✨ Safe manipulation of inventory.Platform (#5417)

afiune · web-flow · commit a46efa386ff0 · 2025-04-07T08:09:16.000-07:00
One of the core data structures of Mondoo’s plugin system is the `inventory.Asset` struct that contains details about an asset, including platform information that is stored in `Asset.Platform`.

The `inventory.Platform` struct stores important information used by the Mondoo platform (`server`) like the runtime, the platform kind, and additional metadata.

When we run `cnquery` or `cnspec` most of the times the first thing we do is an initial discovery to detect the asset and platform we are going to scan, then we pass these core data structures to our providers where, sometimes, we do additional discovery and enrichment of data. An example of this is the discovery of AWS instances (`aws` provider) that later gets enriched with additional information from the `os` provider.

**Change**

We are introducing two accessors. One at the Asset level and the other one directly into the Platform struct. These new accessor should be used through out the code base to safely manipulate the platform of an asset.

---------

Signed-off-by: Salim Afiune Maya &lt;afiune@mondoo.com&gt;
diff --git a/go.mod b/go.mod
@@ -117,7 +117,7 @@ require (
 )
 
 require (
-	dario.cat/mergo v1.0.1 // indirect
+	dario.cat/mergo v1.0.1
 	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect
 	github.com/ChrisTrenkamp/goxpath v0.0.0-20210404020558-97928f7e12b6 // indirect
 	github.com/anchore/go-struct-converter v0.0.0-20221118182256-c68fdcfa2092 // indirect
diff --git a/providers-sdk/v1/inventory/asset.go b/providers-sdk/v1/inventory/asset.go
@@ -178,3 +178,13 @@ func (a *Asset) AddMondooLabels(root *Asset) {
 		}
 	}
 }
+
+// MergePlatform merges the provided platform into the asset's platform.
+// If the asset's platform is `nil`, the provided platform is set.
+func (a *Asset) MergePlatform(pf *Platform) {
+	if a.Platform == nil {
+		a.Platform = pf
+	} else {
+		a.Platform.Merge(pf)
+	}
+}
diff --git a/providers-sdk/v1/inventory/inventory.go b/providers-sdk/v1/inventory/inventory.go
@@ -7,8 +7,10 @@ import (
 	"os"
 	"os/user"
 	"path/filepath"
+	"slices"
 	"strings"
 
+	"dario.cat/mergo"
 	"github.com/cockroachdb/errors"
 	"github.com/rs/zerolog/log"
 	"github.com/segmentio/ksuid"
@@ -318,13 +320,20 @@ var (
 	FAMILY_WINDOWS = "windows"
 )
 
-func (p *Platform) IsFamily(family string) bool {
-	for i := range p.Family {
-		if p.Family[i] == family {
-			return true
+// Merge performs a deep merge of the provided platform.
+func (p *Platform) Merge(pf *Platform) {
+	if pf != nil {
+		if err := mergo.Merge(p, pf, mergo.WithOverride); err != nil {
+			log.Error().Err(err).
+				Interface("target", p).
+				Interface("source", pf).
+				Msg("unable to merge platform details")
 		}
 	}
-	return false
+}
+
+func (p *Platform) IsFamily(family string) bool {
+	return slices.Contains(p.Family, family)
 }
 
 func (p *Platform) PrettyTitle() string {
diff --git a/providers-sdk/v1/inventory/inventory_test.go b/providers-sdk/v1/inventory/inventory_test.go
@@ -22,6 +22,79 @@ func TestInventoryParser(t *testing.T) {
 	assert.Equal(t, "{ id: 'secret-1' }", inventory.Spec.CredentialQuery)
 }
 
+func TestPlatformMerge(t *testing.T) {
+	base := &Platform{
+		Name:                  "linux",
+		Arch:                  "",
+		Family:                []string{"unix"},
+		Metadata:              map[string]string{"env": "prod"},
+		TechnologyUrlSegments: []string{"a", "b", "c"},
+		Version:               "",
+	}
+
+	incoming := &Platform{
+		Name:                  "", // Should not override
+		Arch:                  "amd64",
+		Family:                []string{"gnu"}, // Should override (because of option)
+		Metadata:              map[string]string{"region": "us-east-1"},
+		TechnologyUrlSegments: []string{"x", "y", "z"},
+		Version:               "1.0.0",
+	}
+
+	expected := &Platform{
+		Name:   "linux",         // original
+		Arch:   "amd64",         // merged in
+		Family: []string{"gnu"}, // overridden (because we say so)
+		Metadata: map[string]string{
+			"env":    "prod",
+			"region": "us-east-1", // merged map
+		},
+		Version:               "1.0.0", // merged in
+		TechnologyUrlSegments: []string{"x", "y", "z"},
+	}
+
+	base.Merge(incoming)
+
+	assert.Equal(t, expected.Name, base.Name)
+	assert.Equal(t, expected.Arch, base.Arch)
+	assert.Equal(t, expected.Family, base.Family)
+	assert.Equal(t, expected.Version, base.Version)
+	assert.Equal(t, expected.Metadata["env"], base.Metadata["env"])
+	assert.Equal(t, expected.Metadata["region"], base.Metadata["region"])
+	assert.Equal(t, expected.TechnologyUrlSegments, base.TechnologyUrlSegments)
+
+	t.Run("cases", func(t *testing.T) {
+		p := &Platform{
+			Name:                  "terraform-plan",
+			Title:                 "Terraform Plan",
+			Family:                []string{"terraform"},
+			Kind:                  "code",
+			Runtime:               "terraform",
+			TechnologyUrlSegments: []string{"iac", "terraform", "plan"},
+		}
+
+		expectTheSame := &Platform{
+			Name:                  "terraform-plan",
+			Title:                 "Terraform Plan",
+			Family:                []string{"terraform"},
+			Kind:                  "code",
+			Runtime:               "terraform",
+			TechnologyUrlSegments: []string{"iac", "terraform", "plan"},
+		}
+
+		t.Run("nil", func(t *testing.T) {
+			p.Merge(nil)
+			assert.Equal(t, expectTheSame, p)
+		})
+
+		t.Run("empty", func(t *testing.T) {
+			p.Merge(&Platform{})
+			assert.Equal(t, expectTheSame, p)
+		})
+
+	})
+}
+
 func TestPreprocess(t *testing.T) {
 	t.Run("preprocess empty inventory", func(t *testing.T) {
 		v1inventory := &Inventory{}
diff --git a/providers/os/provider/detector.go b/providers/os/provider/detector.go
@@ -47,11 +47,11 @@ func mapDetectors(raw []string) map[string]struct{} {
 }
 
 func (s *Service) detect(asset *inventory.Asset, conn shared.Connection) error {
-	var ok bool
-	asset.Platform, ok = detector.DetectOS(conn)
+	pf, ok := detector.DetectOS(conn)
 	if !ok {
 		return errors.New("failed to detect OS")
 	}
+	asset.MergePlatform(pf)
 	if asset.Platform.Kind == "" {
 		asset.Platform.Kind = inventory.AssetKindBaremetal
 	}
diff --git a/providers/os/provider/provider.go b/providers/os/provider/provider.go
@@ -379,7 +379,7 @@ func (s *Service) connect(req *plugin.ConnectReq, callback plugin.ProviderCallba
 				}
 				asset.PlatformIds = fingerprint.PlatformIDs
 				asset.IdDetector = fingerprint.ActiveIdDetectors
-				asset.Platform = p
+				asset.MergePlatform(p)
 				appendRelatedAssetsFromFingerprint(fingerprint, asset)
 			}
 		case shared.Type_Device.String():
@@ -397,7 +397,7 @@ func (s *Service) connect(req *plugin.ConnectReq, callback plugin.ProviderCallba
 				}
 				asset.PlatformIds = fingerprint.PlatformIDs
 				asset.IdDetector = fingerprint.ActiveIdDetectors
-				asset.Platform = p
+				asset.MergePlatform(p)
 				appendRelatedAssetsFromFingerprint(fingerprint, asset)
 			}
 
@@ -412,7 +412,7 @@ func (s *Service) connect(req *plugin.ConnectReq, callback plugin.ProviderCallba
 				asset.Name = fingerprint.Name
 				asset.PlatformIds = fingerprint.PlatformIDs
 				asset.IdDetector = fingerprint.ActiveIdDetectors
-				asset.Platform = p
+				asset.MergePlatform(p)
 				appendRelatedAssetsFromFingerprint(fingerprint, asset)
 			}
 
@@ -427,7 +427,7 @@ func (s *Service) connect(req *plugin.ConnectReq, callback plugin.ProviderCallba
 				asset.Name = fingerprint.Name
 				asset.PlatformIds = fingerprint.PlatformIDs
 				asset.IdDetector = fingerprint.ActiveIdDetectors
-				asset.Platform = p
+				asset.MergePlatform(p)
 				appendRelatedAssetsFromFingerprint(fingerprint, asset)
 			}
 
@@ -442,7 +442,7 @@ func (s *Service) connect(req *plugin.ConnectReq, callback plugin.ProviderCallba
 				asset.Name = fingerprint.Name
 				asset.PlatformIds = fingerprint.PlatformIDs
 				asset.IdDetector = fingerprint.ActiveIdDetectors
-				asset.Platform = p
+				asset.MergePlatform(p)
 				appendRelatedAssetsFromFingerprint(fingerprint, asset)
 			}
 
@@ -494,7 +494,7 @@ func (s *Service) connect(req *plugin.ConnectReq, callback plugin.ProviderCallba
 					asset.Name = fingerprint.Name
 					asset.PlatformIds = fingerprint.PlatformIDs
 					asset.IdDetector = fingerprint.ActiveIdDetectors
-					asset.Platform = p
+					asset.MergePlatform(p)
 				}
 			} else {
 				// In this case asset.Name should already be set via the inventory
diff --git a/providers/terraform/provider/detector.go b/providers/terraform/provider/detector.go
@@ -17,7 +17,7 @@ import (
 	"go.mondoo.com/cnquery/v11/utils/urlx"
 )
 
-func (s *Service) detect(asset *inventory.Asset, conn *connection.Connection) error {
+func (s *Service) detect(asset *inventory.Asset, _ *connection.Connection) error {
 	var p *inventory.Platform
 	connType := asset.Connections[0].Type
 	switch connType {
@@ -51,7 +51,7 @@ func (s *Service) detect(asset *inventory.Asset, conn *connection.Connection) er
 			TechnologyUrlSegments: []string{"iac", "terraform", "hcl"},
 		}
 	}
-	asset.Platform = p
+	asset.MergePlatform(p)
 
 	// we always prefer the git url since it is more reliable
 	url, ok := asset.Connections[0].Options["ssh-url"]

Original file line number	Diff line number	Diff line change
`@@ -117,7 +117,7 @@ require (`
`117`	`117`	`)`
`118`	`118`
`119`	`119`	`require (`
`120`		`- dario.cat/mergo v1.0.1 // indirect`
	`120`	`+ dario.cat/mergo v1.0.1`
`121`	`121`	`github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect`
`122`	`122`	`github.com/ChrisTrenkamp/goxpath v0.0.0-20210404020558-97928f7e12b6 // indirect`
`123`	`123`	`github.com/anchore/go-struct-converter v0.0.0-20221118182256-c68fdcfa2092 // indirect`
Original file line number	Diff line number	Diff line change
`@@ -178,3 +178,13 @@ func (a Asset) AddMondooLabels(root Asset) {`
`178`	`178`	`}`
`179`	`179`	`}`
`180`	`180`	`}`
	`181`	`+`
	`182`	`+// MergePlatform merges the provided platform into the asset's platform.`
	`183`	+// If the asset's platform is `nil`, the provided platform is set.
	`184`	`+func (a Asset) MergePlatform(pf Platform) {`
	`185`	`+ if a.Platform == nil {`
	`186`	`+ a.Platform = pf`
	`187`	`+ } else {`
	`188`	`+ a.Platform.Merge(pf)`
	`189`	`+ }`
	`190`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -47,11 +47,11 @@ func mapDetectors(raw []string) map[string]struct{} {`
`47`	`47`	`}`
`48`	`48`
`49`	`49`	`func (s Service) detect(asset inventory.Asset, conn shared.Connection) error {`
`50`		`- var ok bool`
`51`		`- asset.Platform, ok = detector.DetectOS(conn)`
	`50`	`+ pf, ok := detector.DetectOS(conn)`
`52`	`51`	`if !ok {`
`53`	`52`	`return errors.New("failed to detect OS")`
`54`	`53`	`}`
	`54`	`+ asset.MergePlatform(pf)`
`55`	`55`	`if asset.Platform.Kind == "" {`
`56`	`56`	`asset.Platform.Kind = inventory.AssetKindBaremetal`
`57`	`57`	`}`
Original file line number	Diff line number	Diff line change
`@@ -17,7 +17,7 @@ import (`
`17`	`17`	`"go.mondoo.com/cnquery/v11/utils/urlx"`
`18`	`18`	`)`
`19`	`19`
`20`		`-func (s Service) detect(asset inventory.Asset, conn *connection.Connection) error {`
	`20`	`+func (s Service) detect(asset inventory.Asset, _ *connection.Connection) error {`
`21`	`21`	`var p *inventory.Platform`
`22`	`22`	`connType := asset.Connections[0].Type`
`23`	`23`	`switch connType {`
`@@ -51,7 +51,7 @@ func (s Service) detect(asset inventory.Asset, conn *connection.Connection) er`
`51`	`51`	`TechnologyUrlSegments: []string{"iac", "terraform", "hcl"},`
`52`	`52`	`}`
`53`	`53`	`}`
`54`		`- asset.Platform = p`
	`54`	`+ asset.MergePlatform(p)`
`55`	`55`
`56`	`56`	`// we always prefer the git url since it is more reliable`
`57`	`57`	`url, ok := asset.Connections[0].Options["ssh-url"]`