Skip to content

Commit

Permalink
Remove temporary files
Browse files Browse the repository at this point in the history
Remove temporary files left behind by vulnxscan and nix_outdated, unless
verbosity is DEBUG or more verbose in which case we want to keep the
temp files for debug purposes.

Signed-off-by: Henri Rosten <[email protected]>
  • Loading branch information
henrirosten committed Dec 5, 2023
1 parent 0af34e4 commit e9e0889
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 7 deletions.
13 changes: 9 additions & 4 deletions src/nixupdate/nix_outdated.py
Original file line number Diff line number Diff line change
Expand Up @@ -82,7 +82,7 @@ def _generate_sbom(target_path, runtime=True, buildtime=False):
suffix = ".cdx.json"
with NamedTemporaryFile(delete=False, prefix=prefix, suffix=suffix) as f:
sbomdb.to_cdx(f.name, printinfo=False)
return f.name
return pathlib.Path(f.name)


def _run_repology_cli(sbompath):
Expand All @@ -105,7 +105,7 @@ def _run_nix_visualize(targt_path):
with NamedTemporaryFile(delete=False, prefix=prefix, suffix=suffix) as f:
cmd = "nix-visualize " f"--output={f.name} {targt_path}"
exec_cmd(cmd.split())
return f.name
return pathlib.Path(f.name)


def _nix_visualize_csv_to_df(csvpath):
Expand Down Expand Up @@ -257,16 +257,21 @@ def main():
exit_unless_nix_artifact(target_path_abs, force_realise=runtime)

sbom_path = _generate_sbom(target_path_abs, runtime, args.buildtime)
LOG.info("Using SBOM '%s'", sbom_path)
LOG.debug("Using SBOM '%s'", sbom_path)

df_repology = _run_repology_cli(sbom_path)
if LOG.level > logging.DEBUG:
sbom_path.unlink(missing_ok=True)
df_log(df_repology, LOG_SPAM)

if not args.buildtime:
nix_visualize_out = _run_nix_visualize(target_path_abs)
LOG.info("Using nix-visualize out: '%s'", nix_visualize_out)
LOG.debug("Using nix-visualize out: '%s'", nix_visualize_out)
df_nix_visualize = _nix_visualize_csv_to_df(nix_visualize_out)
df_log(df_nix_visualize, LOG_SPAM)
if LOG.level > logging.DEBUG:
# Remove temp file unless verbosity is DEBUG or more verbose
nix_visualize_out.unlink(missing_ok=True)
else:
LOG.info("Not running nix-visualize due to '--buildtime' argument")
df_nix_visualize = None
Expand Down
10 changes: 7 additions & 3 deletions src/vulnxscan/vulnxscan_cli.py
Original file line number Diff line number Diff line change
Expand Up @@ -747,7 +747,7 @@ def _generate_sbom(target_path, runtime=True, buildtime=False):
) as fcsv:
sbomdb.to_cdx(fcdx.name, printinfo=False)
sbomdb.to_csv(fcsv.name, loglevel=logging.DEBUG)
return fcdx.name, fcsv.name
return pathlib.Path(fcdx.name), pathlib.Path(fcsv.name)


def _is_json(path):
Expand Down Expand Up @@ -887,12 +887,16 @@ def main():
sbom_cdx_path, sbom_csv_path = _generate_sbom(
target_path_abs, runtime, args.buildtime
)
LOG.info("Using cdx SBOM '%s'", sbom_cdx_path)
LOG.info("Using csv SBOM '%s'", sbom_csv_path)
LOG.debug("Using cdx SBOM '%s'", sbom_cdx_path)
LOG.debug("Using csv SBOM '%s'", sbom_csv_path)
scanner.scan_vulnix(target_path_abs, args.buildtime)
scanner.scan_grype(sbom_cdx_path)
scanner.scan_osv(sbom_cdx_path)
scanner.report(args, sbom_csv_path)
if not args.sbom and LOG.level > logging.DEBUG:
# Remove generated temp files unless verbosity is DEBUG or more verbose
sbom_cdx_path.unlink(missing_ok=True)
sbom_csv_path.unlink(missing_ok=True)


if __name__ == "__main__":
Expand Down

0 comments on commit e9e0889

Please sign in to comment.