Skip to content

Grype exits with error on JSON output with PURL input #2360

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
chovanecadam opened this issue Jan 2, 2025 · 1 comment
Closed

Grype exits with error on JSON output with PURL input #2360

chovanecadam opened this issue Jan 2, 2025 · 1 comment
Labels
bug Something isn't working

Comments

@chovanecadam
Copy link

What happened:

When scanning a file of PURLs or a single PURL and setting output format to json, Grype panics.

What you expected to happen:

Grype does not panic and creates the outputs.

How to reproduce it (as minimally and precisely as possible):

podman run --rm --name Grype -v grypedb:/.cache/grype docker.io/anchore/grype:v0.86.1 'pkg:deb/debian/[email protected]?arch=amd64&distro=debian-12' -o json=/dev/stdout
[0000]  WARN unable to determine GOPATH or user home dir: %!w(string=exec: "getent": executable file not found in $PATH)
[0000] ERROR 1 error occurred:
        * unable to write result: unable to encode result: unsupported source: pkg.PURLLiteralMetadata

Anything else we need to know?:

This is a regression in 0.86.1, because version 0.86.0 is not affected. Most probably a result of fixing #2324. I wish there was a testing infrastructure that runs some basic checks like this one in Docker to catch these regressions.

Environment:

  • Output of grype version: 0.86.1
  • OS (e.g: cat /etc/os-release or similar):
@chovanecadam chovanecadam added the bug Something isn't working label Jan 2, 2025
@chovanecadam chovanecadam changed the title Grype exist with error on JSON output with PURL input Grype exits with error on JSON output with PURL input Jan 14, 2025
@willmurphyscode
Copy link
Contributor

Hi @chovanecadam, thanks for the issue!

I have reproduced the issue on the latest released version of grype, v0.87.0:

$ grype version
Application:         grype
Version:             0.87.0
BuildDate:           2025-01-22T20:31:08Z
GitCommit:           Homebrew
GitDescription:      [not provided]
Platform:            darwin/arm64
GoVersion:           go1.23.5
Compiler:            gc
Syft Version:        v1.19.0
Supported DB Schema: 5
$ grype 'pkg:deb/debian/[email protected]?arch=amd64&distro=debian-12' -o json
 ✔ Scanned for vulnerabilities     [0 vulnerability matches]
   ├── by severity: 0 critical, 0 high, 0 medium, 0 low, 1 negligible
   └── by status:   0 fixed, 1 not-fixed, 0 ignored
[0000] ERROR 1 error occurred:
        * unable to write result: unable to encode result: unsupported source: pkg.PURLLiteralMetadata

However, this is fixed in main:

$ git show
commit 5dc2d2ee1a6eb3cdc141f74c1b16d5bda58197dc (HEAD -> main, origin/main)
... snip ...
$  go run ./cmd/grype 'pkg:deb/debian/[email protected]?arch=amd64&distro=debian-12' -o json
 ✔ Scanned for vulnerabilities     [0 vulnerability matches]
   ├── by severity: 0 critical, 0 high, 0 medium, 0 low, 1 negligible
   └── by status:   0 fixed, 1 not-fixed, 0 ignored
{"matches":[{"vulnerability":{"id":"CVE-2011-3374","dataSource":"debian","namespace":"debian ... SNIP ...

I'm closing this as fixed - stay tuned for the next release. Thanks again!

@github-project-automation github-project-automation bot moved this to Done in OSS Mar 3, 2025
@BrewTestBot BrewTestBot mentioned this issue Mar 5, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
OSS
Archived in project
Milestone
No milestone
Development

No branches or pull requests
2 participants
@willmurphyscode @chovanecadam