fix(server): add Locations for Packages in client/server mode (#6366)

integration/client_server_test.go

@@ -242,6 +242,16 @@ func TestClientServer(t *testing.T) {
 			},
 			golden: "testdata/pom.json.golden",
 		},
+		{
+			name: "scan package-lock.json with repo command in client/server mode",
+			args: csArgs{
+				Command:          "repo",
+				RemoteAddrOption: "--server",
+				Target:           "testdata/fixtures/repo/npm/",
+				ListAllPackages:  true,
+			},
+			golden: "testdata/npm.json.golden",
+		},
 		{
 			name: "scan sample.pem with repo command in client/server mode",
 			args: csArgs{
@@ -588,6 +598,10 @@ func setupClient(t *testing.T, c csArgs, addr string, cacheDir string, golden st
 		osArgs = append(osArgs, "--format", "json")
 	}
 
+	if c.ListAllPackages {
+		osArgs = append(osArgs, "--list-all-pkgs")
+	}
+
 	if c.IgnoreUnfixed {
 		osArgs = append(osArgs, "--ignore-unfixed")
 	}

pkg/rpc/convert.go

@@ -65,6 +65,7 @@ func ConvertToRPCPkgs(pkgs []ftypes.Package) []*common.Package {
 			SrcRelease: pkg.SrcRelease,
 			SrcEpoch:   int32(pkg.SrcEpoch),
 			Licenses:   pkg.Licenses,
+			Locations:  ConvertToRPCLocations(pkg.Locations),
 			Layer:      ConvertToRPCLayer(pkg.Layer),
 			FilePath:   pkg.FilePath,
 			DependsOn:  pkg.DependsOn,
@@ -90,6 +91,17 @@ func ConvertToRPCPkgIdentifier(pkg ftypes.PkgIdentifier) *common.PkgIdentifier {
 	}
 }
 
+func ConvertToRPCLocations(pkgLocs []ftypes.Location) []*common.Location {
+	var locations []*common.Location
+	for _, pkgLoc := range pkgLocs {
+		locations = append(locations, &common.Location{
+			StartLine: int32(pkgLoc.StartLine),
+			EndLine:   int32(pkgLoc.EndLine),
+		})
+	}
+	return locations
+}
+
 func ConvertToRPCCustomResources(resources []ftypes.CustomResource) []*common.CustomResource {
 	var rpcResources []*common.CustomResource
 	for _, r := range resources {
@@ -207,6 +219,7 @@ func ConvertFromRPCPkgs(rpcPkgs []*common.Package) []ftypes.Package {
 			SrcRelease: pkg.SrcRelease,
 			SrcEpoch:   int(pkg.SrcEpoch),
 			Licenses:   pkg.Licenses,
+			Locations:  ConvertFromRPCLocation(pkg.Locations),
 			Layer:      ConvertFromRPCLayer(pkg.Layer),
 			FilePath:   pkg.FilePath,
 			DependsOn:  pkg.DependsOn,
@@ -237,6 +250,17 @@ func ConvertFromRPCPkgIdentifier(pkg *common.PkgIdentifier) ftypes.PkgIdentifier
 	return pkgID
 }
 
+func ConvertFromRPCLocation(locs []*common.Location) []ftypes.Location {
+	var pkgLocs []ftypes.Location
+	for _, loc := range locs {
+		pkgLocs = append(pkgLocs, ftypes.Location{
+			StartLine: int(loc.StartLine),
+			EndLine:   int(loc.EndLine),
+		})
+	}
+	return pkgLocs
+}
+
 // ConvertToRPCVulns returns common.Vulnerability
 func ConvertToRPCVulns(vulns []types.DetectedVulnerability) []*common.Vulnerability {
 	var rpcVulns []*common.Vulnerability

pkg/rpc/convert_test.go

@@ -39,6 +39,16 @@ func TestConvertToRpcPkgs(t *testing.T) {
 						SrcRelease: "1",
 						SrcEpoch:   2,
 						Licenses:   []string{"MIT"},
+						Locations: []ftypes.Location{
+							{
+								StartLine: 10,
+								EndLine:   20,
+							},
+							{
+								StartLine: 22,
+								EndLine:   32,
+							},
+						},
 						Layer: ftypes.Layer{
 							Digest: "sha256:6a428f9f83b0a29f1fdd2ccccca19a9bab805a925b8eddf432a5a3d3da04afbc",
 							DiffID: "sha256:39982b2a789afc156fff00c707d0ff1c6ab4af8f1666a8df4787714059ce24e7",
@@ -60,6 +70,16 @@ func TestConvertToRpcPkgs(t *testing.T) {
 					SrcRelease: "1",
 					SrcEpoch:   2,
 					Licenses:   []string{"MIT"},
+					Locations: []*common.Location{
+						{
+							StartLine: 10,
+							EndLine:   20,
+						},
+						{
+							StartLine: 22,
+							EndLine:   32,
+						},
+					},
 					Layer: &common.Layer{
 						Digest: "sha256:6a428f9f83b0a29f1fdd2ccccca19a9bab805a925b8eddf432a5a3d3da04afbc",
 						DiffId: "sha256:39982b2a789afc156fff00c707d0ff1c6ab4af8f1666a8df4787714059ce24e7",
@@ -101,6 +121,16 @@ func TestConvertFromRpcPkgs(t *testing.T) {
 						SrcRelease: "1",
 						SrcEpoch:   2,
 						Licenses:   []string{"MIT"},
+						Locations: []*common.Location{
+							{
+								StartLine: 10,
+								EndLine:   20,
+							},
+							{
+								StartLine: 22,
+								EndLine:   32,
+							},
+						},
 						Layer: &common.Layer{
 							Digest: "sha256:6a428f9f83b0a29f1fdd2ccccca19a9bab805a925b8eddf432a5a3d3da04afbc",
 							DiffId: "sha256:39982b2a789afc156fff00c707d0ff1c6ab4af8f1666a8df4787714059ce24e7",
@@ -122,6 +152,16 @@ func TestConvertFromRpcPkgs(t *testing.T) {
 					SrcRelease: "1",
 					SrcEpoch:   2,
 					Licenses:   []string{"MIT"},
+					Locations: []ftypes.Location{
+						{
+							StartLine: 10,
+							EndLine:   20,
+						},
+						{
+							StartLine: 22,
+							EndLine:   32,
+						},
+					},
 					Layer: ftypes.Layer{
 						Digest: "sha256:6a428f9f83b0a29f1fdd2ccccca19a9bab805a925b8eddf432a5a3d3da04afbc",
 						DiffID: "sha256:39982b2a789afc156fff00c707d0ff1c6ab4af8f1666a8df4787714059ce24e7",

rpc/common/service.proto

@@ -47,6 +47,7 @@ message Package {
   string            src_release = 8;
   int32             src_epoch   = 9;
   repeated string   licenses    = 15;
+  repeated Location locations   = 20;
   Layer             layer       = 11;
   string            file_path   = 12;
   repeated string   depends_on  = 14;
@@ -60,6 +61,11 @@ message PkgIdentifier {
   string bom_ref = 2;
 }
 
+message Location {
+  int32 start_line = 1;
+  int32 end_line   = 2;
+}
+
 message Misconfiguration {
   string                 file_type  = 1;
   string                 file_path  = 2;