Crash when scanning scan on image

Question

Crash when scanning scan on image

sbs2001 opened this issue 2 years ago · 1 comments

sbs2001 commented 2 years ago

Running the command from example:

bom generate -n http://example.com/ --image registry.k8s.io/kube-apiserver:v1.21.0

Produces the following crash:

INFO bom (devel): Generating SPDX Bill of Materials 
INFO Processing image reference: registry.k8s.io/kube-apiserver:v1.21.0 
INFO Reference image index points to 5 manifests  
INFO Adding image registry.k8s.io/kube-apiserver@sha256:1435e167151f90b7f4abfd416726751c46b8672cc7288507fab7cfa5a05b866c (amd64/linux) 
INFO Adding image registry.k8s.io/kube-apiserver@sha256:90cbf8d0444fe5fad4e06d37d42c6d202bf27edc5d931c337b6aadf749d03550 (arm/linux) 
INFO Adding image registry.k8s.io/kube-apiserver@sha256:1a495c62bc2e2f2209e3a8c5fe6c364878d55418c802a7543edadeb1728d987a (arm64/linux) 
INFO Adding image registry.k8s.io/kube-apiserver@sha256:a2199aece7bf28ca30233895803984edd45cab59b054eeade5ea398185d995db (ppc64le/linux) 
INFO Adding image registry.k8s.io/kube-apiserver@sha256:4dc554858e54ad2ae7cd1990d1fb11e1c516fbffd9f17f8a4f98ead0b5eae148 (s390x/linux) 
INFO Downloading registry.k8s.io/kube-apiserver@sha256:1435e167151f90b7f4abfd416726751c46b8672cc7288507fab7cfa5a05b866c 
INFO Downloading registry.k8s.io/kube-apiserver@sha256:90cbf8d0444fe5fad4e06d37d42c6d202bf27edc5d931c337b6aadf749d03550 
INFO Downloading registry.k8s.io/kube-apiserver@sha256:1a495c62bc2e2f2209e3a8c5fe6c364878d55418c802a7543edadeb1728d987a 
INFO Downloading registry.k8s.io/kube-apiserver@sha256:a2199aece7bf28ca30233895803984edd45cab59b054eeade5ea398185d995db 
INFO Downloading registry.k8s.io/kube-apiserver@sha256:4dc554858e54ad2ae7cd1990d1fb11e1c516fbffd9f17f8a4f98ead0b5eae148 
INFO Generating SPDX package from image tarball /tmp/doc-build-2746872942/1435e167151f90b7f4abfd416726751c46b8672cc7288507fab7cfa5a05b866c.tar 
INFO Successfully extracted 5 files from image tarball /tmp/doc-build-2746872942/1435e167151f90b7f4abfd416726751c46b8672cc7288507fab7cfa5a05b866c.tar 
INFO Package describes registry.k8s.io/kube-apiserver:1435e167151f90b7f4abfd416726751c46b8672cc7288507fab7cfa5a05b866c image 
INFO Image manifest lists 3 layers                
INFO Writing etc/os-release to /tmp/os-release-3381435396 
INFO Scan of container layers found debian base image 
INFO dbdata is blank                              
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x8 pc=0x81e0c9]

goroutine 1 [running]:
sigs.k8s.io/bom/pkg/osinfo.(*ContainerScanner).ReadOSPackages(0x8a27c0?, {0xc000461d40?, 0x3?, 0x4?})
	/home/shivam/work/bom/pkg/osinfo/container_scanner.go:62 +0xe9
sigs.k8s.io/bom/pkg/spdx.(*spdxDefaultImplementation).PackageFromImageTarball(0xc000026d50?, 0xd255e0, {0xc000028960, 0x5e})
	/home/shivam/work/bom/pkg/spdx/implementation.go:797 +0x6dc
sigs.k8s.io/bom/pkg/spdx.(*spdxDefaultImplementation).ImageRefToPackage(0xc0000bc000?, {0xc000026d50, 0x26}, 0x1e?)
	/home/shivam/work/bom/pkg/spdx/implementation.go:686 +0x87b
sigs.k8s.io/bom/pkg/spdx.(*SPDX).ImageRefToPackage(...)
	/home/shivam/work/bom/pkg/spdx/spdx.go:242
sigs.k8s.io/bom/pkg/spdx.(*defaultDocBuilderImpl).GenerateDoc(0x100?, 0xd30f90, 0xc0000b77a0)
	/home/shivam/work/bom/pkg/spdx/builder.go:204 +0x8ae
sigs.k8s.io/bom/pkg/spdx.(*DocBuilder).Generate(0xc0003c5c18, 0xc0000b77a0)
	/home/shivam/work/bom/pkg/spdx/builder.go:73 +0x73
sigs.k8s.io/bom/cmd/bom/cmd.generateBOM(0xc0000b4900)
	/home/shivam/work/bom/cmd/bom/cmd/generate.go:319 +0x375
sigs.k8s.io/bom/cmd/bom/cmd.AddGenerate.func1(0xc000229180?, {0xc0002012c0?, 0x4?, 0x4?})
	/home/shivam/work/bom/cmd/bom/cmd/generate.go:134 +0xab
github.com/spf13/cobra.(*Command).execute(0xc000229180, {0xc000201280, 0x4, 0x4})
	/home/shivam/.asdf/installs/golang/1.18.1/packages/pkg/mod/github.com/spf13/cobra@v1.3.0/command.go:856 +0x67c
github.com/spf13/cobra.(*Command).ExecuteC(0xd285c0)
	/home/shivam/.asdf/installs/golang/1.18.1/packages/pkg/mod/github.com/spf13/cobra@v1.3.0/command.go:974 +0x3b4
github.com/spf13/cobra.(*Command).Execute(...)
	/home/shivam/.asdf/installs/golang/1.18.1/packages/pkg/mod/github.com/spf13/cobra@v1.3.0/command.go:902
sigs.k8s.io/bom/cmd/bom/cmd.Execute()
	/home/shivam/work/bom/cmd/bom/cmd/root.go:71 +0x25
main.main()
	/home/shivam/work/bom/cmd/bom/main.go:24 +0x17

Answer 1 · 2022-08-03T14:18:04.000Z

Fixed in latest branch