neuvector · kyledong-suse · Jan 23, 2025 · Jan 16, 2025
@@ -142,9 +142,7 @@ func (cv *ScanTools) ScanImageData(data *share.ScanData) (*share.ScanResult, err
 		Secrets:         &share.ScanSecretResult{},
 	}
 
-	pkgs, err := utils.SelectivelyExtractArchive(bytes.NewReader(data.Buffer), func(filename string) bool {
-		return true
-	}, maxFileSize)
+	pkgs, err := utils.ExtractAllArchiveData(bytes.NewReader(data.Buffer), maxFileSize)
 	if err != nil {
 		log.WithFields(log.Fields{"error": err}).Error("read file error")
 		return result, err

@@ -15,10 +15,10 @@ import (
 	"time"
 
 	"github.com/docker/docker/errdefs"
-	"github.com/opencontainers/go-digest"
 	goDigest "github.com/opencontainers/go-digest"
 	log "github.com/sirupsen/logrus"
 
+	"github.com/coreos/clair/pkg/tarutil"
 	"github.com/neuvector/neuvector/share"
 	"github.com/neuvector/neuvector/share/container"
 	"github.com/neuvector/neuvector/share/scan"
@@ -185,7 +185,7 @@ func (s *ScanTools) LoadLocalImage(ctx context.Context, repository, tag, imgPath
 
 	log.WithFields(log.Fields{"imageName": imageName, "downloads": downloads}).Debug()
 
-	layerModules, errCode := getImageLayerIterate(ctx, downloads, nil, false, imgPath,
+	layerModules, errCode := getImageLayerIterate(ctx, downloads, nil, imgPath,
 		func(ctx context.Context, layer string) (interface{}, int64, error) {
 			blob := blobs[layer]
 			file, err := os.Open(filepath.Join(repoFolder, blob))
@@ -334,27 +334,25 @@ func getImageLayers(tmpDir string, imageTar string) ([]string, map[string]string
 	defer reader.Close()
 
 	//get the manifest from the image tar
-	files, _ := utils.SelectivelyExtractArchive(bufio.NewReader(reader), func(filename string) bool {
-		if filename == manifestJson || strings.HasSuffix(filename, layerJson) || filename == ociLayout {
-			return true
-		} else {
-			return false
-		}
-	}, maxFileSize)
+	filenames := []string{manifestJson, layerJson, ociLayout}
+	files, err := tarutil.ExtractFiles(bufio.NewReader(reader), filenames)
+	if err != nil {
+		log.WithFields(log.Fields{"error": err}).Error("Extract files error")
+	}
 
 	// https://github.com/opencontainers/image-spec/blob/main/image-layout.md
 	// Optional: Following the index.json to find a manifest
 	_, bOciLayout := files[ociLayout]
 	log.WithFields(log.Fields{"bOciLayout": bOciLayout}).Debug()
 
 	if dat, ok := files[manifestJson]; !ok {
-		return nil, nil, fmt.Errorf("Can not locate the manifest.json in image")
+		return nil, nil, fmt.Errorf("can not locate the manifest.json in image")
 	} else {
 		if err = json.Unmarshal(dat, &image); err != nil {
 			return nil, nil, err
 		}
 		if len(image) == 0 {
-			return nil, nil, fmt.Errorf("Can not extract layer from the image")
+			return nil, nil, fmt.Errorf("can not extract layer from the image")
 		}
 	}
 
@@ -424,7 +422,7 @@ func getApkPackages(fullpath string) ([]byte, error) {
 }
 
 func getImageLayerIterate(
-	ctx context.Context, layers []string, sizes map[string]int64, schemaV1 bool, imgPath string,
+	ctx context.Context, layers []string, sizes map[string]int64, imgPath string,
 	layerReader func(ctx context.Context, layer string) (interface{}, int64, error),
 ) (map[string]*LayerFiles, share.ScanErrorCode) { // layer -> filename -> file content
 	lfs := make(map[string]*LayerFiles)
@@ -746,7 +744,7 @@ func DownloadRemoteImage(ctx context.Context, rc *scan.RegClient, name, imgPath
 
 	log.WithFields(log.Fields{"downloads": downloads}).Debug()
 	// scheme is always set to v1 because layers of v2 image have been reversed in GetImageInfo.
-	layerModules, err := getImageLayerIterate(ctx, downloads, sizes, true, imgPath, func(ctx context.Context, layer string) (interface{}, int64, error) {
+	layerModules, err := getImageLayerIterate(ctx, downloads, sizes, imgPath, func(ctx context.Context, layer string) (interface{}, int64, error) {
 		return downloadRemoteLayer(ctx, rc, name, goDigest.Digest(layer))
 	})
 
@@ -785,7 +783,7 @@ func DownloadRemoteImage(ctx context.Context, rc *scan.RegClient, name, imgPath
 	return cacheLayers, err
 }
 
-func downloadRemoteLayer(ctx context.Context, rc *scan.RegClient, repository string, digest digest.Digest) (io.ReadCloser, int64, error) {
+func downloadRemoteLayer(ctx context.Context, rc *scan.RegClient, repository string, digest goDigest.Digest) (io.ReadCloser, int64, error) {
 	url := layerURL("/v2/%s/blobs/%s", rc.URL, repository, digest)
 	log.WithFields(log.Fields{"digest": digest}).Debug()
 

@@ -2,19 +2,17 @@ module github.com/neuvector/scanner
 
 go 1.22
 
-replace (
-	google.golang.org/grpc/security/advancedtls => github.com/holyspectral/grpc-go/security/advancedtls v0.0.0-20240202204003-24d7309846bd
-	k8s.io/cri-api => k8s.io/cri-api v0.25.16
-)
+replace k8s.io/cri-api => k8s.io/cri-api v0.25.16
 
 require (
+	github.com/coreos/clair v2.1.0+incompatible
 	github.com/docker/docker v27.1.1+incompatible
 	github.com/google/uuid v1.6.0
 	github.com/jedib0t/go-pretty/v6 v6.4.6
-	github.com/neuvector/neuvector v0.0.0-20241208165329-1a48cd00b351
+	github.com/neuvector/neuvector v0.0.0-20250122185722-966f408002e0
 	github.com/opencontainers/go-digest v1.0.0
 	github.com/sirupsen/logrus v1.9.3
-	google.golang.org/grpc v1.62.1
+	google.golang.org/grpc v1.69.2
 )
 
 require (
@@ -46,7 +44,7 @@ require (
 	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
 	github.com/felixge/httpsnoop v1.0.3 // indirect
 	github.com/glebarez/go-sqlite v1.20.3 // indirect
-	github.com/go-logr/logr v1.3.0 // indirect
+	github.com/go-logr/logr v1.4.2 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-openapi/jsonpointer v0.19.6 // indirect
 	github.com/go-openapi/jsonreference v0.20.2 // indirect
@@ -92,22 +90,22 @@ require (
 	github.com/vishvananda/netns v0.0.4 // indirect
 	go.opencensus.io v0.24.0 // indirect
 	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.45.0 // indirect
-	go.opentelemetry.io/otel v1.19.0 // indirect
-	go.opentelemetry.io/otel/metric v1.19.0 // indirect
-	go.opentelemetry.io/otel/trace v1.19.0 // indirect
+	go.opentelemetry.io/otel v1.31.0 // indirect
+	go.opentelemetry.io/otel/metric v1.31.0 // indirect
+	go.opentelemetry.io/otel/trace v1.31.0 // indirect
+	golang.org/x/crypto v0.32.0 // indirect
 	golang.org/x/net v0.33.0 // indirect
-	golang.org/x/oauth2 v0.16.0 // indirect
+	golang.org/x/oauth2 v0.23.0 // indirect
 	golang.org/x/sync v0.10.0 // indirect
-	golang.org/x/sys v0.28.0 // indirect
-	golang.org/x/term v0.27.0 // indirect
+	golang.org/x/sys v0.29.0 // indirect
+	golang.org/x/term v0.28.0 // indirect
 	golang.org/x/text v0.21.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
 	golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect
-	google.golang.org/appengine v1.6.8 // indirect
 	google.golang.org/genproto v0.0.0-20240123012728-ef4313101c80 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20240318140521-94a12d6c2237 // indirect
-	google.golang.org/grpc/security/advancedtls v0.0.0-20240408170116-ec257b4e1cec // indirect
-	google.golang.org/protobuf v1.33.0 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20241015192408-796eee8c2d53 // indirect
+	google.golang.org/grpc/security/advancedtls v1.0.0 // indirect
+	google.golang.org/protobuf v1.36.2 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect