- Make local NuGet cache folder configurable.

Signed-off-by: HeyeOpenSource <[email protected]>

cmd/syft/internal/options/catalog.go

@@ -170,6 +170,7 @@ func (cfg Catalog) ToPackagesConfig() pkgcataloging.Config {
 			),
 		DotNet: dotnet.DefaultCatalogerConfig().
 			WithSearchLocalLicenses(cfg.DotNet.SearchLocalLicenses).
+			WithLocalCachePaths(cfg.DotNet.LocalCachePaths).
 			WithSearchRemoteLicenses(cfg.DotNet.SearchRemoteLicenses).
 			WithProviders(cfg.DotNet.Providers).
 			WithCredentials(cfg.DotNet.ProviderCredentials),

cmd/syft/internal/options/dotnet.go

@@ -9,6 +9,7 @@ import (
 
 type dotnetConfig struct {
 	SearchLocalLicenses  bool   `yaml:"search-local-licenses" json:"search-local-licenses" mapstructure:"search-local-licenses"`
+	LocalCachePaths      string `yaml:"local-cache-paths" json:"local-cache-paths" mapstructure:"local-cache-paths"`
 	SearchRemoteLicenses bool   `yaml:"search-remote-licenses" json:"search-remote-licenses" mapstructure:"search-remote-licenses"`
 	Providers            string `yaml:"package-providers,omitempty" json:"package-providers,omitempty" mapstructure:"package-providers"`
 	ProviderCredentials  string `yaml:"package-provider-credentials,omitempty" json:"package-provider-credentials,omitempty" mapstructure:"package-provider-credentials"`
@@ -21,6 +22,8 @@ var _ interface {
 func (o *dotnetConfig) DescribeFields(descriptions clio.FieldDescriptionSet) {
 	descriptions.Add(&o.SearchLocalLicenses, `search for NuGet package licences in the local cache of the system running Syft, note that this is outside the
 container filesystem and probably outside the root of a local directory scan`)
+	descriptions.Add(&o.LocalCachePaths, `local cache folders (comma-separated) to use when retrieving NuGet packages locally, 
+if unset this defaults to the NuGet cache folders known to the DotNet environment`)
 	descriptions.Add(&o.SearchRemoteLicenses, `search for NuGet package licences by retrieving the package from a network proxy`)
 	descriptions.Add(&o.Providers, `remote NuGet package providers (comma-separated) to use when retrieving NuGet packages from the network, 
 if unset this defaults to the NuGet-repositories known to the DotNet environment`)
@@ -40,6 +43,7 @@ func defaultDotnetConfig() dotnetConfig {
 	}
 	return dotnetConfig{
 		SearchLocalLicenses:  def.SearchLocalLicenses,
+		LocalCachePaths:      strings.Join(def.LocalCachePaths, ","),
 		SearchRemoteLicenses: def.SearchRemoteLicenses,
 		Providers:            strings.Join(def.Providers, ","),
 		ProviderCredentials:  providerCredentials,

syft/pkg/cataloger/dotnet/config.go

@@ -33,6 +33,7 @@ type nugetProviderCredential struct {
 
 type CatalogerConfig struct {
 	SearchLocalLicenses  bool                      `yaml:"search-local-licenses" json:"search-local-licenses" mapstructure:"search-local-licenses"`
+	LocalCachePaths      []string                  `yaml:"local-cache-paths" json:"local-cache-paths" mapstructure:"local-cache-paths"`
 	SearchRemoteLicenses bool                      `yaml:"search-remote-licenses" json:"search-remote-licenses" mapstructure:"search-remote-licenses"`
 	Providers            []string                  `yaml:"package-providers,omitempty" json:"package-providers,omitempty" mapstructure:"package-providers"`
 	ProviderCredentials  []nugetProviderCredential `yaml:"package-provider-credentials,omitempty" json:"package-provider-credentials,omitempty" mapstructure:"package-provider-credentials"`
@@ -49,6 +50,14 @@ func (g CatalogerConfig) WithSearchLocalLicenses(input bool) CatalogerConfig {
 	return g
 }
 
+func (g CatalogerConfig) WithLocalCachePaths(input string) CatalogerConfig {
+	if input == "" {
+		return g
+	}
+	g.LocalCachePaths = strings.Split(input, ",")
+	return g
+}
+
 func (g CatalogerConfig) WithSearchRemoteLicenses(input bool) CatalogerConfig {
 	g.SearchRemoteLicenses = input
 	return g

syft/pkg/cataloger/dotnet/licenses.go

@@ -11,7 +11,6 @@ import (
 	"io"
 	"io/fs"
 	"net/http"
-	"os"
 	"os/exec"
 	"path/filepath"
 	"strings"
@@ -74,7 +73,7 @@ func (c *nugetLicenseResolver) getLicenses(ctx context.Context, scanner licenses
 	if c.opts.SearchLocalLicenses {
 		if c.localNuGetCacheResolvers == nil {
 			// Try to determine NuGet package folder resolvers
-			c.localNuGetCacheResolvers = getLocalNugetFolderResolvers(c.assetDefinitions)
+			c.localNuGetCacheResolvers = c.getLocalNugetFolderResolvers(c.assetDefinitions)
 		}
 
 		// if we're running against a directory on the filesystem, it may not include the
@@ -589,10 +588,12 @@ func getNuGetCachesFromSDK() []string {
 	return paths
 }
 
-func getLocalNugetFolderResolvers(assetDefinitions []projectAssets) []file.Resolver {
+func (c *nugetLicenseResolver) getLocalNugetFolderResolvers(assetDefinitions []projectAssets) []file.Resolver {
 	nugetPackagePaths := []string{}
-	if injectedCachePath := os.Getenv("TEST_PARSE_DOTNET_DEPS_INJECT_CACHE_LOCATION"); injectedCachePath != "" {
-		nugetPackagePaths = append(nugetPackagePaths, injectedCachePath)
+	if len(c.opts.LocalCachePaths) > 0 {
+		for _, cachePath := range c.opts.LocalCachePaths {
+			nugetPackagePaths = append(nugetPackagePaths, cachePath)
+		}
 	} else {
 		nugetPackagePaths = append(nugetPackagePaths, getNuGetCachesFromProjectAssets(assetDefinitions)...)
 

syft/pkg/cataloger/dotnet/parse_dotnet_deps_test.go

@@ -1,7 +1,6 @@
 package dotnet
 
 import (
-	"os"
 	"testing"
 
 	"github.com/anchore/syft/syft/artifact"
@@ -400,13 +399,12 @@ func TestParseDotnetDeps(t *testing.T) {
 	}
 
 	t.Run(fixture, func(t *testing.T) {
-		os.Setenv("TEST_PARSE_DOTNET_DEPS_INJECT_CACHE_LOCATION", "test-fixtures/NuGetCache")
-		defer os.Setenv("TEST_PARSE_DOTNET_DEPS_INJECT_CACHE_LOCATION", "")
 		pkgtest.NewCatalogTester().
 			FromDirectory(t, "test-fixtures").
 			Expects(expectedPkgs, expectedRelationships).
 			TestCataloger(t, NewDotnetDepsCataloger(CatalogerConfig{
 				SearchLocalLicenses: true,
+				LocalCachePaths:     []string{"test-fixtures/NuGetCache"},
 			}))
 	})
 }