Summary
Multiple bugs and performance issues in pkg/inspect/docker.go:
- P0 Bug:
discoverComposeFiles() passes 2>/dev/null as a literal argument to find (via exec.Command, which doesn't interpret shell redirections). Also, -type f is ungrouped and only applies to the last -name pattern.
- P0 Perf:
discoverContainers() runs N+1 shell commands (1 docker ps + N docker inspect). On 50 containers, this is ~15s of unnecessary latency.
- P1 Security:
os.ReadFile on discovered compose files has no size limit - a symlink to a multi-GB file causes OOM.
- P1 Correctness:
parseHumanSize uses binary multipliers (1024) but Docker uses SI/decimal (1000). 1GB returns 1073741824 instead of 1000000000.
- P1 Style: Emoji characters in log messages despite commit
9cd58733 removing them.
Root Cause
exec.Command API misunderstanding (shell syntax in non-shell context)- No batching strategy for Docker CLI calls
- Missing input validation on file reads
- Incorrect unit conversion assumption
- Incomplete emoji sweep
Fix
See PR for implementation.
Summary
Multiple bugs and performance issues in
pkg/inspect/docker.go:discoverComposeFiles()passes2>/dev/nullas a literal argument tofind(viaexec.Command, which doesn't interpret shell redirections). Also,-type fis ungrouped and only applies to the last-namepattern.discoverContainers()runs N+1 shell commands (1docker ps+ Ndocker inspect). On 50 containers, this is ~15s of unnecessary latency.os.ReadFileon discovered compose files has no size limit - a symlink to a multi-GB file causes OOM.parseHumanSizeuses binary multipliers (1024) but Docker uses SI/decimal (1000).1GBreturns1073741824instead of1000000000.9cd58733removing them.Root Cause
exec.CommandAPI misunderstanding (shell syntax in non-shell context)Fix
See PR for implementation.