Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-layer view of what's inside your container in a variety of formats including human-readable, JSON, HTML, SPDX and more.
Although fs_hash.sh collects extended attribute data using
getfattr, that data is not parsed by the add_files method in the
ImageLayer class. This creates a serious bug when running Tern
on a host OS with selinux enabled, even when running Tern in a
container. This commit fixes this issue by adding more
checks when parsing the results from the fs_hash.sh script.
Since it is a lot of code, we add an internal function
_parse_hash_content which takes care of creating a list of
FileData objects from the hashed contents.
Although fs_hash.sh collects extended attribute data using getfattr, that data is not parsed by the add_files method in the ImageLayer class. This creates a serious bug when running Tern on a host OS with selinux enabled, even when running Tern in a container. This commit fixes this issue by adding more checks when parsing the results from the fs_hash.sh script.
Since it is a lot of code, we add an internal function _parse_hash_content which takes care of creating a list of FileData objects from the hashed contents.
Fixes #1100
Signed-off-by: Nisha K nishak@vmware.com