Merge pull request #356 from mindedsecurity:extractor_nix

PiperOrigin-RevId: 716185111
google · Jan 16, 2025 · 2974dcd · 2974dcd
2 parents cfd5e4b + 550c350
commit 2974dcd
Show file tree

Hide file tree

Showing 10 changed files with 1,328 additions and 550 deletions.
diff --git a/binary/proto/proto.go b/binary/proto/proto.go
@@ -44,6 +44,7 @@ import (
 	"github.com/google/osv-scalibr/extractor/filesystem/os/flatpak"
 	"github.com/google/osv-scalibr/extractor/filesystem/os/kernel/module"
 	"github.com/google/osv-scalibr/extractor/filesystem/os/macapps"
+	"github.com/google/osv-scalibr/extractor/filesystem/os/nix"
 	"github.com/google/osv-scalibr/extractor/filesystem/os/pacman"
 	"github.com/google/osv-scalibr/extractor/filesystem/os/portage"
 	"github.com/google/osv-scalibr/extractor/filesystem/os/rpm"
@@ -355,6 +356,18 @@ func setProtoMetadata(meta any, i *spb.Inventory) {
 				Developer:      m.Developer,
 			},
 		}
+	case *nix.Metadata:
+		i.Metadata = &spb.Inventory_NixMetadata{
+			NixMetadata: &spb.NixPackageMetadata{
+				PackageName:       m.PackageName,
+				PackageVersion:    m.PackageVersion,
+				PackageHash:       m.PackageHash,
+				PackageOutput:     m.PackageOutput,
+				OsId:              m.OSID,
+				OsVersionCodename: m.OSVersionCodename,
+				OsVersionId:       m.OSVersionID,
+			},
+		}
 	case *macapps.Metadata:
 		i.Metadata = &spb.Inventory_MacAppsMetadata{
 			MacAppsMetadata: &spb.MacAppsMetadata{

diff --git a/binary/proto/proto_test.go b/binary/proto/proto_test.go
@@ -34,6 +34,7 @@ import (
 	"github.com/google/osv-scalibr/extractor/filesystem/language/python/requirements"
 	"github.com/google/osv-scalibr/extractor/filesystem/language/python/wheelegg"
 	"github.com/google/osv-scalibr/extractor/filesystem/os/dpkg"
+	"github.com/google/osv-scalibr/extractor/filesystem/os/nix"
 	"github.com/google/osv-scalibr/extractor/filesystem/os/pacman"
 	"github.com/google/osv-scalibr/extractor/filesystem/os/portage"
 	"github.com/google/osv-scalibr/extractor/filesystem/os/rpm"
@@ -548,6 +549,44 @@ func TestScanResultToProto(t *testing.T) {
 		Locations: []string{"/file1"},
 		Extractor: "os/portage",
 	}
+	purlNixInventory := &extractor.Inventory{
+		Name:    "attr",
+		Version: "2.5.2",
+		Metadata: &nix.Metadata{
+			PackageName:       "attr",
+			PackageVersion:    "2.5.2",
+			OSID:              "nixos",
+			OSVersionCodename: "vicuna",
+			OSVersionID:       "24.11",
+		},
+		Locations: []string{"/file1"},
+		Extractor: nix.New(),
+	}
+	purlNixInventoryProto := &spb.Inventory{
+		Name:    "attr",
+		Version: "2.5.2",
+		Purl: &spb.Purl{
+			Purl:    "pkg:nix/[email protected]?distro=vicuna",
+			Type:    purl.TypeNix,
+			Name:    "attr",
+			Version: "2.5.2",
+			Qualifiers: []*spb.Qualifier{
+				{Key: "distro", Value: "vicuna"},
+			},
+		},
+		Ecosystem: "",
+		Metadata: &spb.Inventory_NixMetadata{
+			NixMetadata: &spb.NixPackageMetadata{
+				PackageName:       "attr",
+				PackageVersion:    "2.5.2",
+				OsId:              "nixos",
+				OsVersionCodename: "vicuna",
+				OsVersionId:       "24.11",
+			},
+		},
+		Locations: []string{"/file1"},
+		Extractor: "os/nix",
+	}
 	containerdInventory := &extractor.Inventory{
 		Name:    "gcr.io/google-samples/hello-app:1.0",
 		Version: "sha256:b1455e1c4fcc5ea1023c9e3b584cd84b64eb920e332feff690a2829696e379e7",
@@ -900,6 +939,39 @@ func TestScanResultToProto(t *testing.T) {
 			},
 			excludeForOS: []string{"windows", "darwin"},
 		},
+		{
+			desc: "Successful Nix scan linux-only",
+			res: &scalibr.ScanResult{
+				Version:   "1.0.0",
+				StartTime: startTime,
+				EndTime:   endTime,
+				Status:    success,
+				PluginStatus: []*plugin.Status{
+					{
+						Name:    "ext",
+						Version: 2,
+						Status:  success,
+					},
+				},
+				Inventories: []*extractor.Inventory{purlNixInventory},
+			},
+			want: &spb.ScanResult{
+				Version:   "1.0.0",
+				StartTime: timestamppb.New(startTime),
+				EndTime:   timestamppb.New(endTime),
+				Status:    successProto,
+				PluginStatus: []*spb.PluginStatus{
+					{
+						Name:    "ext",
+						Version: 2,
+						Status:  successProto,
+					},
+				},
+				Inventories: []*spb.Inventory{purlNixInventoryProto},
+				Findings:    []*spb.Finding{},
+			},
+			excludeForOS: []string{"windows", "darwin"},
+		},
 		{
 			desc: "Successful containerd scan linux-only",
 			res: &scalibr.ScanResult{

diff --git a/binary/proto/scan_result.proto b/binary/proto/scan_result.proto
@@ -92,6 +92,7 @@ message Inventory {
     JavaLockfileMetadata java_lockfile_metadata = 31;
     PACMANPackageMetadata pacman_metadata = 36;
     ModuleMetadata module_metadata = 38;
+    NixPackageMetadata nix_metadata = 37;
     PortagePackageMetadata portage_metadata = 41;
     OSVPackageMetadata osv_metadata = 16;
     PythonRequirementsMetadata python_requirements_metadata = 21;
@@ -293,6 +294,17 @@ message PACMANPackageMetadata {
   string package_dependencies = 6;
 }
 
+// The additional data found in Nix packages.
+message NixPackageMetadata {
+  string package_name = 1;
+  string package_version = 2;
+  string package_hash = 3;
+  string package_output = 4;
+  string os_id = 5;
+  string os_version_codename = 6;
+  string os_version_id = 7;
+}
+
 // The additional data found in .NET deps json packages.
 message DEPSJSONMetadata {
   string package_name = 1;