Uploaded image for project: 'Project Quay'
  1. Project Quay
  2. PROJQUAY-48

DPKG Package Scanner unexpected EOF

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Won't Do
    • Icon: Major Major
    • None
    • None
    • clair

      Running libindex with just the DPKG ecosystem (to isolate the issue) an attempt to match vulnerabilities is made to a centos/7 image. DPKG package scanner chokes on unexpected EOF.

      Manifest to reproduce issue

      {
    "hash": "3191230dd868c0752c285f7a19378ea8262fae047ef82c7e1f2b001280f90be6",
    "layers": [
        {
            "hash": "8ba884070f611d31cb2c42eddb691319dc9facf5e0ec67672fcfa135181ab3df",
            "remote_path": {
                "uri": "https://storage.googleapis.com/quay-sandbox-01/datastorage/registry/sha256/8b/8ba884070f611d31cb2c42eddb691319dc9facf5e0ec67672fcfa135181ab3df"
            }
        },
        {
            "hash": "768e5aaf2d87cb0e2c8d5d77aa5421b9ba66476a39f1146f464ea90df8291899",
            "remote_path": {
                "uri": "https://storage.googleapis.com/quay-sandbox-01/datastorage/registry/sha256/76/768e5aaf2d87cb0e2c8d5d77aa5421b9ba66476a39f1146f464ea90df8291899"
            }
        },
        {
            "hash": "3c02b4cc7037ee318beb71d402d01a090915e216b335dff0e90f69a506b17571",
            "remote_path": {
                "uri": "https://storage.googleapis.com/quay-sandbox-01/datastorage/registry/sha256/3c/3c02b4cc7037ee318beb71d402d01a090915e216b335dff0e90f69a506b17571"
            }
        }
    ]
}

      IndexLog

      4:26AM DBG starting http server on 0.0.0.0:8080
4:26AM INF starting scan component=scan-controller manifest=3191230dd868c0752c285f7a19378ea8262fae047ef82c7e1f2b001280f90be6 state=CheckManifest
4:26AM INF manifest will be scanned component=scan-controller manifest=3191230dd868c0752c285f7a19378ea8262fae047ef82c7e1f2b001280f90be6 state=CheckManifest
4:26AM INF starting layer fetch component=scan-controller manifest=3191230dd868c0752c285f7a19378ea8262fae047ef82c7e1f2b001280f90be6 state=FetchLayers
4:26AM DBG fetching 3 layers component=scan-controller manifest=3191230dd868c0752c285f7a19378ea8262fae047ef82c7e1f2b001280f90be6 state=FetchLayers
4:27AM INF layers successfully fetched component=scan-controller manifest=3191230dd868c0752c285f7a19378ea8262fae047ef82c7e1f2b001280f90be6 state=FetchLayers
4:27AM INF starting layer scan component=scan-controller manifest=3191230dd868c0752c285f7a19378ea8262fae047ef82c7e1f2b001280f90be6 state=ScanLayers
4:27AM DBG start component=package_scanner kind=package layer=768e5aaf2d87cb0e2c8d5d77aa5421b9ba66476a39f1146f464ea90df8291899 name=dpkg version=v0.0.1
4:27AM DBG scanned for possible databases component=package_scanner kind=package layer=768e5aaf2d87cb0e2c8d5d77aa5421b9ba66476a39f1146f464ea90df8291899 name=dpkg version=v0.0.1
4:27AM DBG done component=package_scanner kind=package layer=768e5aaf2d87cb0e2c8d5d77aa5421b9ba66476a39f1146f464ea90df8291899 name=dpkg version=v0.0.1
4:27AM DBG start component=package_scanner kind=package layer=3c02b4cc7037ee318beb71d402d01a090915e216b335dff0e90f69a506b17571 name=dpkg version=v0.0.1
4:27AM WRN reading next header failed error="unexpected EOF" component=package_scanner kind=package layer=3c02b4cc7037ee318beb71d402d01a090915e216b335dff0e90f69a506b17571 name=dpkg version=v0.0.1
4:27AM DBG done component=package_scanner kind=package layer=3c02b4cc7037ee318beb71d402d01a090915e216b335dff0e90f69a506b17571 name=dpkg version=v0.0.1
4:27AM DBG start component=package_scanner kind=package layer=8ba884070f611d31cb2c42eddb691319dc9facf5e0ec67672fcfa135181ab3df name=dpkg version=v0.0.1
4:27AM DBG start component=dist_scanner kind=distribution layer=3c02b4cc7037ee318beb71d402d01a090915e216b335dff0e90f69a506b17571 name=os-release version=v0.0.2
4:27AM DBG start component=dist_scanner kind=distribution layer=768e5aaf2d87cb0e2c8d5d77aa5421b9ba66476a39f1146f464ea90df8291899 name=os-release version=v0.0.2
4:27AM DBG didn't find an os-release file component=dist_scanner kind=distribution layer=768e5aaf2d87cb0e2c8d5d77aa5421b9ba66476a39f1146f464ea90df8291899 name=os-release version=v0.0.2
4:27AM DBG done component=dist_scanner kind=distribution layer=768e5aaf2d87cb0e2c8d5d77aa5421b9ba66476a39f1146f464ea90df8291899 name=os-release version=v0.0.2
4:27AM DBG done component=dist_scanner kind=distribution layer=3c02b4cc7037ee318beb71d402d01a090915e216b335dff0e90f69a506b17571 name=os-release version=v0.0.2
4:27AM DBG scanned for possible databases component=package_scanner kind=package layer=8ba884070f611d31cb2c42eddb691319dc9facf5e0ec67672fcfa135181ab3df name=dpkg version=v0.0.1
4:27AM DBG done component=package_scanner kind=package layer=8ba884070f611d31cb2c42eddb691319dc9facf5e0ec67672fcfa135181ab3df name=dpkg version=v0.0.1
4:27AM ERR handling scan error component=scan-controller manifest=3191230dd868c0752c285f7a19378ea8262fae047ef82c7e1f2b001280f90be6 state=ScanLayers
4:27AM ERR countered error during scan: failed to scan all layer contents: scanner: dpkg error: reading next header failed: unexpected EOF error="failed to scan all layer contents: scanner: dpkg error: reading next header failed: unexpected EOF" component=scan-controller manifest=3191230dd868c0752c285f7a19378ea8262fae047ef82c7e1f2b001280f90be6

              Unassigned Unassigned
              ldelossa Louis DeLosSantos (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: