combinatorial explosion using os.walk(..., followlinks=True)

TimesysGit / vigiles-openwrt

Vulnerability management tool that provides OpenWRT SBOM generation and CVE Analysis of target images.

10 stars 6 forks source link

combinatorial explosion using os.walk(..., followlinks=True) #5

Closed dlundquist closed 1 year ago

dlundquist commented 1 year ago

Our build root includes acl which has an two symlinks in its include directory similar to this:

[dustin@rigel include]$ ls -l
total 0
lrwxrwxrwx 1 dustin dustin 2 Oct 14 12:40 acl -> ..
lrwxrwxrwx 1 dustin dustin 2 Oct 14 12:40 sys -> ..
[dustin@rigel include]$

This causes a vigiles-openwrt.py to spin possible combinations directory paths permutations of sys and acl until it hits ELOOP.

iancampbell commented 1 year ago

We'll look into this and let you know if we need more information.

iancampbell commented 1 year ago

This has been fixed by 1229852afb85acf9991012b1ddd2cf0f9257670f