Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Syft stuck on some images (also affecting grype) #764

Closed
tsunamaru opened this issue Jan 22, 2022 · 6 comments · Fixed by anchore/stereoscope#100 or #810
Closed

Syft stuck on some images (also affecting grype) #764

tsunamaru opened this issue Jan 22, 2022 · 6 comments · Fixed by anchore/stereoscope#100 or #810
Assignees
@jonasagx
Labels
bug Something isn't working I/O Describes bug or enhancement around application input or output

Comments

@tsunamaru
Copy link

tsunamaru commented Jan 22, 2022
edited

What happened:
On some images syft (and grype) infinity showing "Loading image" - "Saving image to disk" and not responding to SIGINT/SIGTERM.
image

What you expected to happen:
Scan to be done.

How to reproduce it (as minimally and precisely as possible):
I can send you example image by any private means (it contains company private code and thus can't be uploaded to public share or registry, sorry). Ideally, if you give me some email for contact.
Just execute syft noway13/ldap-passwd-webui:latest.

Anything else we need to know?:
Initially reported in anchore/grype#549

Environment:

  • Output of syft version:
Application:   syft
Version:       0.36.0
BuildDate:     2022-01-19T20:25:30Z
GitCommit:     aebe843c6f0307d5c263c25257caf3e6ea827c78
GitTreeState:  clean
Platform:      linux/amd64
GoVersion:     go1.16.13
Compiler:      gc
  • OS (e.g: cat /etc/os-release or similar):
NAME="Ubuntu"
VERSION="20.04.3 LTS (Focal Fossa)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 20.04.3 LTS"
VERSION_ID="20.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=focal
UBUNTU_CODENAME=focal
@tsunamaru tsunamaru added the bug Something isn't working label Jan 22, 2022
@jonasagx
Copy link
Contributor

Thanks for the report @tsunamaru -- I've reproduced the bug. I suspect an issue with the terminal UI causes some race condition; more investigation is necessary to figure it out.
You can avoid the problem running Syft with -v flag, for verbose, until a fix is released.

@luhring luhring added the I/O Describes bug or enhancement around application input or output label Feb 2, 2022
@tsunamaru
Copy link
Author

Thanks for investigation and provided workaround @jonasagx.
I can also confirm that syft with -q is works fine on example image, along with -v.

@jonasagx
Copy link
Contributor

jonasagx commented Feb 3, 2022

Related: #733

Without verbose mode, syft gets stuck and hangs at "Cataloging packages [packages: 0]" stage

@jonasagx jonasagx mentioned this issue Feb 4, 2022
Merged
@jonasagx jonasagx self-assigned this Feb 7, 2022
@jonasagx jonasagx reopened this Feb 9, 2022
@jonasagx jonasagx mentioned this issue Feb 9, 2022
Merged
@jonasagx
Copy link
Contributor

jonasagx commented Feb 9, 2022
edited

A PR from stereoscope mistakenly closed this ticket.
Syft PR to fix it: #810

jonasagx added a commit to jonasagx/grype that referenced this issue Feb 9, 2022
@jonasagx
Ensure completion of UI progress bar
37a79a3 
Update version of stereoscope with a fix for anchore#549 and is related to a Syft issue: anchore/syft#764

Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
@jonasagx jonasagx mentioned this issue Feb 9, 2022
Merged
@jonasagx
Copy link
Contributor

@tsunamaru if you're curious: noway13/ldap-passwd-webui:latest size in its metadata is bigger than the actual image size, and that confused our terminal UI, that is why using -v worked.
Thanks again for reporting it and making the testing process much easier 🥇.

@tsunamaru
Copy link
Author

Thanks for swift action @jonasagx. I used grype and syft tools to bulk extract log4j versions from docker images on company Nexus. From ~30k images there was ~500 which caused grype/syft stuck (though all those images were somewhat old -- built in 2018-2019).

Anyway grype and syft tools saved me tremendous amount of time, so thank you (anchore people and contributors) for making it!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jonasagx jonasagx

Labels
bug Something isn't working I/O Describes bug or enhancement around application input or output
Projects
None yet
Milestone
No milestone
3 participants
@jonasagx @luhring @tsunamaru