Add ability to scan snaps (as a source) (#3929)

Author: wagoodman

cmd/syft/cli/ui/__snapshots__/handle_pull_source_test.snap

@@ -0,0 +1,8 @@
+
+[TestHandler_handlePullSourceStarted/snap_download_in_progress - 1]
+ ⠋ Downloading snap file...        ━━━━━━━━━━━━━━━━━━━━                example-app_1.0_amd64.snap 
+---
+
+[TestHandler_handlePullSourceStarted/snap_download_complete - 1]
+ ✔ Snap downloaded successfully                                        example-app_1.0_amd64.snap 
+---

cmd/syft/cli/ui/handle_cataloger_task_test.go

@@ -26,7 +26,7 @@ func TestHandler_handleCatalogerTaskStarted(t *testing.T) {
 		{
 			name: "cataloging task in progress",
 			eventFn: func(t *testing.T) partybus.Event {
-				value := &monitor.CatalogerTaskProgress{
+				value := &monitor.TaskProgress{
 					AtomicStage: progress.NewAtomicStage("some stage"),
 					Manual:      progress.NewManual(100),
 				}
@@ -48,7 +48,7 @@ func TestHandler_handleCatalogerTaskStarted(t *testing.T) {
 		{
 			name: "cataloging sub task in progress",
 			eventFn: func(t *testing.T) partybus.Event {
-				value := &monitor.CatalogerTaskProgress{
+				value := &monitor.TaskProgress{
 					AtomicStage: progress.NewAtomicStage("some stage"),
 					Manual:      progress.NewManual(100),
 				}
@@ -71,7 +71,7 @@ func TestHandler_handleCatalogerTaskStarted(t *testing.T) {
 		{
 			name: "cataloging sub task complete",
 			eventFn: func(t *testing.T) partybus.Event {
-				value := &monitor.CatalogerTaskProgress{
+				value := &monitor.TaskProgress{
 					AtomicStage: progress.NewAtomicStage("some stage"),
 					Manual:      progress.NewManual(100),
 				}
@@ -94,7 +94,7 @@ func TestHandler_handleCatalogerTaskStarted(t *testing.T) {
 		{
 			name: "cataloging sub task complete -- hide stage",
 			eventFn: func(t *testing.T) partybus.Event {
-				value := &monitor.CatalogerTaskProgress{
+				value := &monitor.TaskProgress{
 					AtomicStage: progress.NewAtomicStage("some stage"),
 					Manual:      progress.NewManual(100),
 				}
@@ -117,7 +117,7 @@ func TestHandler_handleCatalogerTaskStarted(t *testing.T) {
 		{
 			name: "cataloging sub task complete with removal",
 			eventFn: func(t *testing.T) partybus.Event {
-				value := &monitor.CatalogerTaskProgress{
+				value := &monitor.TaskProgress{
 					AtomicStage: progress.NewAtomicStage("some stage"),
 					Manual:      progress.NewManual(100),
 				}
@@ -162,7 +162,7 @@ func TestHandler_handleCatalogerTaskStarted(t *testing.T) {
 			}
 
 			// note: this line / event is not under test, only needed to show a sub status
-			kickoffEvent := &monitor.CatalogerTaskProgress{
+			kickoffEvent := &monitor.TaskProgress{
 				AtomicStage: progress.NewAtomicStage(""),
 				Manual:      progress.NewManual(-1),
 			}

cmd/syft/cli/ui/handle_pull_source.go

@@ -0,0 +1,37 @@
+package ui
+
+import (
+	tea "github.com/charmbracelet/bubbletea"
+	"github.com/wagoodman/go-partybus"
+
+	"github.com/anchore/bubbly/bubbles/taskprogress"
+	"github.com/anchore/syft/internal/log"
+	syftEventParsers "github.com/anchore/syft/syft/event/parsers"
+)
+
+func (m *Handler) handlePullSourceStarted(e partybus.Event) []tea.Model {
+	prog, info, err := syftEventParsers.ParsePullSourceStarted(e)
+	if err != nil {
+		log.WithFields("error", err).Debug("unable to parse event")
+		return nil
+	}
+
+	tsk := m.newTaskProgress(
+		taskprogress.Title{
+			Default: info.Title.Default,
+			Running: info.Title.WhileRunning,
+			Success: info.Title.OnSuccess,
+		},
+		taskprogress.WithStagedProgressable(prog),
+	)
+
+	tsk.HideOnSuccess = info.HideOnSuccess
+	tsk.HideStageOnSuccess = info.HideStageOnSuccess
+	tsk.HideProgressOnSuccess = true
+
+	if info.Context != "" {
+		tsk.Context = []string{info.Context}
+	}
+
+	return []tea.Model{tsk}
+}

cmd/syft/cli/ui/handle_pull_source_test.go

@@ -0,0 +1,121 @@
+package ui
+
+import (
+	"testing"
+	"time"
+
+	tea "github.com/charmbracelet/bubbletea"
+	"github.com/gkampitakis/go-snaps/snaps"
+	"github.com/stretchr/testify/require"
+	"github.com/wagoodman/go-partybus"
+	"github.com/wagoodman/go-progress"
+
+	"github.com/anchore/bubbly/bubbles/taskprogress"
+	"github.com/anchore/syft/syft/event"
+	"github.com/anchore/syft/syft/event/monitor"
+)
+
+func TestHandler_handlePullSourceStarted(t *testing.T) {
+
+	tests := []struct {
+		name       string
+		eventFn    func(*testing.T) partybus.Event
+		iterations int
+	}{
+		{
+			name: "snap download in progress",
+			eventFn: func(t *testing.T) partybus.Event {
+				stage := progress.NewAtomicStage("")
+				manual := progress.NewManual(0)
+				manual.SetTotal(1000000) // 1MB file
+				manual.Set(250000)       // 25% downloaded
+
+				taskProg := &monitor.TaskProgress{
+					AtomicStage: stage,
+					Manual:      manual,
+				}
+
+				genericTask := monitor.GenericTask{
+					Title: monitor.Title{
+						Default:      "Downloading snap",
+						WhileRunning: "Downloading snap file...",
+						OnSuccess:    "Snap downloaded",
+					},
+					Context:            "example-app_1.0_amd64.snap",
+					HideOnSuccess:      false,
+					HideStageOnSuccess: true,
+					ID:                 "snap-download-123",
+				}
+
+				return partybus.Event{
+					Type:   event.PullSourceStarted,
+					Source: genericTask,
+					Value:  taskProg,
+				}
+			},
+			iterations: 5,
+		},
+		{
+			name: "snap download complete",
+			eventFn: func(t *testing.T) partybus.Event {
+				stage := progress.NewAtomicStage("")
+				manual := progress.NewManual(0)
+				manual.SetTotal(1000000) // 1MB file
+				manual.Set(1000000)      // 100% downloaded
+				manual.SetCompleted()
+
+				taskProg := &monitor.TaskProgress{
+					AtomicStage: stage,
+					Manual:      manual,
+				}
+
+				genericTask := monitor.GenericTask{
+					Title: monitor.Title{
+						Default:      "Downloading snap",
+						WhileRunning: "Downloading snap file...",
+						OnSuccess:    "Snap downloaded successfully",
+					},
+					Context:            "example-app_1.0_amd64.snap",
+					HideOnSuccess:      false,
+					HideStageOnSuccess: true,
+					ID:                 "snap-download-123",
+				}
+
+				return partybus.Event{
+					Type:   event.PullSourceStarted,
+					Source: genericTask,
+					Value:  taskProg,
+				}
+			},
+			iterations: 3,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			event := tt.eventFn(t)
+			handler := New(DefaultHandlerConfig())
+			handler.WindowSize = tea.WindowSizeMsg{
+				Width:  100,
+				Height: 80,
+			}
+
+			models := handler.handlePullSourceStarted(event)
+			require.Len(t, models, 1)
+			model := models[0]
+
+			tsk, ok := model.(taskprogress.Model)
+			require.True(t, ok)
+
+			gotModel := runModel(t, tsk, tt.iterations, taskprogress.TickMsg{
+				Time:     time.Now(),
+				Sequence: tsk.Sequence(),
+				ID:       tsk.ID(),
+			})
+
+			got := gotModel.View()
+
+			t.Log(got)
+			snaps.MatchSnapshot(t, got)
+		})
+	}
+}

cmd/syft/cli/ui/handler.go

@@ -57,6 +57,7 @@ func New(cfg HandlerConfig) *Handler {
 		stereoscopeEvent.FetchImage:          simpleHandler(h.handleFetchImage),
 		syftEvent.FileIndexingStarted:        simpleHandler(h.handleFileIndexingStarted),
 		syftEvent.AttestationStarted:         simpleHandler(h.handleAttestationStarted),
+		syftEvent.PullSourceStarted:          simpleHandler(h.handlePullSourceStarted),
 		syftEvent.CatalogerTaskStarted:       h.handleCatalogerTaskStarted,
 	})
 

cmd/syft/internal/clio_setup_config.go

@@ -44,7 +44,7 @@ func AppClioSetupConfig(id clio.Identification, out io.Writer) *clio.SetupConfig
 				redact.Set(state.RedactStore)
 
 				log.Set(state.Logger)
-				stereoscope.SetLogger(state.Logger)
+				stereoscope.SetLogger(state.Logger.Nested("from", "stereoscope"))
 				return nil
 			},
 		).

go.mod

@@ -35,6 +35,7 @@ require (
 	github.com/charmbracelet/lipgloss v1.1.0
 	github.com/dave/jennifer v1.7.1
 	github.com/deitch/magic v0.0.0-20230404182410-1ff89d7342da
+	github.com/diskfs/go-diskfs v1.6.1-0.20250601133945-2af1c7ece24c
 	github.com/distribution/reference v0.6.0
 	github.com/dustin/go-humanize v1.0.1
 	github.com/elliotchance/phpserialize v1.4.0
@@ -51,6 +52,8 @@ require (
 	github.com/google/licensecheck v0.3.1
 	github.com/google/uuid v1.6.0
 	github.com/gookit/color v1.5.4
+	github.com/hashicorp/go-cleanhttp v0.5.2
+	github.com/hashicorp/go-getter v1.7.8
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/hashicorp/hcl/v2 v2.23.0
 	github.com/iancoleman/strcase v0.3.0
@@ -93,6 +96,12 @@ require (
 )
 
 require (
+	cloud.google.com/go v0.116.0 // indirect
+	cloud.google.com/go/auth v0.9.9 // indirect
+	cloud.google.com/go/auth/oauth2adapt v0.2.4 // indirect
+	cloud.google.com/go/compute/metadata v0.7.0 // indirect
+	cloud.google.com/go/iam v1.2.2 // indirect
+	cloud.google.com/go/storage v1.43.0 // indirect
 	dario.cat/mergo v1.0.1 // indirect
 	github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect
 	github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20230306123547-8075edf89bb0 // indirect
@@ -103,14 +112,17 @@ require (
 	github.com/ProtonMail/go-crypto v1.2.0 // indirect
 	github.com/STARRY-S/zip v0.2.1 // indirect
 	github.com/agext/levenshtein v1.2.1 // indirect; indirectt
+	github.com/anchore/go-lzo v0.1.0 // indirect
 	github.com/anchore/go-struct-converter v0.0.0-20221118182256-c68fdcfa2092 // indirect
 	github.com/andybalholm/brotli v1.1.2-0.20250424173009-453214e765f3 // indirect
 	github.com/apparentlymart/go-textseg/v13 v13.0.0 // indirect
 	github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect
 	github.com/aquasecurity/go-version v0.0.1 // indirect
 	github.com/atotto/clipboard v0.1.4 // indirect
+	github.com/aws/aws-sdk-go v1.44.122 // indirect
 	github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect
 	github.com/becheran/wildmatch-go v1.0.0 // indirect
+	github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect
 	github.com/bodgit/plumbing v1.3.0 // indirect
 	github.com/bodgit/sevenzip v1.6.0 // indirect
 	github.com/bodgit/windows v1.0.1 // indirect
@@ -153,17 +165,23 @@ require (
 	github.com/go-logr/logr v1.4.3 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-restruct/restruct v1.2.0-alpha // indirect
-	github.com/goccy/go-yaml v1.18.0 // indirect
+	github.com/goccy/go-yaml v1.18.0
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect
 	github.com/golang/snappy v0.0.4 // indirect
 	github.com/google/pprof v0.0.0-20250317173921-a4b03ec1a45e // indirect
+	github.com/google/s2a-go v0.1.8 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.3.4 // indirect
+	github.com/googleapis/gax-go/v2 v2.13.0 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
+	github.com/hashicorp/go-safetemp v1.0.0 // indirect
+	github.com/hashicorp/go-version v1.6.0 // indirect
 	github.com/hashicorp/golang-lru/v2 v2.0.7 // indirect
 	github.com/huandu/xstrings v1.5.0 // indirect
 	github.com/iancoleman/orderedmap v0.0.0-20190318233801-ac98e3ecb4b0 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
+	github.com/jmespath/go-jmespath v0.4.0 // indirect
 	github.com/kevinburke/ssh_config v1.2.0 // indirect
 	github.com/klauspost/compress v1.18.0 // indirect
 	github.com/klauspost/pgzip v1.2.6 // indirect
@@ -180,6 +198,7 @@ require (
 	github.com/minio/minlz v1.0.0 // indirect
 	github.com/mitchellh/copystructure v1.2.0 // indirect
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
+	github.com/mitchellh/go-testing-interface v1.14.1 // indirect
 	github.com/mitchellh/go-wordwrap v1.0.1 // indirect
 	github.com/mitchellh/reflectwalk v1.0.2 // indirect
 	github.com/moby/docker-image-spec v1.3.1 // indirect
@@ -203,20 +222,22 @@ require (
 	github.com/pjbgf/sha1cd v0.3.2 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pkg/profile v1.7.0 // indirect
+	github.com/pkg/xattr v0.4.9 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
 	github.com/rivo/uniseg v0.4.7 // indirect
 	github.com/rogpeppe/go-internal v1.14.1 // indirect
 	github.com/sagikazarmark/locafero v0.7.0 // indirect
 	github.com/sahilm/fuzzy v0.1.1 // indirect
 	github.com/shopspring/decimal v1.4.0 // indirect
-	github.com/sirupsen/logrus v1.9.3 // indirect
+	github.com/sirupsen/logrus v1.9.4-0.20230606125235-dd1b4c2e81af // indirect
 	github.com/skeema/knownhosts v1.3.1 // indirect
 	github.com/sorairolake/lzip-go v0.3.5 // indirect
 	github.com/sourcegraph/conc v0.3.0 // indirect
 	github.com/spf13/cast v1.7.1 // indirect
 	github.com/spf13/pflag v1.0.6 // indirect
 	github.com/spf13/viper v1.20.0 // indirect
+	github.com/stretchr/objx v0.5.2 // indirect
 	github.com/subosito/gotenv v1.6.0 // indirect
 	github.com/sylabs/sif/v2 v2.21.1 // indirect
 	github.com/sylabs/squashfs v1.0.6 // indirect
@@ -235,6 +256,7 @@ require (
 	github.com/zclconf/go-cty v1.13.0 // indirect
 	go.opencensus.io v0.24.0 // indirect
 	go.opentelemetry.io/auto/sdk v1.1.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0 // indirect
 	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0 // indirect
 	go.opentelemetry.io/otel v1.36.0 // indirect
 	go.opentelemetry.io/otel/metric v1.36.0 // indirect
@@ -243,13 +265,17 @@ require (
 	go.uber.org/multierr v1.9.0 // indirect
 	go4.org v0.0.0-20230225012048-214862532bf5 // indirect
 	golang.org/x/crypto v0.39.0 // indirect
+	golang.org/x/oauth2 v0.30.0 // indirect
 	golang.org/x/sync v0.15.0 // indirect
 	golang.org/x/sys v0.33.0 // indirect
 	golang.org/x/term v0.32.0 // indirect
 	golang.org/x/text v0.26.0 // indirect
+	golang.org/x/time v0.7.0 // indirect
 	golang.org/x/tools v0.34.0 // indirect
 	golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect
+	google.golang.org/api v0.203.0 // indirect
 	google.golang.org/genproto v0.0.0-20241118233622-e639e219e697 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20241113202542-65e8d215514f // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20241223144023-3abc09e42ca8 // indirect
 	google.golang.org/grpc v1.67.3 // indirect
 	google.golang.org/protobuf v1.36.4 // indirect