Crawler Issues - Githubissues

psharkey commented 10 months ago

Details -

$ docker build . -f gh_crawler/docker/Dockerfile -t static-scanner:latest
Sending build context to Docker daemon  387.1kB
Step 1/19 : FROM golang:1.21 as builder
 .
 . 
 .
Step 16/19 : RUN npm i
 ---> Running in 3a136d7c94ad
node[7]: ../src/node_platform.cc:68:std::unique_ptr<long unsigned int> node::WorkerThreadsTaskRunner::DelayedTaskScheduler::Start(): Assertion `(0) == (uv_thread_create(t.get(), start_thread, this))' failed.
 1: 0xb95b60 node::Abort() [node]
 2: 0xb95bde  [node]
 3: 0xc0447e  [node]
 4: 0xc04561 node::NodePlatform::NodePlatform(int, v8::TracingController*, v8::PageAllocator*) [node]
 5: 0xb50e03 node::InitializeOncePerProcess(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&, node::ProcessFlags::Flags) [node]
 6: 0xb5145b node::Start(int, char**) [node]
 7: 0x7f84a455724a  [/lib/x86_64-linux-gnu/libc.so.6]
 8: 0x7f84a4557305 __libc_start_main [/lib/x86_64-linux-gnu/libc.so.6]
 9: 0xacfdce _start [node]
Aborted
The command '/bin/sh -c npm i' returned a non-zero code: 134
$ $ git log -1
commit 950f356e762ba2283cb678a5c3b0ffad3457418f (HEAD -> main, origin/main, origin/HEAD)
Author: Dragos Cojocari <dragos-cojocari@users.noreply.github.com>
Date:   Fri Feb 2 17:34:00 2024 +0200

    feat: add catalog info (#4)
$ docker --version
Docker version 18.06.1-ce, build e68fc7a215d7133c34aa18e3b72b4a21fd0c6136
$

dragos-cojocari commented 10 months ago

@psharkey please retry with a supported Docker version (> 23.0) . The Docker version you are using is outdated.

psharkey commented 10 months ago

https://github.com/snyk/leaky-vessels-static-detector/blob/main/gh_crawler/README.md?plain=1#L8-L9 says these are optional but https://github.com/snyk/leaky-vessels-static-detector/blob/main/gh_crawler/src/collect_dockerfiles.sh#L22 requires them?

https://github.com/snyk/leaky-vessels-static-detector/blob/main/gh_crawler/README.md?plain=1#L22-L25 - the image names static-scanner and static-detector are not consistent.

psharkey commented 10 months ago

Also, the --dockerhub flag causes -

time="2024-02-05T16:01:49Z" level=info msg="[ + ] Running Leaky Vessels Static Detector"
flag provided but not defined: -dockerhub
Usage of dockerfile:
  -base
        Run analysis on base image.
  -debug
        Enable debug logs.
  -disable string
        Comma-seperated list of rule ids to turn off. List of rule Ids: 
        1 - runc process.cwd & Leaked fds Container Breakout [CVE-2024-21626]
        2 - Buildkit Mount Cache Race: Build-time Race Condition Container Breakout [CVE-2024-23651]
        3 - Buildkit GRPC SecurityMode Privilege Check [CVE-2024-23653]
        4 - Buildkit Build-time Container Teardown Arbitrary Delete [CVE-2024-23652]
  -env string
        Path to .env file.
  -f string
        Path to dockerfile.
gh_data/xxx/Dockerfile ... error parsing dockerfile

audip commented 8 months ago

Also, the --dockerhub flag causes -

time="2024-02-05T16:01:49Z" level=info msg="[ + ] Running Leaky Vessels Static Detector"
flag provided but not defined: -dockerhub
Usage of dockerfile:
  -base
        Run analysis on base image.
  -debug
        Enable debug logs.
  -disable string
        Comma-seperated list of rule ids to turn off. List of rule Ids: 
        1 - runc process.cwd & Leaked fds Container Breakout [CVE-2024-21626]
        2 - Buildkit Mount Cache Race: Build-time Race Condition Container Breakout [CVE-2024-23651]
        3 - Buildkit GRPC SecurityMode Privilege Check [CVE-2024-23653]
        4 - Buildkit Build-time Container Teardown Arbitrary Delete [CVE-2024-23652]
  -env string
        Path to .env file.
  -f string
        Path to dockerfile.
gh_data/xxx/Dockerfile ... error parsing dockerfile

Yes, the --dockerhub flag caused issues and has been fixed to --base flag in #15

snyk / leaky-vessels-static-detector

Crawler Issues #5