internal/worker: do minor refactoring - de-duplicate prepareModule - don't pass arguments for both input module and input binary since only one can be used. Instead, pass one parameter. - deduplicate printing statistics Change-Id: I4c43faf7ecf9ac843f483d5864cae11c7a1524e6 Reviewed-on: https://go-review.googlesource.com/c/pkgsite-metrics/+/477182 TryBot-Result: Gopher Robot <gobot@golang.org> Run-TryBot: Zvonimir Pavlinovic <zpavlinovic@google.com> Reviewed-by: Jonathan Amsterdam <jba@google.com>

commit: 3e402c1b26139dae77e6d1e470b72a395509ac5d [log] [tgz]
author: Zvonimir Pavlinovic <zpavlinovic@google.com> Fri Mar 17 14:36:40 2023 -0700
committer: Zvonimir Pavlinovic <zpavlinovic@google.com> Sat Mar 18 21:53:31 2023 +0000
tree: dd831ddcf3f607ac88697aa416f012c7e6ee3eba
parent: 1168a82e592f6eebcc607582dada327866f71c16 [diff]
diff --git a/internal/worker/govulncheck_scan.go b/internal/worker/govulncheck_scan.go
index af19532..1092547 100644
--- a/internal/worker/govulncheck_scan.go
+++ b/internal/worker/govulncheck_scan.go

@@ -294,17 +294,31 @@
 
 // runScanModule fetches the module version from the proxy, and analyzes it for
 // vulnerabilities.
-func (s *scanner) runScanModule(ctx context.Context, modulePath, version, binDir, mode string, stats *scanStats) (bvulns []*govulncheck.Vuln, err error) {
-	err = doScan(ctx, modulePath, version, s.insecure, func() error {
+func (s *scanner) runScanModule(ctx context.Context, modulePath, version, binaryDir, mode string, stats *scanStats) (bvulns []*govulncheck.Vuln, err error) {
+	err = doScan(ctx, modulePath, version, s.insecure, func() (err error) {
+		// In ModeBinary, path is a file path to the input binary.
+		// Otherwise, it is a path to the input module directory.
+		inputPath := binaryDir
+		if mode != ModeBinary {
+			// In source analysis modes, download the module first.
+			inputPath = moduleDir(modulePath, version)
+			defer cleanup(&err, func() error { return os.RemoveAll(inputPath) })
+			if err := prepareModule(ctx, modulePath, version, inputPath, s.proxyClient, s.insecure); err != nil {
+				return err
+			}
+		}
+
 		var vulns []*govulncheckapi.Vuln
 		if s.insecure {
-			vulns, err = s.runGovulncheckScanInsecure(ctx, modulePath, version, binDir, mode, stats)
+			vulns, err = s.runGovulncheckScanInsecure(ctx, modulePath, version, inputPath, mode, stats)
 		} else {
-			vulns, err = s.runGovulncheckScanSandbox(ctx, modulePath, version, binDir, mode, stats)
+			vulns, err = s.runGovulncheckScanSandbox(ctx, modulePath, version, inputPath, mode, stats)
 		}
 		if err != nil {
 			return err
 		}
+		log.Debugf(ctx, "govulncheck stats: %dkb | %vs", stats.scanMemory, stats.scanSeconds)
+
 		for _, v := range vulns {
 			bvulns = append(bvulns, govulncheck.ConvertGovulncheckOutput(v)...)
 		}
@@ -313,26 +327,14 @@
 	return bvulns, err
 }
 
-func (s *scanner) runGovulncheckScanSandbox(ctx context.Context, modulePath, version, binDir, mode string, stats *scanStats) (_ []*govulncheckapi.Vuln, err error) {
-
+func (s *scanner) runGovulncheckScanSandbox(ctx context.Context, modulePath, version, inputPath, mode string, stats *scanStats) (_ []*govulncheckapi.Vuln, err error) {
 	if mode == ModeBinary {
-		return s.runBinaryScanSandbox(ctx, modulePath, version, binDir, stats)
+		return s.runBinaryScanSandbox(ctx, modulePath, version, inputPath, stats)
 	}
 
-	mdir := moduleDir(modulePath, version)
-	defer cleanup(&err, func() error { return os.RemoveAll(mdir) })
-	const insecure = false
-	if err := prepareModule(ctx, modulePath, version, mdir, s.proxyClient, insecure); err != nil {
-		return nil, err
-	}
-
-	log.Infof(ctx, "running govulncheck in sandbox: %s@%s", modulePath, version)
-	smdir := strings.TrimPrefix(mdir, sandboxRoot)
+	smdir := strings.TrimPrefix(inputPath, sandboxRoot)
 	err = s.sbox.Validate()
 	log.Debugf(ctx, "sandbox Validate returned %v", err)
-	if err != nil {
-		return nil, err
-	}
 
 	response, err := s.runGovulncheckSandbox(ctx, ModeGovulncheck, smdir)
 	if err != nil {
@@ -340,7 +342,6 @@
 	}
 	stats.scanMemory = response.Stats.ScanMemory
 	stats.scanSeconds = response.Stats.ScanSeconds
-	log.Debugf(ctx, "govulncheck stats: %dkb | Seconds: %vs", stats.scanMemory, stats.scanSeconds)
 	return response.Res.Vulns, nil
 }
 
@@ -377,7 +378,6 @@
 	}
 	stats.scanMemory = response.Stats.ScanMemory
 	stats.scanSeconds = response.Stats.ScanSeconds
-	log.Debugf(ctx, "govulncheck stats: %dkb | Seconds: %vs", stats.scanMemory, stats.scanSeconds)
 	return response.Res.Vulns, nil
 }
 
@@ -392,17 +392,12 @@
 	return govulncheck.UnmarshalSandboxResponse(stdout)
 }
 
-func (s *scanner) runGovulncheckScanInsecure(ctx context.Context, modulePath, version, binaryDir, mode string, stats *scanStats) (_ []*govulncheckapi.Vuln, err error) {
+func (s *scanner) runGovulncheckScanInsecure(ctx context.Context, modulePath, version, inputPath, mode string, stats *scanStats) (_ []*govulncheckapi.Vuln, err error) {
 	if mode == ModeBinary {
-		return s.runBinaryScanInsecure(ctx, modulePath, version, binaryDir, os.TempDir(), stats)
+		return s.runBinaryScanInsecure(ctx, modulePath, version, inputPath, os.TempDir(), stats)
 	}
 
-	mdir := moduleDir(modulePath, version)
-	defer cleanup(&err, func() error { return os.RemoveAll(mdir) })
-	if err := prepareModule(ctx, modulePath, version, mdir, s.proxyClient, true); err != nil {
-		return nil, err
-	}
-	vulns, err := s.runGovulncheckCmd("./...", mdir, stats)
+	vulns, err := s.runGovulncheckCmd("./...", inputPath, stats)
 	if err != nil {
 		return nil, err
 	}
commit	3e402c1b26139dae77e6d1e470b72a395509ac5d	[log] [tgz]
author	Zvonimir Pavlinovic <zpavlinovic@google.com>	Fri Mar 17 14:36:40 2023 -0700
committer	Zvonimir Pavlinovic <zpavlinovic@google.com>	Sat Mar 18 21:53:31 2023 +0000
tree	dd831ddcf3f607ac88697aa416f012c7e6ee3eba
parent	1168a82e592f6eebcc607582dada327866f71c16 [diff]