anchore · luhring · Sep 8, 2021 · Jul 27, 2021 · Jul 27, 2021 · Aug 1, 2021
diff --git a/cmd/packages.go b/cmd/packages.go
@@ -237,7 +237,7 @@ func packagesExecWorker(userInput string) <-chan error {
 	return errs
 }
 
-func runPackageSbomUpload(src source.Source, s source.Metadata, catalog *pkg.Catalog, d *distro.Distro, scope source.Scope) error {
+func runPackageSbomUpload(src *source.Source, s source.Metadata, catalog *pkg.Catalog, d *distro.Distro, scope source.Scope) error {
 	log.Infof("uploading results to %s", appConfig.Anchore.Host)
 
 	if src.Metadata.Scheme != source.ImageScheme {

diff --git a/cmd/power_user.go b/cmd/power_user.go
@@ -102,11 +102,6 @@ func powerUserExecWorker(userInput string) <-chan error {
 		}
 		defer cleanup()
 
-		if src.Metadata.Scheme != source.ImageScheme {
-			errs <- fmt.Errorf("the power-user subcommand only allows for 'image' schemes, given %q", src.Metadata.Scheme)
-			return
-		}
-
 		analysisResults := poweruser.JSONDocumentConfig{
 			SourceMetadata:    src.Metadata,
 			ApplicationConfig: *appConfig,

diff --git a/cmd/power_user_tasks.go b/cmd/power_user_tasks.go
@@ -10,7 +10,7 @@ import (
 	"github.com/anchore/syft/syft/source"
 )
 
-type powerUserTask func(*poweruser.JSONDocumentConfig, source.Source) error
+type powerUserTask func(*poweruser.JSONDocumentConfig, *source.Source) error
 
 func powerUserTasks() ([]powerUserTask, error) {
 	var tasks []powerUserTask
@@ -42,7 +42,7 @@ func catalogPackagesTask() (powerUserTask, error) {
 		return nil, nil
 	}
 
-	task := func(results *poweruser.JSONDocumentConfig, src source.Source) error {
+	task := func(results *poweruser.JSONDocumentConfig, src *source.Source) error {
 		packageCatalog, theDistro, err := syft.CatalogPackages(src, appConfig.Package.Cataloger.ScopeOpt)
 		if err != nil {
 			return err
@@ -64,7 +64,7 @@ func catalogFileMetadataTask() (powerUserTask, error) {
 
 	metadataCataloger := file.NewMetadataCataloger()
 
-	task := func(results *poweruser.JSONDocumentConfig, src source.Source) error {
+	task := func(results *poweruser.JSONDocumentConfig, src *source.Source) error {
 		resolver, err := src.FileResolver(appConfig.FileMetadata.Cataloger.ScopeOpt)
 		if err != nil {
 			return err
@@ -110,7 +110,7 @@ func catalogFileDigestsTask() (powerUserTask, error) {
 		return nil, err
 	}
 
-	task := func(results *poweruser.JSONDocumentConfig, src source.Source) error {
+	task := func(results *poweruser.JSONDocumentConfig, src *source.Source) error {
 		resolver, err := src.FileResolver(appConfig.FileMetadata.Cataloger.ScopeOpt)
 		if err != nil {
 			return err
@@ -142,7 +142,7 @@ func catalogSecretsTask() (powerUserTask, error) {
 		return nil, err
 	}
 
-	task := func(results *poweruser.JSONDocumentConfig, src source.Source) error {
+	task := func(results *poweruser.JSONDocumentConfig, src *source.Source) error {
 		resolver, err := src.FileResolver(appConfig.Secrets.Cataloger.ScopeOpt)
 		if err != nil {
 			return err
@@ -170,7 +170,7 @@ func catalogFileClassificationsTask() (powerUserTask, error) {
 		return nil, err
 	}
 
-	task := func(results *poweruser.JSONDocumentConfig, src source.Source) error {
+	task := func(results *poweruser.JSONDocumentConfig, src *source.Source) error {
 		resolver, err := src.FileResolver(appConfig.FileClassification.Cataloger.ScopeOpt)
 		if err != nil {
 			return err
@@ -197,7 +197,7 @@ func catalogContentsTask() (powerUserTask, error) {
 		return nil, err
 	}
 
-	task := func(results *poweruser.JSONDocumentConfig, src source.Source) error {
+	task := func(results *poweruser.JSONDocumentConfig, src *source.Source) error {
 		resolver, err := src.FileResolver(appConfig.FileContents.Cataloger.ScopeOpt)
 		if err != nil {
 			return err

diff --git a/internal/err_helper.go b/internal/err_helper.go
@@ -1,7 +1,9 @@
 package internal
 
 import (
+	"fmt"
 	"io"
+	"os"
 
 	"github.com/anchore/syft/internal/log"
 )
@@ -12,3 +14,25 @@ func CloseAndLogError(closer io.Closer, location string) {
 		log.Warnf("unable to close file for location=%q: %+v", location, err)
 	}
 }
+
+type ErrPath struct {
+	Path string
+	Err  error
+}
+
+func (e ErrPath) Error() string {
+	return fmt.Sprintf("unable to observe contents of %+v: %v", e.Path, e.Err)
+}
+
+func IsErrPath(err error) bool {
+	_, ok := err.(ErrPath)
+	return ok
+}
+
+func IsErrPathPermission(err error) bool {
+	pathErr, ok := err.(ErrPath)
+	if ok {
+		return os.IsPermission(pathErr.Err)
+	}
+	return ok
+}
diff --git a/syft/file/classification_cataloger_test.go b/syft/file/classification_cataloger_test.go
@@ -118,11 +118,18 @@ func TestClassifierCataloger_DefaultClassifiers_PositiveCases(t *testing.T) {
 
 			loc := source.NewLocation(test.location)
 
-			if _, ok := actualResults[loc]; !ok {
+			ok := false
+			for actual_loc, actual_classification := range actualResults {
+				if loc.RealPath == actual_loc.RealPath {
+					ok = true
+					assert.Equal(t, test.expected, actual_classification)
+				}
+			}
+
+			if !ok {
 				t.Fatalf("could not find test location=%q", test.location)
 			}
 
-			assert.Equal(t, test.expected, actualResults[loc])
 		})
 	}
 }

diff --git a/syft/file/contents_cataloger.go b/syft/file/contents_cataloger.go
@@ -3,7 +3,6 @@ package file
 import (
 	"bytes"
 	"encoding/base64"
-	"fmt"
 	"io"
 
 	"github.com/anchore/syft/internal"
@@ -32,7 +31,6 @@ func (i *ContentsCataloger) Catalog(resolver source.FileResolver) (map[source.Lo
 	if err != nil {
 		return nil, err
 	}
-
 	for _, location := range locations {
 		metadata, err := resolver.FileMetadataByLocation(location)
 		if err != nil {
@@ -44,6 +42,10 @@ func (i *ContentsCataloger) Catalog(resolver source.FileResolver) (map[source.Lo
 		}
 
 		result, err := i.catalogLocation(resolver, location)
+		if internal.IsErrPathPermission(err) {
+			log.Debugf("file contents cataloger skipping - %+v", err)
+			continue
+		}
 		if err != nil {
 			return nil, err
 		}
@@ -63,7 +65,7 @@ func (i *ContentsCataloger) catalogLocation(resolver source.FileResolver, locati
 
 	buf := &bytes.Buffer{}
 	if _, err = io.Copy(base64.NewEncoder(base64.StdEncoding, buf), contentReader); err != nil {
-		return "", fmt.Errorf("unable to observe contents of %+v: %w", location.RealPath, err)
+		return "", internal.ErrPath{Path: location.RealPath, Err: err}
 	}
 
 	return buf.String(), nil

diff --git a/syft/file/digest_cataloger.go b/syft/file/digest_cataloger.go
@@ -39,6 +39,11 @@ func (i *DigestsCataloger) Catalog(resolver source.FileResolver) (map[source.Loc
 	for _, location := range locations {
 		stage.Current = location.RealPath
 		result, err := i.catalogLocation(resolver, location)
+		if internal.IsErrPathPermission(err) {
+			log.Debugf("file digests cataloger skipping - %+v", err)
+			continue
+		}
+
 		if err != nil {
 			return nil, err
 		}
@@ -67,7 +72,7 @@ func (i *DigestsCataloger) catalogLocation(resolver source.FileResolver, locatio
 
 	size, err := io.Copy(io.MultiWriter(writers...), contentReader)
 	if err != nil {
-		return nil, fmt.Errorf("unable to observe contents of %+v: %+v", location.RealPath, err)
+		return nil, internal.ErrPath{Path: location.RealPath, Err: err}
 	}
 
 	if size == 0 {

diff --git a/syft/file/secrets_cataloger.go b/syft/file/secrets_cataloger.go
@@ -50,6 +50,11 @@ func (i *SecretsCataloger) Catalog(resolver source.FileResolver) (map[source.Loc
 	for _, location := range locations {
 		stage.Current = location.RealPath
 		result, err := i.catalogLocation(resolver, location)
+		if internal.IsErrPathPermission(err) {
+			log.Debugf("secrets cataloger skipping - %+v", err)
+			continue
+		}
+
 		if err != nil {
 			return nil, err
 		}
@@ -77,7 +82,7 @@ func (i *SecretsCataloger) catalogLocation(resolver source.FileResolver, locatio
 	// TODO: in the future we can swap out search strategies here
 	secrets, err := catalogLocationByLine(resolver, location, i.patterns)
 	if err != nil {
-		return nil, err
+		return nil, internal.ErrPath{Path: location.RealPath, Err: err}
 	}
 
 	if i.revealValues {

diff --git a/syft/lib.go b/syft/lib.go
@@ -32,7 +32,7 @@ import (
 // CatalogPackages takes an inventory of packages from the given image from a particular perspective
 // (e.g. squashed source, all-layers source). Returns the discovered  set of packages, the identified Linux
 // distribution, and the source object used to wrap the data source.
-func CatalogPackages(src source.Source, scope source.Scope) (*pkg.Catalog, *distro.Distro, error) {
+func CatalogPackages(src *source.Source, scope source.Scope) (*pkg.Catalog, *distro.Distro, error) {
 	resolver, err := src.FileResolver(scope)
 	if err != nil {
 		return nil, nil, fmt.Errorf("unable to determine resolver while cataloging packages: %w", err)

diff --git a/syft/source/directory_resolver.go b/syft/source/directory_resolver.go
@@ -8,6 +8,7 @@ import (
 	"path"
 	"path/filepath"
 	"strings"
+	"syscall"
 
 	"github.com/anchore/stereoscope/pkg/file"
 	"github.com/anchore/stereoscope/pkg/filetree"
@@ -218,7 +219,12 @@ func (r directoryResolver) FilesByPath(userPaths ...string) ([]Location, error)
 			continue
 		}
 
-		references = append(references, NewLocation(r.responsePath(userStrPath)))
+		exists, ref, err := r.fileTree.File(file.Path(userStrPath))
+		if err == nil && exists {
+			references = append(references, NewLocationFromDirectory(r.responsePath(userStrPath), *ref))
+		} else {
+			log.Warnf("path (%s) not found in file tree: Exists: %t Err:%+v", userStrPath, exists, err)
+		}
 	}
 
 	return references, nil
@@ -234,7 +240,7 @@ func (r directoryResolver) FilesByGlob(patterns ...string) ([]Location, error) {
 			return nil, err
 		}
 		for _, globResult := range globResults {
-			result = append(result, NewLocation(r.responsePath(string(globResult.MatchPath))))
+			result = append(result, NewLocationFromDirectory(r.responsePath(string(globResult.MatchPath)), globResult.Reference))
 		}
 	}
 
@@ -267,7 +273,7 @@ func (r *directoryResolver) AllLocations() <-chan Location {
 	go func() {
 		defer close(results)
 		for _, ref := range r.fileTree.AllFiles() {
-			results <- NewLocation(r.responsePath(string(ref.RealPath)))
+			results <- NewLocationFromDirectory(r.responsePath(string(ref.RealPath)), ref)
 		}
 	}()
 	return results
@@ -276,15 +282,22 @@ func (r *directoryResolver) AllLocations() <-chan Location {
 func (r *directoryResolver) FileMetadataByLocation(location Location) (FileMetadata, error) {
 	info, exists := r.infos[location.ref.ID()]
 	if !exists {
-		return FileMetadata{}, fmt.Errorf("location: %+v : %w", location, os.ErrExist)
+		return FileMetadata{}, fmt.Errorf("location: %+v : %w", location, os.ErrNotExist)
+	}
+
+	uid := -1
+	gid := -1
+	if stat, ok := info.Sys().(*syscall.Stat_t); ok {
+		uid = int(stat.Uid)
+		gid = int(stat.Gid)
 	}
 
 	return FileMetadata{
 		Mode: info.Mode(),
 		Type: newFileTypeFromMode(info.Mode()),
 		// unsupported across platforms
-		UserID:  -1,
-		GroupID: -1,
+		UserID:  uid,
+		GroupID: gid,
 	}, nil
 }
 
@@ -297,6 +310,8 @@ func indexAllRoots(root string, indexer func(string, *progress.Stage) ([]string,
 	// in which case we need to additionally index where the link resolves to. it's for this reason why the filetree
 	// must be relative to the root of the filesystem (and not just relative to the given path).
 	pathsToIndex := []string{root}
+	fullPathsMap := map[string]struct{}{}
+
 	stager, prog := indexingProgress(root)
 	defer prog.SetCompleted()
 loop:
@@ -315,7 +330,13 @@ loop:
 		if err != nil {
 			return fmt.Errorf("unable to index filesystem path=%q: %w", currentPath, err)
 		}
-		pathsToIndex = append(pathsToIndex, additionalRoots...)
+
+		for _, newRoot := range additionalRoots {
+			if _, ok := fullPathsMap[newRoot]; !ok {
+				fullPathsMap[newRoot] = struct{}{}
+				pathsToIndex = append(pathsToIndex, newRoot)
+			}
+		}
 	}
 
 	return nil

diff --git a/syft/source/directory_resolver_test.go b/syft/source/directory_resolver_test.go
@@ -178,9 +178,17 @@ func TestDirectoryResolverDoesNotIgnoreRelativeSystemPaths(t *testing.T) {
 	assert.Len(t, refs, 6)
 
 	// ensure that symlink indexing outside of root worked
-	assert.Contains(t, refs, Location{
-		RealPath: "test-fixtures/system_paths/outside_root/link_target/place",
-	})
+	ok := false
+	test_location := "test-fixtures/system_paths/outside_root/link_target/place"
+	for _, actual_loc := range refs {
+		if test_location == actual_loc.RealPath {
+			ok = true
+		}
+	}
+
+	if !ok {
+		t.Fatalf("could not find test location=%q", test_location)
+	}
 }
 
 func TestDirectoryResolverUsesPathFilterFunction(t *testing.T) {

diff --git a/syft/source/location.go b/syft/source/location.go
@@ -45,6 +45,14 @@ func NewLocationFromImage(virtualPath string, ref file.Reference, img *image.Ima
 	}
 }
 
+// NewLocationFromDirectory creates a new Location representing the given path (extracted from the ref) relative to the given directory.
+func NewLocationFromDirectory(responsePath string, ref file.Reference) Location {
+	return Location{
+		RealPath: responsePath,
+		ref:      ref,
+	}
+}
+
 func NewLocationFromReference(ref file.Reference) Location {
 	return Location{
 		VirtualPath: string(ref.RealPath),