Index out of range while scanning Java webapps #538
Description
What happened:
Scanning fails with the message "panic: runtime error: index out of range [2] with length 2".
Output:
$ grype dir:.
✔ Vulnerability DB [updated]
✔ Indexed .
⠧ Cataloging packages [packages 0]panic: runtime error: index out of range [2] with length 2
goroutine 15 [running]:
github.com/anchore/syft/syft/pkg/cataloger/java.parseJavaManifest(0xc00b90a150, 0x28, 0x14df5e0, 0xc00b7ea080, 0xc00b88f5e8, 0xc00b892360, 0x0)
/Users/runner/go/pkg/mod/github.com/anchore/[email protected]/syft/pkg/cataloger/java/parse_java_manifest.go:59 +0xa90
github.com/anchore/syft/syft/pkg/cataloger/java.(*archiveParser).discoverMainPackage(0xc00b7300e0, 0x70, 0x12527a0, 0x1)
/Users/runner/go/pkg/mod/github.com/anchore/[email protected]/syft/pkg/cataloger/java/archive_parser.go:138 +0x2b9
github.com/anchore/syft/syft/pkg/cataloger/java.(*archiveParser).parse(0xc00b7300e0, 0x37, 0x7fac37059338, 0xc00b654540, 0xc0000ce001, 0xc00b7300e0, 0xc00b7ea060, 0x0, 0x0)
/Users/runner/go/pkg/mod/github.com/anchore/[email protected]/syft/pkg/cataloger/java/archive_parser.go:89 +0x45
github.com/anchore/syft/syft/pkg/cataloger/java.parseJavaArchive(0xc009afaba0, 0x37, 0x7fac37059338, 0xc00b654540, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...)
/Users/runner/go/pkg/mod/github.com/anchore/[email protected]/syft/pkg/cataloger/java/archive_parser.go:45 +0x11c
github.com/anchore/syft/syft/pkg/cataloger/common.(*GenericCataloger).Catalog(0xc0006b0a00, 0x1500770, 0xc0000bd0a0, 0xc00589d390, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, ...)
/Users/runner/go/pkg/mod/github.com/anchore/[email protected]/syft/pkg/cataloger/common/generic_cataloger.go:51 +0x50a
github.com/anchore/syft/syft/pkg/cataloger.Catalog(0x1500770, 0xc0000bd0a0, 0x0, 0xc004023080, 0xc, 0xc, 0x0, 0xc000afc2d0, 0xc000cdbdc0, 0xae97bb, ...)
/Users/runner/go/pkg/mod/github.com/anchore/[email protected]/syft/pkg/cataloger/catalog.go:55 +0x1ec
github.com/anchore/syft/syft.CatalogPackages(0xc000658120, 0x12e4c10, 0x8, 0xc000658120, 0x1348d60, 0x0, 0x0, 0xc00038dce0, 0x14dc601, 0xc00038dce0)
/Users/runner/go/pkg/mod/github.com/anchore/[email protected]/syft/lib.go:67 +0x4bf
github.com/anchore/grype/grype/pkg.syftProvider(0x7fffaacd86fc, 0x5, 0x12e4c10, 0x8, 0xc0002766e0, 0x0, 0x0, 0x0, 0x0, 0x0, ...)
/Users/runner/work/grype/grype/grype/pkg/syft_provider.go:20 +0xe7
github.com/anchore/grype/grype/pkg.Provide(0x7fffaacd86fc, 0x5, 0x12e4c10, 0x8, 0xc0002766e0, 0x0, 0x0, 0x0, 0x0, 0x0, ...)
/Users/runner/work/grype/grype/grype/pkg/provider.go:20 +0x115
github.com/anchore/grype/cmd.startWorker.func1.2(0xc000afc2c0, 0x7fffaacd86fc, 0x5, 0xc0005586a8, 0xc000a4f2a0, 0xc000074db0, 0xc00065e0c0, 0xc000afc2b7)
/Users/runner/work/grype/grype/cmd/root.go:254 +0x105
created by github.com/anchore/grype/cmd.startWorker.func1
/Users/runner/work/grype/grype/cmd/root.go:251 +0x35f
What you expected to happen:
To complete the scan instead of failing due to some possibly invalid Java manifest. Being told in the report what files / folders were skipped due to such parse errors.
How to reproduce it (as minimally and precisely as possible):
Not sure, the error doesn't even report what file grype was scanning when the error occurred.
Anything else we need to know?:
Environment:
- Output of
grype version:
$ grype version
Application: grype
Version: 0.27.1
Syft Version: v0.32.1
BuildDate: 2021-12-14T02:57:11Z
GitCommit: 3f23425fa5d38822b31101cf6fde5b10b772951a
GitTreeState: clean
Platform: linux/amd64
GoVersion: go1.16.10
Compiler: gc
Supported DB Schema: 3
- OS (e.g:
cat /etc/os-releaseor similar):
$ cat /etc/os-release
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"
CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"