search

anchore / syft

CLI tool and library for generating a Software Bill of Materials from container images and filesystems
Apache License 2.0
6.2k stars 571 forks source link

Output filenames cannot contain a / #1372

Closed JonZeolla closed 1 year ago

JonZeolla commented 1 year ago

Please provide a set of steps on how to reproduce the issue

$ syft --version
syft 0.62.1
$ ls -al example.json
ls: example.json: No such file or directory
$ syft docker:seiso/easy_infra:2022.11.06-ansible-eab07ab -o json --file example.json
 ✔ Loaded image
 ✔ Parsed image
 ✔ Cataloged packages      [343 packages]
$ ls -al example.json
-rw-r--r--  1 jonzeolla  staff  7879187 Nov 29 10:59 example.json
$ rm example.json
$ syft docker:seiso/easy_infra:2022.11.06-ansible-eab07ab -o json --file 'example/example.json'
 ✔ Loaded image
 ✔ Parsed image
 ✔ Cataloged packages      [343 packages]
$ ls -al example/
total 15392
drwxr-xr-x   3 jonzeolla  staff       96 Nov 29 10:57 .
drwxr-xr-x  27 jonzeolla  staff      864 Nov 29 10:59 ..
-rw-r--r--   1 jonzeolla  staff  7879195 Nov 29 10:59 example.json
$ syft docker:seiso/easy_infra:2022.11.06-ansible-eab07ab -o json --file 'example\/example.json'
 ✔ Loaded image
 ✔ Parsed image
 ✔ Cataloged packages      [343 packages]
$ ls -al example\\ # It literally made a folder called 'example\'
total 15392
drwxr-xr-x   3 jonzeolla  staff       96 Nov 29 10:59 .
drwxr-xr-x  28 jonzeolla  staff      896 Nov 29 10:59 ..
-rw-r--r--   1 jonzeolla  staff  7879197 Nov 29 10:59 example.json

What happened: When I attempted to make an output file containing a /, instead it created a folder structure.

What you expected to happen: I expected to be able to include a string literal / in the output file name without escaping. As a workaround, I expected to be able to manually escape the /.

Anything else we need to know?: Nah

Environment:

wagoodman commented 1 year ago

I'm not certain if this is the correct way to escape directory separators, I tried the same approach with bash redirect instead with no luck:

❯ syft alpine:latest -o json --name crazy > /tmp/example\/example.json
zsh: no such file or directory: /tmp/example/example.json
❯ syft alpine:latest -o json --name crazy > "/tmp/example\/example.json"
zsh: no such file or directory: /tmp/example\/example.json
❯ syft alpine:latest -o json --name crazy > '/tmp/example\/example.json'
zsh: no such file or directory: /tmp/example\/example.json

I think syft's behavior with creating the directory helps the user and is not a surprising result relative to the bash redirection case listed above.

I'm going to close this for now as a "wont-fix" but please feel free to comment with more thoughts in case I've mischaracterized something here.