From e9e08899e4ac0a4167cc21b316f9d654f48b3f5e Mon Sep 17 00:00:00 2001
From: Henri Rosten <henri.rosten@unikie.com>
Date: Mon, 4 Dec 2023 15:52:10 +0200
Subject: [PATCH] Remove temporary files

Remove temporary files left behind by vulnxscan and nix_outdated, unless
verbosity is DEBUG or more verbose in which case we want to keep the
temp files for debug purposes.

Signed-off-by: Henri Rosten <henri.rosten@unikie.com>
---
 src/nixupdate/nix_outdated.py  | 13 +++++++++----
 src/vulnxscan/vulnxscan_cli.py | 10 +++++++---
 2 files changed, 16 insertions(+), 7 deletions(-)

diff --git a/src/nixupdate/nix_outdated.py b/src/nixupdate/nix_outdated.py
index 774ad31..2ca55b6 100755
--- a/src/nixupdate/nix_outdated.py
+++ b/src/nixupdate/nix_outdated.py
@@ -82,7 +82,7 @@ def _generate_sbom(target_path, runtime=True, buildtime=False):
     suffix = ".cdx.json"
     with NamedTemporaryFile(delete=False, prefix=prefix, suffix=suffix) as f:
         sbomdb.to_cdx(f.name, printinfo=False)
-        return f.name
+        return pathlib.Path(f.name)
 
 
 def _run_repology_cli(sbompath):
@@ -105,7 +105,7 @@ def _run_nix_visualize(targt_path):
     with NamedTemporaryFile(delete=False, prefix=prefix, suffix=suffix) as f:
         cmd = "nix-visualize " f"--output={f.name} {targt_path}"
         exec_cmd(cmd.split())
-        return f.name
+        return pathlib.Path(f.name)
 
 
 def _nix_visualize_csv_to_df(csvpath):
@@ -257,16 +257,21 @@ def main():
     exit_unless_nix_artifact(target_path_abs, force_realise=runtime)
 
     sbom_path = _generate_sbom(target_path_abs, runtime, args.buildtime)
-    LOG.info("Using SBOM '%s'", sbom_path)
+    LOG.debug("Using SBOM '%s'", sbom_path)
 
     df_repology = _run_repology_cli(sbom_path)
+    if LOG.level > logging.DEBUG:
+        sbom_path.unlink(missing_ok=True)
     df_log(df_repology, LOG_SPAM)
 
     if not args.buildtime:
         nix_visualize_out = _run_nix_visualize(target_path_abs)
-        LOG.info("Using nix-visualize out: '%s'", nix_visualize_out)
+        LOG.debug("Using nix-visualize out: '%s'", nix_visualize_out)
         df_nix_visualize = _nix_visualize_csv_to_df(nix_visualize_out)
         df_log(df_nix_visualize, LOG_SPAM)
+        if LOG.level > logging.DEBUG:
+            # Remove temp file unless verbosity is DEBUG or more verbose
+            nix_visualize_out.unlink(missing_ok=True)
     else:
         LOG.info("Not running nix-visualize due to '--buildtime' argument")
         df_nix_visualize = None
diff --git a/src/vulnxscan/vulnxscan_cli.py b/src/vulnxscan/vulnxscan_cli.py
index 121c84e..18d63f9 100755
--- a/src/vulnxscan/vulnxscan_cli.py
+++ b/src/vulnxscan/vulnxscan_cli.py
@@ -747,7 +747,7 @@ def _generate_sbom(target_path, runtime=True, buildtime=False):
     ) as fcsv:
         sbomdb.to_cdx(fcdx.name, printinfo=False)
         sbomdb.to_csv(fcsv.name, loglevel=logging.DEBUG)
-        return fcdx.name, fcsv.name
+        return pathlib.Path(fcdx.name), pathlib.Path(fcsv.name)
 
 
 def _is_json(path):
@@ -887,12 +887,16 @@ def main():
         sbom_cdx_path, sbom_csv_path = _generate_sbom(
             target_path_abs, runtime, args.buildtime
         )
-        LOG.info("Using cdx SBOM '%s'", sbom_cdx_path)
-        LOG.info("Using csv SBOM '%s'", sbom_csv_path)
+        LOG.debug("Using cdx SBOM '%s'", sbom_cdx_path)
+        LOG.debug("Using csv SBOM '%s'", sbom_csv_path)
         scanner.scan_vulnix(target_path_abs, args.buildtime)
     scanner.scan_grype(sbom_cdx_path)
     scanner.scan_osv(sbom_cdx_path)
     scanner.report(args, sbom_csv_path)
+    if not args.sbom and LOG.level > logging.DEBUG:
+        # Remove generated temp files unless verbosity is DEBUG or more verbose
+        sbom_cdx_path.unlink(missing_ok=True)
+        sbom_csv_path.unlink(missing_ok=True)
 
 
 if __name__ == "__main__":