refactor: hide empty results for OS packages license and file licenses

aquasecurity · Jan 29, 2025 · eb4d2fa · eb4d2fa
1 parent d5ca966
commit eb4d2fa
Show file tree

Hide file tree

Showing 9 changed files with 152 additions and 124 deletions.
diff --git a/pkg/flag/options.go b/pkg/flag/options.go
@@ -460,6 +460,7 @@ func (o *Options) ScanOpts() types.ScanOptions {
 		ImageConfigScanners: o.ImageConfigScanners, // this is valid only for 'image' subcommand
 		ScanRemovedPackages: o.ScanRemovedPkgs,     // this is valid only for 'image' subcommand
 		LicenseCategories:   o.LicenseCategories,
+		LicenseFull:         o.LicenseFull,
 		FilePatterns:        o.FilePatterns,
 		IncludeDevDeps:      o.IncludeDevDeps,
 		Distro:              o.Distro,

diff --git a/pkg/rpc/client/client.go b/pkg/rpc/client/client.go
@@ -97,6 +97,7 @@ func (s Scanner) Scan(ctx context.Context, target, artifactKey string, blobKeys
 				PkgRelationships:  xstrings.ToStringSlice(opts.PkgRelationships),
 				Scanners:          xstrings.ToStringSlice(opts.Scanners),
 				LicenseCategories: licenseCategories,
+				LicenseFull:       opts.LicenseFull,
 				IncludeDevDeps:    opts.IncludeDevDeps,
 				Distro:            distro,
 			},

diff --git a/pkg/rpc/server/server.go b/pkg/rpc/server/server.go
@@ -87,6 +87,7 @@ func (s *ScanServer) ToOptions(in *rpcScanner.ScanOptions) types.ScanOptions {
 		Scanners:          scanners,
 		IncludeDevDeps:    in.IncludeDevDeps,
 		LicenseCategories: licenseCategories,
+		LicenseFull:       in.LicenseFull,
 		Distro:            distro,
 	}
 }

diff --git a/pkg/scanner/local/scan.go b/pkg/scanner/local/scan.go
@@ -262,17 +262,22 @@ func (s Scanner) scanLicenses(target types.ScanTarget, options types.ScanOptions
 	scanner := licensing.NewScanner(options.LicenseCategories)
 
 	// License - OS packages
-	var osPkgLicenses []types.DetectedLicense
-	for _, pkg := range target.Packages {
-		for _, license := range pkg.Licenses {
-			osPkgLicenses = append(osPkgLicenses, toDetectedLicense(scanner, license, pkg.Name, ""))
+	if len(target.Packages) > 0 {
+		var osPkgLicenses []types.DetectedLicense
+		for _, pkg := range target.Packages {
+			for _, license := range pkg.Licenses {
+				osPkgLicenses = append(osPkgLicenses, toDetectedLicense(scanner, license, pkg.Name, ""))
+			}
 		}
+		// We only need to add result with OS package licenses if Packages were found.
+		// This is to avoid user confusion.
+		// e.g. when we didn't find packages but show that we didn't find licenses in the Packages.
+		results = append(results, types.Result{
+			Target:   "OS Packages",
+			Class:    types.ClassLicense,
+			Licenses: osPkgLicenses,
+		})
 	}
-	results = append(results, types.Result{
-		Target:   "OS Packages",
-		Class:    types.ClassLicense,
-		Licenses: osPkgLicenses,
-	})
 
 	// License - language-specific packages
 	for _, app := range target.Applications {
@@ -300,26 +305,32 @@ func (s Scanner) scanLicenses(target types.ScanTarget, options types.ScanOptions
 	}
 
 	// License - file header or license file
-	var fileLicenses []types.DetectedLicense
-	for _, license := range target.Licenses {
-		for _, finding := range license.Findings {
-			category, severity := scanner.Scan(finding.Name)
-			fileLicenses = append(fileLicenses, types.DetectedLicense{
-				Severity:   severity,
-				Category:   category,
-				FilePath:   license.FilePath,
-				Name:       finding.Name,
-				Confidence: finding.Confidence,
-				Link:       finding.Link,
-			})
+	if options.LicenseFull {
+		var fileLicenses []types.DetectedLicense
+		for _, license := range target.Licenses {
+			for _, finding := range license.Findings {
+				category, severity := scanner.Scan(finding.Name)
+				fileLicenses = append(fileLicenses, types.DetectedLicense{
+					Severity:   severity,
+					Category:   category,
+					FilePath:   license.FilePath,
+					Name:       finding.Name,
+					Confidence: finding.Confidence,
+					Link:       finding.Link,
+				})
 
+			}
 		}
+
+		// We only need to add the result with license files if the `--license-full` flag is enabled.
+		// This is to avoid user confusion.
+		// e.g. the user might think that we were looking for licenses but didn't find them.
+		results = append(results, types.Result{
+			Target:   "Loose File License(s)",
+			Class:    types.ClassLicenseFile,
+			Licenses: fileLicenses,
+		})
 	}
-	results = append(results, types.Result{
-		Target:   "Loose File License(s)",
-		Class:    types.ClassLicenseFile,
-		Licenses: fileLicenses,
-	})
 
 	return results
 }

diff --git a/pkg/scanner/local/scan_test.go b/pkg/scanner/local/scan_test.go
@@ -298,6 +298,7 @@ func TestScanner_Scan(t *testing.T) {
 				options: types.ScanOptions{
 					PkgRelationships: ftypes.Relationships,
 					Scanners:         types.Scanners{types.LicenseScanner},
+					LicenseFull:      true,
 				},
 			},
 			fixtures: []string{"testdata/fixtures/happy.yaml"},

diff --git a/pkg/types/scan.go b/pkg/types/scan.go
@@ -111,14 +111,15 @@ type ScanTarget struct {
 	CustomResources []types.CustomResource
 }
 
-// ScanOptions holds the attributes for scanning vulnerabilities
+// ScanOptions holds the attributes for scanning vulnerabilities/licenses
 type ScanOptions struct {
 	PkgTypes            []string
 	PkgRelationships    []types.Relationship
 	Scanners            Scanners
 	ImageConfigScanners Scanners // Scanners for container image configuration
 	ScanRemovedPackages bool
 	LicenseCategories   map[types.LicenseCategory][]string
+	LicenseFull         bool
 	FilePatterns        []string
 	IncludeDevDeps      bool
 	Distro              types.OS // Forced OS

diff --git a/rpc/scanner/service.pb.go b/rpc/scanner/service.pb.go
diff --git a/rpc/scanner/service.proto b/rpc/scanner/service.proto
@@ -29,6 +29,7 @@ message ScanOptions {
   bool                  include_dev_deps   = 5;
   repeated string       pkg_relationships  = 6;
   common.OS             distro             = 7;
+  bool                  license_full       = 8;
 
   reserved 3;  // deleted 'list_all_packages'
 }