From 33faf3340ee06c9af4406b0def97892f48532907 Mon Sep 17 00:00:00 2001
From: Tom Fay <tomfay@microsoft.com>
Date: Thu, 21 Jul 2022 05:56:30 +0100
Subject: [PATCH 1/2] Special case scratch base image

If a container image has a image.base.ref.name of scratch then
determine that there is no base image, rather than trying to pull
"scratch".

Signed-off-by: Tom Fay <tomfay@microsoft.com>
---
 Directory.Packages.props                                    | 2 +-
 .../linux/LinuxContainerDetector.cs                         | 6 +++++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/Directory.Packages.props b/Directory.Packages.props
index e9745de87..0b36951a4 100644
--- a/Directory.Packages.props
+++ b/Directory.Packages.props
@@ -10,7 +10,7 @@
     <ItemGroup>
         <PackageVersion Include="CommandLineParser" Version="2.9.1"/>
         <PackageVersion Include="coverlet.msbuild" Version="3.1.2"/>
-        <PackageVersion Include="Docker.DotNet" Version="3.125.5"/>
+        <PackageVersion Include="Docker.DotNet" Version="3.125.10"/>
         <PackageVersion Include="FluentAssertions" Version="6.7.0"/>
         <PackageVersion Include="Microsoft.AspNet.WebApi.Client" Version="5.2.9"/>
         <PackageVersion Include="Microsoft.Extensions.Caching.Memory" Version="3.1.26" />
diff --git a/src/Microsoft.ComponentDetection.Detectors/linux/LinuxContainerDetector.cs b/src/Microsoft.ComponentDetection.Detectors/linux/LinuxContainerDetector.cs
index 0ea1393f2..4ae74067e 100644
--- a/src/Microsoft.ComponentDetection.Detectors/linux/LinuxContainerDetector.cs
+++ b/src/Microsoft.ComponentDetection.Detectors/linux/LinuxContainerDetector.cs
@@ -214,10 +214,14 @@ private async Task<int> GetBaseImageLayerCount(ContainerDetails scannedImageDeta
                 record.BaseImageLayerMessage = $"Base image annotations not found on image {image}, Results will not be mapped to base image layers";
                 Logger.LogInfo(record.BaseImageLayerMessage);
                 return 0;
+            } else if (scannedImageDetails.BaseImageRef == "scratch") {
+                record.BaseImageLayerMessage = $"{image} has no base image";
+                Logger.LogInfo(record.BaseImageLayerMessage);
+                return 0;
             }
 
             var baseImageDigest = scannedImageDetails.BaseImageDigest;
-            var refWithDigest = scannedImageDetails.BaseImageRef + (baseImageDigest != string.Empty ? $"@{baseImageDigest}" : string.Empty);
+            var refWithDigest = scannedImageDetails.BaseImageRef + (!string.IsNullOrEmpty(baseImageDigest) ? $"@{baseImageDigest}" : string.Empty);
             record.BaseImageDigest = baseImageDigest;
             record.BaseImageRef = scannedImageDetails.BaseImageRef;
 

From a9b86fe049cc294d79bdb53060293a787594f0fd Mon Sep 17 00:00:00 2001
From: Tom Fay <tomfay@microsoft.com>
Date: Thu, 21 Jul 2022 19:06:05 +0000
Subject: [PATCH 2/2] add test for scratch handling

Signed-off-by: Tom Fay <tomfay@microsoft.com>
---
 .../LinuxContainerDetectorTests.cs                  | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/test/Microsoft.ComponentDetection.Detectors.Tests/LinuxContainerDetectorTests.cs b/test/Microsoft.ComponentDetection.Detectors.Tests/LinuxContainerDetectorTests.cs
index 677ee82a6..112d1514b 100644
--- a/test/Microsoft.ComponentDetection.Detectors.Tests/LinuxContainerDetectorTests.cs
+++ b/test/Microsoft.ComponentDetection.Detectors.Tests/LinuxContainerDetectorTests.cs
@@ -205,5 +205,18 @@ public async Task TestLinuxContainerDetector_TimeoutParameterSpecified()
             Func<Task> action = async () => await linuxContainerDetector.ExecuteDetectorAsync(scanRequest);
             await action.Should().NotThrowAsync<OperationCanceledException>();
         }
+
+        [TestMethod]
+        public async Task TestLinuxContainerDetector_HandlesScratchBase() {
+            // Setup docker service to throw an exception on scratch
+            // then specify that the base image is scratch, to test this
+            // is coped with.
+            mockDockerService.Setup(service => service.TryPullImageAsync("scratch", It.IsAny<CancellationToken>()))
+                .Throws(new IOException());
+            mockDockerService.Setup(service => service.InspectImageAsync(It.IsAny<string>(), It.IsAny<CancellationToken>()))
+                // Specify BaseImageRef = scratch to verify that cope 
+                .ReturnsAsync(new ContainerDetails { Id = 1, ImageId = NodeLatestDigest, Layers = Enumerable.Empty<DockerLayer>() , BaseImageRef = "scratch"});
+            await TestLinuxContainerDetector();
+        }
     }
 }