Include virus report in the resource extra_data field (#1250)

* Include virus report in the resource extra_data field

- Provide the virus report in the extra_data field for downstream consumption via scan results

Signed-off-by: Keshav Priyadarshi <git@keshav.space>

* Refine the docstring and changelog #1250

Signed-off-by: tdruez <tdruez@nexb.com>

* Do not publish the clamav service ports #1250

The service is only accessed by other compose services and does not need to be exposed to the host machine.

Signed-off-by: tdruez <tdruez@nexb.com>

---------

Signed-off-by: Keshav Priyadarshi <git@keshav.space>
Signed-off-by: tdruez <tdruez@nexb.com>
Co-authored-by: tdruez <tdruez@nexb.com>

Author: keshav-space

CHANGELOG.rst

@@ -5,6 +5,8 @@ v34.6.0 (unreleased)
 --------------------
 
 - Add a new ``scan_for_virus`` add-on pipeline based on ClamAV scan.
+  Found viruses are stored as "error" Project messages and on their related codebase
+  resource instance using the ``extra_data`` field.
   https://github.com/nexB/scancode.io/issues/1182
 
 - Add ability to filter by tag on the resource list view.

docker-compose.yml

@@ -71,8 +71,6 @@ services:
     volumes:
       - clamav_data:/var/lib/clamav
       - workspace:/var/scancodeio/workspace/
-    ports:
-      - "3310:3310"
     restart: always
 
 volumes:

scanpipe/pipes/clamav.py

@@ -30,7 +30,8 @@
 def scan_for_virus(project):
     """
     Run a ClamAV scan to detect virus infection.
-    Create one Project error message per found virus.
+    Create one Project error message per found virus and store the detection data
+    on the related codebase resource ``extra_data`` field.
     """
     if settings.CLAMD_USE_TCP:
         clamd_socket = clamd.ClamdNetworkSocket(settings.CLAMD_TCP_ADDR)
@@ -45,13 +46,22 @@ def scan_for_virus(project):
     for resource_location, results in scan_response.items():
         status, reason = results
         resource_path = Path(resource_location).relative_to(project.codebase_path)
-        details = {
-            "status": status,
-            "reason": reason,
-            "resource_path": str(resource_path),
+
+        resource = project.codebaseresources.get(path=resource_path)
+        virus_report = {
+            "calmav": {
+                "status": status,
+                "reason": reason,
+            }
         }
+        resource.update_extra_data({"virus_report": virus_report})
+
         project.add_error(
             description="Virus detected",
             model="ScanForVirus",
-            details=details,
+            details={
+                "status": status,
+                "reason": reason,
+                "resource_path": str(resource_path),
+            },
         )

scanpipe/tests/pipes/test_clamav.py

@@ -56,3 +56,14 @@ def test_scanpipe_pipes_clamav_scan_for_virus(self, mock_multiscan):
             "resource_path": "eicar.zip",
         }
         self.assertEqual(expected_details, error_message.details)
+
+        resource1 = project.codebaseresources.first()
+        expected_virus_report_extra_data = {
+            "virus_report": {
+                "calmav": {
+                    "status": "FOUND",
+                    "reason": "Win.Test.EICAR_HDB-1",
+                }
+            }
+        }
+        self.assertEqual(expected_virus_report_extra_data, resource1.extra_data)