From edb00fb3be72e14ed9da91561e22431811cd09bc Mon Sep 17 00:00:00 2001
From: Gareth Jones <jones258@gmail.com>
Date: Thu, 26 Sep 2024 09:18:15 +1200
Subject: [PATCH] fix(offline): report all ecosystems without local databases
 in one single line

---
 cmd/osv-scanner/__snapshots__/main_test.snap | 52 +-------------------
 internal/local/check.go                      | 21 +++++++-
 2 files changed, 21 insertions(+), 52 deletions(-)

diff --git a/cmd/osv-scanner/__snapshots__/main_test.snap b/cmd/osv-scanner/__snapshots__/main_test.snap
index a3af486bd59..eac9877f426 100755
--- a/cmd/osv-scanner/__snapshots__/main_test.snap
+++ b/cmd/osv-scanner/__snapshots__/main_test.snap
@@ -2108,31 +2108,7 @@ Scanned <rootdir>/fixtures/locks-many/yarn.lock file and found 1 package
 ---
 
 [TestRun_LocalDatabases_AlwaysOffline/#00 - 2]
-could not load db for PyPI ecosystem: unable to fetch OSV database: no offline version of the OSV database is available
-could not load db for PyPI ecosystem: unable to fetch OSV database: no offline version of the OSV database is available
-could not load db for PyPI ecosystem: unable to fetch OSV database: no offline version of the OSV database is available
-could not load db for PyPI ecosystem: unable to fetch OSV database: no offline version of the OSV database is available
-could not load db for PyPI ecosystem: unable to fetch OSV database: no offline version of the OSV database is available
-could not load db for PyPI ecosystem: unable to fetch OSV database: no offline version of the OSV database is available
-could not load db for PyPI ecosystem: unable to fetch OSV database: no offline version of the OSV database is available
-could not load db for RubyGems ecosystem: unable to fetch OSV database: no offline version of the OSV database is available
-could not load db for Alpine ecosystem: unable to fetch OSV database: no offline version of the OSV database is available
-could not load db for Alpine ecosystem: unable to fetch OSV database: no offline version of the OSV database is available
-could not load db for Alpine ecosystem: unable to fetch OSV database: no offline version of the OSV database is available
-could not load db for Alpine ecosystem: unable to fetch OSV database: no offline version of the OSV database is available
-could not load db for Alpine ecosystem: unable to fetch OSV database: no offline version of the OSV database is available
-could not load db for Alpine ecosystem: unable to fetch OSV database: no offline version of the OSV database is available
-could not load db for Alpine ecosystem: unable to fetch OSV database: no offline version of the OSV database is available
-could not load db for Alpine ecosystem: unable to fetch OSV database: no offline version of the OSV database is available
-could not load db for Alpine ecosystem: unable to fetch OSV database: no offline version of the OSV database is available
-could not load db for Alpine ecosystem: unable to fetch OSV database: no offline version of the OSV database is available
-could not load db for Alpine ecosystem: unable to fetch OSV database: no offline version of the OSV database is available
-could not load db for Alpine ecosystem: unable to fetch OSV database: no offline version of the OSV database is available
-could not load db for Alpine ecosystem: unable to fetch OSV database: no offline version of the OSV database is available
-could not load db for Alpine ecosystem: unable to fetch OSV database: no offline version of the OSV database is available
-could not load db for Packagist ecosystem: unable to fetch OSV database: no offline version of the OSV database is available
-could not load db for npm ecosystem: unable to fetch OSV database: no offline version of the OSV database is available
-could not load db for npm ecosystem: unable to fetch OSV database: no offline version of the OSV database is available
+could not find local databases for ecosystems: Alpine, Packagist, PyPI, RubyGems, npm
 
 ---
 
@@ -2153,31 +2129,7 @@ Scanned <rootdir>/fixtures/locks-many/yarn.lock file and found 1 package
 ---
 
 [TestRun_LocalDatabases_AlwaysOffline/#00 - 4]
-could not load db for PyPI ecosystem: unable to fetch OSV database: no offline version of the OSV database is available
-could not load db for PyPI ecosystem: unable to fetch OSV database: no offline version of the OSV database is available
-could not load db for PyPI ecosystem: unable to fetch OSV database: no offline version of the OSV database is available
-could not load db for PyPI ecosystem: unable to fetch OSV database: no offline version of the OSV database is available
-could not load db for PyPI ecosystem: unable to fetch OSV database: no offline version of the OSV database is available
-could not load db for PyPI ecosystem: unable to fetch OSV database: no offline version of the OSV database is available
-could not load db for PyPI ecosystem: unable to fetch OSV database: no offline version of the OSV database is available
-could not load db for RubyGems ecosystem: unable to fetch OSV database: no offline version of the OSV database is available
-could not load db for Alpine ecosystem: unable to fetch OSV database: no offline version of the OSV database is available
-could not load db for Alpine ecosystem: unable to fetch OSV database: no offline version of the OSV database is available
-could not load db for Alpine ecosystem: unable to fetch OSV database: no offline version of the OSV database is available
-could not load db for Alpine ecosystem: unable to fetch OSV database: no offline version of the OSV database is available
-could not load db for Alpine ecosystem: unable to fetch OSV database: no offline version of the OSV database is available
-could not load db for Alpine ecosystem: unable to fetch OSV database: no offline version of the OSV database is available
-could not load db for Alpine ecosystem: unable to fetch OSV database: no offline version of the OSV database is available
-could not load db for Alpine ecosystem: unable to fetch OSV database: no offline version of the OSV database is available
-could not load db for Alpine ecosystem: unable to fetch OSV database: no offline version of the OSV database is available
-could not load db for Alpine ecosystem: unable to fetch OSV database: no offline version of the OSV database is available
-could not load db for Alpine ecosystem: unable to fetch OSV database: no offline version of the OSV database is available
-could not load db for Alpine ecosystem: unable to fetch OSV database: no offline version of the OSV database is available
-could not load db for Alpine ecosystem: unable to fetch OSV database: no offline version of the OSV database is available
-could not load db for Alpine ecosystem: unable to fetch OSV database: no offline version of the OSV database is available
-could not load db for Packagist ecosystem: unable to fetch OSV database: no offline version of the OSV database is available
-could not load db for npm ecosystem: unable to fetch OSV database: no offline version of the OSV database is available
-could not load db for npm ecosystem: unable to fetch OSV database: no offline version of the OSV database is available
+could not find local databases for ecosystems: Alpine, Packagist, PyPI, RubyGems, npm
 
 ---
 
diff --git a/internal/local/check.go b/internal/local/check.go
index c1fd9d996d9..b8c2b4e95cc 100644
--- a/internal/local/check.go
+++ b/internal/local/check.go
@@ -5,6 +5,8 @@ import (
 	"fmt"
 	"os"
 	"path"
+	"slices"
+	"strings"
 
 	"github.com/google/osv-scanner/pkg/lockfile"
 	"github.com/google/osv-scanner/pkg/models"
@@ -116,6 +118,9 @@ func MakeRequest(r reporter.Reporter, query osv.BatchedQuery, offline bool, loca
 		return db, nil
 	}
 
+	// slice to track ecosystems that did not have an offline database available
+	var missingDbs []string
+
 	for _, query := range query.Queries {
 		pkg, err := toPackageDetails(query)
 
@@ -143,8 +148,13 @@ func MakeRequest(r reporter.Reporter, query osv.BatchedQuery, offline bool, loca
 		db, err := loadDBFromCache(pkg.Ecosystem)
 
 		if err != nil {
-			// currently, this will actually only error if the PURL cannot be parses
-			r.Errorf("could not load db for %s ecosystem: %v\n", pkg.Ecosystem, err)
+			if errors.Is(err, ErrOfflineDatabaseNotFound) {
+				missingDbs = append(missingDbs, string(pkg.Ecosystem))
+			} else {
+				// the most likely error at this point is that the PURL could not be parsed
+				r.Errorf("could not load db for %s ecosystem: %v\n", pkg.Ecosystem, err)
+			}
+
 			results = append(results, osv.Response{Vulns: []models.Vulnerability{}})
 
 			continue
@@ -153,5 +163,12 @@ func MakeRequest(r reporter.Reporter, query osv.BatchedQuery, offline bool, loca
 		results = append(results, osv.Response{Vulns: db.VulnerabilitiesAffectingPackage(pkg)})
 	}
 
+	if len(missingDbs) > 0 {
+		missingDbs = slices.Compact(missingDbs)
+		slices.Sort(missingDbs)
+
+		r.Errorf("could not find local databases for ecosystems: %s\n", strings.Join(missingDbs, ", "))
+	}
+
 	return &osv.HydratedBatchedResponse{Results: results}, nil
 }