Skip to content

Commit

Permalink
don't SCA-generate so: provides for libs not directly in lib dirs
Browse files Browse the repository at this point in the history 
Signed-off-by: Jason Hall <jason@chainguard.dev>
  • Loading branch information
@imjasonh
imjasonh committed Jul 12, 2024
1 parent b22ea02 commit 6a4d036
Show file tree
Hide file tree
Showing 10 changed files with 406 additions and 29 deletions.
186 changes: 161 additions & 25 deletions pkg/sca/e2e_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,11 +15,10 @@
//go:build e2e
// +build e2e

//go:generate go run ./../../ build --out-dir=./generated ./testdata/shbang-test.yaml --arch=x86_64

package sca

import (
"context"
"fmt"
"runtime"
"testing"
Expand All @@ -34,6 +33,7 @@ import (
// Chainguard go-fips toolchain generates binaries like these
// which at runtime require openssl and fips provider
func TestGoFipsBinDeps(t *testing.T) {
t.Skip()
ctx := slogtest.TestContextWithLogger(t)

var ldso, archdir string
Expand All @@ -46,7 +46,8 @@ func TestGoFipsBinDeps(t *testing.T) {
archdir = "x86_64"
}

th := handleFromApk(ctx, t, fmt.Sprintf("go-fips-bin/packages/%s/go-fips-bin-v0.0.1-r0.apk", archdir), "go-fips-bin/go-fips-bin.yaml")
th := handleFromApk(ctx, t, fmt.Sprintf("go-fips-bin/packages/%s/go-fips-bin-v0.0.1-r0.apk", archdir),
"go-fips-bin/go-fips-bin.yaml")
defer th.exp.Close()

got := config.Dependencies{}
Expand All @@ -69,28 +70,163 @@ func TestGoFipsBinDeps(t *testing.T) {
}
}

func TestShbangDeps(t *testing.T) {
ctx := slogtest.TestContextWithLogger(t)
// Generated with `go generate ./...`
th := handleFromApk(ctx, t, "generated/x86_64/shbang-test-1-r1.apk", "shbang-test.yaml")
defer th.exp.Close()
func TestAnalyze(t *testing.T) {
for _, c := range []struct {
apk string
cfgpath string
want config.Dependencies
}{{
apk: "py3-seaborn-0.13.2-r0.apk",
cfgpath: "py3-seaborn.yaml",
want: config.Dependencies{
Runtime: []string{
"so:ld-linux-x86-64.so.2",
"so:libXau-154567c4.so.6.0.0",
"so:libbrotlicommon-3ecfe81c.so.1",
"so:libbrotlidec-ba690955.so.1",
"so:libc.so.6",
"so:libdl.so.2",
"so:libfreetype-f154df84.so.6.20.1",
"so:libgcc_s.so.1",
"so:libgfortran-040039e1.so.5.0.0",
"so:libharfbuzz-2093a78b.so.0.60830.0",
"so:libjpeg-e44fd0cd.so.62.4.0",
"so:liblcms2-e69eef39.so.2.0.16",
"so:liblzma-13fa198c.so.5.4.5",
"so:libm.so.6",
"so:libopenjp2-eca49203.so.2.5.0",
"so:libpng16-78d422d5.so.16.40.0",
"so:libpthread.so.0",
"so:libquadmath-96973f99.so.0.0.0",
"so:libsharpyuv-20f78091.so.0.0.1",
"so:libstdc++.so.6",
"so:libtiff-91af027d.so.6.0.2",
"so:libwebp-850e2bec.so.7.1.8",
"so:libwebpdemux-df9b36c7.so.2.0.14",
"so:libwebpmux-9fe05867.so.3.0.13",
"so:libxcb-f0538cc0.so.1.1.0",
"so:libz.so.1",
},
Provides: []string{
"cmd:f2py=0.13.2-r0",
"cmd:fonttools=0.13.2-r0",
"cmd:pyftmerge=0.13.2-r0",
"cmd:pyftsubset=0.13.2-r0",
"cmd:ttx=0.13.2-r0",
},
Vendored: []string{
"so:libXau-154567c4.so.6.0.0=6.0.0",
"so:libbrotlicommon-3ecfe81c.so.1=1",
"so:libbrotlidec-ba690955.so.1=1",
"so:libfreetype-f154df84.so.6.20.1=6.20.1",
"so:libgfortran-040039e1.so.5.0.0=5.0.0",
"so:libharfbuzz-2093a78b.so.0.60830.0=0.60830.0",
"so:libjpeg-e44fd0cd.so.62.4.0=62.4.0",
"so:liblcms2-e69eef39.so.2.0.16=2.0.16",
"so:liblzma-13fa198c.so.5.4.5=5.4.5",
"so:libopenblas64_p-r0-0cf96a72.3.23.dev.so=0",
"so:libopenjp2-eca49203.so.2.5.0=2.5.0",
"so:libpng16-78d422d5.so.16.40.0=16.40.0",
"so:libquadmath-96973f99.so.0.0.0=0.0.0",
"so:libsharpyuv-20f78091.so.0.0.1=0.0.1",
"so:libtiff-91af027d.so.6.0.2=6.0.2",
"so:libwebp-850e2bec.so.7.1.8=7.1.8",
"so:libwebpdemux-df9b36c7.so.2.0.14=2.0.14",
"so:libwebpmux-9fe05867.so.3.0.13=3.0.13",
"so:libxcb-f0538cc0.so.1.1.0=1.1.0",
},
},
}, {
apk: "systemd-256.2-r1.apk",
cfgpath: "systemd.yaml",
want: config.Dependencies{
Runtime: []string{
"so:ld-linux-x86-64.so.2",
"so:libblkid.so.1",
"so:libc.so.6",
"so:libcap.so.2",
"so:libcrypt.so.1",
"so:libcrypto.so.3",
"so:libfdisk.so.1",
"so:libm.so.6",
"so:libmount.so.1",
"so:libssl.so.3",
"so:libudev.so.1",
},
Provides: []string{
"cmd:bootctl=256.2-r1",
"cmd:busctl=256.2-r1",
"cmd:coredumpctl=256.2-r1",
"cmd:hostnamectl=256.2-r1",
"cmd:journalctl=256.2-r1",
"cmd:kernel-install=256.2-r1",
"cmd:localectl=256.2-r1",
"cmd:loginctl=256.2-r1",
"cmd:machinectl=256.2-r1",
"cmd:networkctl=256.2-r1",
"cmd:oomctl=256.2-r1",
"cmd:portablectl=256.2-r1",
"cmd:resolvectl=256.2-r1",
"cmd:systemctl=256.2-r1",
"cmd:systemd-ac-power=256.2-r1",
"cmd:systemd-analyze=256.2-r1",
"cmd:systemd-ask-password=256.2-r1",
"cmd:systemd-cat=256.2-r1",
"cmd:systemd-cgls=256.2-r1",
"cmd:systemd-cgtop=256.2-r1",
"cmd:systemd-creds=256.2-r1",
"cmd:systemd-delta=256.2-r1",
"cmd:systemd-detect-virt=256.2-r1",
"cmd:systemd-dissect=256.2-r1",
"cmd:systemd-escape=256.2-r1",
"cmd:systemd-firstboot=256.2-r1",
"cmd:systemd-hwdb=256.2-r1",
"cmd:systemd-id128=256.2-r1",
"cmd:systemd-inhibit=256.2-r1",
"cmd:systemd-machine-id-setup=256.2-r1",
"cmd:systemd-mount=256.2-r1",
"cmd:systemd-notify=256.2-r1",
"cmd:systemd-nspawn=256.2-r1",
"cmd:systemd-path=256.2-r1",
"cmd:systemd-repart=256.2-r1",
"cmd:systemd-run=256.2-r1",
"cmd:systemd-socket-activate=256.2-r1",
"cmd:systemd-stdio-bridge=256.2-r1",
"cmd:systemd-sysext=256.2-r1",
"cmd:systemd-sysusers=256.2-r1",
"cmd:systemd-tmpfiles=256.2-r1",
"cmd:systemd-tty-ask-password-agent=256.2-r1",
"cmd:systemd-vmspawn=256.2-r1",
"cmd:systemd-vpick=256.2-r1",
"cmd:timedatectl=256.2-r1",
"cmd:udevadm=256.2-r1",
"cmd:userdbctl=256.2-r1",
"cmd:varlinkctl=256.2-r1",
"so:libnss_myhostname.so.2=2",
"so:libnss_mymachines.so.2=2",
"so:libnss_resolve.so.2=2",
"so:libnss_systemd.so.2=2",
"so:libudev.so.1=1",
},
Vendored: []string{
"so:libsystemd-core-256.so=0",
"so:libsystemd-shared-256.so=0",
},
},
}} {
t.Run(c.apk, func(t *testing.T) {
ctx := context.Background()
url := "https://packages.wolfi.dev/os/x86_64/" + c.apk
th := handleFromApk(ctx, t, url, c.cfgpath)
defer th.exp.Close()

want := config.Dependencies{
Runtime: util.Dedup([]string{
"cmd:bash",
"cmd:envDashSCmd",
"cmd:python3.12",
"so:ld-linux-x86-64.so.2",
"so:libc.so.6",
}),
Provides: nil,
}

got := config.Dependencies{}
if err := Analyze(ctx, th, &got); err != nil {
t.Fatal(err)
}
if diff := cmp.Diff(want, got); diff != "" {
t.Errorf("Analyze(): (-want, +got):\n%s", diff)
got := config.Dependencies{}
if err := Analyze(ctx, th, &got); err != nil {
t.Fatal(err)
}
if diff := cmp.Diff(c.want, got); diff != "" {
t.Errorf("Analyze(): (-want, +got):\n%s", diff)
}
})
}
}
34 changes: 34 additions & 0 deletions pkg/sca/generated/x86_64/APKINDEX.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
{
"Signature": null,
"Description": "",
"Packages": [
{
"Name": "shbang-test",
"Version": "1-r1",
"Arch": "x86_64",
"Description": "shbang test",
"License": "MIT",
"Origin": "shbang-test",
"Maintainer": "",
"URL": "",
"Checksum": "lh8N8wmjML0PzAr+ocS3r0+SeOQ=",
"Dependencies": [
"cmd:bash",
"cmd:envDashSCmd",
"cmd:python3.12",
"so:ld-linux-x86-64.so.2",
"so:libc.so.6"
],
"Provides": null,
"InstallIf": null,
"Size": 4519,
"InstalledSize": 17302,
"ProviderPriority": 0,
"BuildTime": "1970-01-01T00:00:00Z",
"BuildDate": 0,
"RepoCommit": "",
"Replaces": null,
"DataHash": "bd2e7d74e652d107cd67ba2f31c02f8bb489779c881e300c2dddacbbdbace252"
}
]
}
Binary file added pkg/sca/generated/x86_64/APKINDEX.tar.gz
View file
Binary file not shown.
Binary file added pkg/sca/generated/x86_64/shbang-test-1-r1.apk
View file
Binary file not shown.
2 changes: 1 addition & 1 deletion pkg/sca/sca.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -360,7 +360,7 @@ func generateSharedObjectNameDeps(ctx context.Context, hdl SCAHandle, generated
for _, soname := range sonames {
libver := sonameLibver(soname)

if allowedPrefix(path, libDirs) {
if isInDir(path, libDirs) {
if !hdl.Options().NoProvides {
generated.Provides = append(generated.Provides, fmt.Sprintf("so:%s=%s", soname, libver))
}
Expand Down
50 changes: 47 additions & 3 deletions pkg/sca/sca_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,13 +12,20 @@
// See the License for the specific language governing permissions and
// limitations under the License.

//go:generate go run ./../../ build --out-dir=./generated ./testdata/shbang-test.yaml --arch=x86_64
//go:generate curl -s -o ./testdata/py3-seaborn.yaml https://raw.githubusercontent.com/wolfi-dev/os/7a39ac1d0603a3561790ea2201dd8ad7c2b7e51e/py3-seaborn.yaml
//go:generate curl -s -o ./testdata/systemd.yaml https://raw.githubusercontent.com/wolfi-dev/os/7a39ac1d0603a3561790ea2201dd8ad7c2b7e51e/systemd.yaml

package sca

import (
"context"
"fmt"
"io"
"net/http"
"os"
"path/filepath"
"strings"
"testing"
"time"

Expand Down Expand Up @@ -76,9 +83,20 @@ func (th *testHandle) BaseDependencies() config.Dependencies {
// TODO: Loose coupling.
func handleFromApk(ctx context.Context, t *testing.T, apkfile, melangefile string) *testHandle {
t.Helper()
file, err := os.Open(filepath.Join("testdata", apkfile))
if err != nil {
t.Fatal(err)
var file io.Reader
if strings.HasPrefix(apkfile, "https://") {
resp, err := http.Get(apkfile)
if err != nil {
t.Fatal(err)
}
defer resp.Body.Close()
file = resp.Body
} else {
var err error
file, err = os.Open(filepath.Join("testdata", apkfile))
if err != nil {
t.Fatal(err)
}
}

exp, err := expandapk.ExpandApk(ctx, file, "")
Expand Down Expand Up @@ -215,3 +233,29 @@ func TestUnstableSonames(t *testing.T) {
t.Errorf("Analyze(): (-want, +got):\n%s", diff)
}
}

func TestShbangDeps(t *testing.T) {
ctx := slogtest.TestContextWithLogger(t)
// Generated with `go generate ./...`
th := handleFromApk(ctx, t, "generated/x86_64/shbang-test-1-r1.apk", "shbang-test.yaml")
defer th.exp.Close()

want := config.Dependencies{
Runtime: util.Dedup([]string{
"cmd:bash",
"cmd:envDashSCmd",
"cmd:python3.12",
"so:ld-linux-x86-64.so.2",
"so:libc.so.6",
}),
Provides: nil,
}

got := config.Dependencies{}
if err := Analyze(ctx, th, &got); err != nil {
t.Fatal(err)
}
if diff := cmp.Diff(want, got); diff != "" {
t.Errorf("Analyze(): (-want, +got):\n%s", diff)
}
}
43 changes: 43 additions & 0 deletions pkg/sca/testdata/generated/x86_64/APKINDEX.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,49 @@
"RepoCommit": "",
"Replaces": null,
"DataHash": "bd2e7d74e652d107cd67ba2f31c02f8bb489779c881e300c2dddacbbdbace252"
},
{
"Name": "py3-seaborn",
"Version": "0.13.2-r0",
"Arch": "x86_64",
"Description": "Statistical data visualization",
"License": "BSD-3-Clause",
"Origin": "py3-seaborn",
"Maintainer": "",
"URL": "",
"Checksum": "cni9CM1COnur18JkHDh9AS1kj7E=",
"Dependencies": [
"cmd:python3.12",
"numpy",
"py3-matplotlib",
"py3-pandas",
"python3",
"so:ld-linux-x86-64.so.2",
"so:libc.so.6",
"so:libdl.so.2",
"so:libgcc_s.so.1",
"so:libm.so.6",
"so:libpthread.so.0",
"so:libstdc++.so.6",
"so:libz.so.1"
],
"Provides": [
"cmd:f2py=0.13.2-r0",
"cmd:fonttools=0.13.2-r0",
"cmd:numpy-config=0.13.2-r0",
"cmd:pyftmerge=0.13.2-r0",
"cmd:pyftsubset=0.13.2-r0",
"cmd:ttx=0.13.2-r0"
],
"InstallIf": null,
"Size": 70266593,
"InstalledSize": 214917013,
"ProviderPriority": 0,
"BuildTime": "1970-01-01T00:00:00Z",
"BuildDate": 0,
"RepoCommit": "",
"Replaces": null,
"DataHash": ""
}
]
}
Binary file modified pkg/sca/testdata/generated/x86_64/APKINDEX.tar.gz
View file
Binary file not shown.
Loading

0 comments on commit 6a4d036

Please sign in to comment.