Remove OmitEmpty; fix nil pointer dereference (chainguard-dev#351)

* Remove OmitEmpty; fix nil pointer dereference Signed-off-by: egibs <[email protected]> * Prevent . being reported for rel path Signed-off-by: egibs <[email protected]> --------- Signed-off-by: egibs <[email protected]>
egibs · Jul 10, 2024 · 7a1a734 · 7a1a734
1 parent 2f158fb
commit 7a1a734
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 9 deletions.
diff --git a/bincapz.go b/bincapz.go
@@ -69,7 +69,6 @@ func main() {
 	errFirstMissFlag := flag.Bool("err-first-miss", false, "exit with error if scan source has no matching capabilities")
 	errFirstHitFlag := flag.Bool("err-first-hit", false, "exit with error if scan source has matching capabilities")
 	ociFlag := flag.Bool("oci", false, "Scan an OCI image")
-	omitEmptyFlag := flag.Bool("omit-empty", false, "Omit files that contain no matches")
 	quantityIncreasesRiskFlag := flag.Bool("quantity-increases-risk", true, "increase file risk score based on behavior quantity")
 	profileFlag := flag.Bool("profile", false, "Generate profile and trace files")
 	statsFlag := flag.Bool("stats", false, "Show statistics about the scan")
@@ -187,7 +186,6 @@ func main() {
 		MinRisk:               minRisk,
 		QuantityIncreasesFisk: *quantityIncreasesRiskFlag,
 		OCI:                   *ociFlag,
-		OmitEmpty:             *omitEmptyFlag,
 		Renderer:              renderer,
 		Rules:                 yrs,
 		ScanPaths:             args,

diff --git a/pkg/action/scan.go b/pkg/action/scan.go
@@ -102,8 +102,8 @@ func scanSinglePath(ctx context.Context, c bincapz.Config, yrs *yara.Rules, path
 		fr.Path = fmt.Sprintf("%s ∴ %s", absPath, formatPath(cleanPath))
 	}
 
-	if len(fr.Behaviors) == 0 && c.OmitEmpty {
-		return nil, nil
+	if len(fr.Behaviors) == 0 {
+		return &bincapz.FileReport{Path: path}, nil
 	}
 
 	return &fr, nil
@@ -296,16 +296,17 @@ func processFile(ctx context.Context, c bincapz.Config, yrs *yara.Rules, path st
 		logger.Errorf("scan path: %v", err)
 		return nil, nil
 	}
-	if fr.Error != "" {
-		logger.Debugf("scan error: %s", fr.Error)
-		return nil, nil
-	}
 
 	if fr == nil {
 		logger.Infof("%s returned nil result", path)
 		return nil, nil
 	}
 
+	if fr.Error != "" {
+		logger.Errorf("scan error: %s", fr.Error)
+		return nil, nil
+	}
+
 	if c.Renderer != nil {
 		if fr.RiskScore < c.MinFileRisk {
 			// logger.Infof("%s [%d] does not meet min file risk [%d]", path, fr.RiskScore, c.MinFileRisk)

diff --git a/pkg/bincapz/bincapz.go b/pkg/bincapz/bincapz.go
@@ -24,7 +24,6 @@ type Config struct {
 	MinFileRisk           int
 	MinRisk               int
 	OCI                   bool
-	OmitEmpty             bool
 	Output                io.Writer
 	Renderer              Renderer
 	Rules                 *yara.Rules