Loop in trivy error output when using the new logger

[helderco]

Thanks for adding Trivy, first of all!

When trivy reports vulnerabilities, there's a loop in the output that you can see in this video.

This does not happen with --log-format plain, and if the check passed.

[grouville]

Hi @helderco,
I wanted to take a few minutes to fix the issue, but can seem to reproduce. Do you, by any chance, have a record of the video / the container you used to check ?

[grouville]

Finally managed to reproduce it, sorry for the ping :-)

[helderco]

In any case, I've extended the link expiration 🙂

[aluzzardi]

I'm wondering if this is a Trivy or Dagger problem.

1. Containers launched by Dagger shouldn't have a TTY (and stdin should be closed I guess)
2. Trivy should not use TTY if stdout is not a TTY (this is a convention most programs adopt, but it's just a convention)

@grouville Can you verify this is an issue with Trivy? If it is, then let's go ahead with #1338. But if it's a generalized issue with Dagger, we should fix it at the engine level for every package.

[grouville]

1. Containers launched by Dagger shouldn't have a TTY (and stdin should be closed I guess)

Just tested inside a container with:

      tty
      [[ -t 1 ]] && echo 'STDOUT is attached to TTY' || echo "STDOUT not attached"
      [[ -t 0 ]] && echo 'STDIN is attached to TTY' || echo "STDIN not attached"
      [[ -t 2 ]] && echo 'STDERR is attached to TTY' || echo "STDERR not attached"

Result:

10:54PM INF ctr | #3 0.260 not a tty
10:54PM INF ctr | #3 0.186 STDOUT not attached
10:54PM INF ctr | #3 0.186 STDIN not attached
10:54PM INF ctr | #3 0.186 STDERR not attached

It seems that point 1 is ok. Currently testing the trivy part

[grouville]

Regarding point 2, not entirely sure on how to test it:

true | (setsid trivy  --severity "HIGH,CRITICAL" --format table -o test  image ruby:latest) 2>&1 | cat

==> This still prints to stdout.

And this test fails like that :

trivy  --severity "HIGH,CRITICAL" --format table -o test  image ruby:latest >&-
2022-01-05 23:43:39.914021 +0100 CET m=+3.338452712 write error: write /dev/stdout: device not configured
2022-01-05 23:43:39.91409 +0100 CET m=+3.338521491 write error: write /dev/stdout: device not configured
2022-01-05 23:43:40.054997 +0100 CET m=+3.479425198 write error: write /dev/stdout: device not configured
2022-01-05 23:43:40.055063 +0100 CET m=+3.479490732 write error: write /dev/stdout: device not configured
2022-01-05 23:43:40.058707 +0100 CET m=+3.483134580 write error: write /dev/stdout: device not configured

[aluzzardi]

Regarding point 2, not entirely sure on how to test it

Maybe try trivy [...] | less or trivy [...] > output and see if it's garbled?

[grouville]

Solved with #1338