search

blackducksoftware / perceptor-scanner

The canonical implementation of perceptor's scanner and image facade.
Apache License 2.0
5 stars 7 forks source link

False positives possibly being sent to pcp #63

Closed jayunit100 closed 6 years ago

jayunit100 commented 6 years ago

looks like when a hub isnt properly implementing scans: 

time="2018-04-19T02:07:45Z" level=info msg="running command &{Path:/tmp/scanner/scan.cli-4.5.0/jre/bin/java Args:[/tmp/scanner/scan.cli-4.5.0/jre/bin/java -Xms512m -Xmx4096m -Dblackduck.scan.cli.benice=true -Dblackduck.scan.skipUpdate=true -Done-jar.silent=true -Done-jar.jar.path=/tmp/scanner/scan.cli-4.5.0/lib/cache/scan.cli.impl-standalone.jar -jar /tmp/scanner/scan.cli-4.5.0/lib/scan.cli-4.5.0-standalone.jar --host 35.188.209.136 --port 443 --scheme https --project blackducksoftware/hub-authentication-0f170cc5fc20fcb93493 --release 0f170cc5fc20fcb93493 --username sysadmin --name 0f170cc5fc20fcb93493 --insecure -v /var/images/blackducksoftware_hub-authentication@sha256:0f170cc5fc20fcb934937b8a412d49ca599479d1d6411b6e024108949b9accac.tar] Env:[] Dir: Stdin:<nil> Stdout:<nil> Stderr:<nil> ExtraFiles:[] SysProcAttr:<nil> Process:<nil> ProcessState:<nil> ctx:<nil> lookPathErr:<nil> finished:false childFiles:[] closeAfterStart:[] closeAfterWait:[] goroutine:[] errch:<nil> waitDone:<nil>} for image 0f170cc5fc20fcb934937b8a412d49ca599479d1d6411b6e024108949b9accac\n"
time="2018-04-19T02:08:48Z" level=error msg="java scanner failed for image 0f170cc5fc20fcb934937b8a412d49ca599479d1d6411b6e024108949b9accac with error exit status 74 and output:\n INFO: Start wrapper: ScanCliWrapperSettings [commandLine=org.apache.commons.cli.CommandLine@5ce65a89, fileUriSet=null, scheme=https, host=35.188.209.136, port=443, username=none, password=<NOT SHOWN>]...\nDEBUG: Cached implementation found.  Validating checksums\n WARN: The current scan implementation does not match the version found on the host '35.188.209.136:443', however an explicit request was made to skip the update. THIS MAY RESULT IN INCOMPATIBLE SCANS.\n
time="2018-04-19T02:08:48Z" level=info msg="successfully cleaned up file /var/images/blackducksoftware_hub-authentication@sha256:0f170cc5fc20fcb934937b8a412d49ca599479d1d6411b6e024108949b9accac.tar"
time="2018-04-19T02:08:48Z" level=info msg="about to finish job, going to send over {ImageSpec:{ImageName:blackducksoftware/hub-authentication PullSpec:blackducksoftware/hub-authentication@sha256:0f170cc5fc20fcb934937b8a412d49ca599479d1d6411b6e024108949b9accac Sha:0f170cc5fc20fcb934937b8a412d49ca599479d1d6411b6e024108949b9accac HubProjectName:blackducksoftware/hub-authentication-0f170cc5fc20fcb93493 HubProjectVersionName:0f170cc5fc20fcb93493 HubScanName:0f170cc5fc20fcb93493} Err:exit status 74}"

The scan still results in a positive message sent upstream to perceptor.

time="2018-04-19T02:08:48Z" level=info msg="POST to http://opssight-core:3001/finishedscan succeeded"
mattfenwick commented 6 years ago

These are just confusing log messages :(