Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(helm): properly handle multiple archived dependencies #7781

Closed
2 tasks done
nikpivkin opened this issue Oct 23, 2024 Discussed in #7778 · 3 comments · Fixed by #7782
Closed
2 tasks done

fix(helm): properly handle multiple archived dependencies #7781

nikpivkin opened this issue Oct 23, 2024 Discussed in #7778 · 3 comments · Fixed by #7782
Assignees
@nikpivkin
Labels
kind/bug Categorizes issue or PR as related to a bug. scan/misconfiguration Issues relating to misconfiguration scanning
Milestone
v0.57.0

Comments

@nikpivkin
Copy link
Contributor

Discussed in #7778

Originally posted by prezha October 23, 2024

Description

i think i found a bug in trivy that is causing a file does not exist issue while scanning tar-ed helm charts with with newer (ie, 0.55.0+) trivy versions - tl;dr:

  • helm parser calls ParseFS() recursively that in turn uses fs.WalkDir() which is also recursive itself
  • once an archive is processed, it gets removed from the memoryfs.FS
  • now, while returning from recursive calls, the "parent" caller might try to process archive that was previously known to fs.WalkDir() to exist, but the "child" might have already processed and removed it
  • so, we'd need to detect and skip those

the bug was probably introduced in commit e95152f as part of the #7289, where a check was removed, which further means that it was probably introduced in trivy v0.55.0 but it was working in v0.54.1

btw, i have a pr proposal that might fix this issue, if you'd like to review, just let me know

Desired Behavior

trivy does not error while processing tar-ed helm charts

Actual Behavior

trivy errors with file does not exist while processing tar-ed helm charts

Reproduction Steps

1. add eg, https://github.com/bitnami/charts/tree/main/bitnami/common v2.26.0
2. add eg, https://github.com/open-telemetry/opentelemetry-helm-charts/releases/tag/opentelemetry-collector-0.108.0
3. run 'trivy fs --scanners misconfig --debug --quiet=false .'

Target

Filesystem

Scanner

Misconfiguration

Output Format

None

Mode

Standalone

Debug Output

$ trivy fs --scanners misconfig --debug --quiet=false .
2024-10-22T23:49:44+01:00	DEBUG	No plugins loaded
2024-10-22T23:49:44+01:00	DEBUG	Default config file "file_path=trivy.yaml" not found, using built in values
2024-10-22T23:49:44+01:00	DEBUG	Cache dir	dir="/home/prezha/.cache/trivy"
2024-10-22T23:49:44+01:00	DEBUG	Cache dir	dir="/home/prezha/.cache/trivy"
2024-10-22T23:49:44+01:00	DEBUG	Parsed severities	severities=[UNKNOWN LOW MEDIUM HIGH CRITICAL]
2024-10-22T23:49:44+01:00	DEBUG	Ignore statuses	statuses=[]
2024-10-22T23:49:44+01:00	INFO	[misconfig] Misconfiguration scanning is enabled
2024-10-22T23:49:44+01:00	DEBUG	[misconfig] Failed to open the check metadata	err="open /home/prezha/.cache/trivy/policy/metadata.json: no such file or directory"
2024-10-22T23:49:44+01:00	INFO	[misconfig] Need to update the built-in checks
2024-10-22T23:49:44+01:00	INFO	[misconfig] Downloading the built-in checks...
2024-10-22T23:49:44+01:00	DEBUG	[misconfig] Loading check bundle	repository="ghcr.io/aquasecurity/trivy-checks:1"
156.02 KiB / 156.02 KiB [---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------] 100.00% ? p/s 0s
2024-10-22T23:49:45+01:00	DEBUG	[misconfig] Digest of the built-in checks	digest="sha256:ae151c4eecf35c507d8f866121ddfbf46540b041bc7bca7cdd8d9f70ceb6f12c"
2024-10-22T23:49:45+01:00	DEBUG	[misconfig] Checks successfully loaded from disk
2024-10-22T23:49:45+01:00	DEBUG	Enabling misconfiguration scanners	scanners=[azure-arm cloudformation dockerfile helm kubernetes terraform terraformplan-json terraformplan-snapshot]
2024-10-22T23:49:45+01:00	DEBUG	Initializing scan cache...	type="memory"
2024-10-22T23:49:45+01:00	DEBUG	Skipping path	path=".git"
2024-10-22T23:49:45+01:00	DEBUG	Scanning files for misconfigurations...	scanner="Helm"
2024-10-22T23:49:46+01:00	DEBUG	[rego] Overriding filesystem for checks
2024-10-22T23:49:46+01:00	DEBUG	[rego] Embedded libraries are loaded	count=13
2024-10-22T23:49:46+01:00	DEBUG	[rego] Embedded checks are loaded	count=508
2024-10-22T23:49:46+01:00	DEBUG	[rego] Checks from disk are loaded	count=521
2024-10-22T23:49:46+01:00	DEBUG	[rego] Overriding filesystem for data
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/common/Chart.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/common/values.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/common/templates/_affinities.tpl"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/common/templates/_capabilities.tpl"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/common/templates/_compatibility.tpl"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/common/templates/_errors.tpl"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/common/templates/_images.tpl"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/common/templates/_ingress.tpl"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/common/templates/_labels.tpl"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/common/templates/_names.tpl"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/common/templates/_resources.tpl"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/common/templates/_secrets.tpl"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/common/templates/_storage.tpl"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/common/templates/_tplvalues.tpl"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/common/templates/_utils.tpl"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/common/templates/_warnings.tpl"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/common/templates/validations/_cassandra.tpl"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/common/templates/validations/_mariadb.tpl"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/common/templates/validations/_mongodb.tpl"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/common/templates/validations/_mysql.tpl"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/common/templates/validations/_postgresql.tpl"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/common/templates/validations/_redis.tpl"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/common/templates/validations/_validations.tpl"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/common/.helmignore"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/common/README.md"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/Chart.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/values.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/values.schema.json"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/templates/NOTES.txt"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/templates/_config.tpl"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/templates/_helpers.tpl"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/templates/_pod.tpl"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/templates/clusterrole.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/templates/clusterrolebinding.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/templates/configmap-agent.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/templates/configmap-statefulset.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/templates/configmap.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/templates/daemonset.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/templates/deployment.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/templates/hpa.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/templates/ingress.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/templates/networkpolicy.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/templates/pdb.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/templates/podmonitor.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/templates/prometheusrule.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/templates/service.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/templates/serviceaccount.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/templates/servicemonitor.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/templates/statefulset.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/.helmignore"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/CONTRIBUTING.md"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/README.md"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/UPGRADING.md"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/ci/GOMEMLIMIT-values.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/ci/clusterrole-values.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/ci/config-override-values.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/ci/daemonset-values.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/ci/deployment-values.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/ci/disabling-protocols-values.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/ci/hpa-deployment-values.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/ci/hpa-statefulset-values.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/ci/multiple-ingress-values.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/ci/networkpolicy-override-values.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/ci/networkpolicy-values.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/ci/preset-clustermetrics-values.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/ci/preset-hostmetrics-values.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/ci/preset-k8sevents-values.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/ci/preset-kubeletmetrics-values.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/ci/preset-kubernetesattributes-values.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/ci/preset-logscollection-values.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/ci/probes-values.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/ci/statefulset-values.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/examples/README.md"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/examples/alternate-config/rendered/clusterrole.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/examples/alternate-config/rendered/clusterrolebinding.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/examples/alternate-config/rendered/configmap.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/examples/alternate-config/rendered/deployment.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/examples/alternate-config/rendered/service.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/examples/alternate-config/rendered/serviceaccount.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/examples/alternate-config/values.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/examples/daemonset-and-deployment/daemonset-values.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/examples/daemonset-and-deployment/deployment-values.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/examples/daemonset-and-deployment/rendered/configmap-agent.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/examples/daemonset-and-deployment/rendered/configmap.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/examples/daemonset-and-deployment/rendered/daemonset.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/examples/daemonset-and-deployment/rendered/deployment.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/examples/daemonset-and-deployment/rendered/service.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/examples/daemonset-and-deployment/rendered/serviceaccount.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/examples/daemonset-collector-logs/rendered/configmap-agent.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/examples/daemonset-collector-logs/rendered/daemonset.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/examples/daemonset-collector-logs/rendered/serviceaccount.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/examples/daemonset-collector-logs/values.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/examples/daemonset-hostmetrics/rendered/configmap-agent.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/examples/daemonset-hostmetrics/rendered/daemonset.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/examples/daemonset-hostmetrics/rendered/serviceaccount.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/examples/daemonset-hostmetrics/values.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/examples/daemonset-lifecycle-hooks/rendered/configmap-agent.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/examples/daemonset-lifecycle-hooks/rendered/daemonset.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/examples/daemonset-lifecycle-hooks/rendered/serviceaccount.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/examples/daemonset-lifecycle-hooks/values.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/examples/daemonset-only/rendered/configmap-agent.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/examples/daemonset-only/rendered/daemonset.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/examples/daemonset-only/rendered/serviceaccount.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/examples/daemonset-only/values.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/examples/deployment-only/rendered/configmap.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/examples/deployment-only/rendered/deployment.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/examples/deployment-only/rendered/service.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/examples/deployment-only/rendered/serviceaccount.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/examples/deployment-only/values.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/examples/deployment-otlp-traces/rendered/configmap.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/examples/deployment-otlp-traces/rendered/deployment.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/examples/deployment-otlp-traces/rendered/service.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/examples/deployment-otlp-traces/rendered/serviceaccount.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/examples/deployment-otlp-traces/values.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/examples/deployment-use-existing-configMap/deployment-values.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/examples/deployment-use-existing-configMap/rendered/deployment.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/examples/deployment-use-existing-configMap/rendered/service.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/examples/deployment-use-existing-configMap/rendered/serviceaccount.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/examples/kubernetesAttributes/rendered/clusterrole.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/examples/kubernetesAttributes/rendered/clusterrolebinding.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/examples/kubernetesAttributes/rendered/configmap.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/examples/kubernetesAttributes/rendered/deployment.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/examples/kubernetesAttributes/rendered/service.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/examples/kubernetesAttributes/rendered/serviceaccount.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/examples/kubernetesAttributes/values.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/examples/statefulset-only/rendered/configmap-statefulset.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/examples/statefulset-only/rendered/service.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/examples/statefulset-only/rendered/serviceaccount.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/examples/statefulset-only/rendered/statefulset.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/examples/statefulset-only/values.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/examples/statefulset-with-pvc/rendered/configmap-statefulset.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/examples/statefulset-with-pvc/rendered/service.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/examples/statefulset-with-pvc/rendered/serviceaccount.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/examples/statefulset-with-pvc/rendered/statefulset.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/examples/statefulset-with-pvc/values.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/examples/using-GOMEMLIMIT/rendered/configmap.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/examples/using-GOMEMLIMIT/rendered/deployment.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/examples/using-GOMEMLIMIT/rendered/service.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/examples/using-GOMEMLIMIT/rendered/serviceaccount.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/examples/using-GOMEMLIMIT/values.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/examples/using-custom-config/rendered/deployment.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/examples/using-custom-config/rendered/service.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/examples/using-custom-config/rendered/serviceaccount.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/examples/using-custom-config/values.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/examples/using-shared-processes/rendered/configmap.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/examples/using-shared-processes/rendered/deployment.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/examples/using-shared-processes/rendered/service.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/examples/using-shared-processes/rendered/serviceaccount.yaml"
2024-10-22T23:49:46+01:00	DEBUG	[helm parser] Unpacking tar entry	file_path="charts/opentelemetry-collector/examples/using-shared-processes/values.yaml"
2024-10-22T23:49:46+01:00	FATAL	Fatal error
  - fs scan error:
    github.com/aquasecurity/trivy/pkg/commands/artifact.Run
        /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:387
  - scan error:
    github.com/aquasecurity/trivy/pkg/commands/artifact.(*runner).scanArtifact
        /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:261
  - scan failed:
    github.com/aquasecurity/trivy/pkg/commands/artifact.(*runner).scan
        /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:622
  - failed analysis:
    github.com/aquasecurity/trivy/pkg/scanner.Scanner.ScanArtifact
        /home/runner/work/trivy/trivy/pkg/scanner/scan.go:158
  - post analysis error:
    github.com/aquasecurity/trivy/pkg/fanal/artifact/local.Artifact.Inspect
        /home/runner/work/trivy/trivy/pkg/fanal/artifact/local/fs.go:121
  - post analysis error:
    github.com/aquasecurity/trivy/pkg/fanal/analyzer.AnalyzerGroup.PostAnalyze
        /home/runner/work/trivy/trivy/pkg/fanal/analyzer/analyzer.go:510
  - helm scan error:
    github.com/aquasecurity/trivy/pkg/fanal/analyzer/config.(*Analyzer).PostAnalyze
        /home/runner/work/trivy/trivy/pkg/fanal/analyzer/config/config.go:46
  - scan config error:
    github.com/aquasecurity/trivy/pkg/misconf.(*Scanner).Scan
        /home/runner/work/trivy/trivy/pkg/misconf/scanner.go:153
  - walk dir error: failed to add tar "charts/opentelemetry-collector-0.108.0.tgz" to FS: failed to open tar: open charts/opentelemetry-collector-0.108.0.tgz: file does not exist

Operating System

openSUSE Tumbleweed, Ubuntu 22.04, macOS Sonoma 14.7

Version

$ trivy version
Version: 0.56.2
Check Bundle:
  Digest: sha256:ae151c4eecf35c507d8f866121ddfbf46540b041bc7bca7cdd8d9f70ceb6f12c
  DownloadedAt: 2024-10-22 22:49:45.533804486 +0000 UTC

Checklist
@nikpivkin nikpivkin added kind/bug Categorizes issue or PR as related to a bug. scan/misconfiguration Issues relating to misconfiguration scanning labels Oct 23, 2024
@nikpivkin nikpivkin self-assigned this Oct 23, 2024
@prezha
Copy link

prezha commented Oct 23, 2024

thanks @nikpivkin for creating the issue

fwiw, my thinking was to add

			// when returning from recursive calls, archives that were previously processed were also removed from fs,
			// ref: https://github.com/aquasecurity/trivy/blob/9514148767865baddd73a49245385574927f7a74/pkg/iac/scanners/helm/parser/parser_tar.go#L101
			// but they might be already picked by fs.WalkDir(), so we need to skip them
			// note that checking entry.Info() might not work:
			// "If the file has been removed or renamed since the directory read, Info *may* return an error satisfying errors.Is(err, ErrNotExist)."
			// ref: https://pkg.go.dev/io/fs#DirEntry
			if matches, err := fs.Glob(p.workingFS, path); err == nil && matches == nil {
				return nil
			}

just after this line

trivy/pkg/iac/scanners/helm/parser/parser.go

Line 98 in 9514148

if detection.IsArchive(path) {

@nikpivkin nikpivkin mentioned this issue Oct 23, 2024
Merged
6 tasks
@nikpivkin
Copy link
Contributor Author

@prezha I think you can use fs.Stat to check if the file exists. In any case, Helm knows how to handle dependencies in the archive, so we may not extract them to avoid re-scanning all files.

@prezha
Copy link

prezha commented Oct 23, 2024
edited
Loading

@nikpivkin you're right, fs.Stat would be simpler/better than fs.Glob to check if archive file exists and skip it if not

@simar7 simar7 added this to the v0.57.0 milestone Oct 24, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nikpivkin nikpivkin

Labels
kind/bug Categorizes issue or PR as related to a bug. scan/misconfiguration Issues relating to misconfiguration scanning
Projects
Trivy Roadmap
Status: No status
Milestone
v0.57.0
Development

Successfully merging a pull request may close this issue.

fix(helm): properly handle multiple archived dependencies nikpivkin/trivy
4 participants
@simar7 @prezha @nikpivkin and others