fix: only skip tmpfs mounts for some paths (#2918)

* fix: only skip tmpfs mounts for some paths Signed-off-by: Will Murphy <will.murphy@anchore.com> * refactor and add tests Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add regression test for archive processing Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * bump to golang 1.22 Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * remove rule 1 and add more tests Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Will Murphy <will.murphy@anchore.com> Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
anchore · Jun 4, 2024 · 557ad73 · 557ad73
1 parent cb09dd9
commit 557ad73
Show file tree

Hide file tree

Showing 10 changed files with 669 additions and 199 deletions.
diff --git a/.github/actions/bootstrap/action.yaml b/.github/actions/bootstrap/action.yaml
@@ -5,7 +5,7 @@ inputs:
   go-version:
     description: "Go version to install"
     required: true
-    default: "1.21.x"
+    default: "1.22.x"
   go-dependencies:
     description: "Download go dependencies"
     required: true

diff --git a/go.mod b/go.mod
@@ -1,6 +1,6 @@
 module github.com/anchore/syft
 
-go 1.21.0
+go 1.22.0
 
 require (
 	github.com/CycloneDX/cyclonedx-go v0.8.0

diff --git a/syft/internal/fileresolver/directory_indexer.go b/syft/internal/fileresolver/directory_indexer.go
@@ -9,13 +9,11 @@ import (
 	"path/filepath"
 	"strings"
 
-	"github.com/moby/sys/mountinfo"
 	"github.com/wagoodman/go-partybus"
 	"github.com/wagoodman/go-progress"
 
 	"github.com/anchore/stereoscope/pkg/file"
 	"github.com/anchore/stereoscope/pkg/filetree"
-	"github.com/anchore/syft/internal"
 	"github.com/anchore/syft/internal/bus"
 	"github.com/anchore/syft/internal/log"
 	"github.com/anchore/syft/syft/event"
@@ -43,7 +41,8 @@ func newDirectoryIndexer(path, base string, visitors ...PathIndexVisitor) *direc
 			[]PathIndexVisitor{
 				requireFileInfo,
 				disallowByFileType,
-				newUnixSystemMountFinder().disallowUnixSystemRuntimePath},
+				skipPathsByMountTypeAndName(path),
+			},
 			visitors...,
 		),
 		errPaths: make(map[string]error),
@@ -450,57 +449,6 @@ func (r *directoryIndexer) disallowRevisitingVisitor(_, path string, _ os.FileIn
 	return nil
 }
 
-type unixSystemMountFinder struct {
-	disallowedMountPaths []string
-}
-
-func newUnixSystemMountFinder() unixSystemMountFinder {
-	infos, err := mountinfo.GetMounts(nil)
-	if err != nil {
-		log.WithFields("error", err).Warnf("unable to get system mounts")
-		return unixSystemMountFinder{}
-	}
-
-	return unixSystemMountFinder{
-		disallowedMountPaths: keepUnixSystemMountPaths(infos),
-	}
-}
-
-func keepUnixSystemMountPaths(infos []*mountinfo.Info) []string {
-	var mountPaths []string
-	for _, info := range infos {
-		if info == nil {
-			continue
-		}
-		// we're only interested in ignoring the logical filesystems typically found at these mount points:
-		// - /proc
-		//     - procfs
-		//     - proc
-		// - /sys
-		//     - sysfs
-		// - /dev
-		//     - devfs - BSD/darwin flavored systems and old linux systems
-		//     - devtmpfs - driver core maintained /dev tmpfs
-		//     - udev - userspace implementation that replaced devfs
-		//     - tmpfs - used for /dev in special instances (within a container)
-
-		switch info.FSType {
-		case "proc", "procfs", "sysfs", "devfs", "devtmpfs", "udev", "tmpfs":
-			log.WithFields("mountpoint", info.Mountpoint).Debug("ignoring system mountpoint")
-
-			mountPaths = append(mountPaths, info.Mountpoint)
-		}
-	}
-	return mountPaths
-}
-
-func (f unixSystemMountFinder) disallowUnixSystemRuntimePath(_, path string, _ os.FileInfo, _ error) error {
-	if internal.HasAnyOfPrefixes(path, f.disallowedMountPaths...) {
-		return fs.SkipDir
-	}
-	return nil
-}
-
 func disallowByFileType(_, _ string, info os.FileInfo, _ error) error {
 	if info == nil {
 		// we can't filter out by filetype for non-existent files

diff --git a/syft/internal/fileresolver/directory_indexer_test.go b/syft/internal/fileresolver/directory_indexer_test.go
@@ -10,7 +10,6 @@ import (
 	"testing"
 
 	"github.com/google/go-cmp/cmp"
-	"github.com/moby/sys/mountinfo"
 	"github.com/scylladb/go-set/strset"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -462,145 +461,3 @@ func relativePath(basePath, givenPath string) string {
 
 	return relPath
 }
-
-func Test_disallowUnixSystemRuntimePath(t *testing.T) {
-	unixSubject := unixSystemMountFinder{
-		// mock out detecting the mount points
-		disallowedMountPaths: []string{"/proc", "/sys", "/dev"},
-	}
-
-	tests := []struct {
-		name     string
-		path     string
-		base     string
-		expected error
-	}{
-		{
-			name: "relative path to proc is allowed",
-			path: "proc/place",
-		},
-		{
-			name:     "relative path within proc is not allowed",
-			path:     "/proc/place",
-			expected: fs.SkipDir,
-		},
-		{
-			name:     "path exactly to proc is not allowed",
-			path:     "/proc",
-			expected: fs.SkipDir,
-		},
-		{
-			name: "similar to proc",
-			path: "/pro/c",
-		},
-		{
-			name: "similar to proc",
-			path: "/pro",
-		},
-		{
-			name:     "dev is not allowed",
-			path:     "/dev",
-			expected: fs.SkipDir,
-		},
-		{
-			name:     "sys is not allowed",
-			path:     "/sys",
-			expected: fs.SkipDir,
-		},
-		{
-			name: "unrelated allowed path",
-			path: "/something/sys",
-		},
-		{
-			name: "do not consider base when matching paths (non-matching)",
-			base: "/a/b/c",
-			path: "/a/b/c/dev",
-		},
-		{
-			name:     "do not consider base when matching paths (matching)",
-			base:     "/a/b/c",
-			path:     "/dev",
-			expected: fs.SkipDir,
-		},
-	}
-	for _, test := range tests {
-		t.Run(test.path, func(t *testing.T) {
-			assert.Equal(t, test.expected, unixSubject.disallowUnixSystemRuntimePath(test.base, test.path, nil, nil))
-		})
-	}
-}
-
-func Test_keepUnixSystemMountPaths(t *testing.T) {
-
-	tests := []struct {
-		name  string
-		infos []*mountinfo.Info
-		want  []string
-	}{
-		{
-			name: "all valid filesystems",
-			infos: []*mountinfo.Info{
-				{
-					Mountpoint: "/etc/hostname",
-					FSType:     "/dev/vda1",
-				},
-				{
-					Mountpoint: "/sys/fs/cgroup",
-					FSType:     "cgroup",
-				},
-				{
-					Mountpoint: "/",
-					FSType:     "overlay",
-				},
-			},
-			want: nil,
-		},
-		{
-			name: "no valid filesystems",
-			infos: []*mountinfo.Info{
-				{
-					Mountpoint: "/proc",
-					FSType:     "proc",
-				},
-				{
-					Mountpoint: "/proc-2",
-					FSType:     "procfs",
-				},
-				{
-					Mountpoint: "/sys",
-					FSType:     "sysfs",
-				},
-				{
-					Mountpoint: "/dev",
-					FSType:     "devfs",
-				},
-				{
-					Mountpoint: "/dev-u",
-					FSType:     "udev",
-				},
-				{
-					Mountpoint: "/dev-tmp",
-					FSType:     "devtmpfs",
-				},
-				{
-					Mountpoint: "/run",
-					FSType:     "tmpfs",
-				},
-			},
-			want: []string{
-				"/proc",
-				"/proc-2",
-				"/sys",
-				"/dev",
-				"/dev-u",
-				"/dev-tmp",
-				"/run",
-			},
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			assert.Equal(t, tt.want, keepUnixSystemMountPaths(tt.infos))
-		})
-	}
-}