package-analysis icon indicating copy to clipboard operation
package-analysis copied to clipboard

Published 20 hours ago verified publisher icon ossf

Failed to upload results to blobstore

Open aviadhahami opened this issue 3 years ago • 1 comments
trafficstars

Hi 👋😄
I'm having a weird problem with receiving the output from the analysis docker. I'm running (almost*) the same cmd from the README, which is:

docker run --cgroupns=host --privileged -ti \
    -v /tmp/results:/results \
    -v /var/lib/containers:/var/lib/containers \
    gcr.io/ossf-malware-analysis/analysis analyze \
    -package tiny -ecosystem npm \
    -upload file:///results/

I created /tmp/results as required, but docker dies with the following:

2022-05-12T11:45:40.634Z	FATAL analyze/main.go:127 Failed to upload results to blobstore
{"error": "blob (key \"/results/0.0.10.json\") (code=Unknown): open /results/fileblob683802128: not a directory", "errorVerbose": "blob (key \"/results/0.0.10.json\") (code=Unknown):
gocloud.dev/blob.(*Writer).open
/go/pkg/mod/[email protected]/blob/blob.go:355
- open /results/fileblob683802128: not a directory"}

Any idea? Tried clearing the docker layers, repulling etc but no change

* even though I'm using npm for the check, issue happens also for pypi

aviadhahami avatar May 12 '22 11:05 aviadhahami

I suspect /tmp/results may be owned by an underprivileged user the process in the docker container is unable to write into.

You may need to chown or chmod /tmp/results to make it work (e.g. chmod 0666 /tmp/results may work. On my machine /tmp/results is owned by root)

If this is the case I'll update the README.md to make this clearer.

calebbrown avatar May 12 '22 22:05 calebbrown

I'm unable to test this as I'm no longer a part of the project that used this lib; Closing :)

aviadhahami avatar Nov 27 '22 10:11 aviadhahami