feat(scan): add build warnings for conan/nuget dynamic build failures

Author: iseki0

module/conan/conan.go

@@ -6,6 +6,7 @@ import (
 	"github.com/murphysecurity/murphysec/errors"
 	"github.com/murphysecurity/murphysec/infra/logctx"
 	"github.com/murphysecurity/murphysec/model"
+	"github.com/murphysecurity/murphysec/scanerr"
 	"github.com/murphysecurity/murphysec/utils"
 	"go.uber.org/zap"
 	"os"
@@ -29,26 +30,48 @@ func (Inspector) CheckDir(ctx context.Context, dir string) bool {
 		utils.IsFile(filepath.Join(dir, "conan.py"))
 }
 func (Inspector) InspectProject(ctx context.Context) error {
+	task := model.UseInspectionTask(ctx)
+	registeredAutoBuild := task.RegisterAutoBuild()
 	if env.DoNotBuild {
+		scanerr.Add(ctx, scanerr.Param{Kind: scanerr.KindBuildDisabled})
+		registeredAutoBuild.MarkDisabled()
 		return nil
 	}
-	task := model.UseInspectionTask(ctx)
 	logger := logctx.Use(ctx)
 	cmdInfo, e := getConanInfo(ctx)
 	if e != nil {
+		registeredAutoBuild.MarkFailed()
+		kind := scanerr.KindConanFailed
+		if errors.Is(e, ErrConanNotFound) {
+			kind = scanerr.KindConanNotFound
+		}
+		scanerr.Add(ctx, scanerr.Param{
+			Kind:    kind,
+			Content: e.Error(),
+		})
 		return e
 	}
 	jsonFilePath, e := ExecuteConanInfoCmd(ctx, cmdInfo.Path, task.Dir())
 
 	var conanErr conanError
 	if errors.As(e, &conanErr) {
+		registeredAutoBuild.MarkFailed()
+		scanerr.Add(ctx, scanerr.Param{
+			Kind:    scanerr.KindConanFailed,
+			Content: conanErr.Error(),
+		})
 		if !env.ScannerScan {
 			badConanView(ctx)
 			printConanError(ctx, &conanErr)
 		}
 		return e
 	}
 	if e != nil {
+		registeredAutoBuild.MarkFailed()
+		scanerr.Add(ctx, scanerr.Param{
+			Kind:    scanerr.KindConanFailed,
+			Content: e.Error(),
+		})
 		return e
 	}
 	defer func() {
@@ -58,10 +81,20 @@ func (Inspector) InspectProject(ctx context.Context) error {
 	}()
 	var conanJson _ConanInfoJsonFile
 	if e := conanJson.ReadFromFile(jsonFilePath); e != nil {
+		registeredAutoBuild.MarkFailed()
+		scanerr.Add(ctx, scanerr.Param{
+			Kind:    scanerr.KindConanFailed,
+			Content: e.Error(),
+		})
 		return e
 	}
 	t, e := conanJson.Tree()
 	if e != nil {
+		registeredAutoBuild.MarkFailed()
+		scanerr.Add(ctx, scanerr.Param{
+			Kind:    scanerr.KindConanFailed,
+			Content: e.Error(),
+		})
 		return e
 	}
 	task.AddModule(model.Module{

module/nuget/nuget.go

@@ -2,12 +2,14 @@ package nuget
 
 import (
 	"context"
+	"errors"
 	"path/filepath"
 
 	"github.com/murphysecurity/murphysec/env"
 	"github.com/murphysecurity/murphysec/infra/logctx"
 	"github.com/murphysecurity/murphysec/infra/ui"
 	"github.com/murphysecurity/murphysec/model"
+	"github.com/murphysecurity/murphysec/scanerr"
 	"github.com/murphysecurity/murphysec/utils"
 )
 
@@ -31,10 +33,20 @@ func (Inspector) InspectProject(ctx context.Context) error {
 	task := model.UseInspectionTask(ctx)
 	allowFallback := !env.ScannerScan
 	doOld := false
+	registeredAutoBuild := task.RegisterAutoBuild()
 
 	var e error
 	if !task.IsNoBuild() {
-		if multipleBuilds(ctx, task) != nil {
+		if buildErr := multipleBuilds(ctx, task); buildErr != nil {
+			registeredAutoBuild.MarkFailed()
+			kind := scanerr.KindNugetFailed
+			if errors.Is(buildErr, _ErrDotnetNotFound) {
+				kind = scanerr.KindDotnetNotFound
+			}
+			scanerr.Add(ctx, scanerr.Param{
+				Kind:    kind,
+				Content: buildErr.Error(),
+			})
 			logger.Warn("multipleBuilds no build")
 			ui.Use(ctx).Display(ui.MsgWarn, "通过 Nuget获取依赖信息失败，可能会导致检测结果不完整或失败，访问 https://murphysec.com/docs/faqs/quick-start-for-beginners/programming-language-supported.html 了解详情")
 			if allowFallback {
@@ -44,6 +56,8 @@ func (Inspector) InspectProject(ctx context.Context) error {
 			e = noBuildEntrance(ctx, task, &doOld)
 		}
 	} else {
+		registeredAutoBuild.MarkDisabled()
+		scanerr.Add(ctx, scanerr.Param{Kind: scanerr.KindBuildDisabled})
 		logger.Warn("multipleBuilds no build")
 		if allowFallback {
 			e = noBuildEntrance(ctx, task, &doOld)

module/nuget/nuget_cmd_build.go

@@ -36,6 +36,8 @@ func multipleBuilds(ctx context.Context, task *model.InspectionTask) error {
 	logger.Sugar().Debugf("findCLNList: %v", filePath)
 	numCPU := utils.Coerce(runtime.NumCPU(), 1, 4)
 	var wg sync.WaitGroup
+	var mu sync.Mutex
+	var errs []error
 	ch := make(chan string, len(filePath))
 	for _, j := range filePath {
 		ch <- j
@@ -48,11 +50,17 @@ func multipleBuilds(ctx context.Context, task *model.InspectionTask) error {
 			for j := range ch {
 				if err := buildEntrance(ctx, task, j); err != nil {
 					logger.Warn(j + "buildEntrance faild:" + err.Error())
+					mu.Lock()
+					errs = append(errs, fmt.Errorf("%s: %w", j, err))
+					mu.Unlock()
 				}
 			}
 		}()
 	}
 	wg.Wait()
+	if len(errs) > 0 {
+		return errors.Join(errs...)
+	}
 	return nil
 
 }

scanerr/scan_err.go

@@ -42,3 +42,7 @@ const KindMavenNotFound = "mvn_not_found"
 const KindMavenFailed = "mvn_failed"
 const KindBuildDisabled = "build_disabled"
 const KindMavenTimeout = "mvn_timeout_killed"
+const KindConanNotFound = "conan_not_found"
+const KindConanFailed = "conan_failed"
+const KindDotnetNotFound = "dotnet_not_found"
+const KindNugetFailed = "nuget_failed"