search

docker / scout-cli

Docker Scout CLI
https://docker.com/products/docker-scout
Other
252 stars 60 forks source link

panic: runtime error: index out of range [0] with length 0 #44

Closed andrewgazelka closed 9 months ago

andrewgazelka commented 10 months ago 
❯ docker scout version

      ⢀⢀⢀             ⣀⣀⡤⣔⢖⣖⢽⢝
   ⡠⡢⡣⡣⡣⡣⡣⡣⡢⡀    ⢀⣠⢴⡲⣫⡺⣜⢞⢮⡳⡵⡹⡅
  ⡜⡜⡜⡜⡜⡜⠜⠈⠈        ⠁⠙⠮⣺⡪⡯⣺⡪⡯⣺
 ⢘⢜⢜⢜⢜⠜               ⠈⠪⡳⡵⣹⡪⠇
 ⠨⡪⡪⡪⠂    ⢀⡤⣖⢽⡹⣝⡝⣖⢤⡀    ⠘⢝⢮⡚       _____                 _
  ⠱⡱⠁    ⡴⡫⣞⢮⡳⣝⢮⡺⣪⡳⣝⢦    ⠘⡵⠁      / ____| Docker        | |
   ⠁    ⣸⢝⣕⢗⡵⣝⢮⡳⣝⢮⡺⣪⡳⣣    ⠁      | (___   ___ ___  _   _| |_
        ⣗⣝⢮⡳⣝⢮⡳⣝⢮⡳⣝⢮⢮⡳            \___ \ / __/ _ \| | | | __|
   ⢀    ⢱⡳⡵⣹⡪⡳⣝⢮⡳⣝⢮⡳⡣⡏    ⡀       ____) | (_| (_) | |_| | |_
  ⢀⢾⠄    ⠫⣞⢮⡺⣝⢮⡳⣝⢮⡳⣝⠝    ⢠⢣⢂     |_____/ \___\___/ \__,_|\__|
  ⡼⣕⢗⡄    ⠈⠓⠝⢮⡳⣝⠮⠳⠙     ⢠⢢⢣⢣
 ⢰⡫⡮⡳⣝⢦⡀              ⢀⢔⢕⢕⢕⢕⠅
 ⡯⣎⢯⡺⣪⡳⣝⢖⣄⣀        ⡀⡠⡢⡣⡣⡣⡣⡣⡃
⢸⢝⢮⡳⣝⢮⡺⣪⡳⠕⠗⠉⠁    ⠘⠜⡜⡜⡜⡜⡜⡜⠜⠈
⡯⡳⠳⠝⠊⠓⠉             ⠈⠈⠈⠈

version: 0.24.1 (go1.21.0 - darwin/arm64)
git commit: 67cb4ef78bd69545af0e223ba5fb577b27094505

❯ docker scout quickview
panic: runtime error: index out of range [0] with length 0

goroutine 1 [running]:
github.com/docker/scout-cli-plugin/internal/dockercli.(*Store).GetNewest(0x14000dea750, {0x104e249e0, 0x14000df2720})
    /home/runner/work/scout-cli-plugin/scout-cli-plugin/internal/dockercli/localstore.go:144 +0x718
github.com/docker/scout-cli-plugin/images.(*ImgService).GetNewest(0x14000490240, {0x104e249e0, 0x14000df2720})
    /home/runner/work/scout-cli-plugin/scout-cli-plugin/images/images.go:181 +0x40
github.com/docker/scout-cli-plugin/sbom.(*Service).FromNewestImage(0x14000490260, {0x104e249e0, 0x14000df2720})
    /home/runner/work/scout-cli-plugin/scout-cli-plugin/sbom/sbom.go:267 +0x38
github.com/docker/scout-cli-plugin/sbom.(*Service).Get(0x1400117f9c8?, {0x104e249e0?, 0x14000df2720?}, {0x0?, 0x104af4cc0?}, {0x10408041f?, 0x1400117f898?}, {0x0?, 0xff?}, {0x0?, ...})
    /home/runner/work/scout-cli-plugin/scout-cli-plugin/sbom/sbom.go:74 +0x16c
github.com/docker/scout-cli-plugin/internal/commands/quickview.NewCmd.func2(0x14000bf8c00?, {0x105e7f0c0?, 0x0?, 0x0?})
    /home/runner/work/scout-cli-plugin/scout-cli-plugin/internal/commands/quickview/quickview.go:123 +0x3d8
github.com/spf13/cobra.(*Command).execute(0x14000bf8c00, {0x1400048c570, 0x0, 0x0})
    /home/runner/go/pkg/mod/github.com/spf13/cobra@v1.7.0/command.go:940 +0x658
github.com/spf13/cobra.(*Command).ExecuteC(0x14000ce0300)
    /home/runner/go/pkg/mod/github.com/spf13/cobra@v1.7.0/command.go:1068 +0x320
github.com/spf13/cobra.(*Command).Execute(...)
    /home/runner/go/pkg/mod/github.com/spf13/cobra@v1.7.0/command.go:992
github.com/docker/cli/cli-plugins/plugin.RunPlugin(0x104e32aa0?, 0x14000bf8000, {{0x10408015e, 0x5}, {0x1040a8187, 0xb}, {0x1049bb6b0, 0x6}, {0x0, 0x0}, ...})
    /home/runner/go/pkg/mod/github.com/docker/cli@v24.0.5+incompatible/cli-plugins/plugin/plugin.go:51 +0x13c
main.runPlugin(0x104128215?)
    /home/runner/work/scout-cli-plugin/scout-cli-plugin/cmd/docker-scout/main.go:29 +0xd8
main.main()
    /home/runner/work/scout-cli-plugin/scout-cli-plugin/cmd/docker-scout/main.go:52 +0x130

I am running this on a scratch image, which I know makes no sense. My guess is this is what is causing the issue.

### Tasks
thaJeztah commented 9 months ago

/cc @cdupuis

willdeane commented 9 months ago

I'm also getting this error when scanning the Chainguard Wolfi image.

$ docker pull cgr.dev/chainguard/wolfi-base
Using default tag: latest
latest: Pulling from chainguard/wolfi-base
33f07347d8b7: Pull complete 
Digest: sha256:d141305384203efd88710c735d71a3975371174ad882c181b5ce0bdb583615e6
Status: Downloaded newer image for cgr.dev/chainguard/wolfi-base:latest
cgr.dev/chainguard/wolfi-base:latest
$
$ docker sbom cgr.dev/chainguard/wolfi-base
Syft v0.43.0
 ✔ Loaded image            
 ✔ Parsed image            
 ✔ Cataloged packages      [14 packages]

NAME                    VERSION      TYPE 
apk-tools               2.14.0-r0    apk   
busybox                 1.36.1-r2    apk   
ca-certificates-bundle  20230506-r0  apk   
glibc                   2.38-r1      apk   
glibc-locale-posix      2.38-r1      apk   
ld-linux                2.38-r1      apk   
libcrypt1               2.38-r1      apk   
libcrypto3              3.1.3-r0     apk   
libssl3                 3.1.3-r0     apk   
openssl-config          3.1.3-r0     apk   
wolfi-base              1-r3         apk   
wolfi-baselayout        20230201-r6  apk   
wolfi-keys              1-r5         apk   
zlib                    1.3-r0       apk   

$
$ docker scout cves cgr.dev/chainguard/wolfi-base
Analyzing image cgr.dev/chainguard/wolfi-base
    ✓ Image stored for indexing
    ⠋ Indexing panic: runtime error: index out of range [0] with length 0

goroutine 13 [running]:
github.com/anchore/syft/syft/pkg/cataloger/apkdb.stripVersionSpecifier(...)
    /home/runner/go/pkg/mod/github.com/anchore/syft@v0.66.7/syft/pkg/cataloger/apkdb/parse_apk_db.go:356
github.com/anchore/syft/syft/pkg/cataloger/apkdb.discoverPackageDependencies({0x14000292c00, 0xe, 0x140012312d2?})
    /home/runner/go/pkg/mod/github.com/anchore/syft@v0.66.7/syft/pkg/cataloger/apkdb/parse_apk_db.go:316 +0x898
github.com/anchore/syft/syft/pkg/cataloger/apkdb.parseApkDB({0x14000126e58?, 0x140004af0c8?}, 0x1400101a2b0, {{{{0x140004af0c8, 0x15}, {0x14000fa73b0, 0x47}}, {0x140012263c0, 0x15}, {0x86, ...}}, ...})
    /home/runner/go/pkg/mod/github.com/anchore/syft@v0.66.7/syft/pkg/cataloger/apkdb/parse_apk_db.go:101 +0x614
github.com/anchore/syft/syft/pkg/cataloger/generic.(*Cataloger).Catalog(0x14001929920, {0x106953c90, 0x14000126e58})
    /home/runner/go/pkg/mod/github.com/anchore/syft@v0.66.7/syft/pkg/cataloger/generic/cataloger.go:129 +0x6b8
github.com/anchore/syft/syft/pkg/cataloger.runCataloger({0x106944740, 0x14001929920}, {0x106953c90?, 0x14000126e58})
    /home/runner/go/pkg/mod/github.com/anchore/syft@v0.66.7/syft/pkg/cataloger/catalog.go:57 +0x15c
github.com/anchore/syft/syft/pkg/cataloger.Catalog.func1()
    /home/runner/go/pkg/mod/github.com/anchore/syft@v0.66.7/syft/pkg/cataloger/catalog.go:127 +0xcc
created by github.com/anchore/syft/syft/pkg/cataloger.Catalog
    /home/runner/go/pkg/mod/github.com/anchore/syft@v0.66.7/syft/pkg/cataloger/catalog.go:122 +0x250
cdupuis commented 9 months ago

@willdeane what version of the Scout CLI are you on? I believe this was fixed already. 

❯ docker scout cves cgr.dev/chainguard/wolfi-base
    ✓ Pulled
    ✓ Image stored for indexing
    ✓ Indexed 16 packages
    ✓ No vulnerable package detected

## Overview

                    │             Analyzed Image
────────────────────┼─────────────────────────────────────────
  Image reference   │  cgr.dev/chainguard/wolfi-base:latest
                    │  43f3fb67f990
    platform        │ linux/arm64
    vulnerabilities │    0C     0H     0M     0L
    size            │ 4.7 MB
    packages        │ 16

## Packages and Vulnerabilities