project-copacetic
[BUG] Segfault in copacetic using grype plugin
Version of copa
v0.10.0 + copa-grype v1.0.3-alpha1
Expected Behavior
Copa should get the grype plugin json and patch the container.
Actual Behavior
See https://github.com/anubhav06/copa-grype/issues/5
Steps To Reproduce
podman run -d --rm --name buildkitd --privileged docker.io/moby/buildkit:latest
grype docker.io/library/nginx:1.21.6 --output json --file nginx.1.21.6.json
copa patch -i docker.io/library/nginx:1.21.6 --scanner grype -r nginx.1.21.6.json -t 1.21.6-patched --addr podman-container://buildkitd
FYI
copa-grype nginx.1.21.6.json
{"apiVersion":"v1alpha1","metadata":{"os":{"type":"debian","version":"11"},"config":{"arch":"amd64"}},"updates":[{"name":"bsdutils","installedVersion":"1:2.36.1-8+deb11u1","fixedVersion":"2.36.1-8+deb11u2","vulnerabilityID":"CVE-2024-28085"},{"name":"curl","installedVersion":"7.74.0-1.3+deb11u1","fixedVersion":"7.74.0-1.3+deb11u2","vulnerabilityID":"CVE-2021-22945"},{"name":"curl","installedVersion":"7.74.0-1.3+deb11u1","fixedVersion":"7.74.0-1.3+deb11u2","vulnerabilityID":"CVE-2022-32207"},{"name":"curl","installedVersion":"7.74.0-1.3+deb11u1","fixedVersion":"7.74.0-1.3+deb11u5","vulnerabilityID":"CVE-2022-32221"},{"name":"curl","installedVersion":"7.74.0-1.3+deb11u1","fixedVersion":"7.74.0-1.3+deb11u10","vulnerabilityID":"CVE-2023-38545"},{"name":"curl","installedVer...}
Are you willing to submit PRs to contribute to this bug fix?
- [ ] Yes, I am willing to implement it.
I suspect a bad plugin error handling or something like that. Maybe the plugin is unmaintained and not matching the expected JSON format but it should not crash Copa CLI
Hum... Same error using trivy, what is wrong in my usage ?
trivy image docker.io/library/nginx:1.21.6 --format json --scanners vuln --output nginx.1.21.6.json
copa patch -i docker.io/library/nginx:1.21.6 --scanner trivy -r nginx.1.21.6.json -t 1.21.6-patched --addr podman-container://buildkitd
[+] Building 0.0s (0/0)
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x2b7f88a]
goroutine 25 [running]:
github.com/project-copacetic/copacetic/pkg/patch.patchWithContext.func2()
/home/runner/work/copacetic/copacetic/pkg/patch/patch.go:299 +0x38a
golang.org/x/sync/errgroup.(*Group).Go.func1()
/home/runner/go/pkg/mod/golang.org/x/[email protected]/errgroup/errgroup.go:78 +0x50
created by golang.org/x/sync/errgroup.(*Group).Go in goroutine 33
/home/runner/go/pkg/mod/golang.org/x/[email protected]/errgroup/errgroup.go:75 +0x93
Interesting new findings. I made more tests, this time running with docker instead of podman.
$ sudo docker buildx ls
NAME/NODE DRIVER/ENDPOINT STATUS BUILDKIT PLATFORMS
inspiring_perlman docker-container
\_ inspiring_perlman0 \_ unix:///var/run/docker.sock running v0.20.1 linux/amd64 (+3), linux/arm64, linux/arm (+2), linux/ppc64le, (7 more)
default* docker
\_ default \_ default running v0.16.0 linux/amd64 (+3), linux/arm64, linux/arm (+2), linux/ppc64le, (7 more)
copa patch -i docker.io/library/nginx:1.21.6 --scanner trivy -r nginx.1.21.6.json -t 1.21.6-patched --addr buildx://default
==> Same segfault
copa patch -i docker.io/library/nginx:1.21.6 --scanner trivy -r nginx.1.21.6.json -t 1.21.6-patched --addr buildx://inspiring_perlman0
==> OK
So maybe an incompatibility with the buildkit version ?
Hey @gillg, as I answered in the copa-grype repository's issue, this error is specific to podman and not the copa-grype plugin.
The plugin is working as expected with docker.
podman is not supported as of now and the work is in progress to add support for it: https://github.com/project-copacetic/copacetic/issues/679
closing this since release v0.11 added podman support. please feel free to re-open if this is still an issue.
