From 15b07d2be82dc9c78c4e4475ec5115be04af83aa Mon Sep 17 00:00:00 2001 From: eeisegn Date: Fri, 7 Nov 2025 15:24:11 +0000 Subject: [PATCH 1/4] add contents url config --- CHANGELOG.md | 9 ++++++++- pkg/cmd/server.go | 18 +++++++++++++++++- pkg/config/server_config.go | 29 +++++++++++++++-------------- 3 files changed, 40 insertions(+), 16 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a0beb76..83c9692 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,13 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). ## [Unreleased] +### Added + +## [1.5.2] - 2025-11-07 +### Added +- Added Custom Contents URL support (`SCANOSS_FILE_CONTENTS_URL`) + + ## [1.5.1]- 2025-10-0 ### Added - Removed `Content-Length` from header as it is reported with Loadbalancer @@ -153,4 +160,4 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 [1.4.5]: https://github.com/scanoss/api.go/compare/v1.4.4...v1.4.5 [1.4.5]: https://github.com/scanoss/api.go/compare/v1.4.4...v1.4.5 [1.5.0]: https://github.com/scanoss/api.go/compare/v1.4.5...v1.5.0 - +[1.5.0]: https://github.com/scanoss/api.go/compare/v1.5.0...v1.5.1 diff --git a/pkg/cmd/server.go b/pkg/cmd/server.go index 82cd200..74cfca0 100644 --- a/pkg/cmd/server.go +++ b/pkg/cmd/server.go @@ -77,8 +77,24 @@ func setupEnvVars(cfg *myconfig.ServerConfig) { zlog.S.Infof("Failed to set alternative SCANOSS_API_URL value to %s: %v", cfg.Scanning.ScanningURL, err) } } - if customURL := os.Getenv("SCANOSS_API_URL"); len(customURL) > 0 { + var contentsURL string + customURL := os.Getenv("SCANOSS_API_URL") + if len(customURL) > 0 { zlog.S.Infof("Using custom API URL: %s", customURL) + customURL = strings.TrimSuffix(customURL, "/") + contentsURL = fmt.Sprintf("%s/file_contents", customURL) // Assume the contents URL from the scanning URL + } + if len(cfg.Scanning.FileContentsURL) > 0 { + contentsURL = cfg.Scanning.FileContentsURL // We have an explicit contents URL specified. Use it + } + if len(contentsURL) > 0 { + err := os.Setenv("SCANOSS_FILE_CONTENTS_URL", contentsURL) + if err != nil { + zlog.S.Infof("Failed to set SCANOSS_FILE_CONTENTS_URL value to %v: %v", contentsURL, err) + } + } + if customContentsURL := os.Getenv("SCANOSS_FILE_CONTENTS"); len(customContentsURL) > 0 { + zlog.S.Infof("Using custom content URL: %s.", customContentsURL) } err := os.Setenv("SCANOSS_FILE_CONTENTS", fmt.Sprintf("%v", cfg.Scanning.FileContents)) if err != nil { diff --git a/pkg/config/server_config.go b/pkg/config/server_config.go index 5fb833f..e5a6ffd 100644 --- a/pkg/config/server_config.go +++ b/pkg/config/server_config.go @@ -55,20 +55,21 @@ type ServerConfig struct { OltpExporter string `env:"OTEL_EXPORTER_OLTP"` // OTEL OLTP exporter (default 0.0.0.0:4317) } Scanning struct { - WfpLoc string `env:"SCAN_WFP_TMP"` // specific location to write temporary WFP files to - ScanBinary string `env:"SCAN_BINARY"` // Binary to use for scanning - ScanKbName string `env:"SCAN_KB_NAME"` // KB name passed as "-n" parameter to the scanoss command - ScanDebug bool `env:"SCAN_DEBUG"` // true/false - ScanFlags int `env:"SCAN_ENGINE_FLAGS"` // Default flags to use when scanning - ScanTimeout int `env:"SCAN_ENGINE_TIMEOUT"` // timeout for waiting for the scan engine to respond - WfpGrouping int `env:"SCAN_WFP_GROUPING"` // number of WFP to group into a single scan engine command - Workers int `env:"SCAN_WORKERS"` // Number of concurrent workers to use per scan request - TmpFileDelete bool `env:"SCAN_TMP_DELETE"` // true/false - KeepFailedWfps bool `env:"SCAN_KEEP_FAILED_WFP"` // true/false - ScanningURL string `env:"SCANOSS_API_URL"` // URL to present back in API responses - default https://osskb.org/api - HPSMEnabled bool `env:"SCAN_HPSM_ENABLED"` // Enable HPSM (High Precision Snippet Matching) or not (default true) - FileContents bool `env:"SCANOSS_FILE_CONTENTS"` // Show matched file URL in scan results (default true) - LoadKbDetails bool `env:"SCANOSS_LOAD_KB_DETAILS"` // Load the version of the KB into the service for reporting + WfpLoc string `env:"SCAN_WFP_TMP"` // specific location to write temporary WFP files to + ScanBinary string `env:"SCAN_BINARY"` // Binary to use for scanning + ScanKbName string `env:"SCAN_KB_NAME"` // KB name passed as "-n" parameter to the scanoss command + ScanDebug bool `env:"SCAN_DEBUG"` // true/false + ScanFlags int `env:"SCAN_ENGINE_FLAGS"` // Default flags to use when scanning + ScanTimeout int `env:"SCAN_ENGINE_TIMEOUT"` // timeout for waiting for the scan engine to respond + WfpGrouping int `env:"SCAN_WFP_GROUPING"` // number of WFP to group into a single scan engine command + Workers int `env:"SCAN_WORKERS"` // Number of concurrent workers to use per scan request + TmpFileDelete bool `env:"SCAN_TMP_DELETE"` // true/false + KeepFailedWfps bool `env:"SCAN_KEEP_FAILED_WFP"` // true/false + ScanningURL string `env:"SCANOSS_API_URL"` // URL to present back in API responses - default https://osskb.org/api + HPSMEnabled bool `env:"SCAN_HPSM_ENABLED"` // Enable HPSM (High Precision Snippet Matching) or not (default true) + FileContents bool `env:"SCANOSS_FILE_CONTENTS"` // Show matched file URL in scan results (default true) + FileContentsURL string `env:"SCANOSS_FILE_CONTENTS_URL"` // Explicit file contents URL to use for the engine + LoadKbDetails bool `env:"SCANOSS_LOAD_KB_DETAILS"` // Load the version of the KB into the service for reporting } TLS struct { CertFile string `env:"SCAN_TLS_CERT"` // TLS Certificate From e945f6190f85ee1f5e76a6c972604ab380a8e7a0 Mon Sep 17 00:00:00 2001 From: eeisegn Date: Fri, 7 Nov 2025 15:24:26 +0000 Subject: [PATCH 2/4] check if contents is enabled --- pkg/service/filecontents_service.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/pkg/service/filecontents_service.go b/pkg/service/filecontents_service.go index 40ab2d8..3c3f1ab 100644 --- a/pkg/service/filecontents_service.go +++ b/pkg/service/filecontents_service.go @@ -43,6 +43,10 @@ func (s APIService) FileContents(w http.ResponseWriter, r *http.Request) { } zs := sugaredLogger(logContext) // Setup logger with context logRequestDetails(r, zs) + if !s.config.Scanning.FileContents { + zs.Warn("File contents retrieval is disabled.") + http.Error(w, "ERROR file contents disabled", http.StatusForbidden) + } vars := mux.Vars(r) zs.Debugf("%v request from %v - %v", r.URL.Path, r.RemoteAddr, vars) if len(vars) == 0 { From 928a0db67130a56b34c49f82f6d5af6d79513ccb Mon Sep 17 00:00:00 2001 From: eeisegn Date: Fri, 7 Nov 2025 15:27:23 +0000 Subject: [PATCH 3/4] fix changelog links --- CHANGELOG.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 83c9692..1a9d715 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -160,4 +160,5 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 [1.4.5]: https://github.com/scanoss/api.go/compare/v1.4.4...v1.4.5 [1.4.5]: https://github.com/scanoss/api.go/compare/v1.4.4...v1.4.5 [1.5.0]: https://github.com/scanoss/api.go/compare/v1.4.5...v1.5.0 -[1.5.0]: https://github.com/scanoss/api.go/compare/v1.5.0...v1.5.1 +[1.5.1]: https://github.com/scanoss/api.go/compare/v1.5.0...v1.5.1 +[1.5.2]: https://github.com/scanoss/api.go/compare/v1.5.1...v1.5.2 From 090d5be952d454a1f910b3755e6afb8db6816eff Mon Sep 17 00:00:00 2001 From: eeisegn Date: Fri, 7 Nov 2025 15:46:24 +0000 Subject: [PATCH 4/4] logic cleanup --- CHANGELOG.md | 1 - pkg/cmd/server.go | 8 ++++++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1a9d715..1ea617e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,7 +12,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Added - Added Custom Contents URL support (`SCANOSS_FILE_CONTENTS_URL`) - ## [1.5.1]- 2025-10-0 ### Added - Removed `Content-Length` from header as it is reported with Loadbalancer diff --git a/pkg/cmd/server.go b/pkg/cmd/server.go index 74cfca0..efb4e6e 100644 --- a/pkg/cmd/server.go +++ b/pkg/cmd/server.go @@ -93,15 +93,19 @@ func setupEnvVars(cfg *myconfig.ServerConfig) { zlog.S.Infof("Failed to set SCANOSS_FILE_CONTENTS_URL value to %v: %v", contentsURL, err) } } - if customContentsURL := os.Getenv("SCANOSS_FILE_CONTENTS"); len(customContentsURL) > 0 { + if customContentsURL := os.Getenv("SCANOSS_FILE_CONTENTS_URL"); len(customContentsURL) > 0 { zlog.S.Infof("Using custom content URL: %s.", customContentsURL) } err := os.Setenv("SCANOSS_FILE_CONTENTS", fmt.Sprintf("%v", cfg.Scanning.FileContents)) if err != nil { - zlog.S.Infof("Failed to set SCANOSS_FILE_CONTENTS SCANOSS_API_URL value to %v: %v", cfg.Scanning.FileContents, err) + zlog.S.Infof("Failed to set SCANOSS_FILE_CONTENTS value to %v: %v", cfg.Scanning.FileContents, err) } if customContents := os.Getenv("SCANOSS_FILE_CONTENTS"); len(customContents) > 0 && customContents == "false" { zlog.S.Infof("Skipping file_url datafield.") + err2 := os.Setenv("SCANOSS_FILE_CONTENTS_URL", customContents) // Force the contents URL to say 'false' also + if err2 != nil { + zlog.S.Infof("Failed to set SCANOSS_FILE_CONTENTS_URL value to %v: %v", customContents, err) + } } }