Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Excessive "unable to read golang buildinfo error=not a Go executable file" warnings in versions after v0.62.1 #1403

Closed
durera opened this issue Dec 14, 2022 · 4 comments · Fixed by #1424 or #1432
Labels
bug Something isn't working

Comments

@durera
Copy link

durera commented Dec 14, 2022

Please provide a set of steps on how to reproduce the issue
I'm not sure to be honest, we see this against every container image we build, and have locked the sfyt version to 0.62.1 now as the mass warnings were annoying developers, it doesn't seem to affect the eventual output of the tool from what I can tell. It could be something specific in our baseimage that syft fundamentally doesn't like I guess, but it seems like a problem in syft in that it's expecting everything it finds to be a go executable.

What happened:

In 0.62.3 there are over 2000 lines of warnings generated (unable to read golang buildinfo error / golang cataloger: bin parsing: number of builds and readers doesn't match)

[0000]  INFO syft version: 0.62.3
[0011]  INFO identified distro: Red Hat Enterprise Linux 8.7 (Ootpa)
[0011]  INFO cataloging image
[0017]  WARN unable to read golang buildinfo error=not a Go executable file=/usr/bin/bash
[0017]  WARN golang cataloger: bin parsing: number of builds and readers doesn't match
[0017]  WARN unable to read golang buildinfo error=not a Go executable file=/usr/bin/brotli
[0017]  WARN golang cataloger: bin parsing: number of builds and readers doesn't match
[0017]  WARN unable to read golang buildinfo error=not a Go executable file=/usr/bin/busctl
[0017]  WARN golang cataloger: bin parsing: number of builds and readers doesn't match
<snip ... another 2000 lines of the same 2 warnings for various files>

In 0.63 it's the same, with over 2k warnings when scanning the container image:

[0000]  INFO syft version: 0.63.0
[0012]  INFO identified distro: Red Hat Enterprise Linux 8.7 (Ootpa)
[0012]  INFO cataloging image
[0019]  WARN unable to read golang buildinfo error=not a Go executable file=/usr/bin/python3
[0019]  WARN golang cataloger: bin parsing: number of builds and readers doesn't match
[0019]  WARN unable to read golang buildinfo error=not a Go executable file=/usr/share/filebeat/bin/filebeat-god
[0019]  WARN golang cataloger: bin parsing: number of builds and readers doesn't match
[0019]  WARN unable to read golang buildinfo error=not a Go executable file=/usr/local/lib/python3.9/site-packages/clidriver/bin/db2cli
[0019]  WARN golang cataloger: bin parsing: number of builds and readers doesn't match
[0019]  WARN unable to read golang buildinfo error=not a Go executable file=/usr/local/lib/python3.9/site-packages/clidriver/bin/db2diag
[0019]  WARN golang cataloger: bin parsing: number of builds and readers doesn't match
[0019]  WARN unable to read golang buildinfo error=not a Go executable file=/usr/local/lib/python3.9/site-packages/clidriver/bin/db2drdat
[0019]  WARN golang cataloger: bin parsing: number of builds and readers doesn't match
<snip ... another 2000 lines of the same 2 warnings for various files>

What you expected to happen:
Exact same image, using 0.62.1 throws a couple of info messages only (this is the complete output)...

[0000]  INFO syft version: 0.62.1
[0010]  INFO identified distro: Red Hat Enterprise Linux 8.7 (Ootpa)
[0010]  INFO cataloging image
[0016]  INFO golang cataloger: unable to read buildinfo (file="/usr/local/lib/python3.9/site-packages/cassandra/io/libevwrapper.cpython-39-x86_64-linux-gnu.so"): EOF
[0016]  INFO golang cataloger: unable to read buildinfo (file="/usr/local/lib/python3.9/site-packages/cassandra_driver.libs/libev-aea52ade.so.4.0.0"): EOF
[0016]  INFO golang cataloger: unable to read buildinfo (file="/usr/local/lib/python3.9/site-packages/confluent_kafka.libs/librdkafka-ab776cb1.so.1"): EOF
[0016]  INFO golang cataloger: unable to read buildinfo (file="/usr/local/lib/python3.9/site-packages/confluent_kafka/cimpl.cpython-39-x86_64-linux-gnu.so"): EOF

Anything else we need to know?: I don't think so

Environment:

  • Output of syft version:
syft version
Application:        syft
Version:            0.63.0
JsonSchemaVersion:  6.0.0
BuildDate:          2022-12-12T21:03:41Z
GitCommit:          23a3173c9f2461e5906d1b9e3ac20b4806d74777
GitDescription:     v0.63.0
Platform:           linux/amd64
GoVersion:          go1.18.8
Compiler:           gc
  • OS (e.g: cat /etc/os-release or similar): This is when running on a Travis build engine (dist: bionic), but we see the same thing running syft locally too.
@durera durera added the bug Something isn't working label Dec 14, 2022
@ikcoil01
Copy link

I'm seeing this aswell same issue

@kzantow kzantow added this to OSS Dec 21, 2022
@kzantow
Copy link
Contributor

kzantow commented Dec 21, 2022

Hi and thanks for this report! Is there any public image you could reference that this happens with?

@kzantow kzantow moved this to Parking Lot (Comments or Progress) in OSS Dec 21, 2022
@ikcoil01
Copy link

I was unable to find a public example of this however I have a feeling it is in relation to multi stage builds and scratch images.

@kzantow kzantow moved this from Parking Lot (Comments or Progress) to Backlog (Pulled Forward for Priority) in OSS Dec 22, 2022
@kzantow
Copy link
Contributor

kzantow commented Dec 22, 2022

Adding context from @wagoodman on anchore/grype#1039:

I agree the log output should not appear. The issue is here https://github.com/anchore/syft/blob/main/syft/pkg/cataloger/golang/scan_binary.go where we're making the assumption that any binary passed in is a go binary, however, that is not always the case since we select files by MIME type.

We should probably change the execution path to return an error and ignore the error in the context of the go binary cataloger.

@kzantow kzantow moved this from Backlog (Pulled Forward for Priority) to In Review in OSS Dec 22, 2022
Repository owner moved this from In Review to Done in OSS Dec 23, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
Archived in project
3 participants