Fix a bug in scan_rootfs_for_system_packages #1462 (#1464)

tdruez · web-flow · commit a063e44e695a · 2024-12-10T12:21:14.000+04:00
Signed-off-by: tdruez &lt;tdruez@nexb.com&gt;
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
@@ -1,6 +1,13 @@
 Changelog
 =========
 
+v34.9.2 (unreleased)
+--------------------
+
+- Fix an issue with the ``scan_rootfs_for_system_packages`` pipe when a namespace is
+  missing for the discovered packages.
+  https://github.com/aboutcode-org/scancode.io/issues/1462
+
 v34.9.1 (2024-12-09)
 --------------------
 
diff --git a/scanpipe/pipes/rootfs.py b/scanpipe/pipes/rootfs.py
@@ -209,7 +209,7 @@ def _create_system_package(project, purl, package):
     # We have no files for this installed package, we cannot go further.
     if not installed_files:
         logger.info(f"  No installed_files for: {purl}")
-        return
+        return created_package
 
     missing_resources = created_package.missing_resources[:]
     modified_resources = created_package.modified_resources[:]
@@ -245,6 +245,8 @@ def _create_system_package(project, purl, package):
         modified_resources=modified_resources,
     )
 
+    return created_package
+
 
 def scan_rootfs_for_system_packages(project, rootfs):
     """
@@ -270,24 +272,23 @@ def scan_rootfs_for_system_packages(project, rootfs):
     seen_namespaces = []
     for index, (purl, package) in enumerate(installed_packages):
         logger.info(f"Creating package #{index}: {purl}")
-        created_system_packages.append(package)
-        seen_namespaces.append(package.namespace)
-        _create_system_package(project, purl, package)
+        discovered_package = _create_system_package(project, purl, package)
+        created_system_packages.append(discovered_package)
+        if package.namespace:
+            seen_namespaces.append(package.namespace)
 
     namespace_counts = Counter(seen_namespaces)
-    # we overwrite namespace only when there are multiple
-    # namespaces in the packages
+    # Overwrite namespace only when there are multiple namespaces in the packages
     if not len(namespace_counts.keys()) > 1:
         return
 
     most_seen_namespace = max(namespace_counts)
-    # if the distro_id is different from the namespace
-    # most seen in packages, we update all the package
-    # namespaces to the distro_id
+    # If the distro_id is different from the namespace most seen in packages,
+    # we update all the package namespaces to the distro_id.
     if most_seen_namespace != distro_id:
-        for package in created_system_packages:
-            if package.namespace != distro_id:
-                package.update(namespace=distro_id)
+        for discovered_package in created_system_packages:
+            if discovered_package.namespace != distro_id:
+                discovered_package.update(namespace=distro_id)
 
 
 def get_resource_with_md5(project, status):
diff --git a/scanpipe/tests/pipes/test_rootfs.py b/scanpipe/tests/pipes/test_rootfs.py
@@ -26,10 +26,13 @@
 from django.test import TestCase
 
 from commoncode.archive import extract_tar
+from container_inspector.distro import Distro
+from packagedcode.models import PackageWithResources
 
 from scanpipe.models import CodebaseResource
 from scanpipe.models import Project
 from scanpipe.pipes import rootfs
+from scanpipe.pipes.rootfs import RootFs
 
 
 class ScanPipeRootfsPipesTest(TestCase):
@@ -159,3 +162,61 @@ def test_scanpipe_pipes_rootfs_flag_media_files_as_uninteresting(self):
         self.assertEqual("ignored-media-file", resource1.status)
         self.assertEqual("ignored-media-file", resource2.status)
         self.assertEqual("", resource3.status)
+
+    @mock.patch("scanpipe.pipes.rootfs.RootFs.get_installed_packages")
+    def test_scanpipe_pipes_rootfs_scan_rootfs_for_system_packages(
+        self, mock_get_installed_packages
+    ):
+        project = Project.objects.create(name="Analysis")
+        rootfs_instance = RootFs(location="")
+        rootfs_instance.distro = Distro(identifier="debian")
+
+        system_packages = [
+            (
+                "pkg:deb/ubuntu/libncurses5@1.0",
+                PackageWithResources(
+                    type="deb",
+                    namespace="ubuntu",
+                    name="libncurses5",
+                    version="1.0",
+                ),
+            ),
+            (
+                # Same namespace
+                "pkg:deb/ubuntu/libncurses5@2.0",
+                PackageWithResources(
+                    type="deb",
+                    namespace="ubuntu",
+                    name="libncurses5",
+                    version="2.0",
+                ),
+            ),
+            (
+                # Different namespace
+                "pkg:deb/other/libncurses5@3.0",
+                PackageWithResources(
+                    type="deb",
+                    namespace="debian",
+                    name="libncurses5",
+                    version="3.0",
+                ),
+            ),
+            (
+                # This package has no namespace on purpose.
+                "pkg:deb/libndp0@1.4-2ubuntu0.16.04.1",
+                PackageWithResources(
+                    type="deb",
+                    name="libndp0",
+                    version="1.4-2ubuntu0.16.04.1",
+                ),
+            ),
+        ]
+
+        mock_get_installed_packages.return_value = system_packages
+        rootfs.scan_rootfs_for_system_packages(project, rootfs_instance)
+
+        package_qs = project.discoveredpackages.all()
+        self.assertEqual(4, package_qs.count())
+        self.assertEqual(0, package_qs.filter(namespace="ubuntu").count())
+        # All namespaces updated to "debian" as the most common namespace
+        self.assertEqual(4, package_qs.filter(namespace="debian").count())
