Support for fail-on-error for container sbom generation. Env variable…

… to force non-strict tar extraction. Signed-off-by: Prabhu Subramanian <[email protected]>
CycloneDX · Dec 26, 2024 · 56fc686 · 56fc686
1 parent e1dcfc2
commit 56fc686
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 19 deletions.
diff --git a/lib/managers/docker.js b/lib/managers/docker.js
@@ -782,15 +782,6 @@ export const getImage = async (fullImageName) => {
  * @param entry {tar.ReadEntry} ReadEntry object from node-tar
  */
 function handleAbsolutePath(entry) {
-  // Don't waste time with gibberish path
-  if (
-    !entry ||
-    !entry.path ||
-    entry.path.startsWith("{") ||
-    entry.path.includes("\n")
-  ) {
-    return;
-  }
   if (entry.path === "/" || win32.isAbsolute(entry.path)) {
     entry.path = stripAbsolutePath(entry.path);
   }
@@ -817,13 +808,12 @@ export const extractTar = async (fullImageName, dir, options) => {
         filter: (path, entry) => {
           // Some files are known to cause issues with extract
           return !(
-            path.startsWith("{") ||
-            path.includes("\n") ||
             path.includes("etc/machine-id") ||
             path.includes("etc/gshadow") ||
             path.includes("etc/shadow") ||
-            path.endsWith("etc/passwd") ||
-            path.endsWith("etc/ssl/certs") ||
+            path.includes("etc/passwd") ||
+            path.includes("etc/ssl/certs") ||
+            path.includes("etc/pki/ca-trust") ||
             path.includes("usr/lib/systemd/") ||
             path.includes("usr/lib64/libdevmapper.so") ||
             path.includes("usr/sbin/") ||
@@ -878,8 +868,6 @@ export const extractTar = async (fullImageName, dir, options) => {
     } else if (err.code === "TAR_BAD_ARCHIVE") {
       if (DEBUG_MODE) {
         console.log(`Archive ${fullImageName} is empty. Skipping.`);
-        // Empty tar images need not lead to failure.
-        return false;
       }
     } else if (["EACCES"].includes(err.code)) {
       console.log(err);
@@ -892,8 +880,13 @@ export const extractTar = async (fullImageName, dir, options) => {
       DEBUG_MODE &&
       ["TAR_ENTRY_INFO", "TAR_ENTRY_INVALID"].includes(err.code)
     ) {
+      if (
+        err?.header?.path?.includes("{") ||
+        err?.message?.includes("linkpath required")
+      ) {
+        return false;
+      }
       console.log(err);
-      return false;
     } else if (DEBUG_MODE) {
       console.log(err.code, "is not handled yet in extractTar method.");
     }
@@ -959,6 +952,7 @@ export const exportArchive = async (fullImageName, options = {}) => {
     options.failOnError && process.exit(1);
   } catch (err) {
     // ignore
+    options.failOnError && process.exit(1);
   }
   return undefined;
 };
@@ -1028,8 +1022,8 @@ export const extractFromManifest = async (
           }
         } else {
           console.log(err);
+          options.failOnError && process.exit(1);
         }
-        options.failOnError && process.exit(1);
       }
     }
     if (manifest.Config) {
@@ -1052,7 +1046,7 @@ export const extractFromManifest = async (
           ? join(allLayersExplodedDir, lastLayerConfig.config.WorkingDir)
           : "";
       } catch (err) {
-        // ignore
+        options.failOnError && process.exit(1);
       }
     }
   }

diff --git a/types/lib/managers/docker.d.ts.map b/types/lib/managers/docker.d.ts.map