cataloger 'apkdb-cataloger' failed to parse entries

[pdevine-cb]

What happened: When running syft on the jenkins:2.60.3-alpine image, it failed to parse everything and created an error which looks like:

[0001]  INFO cataloging image
[0002]  INFO identified distro: alpine 3.5.2
[0002]  INFO building the catalog
[0003] ERROR cataloger 'apkdb-cataloger' failed to parse entries (reference={id:1895 Path:/lib/apk/db/installed}): failed to parse APK DB file: bufio.Scanner: token too long
NAME                                    VERSION                TYPE
                                                               java-archive
Java Runtime Environment                1.8.0_121              java-archive
access-modifier-annotation              1.12                   java-archive
acegi-security                          1.0.7                  java-archive
[...]

What you expected to happen: It to parse correctly, although this is an egregiously old version of jenkins using a very old version of alpine.

How to reproduce it (as minimally and precisely as possible): Using origin/main, make bootstrap && make build, then running $ syft jenkins:2.60.3-alpine -v

Anything else we need to know?: This is an older version of jenkins, but it was the last one which was published on docker hub as an official image, so it's possible someone might accidentally pull it and attempt to use it.

Environment:

• syft version (use syft version -v):

Application:   syft
Version:       v0.1.0-SNAPSHOT-1fc4629
BuildDate:     2020-10-09T23:49:13Z
GitCommit:     1fc46291a6e885cee57ddb2f00ec6c74c51a63a3
GitTreeState:  dirty
Platform:      linux/amd64
GoVersion:     go1.13.8
Compiler:      gc

• OS (e.g: cat /etc/os-release or similar):

$ cat /etc/os-release
NAME="Ubuntu"
VERSION="20.04.1 LTS (Focal Fossa)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 20.04.1 LTS"
VERSION_ID="20.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=focal
UBUNTU_CODENAME=focal

[github-actions]

Hey 👋! Welcome to the repo and thanks for reporting, we'll review this issue soon!

[jhujasonw]

I have seen the same thing, but wanted to add that I took a brief look around and I think the issue may be that older versions of the alpine images (and any other things layered on top) may be outputting differently and producing tokens larger than what can be held in the default internal token buffer size setup by bufio. The default token size appears to be 64KB, which does seem pretty large, and the error message seems to indicate the token buffer is not large enough. I might try playing with it a bit more incase more information would be more helpful.

[wagoodman]

@pdevine-cb the fix that @jhujasonw put in should make it in the next release (v0.3.0). I noticed something odd with the output you posted as well:

NAME                                    VERSION                TYPE
                                                               java-archive.  (<--- this line)
Java Runtime Environment                1.8.0_121              java-archive

...it seems like the name and version is missing for one of the artifacts discovered. I created a new issue #220 to capture this.

[pdevine-cb]

@wagoodman Yeah, I saw that too which is why I included it, but wasn't sure if it was related to the original issue.