Comments (4)
Thanks for the reply.
You can use "vulhub/spring-security" image to reproduce this.
After execute command:
SYFT_FILE_METADATA_SELECTION=all syft vulhub/spring-security:5.6.3 -o syft-json=new.json && syft convert new.json -o syft-json=converted.json
Syft print too many warnings:
✔ Loaded image vulhub/spring-security:5.6.3
✔ Parsed image sha256:ce8a41189a055e3a59e21cc7b377c3e2aa766e7bdaf0b10ecd0ad05cc6c9c312
✔ Cataloged contents 88167988b3d238cbe343f7c4e00116825e5827dab707679b1915fa8dfc2c9870
├── ✔ Packages [115 packages]
├── ✔ File digests [1,630 files]
├── ✔ File metadata [1,896 locations]
└── ✔ Executables [205 executables]
A newer version of syft is available for download: 1.5.0 (installed version is 1.4.1)
[0000] WARN invalid mode found in file catalog @ location=Location<RealPath="/usr/share/alsa/ucm/tegraalc5632" Layer="sha256:ceaf9e1ebef5f9eaa707a838848a3c13800fcf32d7757be10d4b08fb85f1bc8a"> mode='�': value 20000000755 is out of t
[0000] WARN invalid mode found in file catalog @ location=Location<RealPath="/usr/share/apk" Layer="sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81"> mode='�': value 20000000755 is out of the range that int3
[0000] WARN invalid mode found in file catalog @ location=Location<RealPath="/usr/share/apk/keys" Layer="sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81"> mode='�': value 20000000755 is out of the range that
[0000] WARN invalid mode found in file catalog @ location=Location<RealPath="/usr/share/apk/keys/aarch64" Layer="sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81"> mode='�': value 20000000755 is out of the ra
[0000] WARN invalid mode found in file catalog @ location=Location<RealPath="/usr/share/apk/keys/armhf" Layer="sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81"> mode='�': value 20000000755 is out of the rang
[0000] WARN invalid mode found in file catalog @ location=Location<RealPath="/usr/share/apk/keys/ppc64le" Layer="sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81"> mode='�': value 20000000755 is out of the ra
[0000] WARN invalid mode found in file catalog @ location=Location<RealPath="/usr/share/apk/keys/s390x" Layer="sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81"> mode='�': value 20000000755 is out of the rang
[0000] WARN invalid mode found in file catalog @ location=Location<RealPath="/usr/share/apk/keys/x86" Layer="sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81"> mode='�': value 20000000755 is out of the range
[0000] WARN invalid mode found in file catalog @ location=Location<RealPath="/usr/share/apk/keys/x86_64" Layer="sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81"> mode='�': value 20000000755 is out of the ran
[0000] WARN invalid mode found in file catalog @ location=Location<RealPath="/usr/share/ca-certificates" Layer="sha256:ceaf9e1ebef5f9eaa707a838848a3c13800fcf32d7757be10d4b08fb85f1bc8a"> mode='�': value 20000000755 is out of the ran
[0000] WARN invalid mode found in file catalog @ location=Location<RealPath="/usr/share/ca-certificates/mozilla" Layer="sha256:ceaf9e1ebef5f9eaa707a838848a3c13800fcf32d7757be10d4b08fb85f1bc8a"> mode='�': value 20000000755 is out of
[0000] WARN invalid mode found in file catalog @ location=Location<RealPath="/usr/share/man" Layer="sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81"> mode='�': value 20000000755 is out of the range that int3
[0000] WARN invalid mode found in file catalog @ location=Location<RealPath="/usr/share/misc" Layer="sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81"> mode='�': value 20000000755 is out of the range that int
[0000] WARN invalid mode found in file catalog @ location=Location<RealPath="/usr/share/p11-kit" Layer="sha256:ceaf9e1ebef5f9eaa707a838848a3c13800fcf32d7757be10d4b08fb85f1bc8a"> mode='�': value 20000000755 is out of the range that
[0000] WARN invalid mode found in file catalog @ location=Location<RealPath="/usr/share/p11-kit/modules" Layer="sha256:ceaf9e1ebef5f9eaa707a838848a3c13800fcf32d7757be10d4b08fb85f1bc8a"> mode='�': value 20000000755 is out of the ran
[0000] WARN invalid mode found in file catalog @ location=Location<RealPath="/var" Layer="sha256:ceaf9e1ebef5f9eaa707a838848a3c13800fcf32d7757be10d4b08fb85f1bc8a"> mode='�': value 20000000755 is out of the range that int32 can repr
[0000] WARN invalid mode found in file catalog @ location=Location<RealPath="/var/cache" Layer="sha256:ceaf9e1ebef5f9eaa707a838848a3c13800fcf32d7757be10d4b08fb85f1bc8a"> mode='�': value 20000000755 is out of the range that int32 ca
[0000] WARN invalid mode found in file catalog @ location=Location<RealPath="/var/cache/apk" Layer="sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81"> mode='�': value 20000000755 is out of the range that int3
[0000] WARN invalid mode found in file catalog @ location=Location<RealPath="/var/cache/misc" Layer="sha256:ceaf9e1ebef5f9eaa707a838848a3c13800fcf32d7757be10d4b08fb85f1bc8a"> mode='�': value 20000000755 is out of the range that int
[0000] WARN invalid mode found in file catalog @ location=Location<RealPath="/var/empty" Layer="sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81"> mode='�': value 20000000555 is out of the range that int32 ca
[0000] WARN invalid mode found in file catalog @ location=Location<RealPath="/var/lib" Layer="sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81"> mode='�': value 20000000755 is out of the range that int32 can
[0000] WARN invalid mode found in file catalog @ location=Location<RealPath="/var/lib/apk" Layer="sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81"> mode='�': value 20000000755 is out of the range that int32
[0000] WARN invalid mode found in file catalog @ location=Location<RealPath="/var/lib/misc" Layer="sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81"> mode='�': value 20000000755 is out of the range that int32
[0000] WARN invalid mode found in file catalog @ location=Location<RealPath="/var/lib/udhcpd" Layer="sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81"> mode='�': value 20000000755 is out of the range that int
[0000] WARN invalid mode found in file catalog @ location=Location<RealPath="/var/local" Layer="sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81"> mode='�': value 20000000755 is out of the range that int32 ca
[0000] WARN invalid mode found in file catalog @ location=Location<RealPath="/var/lock" Layer="sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81"> mode='�': value 20000000755 is out of the range that int32 can
[0000] WARN invalid mode found in file catalog @ location=Location<RealPath="/var/lock/subsys" Layer="sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81"> mode='�': value 20000000755 is out of the range that in
[0000] WARN invalid mode found in file catalog @ location=Location<RealPath="/var/log" Layer="sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81"> mode='�': value 20000000755 is out of the range that int32 can
[0000] WARN invalid mode found in file catalog @ location=Location<RealPath="/var/opt" Layer="sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81"> mode='�': value 20000000755 is out of the range that int32 can
[0000] WARN invalid mode found in file catalog @ location=Location<RealPath="/var/spool" Layer="sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81"> mode='�': value 20000000755 is out of the range that int32 ca
[0000] WARN invalid mode found in file catalog @ location=Location<RealPath="/var/spool/cron" Layer="sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81"> mode='�': value 20000000755 is out of the range that int
[0000] WARN invalid mode found in file catalog @ location=Location<RealPath="/var/tmp" Layer="sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81"> mode='�': value 20004000777 is out of the range that int32 can
A newer version of syft is available for download: 1.5.0 (installed version is 1.4.1)
And if check final sbom, all files with type metadata.type=Directory
have mode=0
from syft.
Hi @Rupikz, thanks for the report! Do you have an image or container and a sequence of conversions that can be used to reproduce this? That would be very helpful for us to solve the problem. Thanks.
from syft.
Related PR #2605
from syft.
Thanks @Rupikz - let me take a look at that old PR and see if I can make some time to get a fix in for this
from syft.
Related Issues (20)
- Very High Memory Usage Using Syft HOT 1
- Poetry's multiple constraints seems to break the parser
- Add ability to use distributed ruleset HOT 1
- Show dependencies for Github Actions
- Issue scanning Poetry Project with Syft 1.6 and cataloger=python-package-cataloger HOT 5
- The ability to extract the contents of the license file (LICENSE.txt) itself HOT 3
- Nondeterministic SBOM generation
- Include repository_url information in PURLs for non-default repository packages
- `License` field in Python package metadata could be name or full text HOT 2
- Python libraries licenses are not gathered HOT 2
- Add CycloneDX 1.6 Support HOT 3
- Add support for java "kar" files
- Syft reports the wrong version of the package (F/P findings on Grype result) HOT 1
- CycloneDX group field not symmetrically handled by encoder/decoders
- Syft tries to create the cache directory at a location that has no permission HOT 3
- linux-kernel-module cataloger doesn't extract version HOT 6
- "none" under file selection in configuration doesn't work as expected HOT 1
- Use VirtualPath to build Dependencies section HOT 1
- No Supplier for each component within SBOM HOT 1
- Nix cataloger should use find by glob instead of iterating over all files
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from syft.