From d5fa1e7f97090c200f2e4d9b97213c8028fbb6c9 Mon Sep 17 00:00:00 2001
From: Evan Gibler <20933572+egibs@users.noreply.github.com>
Date: Wed, 2 Oct 2024 12:31:15 -0500
Subject: [PATCH 1/2] Allow for multiple scan path inputs for `analyze` and
 `scan` (#480)

Signed-off-by: egibs <20933572+egibs@users.noreply.github.com>
---
 malcontent.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/malcontent.go b/malcontent.go
index d8f8c8c98..b385a2f9b 100644
--- a/malcontent.go
+++ b/malcontent.go
@@ -373,7 +373,7 @@ func main() {
 						mc.OCI = true
 					case c.String("image") == "" && !c.Bool("processes"):
 						cmdArgs := c.Args().Slice()
-						mc.ScanPaths = []string{cmdArgs[0]}
+						mc.ScanPaths = cmdArgs
 					case c.Bool("processes"):
 						mc.Processes = true
 					}
@@ -454,7 +454,7 @@ func main() {
 						mc.OCI = true
 					case c.String("image") == "" && !c.Bool("processes"):
 						cmdArgs := c.Args().Slice()
-						mc.ScanPaths = []string{cmdArgs[0]}
+						mc.ScanPaths = cmdArgs
 					case c.Bool("processes"):
 						mc.Processes = true
 					}

From 19e37ec420767fd17efbf5d65728f5efc13a9d75 Mon Sep 17 00:00:00 2001
From: Evan Gibler <20933572+egibs@users.noreply.github.com>
Date: Wed, 2 Oct 2024 12:59:56 -0500
Subject: [PATCH 2/2] Small archive extraction fixes; support bzip2 archives
 (#479)

Signed-off-by: egibs <20933572+egibs@users.noreply.github.com>
---
 pkg/action/archive.go     | 18 +++++++++++-------
 pkg/action/programkind.go |  2 ++
 2 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/pkg/action/archive.go b/pkg/action/archive.go
index fb3405900..8ed76b97f 100644
--- a/pkg/action/archive.go
+++ b/pkg/action/archive.go
@@ -3,6 +3,7 @@ package action
 import (
 	"archive/tar"
 	"archive/zip"
+	"compress/bzip2"
 	"compress/gzip"
 	"context"
 	"errors"
@@ -37,6 +38,11 @@ func extractTar(ctx context.Context, d string, f string) error {
 		return fmt.Errorf("failed to open file: %w", err)
 	}
 	defer tf.Close()
+	// Set offset to the file origin regardless of type
+	_, err = tf.Seek(0, io.SeekStart)
+	if err != nil {
+		return fmt.Errorf("failed to seek to start: %w", err)
+	}
 
 	var tr *tar.Reader
 
@@ -49,17 +55,15 @@ func extractTar(ctx context.Context, d string, f string) error {
 		defer gzStream.Close()
 		tr = tar.NewReader(gzStream)
 	case strings.Contains(filename, ".xz"):
-		_, err := tf.Seek(0, io.SeekStart) // Seek to start for xz reading
-		if err != nil {
-			return fmt.Errorf("failed to seek to start: %w", err)
-		}
 		xzStream, err := xz.NewReader(tf)
 		if err != nil {
 			return fmt.Errorf("failed to create xz reader: %w", err)
 		}
 		tr = tar.NewReader(xzStream)
+	case strings.Contains(filename, ".bz2") || strings.Contains(filename, ".bzip2"):
+		br := bzip2.NewReader(tf)
+		tr = tar.NewReader(br)
 	default:
-		_, err := tf.Seek(0, io.SeekStart) // Seek to start for tar reading
 		if err != nil {
 			return fmt.Errorf("failed to seek to start: %w", err)
 		}
@@ -68,7 +72,7 @@ func extractTar(ctx context.Context, d string, f string) error {
 
 	for {
 		header, err := tr.Next()
-		if errors.Is(err, io.EOF) {
+		if errors.Is(err, io.ErrUnexpectedEOF) || errors.Is(err, io.EOF) {
 			break
 		}
 		if err != nil {
@@ -350,7 +354,7 @@ func extractionMethod(ext string) func(context.Context, string, string) error {
 		return extractZip
 	case ".gz":
 		return extractGzip
-	case ".apk", ".gem", ".tar", ".tar.gz", ".tgz", ".tar.xz", ".xz":
+	case ".apk", ".bz2", ".bzip2", ".gem", ".tar", ".tar.gz", ".tgz", ".tar.xz", ".xz":
 		return extractTar
 	default:
 		return nil
diff --git a/pkg/action/programkind.go b/pkg/action/programkind.go
index c0aae904c..c1e704ed6 100644
--- a/pkg/action/programkind.go
+++ b/pkg/action/programkind.go
@@ -20,6 +20,8 @@ import (
 
 var archiveMap = map[string]bool{
 	".apk":    true,
+	".bz2":    true,
+	".bzip2":  true,
 	".gem":    true,
 	".gz":     true,
 	".jar":    true,