unable to read golang buildinfo error=not a Go executable file #1039

workerus · 2022-12-15T22:38:09Z

What happened:

In Grype version 0.54.0 when i scan an image with increased verbosity -vv there are warnings:

./grype trivy -vv

[0003] WARN unable to read golang buildinfo error=not a Go executable file=/bin/busybox form-lib=syft
[0003] WARN golang cataloger: bin parsing: number of builds and readers doesn't match form-lib=syft
[0003] WARN unable to read golang buildinfo error=not a Go executable file=/lib/ld-musl-x86_64.so.1 form-lib=syft
[0003] WARN golang cataloger: bin parsing: number of builds and readers doesn't match form-lib=syft
[0003] WARN unable to read golang buildinfo error=not a Go executable file=/lib/libapk.so.3.12.0 form-lib=syft
[0003] WARN golang cataloger: bin parsing: number of builds and readers doesn't match form-lib=syft
[0003] WARN unable to read golang buildinfo error=not a Go executable file=/lib/libcrypto.so.1.1 form-lib=syft
[0003] WARN golang cataloger: bin parsing: number of builds and readers doesn't match form-lib=syft
[0003] WARN unable to read golang buildinfo error=not a Go executable file=/lib/libssl.so.1.1 form-lib=syft
[0003] WARN golang cataloger: bin parsing: number of builds and readers doesn't match form-lib=syft
[0003] WARN unable to read golang buildinfo error=not a Go executable file=/lib/libz.so.1.2.12 form-lib=syft

WARN some package(s) are missing CPEs. This may result in missing vulnerabilities. You may autogenerate these using: --add-cpes-if-none

What you expected to happen:

I think these warnings should be fixed.

How to reproduce it (as minimally and precisely as possible):

Scan any image and you'll get these warnings.
./grype nginx -vv

Anything else we need to know?:

Environment:

Output of grype version:

# ./grype version
Application:          grype
Version:                 0.54.0
Syft Version:          v0.63.0
BuildDate:             2022-12-14T00:35:44Z
GitCommit:           93499eec7e3ce2704755e9f51457181b06b519c5
GitDescription:      v0.54.0
Platform:               linux/amd64
GoVersion:            go1.18.1
Compiler:              gc
Supported DB Schema:  5

OS (e.g: cat /etc/os-release or similar):
Rocky Linux release 8.6

The text was updated successfully, but these errors were encountered:

wagoodman · 2022-12-22T21:49:51Z

I agree the log output should not appear. The issue is here https://github.com/anchore/syft/blob/main/syft/pkg/cataloger/golang/scan_binary.go where we're making the assumption that any binary passed in is a go binary, however, that is not always the case since we select files by MIME type.

We should probably change the execution path to return an error and ignore the error in the context of the go binary cataloger.

kzantow · 2022-12-22T22:30:50Z

I'm going to close this as a duplicate, as this a Syft related issue, which was reported in: anchore/syft#1403

workerus added the bug Something isn't working label Dec 15, 2022

tgerla added this to OSS Dec 16, 2022

wagoodman moved this to Parking Lot (Comments or Progress) in OSS Dec 22, 2022

kzantow mentioned this issue Dec 22, 2022

Excessive "unable to read golang buildinfo error=not a Go executable file" warnings in versions after v0.62.1 anchore/syft#1403

Closed

kzantow closed this as not planned Won't fix, can't repro, duplicate, stale Dec 22, 2022

Repository owner moved this from Parking Lot (Comments or Progress) to Done in OSS Dec 22, 2022

kzantow added the duplicate This issue or pull request already exists label Dec 22, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

unable to read golang buildinfo error=not a Go executable file #1039

unable to read golang buildinfo error=not a Go executable file #1039

workerus commented Dec 15, 2022

wagoodman commented Dec 22, 2022

kzantow commented Dec 22, 2022