Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

fix: add panic recovery for license parse #1839

Merged
merged 2 commits into from
May 23, 2023
Merged

fix: add panic recovery for license parse #1839

merged 2 commits into from
May 23, 2023

Conversation

spiffcs
Copy link
Contributor

@spiffcs spiffcs commented May 23, 2023

Closes #1837

With this fix we can release v0.81.1 as a patch which will defer the panic caused by the call to ValidateLicenses

Tested against the example in the issue using syft from this branch and grype v0.62.0

go run cmd/syft/main.go -o json lscr.io/linuxserver/webtop:alpine-openbox | grype
Screenshot 2023-05-23 at 12 00 31 PM

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
// a fix to the upstream github library
defer func() {
if r := recover(); r != nil {
log.Trace("recovered in parseExpression", r)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

instead of logging, should we change the return error wrapping the stack trace and let the caller decide the correct action to take? We have a similar pattern in the runCataloger() call

if e := recover(); e != nil {

@github-actions
Copy link

github-actions bot commented May 23, 2023

Benchmark Test Results

Benchmark results from the latest changes vs base branch
goos: linux%0Agoarch: amd64%0Apkg: github.com/anchore/syft/test/integration%0Acpu: Intel(R) Xeon(R) Platinum 8272CL CPU @ 2.60GHz%0A                                                          │ ./.tmp/benchmark-754be47.txt │%0A                                                          │            sec/op            │%0AImagePackageCatalogers/alpmdb-cataloger-2                                   11.79m ±  1%25%0AImagePackageCatalogers/apkdb-cataloger-2                                    724.0µ ±  1%25%0AImagePackageCatalogers/binary-cataloger-2                                   196.3µ ±  0%25%0AImagePackageCatalogers/dpkgdb-cataloger-2                                   582.3µ ±  1%25%0AImagePackageCatalogers/dotnet-deps-cataloger-2                              1.206m ±  1%25%0AImagePackageCatalogers/go-module-binary-cataloger-2                         94.02µ ±  1%25%0AImagePackageCatalogers/java-cataloger-2                                     13.35m ±  1%25%0AImagePackageCatalogers/graalvm-native-image-cataloger-2                     92.92µ ± 22%25%0AImagePackageCatalogers/javascript-package-cataloger-2                       402.1µ ±  1%25%0AImagePackageCatalogers/nix-store-cataloger-2                                272.5µ ±  1%25%0AImagePackageCatalogers/php-composer-installed-cataloger-2                   787.1µ ±  1%25%0AImagePackageCatalogers/portage-cataloger-2                                  477.3µ ±  3%25%0AImagePackageCatalogers/python-package-cataloger-2                           3.242m ±  3%25%0AImagePackageCatalogers/r-package-cataloger-2                                210.4µ ±  3%25%0AImagePackageCatalogers/rpm-db-cataloger-2                                   540.2µ ±  2%25%0AImagePackageCatalogers/ruby-gemspec-cataloger-2                             922.1µ ±  1%25%0AImagePackageCatalogers/sbom-cataloger-2                                     121.6µ ±  0%25%0Ageomean                                                                     611.5µ%0A%0A                                                          │ ./.tmp/benchmark-754be47.txt │%0A                                                          │             B/op             │%0AImagePackageCatalogers/alpmdb-cataloger-2                                   5.127Mi ± 0%25%0AImagePackageCatalogers/apkdb-cataloger-2                                    205.0Ki ± 0%25%0AImagePackageCatalogers/binary-cataloger-2                                   30.21Ki ± 0%25%0AImagePackageCatalogers/dpkgdb-cataloger-2                                   169.0Ki ± 0%25%0AImagePackageCatalogers/dotnet-deps-cataloger-2                              404.9Ki ± 0%25%0AImagePackageCatalogers/go-module-binary-cataloger-2                         9.906Ki ± 0%25%0AImagePackageCatalogers/java-cataloger-2                                     2.823Mi ± 0%25%0AImagePackageCatalogers/graalvm-native-image-cataloger-2                     8.594Ki ± 0%25%0AImagePackageCatalogers/javascript-package-cataloger-2                       100.9Ki ± 0%25%0AImagePackageCatalogers/nix-store-cataloger-2                                49.14Ki ± 0%25%0AImagePackageCatalogers/php-composer-installed-cataloger-2                   186.4Ki ± 0%25%0AImagePackageCatalogers/portage-cataloger-2                                  119.9Ki ± 0%25%0AImagePackageCatalogers/python-package-cataloger-2                           1.003Mi ± 0%25%0AImagePackageCatalogers/r-package-cataloger-2                                53.30Ki ± 0%25%0AImagePackageCatalogers/rpm-db-cataloger-2                                   180.9Ki ± 0%25%0AImagePackageCatalogers/ruby-gemspec-cataloger-2                             144.1Ki ± 0%25%0AImagePackageCatalogers/sbom-cataloger-2                                     14.20Ki ± 0%25%0Ageomean                                                                     132.7Ki%0A%0A                                                          │ ./.tmp/benchmark-754be47.txt │%0A                                                          │          allocs/op           │%0AImagePackageCatalogers/alpmdb-cataloger-2                                    87.75k ± 0%25%0AImagePackageCatalogers/apkdb-cataloger-2                                     4.182k ± 0%25%0AImagePackageCatalogers/binary-cataloger-2                                     830.0 ± 0%25%0AImagePackageCatalogers/dpkgdb-cataloger-2                                    3.000k ± 0%25%0AImagePackageCatalogers/dotnet-deps-cataloger-2                               6.338k ± 0%25%0AImagePackageCatalogers/go-module-binary-cataloger-2                           281.0 ± 0%25%0AImagePackageCatalogers/java-cataloger-2                                      39.81k ± 0%25%0AImagePackageCatalogers/graalvm-native-image-cataloger-2                       228.0 ± 0%25%0AImagePackageCatalogers/javascript-package-cataloger-2                        1.404k ± 0%25%0AImagePackageCatalogers/nix-store-cataloger-2                                  895.0 ± 0%25%0AImagePackageCatalogers/php-composer-installed-cataloger-2                    4.079k ± 0%25%0AImagePackageCatalogers/portage-cataloger-2                                   2.269k ± 0%25%0AImagePackageCatalogers/python-package-cataloger-2                            16.43k ± 0%25%0AImagePackageCatalogers/r-package-cataloger-2                                  929.0 ± 0%25%0AImagePackageCatalogers/rpm-db-cataloger-2                                    3.989k ± 0%25%0AImagePackageCatalogers/ruby-gemspec-cataloger-2                              2.447k ± 0%25%0AImagePackageCatalogers/sbom-cataloger-2                                       394.0 ± 0%25%0Ageomean                                                                      2.582k

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
@spiffcs spiffcs enabled auto-merge (squash) May 23, 2023 16:57
@spiffcs spiffcs merged commit 4ac8fdf into main May 23, 2023
@spiffcs spiffcs deleted the 1837-panic-recovery branch May 23, 2023 16:58
@spiffcs spiffcs added the bug Something isn't working label May 23, 2023
spiffcs added a commit that referenced this pull request Jun 5, 2023
* main: (21 commits)
  chore(deps): bump github.com/sirupsen/logrus from 1.9.2 to 1.9.3 (#1862)
  chore(deps): bump modernc.org/sqlite from 1.22.1 to 1.23.0 (#1863)
  feat: source-version flag (#1859)
  chore(deps): bump github.com/spf13/viper from 1.15.0 to 1.16.0 (#1851)
  accept main.version ldflags even without vcs (#1855)
  feat: add scope to pom properties (#1779)
  chore(deps): bump github.com/stretchr/testify from 1.8.3 to 1.8.4 (#1852)
  chore(deps): bump github.com/docker/docker (#1849)
  Add test to ensure package metadata is represented in the JSON schema (#1841)
  Fix directory resolver to consider CWD and root path input correctly (#1840)
  Migrate location-related structs to the file package (#1751)
  chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#1843)
  fix: add panic recovery for license parse (#1839)
  chore: return both failures when failed to retrieve an image with a scheme (#1801)
  Extract go module versions from ldflags for binaries built by go (#1832)
  fix: duplicate packages, support pnpm lockfile v6 (#1778)
  chore(deps): update stereoscope to e14bc4437b2eac481c5b6f101890b22df4f33596 (#1834)
  chore(deps): bump github.com/stretchr/testify from 1.8.2 to 1.8.3 (#1829)
  chore(deps): bump github.com/docker/docker (#1833)
  Keep original FileInfo persisted on file.Metadata structs (#1794)
  ...

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
GijsCalis pushed a commit to GijsCalis/syft that referenced this pull request Feb 19, 2024
* fix: add panic recovery for license parse
---------
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
# for free to join this conversation on GitHub. Already have an account? # to comment
Labels
bug Something isn't working
Projects
None yet
Development

Successfully merging this pull request may close these issues.

v0.81.0 crashing parsing some images
2 participants