Comments (4)
Rupikz
commented on July 3, 2024
2
Thanks for the reply.
You can use "vulhub/spring-security" image to reproduce this.
After execute command:
SYFT_FILE_METADATA_SELECTION=all syft vulhub/spring-security:5.6.3 -o syft-json=new.json && syft convert new.json -o syft-json=converted.jsonSyft print too many warnings:
✔ Loaded image vulhub/spring-security:5.6.3
✔ Parsed image sha256:ce8a41189a055e3a59e21cc7b377c3e2aa766e7bdaf0b10ecd0ad05cc6c9c312
✔ Cataloged contents 88167988b3d238cbe343f7c4e00116825e5827dab707679b1915fa8dfc2c9870
├── ✔ Packages [115 packages]
├── ✔ File digests [1,630 files]
├── ✔ File metadata [1,896 locations]
└── ✔ Executables [205 executables]
A newer version of syft is available for download: 1.5.0 (installed version is 1.4.1)
[0000] WARN invalid mode found in file catalog @ location=Location<RealPath="/usr/share/alsa/ucm/tegraalc5632" Layer="sha256:ceaf9e1ebef5f9eaa707a838848a3c13800fcf32d7757be10d4b08fb85f1bc8a"> mode='�': value 20000000755 is out of t
[0000] WARN invalid mode found in file catalog @ location=Location<RealPath="/usr/share/apk" Layer="sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81"> mode='�': value 20000000755 is out of the range that int3
[0000] WARN invalid mode found in file catalog @ location=Location<RealPath="/usr/share/apk/keys" Layer="sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81"> mode='�': value 20000000755 is out of the range that
[0000] WARN invalid mode found in file catalog @ location=Location<RealPath="/usr/share/apk/keys/aarch64" Layer="sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81"> mode='�': value 20000000755 is out of the ra
[0000] WARN invalid mode found in file catalog @ location=Location<RealPath="/usr/share/apk/keys/armhf" Layer="sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81"> mode='�': value 20000000755 is out of the rang
[0000] WARN invalid mode found in file catalog @ location=Location<RealPath="/usr/share/apk/keys/ppc64le" Layer="sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81"> mode='�': value 20000000755 is out of the ra
[0000] WARN invalid mode found in file catalog @ location=Location<RealPath="/usr/share/apk/keys/s390x" Layer="sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81"> mode='�': value 20000000755 is out of the rang
[0000] WARN invalid mode found in file catalog @ location=Location<RealPath="/usr/share/apk/keys/x86" Layer="sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81"> mode='�': value 20000000755 is out of the range
[0000] WARN invalid mode found in file catalog @ location=Location<RealPath="/usr/share/apk/keys/x86_64" Layer="sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81"> mode='�': value 20000000755 is out of the ran
[0000] WARN invalid mode found in file catalog @ location=Location<RealPath="/usr/share/ca-certificates" Layer="sha256:ceaf9e1ebef5f9eaa707a838848a3c13800fcf32d7757be10d4b08fb85f1bc8a"> mode='�': value 20000000755 is out of the ran
[0000] WARN invalid mode found in file catalog @ location=Location<RealPath="/usr/share/ca-certificates/mozilla" Layer="sha256:ceaf9e1ebef5f9eaa707a838848a3c13800fcf32d7757be10d4b08fb85f1bc8a"> mode='�': value 20000000755 is out of
[0000] WARN invalid mode found in file catalog @ location=Location<RealPath="/usr/share/man" Layer="sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81"> mode='�': value 20000000755 is out of the range that int3
[0000] WARN invalid mode found in file catalog @ location=Location<RealPath="/usr/share/misc" Layer="sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81"> mode='�': value 20000000755 is out of the range that int
[0000] WARN invalid mode found in file catalog @ location=Location<RealPath="/usr/share/p11-kit" Layer="sha256:ceaf9e1ebef5f9eaa707a838848a3c13800fcf32d7757be10d4b08fb85f1bc8a"> mode='�': value 20000000755 is out of the range that
[0000] WARN invalid mode found in file catalog @ location=Location<RealPath="/usr/share/p11-kit/modules" Layer="sha256:ceaf9e1ebef5f9eaa707a838848a3c13800fcf32d7757be10d4b08fb85f1bc8a"> mode='�': value 20000000755 is out of the ran
[0000] WARN invalid mode found in file catalog @ location=Location<RealPath="/var" Layer="sha256:ceaf9e1ebef5f9eaa707a838848a3c13800fcf32d7757be10d4b08fb85f1bc8a"> mode='�': value 20000000755 is out of the range that int32 can repr
[0000] WARN invalid mode found in file catalog @ location=Location<RealPath="/var/cache" Layer="sha256:ceaf9e1ebef5f9eaa707a838848a3c13800fcf32d7757be10d4b08fb85f1bc8a"> mode='�': value 20000000755 is out of the range that int32 ca
[0000] WARN invalid mode found in file catalog @ location=Location<RealPath="/var/cache/apk" Layer="sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81"> mode='�': value 20000000755 is out of the range that int3
[0000] WARN invalid mode found in file catalog @ location=Location<RealPath="/var/cache/misc" Layer="sha256:ceaf9e1ebef5f9eaa707a838848a3c13800fcf32d7757be10d4b08fb85f1bc8a"> mode='�': value 20000000755 is out of the range that int
[0000] WARN invalid mode found in file catalog @ location=Location<RealPath="/var/empty" Layer="sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81"> mode='�': value 20000000555 is out of the range that int32 ca
[0000] WARN invalid mode found in file catalog @ location=Location<RealPath="/var/lib" Layer="sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81"> mode='�': value 20000000755 is out of the range that int32 can
[0000] WARN invalid mode found in file catalog @ location=Location<RealPath="/var/lib/apk" Layer="sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81"> mode='�': value 20000000755 is out of the range that int32
[0000] WARN invalid mode found in file catalog @ location=Location<RealPath="/var/lib/misc" Layer="sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81"> mode='�': value 20000000755 is out of the range that int32
[0000] WARN invalid mode found in file catalog @ location=Location<RealPath="/var/lib/udhcpd" Layer="sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81"> mode='�': value 20000000755 is out of the range that int
[0000] WARN invalid mode found in file catalog @ location=Location<RealPath="/var/local" Layer="sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81"> mode='�': value 20000000755 is out of the range that int32 ca
[0000] WARN invalid mode found in file catalog @ location=Location<RealPath="/var/lock" Layer="sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81"> mode='�': value 20000000755 is out of the range that int32 can
[0000] WARN invalid mode found in file catalog @ location=Location<RealPath="/var/lock/subsys" Layer="sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81"> mode='�': value 20000000755 is out of the range that in
[0000] WARN invalid mode found in file catalog @ location=Location<RealPath="/var/log" Layer="sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81"> mode='�': value 20000000755 is out of the range that int32 can
[0000] WARN invalid mode found in file catalog @ location=Location<RealPath="/var/opt" Layer="sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81"> mode='�': value 20000000755 is out of the range that int32 can
[0000] WARN invalid mode found in file catalog @ location=Location<RealPath="/var/spool" Layer="sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81"> mode='�': value 20000000755 is out of the range that int32 ca
[0000] WARN invalid mode found in file catalog @ location=Location<RealPath="/var/spool/cron" Layer="sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81"> mode='�': value 20000000755 is out of the range that int
[0000] WARN invalid mode found in file catalog @ location=Location<RealPath="/var/tmp" Layer="sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81"> mode='�': value 20004000777 is out of the range that int32 can
A newer version of syft is available for download: 1.5.0 (installed version is 1.4.1)And if check final sbom, all files with type metadata.type=Directory have mode=0
from syft.
tgerla
commented on July 3, 2024
Hi @Rupikz, thanks for the report! Do you have an image or container and a sequence of conversions that can be used to reproduce this? That would be very helpful for us to solve the problem. Thanks.
from syft.
Rupikz
commented on July 3, 2024
Related PR #2605
from syft.
spiffcs
commented on July 3, 2024
Thanks @Rupikz - let me take a look at that old PR and see if I can make some time to get a fix in for this
from syft.
Related Issues (20)
- Very High Memory Usage Using Syft HOT 1
- Poetry's multiple constraints seems to break the parser
- Add ability to use distributed ruleset HOT 1
- Show dependencies for Github Actions
- Issue scanning Poetry Project with Syft 1.6 and cataloger=python-package-cataloger HOT 5
- The ability to extract the contents of the license file (LICENSE.txt) itself HOT 3
- Nondeterministic SBOM generation
- Include repository_url information in PURLs for non-default repository packages
- `License` field in Python package metadata could be name or full text HOT 2
- Python libraries licenses are not gathered HOT 2
- Add CycloneDX 1.6 Support HOT 3
- Add support for java "kar" files
- Syft reports the wrong version of the package (F/P findings on Grype result) HOT 1
- CycloneDX group field not symmetrically handled by encoder/decoders
- Syft tries to create the cache directory at a location that has no permission HOT 3
- linux-kernel-module cataloger doesn't extract version HOT 6
- "none" under file selection in configuration doesn't work as expected HOT 1
- Use VirtualPath to build Dependencies section HOT 1
- No Supplier for each component within SBOM HOT 1
- Nix cataloger should use find by glob instead of iterating over all files
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from syft.