feat: Add contract for code scanner and repository

safedep · Jan 29, 2025 · ccc7712 · ccc7712
1 parent 6d9af94
commit ccc7712
Show file tree

Hide file tree

Showing 4 changed files with 119 additions and 2 deletions.
diff --git a/go.mod b/go.mod
@@ -27,6 +27,7 @@ require (
 	github.com/oklog/ulid/v2 v2.1.0
 	github.com/owenrumney/go-sarif/v2 v2.3.3
 	github.com/package-url/packageurl-go v0.1.3
+	github.com/safedep/code v0.0.0-20250129053905-bde6512236a6
 	github.com/safedep/dry v0.0.0-20250106055453-e0772cda4a25
 	github.com/sirupsen/logrus v1.9.3
 	github.com/smacker/go-tree-sitter v0.0.0-20240827094217-dd81d9e9be82

diff --git a/go.sum b/go.sum
@@ -709,8 +709,6 @@ github.com/nwaples/rardecode v1.1.3 h1:cWCaZwfM5H7nAD6PyEdcVnczzV8i/JtotnyW/dD9l
 github.com/nwaples/rardecode v1.1.3/go.mod h1:5DzqNKiOdpKKBH87u8VlvAnPZMXcGRhxWkRpHbbfGS0=
 github.com/oklog/ulid/v2 v2.1.0 h1:+9lhoxAP56we25tyYETBBY1YLA2SaoLvUFgrP2miPJU=
 github.com/oklog/ulid/v2 v2.1.0/go.mod h1:rcEKHmBBKfef9DhnvX7y1HZBYxjXb0cP5ExxNsTT1QQ=
-github.com/olekukonko/tablewriter v0.0.5 h1:P2Ga83D34wi1o9J6Wh1mRuqd4mF/x/lgBS7N7AbDhec=
-github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug=
@@ -792,6 +790,8 @@ github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWN
 github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
+github.com/safedep/code v0.0.0-20250129053905-bde6512236a6 h1:BDVlc8NTVurERomvVXl+Uz/9t3epQAO4bnBhz8VggWI=
+github.com/safedep/code v0.0.0-20250129053905-bde6512236a6/go.mod h1:oZJ1skQ0nAnqneDMbSN08IM1tl8DKRGD57fEaSXpyuQ=
 github.com/safedep/dry v0.0.0-20250106055453-e0772cda4a25 h1:vkW9YyId5WHPnnGhnrmucKL53xTNUE8mBLBdmTBOGBc=
 github.com/safedep/dry v0.0.0-20250106055453-e0772cda4a25/go.mod h1:VNiIEzsaDJUncMyS+Aly7Hojf3qYNAz+J6Kmi0DALFw=
 github.com/sagikazarmark/crypt v0.3.0/go.mod h1:uD/D+6UF4SrIR1uGEv7bBNkNqLGqUr43MRiaGWX1Nig=

diff --git a/pkg/code/repository.go b/pkg/code/repository.go
@@ -0,0 +1,33 @@
+package code
+
+import (
+	"context"
+
+	"github.com/safedep/code/plugin/depsusage"
+	"github.com/safedep/vet/ent"
+)
+
+// Currently we only need this in CodeScanner
+type writerRepository interface {
+	SaveDependencyUsage(context.Context, *depsusage.UsageEvidence) error
+}
+
+// Repository exposed to rest of the vet to query code analysis data
+// persisted in the storage. This is a contract to the rest of the system
+type ReaderRepository interface {
+	// Stuff like GetEvidenceByPackageName(...)
+}
+
+type writerRepositoryImpl struct {
+	client *ent.Client
+}
+
+func newWriterRepository(client *ent.Client) (writerRepository, error) {
+	return &writerRepositoryImpl{
+		client: client,
+	}, nil
+}
+
+func (r *writerRepositoryImpl) SaveDependencyUsage(ctx context.Context, evidence *depsusage.UsageEvidence) error {
+	return nil
+}
diff --git a/pkg/code/scanner.go b/pkg/code/scanner.go
@@ -0,0 +1,83 @@
+package code
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/safedep/code/core"
+	"github.com/safedep/vet/ent"
+	"github.com/safedep/vet/pkg/storage"
+)
+
+// User define configuration for the scanner
+type ScannerConfig struct {
+	// First party application code directories
+	AppDirectories []string
+
+	// 3rd party imported code directories (e.g. Python virtual env, `node_modules` etc.)
+	ImportDirectories []string
+
+	// Languages to scan
+	Languages []core.Language
+
+	// Define callbacks if required
+	Callbacks *ScannerCallbackRegistry
+
+	// Plugin specific configuration
+	SkipDependencyUsagePlugin bool
+}
+
+type ScannerCallbackRegistry struct {
+	// On start of scan
+	OnScanStart func() error
+
+	// On end of scan
+	OnScanEnd func() error
+}
+
+// Scanner defines the contract for implementing a code scanner. The purpose
+// of code scanner is to scan configured directories for code files,
+// parse them, process them with plugins, persist the plugin results. It
+// should also expose the necessary callbacks for interactive applications
+// to show progress to user.
+type Scanner interface {
+	Scan(context.Context) error
+}
+
+type scanner struct {
+	config  ScannerConfig
+	storage storage.Storage[*ent.Client]
+	writer  writerRepository
+}
+
+func NewScanner(config ScannerConfig, storage storage.Storage[*ent.Client]) (Scanner, error) {
+	client, err := storage.Client()
+	if err != nil {
+		return nil, fmt.Errorf("failed to get ent client: %w", err)
+	}
+
+	writer, err := newWriterRepository(client)
+	if err != nil {
+		return nil, fmt.Errorf("failed to create writer repository: %w", err)
+	}
+
+	return &scanner{
+		config:  config,
+		storage: storage,
+		writer:  writer,
+	}, nil
+}
+
+func (s *scanner) Scan(ctx context.Context) error {
+	// Create the file system walker with config
+
+	// Initialize the plugins
+
+	// Start the tree walker with plugins
+
+	// Handle results from plugins
+
+	// Use repository to persist the results
+
+	return nil
+}