leaky-vessels-static-detector
leaky-vessels-static-detector copied to clipboard
snyk
Crawler Issues
Details -
$ docker build . -f gh_crawler/docker/Dockerfile -t static-scanner:latest
Sending build context to Docker daemon 387.1kB
Step 1/19 : FROM golang:1.21 as builder
.
.
.
Step 16/19 : RUN npm i
---> Running in 3a136d7c94ad
node[7]: ../src/node_platform.cc:68:std::unique_ptr<long unsigned int> node::WorkerThreadsTaskRunner::DelayedTaskScheduler::Start(): Assertion `(0) == (uv_thread_create(t.get(), start_thread, this))' failed.
1: 0xb95b60 node::Abort() [node]
2: 0xb95bde [node]
3: 0xc0447e [node]
4: 0xc04561 node::NodePlatform::NodePlatform(int, v8::TracingController*, v8::PageAllocator*) [node]
5: 0xb50e03 node::InitializeOncePerProcess(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&, node::ProcessFlags::Flags) [node]
6: 0xb5145b node::Start(int, char**) [node]
7: 0x7f84a455724a [/lib/x86_64-linux-gnu/libc.so.6]
8: 0x7f84a4557305 __libc_start_main [/lib/x86_64-linux-gnu/libc.so.6]
9: 0xacfdce _start [node]
Aborted
The command '/bin/sh -c npm i' returned a non-zero code: 134
$ $ git log -1
commit 950f356e762ba2283cb678a5c3b0ffad3457418f (HEAD -> main, origin/main, origin/HEAD)
Author: Dragos Cojocari <[email protected]>
Date: Fri Feb 2 17:34:00 2024 +0200
feat: add catalog info (#4)
$ docker --version
Docker version 18.06.1-ce, build e68fc7a215d7133c34aa18e3b72b4a21fd0c6136
$
@psharkey please retry with a supported Docker version (> 23.0) . The Docker version you are using is outdated.
https://github.com/snyk/leaky-vessels-static-detector/blob/main/gh_crawler/README.md?plain=1#L8-L9 says these are optional but https://github.com/snyk/leaky-vessels-static-detector/blob/main/gh_crawler/src/collect_dockerfiles.sh#L22 requires them?
https://github.com/snyk/leaky-vessels-static-detector/blob/main/gh_crawler/README.md?plain=1#L22-L25 - the image names static-scanner and static-detector are not consistent.
Also, the --dockerhub flag causes -
time="2024-02-05T16:01:49Z" level=info msg="[ + ] Running Leaky Vessels Static Detector"
flag provided but not defined: -dockerhub
Usage of dockerfile:
-base
Run analysis on base image.
-debug
Enable debug logs.
-disable string
Comma-seperated list of rule ids to turn off. List of rule Ids:
1 - runc process.cwd & Leaked fds Container Breakout [CVE-2024-21626]
2 - Buildkit Mount Cache Race: Build-time Race Condition Container Breakout [CVE-2024-23651]
3 - Buildkit GRPC SecurityMode Privilege Check [CVE-2024-23653]
4 - Buildkit Build-time Container Teardown Arbitrary Delete [CVE-2024-23652]
-env string
Path to .env file.
-f string
Path to dockerfile.
gh_data/xxx/Dockerfile ... error parsing dockerfile
Also, the --dockerhub flag causes -
time="2024-02-05T16:01:49Z" level=info msg="[ + ] Running Leaky Vessels Static Detector" flag provided but not defined: -dockerhub Usage of dockerfile: -base Run analysis on base image. -debug Enable debug logs. -disable string Comma-seperated list of rule ids to turn off. List of rule Ids: 1 - runc process.cwd & Leaked fds Container Breakout [CVE-2024-21626] 2 - Buildkit Mount Cache Race: Build-time Race Condition Container Breakout [CVE-2024-23651] 3 - Buildkit GRPC SecurityMode Privilege Check [CVE-2024-23653] 4 - Buildkit Build-time Container Teardown Arbitrary Delete [CVE-2024-23652] -env string Path to .env file. -f string Path to dockerfile. gh_data/xxx/Dockerfile ... error parsing dockerfile
Yes, the --dockerhub flag caused issues and has been fixed to --base flag in #15
