Merge pull request #921 from jonjohnsonjr/early-return

chainguard-dev · Jan 15, 2024 · 39b9649 · 39b9649
2 parents 4e4e358 + a248a26
commit 39b9649
Show file tree

Hide file tree

Showing 6 changed files with 314 additions and 80 deletions.
diff --git a/go.mod b/go.mod
@@ -7,7 +7,7 @@ toolchain go1.21.1
 require (
 	chainguard.dev/apko v0.12.0
 	cloud.google.com/go/storage v1.36.0
-	github.com/chainguard-dev/go-apk v0.0.0-20231206041704-bec618e956a2
+	github.com/chainguard-dev/go-apk v0.0.0-20240115184838-1c022784a5ed
 	github.com/chainguard-dev/go-pkgconfig v0.0.0-20230818193557-bee0072057ce
 	github.com/chainguard-dev/kontext v0.1.0
 	github.com/chainguard-dev/yam v0.0.0-20230807153807-4de7c531f3e1
@@ -40,8 +40,8 @@ require (
 	gitlab.alpinelinux.org/alpine/go v0.8.1-0.20230928153721-5381bfaecf9b
 	go.opentelemetry.io/otel v1.21.0
 	golang.org/x/exp v0.0.0-20231006140011-7918f672742d
-	golang.org/x/sync v0.5.0
-	golang.org/x/sys v0.15.0
+	golang.org/x/sync v0.6.0
+	golang.org/x/sys v0.16.0
 	golang.org/x/text v0.14.0
 	golang.org/x/time v0.5.0
 	google.golang.org/api v0.154.0
@@ -163,7 +163,6 @@ require (
 	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1 // indirect
 	go.opentelemetry.io/otel/metric v1.21.0 // indirect
 	go.opentelemetry.io/otel/trace v1.21.0 // indirect
-	golang.org/x/build v0.0.0-20231103135814-9e006d99e682 // indirect
 	golang.org/x/crypto v0.17.0 // indirect
 	golang.org/x/mod v0.14.0 // indirect
 	golang.org/x/net v0.19.0 // indirect

diff --git a/go.sum b/go.sum
@@ -82,8 +82,8 @@ github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj
 github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/chainguard-dev/git-urls v1.0.2 h1:pSpT7ifrpc5X55n4aTTm7FFUE+ZQHKiqpiwNkJrVcKQ=
 github.com/chainguard-dev/git-urls v1.0.2/go.mod h1:rbGgj10OS7UgZlbzdUQIQpT0k/D4+An04HJY7Ol+Y/o=
-github.com/chainguard-dev/go-apk v0.0.0-20231206041704-bec618e956a2 h1:DtH4kLTbUOnkHJyE7c5l1MY9xWkOAIaZ5JZAwiI9+SY=
-github.com/chainguard-dev/go-apk v0.0.0-20231206041704-bec618e956a2/go.mod h1:y0BbOQALsoi1T2Lt5KmFNn92G+fRFSUuogQI2171HS8=
+github.com/chainguard-dev/go-apk v0.0.0-20240115184838-1c022784a5ed h1:OF2IKH/yeQXuuQKTH/66Z1AWXKQWgwxvllyDEIP1JQY=
+github.com/chainguard-dev/go-apk v0.0.0-20240115184838-1c022784a5ed/go.mod h1:tEfIMQlP1kb7KcmzvQWZsaj3MI9ZsqTz3fSvqs4iPaQ=
 github.com/chainguard-dev/go-pkgconfig v0.0.0-20230818193557-bee0072057ce h1:v3SY2sW8rUIxG9wXMxXlMN7sd9VNUSdZ+FnVqOrm2nI=
 github.com/chainguard-dev/go-pkgconfig v0.0.0-20230818193557-bee0072057ce/go.mod h1:obzGv2cx3tkRgkLQADSPaRl3OEsYmyfSv7t2Wu60tZw=
 github.com/chainguard-dev/kontext v0.1.0 h1:GFnDRZiqa+anUi7tzZMECXr0nwt4Eo/zMzTQPLRXUIs=
@@ -624,8 +624,6 @@ go.opentelemetry.io/otel/metric v1.21.0 h1:tlYWfeo+Bocx5kLEloTjbcDwBuELRrIFxwdQ3
 go.opentelemetry.io/otel/metric v1.21.0/go.mod h1:o1p3CA8nNHW8j5yuQLdc1eeqEaPfzug24uvsyIEJRWM=
 go.opentelemetry.io/otel/trace v1.21.0 h1:WD9i5gzvoUPuXIXH24ZNBudiarZDKuekPqi/E8fpfLc=
 go.opentelemetry.io/otel/trace v1.21.0/go.mod h1:LGbsEB0f9LGjN+OZaQQ26sohbOmiMR+BaslueVtS/qQ=
-golang.org/x/build v0.0.0-20231103135814-9e006d99e682 h1:4mLa9OqXsivFTW/zE+BgzghCC+xPu5g+0pl62rJSE/k=
-golang.org/x/build v0.0.0-20231103135814-9e006d99e682/go.mod h1:P1CDJpAfSCDdIZ+kvjypi+PI3vlPTgkegktZUr2z2VA=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190422162423-af44ce270edf/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE=
@@ -750,8 +748,8 @@ golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.5.0 h1:60k92dhOjHxJkrqnwsfl8KuaHbn/5dl0lUPUklKo3qE=
-golang.org/x/sync v0.5.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ=
+golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -809,8 +807,8 @@ golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc=
-golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU=
+golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=

diff --git a/pkg/sca/sca.go b/pkg/sca/sca.go
@@ -37,7 +37,6 @@ var libDirs = []string{"lib", "usr/lib", "lib64", "usr/lib64"}
 // the SCA engine.
 type SCAFS interface {
 	apkofs.ReadLinkFS
-	apkofs.XattrFS
 
 	Stat(name string) (fs.FileInfo, error)
 }
@@ -261,86 +260,92 @@ func generateSharedObjectNameDeps(hdl SCAHandle, generated *config.Dependencies)
 			return nil
 		}
 
-		if mode.Perm()&0555 == 0555 {
-			basename := filepath.Base(path)
+		if mode.Perm()&0555 != 0555 {
+			return nil
+		}
 
-			// most likely a shell script instead of an ELF, so treat any
-			// error as non-fatal.
-			rawFile, err := fsys.Open(path)
-			if err != nil {
-				return nil
-			}
-			defer rawFile.Close()
+		basename := filepath.Base(path)
 
-			seekableFile, ok := rawFile.(io.ReaderAt)
-			if !ok {
-				return nil
-			}
+		// most likely a shell script instead of an ELF, so treat any
+		// error as non-fatal.
+		rawFile, err := fsys.Open(path)
+		if err != nil {
+			return nil
+		}
+		defer rawFile.Close()
 
-			ef, err := elf.NewFile(seekableFile)
-			if err != nil {
-				return nil
-			}
-			defer ef.Close()
+		seekableFile, ok := rawFile.(io.ReaderAt)
+		if !ok {
+			return nil
+		}
 
-			interp, err := findInterpreter(ef)
-			if err != nil {
-				return err
-			}
-			if interp != "" && !hdl.Options().NoDepends {
-				hdl.Logger().Printf("interpreter for %s => %s", basename, interp)
-
-				// musl interpreter is a symlink back to itself, so we want to use the non-symlink name as
-				// the dependency.
-				interpName := fmt.Sprintf("so:%s", filepath.Base(interp))
-				interpName = strings.ReplaceAll(interpName, "so:ld-musl", "so:libc.musl")
-				generated.Runtime = append(generated.Runtime, interpName)
+		ef, err := elf.NewFile(seekableFile)
+		if err != nil {
+			return nil
+		}
+		defer ef.Close()
+
+		interp, err := findInterpreter(ef)
+		if err != nil {
+			return err
+		}
+		if interp != "" && !hdl.Options().NoDepends {
+			hdl.Logger().Printf("interpreter for %s => %s", basename, interp)
+
+			// musl interpreter is a symlink back to itself, so we want to use the non-symlink name as
+			// the dependency.
+			interpName := fmt.Sprintf("so:%s", filepath.Base(interp))
+			interpName = strings.ReplaceAll(interpName, "so:ld-musl", "so:libc.musl")
+			generated.Runtime = append(generated.Runtime, interpName)
+		}
+
+		libs, err := ef.ImportedLibraries()
+		if err != nil {
+			hdl.Logger().Warnf("WTF: ImportedLibraries() returned error: %v", err)
+			return nil
+		}
+
+		if !hdl.Options().NoDepends {
+			for _, lib := range libs {
+				if strings.Contains(lib, ".so.") {
+					generated.Runtime = append(generated.Runtime, fmt.Sprintf("so:%s", lib))
+					depends[lib] = append(depends[lib], path)
+				}
 			}
+		}
 
-			libs, err := ef.ImportedLibraries()
+		if hdl.Options().NoProvides {
+			return nil
+		}
+
+		// An executable program should never have a SONAME, but apparently binaries built
+		// with some versions of jlink do.  Thus, if an interpreter is set (meaning it is an
+		// executable program), we do not scan the object for SONAMEs.
+		//
+		// Ugh: libc.so.6 has an PT_INTERP set on itself to make the `/lib/libc.so.6 --about`
+		// functionality work.  So we always generate provides entries for libc.
+		if interp == "" || strings.HasPrefix(basename, "libc") {
+			sonames, err := ef.DynString(elf.DT_SONAME)
+			// most likely SONAME is not set on this object
 			if err != nil {
-				hdl.Logger().Warnf("WTF: ImportedLibraries() returned error: %v", err)
+				hdl.Logger().Warnf("library %s lacks SONAME", path)
 				return nil
 			}
 
-			if !hdl.Options().NoDepends {
-				for _, lib := range libs {
-					if strings.Contains(lib, ".so.") {
-						generated.Runtime = append(generated.Runtime, fmt.Sprintf("so:%s", lib))
-						depends[lib] = append(depends[lib], path)
-					}
-				}
-			}
+			for _, soname := range sonames {
+				parts := strings.Split(soname, ".so.")
 
-			// An executable program should never have a SONAME, but apparently binaries built
-			// with some versions of jlink do.  Thus, if an interpreter is set (meaning it is an
-			// executable program), we do not scan the object for SONAMEs.
-			//
-			// Ugh: libc.so.6 has an PT_INTERP set on itself to make the `/lib/libc.so.6 --about`
-			// functionality work.  So we always generate provides entries for libc.
-			if !hdl.Options().NoProvides && (interp == "" || strings.HasPrefix(basename, "libc")) {
-				sonames, err := ef.DynString(elf.DT_SONAME)
-				// most likely SONAME is not set on this object
-				if err != nil {
-					hdl.Logger().Warnf("library %s lacks SONAME", path)
-					return nil
+				var libver string
+				if len(parts) > 1 {
+					libver = parts[1]
+				} else {
+					libver = "0"
 				}
 
-				for _, soname := range sonames {
-					parts := strings.Split(soname, ".so.")
-
-					var libver string
-					if len(parts) > 1 {
-						libver = parts[1]
-					} else {
-						libver = "0"
-					}
-
-					if allowedPrefix(path, libDirs) {
-						generated.Provides = append(generated.Provides, fmt.Sprintf("so:%s=%s", soname, libver))
-					} else {
-						generated.Vendored = append(generated.Vendored, fmt.Sprintf("so:%s=%s", soname, libver))
-					}
+				if allowedPrefix(path, libDirs) {
+					generated.Provides = append(generated.Provides, fmt.Sprintf("so:%s=%s", soname, libver))
+				} else {
+					generated.Vendored = append(generated.Vendored, fmt.Sprintf("so:%s=%s", soname, libver))
 				}
 			}
 		}