Skip to content

Commit c16f100

Browse files
copybara-githubcopybara-github
committed
Merge pull request #1683 from Ly-Joey:feat-ffa-baseimage-attribution
PiperOrigin-RevId: 859375635
2 parents c2da701 + 7080a08 commit c16f100

File tree

17 files changed

+1436
-478
lines changed

17 files changed

+1436
-478
lines changed

annotator/ffa/unknownbinariesanno/filterknownbinaries.go

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,9 @@ package unknownbinariesanno
1818

1919
import (
2020
"context"
21+
"errors"
2122
"fmt"
23+
"io/fs"
2224
"slices"
2325

2426
"github.com/google/osv-scalibr/annotator"
@@ -32,7 +34,7 @@ import (
3234
)
3335

3436
// Name of the plugin
35-
const Name = "ffa/unknownbinaries"
37+
const Name = "ffa/unknownbinariesanno"
3638

3739
// List of filters to apply to exclude known binaries
3840
var filters = []filter.Filter{
@@ -79,6 +81,11 @@ func (anno *Annotator) Annotate(ctx context.Context, input *annotator.ScanInput,
7981
for _, f := range filters {
8082
err := f.HashSetFilter(ctx, input.ScanRoot.FS, unknownBinariesSet)
8183
if err != nil {
84+
// If a particular system's package manager db doesn't exist, it is not installed or has no package info.
85+
// We simply continue down the filter list
86+
if errors.Is(err, fs.ErrNotExist) {
87+
continue
88+
}
8289
return fmt.Errorf("%s halted at %q (%q) because %w", anno.Name(), input.ScanRoot.Path, f.Name(), err)
8390
}
8491
}

annotator/ffa/unknownbinariesanno/internal/apkfilter/apk.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -66,15 +66,15 @@ func (ApkFilter) HashSetFilter(ctx context.Context, fs scalibrfs.FS, unknownBina
6666
continue
6767
}
6868
filePath := path.Join(currentDir, kv.Value)
69-
delete(unknownBinariesSet, filePath)
69+
filter.AttributePackage(unknownBinariesSet, filePath)
7070

7171
if evalFS, ok := fs.(image.EvalSymlinksFS); ok {
7272
// EvalSymlink expects an absolute path from the root of the image.
7373
evalPath, err := evalFS.EvalSymlink("/" + filePath)
7474
if err != nil {
7575
continue
7676
}
77-
delete(unknownBinariesSet, strings.TrimPrefix(evalPath, "/"))
77+
filter.AttributePackage(unknownBinariesSet, strings.TrimPrefix(evalPath, "/"))
7878
}
7979
}
8080
}

annotator/ffa/unknownbinariesanno/internal/apkfilter/apk_test.go

Lines changed: 212 additions & 33 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,7 @@ import (
2222
"github.com/google/go-cmp/cmp"
2323
"github.com/google/osv-scalibr/artifact/image/layerscanning/testing/fakelayer"
2424
"github.com/google/osv-scalibr/extractor"
25+
ubextr "github.com/google/osv-scalibr/extractor/filesystem/ffa/unknownbinariesextr"
2526
scalibrfs "github.com/google/osv-scalibr/fs"
2627
"github.com/google/osv-scalibr/testing/fakefs"
2728
)
@@ -115,23 +116,63 @@ R:binary2
115116
`,
116117
},
117118
unknownBinariesSet: map[string]*extractor.Package{
118-
"usr/bin/binary1": {Name: "binary1"},
119-
"usr/lib/library1": {Name: "library1"},
120-
"bin/binary2": {Name: "binary2"},
121-
"usr/bin/unknown1": {Name: "unknown1"},
119+
"usr/bin/binary1": {Name: "binary1",
120+
Metadata: &ubextr.UnknownBinaryMetadata{
121+
Attribution: ubextr.Attribution{},
122+
}},
123+
"usr/lib/library1": {Name: "library1",
124+
Metadata: &ubextr.UnknownBinaryMetadata{
125+
Attribution: ubextr.Attribution{},
126+
}},
127+
"bin/binary2": {Name: "binary2",
128+
Metadata: &ubextr.UnknownBinaryMetadata{
129+
Attribution: ubextr.Attribution{},
130+
}},
131+
"usr/bin/unknown1": {Name: "unknown1",
132+
Metadata: &ubextr.UnknownBinaryMetadata{
133+
Attribution: ubextr.Attribution{},
134+
}},
122135
},
123136
want: map[string]*extractor.Package{
124-
"usr/bin/unknown1": {Name: "unknown1"},
137+
"usr/bin/binary1": {Name: "binary1",
138+
Metadata: &ubextr.UnknownBinaryMetadata{
139+
Attribution: ubextr.Attribution{
140+
LocalFilesystem: true,
141+
},
142+
},
143+
},
144+
"usr/lib/library1": {Name: "library1",
145+
Metadata: &ubextr.UnknownBinaryMetadata{
146+
Attribution: ubextr.Attribution{
147+
LocalFilesystem: true,
148+
},
149+
}},
150+
"bin/binary2": {Name: "binary2",
151+
Metadata: &ubextr.UnknownBinaryMetadata{
152+
Attribution: ubextr.Attribution{
153+
LocalFilesystem: true,
154+
},
155+
}},
156+
"usr/bin/unknown1": {Name: "unknown1",
157+
Metadata: &ubextr.UnknownBinaryMetadata{
158+
Attribution: ubextr.Attribution{},
159+
}},
125160
},
126161
},
127162
{
128163
name: "apk_db_does_not_exist",
129164
files: map[string]string{},
130165
unknownBinariesSet: map[string]*extractor.Package{
131-
"usr/bin/binary1": {Name: "binary1"},
166+
"usr/bin/binary1": {Name: "binary1",
167+
Metadata: &ubextr.UnknownBinaryMetadata{
168+
Attribution: ubextr.Attribution{},
169+
}},
132170
},
133171
want: map[string]*extractor.Package{
134-
"usr/bin/binary1": {Name: "binary1"},
172+
"usr/bin/binary1": {Name: "binary1",
173+
Metadata: &ubextr.UnknownBinaryMetadata{
174+
Attribution: ubextr.Attribution{},
175+
}},
135176
},
136177
wantErr: true,
137178
},
@@ -141,10 +182,16 @@ R:binary2
141182
"lib/apk/db/installed": "",
142183
},
143184
unknownBinariesSet: map[string]*extractor.Package{
144-
"usr/bin/binary1": {Name: "binary1"},
185+
"usr/bin/binary1": {Name: "binary1",
186+
Metadata: &ubextr.UnknownBinaryMetadata{
187+
Attribution: ubextr.Attribution{},
188+
}},
145189
},
146190
want: map[string]*extractor.Package{
147-
"usr/bin/binary1": {Name: "binary1"},
191+
"usr/bin/binary1": {Name: "binary1",
192+
Metadata: &ubextr.UnknownBinaryMetadata{
193+
Attribution: ubextr.Attribution{},
194+
}},
148195
},
149196
},
150197
{
@@ -167,14 +214,56 @@ R:symlink
167214
})
168215
},
169216
unknownBinariesSet: map[string]*extractor.Package{
170-
"usr/bin/symlink1": {Name: "symlink1"},
171-
"usr/bin/actual_binary": {Name: "actual_binary"},
172-
"path/to/another/symlink": {Name: "symlink"},
173-
"path/to/another/actual": {Name: "another_actual"},
174-
"usr/bin/not_in_db": {Name: "not_in_db"},
217+
"usr/bin/symlink1": {Name: "symlink1",
218+
Metadata: &ubextr.UnknownBinaryMetadata{
219+
Attribution: ubextr.Attribution{},
220+
}},
221+
"usr/bin/actual_binary": {Name: "actual_binary",
222+
Metadata: &ubextr.UnknownBinaryMetadata{
223+
Attribution: ubextr.Attribution{},
224+
}},
225+
"path/to/another/symlink": {Name: "symlink",
226+
Metadata: &ubextr.UnknownBinaryMetadata{
227+
Attribution: ubextr.Attribution{},
228+
}},
229+
"path/to/another/actual": {Name: "another_actual",
230+
Metadata: &ubextr.UnknownBinaryMetadata{
231+
Attribution: ubextr.Attribution{},
232+
}},
233+
"usr/bin/not_in_db": {Name: "not_in_db",
234+
Metadata: &ubextr.UnknownBinaryMetadata{
235+
Attribution: ubextr.Attribution{},
236+
}},
175237
},
176238
want: map[string]*extractor.Package{
177-
"usr/bin/not_in_db": {Name: "not_in_db"},
239+
"usr/bin/symlink1": {Name: "symlink1",
240+
Metadata: &ubextr.UnknownBinaryMetadata{
241+
Attribution: ubextr.Attribution{
242+
LocalFilesystem: true,
243+
},
244+
}},
245+
"usr/bin/actual_binary": {Name: "actual_binary",
246+
Metadata: &ubextr.UnknownBinaryMetadata{
247+
Attribution: ubextr.Attribution{
248+
LocalFilesystem: true,
249+
},
250+
}},
251+
"path/to/another/symlink": {Name: "symlink",
252+
Metadata: &ubextr.UnknownBinaryMetadata{
253+
Attribution: ubextr.Attribution{
254+
LocalFilesystem: true,
255+
},
256+
}},
257+
"path/to/another/actual": {Name: "another_actual",
258+
Metadata: &ubextr.UnknownBinaryMetadata{
259+
Attribution: ubextr.Attribution{
260+
LocalFilesystem: true,
261+
},
262+
}},
263+
"usr/bin/not_in_db": {Name: "not_in_db",
264+
Metadata: &ubextr.UnknownBinaryMetadata{
265+
Attribution: ubextr.Attribution{},
266+
}},
178267
},
179268
},
180269
{
@@ -194,11 +283,26 @@ R:symlink2
194283
})
195284
},
196285
unknownBinariesSet: map[string]*extractor.Package{
197-
"usr/bin/symlink2": {Name: "symlink2"},
198-
"usr/bin/unknown2": {Name: "unknown2"},
286+
"usr/bin/symlink2": {Name: "symlink2",
287+
Metadata: &ubextr.UnknownBinaryMetadata{
288+
Attribution: ubextr.Attribution{},
289+
}},
290+
"usr/bin/unknown2": {Name: "unknown2",
291+
Metadata: &ubextr.UnknownBinaryMetadata{
292+
Attribution: ubextr.Attribution{},
293+
}},
199294
},
200295
want: map[string]*extractor.Package{
201-
"usr/bin/unknown2": {Name: "unknown2"},
296+
"usr/bin/symlink2": {Name: "symlink2",
297+
Metadata: &ubextr.UnknownBinaryMetadata{
298+
Attribution: ubextr.Attribution{
299+
LocalFilesystem: true,
300+
},
301+
}},
302+
"usr/bin/unknown2": {Name: "unknown2",
303+
Metadata: &ubextr.UnknownBinaryMetadata{
304+
Attribution: ubextr.Attribution{},
305+
}},
202306
},
203307
},
204308
{
@@ -210,10 +314,16 @@ V:1.0
210314
`,
211315
},
212316
unknownBinariesSet: map[string]*extractor.Package{
213-
"usr/bin/binary1": {Name: "binary1"},
317+
"usr/bin/binary1": {Name: "binary1",
318+
Metadata: &ubextr.UnknownBinaryMetadata{
319+
Attribution: ubextr.Attribution{},
320+
}},
214321
},
215322
want: map[string]*extractor.Package{
216-
"usr/bin/binary1": {Name: "binary1"},
323+
"usr/bin/binary1": {Name: "binary1",
324+
Metadata: &ubextr.UnknownBinaryMetadata{
325+
Attribution: ubextr.Attribution{},
326+
}},
217327
},
218328
},
219329
{
@@ -222,14 +332,56 @@ V:1.0
222332
"lib/apk/db/installed": string(installed),
223333
},
224334
unknownBinariesSet: map[string]*extractor.Package{
225-
"etc/motd": {Name: "motd"},
226-
"usr/bin/scanelf": {Name: "scanelf"},
227-
"usr/bin/ssl_client": {Name: "ssl_client"},
228-
"lib/libz.so.1": {Name: "libz.so.1"},
229-
"unknown/binary": {Name: "unknown"},
335+
"etc/motd": {Name: "motd",
336+
Metadata: &ubextr.UnknownBinaryMetadata{
337+
Attribution: ubextr.Attribution{},
338+
}},
339+
"usr/bin/scanelf": {Name: "scanelf",
340+
Metadata: &ubextr.UnknownBinaryMetadata{
341+
Attribution: ubextr.Attribution{},
342+
}},
343+
"usr/bin/ssl_client": {Name: "ssl_client",
344+
Metadata: &ubextr.UnknownBinaryMetadata{
345+
Attribution: ubextr.Attribution{},
346+
}},
347+
"lib/libz.so.1": {Name: "libz.so.1",
348+
Metadata: &ubextr.UnknownBinaryMetadata{
349+
Attribution: ubextr.Attribution{},
350+
}},
351+
"unknown/binary": {Name: "unknown",
352+
Metadata: &ubextr.UnknownBinaryMetadata{
353+
Attribution: ubextr.Attribution{},
354+
}},
230355
},
231356
want: map[string]*extractor.Package{
232-
"unknown/binary": {Name: "unknown"},
357+
"etc/motd": {Name: "motd",
358+
Metadata: &ubextr.UnknownBinaryMetadata{
359+
Attribution: ubextr.Attribution{
360+
LocalFilesystem: true,
361+
},
362+
}},
363+
"usr/bin/scanelf": {Name: "scanelf",
364+
Metadata: &ubextr.UnknownBinaryMetadata{
365+
Attribution: ubextr.Attribution{
366+
LocalFilesystem: true,
367+
},
368+
}},
369+
"usr/bin/ssl_client": {Name: "ssl_client",
370+
Metadata: &ubextr.UnknownBinaryMetadata{
371+
Attribution: ubextr.Attribution{
372+
LocalFilesystem: true,
373+
},
374+
}},
375+
"lib/libz.so.1": {Name: "libz.so.1",
376+
Metadata: &ubextr.UnknownBinaryMetadata{
377+
Attribution: ubextr.Attribution{
378+
LocalFilesystem: true,
379+
},
380+
}},
381+
"unknown/binary": {Name: "unknown",
382+
Metadata: &ubextr.UnknownBinaryMetadata{
383+
Attribution: ubextr.Attribution{},
384+
}},
233385
},
234386
},
235387
{
@@ -238,11 +390,26 @@ V:1.0
238390
"lib/apk/db/installed": string(single),
239391
},
240392
unknownBinariesSet: map[string]*extractor.Package{
241-
"etc/fstab": {Name: "fstab"},
242-
"unknown/binary": {Name: "unknown"},
393+
"etc/fstab": {Name: "fstab",
394+
Metadata: &ubextr.UnknownBinaryMetadata{
395+
Attribution: ubextr.Attribution{},
396+
}},
397+
"unknown/binary": {Name: "unknown",
398+
Metadata: &ubextr.UnknownBinaryMetadata{
399+
Attribution: ubextr.Attribution{},
400+
}},
243401
},
244402
want: map[string]*extractor.Package{
245-
"unknown/binary": {Name: "unknown"},
403+
"etc/fstab": {Name: "fstab",
404+
Metadata: &ubextr.UnknownBinaryMetadata{
405+
Attribution: ubextr.Attribution{
406+
LocalFilesystem: true,
407+
},
408+
}},
409+
"unknown/binary": {Name: "unknown",
410+
Metadata: &ubextr.UnknownBinaryMetadata{
411+
Attribution: ubextr.Attribution{},
412+
}},
246413
},
247414
},
248415
{
@@ -251,10 +418,16 @@ V:1.0
251418
"lib/apk/db/installed": string(invalid),
252419
},
253420
unknownBinariesSet: map[string]*extractor.Package{
254-
"usr/bin/binary1": {Name: "binary1"},
421+
"usr/bin/binary1": {Name: "binary1",
422+
Metadata: &ubextr.UnknownBinaryMetadata{
423+
Attribution: ubextr.Attribution{},
424+
}},
255425
},
256426
want: map[string]*extractor.Package{
257-
"usr/bin/binary1": {Name: "binary1"},
427+
"usr/bin/binary1": {Name: "binary1",
428+
Metadata: &ubextr.UnknownBinaryMetadata{
429+
Attribution: ubextr.Attribution{},
430+
}},
258431
},
259432
wantErr: true,
260433
},
@@ -264,10 +437,16 @@ V:1.0
264437
"lib/apk/db/installed": string(empty),
265438
},
266439
unknownBinariesSet: map[string]*extractor.Package{
267-
"usr/bin/binary1": {Name: "binary1"},
440+
"usr/bin/binary1": {Name: "binary1",
441+
Metadata: &ubextr.UnknownBinaryMetadata{
442+
Attribution: ubextr.Attribution{},
443+
}},
268444
},
269445
want: map[string]*extractor.Package{
270-
"usr/bin/binary1": {Name: "binary1"},
446+
"usr/bin/binary1": {Name: "binary1",
447+
Metadata: &ubextr.UnknownBinaryMetadata{
448+
Attribution: ubextr.Attribution{},
449+
}},
271450
},
272451
},
273452
}

0 commit comments

Comments
 (0)