scancode-toolkit
scancode-toolkit copied to clipboard
Published
20 hours ago •
nexB
nexB
--json-pp allows writing to non-regular files
Description
Related to #3588 and #3589
scancode allows writing to device files such as /dev/null without an error. While it is possible to write to device files (as it is basically a black hole) it is possibly not something that was intended. I would have at least expected a warning (I could imagine that sending output to /dev/null could be useful in some test circumstances but it is not normal use of scancode).
How To Reproduce
Write to /dev/null:
$ ./scancode -l scancode --json-pp /dev/null
Setup plugins...
Collect file inventory...
Scan files for: licenses with 1 process(es)...
[####################] 2
Scanning done.
Summary: licenses with 1 process(es)
Errors count: 0
Scan Speed: 1.70 files/sec.
Initial counts: 1 resource(s): 1 file(s) and 0 directorie(s)
Final counts: 1 resource(s): 1 file(s) and 0 directorie(s)
Timings:
scan_start: 2023-11-17T140919.392112
scan_end: 2023-11-17T140923.125503
setup_scan:licenses: 3.14s
setup: 3.14s
scan: 0.59s
total: 3.74s
Removing temporary files...done.
and to /dev/zero:
$ ./scancode -l scancode --json-pp /dev/zero
Setup plugins...
Collect file inventory...
Scan files for: licenses with 1 process(es)...
[####################] 2
Scanning done.
Summary: licenses with 1 process(es)
Errors count: 0
Scan Speed: 1.89 files/sec.
Initial counts: 1 resource(s): 1 file(s) and 0 directorie(s)
Final counts: 1 resource(s): 1 file(s) and 0 directorie(s)
Timings:
scan_start: 2023-11-17T140929.777710
scan_end: 2023-11-17T140933.459251
setup_scan:licenses: 3.15s
setup: 3.15s
scan: 0.53s
total: 3.68s
Removing temporary files...done.
System configuration
For bug reports, it really helps us to know:
- What OS are you running on? (Windows/MacOS/Linux)
- What version of scancode-toolkit was used to generate the scan file?
- What installation method was used to install/run scancode? (pip/source download/other)
