Open edhinard opened 1 week ago
Hi @edhinard - thank you for this issue, and the steps to reproduce it. I have reproduced it here.
docker run --rm -it syftissue
✔ Indexed file system /tmp
[0000] WARN no explicit name and version provided for directory source, deriving artifact ID from the given path (which is not ideal)
[0000] WARN unable to access path="/tmp/dir1": open /tmp/dir1: permission denied
unable to get file resolver: unable to create directory resolver: unable to index filesystem path="/tmp/dir1/dir2/file": lstat /tmp/dir1/dir2: permission denied
returned code: 1
Here's the full trace in case anyone needs it.
docker run --rm -it syftissue
[0000] INFO syft version: 1.13.0
[0000] DEBUG config:
log:
quiet: false
level: trace
file: ""
dev:
profile: none
config: ""
output:
- syft-table
format:
pretty: null
template:
path: ""
legacy: false
json:
legacy: false
pretty: false
spdx-json:
pretty: false
cyclonedx-json:
pretty: false
cyclonedx-xml:
pretty: false
check-for-app-update: true
default-catalogers: []
select-catalogers: []
package:
search-unindexed-archives: false
search-indexed-archives: true
exclude-binary-overlap-by-ownership: true
file:
metadata:
selection: owned-by-package
digests:
- sha1
- sha256
content:
skip-files-above-size: 256000
globs: []
executable:
globs: []
scope: squashed
parallelism: 1
relationships:
package-file-ownership: true
package-file-ownership-overlap: true
compliance:
missing-name: drop
missing-version: stub
enrich: []
golang:
search-local-mod-cache-licenses: null
local-mod-cache-dir: /home/user/go/pkg/mod
search-remote-licenses: null
proxy: https://proxy.golang.org,direct
no-proxy: ""
main-module-version:
from-ld-flags: true
from-contents: true
from-build-settings: true
java:
use-network: null
use-maven-local-repository: null
maven-local-repository-dir: /home/user/.m2/repository
maven-url: https://repo1.maven.org/maven2
max-parent-recursive-depth: 0
javascript:
search-remote-licenses: null
npm-base-url: ""
linux-kernel:
catalog-modules: true
python:
guess-unpinned-requirements: false
registry:
insecure-skip-tls-verify: false
insecure-use-http: false
auth: []
ca-cert: ""
from: []
platform: ""
source:
name: ""
version: ""
base-path: ""
file:
digests:
- SHA-256
image:
default-pull-source: ""
exclude: []
cache:
dir: /home/user/.cache/syft
ttl: 7d
[0000] DEBUG checking if a new version of syft is available
[0000] DEBUG no new syft update available
[0000] TRACE looking for matching encoder name=syft-table version=
[0000] TRACE considering format aliases=[json syft] name=syft-json version=16.0.17
[0000] TRACE considering format aliases=[table] name=syft-table version=
[0000] TRACE considering format aliases=[text] name=syft-text version=
[0000] TRACE considering format aliases=[github] name=github-json version=
[0000] TRACE considering format aliases=[cyclonedx cyclone cdx] name=cyclonedx-xml version=1.0
[0000] TRACE considering format aliases=[cyclonedx cyclone cdx] name=cyclonedx-xml version=1.1
[0000] TRACE considering format aliases=[cyclonedx cyclone cdx] name=cyclonedx-xml version=1.2
[0000] TRACE considering format aliases=[cyclonedx cyclone cdx] name=cyclonedx-xml version=1.3
[0000] TRACE considering format aliases=[cyclonedx cyclone cdx] name=cyclonedx-xml version=1.4
[0000] TRACE considering format aliases=[cyclonedx cyclone cdx] name=cyclonedx-xml version=1.5
[0000] TRACE considering format aliases=[cyclonedx cyclone cdx] name=cyclonedx-xml version=1.6
[0000] TRACE considering format aliases=[] name=cyclonedx-json version=1.2
[0000] TRACE considering format aliases=[] name=cyclonedx-json version=1.3
[0000] TRACE considering format aliases=[] name=cyclonedx-json version=1.4
[0000] TRACE considering format aliases=[] name=cyclonedx-json version=1.5
[0000] TRACE considering format aliases=[] name=cyclonedx-json version=1.6
[0000] TRACE considering format aliases=[] name=spdx-json version=2.2
[0000] TRACE considering format aliases=[] name=spdx-json version=2.3
[0000] TRACE considering format aliases=[spdx spdx-tv] name=spdx-tag-value version=2.1
[0000] TRACE considering format aliases=[spdx spdx-tv] name=spdx-tag-value version=2.2
[0000] TRACE considering format aliases=[spdx spdx-tv] name=spdx-tag-value version=2.3
[0000] TRACE found matching encoder name=syft-table version=
[0000] WARN no explicit name and version provided for directory source, deriving artifact ID from the given path (which is not ideal)
[0000] TRACE indexing filetree path=/tmp
[0000] WARN unable to access path="/tmp/dir1": open /tmp/dir1: permission denied
[0000] TRACE indexing filetree path=/tmp/dir1/dir2/file
[0000] TRACE worker stopped component=eventloop
[0000] TRACE signal exit component=eventloop
unable to get file resolver: unable to create directory resolver: unable to index filesystem path="/tmp/dir1/dir2/file": lstat /tmp/dir1/dir2: permission denied
returned code: 1
What happened: syft crash when a symlink is referencing a file which is not accessible (under not readable dir)
What you expected to happen: syft should continue ignoring the file as for other non readable ones
Steps to reproduce the issue:
Use the attached docker file:
Anything else we need to know?: looks like #2645 (but already closed) and #3258 (not exactely the same since the directory is not excluded)
Environment:
syft version
: syft 1.13.0Dockerfile.txt