From 081d4edc889204b29da98180907e8e0b10dd8a4a Mon Sep 17 00:00:00 2001
From: Justin Chadwell <me@jedevc.com>
Date: Fri, 18 Nov 2022 15:50:16 +0000
Subject: [PATCH] sbom: fix inconsistencies in sbom protocol

Since we construct the args for the image based on the Entrypoint + Cmd,
we shouldn't error out early if no Cmd is set, but only if neither
Entrypoint or Cmd are set.

Additionally, we should avoid setting BUILDKIT_SCAN_SOURCE_EXTRAS if no
extras have been specified.

Signed-off-by: Justin Chadwell <me@jedevc.com>
---
 frontend/attest/sbom.go | 22 +++++++++++++---------
 1 file changed, 13 insertions(+), 9 deletions(-)

diff --git a/frontend/attest/sbom.go b/frontend/attest/sbom.go
index 6c70a3d654a91..30218414c9251 100644
--- a/frontend/attest/sbom.go
+++ b/frontend/attest/sbom.go
@@ -38,7 +38,10 @@ func CreateSBOMScanner(ctx context.Context, resolver llb.ImageMetaResolver, scan
 	if err := json.Unmarshal(dt, &cfg); err != nil {
 		return nil, err
 	}
-	if len(cfg.Config.Cmd) == 0 {
+	var args []string
+	args = append(args, cfg.Config.Entrypoint...)
+	args = append(args, cfg.Config.Cmd...)
+	if len(args) == 0 {
 		return nil, errors.Errorf("scanner %s does not have cmd", scanner)
 	}
 
@@ -46,17 +49,18 @@ func CreateSBOMScanner(ctx context.Context, resolver llb.ImageMetaResolver, scan
 		srcDir := "/run/src/"
 		outDir := "/run/out/"
 
-		args := []string{}
-		args = append(args, cfg.Config.Entrypoint...)
-		args = append(args, cfg.Config.Cmd...)
-		runscan := llb.Image(scanner).Run(
+		opts := []llb.RunOption{
 			llb.Dir(cfg.Config.WorkingDir),
-			llb.AddEnv("BUILDKIT_SCAN_SOURCE", path.Join(srcDir, "core")),
-			llb.AddEnv("BUILDKIT_SCAN_SOURCE_EXTRAS", path.Join(srcDir, "extras/")),
-			llb.AddEnv("BUILDKIT_SCAN_DESTINATION", outDir),
 			llb.Args(args),
-			llb.WithCustomName(fmt.Sprintf("[%s] generating sbom using %s", name, scanner)))
+			llb.WithCustomName(fmt.Sprintf("[%s] generating sbom using %s", name, scanner)),
+			llb.AddEnv("BUILDKIT_SCAN_DESTINATION", outDir),
+			llb.AddEnv("BUILDKIT_SCAN_SOURCE", path.Join(srcDir, "core")),
+		}
+		if len(extras) > 0 {
+			opts = append(opts, llb.AddEnv("BUILDKIT_SCAN_SOURCE_EXTRAS", path.Join(srcDir, "extras/")))
+		}
 
+		runscan := llb.Image(scanner).Run(opts...)
 		runscan.AddMount(path.Join(srcDir, "core"), ref, llb.Readonly)
 		for k, extra := range extras {
 			runscan.AddMount(path.Join(srcDir, "extras", k), extra, llb.Readonly)