fetch vulnerabilities for package") return } packageData := resp.Body var packageDoc issues.IssuesWithPurlsResponse if err := json.Unmarshal(packageData, &packageDoc); err != nil { - logger.Err(err). + l.Err(err). Str("status", resp.Status()). - Msg("Failed to decode Snyk vulnerability response.") + Msg("Failed to decode Snyk vulnerability response") return } @@ -185,6 +190,8 @@ func enrichCycloneDX(bom *cdx.BOM, logger zerolog.Logger) *cdx.BOM { } } + logger.Debug().Msgf("Found %d vulnerabilities", len(vulns)) + if len(vulns) > 0 { bom.Vulnerabilities = &vulns } diff --git a/lib/snyk/enrich_spdx.go b/lib/snyk/enrich_spdx.go index 5593d1d..39eecd3 100644 --- a/lib/snyk/enrich_spdx.go +++ b/lib/snyk/enrich_spdx.go @@ -35,16 +35,20 @@ const ( snykVulnerabilityDB_URI = "https://security.snyk.io" ) -func enrichSPDX(bom *spdx.Document, logger zerolog.Logger) *spdx.Document { +func enrichSPDX(bom *spdx.Document, logger *zerolog.Logger) *spdx.Document { auth, err := AuthFromToken(APIToken()) if err != nil { - logger.Fatal().Err(err).Msg("Failed to authenticate.") + logger.Fatal(). + Err(err). + Msg("Failed to authenticate") return nil } orgID, err := SnykOrgID(auth) if err != nil { - logger.Error().Err(err).Msg("Failed to infer preferred org.") + logger.Fatal(). + Err(err). + Msg("Failed to infer preferred Snyk organization") return nil } @@ -52,34 +56,36 @@ func enrichSPDX(bom *spdx.Document, logger zerolog.Logger) *spdx.Document { wg := sizedwaitgroup.New(20) vulnerabilities := make(map[*spdx_2_3.Package][]issues.CommonIssueModelVTwo) - for i, pkg := range bom.Packages { + packages := bom.Packages + logger.Debug().Msgf("Detected %d packages", len(packages)) + + for i, pkg := range packages { wg.Add() go func(pkg *spdx_2_3.Package, i int) { defer wg.Done() + l := logger.With().Str("SPDXID", string(pkg.PackageSPDXIdentifier)).Logger() purl, err := utils.GetPurlFromSPDXPackage(pkg) if err != nil || purl == nil { - logger.Debug(). - Str("SPDXID", string(pkg.PackageSPDXIdentifier)). - Msg("Could not identify package.") + l.Debug().Msg("Could not identify package") return } resp, err := GetPackageVulnerabilities(purl, auth, orgID) if err != nil { - logger.Err(err). + l.Err(err). Str("purl", purl.ToString()). - Msg("Failed to fetch vulnerabilities for package.") + Msg("Failed to fetch vulnerabilities for package") return } packageData := resp.Body var packageDoc issues.IssuesWithPurlsResponse if err := json.Unmarshal(packageData, &packageDoc); err != nil { - logger.Err(err). + l.Err(err). Str("status", resp.Status()). - Msg("Failed to decode Snyk vulnerability response.") + Msg("Failed to decode Snyk vulnerability response") return } diff --git a/lib/snyk/enrich_test.go b/lib/snyk/enrich_test.go index 0ce70ed..1e2b161 100644 --- a/lib/snyk/enrich_test.go +++ b/lib/snyk/enrich_test.go @@ -13,6 +13,8 @@ import ( "github.com/snyk/parlay/lib/sbom" ) +var logger = zerolog.Nop() + func TestEnrichSBOM_CycloneDXWithVulnerabilities(t *testing.T) { teardown := setupTestEnv(t) defer teardown() @@ -28,9 +30,8 @@ func TestEnrichSBOM_CycloneDXWithVulnerabilities(t *testing.T) { }, } doc := &sbom.SBOMDocument{BOM: bom} - logger := zerolog.Nop() - EnrichSBOM(doc, logger) + EnrichSBOM(doc, &logger) assert.NotNil(t, bom.Vulnerabilities) assert.Len(t, *bom.Vulnerabilities, 1) @@ -62,9 +63,8 @@ func TestEnrichSBOM_CycloneDXWithVulnerabilities_NestedComponents(t *testing.T) }, } doc := &sbom.SBOMDocument{BOM: bom} - logger := zerolog.Nop() - EnrichSBOM(doc, logger) + EnrichSBOM(doc, &logger) assert.NotNil(t, bom.Vulnerabilities) assert.Len(t, *bom.Vulnerabilities, 2) @@ -85,9 +85,8 @@ func TestEnrichSBOM_CycloneDXWithoutVulnerabilities(t *testing.T) { }, } doc := &sbom.SBOMDocument{BOM: bom} - logger := zerolog.Nop() - EnrichSBOM(doc, logger) + EnrichSBOM(doc, &logger) assert.Nil(t, bom.Vulnerabilities, "should not extend vulnerabilities if there are none") } @@ -113,9 +112,8 @@ func TestEnrichSBOM_SPDXWithVulnerabilities(t *testing.T) { }, } doc := &sbom.SBOMDocument{BOM: bom} - logger := zerolog.Nop() - EnrichSBOM(doc, logger) + EnrichSBOM(doc, &logger) vulnRef := bom.Packages[0].PackageExternalReferences[1] assert.Equal(t, "SECURITY", vulnRef.Category)