-
Notifications
You must be signed in to change notification settings - Fork 594
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for processing files with prepended bytes before the zip archive #428
Conversation
Benchmark Test ResultsBenchmark results from the latest changes vs base branch
|
} | ||
|
||
// OpenZip provides a ZipReadCloser for the given filepath. | ||
func OpenZip(filepath string) (*ZipReadCloser, error) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: Can OpenZip
be unexported?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
it can, but we should be opening all zips with this util now (including future uses of zip.OpenReader
should use this instead). It happens to be that no other function internally yet.
|
||
t.Logf("running from: %s", cwd) | ||
// create a temp file | ||
tmpFile, err := ioutil.TempFile("", "syft-ziputil-archive-TEST-") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"syft-ziputil-archive-TEST-"
— This string might be worth extracting as a constant, partially for consistency, partially for developer ease as we add tests.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
these should be roughly unique for each test or helper, I'll adjust the name.
return startOfArchive, nil | ||
} | ||
|
||
func findSignatureInBlock(b []byte) int { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is this func also derived from the zip package? it looks terrifying
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
it is (from the top of the file):
// directoryEndLen, readByf, directoryEnd, and findSignatureInBlock were copied from the golang stdlib, specifically:
// - https://github.com/golang/go/blob/go1.16.4/src/archive/zip/struct.go
// - https://github.com/golang/go/blob/go1.16.4/src/archive/zip/reader.go
// findArchiveStartOffset is derived from the same stdlib utils, specifically the readDirectoryEnd function.
4047760
to
452e55b
Compare
Signed-off-by: Alex Goodman <[email protected]>
Signed-off-by: Alex Goodman <[email protected]>
Signed-off-by: Alex Goodman <[email protected]>
Signed-off-by: Alex Goodman <[email protected]>
452e55b
to
6a398f9
Compare
Add support for processing files with prepended bytes before the zip archive
Today syft unzips java jars and catalogs all contents, however, jars (which are typically zip files) with shell scripts prepended to the archive are not supported by the stdlib. This PR adds support for processing the files as described in the above golang issue + #413 (comment) .
Specifically, this PR adds a new
ZipReadCloser
that is a drop-in replacement for the stdlibzip.ReadCloser
, but adds support for the above mentioned case (ignoring prepended bytes).This additionally updates the
TraverseFilesInZip
util function to only use the newZipReadCloser
, and in doing so all of the helper functions that useTraverseFilesInZip
also no longer usezip.ReadCloser
.The Springboot test-fixture has been updated to generate the self-executing tar which exhibits this behavior (which should be the same kind of jar as described in #413 ).
Closes #413