fix: possible race condition (#1639)

cmd/syft/cli/attest/attest.go

@@ -167,7 +167,7 @@ func execWorker(app *config.Application, si source.Input, writer sbom.Writer) <-
 			}
 			defer w.Close()
 
-			b := &busWriter{r: r, w: w, mon: &progress.Manual{N: -1}}
+			b := &busWriter{r: r, w: w, mon: progress.NewManual(-1)}
 			execCmd.Stdout = b
 			execCmd.Stderr = b
 			defer b.mon.SetCompleted()
@@ -175,7 +175,7 @@ func execWorker(app *config.Application, si source.Input, writer sbom.Writer) <-
 			// attest the SBOM
 			err = execCmd.Run()
 			if err != nil {
-				b.mon.Err = err
+				b.mon.SetError(err)
 				errs <- fmt.Errorf("unable to attest SBOM: %w", err)
 				return
 			}

go.mod

@@ -39,7 +39,7 @@ require (
 	github.com/stretchr/testify v1.8.2
 	github.com/vifraa/gopom v0.2.1
 	github.com/wagoodman/go-partybus v0.0.0-20210627031916-db1f5573bbc5
-	github.com/wagoodman/go-progress v0.0.0-20200731105512-1020f39e6240
+	github.com/wagoodman/go-progress v0.0.0-20230301185719-21920a456ad5
 	github.com/wagoodman/jotframe v0.0.0-20211129225309-56b0d0a4aebb
 	github.com/xeipuuv/gojsonschema v1.2.0
 	golang.org/x/mod v0.8.0
@@ -52,7 +52,7 @@ require (
 	github.com/CycloneDX/cyclonedx-go v0.7.1-0.20221222100750-41a1ac565cce
 	github.com/Masterminds/sprig/v3 v3.2.3
 	github.com/anchore/go-logger v0.0.0-20220728155337-03b66a5207d8
-	github.com/anchore/stereoscope v0.0.0-20230222185948-fab1c9638abc
+	github.com/anchore/stereoscope v0.0.0-20230301191755-abfb374a1122
 	github.com/docker/docker v23.0.1+incompatible
 	github.com/google/go-containerregistry v0.13.0
 	github.com/invopop/jsonschema v0.7.0

go.sum

@@ -90,8 +90,8 @@ github.com/anchore/go-version v1.2.2-0.20200701162849-18adb9c92b9b h1:e1bmaoJfZV
 github.com/anchore/go-version v1.2.2-0.20200701162849-18adb9c92b9b/go.mod h1:Bkc+JYWjMCF8OyZ340IMSIi2Ebf3uwByOk6ho4wne1E=
 github.com/anchore/packageurl-go v0.1.1-0.20230104203445-02e0a6721501 h1:AV7qjwMcM4r8wFhJq3jLRztew3ywIyPTRapl2T1s9o8=
 github.com/anchore/packageurl-go v0.1.1-0.20230104203445-02e0a6721501/go.mod h1:Blo6OgJNiYF41ufcgHKkbCKF2MDOMlrqhXv/ij6ocR4=
-github.com/anchore/stereoscope v0.0.0-20230222185948-fab1c9638abc h1:b+2KauWByrCPLNnzRHjLoUxo85tpszFtU7S1I5pAKK0=
+github.com/anchore/stereoscope v0.0.0-20230301191755-abfb374a1122 h1:Oe2PE8zNbJH4nGZoCIC/VZBgpr62BInLnUqIMZICUOk=
-github.com/anchore/stereoscope v0.0.0-20230222185948-fab1c9638abc/go.mod h1:Y+jiUa5PmQh9jUvzmvus4EvLnEG87cDTOYgV3nw3wDg=
+github.com/anchore/stereoscope v0.0.0-20230301191755-abfb374a1122/go.mod h1:IihP/SUVHP94PBwIP2bepOB/c0MVadcII7lxo13Ijzs=
 github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8=
 github.com/andybalholm/brotli v1.0.1/go.mod h1:loMXtMfwqflxFJPmdbJO0a3KNoPuLBgiu3qAvBg8x/Y=
 github.com/andybalholm/brotli v1.0.4 h1:V7DdXeJtZscaqfNuAdSRuRFzuiKlHSC/Zh3zl9qY3JY=
@@ -576,8 +576,8 @@ github.com/vifraa/gopom v0.2.1 h1:MYVMAMyiGzXPPy10EwojzKIL670kl5Zbae+o3fFvQEM=
 github.com/vifraa/gopom v0.2.1/go.mod h1:oPa1dcrGrtlO37WPDBm5SqHAT+wTgF8An1Q71Z6Vv4o=
 github.com/wagoodman/go-partybus v0.0.0-20210627031916-db1f5573bbc5 h1:phTLPgMRDYTizrBSKsNSOa2zthoC2KsJsaY/8sg3rD8=
 github.com/wagoodman/go-partybus v0.0.0-20210627031916-db1f5573bbc5/go.mod h1:JPirS5jde/CF5qIjcK4WX+eQmKXdPc6vcZkJ/P0hfPw=
-github.com/wagoodman/go-progress v0.0.0-20200731105512-1020f39e6240 h1:r6BlIP7CVZtMlxUQhT40h1IE1TzEgKVqwmsVGuscvdk=
+github.com/wagoodman/go-progress v0.0.0-20230301185719-21920a456ad5 h1:lwgTsTy18nYqASnH58qyfRW/ldj7Gt2zzBvgYPzdA4s=
-github.com/wagoodman/go-progress v0.0.0-20200731105512-1020f39e6240/go.mod h1:jLXFoL31zFaHKAAyZUh+sxiTDFe1L1ZHrcK2T1itVKA=
+github.com/wagoodman/go-progress v0.0.0-20230301185719-21920a456ad5/go.mod h1:jLXFoL31zFaHKAAyZUh+sxiTDFe1L1ZHrcK2T1itVKA=
 github.com/wagoodman/jotframe v0.0.0-20211129225309-56b0d0a4aebb h1:Yz6VVOcLuWLAHYlJzTw7JKnWxdV/WXpug2X0quEzRnY=
 github.com/wagoodman/jotframe v0.0.0-20211129225309-56b0d0a4aebb/go.mod h1:nDi3BAC5nEbVbg+WSJDHLbjHv0ZToq8nMPA97XMxF3E=
 github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=

syft/file/digest_cataloger.go

@@ -51,10 +51,10 @@ func (i *DigestsCataloger) Catalog(resolver source.FileResolver) (map[source.Coo
 		if err != nil {
 			return nil, err
 		}
-		prog.N++
+		prog.Increment()
 		results[location.Coordinates] = result
 	}
-	log.Debugf("file digests cataloger processed %d files", prog.N)
+	log.Debugf("file digests cataloger processed %d files", prog.Current())
 	prog.SetCompleted()
 	return results, nil
 }
@@ -123,9 +123,7 @@ func CleanDigestAlgorithmName(name string) string {
 
 func digestsCatalogingProgress(locations int64) (*progress.Stage, *progress.Manual) {
 	stage := &progress.Stage{}
-	prog := &progress.Manual{
+	prog := progress.NewManual(locations)
-		Total: locations,
-	}
 
 	bus.Publish(partybus.Event{
 		Type: event.FileDigestsCatalogerStarted,

syft/file/metadata_cataloger.go

@@ -32,18 +32,16 @@ func (i *MetadataCataloger) Catalog(resolver source.FileResolver) (map[source.Co
 		}
 
 		results[location.Coordinates] = metadata
-		prog.N++
+		prog.Increment()
 	}
-	log.Debugf("file metadata cataloger processed %d files", prog.N)
+	log.Debugf("file metadata cataloger processed %d files", prog.Current())
 	prog.SetCompleted()
 	return results, nil
 }
 
 func metadataCatalogingProgress(locations int64) (*progress.Stage, *progress.Manual) {
 	stage := &progress.Stage{}
-	prog := &progress.Manual{
+	prog := progress.NewManual(locations)
-		Total: locations,
-	}
 
 	bus.Publish(partybus.Event{
 		Type: event.FileMetadataCatalogerStarted,

syft/file/secrets_cataloger.go

@@ -55,12 +55,12 @@ func (i *SecretsCataloger) Catalog(resolver source.FileResolver) (map[source.Coo
 			return nil, err
 		}
 		if len(result) > 0 {
-			secretsDiscovered.N += int64(len(result))
+			secretsDiscovered.Add(int64(len(result)))
 			results[location.Coordinates] = result
 		}
-		prog.N++
+		prog.Increment()
 	}
-	log.Debugf("secrets cataloger discovered %d secrets", secretsDiscovered.N)
+	log.Debugf("secrets cataloger discovered %d secrets", secretsDiscovered.Current())
 	prog.SetCompleted()
 	return results, nil
 }
@@ -139,9 +139,7 @@ type SecretsMonitor struct {
 func secretsCatalogingProgress(locations int64) (*progress.Stage, *progress.Manual, *progress.Manual) {
 	stage := &progress.Stage{}
 	secretsDiscovered := &progress.Manual{}
-	prog := &progress.Manual{
+	prog := progress.NewManual(locations)
-		Total: locations,
-	}
 
 	bus.Publish(partybus.Event{
 		Type:   event.SecretsCatalogerStarted,

syft/pkg/cataloger/catalog.go

@@ -151,7 +151,7 @@ func Catalog(resolver source.FileResolver, release *linux.Release, parallelism i
 	// dynamically show updated discovered package status
 	go func() {
 		for discovered := range discoveredPackages {
-			packagesDiscovered.N += discovered
+			packagesDiscovered.Add(discovered)
 		}
 	}()
 

syft/source/directory_indexer.go

@@ -347,9 +347,7 @@ func requireFileInfo(_ string, info os.FileInfo, _ error) error {
 
 func indexingProgress(path string) (*progress.Stage, *progress.Manual) {
 	stage := &progress.Stage{}
-	prog := &progress.Manual{
+	prog := progress.NewManual(-1)
-		Total: -1,
-	}
 
 	bus.Publish(partybus.Event{
 		Type:   event.FileIndexingStarted,