clairctl
clairctl copied to clipboard
jgsqware
404 error (and panic) while trying to generate a report
Ran docker-compose up and the command docker-compose exec clairctl clairctl report alpine:3.6 -l.
docker-compose version 1.14.0, build c7bdf9e
2017-08-24 23:41:29.612826 E | clair: analysing layer [0da0ce6b7605] 1/1: receiving http error: 404
panic: runtime error: index out of range [recovered]
panic: runtime error: index out of range
goroutine 1 [running]:
panic(0x558fea79a240, 0xc4200140a0)
/usr/lib/go/src/runtime/panic.go:500 +0x1a5
text/template.errRecover(0xc4201798d0)
/usr/lib/go/src/text/template/exec.go:140 +0x2af
panic(0x558fea79a240, 0xc4200140a0)
/usr/lib/go/src/runtime/panic.go:458 +0x247
github.com/jgsqware/clairctl/clair.allVulnerabilities(0xc4203ba000, 0x9, 0xc4203ba012, 0x6, 0xc4203ba019, 0x3, 0x558feaaf3b58, 0x0, 0x0, 0x0)
/go/src/github.com/jgsqware/clairctl/clair/report.go:90 +0x29b
reflect.Value.call(0x558fea778900, 0x558fea83a530, 0x13, 0x558fea422e9d, 0x4, 0xc4201ff0a0, 0x1, 0x1, 0xc4201ff080, 0xc420179198, ...)
/usr/lib/go/src/reflect/value.go:434 +0x5ca
reflect.Value.Call(0x558fea778900, 0x558fea83a530, 0x13, 0xc4201ff0a0, 0x1, 0x1, 0x558feaab4f80, 0xc4201d15c0, 0x558fea7ff5a0)
/usr/lib/go/src/reflect/value.go:302 +0xa6
text/template.(*state).evalCall(0xc420179850, 0x558fea7ff5a0, 0xc4203ed590, 0x99, 0x558fea778900, 0x558fea83a530, 0x13, 0x558feaab4aa0, 0xc4201d1560, 0xc420218a50, ...)
/usr/lib/go/src/text/template/exec.go:658 +0x532
text/template.(*state).evalFunction(0xc420179850, 0x558fea7ff5a0, 0xc4203ed590, 0x99, 0xc4201d1590, 0x558feaab4aa0, 0xc4201d1560, 0xc4201fe2e0, 0x2, 0x2, ...)
/usr/lib/go/src/text/template/exec.go:530 +0x197
text/template.(*state).evalCommand(0xc420179850, 0x558fea7ff5a0, 0xc4203ed590, 0x99, 0xc4201d1560, 0x0, 0x0, 0x0, 0x2, 0x28, ...)
/usr/lib/go/src/text/template/exec.go:427 +0x6f9
text/template.(*state).evalPipeline(0xc420179850, 0x558fea7ff5a0, 0xc4203ed590, 0x99, 0xc4203ec230, 0x558fea7ff5a0, 0xc4203ed590, 0x29c1)
/usr/lib/go/src/text/template/exec.go:400 +0xf0
text/template.(*state).walkIfOrWith(0xc420179850, 0x13, 0x558fea7ff5a0, 0xc4203ed590, 0x99, 0xc4203ec230, 0xc4201d15f0, 0x0)
/usr/lib/go/src/text/template/exec.go:255 +0xc6
text/template.(*state).walk(0xc420179850, 0x558fea7ff5a0, 0xc4203ed590, 0x99, 0x558feaab4fe0, 0xc4203dd4c0)
/usr/lib/go/src/text/template/exec.go:245 +0x37f
text/template.(*state).walk(0xc420179850, 0x558fea7ff5a0, 0xc4203ed590, 0x99, 0x558feaab4c80, 0xc4201d1260)
/usr/lib/go/src/text/template/exec.go:234 +0x13f
text/template.(*Template).execute(0xc4203dc240, 0x558feaaaafc0, 0xc420370310, 0x558fea7ff5a0, 0xc4203ed590, 0x0, 0x0)
/usr/lib/go/src/text/template/exec.go:189 +0x206
text/template.(*Template).Execute(0xc4203dc240, 0x558feaaaafc0, 0xc420370310, 0x558fea7ff5a0, 0xc4203ed590, 0x0, 0x0)
/usr/lib/go/src/text/template/exec.go:175 +0x55
github.com/jgsqware/clairctl/clair.ReportAsHTML(0xc4203ba000, 0x9, 0xc4203ba012, 0x6, 0xc4203ba019, 0x3, 0x558feaaf3b58, 0x0, 0x0, 0x3, ...)
/go/src/github.com/jgsqware/clairctl/clair/report.go:41 +0x470
github.com/jgsqware/clairctl/cmd.glob..func6(0x558feaaa0fc0, 0xc4203ae220, 0x1, 0x2)
/go/src/github.com/jgsqware/clairctl/cmd/report.go:42 +0x748
github.com/jgsqware/clairctl/vendor/github.com/spf13/cobra.(*Command).execute(0x558feaaa0fc0, 0xc4200d1fe0, 0x2, 0x2, 0x558feaaa0fc0, 0xc4200d1fe0)
/go/src/github.com/jgsqware/clairctl/vendor/github.com/spf13/cobra/command.go:636 +0x445
github.com/jgsqware/clairctl/vendor/github.com/spf13/cobra.(*Command).ExecuteC(0x558feaaa11e0, 0xc4201c5ee8, 0x558fe9f2d85d, 0xc4200160b8)
/go/src/github.com/jgsqware/clairctl/vendor/github.com/spf13/cobra/command.go:722 +0x369
github.com/jgsqware/clairctl/vendor/github.com/spf13/cobra.(*Command).Execute(0x558feaaa11e0, 0x558feaaa1400, 0x0)
/go/src/github.com/jgsqware/clairctl/vendor/github.com/spf13/cobra/command.go:681 +0x2d
github.com/jgsqware/clairctl/cmd.Execute()
/go/src/github.com/jgsqware/clairctl/cmd/root.go:32 +0x3b
main.main()
/go/src/github.com/jgsqware/clairctl/main.go:20 +0x16
Same with the ubuntu image:
$ docker-compose exec clairctl clairctl report ubuntu:16.04 -l
2017-08-24 23:48:39.944306 E | clair: analysing layer [33e94677bbea] 1/5: receiving http error: 404
2017-08-24 23:48:39.961232 E | clair: analysing layer [142f88c4666a] 2/5: receiving http error: 404
2017-08-24 23:48:39.976482 E | clair: analysing layer [1ae165074fc9] 3/5: receiving http error: 404
2017-08-24 23:48:39.992514 E | clair: analysing layer [febf9a1fe421] 4/5: receiving http error: 404
2017-08-24 23:48:40.005789 E | clair: analysing layer [814e026ee3b4] 5/5: receiving http error: 404
panic: runtime error: index out of range [recovered]
panic: runtime error: index out of range
Docker info: (running under Docker for Mac)
Containers: 43
Running: 12
Paused: 0
Stopped: 31
Images: 397
Server Version: 17.06.0-ce
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: cfb82a876ecc11b5ca0977d1733adbe58599088a
runc version: 2d41c047c83e09a6d61d464906feb2a2f3c52aa4
init version: 949e6fa
Security Options:
seccomp
Profile: default
Kernel Version: 4.9.36-moby
Operating System: Alpine Linux v3.5
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 5.818GiB
Name: moby
ID: BWVM:AP26:3ZPC:PBMB:G5EL:JPXA:KUVH:SCPR:T6VQ:GKKP:AF3R:V2KH
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): true
File Descriptors: 192
Goroutines: 216
System Time: 2017-08-24T23:43:01.663327606Z
EventsListeners: 2
No Proxy: *.local, 169.254/16
Registry: https://index.docker.io/v1/
Experimental: true
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
+1 i got the same issue with clair. we have one base image for many others. in all scans on the first 4 layers i get this error but not the panic one., any idea??
15:21:21 2017-10-25 12:21:20.980749 E | clair: analysing layer [sha256:86bb3] 1/27: receiving http error: 404 15:21:21 2017-10-25 12:21:20.994331 E | clair: analysing layer [sha256:bdf0c] 2/27: receiving http error: 404 15:21:21 2017-10-25 12:21:21.015004 E | clair: analysing layer [sha256:7b65b] 3/27: receiving http error: 404 15:21:21 2017-10-25 12:21:21.030293 E | clair: analysing layer [sha256:8a39c] 4/27: receiving http error: 404 15:21:21 2017-10-25 12:21:21.098292 E | clair: analysing layer [sha256:d2a7b] 5/27: receiving http error: 404 15:21:21 2017-10-25 12:21:21.112748 I | clair: analysing layer [sha256:602e2] 6/27 15:21:21 2017-10-25 12:21:21.126399 I | clair: analysing layer [sha256:1c491] 7/27 15:21:21 2017-10-25 12:21:21.135119 I | clair: analysing layer [sha256:c1bd4] 8/27 15:21:22 2017-10-25 12:21:21.383149 I | clair: analysing layer [sha256:7a5d5] 9/27 15:21:22 2017-10-25 12:21:21.413458 I | clair: analysing layer [sha256:697f3] 10/27
Same issue here. My guess is:
- The 404 errors mean: It cannot find the image layer in a public CVE database. This regularly happens, for the layers you built yourself. Therefore this "warning" can be ignored.
- The bug in clairctl seems to be: If NONE of the analyzed layers can be found, we get the
index out of rangeerror.
I was stuck on the same error, but I was doing a "clairctl report" without push/pull/analyze image first also using cllairctl (I was scanning the image using clair-scanner). clairctl is working fine after clairctl "pull/push/analyze" steps before clairctl report.
