Handle extract errors. Fixes CycloneDX#299 (CycloneDX#300)

* Handle extract errors. Fixes CycloneDX#299 Signed-off-by: Prabhu Subramanian <[email protected]> * Rename appimage Signed-off-by: Prabhu Subramanian <[email protected]> --------- Signed-off-by: Prabhu Subramanian <[email protected]>
AnsahMohammad · Apr 23, 2023 · 4905f29 · 4905f29
1 parent 23f7e95
commit 4905f29
Show file tree

Hide file tree

Showing 8 changed files with 294 additions and 258 deletions.
diff --git a/appimage-builder.yml b/appimage-builder.yml
@@ -6,7 +6,7 @@ script:
   - mkdir -p AppDir/usr/{src,bin}
   - mkdir -p AppDir/usr/share/{metainfo,icons}
   - cp appimage-reqs.sh tools_config AppDir/usr/src -r
-  - cp tools_config/io.shiftleft.cdxgen.appdata.xml AppDir/usr/share/metainfo/
+  - cp tools_config/org.cyclonedx.cdxgen.appdata.xml AppDir/usr/share/metainfo/
   - chmod +x AppDir/usr/src/appimage-reqs.sh && AppDir/usr/src/appimage-reqs.sh AppDir
   - npm install --only=production --no-save --prefix AppDir/usr/local/lib yarn @cyclonedx/cdxgen @microsoft/rush
   - python3 -m pip install --no-cache-dir --ignore-installed --prefix=/usr --root=AppDir pipenv
@@ -15,7 +15,7 @@ AppDir:
   path: ./AppDir
 
   app_info:
-    id: io.shiftleft.cdxgen
+    id: org.cyclonedx.cdxgen
     name: cdxgen
     icon: utilities-terminal
     version: latest

diff --git a/appimage-reqs.sh b/appimage-reqs.sh
@@ -1,7 +1,7 @@
 #!/usr/bin/env bash
 APPDIR=$1
 OPTDIR=${APPDIR}/opt
-NODE_VERSION=14.5.0
+NODE_VERSION=18.16.0
 export PATH=$PATH:${APPDIR}/usr/bin:
 
 curl -LO "https://nodejs.org/dist/v${NODE_VERSION}/node-v${NODE_VERSION}-linux-x64.tar.xz" \

diff --git a/binary.js b/binary.js
@@ -279,8 +279,12 @@ const getOSPackages = (src) => {
     const bomJsonFile = path.join(tempDir, "trivy-bom.json");
     const args = [
       imageType,
-      "--skip-update",
+      "--skip-db-update",
+      "--skip-java-db-update",
       "--offline-scan",
+      "--no-progress",
+      "--exit-code",
+      "0",
       "--format",
       "cyclonedx",
       "--output",
@@ -302,11 +306,16 @@ const getOSPackages = (src) => {
       }
     }
     if (fs.existsSync(bomJsonFile)) {
-      const tmpBom = JSON.parse(
-        fs.readFileSync(bomJsonFile, {
-          encoding: "utf-8"
-        })
-      );
+      let tmpBom = {};
+      try {
+        tmpBom = JSON.parse(
+          fs.readFileSync(bomJsonFile, {
+            encoding: "utf-8"
+          })
+        );
+      } catch (e) {
+        // ignore errors
+      }
       // Clean up
       if (tempDir && tempDir.startsWith(os.tmpdir())) {
         if (DEBUG_MODE) {

diff --git a/docker.js b/docker.js
@@ -159,9 +159,11 @@ const getConnection = async (options) => {
       dockerConn = got.extend(opts);
       if (DEBUG_MODE) {
         if (isDockerRootless) {
-          console.log("Docker service in rootless mode detected!");
+          console.log("Docker service in rootless mode detected.");
         } else {
-          console.log("Docker service in root mode detected!");
+          console.log(
+            "Docker service in root mode detected. Consider switching to rootless mode to improve security. See https://docs.docker.com/engine/security/rootless/"
+          );
         }
       }
     } catch (err) {
@@ -172,7 +174,7 @@ const getConnection = async (options) => {
         dockerConn = got.extend(opts);
         isDockerRootless = true;
         if (DEBUG_MODE) {
-          console.log("Docker service in rootless mode detected!");
+          console.log("Docker service in rootless mode detected.");
         }
         return dockerConn;
       } catch (err) {
@@ -185,7 +187,7 @@ const getConnection = async (options) => {
           dockerConn = got.extend(opts);
           isWinLocalTLS = true;
           if (DEBUG_MODE) {
-            console.log("Docker desktop on Windows detected!");
+            console.log("Docker desktop on Windows detected.");
           }
         } else {
           opts.prefixUrl = opts.podmanRootlessPrefixUrl;
@@ -194,7 +196,9 @@ const getConnection = async (options) => {
           isPodmanRootless = true;
           dockerConn = got.extend(opts);
           if (DEBUG_MODE) {
-            console.log("Podman in rootless mode detected!");
+            console.log(
+              "Podman in rootless mode detected. Thank you for using podman!"
+            );
           }
         }
       } catch (err) {
@@ -205,7 +209,9 @@ const getConnection = async (options) => {
           isPodman = true;
           isPodmanRootless = false;
           dockerConn = got.extend(opts);
-          console.log("Podman in root mode detected!");
+          console.log(
+            "Podman in root mode detected. Consider switching to rootless mode to improve security. See https://github.com/containers/podman/blob/main/docs/tutorials/rootless_tutorial.md"
+          );
         } catch (err) {
           if (os.platform() === "win32") {
             console.warn(
@@ -416,7 +422,13 @@ const extractTar = async (fullImageName, dir) => {
         strict: true,
         C: dir,
         portable: true,
-        onwarn: () => {}
+        onwarn: () => {},
+        filter: (path) => {
+          if (path.endsWith("cacerts")) {
+            return false;
+          }
+          return true;
+        }
       })
     );
     return true;