test(crawlers): chmod-based unreadable-dir coverage across crawlers

Adds a shared `tests/common/mod.rs` helper with `uid_is_root()` and
`chmod_{unreadable,readable}` so each crawler test file can drive the
`read_dir(...).await` Err arm without depending on an installed
binary or specific filesystem layout. Per-crawler tests skip under
uid 0 because chmod is a no-op for root.

Coverage added:
* cargo: scan_crate_source short-circuits on unreadable src_path
* composer: read_installed_json short-circuits on unreadable file
* go: scan_dir_recursive short-circuits on unreadable cache_path
* npm: scan_node_modules + find_workspace_node_modules both short-
  circuit on unreadable dirs; the workspace test stages a readable
  and an unreadable workspace side-by-side to prove the readable
  one is still discovered.
* nuget: scan_package_dir + scan_global_cache_package both short-
  circuit on unreadable dirs (the latter via an unreadable per-name
  version directory).
* python: find_by_purls + scan_site_packages short-circuit on
  unreadable site-packages.
* ruby: scan_gem_dir short-circuits on unreadable gem dir.

Assisted-by: Claude Code:claude-opus-4-7

Author: mikolalysenko

crates/socket-patch-core/tests/common/mod.rs

@@ -0,0 +1,51 @@
+//! Shared helpers for integration tests. Crate-private.
+//!
+//! `tests/<name>/mod.rs` is treated by cargo as a non-test module
+//! that other integration test files can pull in via
+//! `#[path = "common/mod.rs"] mod common;` — keeping helpers out of
+//! the crate's compile path but reusable across the test suite.
+
+use std::process::Command;
+
+/// True when the current process is running as uid 0 (root).
+///
+/// Used by `read_dir`/`file_type` permission-error tests to skip
+/// themselves under root, because `chmod` of any mode against a
+/// directory has no effect for root (root can always read anything),
+/// so the Err arm we're trying to drive doesn't fire.
+#[cfg(unix)]
+pub fn uid_is_root() -> bool {
+    Command::new("id")
+        .arg("-u")
+        .output()
+        .ok()
+        .and_then(|o| {
+            String::from_utf8(o.stdout)
+                .ok()
+                .map(|s| s.trim().to_string())
+        })
+        .map(|s| s == "0")
+        .unwrap_or(false)
+}
+
+#[cfg(not(unix))]
+pub fn uid_is_root() -> bool {
+    false
+}
+
+/// Set mode 0o000 on a directory so subsequent `read_dir` returns Err.
+/// Used by permission-error tests; must call `chmod_readable` to
+/// restore before the tempdir is dropped or cleanup will fail.
+#[cfg(unix)]
+pub fn chmod_unreadable(path: &std::path::Path) {
+    use std::os::unix::fs::PermissionsExt;
+    let perms = std::fs::Permissions::from_mode(0o000);
+    std::fs::set_permissions(path, perms).expect("chmod 000 must succeed");
+}
+
+#[cfg(unix)]
+pub fn chmod_readable(path: &std::path::Path) {
+    use std::os::unix::fs::PermissionsExt;
+    let perms = std::fs::Permissions::from_mode(0o700);
+    let _ = std::fs::set_permissions(path, perms);
+}

crates/socket-patch-core/tests/crawler_cargo_e2e.rs

@@ -528,6 +528,41 @@ async fn crawl_all_skips_crate_with_unparseable_toml_and_no_version_dir_name() {
     assert!(result.is_empty(), "unparseable + no-version dir name must be skipped");
 }
 
+#[cfg(unix)]
+#[path = "common/mod.rs"]
+mod common;
+
+/// `scan_crate_source` short-circuits when `read_dir` returns Err.
+/// Drive by chmod 000-ing a tempdir then asking the crawler to scan
+/// it. Skipped under root because chmod has no effect on uid 0.
+#[cfg(unix)]
+#[tokio::test]
+async fn crawl_all_handles_unreadable_src_path() {
+    if common::uid_is_root() {
+        eprintln!("SKIP: chmod 000 is a no-op under root");
+        return;
+    }
+    let tmp = tempfile::tempdir().unwrap();
+    let unreadable = tmp.path().join("blocked");
+    tokio::fs::create_dir_all(&unreadable).await.unwrap();
+    // Put a "crate" inside so we can prove the scan really stopped at
+    // the unreadable barrier rather than just finding nothing.
+    stage_registry_crate(&unreadable, "would-be-found", "1.0.0").await;
+    common::chmod_unreadable(&unreadable);
+
+    let crawler = CargoCrawler;
+    let opts = CrawlerOptions {
+        cwd: tmp.path().to_path_buf(),
+        global: true,
+        global_prefix: Some(unreadable.clone()),
+        batch_size: 100,
+    };
+    let result = crawler.crawl_all(&opts).await;
+    common::chmod_readable(&unreadable);
+
+    assert!(result.is_empty(), "unreadable src_path must yield empty");
+}
+
 /// `verify_crate_at_path` returns false when neither the Cargo.toml
 /// parses NOR the dir-name parses — exercises the `else { false }`
 /// arm at line 345-346.

crates/socket-patch-core/tests/crawler_composer_e2e.rs

@@ -377,6 +377,38 @@ async fn get_vendor_paths_global_no_composer_no_home_layout_returns_empty() {
     assert!(paths.is_empty(), "no composer source anywhere must yield empty; got {paths:?}");
 }
 
+#[cfg(unix)]
+#[path = "common/mod.rs"]
+mod common;
+
+/// `read_installed_json` short-circuits when the file can't be read —
+/// chmod 000 the installed.json and assert the crawler returns empty
+/// rather than panicking.
+#[cfg(unix)]
+#[tokio::test]
+async fn find_by_purls_handles_unreadable_installed_json() {
+    if common::uid_is_root() {
+        eprintln!("SKIP: chmod 000 is a no-op under root");
+        return;
+    }
+    let tmp = tempfile::tempdir().unwrap();
+    let vendor = tmp.path().join("vendor");
+    let composer = vendor.join("composer");
+    tokio::fs::create_dir_all(&composer).await.unwrap();
+    let installed = composer.join("installed.json");
+    tokio::fs::write(&installed, r#"{"packages":[]}"#).await.unwrap();
+    common::chmod_unreadable(&installed);
+
+    let crawler = ComposerCrawler;
+    let result = crawler
+        .find_by_purls(&vendor, &[ORG_PURL.to_string()])
+        .await
+        .unwrap();
+    common::chmod_readable(&installed);
+
+    assert!(result.is_empty(), "unreadable installed.json must yield empty");
+}
+
 /// `crawl_all` should dedup packages discovered across multiple
 /// vendor paths sharing the same installed package — exercises the
 /// `seen.contains` early-continue arm.

crates/socket-patch-core/tests/crawler_go_e2e.rs

@@ -178,6 +178,37 @@ async fn get_module_cache_paths_with_go_mod_returns_cache() {
     );
 }
 
+#[cfg(unix)]
+#[path = "common/mod.rs"]
+mod common;
+
+/// `scan_dir_recursive` short-circuits when read_dir returns Err.
+#[cfg(unix)]
+#[tokio::test]
+async fn crawl_all_handles_unreadable_cache_path() {
+    if common::uid_is_root() {
+        eprintln!("SKIP: chmod 000 is a no-op under root");
+        return;
+    }
+    let tmp = tempfile::tempdir().unwrap();
+    let cache = tmp.path().join("blocked-cache");
+    tokio::fs::create_dir(&cache).await.unwrap();
+    let _ = stage_go_module(&cache, "github.com/foo/bar", "v1.0.0").await;
+    common::chmod_unreadable(&cache);
+
+    let crawler = GoCrawler;
+    let opts = CrawlerOptions {
+        cwd: tmp.path().to_path_buf(),
+        global: true,
+        global_prefix: Some(cache.clone()),
+        batch_size: 100,
+    };
+    let result = crawler.crawl_all(&opts).await;
+    common::chmod_readable(&cache);
+
+    assert!(result.is_empty(), "unreadable cache must yield empty");
+}
+
 /// `GoCrawler::default()` should forward to `new()`.
 #[test]
 fn go_crawler_default_and_new_construct_cleanly() {

crates/socket-patch-core/tests/crawler_npm_e2e.rs

@@ -507,6 +507,61 @@ async fn crawl_all_skips_hidden_and_skip_dirs() {
     assert!(!names.contains(&"also-not"), "SKIP_DIRS dir must be skipped");
 }
 
+#[cfg(unix)]
+#[path = "common/mod.rs"]
+mod common;
+
+/// `scan_node_modules` short-circuits when read_dir returns Err.
+#[cfg(unix)]
+#[tokio::test]
+async fn crawl_all_handles_unreadable_node_modules() {
+    if common::uid_is_root() {
+        eprintln!("SKIP: chmod 000 is a no-op under root");
+        return;
+    }
+    let tmp = tempfile::tempdir().unwrap();
+    let nm = tmp.path().join("node_modules");
+    stage_npm_pkg(&nm, "would-be-found", "1.0.0").await;
+    common::chmod_unreadable(&nm);
+
+    let crawler = NpmCrawler;
+    let opts = options_at(tmp.path());
+    let result = crawler.crawl_all(&opts).await;
+    common::chmod_readable(&nm);
+
+    assert!(result.is_empty(), "unreadable node_modules must yield empty");
+}
+
+/// `find_workspace_node_modules` short-circuits cleanly when it
+/// encounters an unreadable workspace subdir — drives the read_dir
+/// Err arm at npm_crawler.rs:440-441 by chmod 000-ing one workspace
+/// while leaving a readable one alongside.
+#[cfg(unix)]
+#[tokio::test]
+async fn crawl_all_handles_unreadable_workspace_dir() {
+    if common::uid_is_root() {
+        eprintln!("SKIP: chmod 000 is a no-op under root");
+        return;
+    }
+    let tmp = tempfile::tempdir().unwrap();
+    // Readable workspace.
+    stage_npm_pkg(&tmp.path().join("readable").join("node_modules"), "ok", "1.0.0").await;
+    // Unreadable workspace.
+    let blocked = tmp.path().join("blocked");
+    tokio::fs::create_dir(&blocked).await.unwrap();
+    stage_npm_pkg(&blocked.join("node_modules"), "hidden", "2.0.0").await;
+    common::chmod_unreadable(&blocked);
+
+    let crawler = NpmCrawler;
+    let opts = options_at(tmp.path());
+    let result = crawler.crawl_all(&opts).await;
+    common::chmod_readable(&blocked);
+
+    let names: Vec<&str> = result.iter().map(|p| p.name.as_str()).collect();
+    assert!(names.contains(&"ok"));
+    assert!(!names.contains(&"hidden"), "unreadable workspace must be skipped");
+}
+
 /// Drives scoped-package scanning + nested node_modules recursion +
 /// the hidden-and-file-entries skip arms inside `scan_scoped_packages`
 /// and `scan_nested_node_modules`. Covers L552, 581-604, 619-665.

crates/socket-patch-core/tests/crawler_nuget_e2e.rs

@@ -341,6 +341,65 @@ async fn find_by_purls_with_lib_dir_marker_succeeds() {
     assert_eq!(result.len(), 1);
 }
 
+#[cfg(unix)]
+#[path = "common/mod.rs"]
+mod common;
+
+/// `scan_package_dir` short-circuits when read_dir returns Err.
+#[cfg(unix)]
+#[tokio::test]
+async fn crawl_all_handles_unreadable_pkg_path() {
+    if common::uid_is_root() {
+        eprintln!("SKIP: chmod 000 is a no-op under root");
+        return;
+    }
+    let tmp = tempfile::tempdir().unwrap();
+    let pkg = tmp.path().join("blocked");
+    tokio::fs::create_dir(&pkg).await.unwrap();
+    let _ = stage_global_cache_pkg(&pkg, "newtonsoft.json", "13.0.3").await;
+    common::chmod_unreadable(&pkg);
+
+    let crawler = NuGetCrawler;
+    let opts = CrawlerOptions {
+        cwd: tmp.path().to_path_buf(),
+        global: true,
+        global_prefix: Some(pkg.clone()),
+        batch_size: 100,
+    };
+    let result = crawler.crawl_all(&opts).await;
+    common::chmod_readable(&pkg);
+
+    assert!(result.is_empty(), "unreadable pkg_path must yield empty");
+}
+
+/// `scan_global_cache_package` returns None when the per-name version
+/// directory is unreadable — drives the inner read_dir Err arm at
+/// nuget_crawler.rs:236.
+#[cfg(unix)]
+#[tokio::test]
+async fn crawl_all_handles_unreadable_version_dir() {
+    if common::uid_is_root() {
+        eprintln!("SKIP: chmod 000 is a no-op under root");
+        return;
+    }
+    let tmp = tempfile::tempdir().unwrap();
+    let pkg_name_dir = tmp.path().join("blocked-name");
+    tokio::fs::create_dir(&pkg_name_dir).await.unwrap();
+    common::chmod_unreadable(&pkg_name_dir);
+
+    let crawler = NuGetCrawler;
+    let opts = CrawlerOptions {
+        cwd: tmp.path().to_path_buf(),
+        global: true,
+        global_prefix: Some(tmp.path().to_path_buf()),
+        batch_size: 100,
+    };
+    let result = crawler.crawl_all(&opts).await;
+    common::chmod_readable(&pkg_name_dir);
+
+    assert!(result.is_empty(), "unreadable version dir must yield empty");
+}
+
 /// `scan_package_dir` skips entries that are not directories — covers
 /// the `if !ft.is_dir()` continue arm at L183. Drive this by staging
 /// a plain file alongside a valid global-cache package.

crates/socket-patch-core/tests/crawler_python_e2e.rs

@@ -275,6 +275,61 @@ async fn read_python_metadata_missing_name_returns_none() {
     assert_eq!(result, None);
 }
 
+#[cfg(unix)]
+#[path = "common/mod.rs"]
+mod common;
+
+/// `find_by_purls` short-circuits when the site-packages dir is
+/// unreadable. Drives the python_crawler.rs:530 read_dir Err arm.
+#[cfg(unix)]
+#[tokio::test]
+async fn find_by_purls_handles_unreadable_site_packages() {
+    if common::uid_is_root() {
+        eprintln!("SKIP: chmod 000 is a no-op under root");
+        return;
+    }
+    let tmp = tempfile::tempdir().unwrap();
+    let site_packages = tmp.path().join("sp");
+    tokio::fs::create_dir(&site_packages).await.unwrap();
+    common::chmod_unreadable(&site_packages);
+
+    let crawler = PythonCrawler;
+    let result = crawler
+        .find_by_purls(&site_packages, &["pkg:pypi/requests@2.28.0".to_string()])
+        .await
+        .unwrap();
+    common::chmod_readable(&site_packages);
+
+    assert!(result.is_empty());
+}
+
+/// `scan_site_packages` short-circuits when site-packages is
+/// unreadable — drives python_crawler.rs:584 read_dir Err arm.
+#[cfg(unix)]
+#[tokio::test]
+async fn crawl_all_handles_unreadable_site_packages() {
+    if common::uid_is_root() {
+        eprintln!("SKIP: chmod 000 is a no-op under root");
+        return;
+    }
+    let tmp = tempfile::tempdir().unwrap();
+    let site_packages = tmp.path().join("sp");
+    tokio::fs::create_dir(&site_packages).await.unwrap();
+    common::chmod_unreadable(&site_packages);
+
+    let crawler = PythonCrawler;
+    let opts = CrawlerOptions {
+        cwd: tmp.path().to_path_buf(),
+        global: true,
+        global_prefix: Some(site_packages.clone()),
+        batch_size: 100,
+    };
+    let result = crawler.crawl_all(&opts).await;
+    common::chmod_readable(&site_packages);
+
+    assert!(result.is_empty());
+}
+
 /// `PythonCrawler::default()` should forward to `new()`.
 #[test]
 fn python_crawler_default_and_new_construct_cleanly() {

crates/socket-patch-core/tests/crawler_ruby_e2e.rs

@@ -221,6 +221,38 @@ async fn global_gem_discovery_via_home_dotgem_layout() {
     );
 }
 
+#[cfg(unix)]
+#[path = "common/mod.rs"]
+mod common;
+
+/// `scan_gem_dir` short-circuits when the gem path is unreadable —
+/// drives ruby_crawler.rs:270 read_dir Err arm.
+#[cfg(unix)]
+#[tokio::test]
+async fn crawl_all_handles_unreadable_gem_dir() {
+    if common::uid_is_root() {
+        eprintln!("SKIP: chmod 000 is a no-op under root");
+        return;
+    }
+    let tmp = tempfile::tempdir().unwrap();
+    let gem_dir = tmp.path().join("blocked-gems");
+    tokio::fs::create_dir(&gem_dir).await.unwrap();
+    let _ = stage_gem(&gem_dir, "rails", "7.1.0").await;
+    common::chmod_unreadable(&gem_dir);
+
+    let crawler = RubyCrawler;
+    let opts = CrawlerOptions {
+        cwd: tmp.path().to_path_buf(),
+        global: true,
+        global_prefix: Some(gem_dir.clone()),
+        batch_size: 100,
+    };
+    let result = crawler.crawl_all(&opts).await;
+    common::chmod_readable(&gem_dir);
+
+    assert!(result.is_empty(), "unreadable gem dir must yield empty");
+}
+
 /// `RubyCrawler::default()` should forward to `new()`.
 #[test]
 fn ruby_crawler_default_and_new_construct_cleanly() {